Skip to content

Merge v8.0.0 into main #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mrbiggred merged 15 commits into from
Nov 27, 2025
Merged

Merge v8.0.0 into main #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
95a8f56
Add AGENTS.md providing detailed guidance for AI tools in the XPlugin…
mrbiggred Nov 19, 2025
02d2611
Add CLAUDE.md to provide guidance for code assistant usage
mrbiggred Nov 19, 2025
cefeee1
Updated README for the 8.0.0 release.
mrbiggred Nov 19, 2025
b5ea13c
Committing auto generated change log.
mrbiggred Nov 19, 2025
c651188
Fix formatting issues in tables and hyperlinks in README and AGENTS.m…
mrbiggred Nov 19, 2025
44897b4
Merge pull request #37 from saturdaymp/feature/update-documentation
mrbiggred Nov 19, 2025
8dd9e57
Committing auto generated change log.
mrbiggred Nov 19, 2025
f960de7
Break up build and NuGet publish to separate sections
mrbiggred Nov 27, 2025
68c7fe2
Enable Trusted Publishing for NuGet with OIDC Authentication in CI wo…
mrbiggred Nov 27, 2025
eaf45af
Fix issue with NuGet publish not using login correctly.
mrbiggred Nov 27, 2025
b57994c
Fix typo in artifact path for NuGet package in CI workflow
mrbiggred Nov 27, 2025
090af09
Fix spacing issue in NuGet publish command in CI workflow
mrbiggred Nov 27, 2025
e6ffc8f
Remove nuspec file for SaturdayMP.XPlugins.iOS.BEMCheckBox.
mrbiggred Nov 27, 2025
10c0066
Merge pull request #38 from saturdaymp/feature/fix-nuget-push
mrbiggred Nov 27, 2025
3afea11
Committing auto generated change log.
mrbiggred Nov 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 43 additions & 9 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,54 +9,88 @@

jobs:
build:
name: Build Job
name: Build and Test
runs-on: macos-15
outputs:
version: ${{ steps.gitversion.outputs.semVer }}
defaults:
run:
working-directory: Source

steps:
- name: Checkout
uses: actions/checkout@v5
with:
fetch-depth: 0 # Required for Calculate Version step (e.g. GitVersion)

# Required by GitVersion

- name: Install .NET 8.0
uses: actions/setup-dotnet@v5
with:
dotnet-version: 8.0

- name: Install Workloads
run: dotnet workload restore

- name: Install GitVersion
uses: gittools/actions/gitversion/setup@51d325634925d7d9ce0a7efc2c586c0bc2b9eee6 #v3.2.1
with:
versionSpec: '6.3.0'

- name: Determine Version
id: gitversion
uses: gittools/actions/gitversion/execute@51d325634925d7d9ce0a7efc2c586c0bc2b9eee6 #v3.2.1
with:
useConfigFile: true
updateProjectFiles: true

- name: NuGet
- name: NuGet Restore
run: dotnet restore

# Smoke test to make sure the Example Client builds. We don't do a release build
# of the Example Client because it takes a long time and we don't publish it.
- name: Debug Build of Solution to Smoke test Example Client
- name: Debug Build of Solution to Smoke Test Example Client
run: dotnet build -c Debug

- name: Create NuGet Package
run: dotnet pack SaturdayMP.XPlugins.iOS.BEMCheckBox/SaturdayMP.XPlugins.iOS.BEMCheckBox.csproj -c Release

- name: Upload NuGet Package Artifact
uses: actions/upload-artifact@v4
with:
name: nuget-package
path: Source/SaturdayMP.XPlugins.iOS.BEMCheckBox/bin/Release/SaturdayMP.XPlugins.iOS.BEMCheckBox.${{ steps.gitversion.outputs.semVer }}.nupkg
retention-days: 90

- name: Publish to MyGet
run: dotnet nuget push SaturdayMP.XPlugins.iOS.BEMCheckBox/bin/Release/SaturdayMP.XPlugins.iOS.BEMCheckBox.${{ steps.gitversion.outputs.semVer }}.nupkg -k ${{ secrets.MYGET_API_KEY }} -s https://www.myget.org/F/saturdaymp/api/v3/index.json

# Only push tagged builds to NuGet. These will be production or release candidates.
- name: Upload to NuGet
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
run: dotnet nuget push SaturdayMP.XPlugins.iOS.BEMCheckBox/bin/Release/SaturdayMP.XPlugins.iOS.BEMCheckBox.${{ steps.gitversion.outputs.semVer }}.nupkg -k ${{ secrets.NUGET_API_KEY }} --skip-duplicate --no-symbols -s https://api.nuget.org/v3/index.json
publish-nuget:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI about 2 months ago

To fix this problem, add a permissions block to the build job in .github/workflows/ci.yml, specifying the minimal privileges it requires. Because the steps in the build job only need to read from the repository (e.g., checkout code, restore packages), the permission can be set to contents: read, which is the safest minimal value. This change should be introduced directly under the job’s name (after name: Build and Test and before other block entries). No other workflow structure or step logic is altered.

Suggested changeset 1
.github/workflows/ci.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,6 +10,8 @@
 jobs:
   build:
     name: Build and Test
+    permissions:
+      contents: read
     runs-on: macos-15
     outputs:
       version: ${{ steps.gitversion.outputs.semVer }}
EOF
@@ -10,6 +10,8 @@
jobs:
build:
name: Build and Test
permissions:
contents: read
runs-on: macos-15
outputs:
version: ${{ steps.gitversion.outputs.semVer }}
Copilot is powered by AI and may make mistakes. Always verify output.
name: Publish to NuGet
runs-on: ubuntu-latest
needs: build
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
permissions:
id-token: write # Required for Trusted Publishing (OIDC token generation)

steps:
- name: Install .NET 8.0
uses: actions/setup-dotnet@v5
with:
dotnet-version: 8.0

- name: Download NuGet Package Artifact
uses: actions/download-artifact@v4
with:
name: nuget-package
path: ./packages

# Authenticate to NuGet.org using Trusted Publishing (OIDC)
- name: Login to NuGet
uses: NuGet/login@v1

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'CI' step
Uses Step: nuget-login
Loading
uses 'NuGet/login' with ref 'v1', not a pinned commit hash
id: nuget-login
with:
user: ${{ secrets.NUGET_USERNAME }}

# Only push tagged builds to NuGet. These will be production or release candidates.
- name: Publish to NuGet
run: dotnet nuget push ./packages/SaturdayMP.XPlugins.iOS.BEMCheckBox.${{ needs.build.outputs.version }}.nupkg --api-key ${{ steps.nuget-login.outputs.NUGET_API_KEY}} --skip-duplicate --no-symbols -s https://api.nuget.org/v3/index.json
Loading
Loading