From 21d1d5cba3f3c7b32f8c38ed37af349b695843a1 Mon Sep 17 00:00:00 2001 From: Octokit Date: Sat, 3 Sep 2022 00:08:45 +0300 Subject: [PATCH 01/15] Reorder target frameworks --- SecurityCodeScan.Tool/.NET Core/security-scan.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SecurityCodeScan.Tool/.NET Core/security-scan.csproj b/SecurityCodeScan.Tool/.NET Core/security-scan.csproj index 1b785cd6..3c065b7c 100644 --- a/SecurityCodeScan.Tool/.NET Core/security-scan.csproj +++ b/SecurityCodeScan.Tool/.NET Core/security-scan.csproj @@ -3,7 +3,7 @@ enable Exe - netcoreapp3.1;net5.0;net6.0 + net6.0;net5.0;netcoreapp3.1 false true security-scan From ffa63c881996dfa2b085722aad04a1b305e0382e Mon Sep 17 00:00:00 2001 From: Matteo Tosi Date: Mon, 5 Sep 2022 08:37:58 +0200 Subject: [PATCH 02/15] fix-issue-261 --- SecurityCodeScan.Tool/Program.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SecurityCodeScan.Tool/Program.cs b/SecurityCodeScan.Tool/Program.cs index 7a2ebc5e..a0cf2805 100644 --- a/SecurityCodeScan.Tool/Program.cs +++ b/SecurityCodeScan.Tool/Program.cs @@ -340,6 +340,8 @@ private static async Task Main(string[] args) Console.WriteLine($"Skipped: {project.FilePath} excluded from analysis"); continue; } + + projects.Add(project); } } else From 97f04f31f401ca307ec04592008bc695391829bd Mon Sep 17 00:00:00 2001 From: Octokit Date: Mon, 5 Sep 2022 10:33:45 +0300 Subject: [PATCH 03/15] Add sdkpath parameter --- SecurityCodeScan.Tool/Program.cs | 54 ++++++++++++++++++++++++++++---- 1 file changed, 48 insertions(+), 6 deletions(-) diff --git a/SecurityCodeScan.Tool/Program.cs b/SecurityCodeScan.Tool/Program.cs index a0cf2805..5a2a2dfe 100644 --- a/SecurityCodeScan.Tool/Program.cs +++ b/SecurityCodeScan.Tool/Program.cs @@ -159,6 +159,7 @@ internal class ParsedOptions public HashSet includeWarnings = new HashSet(); public List excludeProjects = new List(); public List includeProjects = new List(); + public string sdkPath = null; public OptionSet inputOptions = null; @@ -185,6 +186,7 @@ public void Parse(string[] args) { "n|no-banner", "(Optional) don't show the banner", r => { showBanner = r == null; } }, { "v|verbose", "(Optional) more diagnostic messages", r => { verbose = r != null; } }, { "ignore-msbuild-errors", "(Optional) Don't stop on MSBuild errors", r => { ignoreMsBuildErrors = r != null; } }, + { "sdk-path=", "(Optional) Path to .NET SDK to use.", r => { sdkPath = r; } }, { "f|fail-any-warn","(Optional) fail on any warnings with non-zero exit code", r => { failOnWarning = r != null; } }, { "h|?|help", "show this message and exit", h => shouldShowHelp = h != null }, }; @@ -266,13 +268,53 @@ private static async Task Main(string[] args) var returnCode = 0; // Attempt to set the version of MSBuild. - var visualStudioInstances = MSBuildLocator.QueryVisualStudioInstances().ToArray(); - var instance = visualStudioInstances.OrderByDescending(x => x.Version).FirstOrDefault(); - if (instance != null) + if (parsedOptions.sdkPath != null) { - if (parsedOptions.verbose) - Console.WriteLine($"Using MSBuild at '{instance.MSBuildPath}' to load projects."); - MSBuildLocator.RegisterInstance(instance); + void ApplyDotNetSdkEnvironmentVariables(string dotNetSdkPath) + { + const string MSBUILD_EXE_PATH = nameof(MSBUILD_EXE_PATH); + const string MSBuildExtensionsPath = nameof(MSBuildExtensionsPath); + const string MSBuildSDKsPath = nameof(MSBuildSDKsPath); + + var variables = new Dictionary + { + [MSBUILD_EXE_PATH] = Path.Combine(dotNetSdkPath, "MSBuild.dll"), + [MSBuildExtensionsPath] = dotNetSdkPath, + [MSBuildSDKsPath] = Path.Combine(dotNetSdkPath, "Sdks") + }; + + foreach (var kvp in variables) + { + Environment.SetEnvironmentVariable(kvp.Key, kvp.Value); + } + } + ApplyDotNetSdkEnvironmentVariables(parsedOptions.sdkPath); + // Find and load NuGet assemblies if msbuildPath is in a VS installation + string nugetPath = Path.GetFullPath(Path.Combine(parsedOptions.sdkPath, "..", "..", "..", "Common7", "IDE", "CommonExtensions", "Microsoft", "NuGet")); + if (Directory.Exists(nugetPath)) + { + MSBuildLocator.RegisterMSBuildPath(new string[] { parsedOptions.sdkPath, nugetPath }); + } + else + { + MSBuildLocator.RegisterMSBuildPath(parsedOptions.sdkPath); + } + } + else + { + var visualStudioInstances = MSBuildLocator.QueryVisualStudioInstances().ToArray(); + var instance = visualStudioInstances.OrderByDescending(x => x.Version).FirstOrDefault(); + if (instance != null) + { + if (parsedOptions.verbose) + Console.WriteLine($"Using MSBuild at '{instance.MSBuildPath}' to load projects."); + MSBuildLocator.RegisterInstance(instance); + } + else + { + Console.WriteLine($"Failed to find MSBuild path. Try specifying `sdk-path=` as a command line parameter."); + return 1; + } } var properties = new Dictionary() { { "AdditionalFileItemNames", "$(AdditionalFileItemNames);Content" } }; From 5fb3f2f49a8e19d0f9dbf81209c048028996d8fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= Date: Mon, 5 Sep 2022 10:03:23 +0200 Subject: [PATCH 04/15] Reorganize workflows --- .github/actions/publish/action.yml | 55 ----------------------- .github/workflows/build.yml | 37 ++++++++++------ .github/workflows/ci.yml | 24 +++++----- .github/workflows/pr.yml | 1 + .github/workflows/publish.yml | 70 ++++++++++++++++++++++++++++++ .github/workflows/release.yml | 39 ++++++++++++++--- 6 files changed, 139 insertions(+), 87 deletions(-) delete mode 100644 .github/actions/publish/action.yml create mode 100644 .github/workflows/publish.yml diff --git a/.github/actions/publish/action.yml b/.github/actions/publish/action.yml deleted file mode 100644 index 4773f3f3..00000000 --- a/.github/actions/publish/action.yml +++ /dev/null @@ -1,55 +0,0 @@ -inputs: - version: - required: true - type: string - description: 'Three digits version like 5.6.0' - MARKETPLACE_TOKEN: - required: true - type: string - NUGET_TOKEN: - required: true - type: string - -runs: - using: "composite" - steps: - - name: Zip security-scan 4.x - shell: bash - run: 7z a security-scan4x.zip "./SecurityCodeScan.Tool/.NET 4.x/bin/Release/net48/*" - - - name: Create draft release - uses: softprops/action-gh-release@8a65c813553f4d05769635eb1b70180d25b9b61b - with: - draft: true - name: ${{inputs.version}} - tag_name: ${{inputs.version}} - fail_on_unmatched_files: true - files: | - ./SecurityCodeScan/bin/Release/**/*.nupkg - ./SecurityCodeScan.Vsix/bin/Release/*.vsix - ./SecurityCodeScan.Tool/.NET Core/bin/Release/*.nupkg - security-scan4x.zip - - - name: Publish vsix - shell: powershell - env: - marketplace_token: ${{ inputs.MARKETPLACE_TOKEN }} - run: | - Write-Host "Pushing to visual studio market place" - $visualStudioInstallation = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -products * -requires Microsoft.VisualStudio.Component.VSSDK -property installationPath - $vsixPublisher = Join-Path $visualStudioInstallation 'VSSDK\VisualStudioIntegration\Tools\Bin\VsixPublisher.exe' - & $vsixPublisher login -publisherName JaroslavLobacevski -personalAccessToken $env:marketplace_token - $vsix = Get-ChildItem -File .\SecurityCodeScan.Vsix\bin -recurse | Where-Object { $_.Extension -eq ".vsix" } | Select-Object -First 1 -ExpandProperty FullName - $ManifestPath = ".\SecurityCodeScan.Vsix\marketplace.json" - & $vsixPublisher publish -payload $vsix -publishManifest $ManifestPath -personalAccessToken $env:marketplace_token - # currently vsixpublisher.exe throws non critical telemetry exception but does the job done - # force successful exit code - [Environment]::Exit(0) - - - name: Publish nugets - shell: bash - env: - nuget_token: ${{ inputs.NUGET_TOKEN }} - run: | - dotnet nuget push "./SecurityCodeScan/bin/Release/netstandard2.0/SecurityCodeScan.VS2019.${{inputs.version}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json - dotnet nuget push "./SecurityCodeScan.Tool/.NET Core/bin/Release/security-scan.${{inputs.version}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c1c5d01f..19172e79 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,3 +1,4 @@ +name: "Reusable build" on: workflow_call: inputs: @@ -7,15 +8,12 @@ on: configuration: required: true type: string - publish: + makeartifacts: required: false type: boolean default: false - secrets: - MARKETPLACE_TOKEN: - required: false - NUGET_TOKEN: - required: false + +permissions: {} jobs: build: @@ -27,6 +25,7 @@ jobs: DOTNET_CLI_TELEMETRY_OPTOUT: 1 steps: + - name: Checkout uses: actions/checkout@v2 with: @@ -37,6 +36,7 @@ jobs: uses: actions/setup-dotnet@v1 with: dotnet-version: | + 3.1.x 5.0.x 6.0.x include-prerelease: false @@ -56,14 +56,23 @@ jobs: run: msbuild -m $env:Solution_Name /p:Configuration=$env:Configuration env: Configuration: ${{ inputs.configuration }} - + - name: Run Tests run: vstest.console.exe ./SecurityCodeScan.Test/bin/${{ inputs.configuration }}/SecurityCodeScan.Test.dll - - name: Publish - if: ${{ inputs.publish }} - uses: ./.github/actions/publish - with: - version: ${{ inputs.version }} - MARKETPLACE_TOKEN: ${{ secrets.MARKETPLACE_TOKEN }} - NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }} + - name: Zip security-scan 4.x + if: ${{ inputs.makeartifacts }} + shell: bash + run: 7z a security-scan4x.zip "./SecurityCodeScan.Tool/.NET 4.x/bin/Release/net48/*" + + - name: Upload artifacts + if: ${{ inputs.makeartifacts }} + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 + with: + retention-days: 1 + name: packages + path: | + security-scan4x.zip + ./SecurityCodeScan/bin/Release/**/*.nupkg + ./SecurityCodeScan.Vsix/bin/Release/*.vsix + ./SecurityCodeScan.Tool/.NET Core/bin/Release/*.nupkg diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3b9df08c..1fdae8c2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,15 +1,15 @@ # Separate from pr.yml for the badge in readme.md # The name 'Build' is used by the same badge to generate a SVG -name: Build -on: - push: +# name: Build +# on: +# push: -jobs: - debug: - uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019 - with: - configuration: Debug - release: - uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019 - with: - configuration: Release +# jobs: +# debug: +# uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019 +# with: +# configuration: Debug +# release: +# uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019 +# with: +# configuration: Release diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index fa15ff65..2be5f40a 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -1,3 +1,4 @@ +name: "Pull request" on: pull_request: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..a57788d7 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,70 @@ +name: "2. Publish" +on: + release: + types: [published] + +permissions: {} + +jobs: + release-notes: + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Append release body to release notes + run: | + git config --global user.email "octokit@github.com" + git config --global user.name "Octokit" + cd security-code-scan + head --lines=2 website/releasenotes.md > website/new_releasenotes.md + echo "${{github.event.release.body}}" >> website/new_releasenotes.md + tail --lines=+2 website/releasenotes.md >> website/new_releasenotes.md + mv website/new_releasenotes.md website/releasenotes.md + git add . + git commit -a -m "Update release notes" + git push + shell: bash + + publish: + runs-on: ubuntu-latest + steps: + + - name: Download artifacts + uses: dsaltares/fetch-gh-release-asset@master + with: + file: 'security-scan.${{github.event.release.tag_name}}.nupkg' + + - name: Download artifacts + uses: dsaltares/fetch-gh-release-asset@master + with: + file: 'SecurityCodeScan.VS2019.${{github.event.release.tag_name}}.nupkg' + + - name: Download artifacts + uses: dsaltares/fetch-gh-release-asset@master + with: + file: 'SecurityCodeScan.VS2019.Vsix.vsix' + + # - name: Publish vsix + # shell: powershell + # env: + # marketplace_token: ${{ secrets.MARKETPLACE_TOKEN }} + # run: | + # Write-Host "Pushing to visual studio market place" + # $visualStudioInstallation = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -products * -requires Microsoft.VisualStudio.Component.VSSDK -property installationPath + # $vsixPublisher = Join-Path $visualStudioInstallation 'VSSDK\VisualStudioIntegration\Tools\Bin\VsixPublisher.exe' + # & $vsixPublisher login -publisherName JaroslavLobacevski -personalAccessToken $env:marketplace_token + # $vsix = Get-ChildItem -File .\SecurityCodeScan.Vsix\bin -recurse | Where-Object { $_.Extension -eq ".vsix" } | Select-Object -First 1 -ExpandProperty FullName + # $ManifestPath = ".\SecurityCodeScan.Vsix\marketplace.json" + # & $vsixPublisher publish -payload $vsix -publishManifest $ManifestPath -personalAccessToken $env:marketplace_token + # # currently vsixpublisher.exe throws non critical telemetry exception but does the job done + # # force successful exit code + # [Environment]::Exit(0) + + # - name: Publish nugets + # shell: bash + # env: + # nuget_token: ${{ secrets.NUGET_TOKEN }} + # run: | + # dotnet nuget push "./SecurityCodeScan/bin/Release/netstandard2.0/SecurityCodeScan.VS2019.${{inputs.version}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json + # dotnet nuget push "./SecurityCodeScan.Tool/.NET Core/bin/Release/security-scan.${{inputs.version}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 56c25364..ecf1dd6b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,3 +1,4 @@ +name: "1. Make release draft" on: workflow_dispatch: inputs: @@ -6,13 +7,39 @@ on: required: true type: string +permissions: {} + jobs: - release: + build: uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019 with: - version: ${{ github.event.inputs.version }} configuration: Release - publish: true - secrets: - MARKETPLACE_TOKEN: ${{ secrets.MARKETPLACE_TOKEN }} - NUGET_TOKEN: ${{ secrets.NUGET_TOKEN }} + version: ${{inputs.version}} + makeartifacts: true + + release: + permissions: + contents: write + needs: build + runs-on: ubuntu-latest + steps: + + - name: Download artifacts + uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 + with: + name: packages + path: artifacts + + - name: Create draft release + uses: softprops/action-gh-release@8a65c813553f4d05769635eb1b70180d25b9b61b + with: + draft: true + name: ${{inputs.version}} + tag_name: ${{inputs.version}} + fail_on_unmatched_files: true + generate_release_notes: false + files: | + ./artifacts/security-scan4x.zip + ./artifacts/SecurityCodeScan/bin/Release/**/*.nupkg + ./artifacts/SecurityCodeScan.Vsix/bin/Release/*.vsix + ./artifacts/SecurityCodeScan.Tool/.NET Core/bin/Release/*.nupkg From f0a04f4a5b322133fe7feb02238c6570cf5384fe Mon Sep 17 00:00:00 2001 From: Octokit Date: Mon, 5 Sep 2022 17:08:11 +0300 Subject: [PATCH 05/15] Less clicks to release --- .github/workflows/ci.yml | 24 ++++++++-------- .github/workflows/publish.yml | 53 ++++++++++++++++++----------------- 2 files changed, 40 insertions(+), 37 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1fdae8c2..3b9df08c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,15 +1,15 @@ # Separate from pr.yml for the badge in readme.md # The name 'Build' is used by the same badge to generate a SVG -# name: Build -# on: -# push: +name: Build +on: + push: -# jobs: -# debug: -# uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019 -# with: -# configuration: Debug -# release: -# uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019 -# with: -# configuration: Release +jobs: + debug: + uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019 + with: + configuration: Debug + release: + uses: security-code-scan/security-code-scan/.github/workflows/build.yml@vs2019 + with: + configuration: Release diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a57788d7..22097abd 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -13,20 +13,23 @@ jobs: steps: - uses: actions/checkout@v2 - name: Append release body to release notes + env: + release_notes: ${{github.event.release.body}} run: | git config --global user.email "octokit@github.com" git config --global user.name "Octokit" - cd security-code-scan head --lines=2 website/releasenotes.md > website/new_releasenotes.md - echo "${{github.event.release.body}}" >> website/new_releasenotes.md + echo "$release_notes" >> website/new_releasenotes.md tail --lines=+2 website/releasenotes.md >> website/new_releasenotes.md mv website/new_releasenotes.md website/releasenotes.md + sed -i 's/[0-9]\.[0-9]\.[0-9]\.[0-9]<\/AssemblyVersionNumber>/${{github.event.release.tag_name}}.9<\/AssemblyVersionNumber>/g' Directory.Build.props git add . - git commit -a -m "Update release notes" + git commit -a -m "Update release notes & bump dev version" git push shell: bash publish: + needs: [release-notes] runs-on: ubuntu-latest steps: @@ -45,26 +48,26 @@ jobs: with: file: 'SecurityCodeScan.VS2019.Vsix.vsix' - # - name: Publish vsix - # shell: powershell - # env: - # marketplace_token: ${{ secrets.MARKETPLACE_TOKEN }} - # run: | - # Write-Host "Pushing to visual studio market place" - # $visualStudioInstallation = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -products * -requires Microsoft.VisualStudio.Component.VSSDK -property installationPath - # $vsixPublisher = Join-Path $visualStudioInstallation 'VSSDK\VisualStudioIntegration\Tools\Bin\VsixPublisher.exe' - # & $vsixPublisher login -publisherName JaroslavLobacevski -personalAccessToken $env:marketplace_token - # $vsix = Get-ChildItem -File .\SecurityCodeScan.Vsix\bin -recurse | Where-Object { $_.Extension -eq ".vsix" } | Select-Object -First 1 -ExpandProperty FullName - # $ManifestPath = ".\SecurityCodeScan.Vsix\marketplace.json" - # & $vsixPublisher publish -payload $vsix -publishManifest $ManifestPath -personalAccessToken $env:marketplace_token - # # currently vsixpublisher.exe throws non critical telemetry exception but does the job done - # # force successful exit code - # [Environment]::Exit(0) + - name: Publish vsix + shell: powershell + env: + marketplace_token: ${{ secrets.MARKETPLACE_TOKEN }} + run: | + Write-Host "Pushing to visual studio market place" + $visualStudioInstallation = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -products * -requires Microsoft.VisualStudio.Component.VSSDK -property installationPath + $vsixPublisher = Join-Path $visualStudioInstallation 'VSSDK\VisualStudioIntegration\Tools\Bin\VsixPublisher.exe' + & $vsixPublisher login -publisherName JaroslavLobacevski -personalAccessToken $env:marketplace_token + $vsix = Get-ChildItem -File SecurityCodeScan.VS2019.Vsix.vsix -recurse | Select-Object -First 1 -ExpandProperty FullName + $ManifestPath = ".\SecurityCodeScan.Vsix\marketplace.json" + & $vsixPublisher publish -payload $vsix -publishManifest $ManifestPath -personalAccessToken $env:marketplace_token + # currently vsixpublisher.exe throws non critical telemetry exception but does the job done + # force successful exit code + [Environment]::Exit(0) - # - name: Publish nugets - # shell: bash - # env: - # nuget_token: ${{ secrets.NUGET_TOKEN }} - # run: | - # dotnet nuget push "./SecurityCodeScan/bin/Release/netstandard2.0/SecurityCodeScan.VS2019.${{inputs.version}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json - # dotnet nuget push "./SecurityCodeScan.Tool/.NET Core/bin/Release/security-scan.${{inputs.version}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json + - name: Publish nugets + shell: bash + env: + nuget_token: ${{ secrets.NUGET_TOKEN }} + run: | + dotnet nuget push "SecurityCodeScan.VS2019.${{github.event.release.tag_name}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json + dotnet nuget push "security-scan.${{github.event.release.tag_name}}.nupkg" -k $nuget_token -s https://api.nuget.org/v3/index.json From 2359d688dc927b4657efdf9cd330f85b68aa9565 Mon Sep 17 00:00:00 2001 From: Octokit Date: Mon, 5 Sep 2022 18:05:31 +0300 Subject: [PATCH 06/15] fix not "You are not currently on a branch" --- .github/workflows/publish.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 22097abd..1488e12d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -11,7 +11,10 @@ jobs: contents: write runs-on: ubuntu-latest steps: + - uses: actions/checkout@v2 + ref: vs2019 + - name: Append release body to release notes env: release_notes: ${{github.event.release.body}} From f5b48cd6622008592e80dd8c9f3e11045c7cece6 Mon Sep 17 00:00:00 2001 From: Octokit Date: Mon, 5 Sep 2022 18:29:56 +0300 Subject: [PATCH 07/15] fix syntax --- .github/workflows/publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1488e12d..2ed2143b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -13,7 +13,8 @@ jobs: steps: - uses: actions/checkout@v2 - ref: vs2019 + with: + ref: vs2019 - name: Append release body to release notes env: From b29e9d654a278b220e62c588e0f377d924006d4b Mon Sep 17 00:00:00 2001 From: Octokit Date: Mon, 5 Sep 2022 15:30:52 +0000 Subject: [PATCH 08/15] Update release notes & bump dev version --- Directory.Build.props | 2 +- website/releasenotes.md | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Directory.Build.props b/Directory.Build.props index fe8917fc..be344e8a 100644 --- a/Directory.Build.props +++ b/Directory.Build.props @@ -10,7 +10,7 @@ - 5.6.7.0 + 5.6.7.9 diff --git a/website/releasenotes.md b/website/releasenotes.md index 95f8943a..3274f4e5 100644 --- a/website/releasenotes.md +++ b/website/releasenotes.md @@ -1,5 +1,11 @@ # Release Notes +## 5.6.7 +* sln were not analyzed by standalone tool fix by @matteo-tosi in https://github.com/security-code-scan/security-code-scan/pull/262 +* added --sdk-path parameter + +**Full Changelog**: https://github.com/security-code-scan/security-code-scan/compare/5.6.6...5.6.7 + ## 5.6.6 * Fixed [#258](https://github.com/security-code-scan/security-code-scan/issues/258) "Standalone scanner throws exception: 'ProjectName' is already part of the workspace" From 711816b1cc472f66e0b28c68a1aeab0fceddd05b Mon Sep 17 00:00:00 2001 From: Octokit Date: Mon, 5 Sep 2022 18:33:35 +0300 Subject: [PATCH 09/15] pwsh --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2ed2143b..41e3f9cf 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -53,7 +53,7 @@ jobs: file: 'SecurityCodeScan.VS2019.Vsix.vsix' - name: Publish vsix - shell: powershell + shell: pwsh env: marketplace_token: ${{ secrets.MARKETPLACE_TOKEN }} run: | From 154b98e7fdbe94c23a27894b72528746ddf64e28 Mon Sep 17 00:00:00 2001 From: Octokit Date: Mon, 5 Sep 2022 15:42:13 +0000 Subject: [PATCH 10/15] Update release notes & bump dev version --- website/releasenotes.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/website/releasenotes.md b/website/releasenotes.md index 3274f4e5..2ea17280 100644 --- a/website/releasenotes.md +++ b/website/releasenotes.md @@ -6,6 +6,12 @@ **Full Changelog**: https://github.com/security-code-scan/security-code-scan/compare/5.6.6...5.6.7 +## 5.6.7 +* sln were not analyzed by standalone tool fix by @matteo-tosi in https://github.com/security-code-scan/security-code-scan/pull/262 +* added --sdk-path parameter + +**Full Changelog**: https://github.com/security-code-scan/security-code-scan/compare/5.6.6...5.6.7 + ## 5.6.6 * Fixed [#258](https://github.com/security-code-scan/security-code-scan/issues/258) "Standalone scanner throws exception: 'ProjectName' is already part of the workspace" From b62f280a73e139c5ad556144b5bdca270c1d88b0 Mon Sep 17 00:00:00 2001 From: Octokit Date: Mon, 5 Sep 2022 18:46:32 +0300 Subject: [PATCH 11/15] pin sha and test windows runner --- .github/workflows/publish.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 41e3f9cf..4e92a19d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -34,26 +34,26 @@ jobs: publish: needs: [release-notes] - runs-on: ubuntu-latest + runs-on: windows-2022 steps: - name: Download artifacts - uses: dsaltares/fetch-gh-release-asset@master + uses: dsaltares/fetch-gh-release-asset@c3deec3cfc2231c6f842eef6d624b55223743c43 with: file: 'security-scan.${{github.event.release.tag_name}}.nupkg' - name: Download artifacts - uses: dsaltares/fetch-gh-release-asset@master + uses: dsaltares/fetch-gh-release-asset@c3deec3cfc2231c6f842eef6d624b55223743c43 with: file: 'SecurityCodeScan.VS2019.${{github.event.release.tag_name}}.nupkg' - name: Download artifacts - uses: dsaltares/fetch-gh-release-asset@master + uses: dsaltares/fetch-gh-release-asset@c3deec3cfc2231c6f842eef6d624b55223743c43 with: file: 'SecurityCodeScan.VS2019.Vsix.vsix' - name: Publish vsix - shell: pwsh + shell: powershell env: marketplace_token: ${{ secrets.MARKETPLACE_TOKEN }} run: | From 7eb490933adbada1ae3f6fdeb3ef87c7c2d0fafe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= Date: Mon, 5 Sep 2022 17:49:06 +0200 Subject: [PATCH 12/15] Update releasenotes.md --- website/releasenotes.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/website/releasenotes.md b/website/releasenotes.md index 2ea17280..95f8943a 100644 --- a/website/releasenotes.md +++ b/website/releasenotes.md @@ -1,17 +1,5 @@ # Release Notes -## 5.6.7 -* sln were not analyzed by standalone tool fix by @matteo-tosi in https://github.com/security-code-scan/security-code-scan/pull/262 -* added --sdk-path parameter - -**Full Changelog**: https://github.com/security-code-scan/security-code-scan/compare/5.6.6...5.6.7 - -## 5.6.7 -* sln were not analyzed by standalone tool fix by @matteo-tosi in https://github.com/security-code-scan/security-code-scan/pull/262 -* added --sdk-path parameter - -**Full Changelog**: https://github.com/security-code-scan/security-code-scan/compare/5.6.6...5.6.7 - ## 5.6.6 * Fixed [#258](https://github.com/security-code-scan/security-code-scan/issues/258) "Standalone scanner throws exception: 'ProjectName' is already part of the workspace" From c9a240bcaeec9a8cfff4e5d3c08d2c79f2714715 Mon Sep 17 00:00:00 2001 From: Octokit Date: Mon, 5 Sep 2022 15:49:41 +0000 Subject: [PATCH 13/15] Update release notes & bump dev version --- website/releasenotes.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/website/releasenotes.md b/website/releasenotes.md index 95f8943a..3274f4e5 100644 --- a/website/releasenotes.md +++ b/website/releasenotes.md @@ -1,5 +1,11 @@ # Release Notes +## 5.6.7 +* sln were not analyzed by standalone tool fix by @matteo-tosi in https://github.com/security-code-scan/security-code-scan/pull/262 +* added --sdk-path parameter + +**Full Changelog**: https://github.com/security-code-scan/security-code-scan/compare/5.6.6...5.6.7 + ## 5.6.6 * Fixed [#258](https://github.com/security-code-scan/security-code-scan/issues/258) "Standalone scanner throws exception: 'ProjectName' is already part of the workspace" From 436dfb2ab9be474878e009e851848965fb17f2d4 Mon Sep 17 00:00:00 2001 From: Octokit Date: Mon, 5 Sep 2022 18:55:19 +0300 Subject: [PATCH 14/15] checkout manifest for publishing --- .github/workflows/build.yml | 1 - .github/workflows/publish.yml | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 19172e79..dd741616 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,7 +29,6 @@ jobs: - name: Checkout uses: actions/checkout@v2 with: - fetch-depth: 0 persist-credentials: false - name: Setup .NET SDK diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4e92a19d..9047c176 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,6 +15,7 @@ jobs: - uses: actions/checkout@v2 with: ref: vs2019 + persist-credentials: true - name: Append release body to release notes env: @@ -37,6 +38,10 @@ jobs: runs-on: windows-2022 steps: + - uses: actions/checkout@v2 + with: + persist-credentials: false + - name: Download artifacts uses: dsaltares/fetch-gh-release-asset@c3deec3cfc2231c6f842eef6d624b55223743c43 with: From 2832d101b32ad0c1ba050ba9286b33de5e222164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= Date: Mon, 5 Sep 2022 17:56:10 +0200 Subject: [PATCH 15/15] Update releasenotes.md --- website/releasenotes.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/website/releasenotes.md b/website/releasenotes.md index 3274f4e5..95f8943a 100644 --- a/website/releasenotes.md +++ b/website/releasenotes.md @@ -1,11 +1,5 @@ # Release Notes -## 5.6.7 -* sln were not analyzed by standalone tool fix by @matteo-tosi in https://github.com/security-code-scan/security-code-scan/pull/262 -* added --sdk-path parameter - -**Full Changelog**: https://github.com/security-code-scan/security-code-scan/compare/5.6.6...5.6.7 - ## 5.6.6 * Fixed [#258](https://github.com/security-code-scan/security-code-scan/issues/258) "Standalone scanner throws exception: 'ProjectName' is already part of the workspace"