serilog-mssql · ckadluba · Sep 13, 2024 · Sep 13, 2024
diff --git a/.github/workflows/pr-analysis-codeql.yml b/.github/workflows/pr-analysis-codeql.yml
@@ -11,15 +11,15 @@ on:
 
 jobs:
   build-and-codeql:
-    runs-on: windows-latest
+    runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read
       security-events: write
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3
@@ -28,6 +28,7 @@ jobs:
 
       - name: Run build
         run: ./Build.ps1 -SkipTests
+        shell: pwsh
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3

diff --git a/.github/workflows/pr-analysis-devskim.yml b/.github/workflows/pr-analysis-devskim.yml
@@ -19,12 +19,12 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run DevSkim scanner
         uses: microsoft/DevSkim-Action@v1
 
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: devskim-results.sarif
diff --git a/.github/workflows/pr-analysis-infersharp.yml b/.github/workflows/pr-analysis-infersharp.yml
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
@@ -13,21 +13,46 @@ on:
 
 jobs:
   build-and-test:
-    runs-on: windows-latest
+    runs-on: windows-latest # SQL Server LocalDB used in tests requires Windows
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Run build and tests
         run: ./Build.ps1
+        shell: pwsh
 
-      - name: Upload binaries artifact for InferSharp workflow
-        uses: actions/upload-artifact@v3
+      - name: Upload binaries artifact for InferSharp job
+        uses: actions/upload-artifact@v4
         with:
           name: bin-net6
           path: src\Serilog.Sinks.MSSqlServer\bin\Release\net6.0
 
       - name: Upload testresults artifact with code coverage file
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: testresults
           path: test\Serilog.Sinks.MSSqlServer.Tests\TestResults
+
+  infersharp:
+    runs-on: ubuntu-latest # Container action used by Infer# requires Linux
+    needs: build-and-test
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Download binaries artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: bin-net6
+          path: bin-net6
+
+      - name: Run Infer#
+        uses: microsoft/[email protected]
+        with:
+          binary-path: bin-net6
+
+      - name: Upload SARIF output to GitHub Security Center
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: infer-out/report.sarif
diff --git a/serilog-sinks-mssqlserver.sln b/serilog-sinks-mssqlserver.sln
@@ -30,7 +30,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		.github\ISSUE_TEMPLATE.md = .github\ISSUE_TEMPLATE.md
 		.github\workflows\pr-analysis-codeql.yml = .github\workflows\pr-analysis-codeql.yml
 		.github\workflows\pr-analysis-devskim.yml = .github\workflows\pr-analysis-devskim.yml
-		.github\workflows\pr-analysis-infersharp.yml = .github\workflows\pr-analysis-infersharp.yml
 		.github\workflows\pr-validation.yml = .github\workflows\pr-validation.yml
 		README.md = README.md
 		.github\workflows\release.yml = .github\workflows\release.yml