Skip to content

Commit 6abd952

Browse files
christophwillechristophwille
committed
Merge branch 'christophwille/sbomtargets' of https://github.com/icsharpcode/ILSpy into christophwille/sbomtargets
2 parents 2c17f1d + e734f71 commit 6abd952

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

46 files changed

+1343
-139
lines changed

.github/workflows/build-frontends.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ on:
66
pull_request:
77
branches: [ master, release/** ]
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
build:
1114
runs-on: ubuntu-latest

.github/workflows/build-ilspy.yml

Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,13 @@ on:
66
pull_request:
77
branches: [ master, release/** ]
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
Build:
14+
permissions:
15+
packages: write # for dotnet nuget push
1116
runs-on: windows-2022
1217
strategy:
1318
fail-fast: false
@@ -30,12 +35,15 @@ jobs:
3035
with:
3136
dotnet-version: '8.0.x'
3237
dotnet-quality: 'ga'
33-
38+
env:
39+
DOTNET_INSTALL_DIR: ${{ runner.temp }}/.dotnet
40+
DOTNET_ROOT: ${{ runner.temp }}/.dotnet
41+
3442
- name: Add msbuild to PATH
3543
uses: microsoft/setup-msbuild@v2
3644

3745
- name: Install dotnet-format
38-
run: dotnet tool install -g dotnet-format --version "8.0.453106" --add-source https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet8/nuget/v3/index.json
46+
run: dotnet tool install -g dotnet-format --version "8.3.546805" --add-source https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet8/nuget/v3/index.json
3947

4048
- name: Get Version
4149
id: version
@@ -150,7 +158,20 @@ jobs:
150158
if: github.ref == 'refs/heads/master' && matrix.configuration == 'release'
151159
run: |
152160
dotnet nuget push "ICSharpCode.ILSpyX\bin\Release\ICSharpCode.ILSpyX*.nupkg" --api-key ${{ secrets.GITHUB_TOKEN }} --source https://nuget.pkg.github.com/${{ github.repository_owner }}
153-
161+
162+
- name: Upload BamlDecompiler NuGet release build artifacts
163+
if: matrix.configuration == 'release'
164+
uses: actions/upload-artifact@v4
165+
with:
166+
name: ICSharpCode.BamlDecompiler NuGet Package (${{ matrix.configuration }})
167+
path: ICSharpCode.BamlDecompiler\bin\Release\ICSharpCode.BamlDecompiler*.nupkg
168+
if-no-files-found: error
169+
170+
- name: Publish DecomBamlDecompilerpiler NuGet
171+
if: github.ref == 'refs/heads/master' && matrix.configuration == 'release'
172+
run: |
173+
dotnet nuget push "ICSharpCode.BamlDecompiler\bin\Release\ICSharpCode.BamlDecompiler*.nupkg" --api-key ${{ secrets.GITHUB_TOKEN }} --source https://nuget.pkg.github.com/${{ github.repository_owner }}
174+
154175
- name: Upload zip binaries build artifacts
155176
uses: actions/upload-artifact@v4
156177
with:

.github/workflows/codeql-analysis.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,15 @@ on:
66
pull_request:
77
branches: [ master, release/** ]
88

9+
permissions:
10+
contents: read
11+
912
jobs:
1013
analyze:
14+
permissions:
15+
actions: read # for github/codeql-action/init to get workflow details
16+
security-events: write # for github/codeql-action/analyze to upload SARIF results
17+
1118
name: Analyze
1219
runs-on: ubuntu-latest
1320

.github/workflows/generate-bom.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@ name: Generate BOM
33
on:
44
workflow_dispatch:
55

6+
permissions:
7+
contents: read
8+
69
jobs:
710
build:
811

.github/workflows/lock.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,13 @@ on:
44
schedule:
55
- cron: '0 0 * * *'
66

7+
permissions:
8+
contents: read
9+
710
jobs:
811
lock:
12+
permissions:
13+
issues: write # for dessant/lock-threads to lock issues
914
runs-on: ubuntu-latest
1015
steps:
1116
- uses: dessant/[email protected]

.github/workflows/scorecard.yml

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
name: Scorecard supply-chain security
2+
on:
3+
# For Branch-Protection check. Only the default branch is supported. See
4+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection (disabled)
5+
# branch_protection_rule:
6+
workflow_dispatch:
7+
8+
# schedule ("Maintained") and push are disabled atm
9+
# schedule:
10+
# - cron: '25 1 * * 2'
11+
# push:
12+
# branches: [ "master" ]
13+
14+
permissions: read-all
15+
16+
jobs:
17+
analysis:
18+
name: Scorecard analysis
19+
runs-on: ubuntu-latest
20+
permissions:
21+
security-events: write # Needed to upload the results to code-scanning dashboard.
22+
id-token: write # Needed to publish results and get a badge (see publish_results below).
23+
24+
steps:
25+
- name: "Checkout code"
26+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
27+
with:
28+
persist-credentials: false
29+
30+
- name: "Run analysis"
31+
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
32+
with:
33+
results_file: results.sarif
34+
results_format: sarif
35+
publish_results: true
36+
37+
- name: "Upload artifact"
38+
uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
39+
with:
40+
name: SARIF file
41+
path: results.sarif
42+
retention-days: 5
43+
44+
- name: "Upload to code-scanning"
45+
uses: github/codeql-action/upload-sarif@v3
46+
with:
47+
sarif_file: results.sarif

BuildTools/pre-commit

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55

66
set -eu
77

8-
DOTNET_FORMAT_VERSION=8.0.453106
8+
DOTNET_FORMAT_VERSION=8.3.546805
99
DOTNET_PATH="$LOCALAPPDATA/ICSharpCode/ILSpy/dotnet-format-$DOTNET_FORMAT_VERSION"
1010
if [ ! -d "$DOTNET_PATH" ]; then
1111
echo "Downloading dotnet-format $DOTNET_FORMAT_VERSION..."

Directory.Packages.props

Lines changed: 26 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -5,52 +5,55 @@
55
</PropertyGroup>
66
<ItemGroup>
77
<PackageVersion Include="AvalonEdit" Version="6.3.0.90" />
8-
<PackageVersion Include="CliWrap" Version="3.6.6" />
8+
<PackageVersion Include="CliWrap" Version="3.7.0" />
99
<PackageVersion Include="DataGridExtensions" Version="2.6.0" />
1010
<PackageVersion Include="DiffLib" Version="2017.7.26.1241" />
1111
<PackageVersion Include="Dirkster.AvalonDock.Themes.VS2013" Version="4.72.1" />
12-
<PackageVersion Include="FluentAssertions" Version="6.12.1" />
13-
<PackageVersion Include="ILCompiler.Reflection.ReadyToRun.Experimental" Version="8.0.0-rc.2.23471.30" />
12+
<PackageVersion Include="FluentAssertions" Version="7.0.0" />
13+
<PackageVersion Include="ILCompiler.Reflection.ReadyToRun.Experimental" Version="9.0.1-rtm.24557.9" />
1414
<PackageVersion Include="Iced" Version="1.21.0" />
15-
<PackageVersion Include="JunitXml.TestLogger" Version="4.1.0" />
15+
<PackageVersion Include="JunitXml.TestLogger" Version="5.0.0" />
1616
<PackageVersion Include="K4os.Compression.LZ4" Version="1.3.8" />
1717
<PackageVersion Include="McMaster.Extensions.CommandLineUtils" Version="4.1.1" />
1818
<PackageVersion Include="McMaster.Extensions.Hosting.CommandLine" Version="4.1.1" />
19-
<PackageVersion Include="Microsoft.CodeAnalysis.CSharp" Version="4.11.0" />
20-
<PackageVersion Include="Microsoft.CodeAnalysis.VisualBasic" Version="4.11.0" />
19+
<PackageVersion Include="Microsoft.CodeAnalysis.CSharp" Version="4.12.0" />
20+
<PackageVersion Include="Microsoft.CodeAnalysis.VisualBasic" Version="4.12.0" />
2121
<PackageVersion Include="Microsoft.DiaSymReader.Converter.Xml" Version="1.1.0-beta2-22171-02" />
2222
<PackageVersion Include="Microsoft.DiaSymReader" Version="1.4.0" />
2323
<PackageVersion Include="Microsoft.DiaSymReader.Native" Version="17.0.0-beta1.21524.1" />
2424
<PackageVersion Include="Microsoft.Extensions.Configuration" Version="8.0.0" />
2525
<PackageVersion Include="Microsoft.Extensions.Configuration.Json" Version="8.0.1" />
2626
<PackageVersion Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="8.0.2" />
2727
<PackageVersion Include="Microsoft.Extensions.Hosting" Version="8.0.1" />
28-
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
29-
<PackageVersion Include="Microsoft.NETCore.ILAsm" Version="8.0.0" />
30-
<PackageVersion Include="Microsoft.NETCore.ILDAsm" Version="8.0.0" />
28+
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
29+
<PackageVersion Include="Microsoft.NETCore.ILAsm" Version="9.0.0" />
30+
<PackageVersion Include="Microsoft.NETCore.ILDAsm" Version="9.0.0" />
3131
<PackageVersion Include="Microsoft.SourceLink.GitHub" Version="8.0.0" />
3232
<PackageVersion Include="Microsoft.Xaml.Behaviors.Wpf" Version="1.1.135" />
3333
<PackageVersion Include="Mono.Cecil" Version="0.11.6" />
3434
<PackageVersion Include="NaturalSort.Extension" Version="4.3.0" />
35-
<PackageVersion Include="NSubstitute" Version="5.1.0" />
35+
<PackageVersion Include="NSubstitute" Version="5.3.0" />
3636
<PackageVersion Include="NSubstitute.Analyzers.CSharp" Version="1.0.17" />
37-
<PackageVersion Include="NUnit" Version="4.2.2" />
37+
<PackageVersion Include="NUnit" Version="4.3.2" />
3838
<PackageVersion Include="NUnit3TestAdapter" Version="4.6.0" />
39-
<PackageVersion Include="NuGet.Protocol" Version="6.11.1" />
39+
<PackageVersion Include="NuGet.Protocol" Version="6.12.1" />
4040
<PackageVersion Include="PowerShellStandard.Library" Version="5.1.1" />
41-
<PackageVersion Include="System.Composition.AttributedModel" Version="8.0.0" />
42-
<PackageVersion Include="System.Collections.Immutable" Version="8.0.0" />
43-
<PackageVersion Include="System.Memory" Version="4.5.5" />
44-
<PackageVersion Include="System.Reflection.Metadata" Version="8.0.1" />
45-
<PackageVersion Include="System.Resources.Extensions" Version="8.0.0" />
46-
<PackageVersion Include="System.Runtime.CompilerServices.Unsafe" Version="6.0.0" />
47-
<PackageVersion Include="TomsToolbox.Composition.MicrosoftExtensions" Version="2.20.0" />
41+
<PackageVersion Include="System.Composition.AttributedModel" Version="9.0.0" />
42+
<PackageVersion Include="System.Collections.Immutable" Version="9.0.0" />
43+
<PackageVersion Include="System.Memory" Version="4.6.0" />
44+
<PackageVersion Include="System.Reflection.Metadata" Version="9.0.0" />
45+
<PackageVersion Include="System.Resources.Extensions" Version="9.0.0" />
46+
<PackageVersion Include="System.Runtime.CompilerServices.Unsafe" Version="6.1.0" />
47+
<PackageVersion Include="TomsToolbox.Composition.MicrosoftExtensions" Version="2.21.0" />
4848
<PackageVersion Include="TomsToolbox.Wpf.Composition" Version="2.20.0" />
49-
<PackageVersion Include="TomsToolbox.Wpf.Composition.AttributedModel" Version="2.20.0" />
50-
<PackageVersion Include="TomsToolbox.Wpf.Styles" Version="2.20.0" />
51-
<PackageVersion Include="coverlet.collector" Version="6.0.2" />
49+
<PackageVersion Include="TomsToolbox.Wpf.Composition.AttributedModel" Version="2.21.0" />
50+
<PackageVersion Include="TomsToolbox.Wpf.Styles" Version="2.21.0" />
51+
<PackageVersion Include="coverlet.collector" Version="6.0.3" />
52+
<PackageVersion Include="System.Net.Http" Version="4.3.4" />
53+
<PackageVersion Include="System.Private.Uri" Version="4.3.2" />
54+
<PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
5255
</ItemGroup>
5356
<ItemGroup>
54-
<GlobalPackageReference Include="TomsToolbox.Composition.Analyzer" Version="2.20.0" />
57+
<GlobalPackageReference Include="TomsToolbox.Composition.Analyzer" Version="2.21.0" />
5558
</ItemGroup>
5659
</Project>

ICSharpCode.BamlDecompiler/ICSharpCode.BamlDecompiler.csproj

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,12 @@
4141
<None Include="PackageReadme.md" Pack="true" PackagePath="\" />
4242
</ItemGroup>
4343

44+
<!-- https://devblogs.microsoft.com/nuget/enable-repeatable-package-restores-using-a-lock-file/ -->
45+
<PropertyGroup>
46+
<RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
47+
<RestoreLockedMode Condition="'$(GITHUB_ACTIONS)' == 'true'">true</RestoreLockedMode>
48+
</PropertyGroup>
49+
4450
<ItemGroup>
4551
<Compile Remove="Properties\AssemblyInfo.template.cs" />
4652
</ItemGroup>

ICSharpCode.BamlDecompiler/packages.lock.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"version": 2,
3+
"dependencies": {
4+
"net8.0": {
5+
"TomsToolbox.Composition.Analyzer": {
6+
"type": "Direct",
7+
"requested": "[2.21.0, )",
8+
"resolved": "2.21.0",
9+
"contentHash": "vJx9hxAzjni34slGz78ewqYP9Ylk8dJszfEUK1TF5cflVKMBO3ORSFd0FtICTwJtE8munvZrMrcLWwXt5bIcEA=="
10+
},
11+
"icsharpcode.decompiler": {
12+
"type": "Project",
13+
"dependencies": {
14+
"System.Collections.Immutable": "[6.0.0, )",
15+
"System.Reflection.Metadata": "[6.0.0, )"
16+
}
17+
},
18+
"System.Collections.Immutable": {
19+
"type": "CentralTransitive",
20+
"requested": "[9.0.0, )",
21+
"resolved": "6.0.0",
22+
"contentHash": "l4zZJ1WU2hqpQQHXz1rvC3etVZN+2DLmQMO79FhOTZHMn8tDRr+WU287sbomD0BETlmKDn0ygUgVy9k5xkkJdA==",
23+
"dependencies": {
24+
"System.Runtime.CompilerServices.Unsafe": "6.0.0"
25+
}
26+
},
27+
"System.Reflection.Metadata": {
28+
"type": "CentralTransitive",
29+
"requested": "[9.0.0, )",
30+
"resolved": "6.0.0",
31+
"contentHash": "sffDOcex1C3HO5kDolOYcWXTwRpZY/LvJujM6SMjn63fWMJWchYAAmkoAJXlbpZ5yf4d+KMgxd+LeETa4gD9sQ==",
32+
"dependencies": {
33+
"System.Collections.Immutable": "6.0.0"
34+
}
35+
},
36+
"System.Runtime.CompilerServices.Unsafe": {
37+
"type": "CentralTransitive",
38+
"requested": "[6.1.0, )",
39+
"resolved": "6.0.0",
40+
"contentHash": "/iUeP3tq1S0XdNNoMz5C9twLSrM/TH+qElHkXWaPvuNOt+99G75NrV0OS2EqHx5wMN7popYjpc8oTjC1y16DLg=="
41+
}
42+
}
43+
}
44+
}

0 commit comments

Comments
 (0)