Skip to content

Bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#150) #179

Bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#150)

Bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#150) #179

Workflow file for this run

name: Release
on:
push:
branches:
- main
concurrency: ${{ github.workflow }}-${{ github.ref }}
permissions: { }
env:
dotnet: 9.0.x
node: 22.x
Project: src/Serilog.Extensions.Formatting
PackageJson: src/Serilog.Extensions.Formatting/package.json
Csproj: src/Serilog.Extensions.Formatting/Serilog.Extensions.Formatting.csproj
PackageName: alexaka1.serilog.extensions.formatting
YARN_ENABLE_HARDENED_MODE: 1
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
jobs:
tests:
name: Tests
uses: ./.github/workflows/tests.yml
permissions:
contents: read
check-release:
name: Prepare release
runs-on: ubuntu-24.04
permissions:
pull-requests: write
contents: write
issues: read
id-token: write
attestations: write
outputs:
publishable: ${{ steps.pack.outputs.canPack == 'true'}}
version: ${{ steps.pack.outputs.version }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
aka.ms:443
api.github.com:443
api.nuget.org:443
cdn.fwupd.org:443
crl3.digicert.com:80
dotnetbuilds.azureedge.net:443
dotnetcli.azureedge.net:443
dc.services.visualstudio.com:443
github.com:443
objects.githubusercontent.com:443
registry.npmjs.org:443
registry.yarnpkg.com:443
repo.yarnpkg.com:443
*.sigstore.dev:443
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Setup Dotnet ${{ env.dotnet }}
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
with:
dotnet-version: ${{ env.dotnet }}
- name: Setup Node.js ${{ env.node }}
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ env.node }}
- name: Enable Corepack
run: corepack enable
- name: Yarn install
run: yarn install --immutable
- uses: chainguard-dev/actions/setup-gitsign@57cb0b7560d9b9b081c15ac5ef689f73f4dda03e
- name: Create Release Pull Request or Prepare release
id: changesets
uses: changesets/action@c8bada60c408975afd1a20b3db81d6eee6789308 # v1.4.9
with:
# outputs versionExists=true if version already exists on nuget
version: yarn run version ${{ env.PackageJson }} ${{ env.Csproj }}
setupGitUser: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Can pack?
id: pack
if: steps.changesets.outputs.hasChangesets == 'false'
shell: bash
run: |
set -e
VERSION=$(jq -r '.version' "${{ env.PackageJson }}")
echo "version=v$VERSION" >> "$GITHUB_OUTPUT"
AVAILABLE_VERSIONS=$(curl -s "https://api.nuget.org/v3-flatcontainer/${{ env.PackageName }}/index.json" | jq -r '.versions[]')
if echo "$AVAILABLE_VERSIONS" | grep -q "^$VERSION$"; then
echo "canPack=false" >> "$GITHUB_OUTPUT"
else
echo "canPack=true" >> "$GITHUB_OUTPUT"
fi
- name: Dotnet restore
if: steps.pack.outputs.canPack == 'true'
run: dotnet restore ${{ env.Project }}
- name: Dotnet build
if: steps.pack.outputs.canPack == 'true'
run: dotnet build ${{ env.Project }} --configuration Release --no-restore
- name: Pack nupkg
if: steps.pack.outputs.canPack == 'true'
run: dotnet pack ${{ env.Project }} -c Release -o ${{ github.workspace }}/artifacts
- name: Generate nupkg attestation
if: steps.pack.outputs.canPack == 'true'
uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
with:
subject-path: ${{ github.workspace }}/artifacts
- name: Upload nupkg
if: steps.pack.outputs.canPack == 'true'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: nuget
path: ${{ github.workspace }}/artifacts
if-no-files-found: error
release:
name: Release package
environment: production
runs-on: ubuntu-latest
if: needs.check-release.outputs.publishable == 'true'
needs:
- check-release
- tests
permissions:
contents: write
id-token: write
env:
changelog: src/Serilog.Extensions.Formatting/CHANGELOG.md
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# we use credentials to push tags below
persist-credentials: true
- uses: chainguard-dev/actions/setup-gitsign@57cb0b7560d9b9b081c15ac5ef689f73f4dda03e
- name: Download nupkg
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: nuget
path: ${{ github.workspace }}/artifacts
github-token: ${{ github.token }}
- name: Setup Dotnet ${{ env.dotnet }}
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
with:
dotnet-version: ${{ env.dotnet }}
- name: Publish nupkg
run: dotnet nuget push ${{ github.workspace }}/artifacts/*.nupkg -s https://api.nuget.org/v3/index.json -k ${{ secrets.NUGET_API_KEY }}
- name: Create changelog for release
id: changelog
shell: bash
run: |
input_file="${{ env.changelog }}"
output_file="changes.md"
# Find the line number of the first version heading
start_line=$(grep -nE '^## [0-9]+\.[0-9]+\.[0-9]' "$input_file" | head -n 1 | cut -d: -f1)
# Find the line number of the next version heading, if it exists
end_line=$(grep -nE '^## [0-9]+\.[0-9]+\.[0-9]' "$input_file" | sed -n '2p' | cut -d: -f1)
if [ -z "$end_line" ]; then
# If there is no next version, extract till the end of the file
sed -n "${start_line},\$p" "$input_file" > "$output_file"
else
# Extract only the section for the uppermost version
sed -n "${start_line},$(($end_line-1))p" "$input_file" > "$output_file"
fi
echo "changes=$output_file" >> "$GITHUB_OUTPUT"
prerelease=false
if [ -f ".changeset/pre.json" ]; then
prerelease=true
fi
- name: Tag release
run: |
git tag -s ${{ needs.check-release.outputs.version }} -m "Release ${{ needs.check-release.outputs.version }}"
git push origin ${{ needs.check-release.outputs.version }}
- name: Create GitHub release
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
files: |
${{ github.workspace }}/artifacts/*.nupkg
${{ github.workspace }}/artifacts/*.snupkg
${{ env.changelog }}
body_path: ${{ steps.changelog.outputs.changes }}
body: Oh no, it looks like the change-notes were not generated correctly by the action.
draft: false
prerelease: ${{ steps.changelog.outputs.prerelease == 'true' }}
generate_release_notes: true
fail_on_unmatched_files: true
append_body: true
tag_name: ${{ needs.check-release.outputs.version }}
target_commitish: ${{ github.sha }}