There are two workflows setup on this repo:
| Worflow | Status and link | Description |
|---|---|---|
| build-test-package |  |
Builds the solution, runs tests and creates the NuGet packages. |
| upload-coverage-to-codecov |  |
Uploads code coverage to Codecov. |
| codeql |  |
Analyses code quality with the CodeQL tool. |
| dispatch-commands |  |
Handles slash commands on issues and triggers repository/workflow dispatch events. |
| dotnet-format |  |
Runs dotnet format and stores the result. |
| dotnet-format-apply-changes |  |
Applies the result from the dotnet-format workflow. |
| markdown-link-check |  |
Checks markdown files for broken links and stores the result. |
| markdown-link-check-handle-result |  |
Processes the result of the markdown link check workflow. |
| nuget-release |  |
Starting workflow to release a NuGet package. |
| nuget-publish |  |
Publishes NuGet packages to nuget.org and creates a GitHub release. |
| nuget-release-flow |  |
Tracks the NuGet release flow by updating the release flow diagram and closing the release issue. |
| pr-dependabot-auto-merge |  |
Automatically merges Dependabot PRs. |
| pr-test-results-comment |  |
Adds test results as comments on Pull Requests |
- build-test-package
- upload-coverage-to-codecov
- codeql
- dispatch-commands
- dotnet-format
- dotnet-format-apply-changes
- markdown-link-check
- markdown-link-check-handle-result
- nuget-release
- nuget-publish
- nuget-release-flow
- pr-dependabot-auto-merge
- pr-test-results-comment
All the workflows have the minimum required GITHUB_TOKEN permissions. Furthermore, the workflows that require priviliged context are separated from the ones that could potentially executed malicious code. The main purpose is to protect from the threat of malicious pull requests. For more information see:
- Security considerations on GitHub workflows
- Security considerations on GitHub workflows regarding dotnet CLI
Other relevant links:
- Permissions for the GITHUB_TOKEN
- Syntax for GITHUB_TOKEN permissions
- Breakdown of GITHU_TOKEN permissions by API calls
You can print github context objects by using the toJSON function.
Example with a step running powershell:
- name: Dump github context
shell: pwsh
run: Write-Output '${{ toJson(github) }}'It's useful to look at the workflow run logs, specially at the set up job section which is were you can find for example the permissions assigned to the GITHUB_TOKEN that the job will use.
You can also enable debug logging.