From e7ee0d07b56849670b8fb5c62bffc387a63fac08 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:29:57 -0600 Subject: [PATCH 01/36] ci: Updates to Workflows --- .github/actions/build/action.yml | 26 ++++++++++++++++ .github/workflows/build.yml | 28 ++++++++--------- .github/workflows/semgrep.yml | 5 ++- .github/workflows/snyk.yml | 52 ++++++++++++++++++++++++++++++++ 4 files changed, 92 insertions(+), 19 deletions(-) create mode 100644 .github/actions/build/action.yml create mode 100644 .github/workflows/snyk.yml diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml new file mode 100644 index 0000000..28e9767 --- /dev/null +++ b/.github/actions/build/action.yml @@ -0,0 +1,26 @@ +name: Build package +description: Build the SDK package + +inputs: + dotnet-version: + description: The .NET version to use + required: false + default: '7.0.402' +solution-path: + description: The path to the .sln solution file. + required: yes + +runs: + using: composite + + steps: + - name: Install .NET Core + uses: actions/setup-dotnet@v3 + with: + dotnet-version: ${{ inputs.dotnet-version }} + + - name: Install .NET Workloads + run: dotnet workload install maui + + - name: Build + run: dotnet build $env:${{ inputs.solution-path }} --configuration Release diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9f13490..de04a98 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,31 +1,27 @@ name: Build on: + merge_group: + workflow_dispatch: push: - branches: [ main ] + branches: [main] pull_request: - branches: [ main ] + branches: [main] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} - workflow_dispatch: - jobs: build: runs-on: windows-2022 env: Solution_Path: Sample\Auth0MauiApp.sln - + steps: - uses: actions/checkout@v4 - - - name: Install .NET Core - uses: actions/setup-dotnet@v3 - with: - dotnet-version: '7.0.402' - - - name: Install .NET Workloads - run: dotnet workload install maui - - name: Build - run: dotnet build $env:Solution_Path --configuration Release - + - uses: ./.github/actions/build + with: + solution-path: Sample\Auth0MauiApp.sln diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 62fe620..b03c649 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -2,7 +2,6 @@ name: Semgrep on: merge_group: - workflow_dispatch: pull_request_target: types: - opened @@ -29,7 +28,7 @@ jobs: - run: true check: - needs: authorize + needs: authorize # Require approval before running on forked pull requests name: Check for Vulnerabilities runs-on: ubuntu-latest @@ -43,7 +42,7 @@ jobs: - uses: actions/checkout@v4 with: - ref: ${{ github.event.pull_request.head.sha || github.ref }} + ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }} - run: semgrep ci env: diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml new file mode 100644 index 0000000..f675b95 --- /dev/null +++ b/.github/workflows/snyk.yml @@ -0,0 +1,52 @@ +name: Snyk + +on: + merge_group: + pull_request_target: + types: + - opened + - synchronize + push: + branches: + - main + schedule: + - cron: "30 0 1,15 * *" + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + authorize: + name: Authorize + environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }} + runs-on: ubuntu-latest + steps: + - run: true + + check: + needs: authorize + + name: Check for Vulnerabilities + runs-on: ubuntu-latest + + steps: + - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group' + run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. + + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }} + + - uses: ./.github/actions/build + with: + solution-path: Sample\Auth0MauiApp.sln + + - run: npm install -g snyk + + - run: snyk test + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 4b028e3ebe058d628c95371f15d801a43d787fc6 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:33:45 -0600 Subject: [PATCH 02/36] Update snyk.yml --- .github/workflows/snyk.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index f675b95..4b97ed0 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -31,7 +31,7 @@ jobs: needs: authorize name: Check for Vulnerabilities - runs-on: ubuntu-latest + runs-on: windows-2022 steps: - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group' @@ -45,8 +45,9 @@ jobs: with: solution-path: Sample\Auth0MauiApp.sln - - run: npm install -g snyk + - run: npm install -g snyk # windows-2022 includes Node 18.18.2 at time of writing, so we can use the pre-installed version - run: snyk test + working-directory: Sample\Auth0MauiApp.sln env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From cdd58a0ddcef268c699de19ef984e6c4b434d42e Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:36:06 -0600 Subject: [PATCH 03/36] Update snyk.yml --- .github/workflows/snyk.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 4b97ed0..c2a2000 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -45,7 +45,14 @@ jobs: with: solution-path: Sample\Auth0MauiApp.sln - - run: npm install -g snyk # windows-2022 includes Node 18.18.2 at time of writing, so we can use the pre-installed version + # Install Scoop + - run: pwsh -c "Invoke-Expression (New-Object System.Net.WebClient).DownloadString('https://get.scoop.sh')" + + # Install Snyk's scoop bucket + - run: scoop bucket add snyk https://github.com/snyk/scoop-snyk + + # Install Snyk's Windows CLI + - run: scoop install snyk - run: snyk test working-directory: Sample\Auth0MauiApp.sln From f82b4e0af2828f075bb07ad318fade2acabdcbba Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:36:37 -0600 Subject: [PATCH 04/36] Update semgrep.yml --- .github/workflows/semgrep.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index b03c649..0d10da8 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -2,7 +2,8 @@ name: Semgrep on: merge_group: - pull_request_target: + #pull_request_target: # TODO Change this back + pull_request: types: - opened - synchronize From 6a7efa7c23757fb09fd0ab1d5e3dceaa323d89e0 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:36:41 -0600 Subject: [PATCH 05/36] Update snyk.yml --- .github/workflows/snyk.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index c2a2000..d192d7f 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -2,7 +2,8 @@ name: Snyk on: merge_group: - pull_request_target: + #pull_request_target: # TODO Change this back + pull_request: types: - opened - synchronize From cbda656e4ed5efe1413be59d91a7917f6175dd64 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:39:29 -0600 Subject: [PATCH 06/36] Update build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index de04a98..1fe0007 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Build +name: Build and Test on: merge_group: From 266e99065da01f0fc31b026fc0cf93e8bf159ec1 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:39:46 -0600 Subject: [PATCH 07/36] Update semgrep.yml --- .github/workflows/semgrep.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 0d10da8..22b50f3 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -2,7 +2,7 @@ name: Semgrep on: merge_group: - #pull_request_target: # TODO Change this back + #pull_request_target: # TODO Change this back pull_request: types: - opened From d5093e84c01f36d4d22c2807d4a20fc7d3fc15ef Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:41:03 -0600 Subject: [PATCH 08/36] Update action.yml --- .github/actions/build/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 28e9767..0ac171b 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -20,7 +20,9 @@ runs: dotnet-version: ${{ inputs.dotnet-version }} - name: Install .NET Workloads + shell: pwsh run: dotnet workload install maui - name: Build + shell: pwsh run: dotnet build $env:${{ inputs.solution-path }} --configuration Release From e4b5fcb1faed61e1eda201f9230dd67169590da9 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:41:06 -0600 Subject: [PATCH 09/36] Update build.yml --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1fe0007..6ccd72f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,6 +14,7 @@ concurrency: jobs: build: + name: Build Package runs-on: windows-2022 env: From 06676d1e4603da85dcaf4db854267a32effecd40 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:43:03 -0600 Subject: [PATCH 10/36] Update action.yml --- .github/actions/build/action.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 0ac171b..66f303b 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -21,8 +21,10 @@ runs: - name: Install .NET Workloads shell: pwsh - run: dotnet workload install maui + run: | + dotnet workload install maui - name: Build shell: pwsh - run: dotnet build $env:${{ inputs.solution-path }} --configuration Release + run: | + dotnet build ${{ inputs.solution-path }} --configuration Release From 4b8323a1371d2c2d7b45108cff03b87c63694ca5 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:49:14 -0600 Subject: [PATCH 11/36] Update snyk.yml --- .github/workflows/snyk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index d192d7f..6b7a2bf 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -29,7 +29,7 @@ jobs: - run: true check: - needs: authorize + needs: authorize # Require approval before running on forked pull requests name: Check for Vulnerabilities runs-on: windows-2022 From 20b1be690c2d148603698fb4e458c566bbfb6d94 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 15:51:22 -0600 Subject: [PATCH 12/36] Update snyk.yml --- .github/workflows/snyk.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 6b7a2bf..1885cb0 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -39,8 +39,8 @@ jobs: run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }} + # with: + # ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }} # TODO Change this back - uses: ./.github/actions/build with: @@ -56,6 +56,6 @@ jobs: - run: scoop install snyk - run: snyk test - working-directory: Sample\Auth0MauiApp.sln + working-directory: .\Sample\Auth0MauiApp.sln env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From c5810b31fda51a7defe85ec9818dbb0e25ed2573 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 16:06:41 -0600 Subject: [PATCH 13/36] Delete build.yml --- .github/workflows/build.yml | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 6ccd72f..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Build and Test - -on: - merge_group: - workflow_dispatch: - push: - branches: [main] - pull_request: - branches: [main] - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} - -jobs: - build: - name: Build Package - runs-on: windows-2022 - - env: - Solution_Path: Sample\Auth0MauiApp.sln - - steps: - - uses: actions/checkout@v4 - - - uses: ./.github/actions/build - with: - solution-path: Sample\Auth0MauiApp.sln From 7833965c6eb3a6a5504722e5c9a483c3e4926d66 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 16:06:43 -0600 Subject: [PATCH 14/36] Update snyk.yml --- .github/workflows/snyk.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 1885cb0..ab8b884 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -46,15 +46,16 @@ jobs: with: solution-path: Sample\Auth0MauiApp.sln - # Install Scoop - - run: pwsh -c "Invoke-Expression (New-Object System.Net.WebClient).DownloadString('https://get.scoop.sh')" + - uses: snyk/actions/setup@master - # Install Snyk's scoop bucket - - run: scoop bucket add snyk https://github.com/snyk/scoop-snyk - - # Install Snyk's Windows CLI - - run: scoop install snyk + # Check that project is registered with Snyk when triggered from main branch + - if: github.ref == 'refs/heads/main' + continue-on-error: true + run: snyk monitor + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # Report vulnerabilities - run: snyk test working-directory: .\Sample\Auth0MauiApp.sln env: From 0a9e9dc3fe459d43e4be781cfc179576648d65c2 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 16:08:22 -0600 Subject: [PATCH 15/36] Update action.yml --- .github/actions/build/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 66f303b..0893698 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -6,9 +6,9 @@ inputs: description: The .NET version to use required: false default: '7.0.402' -solution-path: - description: The path to the .sln solution file. - required: yes + solution-path: + description: The path to the .sln solution file. + required: yes runs: using: composite From 5e7f943c63be0a64d724a8a2096a0e71450eff56 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 16:40:46 -0600 Subject: [PATCH 16/36] Update snyk.yml --- .github/workflows/snyk.yml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index ab8b884..4d5e6e8 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -42,21 +42,29 @@ jobs: # with: # ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }} # TODO Change this back - - uses: ./.github/actions/build - with: - solution-path: Sample\Auth0MauiApp.sln + # - uses: ./.github/actions/build + # with: + # solution-path: Sample\Auth0MauiApp.sln - - uses: snyk/actions/setup@master + - shell: pwsh + run: | + iwr get.scoop.sh -outfile 'install.ps1' + .\install.ps1 -RunAsAdmin + scoop --version + scoop bucket add snyk https://github.com/snyk/scoop-snyk + scoop install snyk # Check that project is registered with Snyk when triggered from main branch - if: github.ref == 'refs/heads/main' continue-on-error: true + shell: pwsh run: snyk monitor env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Report vulnerabilities - - run: snyk test + - shell: pwsh + run: snyk test working-directory: .\Sample\Auth0MauiApp.sln env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 43f227960f4c5295e0ce85621118b9cd80de07af Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 16:42:40 -0600 Subject: [PATCH 17/36] Update snyk.yml --- .github/workflows/snyk.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 4d5e6e8..f074c7f 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -46,6 +46,7 @@ jobs: # with: # solution-path: Sample\Auth0MauiApp.sln + # Install Scoop, Snyk's Scoop bucket, and the Snyk CLI. - shell: pwsh run: | iwr get.scoop.sh -outfile 'install.ps1' @@ -65,6 +66,6 @@ jobs: # Report vulnerabilities - shell: pwsh run: snyk test - working-directory: .\Sample\Auth0MauiApp.sln + working-directory: ./Sample/Auth0MauiApp.sln env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 27af17d8a1676cdb39ed777f979e1f63fc31d80a Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 16:44:58 -0600 Subject: [PATCH 18/36] Update snyk.yml --- .github/workflows/snyk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index f074c7f..b0095f8 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -66,6 +66,6 @@ jobs: # Report vulnerabilities - shell: pwsh run: snyk test - working-directory: ./Sample/Auth0MauiApp.sln + working-directory: Sample\Auth0MauiApp.sln env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From c5c7541e8748d1cbdd71093696f6b2cd84bfe655 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:08:59 -0600 Subject: [PATCH 19/36] Update snyk.yml --- .github/workflows/snyk.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index b0095f8..9fa58f3 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -58,14 +58,12 @@ jobs: # Check that project is registered with Snyk when triggered from main branch - if: github.ref == 'refs/heads/main' continue-on-error: true - shell: pwsh run: snyk monitor env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Report vulnerabilities - - shell: pwsh - run: snyk test + - run: snyk test working-directory: Sample\Auth0MauiApp.sln env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 67dd88514ecc63bc81768da2f038030c11872544 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:11:33 -0600 Subject: [PATCH 20/36] Update snyk.yml --- .github/workflows/snyk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 9fa58f3..10bf119 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -64,6 +64,6 @@ jobs: # Report vulnerabilities - run: snyk test - working-directory: Sample\Auth0MauiApp.sln + working-directory: Sample env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 35dc279da6496b5144d80fcf006a43cc82240d5a Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:22:26 -0600 Subject: [PATCH 21/36] Delete action.yml --- .github/actions/build/action.yml | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 .github/actions/build/action.yml diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml deleted file mode 100644 index 0893698..0000000 --- a/.github/actions/build/action.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Build package -description: Build the SDK package - -inputs: - dotnet-version: - description: The .NET version to use - required: false - default: '7.0.402' - solution-path: - description: The path to the .sln solution file. - required: yes - -runs: - using: composite - - steps: - - name: Install .NET Core - uses: actions/setup-dotnet@v3 - with: - dotnet-version: ${{ inputs.dotnet-version }} - - - name: Install .NET Workloads - shell: pwsh - run: | - dotnet workload install maui - - - name: Build - shell: pwsh - run: | - dotnet build ${{ inputs.solution-path }} --configuration Release From 00c5cafc3a0b4a6643ddf9c680487dacc602919e Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:22:36 -0600 Subject: [PATCH 22/36] Create build.yml --- .github/workflows/build.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..852c75f --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,30 @@ +name: Build and Test + +on: + workflow_dispatch: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + build: + name: Build Package + runs-on: windows-2022 + + env: + Solution_Path: Sample\Auth0MauiApp.sln + + steps: + - uses: actions/checkout@v4 + + - name: Install .NET Core + uses: actions/setup-dotnet@v3 + with: + dotnet-version: "7.0.402" + + - name: Install .NET Workloads + run: dotnet workload install maui + + - name: Build + run: dotnet build $env:Solution_Path --configuration Release From 3ab45104b38fa777bbafad5b67047a812ebbdd4f Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:22:42 -0600 Subject: [PATCH 23/36] Update snyk.yml --- .github/workflows/snyk.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 10bf119..b223a16 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -42,13 +42,19 @@ jobs: # with: # ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }} # TODO Change this back - # - uses: ./.github/actions/build + # - name: Install .NET Core + # uses: actions/setup-dotnet@v3 # with: - # solution-path: Sample\Auth0MauiApp.sln + # dotnet-version: "7.0.402" + + # - run: | + # dotnet restore + # dotnet build # Install Scoop, Snyk's Scoop bucket, and the Snyk CLI. - shell: pwsh run: | + Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser iwr get.scoop.sh -outfile 'install.ps1' .\install.ps1 -RunAsAdmin scoop --version @@ -58,12 +64,12 @@ jobs: # Check that project is registered with Snyk when triggered from main branch - if: github.ref == 'refs/heads/main' continue-on-error: true - run: snyk monitor + run: ~\scoop\apps\snyk\current\snyk monitor env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Report vulnerabilities - - run: snyk test + - run: ~\scoop\apps\snyk\current\snyk test working-directory: Sample env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 7aa639c3bd14251e224977a61e722cf22def0c5c Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:29:09 -0600 Subject: [PATCH 24/36] Update snyk.yml --- .github/workflows/snyk.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index b223a16..d2a1bab 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -55,8 +55,7 @@ jobs: - shell: pwsh run: | Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser - iwr get.scoop.sh -outfile 'install.ps1' - .\install.ps1 -RunAsAdmin + iwr get.scoop.sh | iex scoop --version scoop bucket add snyk https://github.com/snyk/scoop-snyk scoop install snyk @@ -64,12 +63,12 @@ jobs: # Check that project is registered with Snyk when triggered from main branch - if: github.ref == 'refs/heads/main' continue-on-error: true - run: ~\scoop\apps\snyk\current\snyk monitor + run: snyk monitor env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Report vulnerabilities - - run: ~\scoop\apps\snyk\current\snyk test + - run: snyk test working-directory: Sample env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From f22838db40c721b3e4e7b75a6d822a02d395f648 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:30:30 -0600 Subject: [PATCH 25/36] Update snyk.yml --- .github/workflows/snyk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index d2a1bab..d8c7a48 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -54,7 +54,7 @@ jobs: # Install Scoop, Snyk's Scoop bucket, and the Snyk CLI. - shell: pwsh run: | - Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser + Set-ExecutionPolicy RemoteSigned -Scope CurrentUser iwr get.scoop.sh | iex scoop --version scoop bucket add snyk https://github.com/snyk/scoop-snyk From 4b0696da98834e7b587f0a35c3e9f6617d11dcf1 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:34:09 -0600 Subject: [PATCH 26/36] Update snyk.yml --- .github/workflows/snyk.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index d8c7a48..3bb7f38 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -54,8 +54,9 @@ jobs: # Install Scoop, Snyk's Scoop bucket, and the Snyk CLI. - shell: pwsh run: | - Set-ExecutionPolicy RemoteSigned -Scope CurrentUser - iwr get.scoop.sh | iex + Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser + iwr get.scoop.sh -outfile 'install.ps1' + .\install.ps1 -RunAsAdmin -ScoopDir .\scoop scoop --version scoop bucket add snyk https://github.com/snyk/scoop-snyk scoop install snyk @@ -63,12 +64,12 @@ jobs: # Check that project is registered with Snyk when triggered from main branch - if: github.ref == 'refs/heads/main' continue-on-error: true - run: snyk monitor + run: .\scoop\snyk monitor env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Report vulnerabilities - - run: snyk test + - run: .\scoop\snyk test working-directory: Sample env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From d5d86e344f7548a2db7bdafb8db5976073b09950 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:35:44 -0600 Subject: [PATCH 27/36] Update snyk.yml --- .github/workflows/snyk.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 3bb7f38..ca90567 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -54,6 +54,7 @@ jobs: # Install Scoop, Snyk's Scoop bucket, and the Snyk CLI. - shell: pwsh run: | + New-Item -Path .\scoop -ItemType Directory Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser iwr get.scoop.sh -outfile 'install.ps1' .\install.ps1 -RunAsAdmin -ScoopDir .\scoop From aabbd382586c30e1a1909716f525f49ca84278d6 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:37:43 -0600 Subject: [PATCH 28/36] Update snyk.yml --- .github/workflows/snyk.yml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index ca90567..473d9f4 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -51,26 +51,18 @@ jobs: # dotnet restore # dotnet build - # Install Scoop, Snyk's Scoop bucket, and the Snyk CLI. - - shell: pwsh - run: | - New-Item -Path .\scoop -ItemType Directory - Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser - iwr get.scoop.sh -outfile 'install.ps1' - .\install.ps1 -RunAsAdmin -ScoopDir .\scoop - scoop --version - scoop bucket add snyk https://github.com/snyk/scoop-snyk - scoop install snyk + # Install Snyk + - run: npm install snyk -g # Check that project is registered with Snyk when triggered from main branch - if: github.ref == 'refs/heads/main' continue-on-error: true - run: .\scoop\snyk monitor + run: snyk monitor env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # Report vulnerabilities - - run: .\scoop\snyk test + - run: snyk test working-directory: Sample env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From d4b0dcd4aa202dfbc624b781e405671e9885694d Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:39:40 -0600 Subject: [PATCH 29/36] Update snyk.yml --- .github/workflows/snyk.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 473d9f4..794d4ce 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -42,14 +42,14 @@ jobs: # with: # ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }} # TODO Change this back - # - name: Install .NET Core - # uses: actions/setup-dotnet@v3 - # with: - # dotnet-version: "7.0.402" + - name: Install .NET Core + uses: actions/setup-dotnet@v3 + with: + dotnet-version: "7.0.402" - # - run: | - # dotnet restore - # dotnet build + - run: | + dotnet restore + dotnet build # Install Snyk - run: npm install snyk -g @@ -63,6 +63,6 @@ jobs: # Report vulnerabilities - run: snyk test - working-directory: Sample + working-directory: Sample\Auth0MauiApp env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 45e25cdb83cbf52a39988f9312fbe4d40d614ed4 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:41:32 -0600 Subject: [PATCH 30/36] Update snyk.yml --- .github/workflows/snyk.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 794d4ce..8364d2f 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -48,8 +48,8 @@ jobs: dotnet-version: "7.0.402" - run: | - dotnet restore - dotnet build + dotnet restore Sample\Auth0MauiApp.sln + dotnet build Sample\Auth0MauiApp.sln # Install Snyk - run: npm install snyk -g @@ -58,6 +58,7 @@ jobs: - if: github.ref == 'refs/heads/main' continue-on-error: true run: snyk monitor + working-directory: Sample\Auth0MauiApp env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 0caa8ecadaf6759fed2395fda1c3c663dec14e75 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:41:49 -0600 Subject: [PATCH 31/36] Update snyk.yml --- .github/workflows/snyk.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 8364d2f..d274e36 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -48,8 +48,9 @@ jobs: dotnet-version: "7.0.402" - run: | - dotnet restore Sample\Auth0MauiApp.sln - dotnet build Sample\Auth0MauiApp.sln + dotnet restore + dotnet build + working-directory: Sample\Auth0MauiApp # Install Snyk - run: npm install snyk -g From e8510b924136bf5c78a07205308d062ed026c0e1 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:53:57 -0600 Subject: [PATCH 32/36] Update snyk.yml --- .github/workflows/snyk.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index d274e36..38c4d1b 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -47,24 +47,22 @@ jobs: with: dotnet-version: "7.0.402" - - run: | - dotnet restore - dotnet build - working-directory: Sample\Auth0MauiApp + - working-directory: Sample\Auth0MauiApp + run: dotnet restore # Install Snyk - run: npm install snyk -g # Check that project is registered with Snyk when triggered from main branch - if: github.ref == 'refs/heads/main' - continue-on-error: true - run: snyk monitor working-directory: Sample\Auth0MauiApp + run: snyk monitor env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + continue-on-error: true # Report vulnerabilities - - run: snyk test - working-directory: Sample\Auth0MauiApp + - working-directory: Sample\Auth0MauiApp + run: snyk test env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 9179f966fbf10b842c755a358deaae5e444871ef Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:59:26 -0600 Subject: [PATCH 33/36] Update semgrep.yml --- .github/workflows/semgrep.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 22b50f3..b03c649 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -2,8 +2,7 @@ name: Semgrep on: merge_group: - #pull_request_target: # TODO Change this back - pull_request: + pull_request_target: types: - opened - synchronize From 8e218d6c609f16eb506bba23d0f80c48f52c4c03 Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Tue, 7 Nov 2023 17:59:28 -0600 Subject: [PATCH 34/36] Update snyk.yml --- .github/workflows/snyk.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 38c4d1b..b9f48a0 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -2,8 +2,7 @@ name: Snyk on: merge_group: - #pull_request_target: # TODO Change this back - pull_request: + pull_request_target: types: - opened - synchronize @@ -39,8 +38,8 @@ jobs: run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. - uses: actions/checkout@v4 - # with: - # ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }} # TODO Change this back + with: + ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }} - name: Install .NET Core uses: actions/setup-dotnet@v3 From 58a08bae1777827e04866f04182075cf9f56815d Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Wed, 8 Nov 2023 09:01:40 -0600 Subject: [PATCH 35/36] Update .github/workflows/snyk.yml Co-authored-by: Frederik Prijck --- .github/workflows/snyk.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index b9f48a0..fede81c 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -61,7 +61,6 @@ jobs: continue-on-error: true # Report vulnerabilities - - working-directory: Sample\Auth0MauiApp - run: snyk test + - run: snyk test --file=Sample\Auth0MauiApp.sln env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 286fcaa0336ff51fcf1fa5ed46c3e9119de89ada Mon Sep 17 00:00:00 2001 From: Evan Sims Date: Wed, 8 Nov 2023 09:01:51 -0600 Subject: [PATCH 36/36] Update .github/workflows/snyk.yml Co-authored-by: Frederik Prijck --- .github/workflows/snyk.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index fede81c..081b8ca 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -54,8 +54,7 @@ jobs: # Check that project is registered with Snyk when triggered from main branch - if: github.ref == 'refs/heads/main' - working-directory: Sample\Auth0MauiApp - run: snyk monitor + run: snyk monitor --file=Sample\Auth0MauiApp.sln env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true