Merge v8.0.0 into main #39
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…s.iOS.BEMCheckBox project.
Update documentation for v8.0.0 release
- Introducing a separate job dedicated to NuGet publishing, triggered only for tagged builds. - Uploading the NuGet package as an artifact in the build job. - Downloading the artifact in the publish job. - Corrects the path to the NuGet package in the push command, using the output version from the build job.
Enable Trusted Publishing for NuGet
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
12
to
67
| name: Build and Test | ||
| runs-on: macos-15 | ||
| outputs: | ||
| version: ${{ steps.gitversion.outputs.semVer }} | ||
| defaults: | ||
| run: | ||
| working-directory: Source | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v5 | ||
| with: | ||
| fetch-depth: 0 # Required for Calculate Version step (e.g. GitVersion) | ||
|
|
||
| # Required by GitVersion | ||
|
|
||
| - name: Install .NET 8.0 | ||
| uses: actions/setup-dotnet@v5 | ||
| with: | ||
| dotnet-version: 8.0 | ||
|
|
||
| - name: Install Workloads | ||
| run: dotnet workload restore | ||
|
|
||
| - name: Install GitVersion | ||
| uses: gittools/actions/gitversion/setup@51d325634925d7d9ce0a7efc2c586c0bc2b9eee6 #v3.2.1 | ||
| with: | ||
| versionSpec: '6.3.0' | ||
|
|
||
| - name: Determine Version | ||
| id: gitversion | ||
| uses: gittools/actions/gitversion/execute@51d325634925d7d9ce0a7efc2c586c0bc2b9eee6 #v3.2.1 | ||
| with: | ||
| useConfigFile: true | ||
| updateProjectFiles: true | ||
|
|
||
| - name: NuGet | ||
| - name: NuGet Restore | ||
| run: dotnet restore | ||
|
|
||
| # Smoke test to make sure the Example Client builds. We don't do a release build | ||
| # of the Example Client because it takes a long time and we don't publish it. | ||
| - name: Debug Build of Solution to Smoke test Example Client | ||
| - name: Debug Build of Solution to Smoke Test Example Client | ||
| run: dotnet build -c Debug | ||
|
|
||
| - name: Create NuGet Package | ||
| run: dotnet pack SaturdayMP.XPlugins.iOS.BEMCheckBox/SaturdayMP.XPlugins.iOS.BEMCheckBox.csproj -c Release | ||
|
|
||
| - name: Upload NuGet Package Artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: nuget-package | ||
| path: Source/SaturdayMP.XPlugins.iOS.BEMCheckBox/bin/Release/SaturdayMP.XPlugins.iOS.BEMCheckBox.${{ steps.gitversion.outputs.semVer }}.nupkg | ||
| retention-days: 90 | ||
|
|
||
| - name: Publish to MyGet | ||
| run: dotnet nuget push SaturdayMP.XPlugins.iOS.BEMCheckBox/bin/Release/SaturdayMP.XPlugins.iOS.BEMCheckBox.${{ steps.gitversion.outputs.semVer }}.nupkg -k ${{ secrets.MYGET_API_KEY }} -s https://www.myget.org/F/saturdaymp/api/v3/index.json | ||
|
|
||
| # Only push tagged builds to NuGet. These will be production or release candidates. | ||
| - name: Upload to NuGet | ||
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | ||
| run: dotnet nuget push SaturdayMP.XPlugins.iOS.BEMCheckBox/bin/Release/SaturdayMP.XPlugins.iOS.BEMCheckBox.${{ steps.gitversion.outputs.semVer }}.nupkg -k ${{ secrets.NUGET_API_KEY }} --skip-duplicate --no-symbols -s https://api.nuget.org/v3/index.json | ||
| publish-nuget: | ||
| name: Publish to NuGet | ||
| runs-on: ubuntu-latest | ||
| needs: build | ||
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | ||
| permissions: | ||
| id-token: write # Required for Trusted Publishing (OIDC token generation) | ||
|
|
||
| steps: | ||
| - name: Install .NET 8.0 | ||
| uses: actions/setup-dotnet@v5 | ||
| with: | ||
| dotnet-version: 8.0 | ||
|
|
||
| - name: Download NuGet Package Artifact |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 2 months ago
To fix this problem, add a permissions block to the build job in .github/workflows/ci.yml, specifying the minimal privileges it requires. Because the steps in the build job only need to read from the repository (e.g., checkout code, restore packages), the permission can be set to contents: read, which is the safest minimal value. This change should be introduced directly under the job’s name (after name: Build and Test and before other block entries). No other workflow structure or step logic is altered.
Suggested changeset
1
.github/workflows/ci.yml
| @@ -10,6 +10,8 @@ | ||
| jobs: | ||
| build: | ||
| name: Build and Test | ||
| permissions: | ||
| contents: read | ||
| runs-on: macos-15 | ||
| outputs: | ||
| version: ${{ steps.gitversion.outputs.semVer }} |
Copilot is powered by AI and may make mistakes. Always verify output.
.github/workflows/ci.yml
Outdated
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge v8.0.0 into main.