Merge pull request #1612 from microsoft/mk/sync-v2-with-vnext-changes

Sync v2 branch with vnext changes

Author: MaggieKimani1

.azure-pipelines/ci-build.yml

@@ -21,7 +21,7 @@ pool:
 variables:
   buildPlatform: 'Any CPU'
   buildConfiguration: 'Release'
-  ProductBinPath: '$(Build.SourcesDirectory)\src\Microsoft.OpenApi\bin\$(BuildConfiguration)' 
+  ProductBinPath: '$(Build.SourcesDirectory)\src\Microsoft.OpenApi\bin\$(BuildConfiguration)'
 
 
 stages:
@@ -31,22 +31,22 @@ stages:
     - job: build
       steps:
       - task: UseDotNet@2
-        displayName: 'Use .NET 2' # needed for ESRP signing
+        displayName: 'Use .NET 6' # needed for ESRP signing
         inputs:
-          version: 2.x
+          version: 6.x
 
       - task: UseDotNet@2
         displayName: 'Use .NET 8'
         inputs:
           version: 8.x
 
-      - task: PoliCheck@1
+      - task: PoliCheck@2
         displayName: 'Run PoliCheck "/src"'
         inputs:
           inputType: CmdLine
           cmdLineArgs: '/F:$(Build.SourcesDirectory)/src /T:9 /Sev:"1|2" /PE:2 /O:poli_result_src.xml'
 
-      - task: PoliCheck@1
+      - task: PoliCheck@2
         displayName: 'Run PoliCheck "/test"'
         inputs:
           inputType: CmdLine
@@ -75,14 +75,14 @@ stages:
           arguments: '--configuration $(BuildConfiguration) --no-build'
 
       # CredScan
-      - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
+      - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
         displayName: 'Run CredScan - Src'
         inputs:
           toolMajorVersion: 'V2'
           scanFolder: '$(Build.SourcesDirectory)\src'
           debugMode: false
 
-      - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@2
+      - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
         displayName: 'Run CredScan - Test'
         inputs:
           toolMajorVersion: 'V2'
@@ -95,34 +95,38 @@ stages:
           FileDirPath: '$(ProductBinPath)'
         enabled: false
 
-      - task: BinSkim@3
+      - task: BinSkim@4
         displayName: 'Run BinSkim - Product Binaries'
         inputs:
           InputType: Basic
-          AnalyzeTarget: '$(ProductBinPath)\**\Microsoft.OpenApi.dll'
+          AnalyzeTargetGlob: '$(ProductBinPath)\**\Microsoft.OpenApi.dll'
           AnalyzeSymPath: '$(ProductBinPath)'
           AnalyzeVerbose: true
           AnalyzeHashes: true
           AnalyzeEnvironment: true
 
-      - task: PublishSecurityAnalysisLogs@2
+      - task: PublishSecurityAnalysisLogs@3
         displayName: 'Publish Security Analysis Logs'
         inputs:
           ArtifactName: SecurityLogs
 
-      - task: PostAnalysis@1
+      - task: PostAnalysis@2
         displayName: 'Post Analysis'
         inputs:
           BinSkim: true
           CredScan: true
           PoliCheck: true
 
-      - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+      - task: EsrpCodeSigning@2
         displayName: 'ESRP CodeSigning'
         inputs:
           ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)'
           FolderPath: src
           signConfigType: inlineSignParams
+          UseMinimatch: true
+          Pattern: |
+            **\*.exe
+            **\*.dll
           inlineOperation: |
             [
                 {
@@ -162,26 +166,27 @@ stages:
                 }
             ]
           SessionTimeout: 20
-           
+
       # Pack
       - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg
         displayName: 'pack OpenAPI'
-      
+
       # Pack
       - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg
         displayName: 'pack Readers'
 
       # Pack
       - pwsh: dotnet pack $(Build.SourcesDirectory)/src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj -o $(Build.ArtifactStagingDirectory) --configuration $(BuildConfiguration) --no-build --include-symbols --include-source /p:SymbolPackageFormat=snupkg
-        displayName: 'pack Hidi'     
-      
-      - task: SFP.build-tasks.custom-build-task-1.EsrpCodeSigning@1
+        displayName: 'pack Hidi'
+
+      - task: EsrpCodeSigning@2
         displayName: 'ESRP CodeSigning Nuget Packages'
         inputs:
           ConnectedServiceName: 'microsoftgraph ESRP CodeSign DLL and NuGet (AKV)'
           FolderPath: '$(Build.ArtifactStagingDirectory)'
           Pattern: '*.nupkg'
           signConfigType: inlineSignParams
+          UseMinimatch: true
           inlineOperation: |
             [
                 {
@@ -209,7 +214,7 @@ stages:
               $xml = [Xml] (Get-Content .\src\Microsoft.OpenApi.Hidi\Microsoft.OpenApi.Hidi.csproj)
               $version = $xml.Project.PropertyGroup.Version
               echo $version
-              echo "##vso[task.setvariable variable=hidiversion]$version"  
+              echo "##vso[task.setvariable variable=hidiversion]$version"
 
       # publish hidi as an .exe
       - task: DotNetCoreCLI@2
@@ -219,7 +224,7 @@ stages:
           arguments: -c Release --runtime win-x64 /p:PublishSingleFile=true /p:PackAsTool=false --self-contained --output $(Build.ArtifactStagingDirectory)/Microsoft.OpenApi.Hidi-v$(hidiversion)
           projects: 'src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj'
           publishWebProjects: False
-          zipAfterPublish: false 
+          zipAfterPublish: false
 
       - task: CopyFiles@2
         displayName: Prepare staging folder for upload
@@ -236,7 +241,7 @@ stages:
 
       - task: PublishBuildArtifacts@1
         displayName: 'Publish Artifact: Hidi'
-        inputs: 
+        inputs:
           ArtifactName: Microsoft.OpenApi.Hidi-v$(hidiversion)
           PathtoPublish: '$(Build.ArtifactStagingDirectory)/Microsoft.OpenApi.Hidi-v$(hidiversion)'
 
@@ -295,8 +300,8 @@ stages:
                   { "label" : "enhancement", "V2-Enhancement", "displayName" : "Enhancements", "state" : "closed" },
                   { "label" : "bug", "bug-fix", "displayName" : "Bugs", "state" : "closed" },
                   { "label" : "documentation", "doc", "displayName" : "Documentation", "state" : "closed"},
-                  { "label" : "dependencies", "displayName" : "Package Updates", "state" : "closed" }]'                
-    
+                  { "label" : "dependencies", "displayName" : "Package Updates", "state" : "closed" }]'
+
     - deployment: deploy_lib
       dependsOn: []
       environment: nuget-org

.github/workflows/auto-merge-dependabot.yml

@@ -19,7 +19,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v1.6.0
+        uses: dependabot/fetch-metadata@v2.0.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 

.github/workflows/ci-cd.yml

@@ -2,6 +2,9 @@ name: CI/CD Pipeline
 
 on: [push, pull_request, workflow_dispatch]
 
+permissions:
+  contents: write
+
 jobs:
   ci:
     name: Continuous Integration
@@ -49,7 +52,7 @@ jobs:
       - if: steps.conditionals_handler.outputs.is_default_branch == 'true'
         name: Bump GH tag
         id: tag_generator
-        uses: mathieudutour/github-tag-action@v6.1
+        uses: mathieudutour/github-tag-action@v6.2
         with: 
           github_token: ${{ secrets.GITHUB_TOKEN }}
           default_bump: false

.github/workflows/codeql-analysis.yml

@@ -7,6 +7,11 @@ on:
   schedule:
     - cron: '0 8 * * *'
 
+permissions:
+  contents: read # these permissions are required to run the codeql analysis
+  actions: read
+  security-events: write
+
 jobs:
   analyze:
     name: CodeQL Analysis
@@ -23,7 +28,7 @@ jobs:
 
       - name: Initialize CodeQL
         id: init_codeql
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           queries: security-and-quality
 
@@ -43,6 +48,6 @@ jobs:
 
       - name: Perform CodeQL Analysis
         id: analyze_codeql
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
 
 # Built with ❤ by [Pipeline Foundation](https://pipeline.foundation)

.github/workflows/docker.yml

@@ -17,7 +17,7 @@ jobs:
       - name: Check out the repo
         uses: actions/checkout@v4
       - name: Login to GitHub package feed
-        uses: docker/login-action@v3.0.0 
+        uses: docker/login-action@v3.1.0 
         with:
           username: ${{ secrets.ACR_USERNAME }}
           password: ${{ secrets.ACR_PASSWORD }}
@@ -30,13 +30,13 @@ jobs:
         id: getversion
       - name: Push to GitHub Packages - Nightly
         if: ${{ github.ref == 'refs/heads/vnext' }}
-        uses: docker/build-push-action@v5.1.0
+        uses: docker/build-push-action@v5.3.0
         with:
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly
       - name: Push to GitHub Packages - Release
         if: ${{ github.ref == 'refs/heads/master' }}
-        uses: docker/build-push-action@v5.1.0
+        uses: docker/build-push-action@v5.3.0
         with:
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.getversion.outputs.version }}

.github/workflows/sonarcloud.yml

@@ -9,6 +9,11 @@ on:
     types: [opened, synchronize, reopened]
     paths-ignore: ['.vscode/**']
 
+
+permissions:
+  contents: read
+  pull-requests: read
+
 env:
   SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
@@ -34,10 +39,6 @@ jobs:
         with:
           distribution: 'adopt'
           java-version: 17
-      - name: Setup .NET 5 # At the moment the scanner requires dotnet 5 https://www.nuget.org/packages/dotnet-sonarscanner
-        uses: actions/setup-dotnet@v4
-        with:
-          dotnet-version: 5.0.x
       - name: Setup .NET
         uses: actions/setup-dotnet@v4
         with:
@@ -46,14 +47,14 @@ jobs:
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
       - name: Cache SonarCloud scanner
         id: cache-sonar-scanner
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ./.sonar/scanner
           key: ${{ runner.os }}-sonar-scanner

.vscode/launch.json

@@ -10,7 +10,7 @@
             "request": "launch",
             "preLaunchTask": "build",
             // If you have changed target frameworks, make sure to update the program path.
-            "program": "${workspaceFolder}/src/Microsoft.OpenApi.Hidi/bin/Debug/net7.0/Microsoft.OpenApi.Hidi.dll",
+            "program": "${workspaceFolder}/src/Microsoft.OpenApi.Hidi/bin/Debug/net8.0/Microsoft.OpenApi.Hidi.dll",
             "args": ["plugin", 
                     "-m","C:\\Users\\darrmi\\src\\github\\microsoft\\openapi.net\\test\\Microsoft.OpenApi.Hidi.Tests\\UtilityFiles\\exampleapimanifest.json", 
                     "--of","./output"],
@@ -28,7 +28,7 @@
             "request": "launch",
             "preLaunchTask": "build",
             // If you have changed target frameworks, make sure to update the program path.
-            "program": "${workspaceFolder}/src/Microsoft.OpenApi.WorkBench/bin/Debug/net7.0-windows/Microsoft.OpenApi.Workbench.exe",
+            "program": "${workspaceFolder}/src/Microsoft.OpenApi.WorkBench/bin/Debug/net8.0-windows/Microsoft.OpenApi.Workbench.exe",
             "args": [],
             "cwd": "${workspaceFolder}/src/Microsoft.OpenApi.Workbench",
             // For more information about the 'console' field, see https://aka.ms/VSCode-CS-LaunchJson-Console

Dockerfile

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/sdk:7.0 AS build-env
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
 WORKDIR /app
 
 COPY ./src ./hidi/src
@@ -7,10 +7,10 @@ COPY ./README.md ./hidi/README.md
 WORKDIR /app/hidi
 RUN dotnet publish ./src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj -c Release
 
-FROM mcr.microsoft.com/dotnet/runtime:7.0 AS runtime
+FROM mcr.microsoft.com/dotnet/runtime:8.0-jammy-chiseled AS runtime
 WORKDIR /app
 
-COPY --from=build-env /app/hidi/src/Microsoft.OpenApi.Hidi/bin/Release/net7.0 ./
+COPY --from=build-env /app/hidi/src/Microsoft.OpenApi.Hidi/bin/Release/net8.0 ./
 
 VOLUME /app/output
 VOLUME /app/openapi.yml

src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj

@@ -9,7 +9,7 @@
     <Nullable>enable</Nullable>
     <ToolCommandName>hidi</ToolCommandName>
     <PackageOutputPath>./../../artifacts</PackageOutputPath>
-    <Version>1.3.6</Version>
+    <Version>1.4.0</Version>
     <Description>OpenAPI.NET CLI tool for slicing OpenAPI documents</Description>
     <SignAssembly>true</SignAssembly>
     <!-- https://github.com/dotnet/sourcelink/blob/main/docs/README.md#embeduntrackedsources -->
@@ -30,12 +30,12 @@
   <ItemGroup>
     <PackageReference Include="Humanizer.Core" Version="2.14.1" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="8.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="8.0.0" />
     <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
     <PackageReference Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
     <PackageReference Include="Microsoft.OData.Edm" Version="7.20.0" />
-    <PackageReference Include="Microsoft.OpenApi.OData" Version="1.5.0" />
+    <PackageReference Include="Microsoft.OpenApi.OData" Version="1.6.1" />
     <PackageReference Include="Microsoft.OpenApi.ApiManifest" Version="0.5.0-preview" />
     <PackageReference Include="System.CommandLine.Hosting" Version="0.4.0-alpha.22272.1" />
   </ItemGroup>

src/Microsoft.OpenApi.Hidi/OpenApiService.cs

@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
+// Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license.
 
 using System;
@@ -285,7 +285,7 @@ private static async Task<OpenApiDocument> GetOpenApi(HidiOptions options, strin
                     predicate = OpenApiFilterService.CreatePredicate(tags: filterByTags);
 
                 }
-                if (requestUrls.Count != 0)
+                if (requestUrls.Count > 0)
                 {
                     logger.LogTrace("Creating predicate based on the paths and Http methods defined in the Postman collection.");
                     predicate = OpenApiFilterService.CreatePredicate(requestUrls: requestUrls, source: document);