Bump Serilog from 4.2.0 to 4.3.0

.github/workflows/automerge-dependabot-prs-into-collected-branch.yml

@@ -1,16 +1,12 @@
 # qqqq in development
-# qqqq not getting the events
 # this script seperate major and minor but we do merge them into the same branch. 
 # having two steps allows us to easily turn off major changes in future and then script them to their own branch and pipeline.
 name: auto-merge dependabot prs into collected branch
 on:
-  # pull_request:
-  # synchronize
-    # types: [opened, synchronize]
-    # branches: [Automatic_version_update_dependabot]  # make sure this matches your actual branch name
-  check_suite:
-    types: [completed]    
-  workflow_dispatch:
+  pull_request:
+    types: [opened, synchronize]
+    branches: [Automatic_version_update_dependabot]
+
 
 permissions:
   contents: write
@@ -26,25 +22,17 @@ jobs:
           echo "actor: ${{ github.actor }}"
           echo "pr title: ${{ github.event.pull_request.title }}"
           echo "github event_name: ${{ github.event_name }}"
-          echo "github event_suite conlusion: ${{ github.event.check_suite.conclusion }}"
           echo "target branch: ${{ github.event.pull_request.base.ref }}"
           echo "source branch: ${{ github.event.pull_request.head.ref }}"
-          echo "Check Suite ID: ${{ github.event.check_suite.id }}"
-          echo "Conclusion: ${{ github.event.check_suite.conclusion }}"
-          echo "Target Branch: ${{ github.event.check_suite.pull_requests[0].base.ref }}"
-          echo "PR Number: ${{ github.event.check_suite.pull_requests[0].number }}"
+          echo "PR Number: ${{ github.event.pull_request.number }}"
 
-          
+  # Branch rules ensure doesnt auto merge if shouldnt       
   auto-merge:
     runs-on: ubuntu-latest
-    # if: github.event.check_suite.pull_requests[0].base.ref == 'main'
-    # if dependabot and checks ran
-    # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success')
-    # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success')
-    if:  github.event.check_suite.conclusion == 'success' && github.actor == 'dependabot[bot]' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot'
+    # qqqq add in after testing if: github.actor == 'dependabot[bot]'
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up GitHub CLI
         run: |
@@ -54,26 +42,30 @@ jobs:
 
       - name: extract update type
         id: extract
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
+          echo "get pr title"
           pr_title="${{ github.event.pull_request.title }}"
-          if [[ $pr_title == *"(major)"* ]]; then
-            echo "update_type=major" >> $github_output
+          echo "PR title: $pr_title"
+          if [[ "$pr_title" == *"(major)"* ]]; then
+            echo "update_type=major" >> $GITHUB_OUTPUT
+            echo "Detected major update"
           else
-            echo "update_type=minor_or_patch" >> $github_output
+            echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT
+            echo "Detected minor or patch update"
           fi
 
       - name: auto-merge minor and patch updates
         if: steps.extract.outputs.update_type == 'minor_or_patch'
-        # auto should set the the request to merge once checks complete
-        # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}"
-        run: gh pr merge --auto 1
+        run: |
+          gh pr merge --auto --merge "${{ github.event.pull_request.number }}"
         env:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: auto-merge major updates
         if: steps.extract.outputs.update_type == 'major'
-        # auto should set the the request to merge once checks complete
-        # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}"
-        run: gh pr merge --auto 1
+        run: |
+          gh pr merge --auto --merge "${{ github.event.pull_request.number }}"
         env:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/automerge-dependabot-prs-into-collected-branch.yml-works-defunct

@@ -0,0 +1,99 @@
+# qqqq this does add auto merge but seems to trigger on the first set of checks git guardian (it seems), 
+# also it calls for checks not specifically for out branch
+# so an approach based one the branch is likely better
+name: auto-merge dependabot prs into collected branch
+on:
+  # pull_request:
+  # synchronize
+    # types: [opened, synchronize]
+    # branches: [Automatic_version_update_dependabot]  # make sure this matches your actual branch name
+  check_suite:
+    types: [completed]    
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+
+jobs:
+  debug:
+    runs-on: ubuntu-latest
+    steps:
+      - name: debug info
+        run: |
+          echo "actor: ${{ github.actor }}"
+          echo "pr title: ${{ github.event.pull_request.title }}"
+          echo "github event_name: ${{ github.event_name }}"
+          echo "github event_suite conlusion: ${{ github.event.check_suite.conclusion }}"
+          echo "target branch: ${{ github.event.pull_request.base.ref }}"
+          echo "source branch: ${{ github.event.pull_request.head.ref }}"
+          echo "Check Suite ID: ${{ github.event.check_suite.id }}"
+          echo "Conclusion: ${{ github.event.check_suite.conclusion }}"
+          echo "Target Branch: ${{ github.event.check_suite.pull_requests[0].base.ref }}"
+          echo "PR Number: ${{ github.event.check_suite.pull_requests[0].number }}"
+
+      - name: Dump event payload
+        run: |
+          echo "==== EVENT NAME ===="
+          echo "${{ github.event_name }}"
+          echo "==== RAW CHECK_SUITE PAYLOAD ===="
+          echo '${{ toJson(github.event.check_suite) }}'
+          echo "==== PRs in this check suite ===="
+          echo '${{ toJson(github.event.check_suite.pull_requests) }}'
+
+
+  auto-merge:
+    runs-on: ubuntu-latest
+    # if: github.event.check_suite.pull_requests[0].base.ref == 'main'
+    # if dependabot and checks ran
+    # if: (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success')
+    # qqqq put back in later if: (github.actor == 'dependabot[bot]' || github.event_name == 'workflow_dispatch')&& (github.event_name != 'check_suite' || github.event.check_suite.conclusion == 'success')
+
+
+    # qqqq add in after testing && github.actor == 'dependabot[bot]'
+    if:  github.event.check_suite.conclusion == 'success' && github.event.check_suite.pull_requests[0].base.ref == 'Automatic_version_update_dependabot'
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v3
+
+      - name: Set up GitHub CLI
+        run: |
+          # Install GitHub CLI (gh)
+          sudo apt-get update
+          sudo apt-get install gh
+
+      - name: extract update type
+        id: extract
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "get pr number"
+          pr_number=${{ github.event.check_suite.pull_requests[0].number }}
+          echo "PR title: $pr_number"
+          # pr_title="${{ github.event.pull_request.title }}"
+          pr_title=$(gh pr view "$pr_number" --json title --jq .title)
+          echo "PR title: $pr_title"
+          if [[ $pr_title == *"(major)"* ]]; then
+            echo "update_type=major" >> $GITHUB_OUTPUT
+          else
+            echo "update_type=minor_or_patch" >> $GITHUB_OUTPUT
+          fi
+
+      - name: auto-merge minor and patch updates
+        if: steps.extract.outputs.update_type == 'minor_or_patch'
+        # auto should set the the request to merge once checks complete
+        # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}"
+        # run: gh pr merge --auto 1
+        run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: auto-merge major updates
+        if: steps.extract.outputs.update_type == 'major'
+        # auto should set the the request to merge once checks complete
+        # qqqq could squash for cleaner? --squash "${{ github.event.pull_request.html_url }}"
+        # run: gh pr merge --auto 1
+        run: gh pr merge --auto --merge ${{ github.event.check_suite.pull_requests[0].number }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/workflow-readme.md

@@ -121,59 +121,5 @@ Via semantic release and recorded as a generate c# file used by a blazor compone
 
 ## Alternative Approaches
 
-
-name: Pull Request Checks
-
-# ⚠️ pull_request_target is dangerous it allows secrets to be used by forks and bots, ⚠️ 
-# ⚠️ we want dependabot only to be using these secrets so addition logic requires an "if" for every job ⚠️
-# We will restrict it by making pull_request_target only for the Automatic_version_update_dependabot and then use
-# an if to ensure its only by dependabot
-
-on:
-  pull_request:
-    branches: ['**']                # Run on all branches
-    branches-ignore: ['dependabot/**']  # Skip Dependabot PRs
-  pull_request_target:
-    branches: ['Automatic_version_update_dependabot']  # Base branch for Dependabot PRs
-  workflow_dispatch:
-
-jobs:
-  dummy:
-    if: |
-      (github.actor == 'dependabot[bot]' && 
-      startsWith(github.head_ref, 'dependabot/') &&
-      github.event_name == 'pull_request_target')
-      ||
-      (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request')
-    runs-on: ubuntu-latest
-    steps:
-      - name: Dummy Step
-        run: echo "This is a dummy job to allow workflow_dispatch"
-
-  pull-request-call-reusable-ci-checks-workflow:
-    if: |
-      (github.actor == 'dependabot[bot]' && 
-      startsWith(github.head_ref, 'dependabot/') &&
-      github.event_name == 'pull_request_target')
-      ||
-      (github.actor != 'dependabot[bot]' && github.event_name == 'pull_request')
-    name: Pull Request run CI Checks
-    uses: ./.github/workflows/reuseable-ci-checks.yml
-    needs: dummy
-    with:
-      runall: true
-
-    # could try secrets:inherit QQQQ
-    secrets:
-      UNITTESTS_APPSETTINGS_DEVELOPMENT: ${{ secrets.UNITTESTS_APPSETTINGS_DEVELOPMENT }}
-      WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_DEVELOPMENT }}
-      WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_DEVELOPMENT }}
-      WASMSERVERHOST_APPSETTINGS_DEVELOPMENT: ${{ secrets.WASMSERVERHOST_APPSETTINGS_DEVELOPMENT }}
-      TEL_GIT_PACKAGES_TOKEN: ${{secrets.NUGETKEY }}
-
-      UNITTESTS_APPSETTINGS_PRODUCTION: ${{ secrets.UNITTESTS_APPSETTINGS_PRODUCTION }}
-      WASMSTATICCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSTATICCLIENT_APPSETTINGS_PRODUCTION }}
-      WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOSTCLIENT_APPSETTINGS_PRODUCTION }}
-      WASMSERVERHOST_APPSETTINGS_PRODUCTION: ${{ secrets.WASMSERVERHOST_APPSETTINGS_PRODUCTION }}
-
-```
+- dont use pull-request-target for security reasons if can avoid it and if do use ifs to control it based on what branch and who is calling the workflow
+- can use secrets inherits might have been better for reuseable checks which because triggered by other workflows can directly access repo secrets instead need them passing

Directory.Packages.props

@@ -28,7 +28,7 @@
     <!-- Mapping -->
     <PackageVersion Include="AutoMapper" Version="12.0.1" />
     <!-- Logging (Serilog) -->
-    <PackageVersion Include="Serilog" Version="4.2.0" />
+    <PackageVersion Include="Serilog" Version="4.3.0" />
     <PackageVersion Include="Serilog.Extensions.Logging" Version="8.0.0" />
     <PackageVersion Include="Serilog.Formatting.Compact" Version="3.0.0" />
     <PackageVersion Include="Serilog.Settings.Configuration" Version="8.0.0" />

TELBlazor.Components.ShowCase.E2ETests.WasmServerHost/TELBlazor.Components.ShowCase.E2ETests.WasmServerHost.Client/packages.lock.json

@@ -40,21 +40,21 @@
       },
       "Microsoft.NET.ILLink.Tasks": {
         "type": "Direct",
-        "requested": "[8.0.19, )",
-        "resolved": "8.0.19",
-        "contentHash": "IhHf+zeZiaE5EXRyxILd4qM+Hj9cxV3sa8MpzZgeEhpvaG3a1VEGF6UCaPFLO44Kua3JkLKluE0SWVamS50PlA=="
+        "requested": "[8.0.18, )",
+        "resolved": "8.0.18",
+        "contentHash": "OiXqr2YIBEV9dsAWEtasK470ALyJ0VxJ9k4MotOxlWV6HeEgrJKYMW4HHj1OCCXvqE0/A25wEKPkpfiBARgDZA=="
       },
       "Microsoft.NET.Sdk.WebAssembly.Pack": {
         "type": "Direct",
-        "requested": "[8.0.19, )",
-        "resolved": "8.0.19",
-        "contentHash": "Cm/sq4ET7XGU7jBSfSh+s+eV0faJ1RnErpImRYN7+d5loWISBwl22qsM6sn9StUWKJao+xGvF0IxgyPVnY20Vw=="
+        "requested": "[8.0.18, )",
+        "resolved": "8.0.18",
+        "contentHash": "SoVkRwFwnaX39J1uaI72PTilSJ6OoonIG+2VMpazEaAA9t+aJt2Caf49q76SYv3x9iU8hu1axlMWSkR9rt8nIg=="
       },
       "Serilog": {
         "type": "Direct",
-        "requested": "[4.2.0, )",
-        "resolved": "4.2.0",
-        "contentHash": "gmoWVOvKgbME8TYR+gwMf7osROiWAURterc6Rt2dQyX7wtjZYpqFiA/pY6ztjGQKKV62GGCyOcmtP1UKMHgSmA=="
+        "requested": "[4.3.0, )",
+        "resolved": "4.3.0",
+        "contentHash": "+cDryFR0GRhsGOnZSKwaDzRRl4MupvJ42FhCE4zhQRVanX0Jpg6WuCBk59OVhVDPmab1bB+nRykAnykYELA9qQ=="
       },
       "Serilog.Extensions.Logging": {
         "type": "Direct",
@@ -305,23 +305,14 @@
           "System.Text.Encodings.Web": "8.0.0"
         }
       },
-      "telblazor.components": {
-        "type": "Project",
-        "dependencies": {
-          "Blazored.LocalStorage": "[4.5.0, )",
-          "Microsoft.AspNetCore.Components.Web": "[8.0.14, )",
-          "Microsoft.Extensions.Http": "[8.0.1, )",
-          "Serilog": "[4.2.0, )"
-        }
-      },
       "telblazor.components.showcase.shared": {
         "type": "Project",
         "dependencies": {
           "Blazored.LocalStorage": "[4.5.0, )",
           "Markdig": "[0.41.3, )",
           "Microsoft.AspNetCore.Components.Web": "[8.0.14, )",
-          "Serilog": "[4.2.0, )",
-          "TELBlazor.Components": "[1.2.6-local, )"
+          "Serilog": "[4.3.0, )",
+          "TELBlazor.Components": "(, )"
         }
       },
       "Markdig": {
@@ -380,6 +371,16 @@
         "dependencies": {
           "Serilog": "4.0.0"
         }
+      },
+      "TELBlazor.Components": {
+        "type": "CentralTransitive",
+        "requested": "(, )",
+        "resolved": "1.0.0",
+        "contentHash": "mkjzSgfupUrrAp57hk/4MOkFZwJRgw8a5oYhjotD0/NyPBhUPZ51z0G2Zd9owZ+CruScSmRngAvBiBAMJS7HCw==",
+        "dependencies": {
+          "Microsoft.AspNetCore.Components.Web": "8.0.14",
+          "Microsoft.Extensions.Http": "8.0.0"
+        }
       }
     },
     "net8.0/browser-wasm": {