@@ -42,13 +42,13 @@ jobs:
4242 nuGetVersionV2 : ${{ steps.gitversion.outputs.nuGetVersionV2 }}
4343
4444 steps :
45- - uses : actions/checkout@v3
45+ - uses : actions/checkout@v4
4646 with :
4747 fetch-depth : 0
4848
4949 - uses : actions/setup-dotnet@v3
5050 with :
51- dotnet-version : " 6 .0.x"
51+ dotnet-version : " 8 .0.x"
5252
5353 - name : Install GitVersion
5454 run : dotnet tool install --global GitVersion.Tool
@@ -82,16 +82,16 @@ jobs:
8282
8383 steps :
8484 - name : Checkout repository
85- uses : actions/checkout@v3
85+ uses : actions/checkout@v4
8686 with :
8787 fetch-depth : 0
8888
8989 - uses : actions/setup-dotnet@v3
9090 with :
91- dotnet-version : " 6 .0.x"
91+ dotnet-version : " 8 .0.x"
9292
9393 - name : Enable NuGet cache
94- 94+ 9595 with :
9696 path : ~/.nuget/packages
9797 key : ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -123,25 +123,25 @@ jobs:
123123
124124 steps :
125125 - name : Checkout repository
126- uses : actions/checkout@v3
126+ uses : actions/checkout@v4
127127 with :
128128 fetch-depth : 0
129129
130130 - uses : actions/setup-dotnet@v3
131131 with :
132- dotnet-version : " 6 .0.x"
132+ dotnet-version : " 8 .0.x"
133133
134134 - name : Enable Homebrew
135135 run : echo "/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin" >> $GITHUB_PATH
136136
137137 - name : Install License Finder tool with Homebrew
138- uses : tecoli-com/actions-use-homebrew-tools@v1.1
138+ uses : tecoli-com/actions-use-homebrew-tools@v1.2
139139 with :
140140 tools : licensefinder
141141 cache : yes
142142
143143 - name : Enable NuGet cache
144- 144+ 145145 with :
146146 path : ~/.nuget/packages
147147 key : ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -183,25 +183,25 @@ jobs:
183183 ports :
184184 - 27017:27017
185185 steps :
186- - name : Set up JDK 11
186+ - name : Set up JDK 17
187187 uses : actions/setup-java@v3
188188 with :
189189 distribution : zulu
190- java-version : ' 11 '
190+ java-version : ' 17 '
191191
192192 - uses : actions/setup-dotnet@v3
193193 with :
194- dotnet-version : " 6 .0.x"
194+ dotnet-version : " 8 .0.x"
195195
196196 - name : Enable NuGet cache
197- 197+ 198198 with :
199199 path : ~/.nuget/packages
200200 key : ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
201201 restore-keys : |
202202 ${{ runner.os }}-nuget
203203
204- uses : actions/checkout@v3
204+ uses : actions/checkout@v4
205205 with :
206206 fetch-depth : 0
207207
@@ -231,7 +231,7 @@ jobs:
231231 env :
232232 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
233233 SONAR_TOKEN : ${{ secrets.SONAR_TOKEN }}
234- run : find ~+ -type f -name "*.Test.csproj" | xargs -L1 dotnet test -c ${{ env.BUILD_CONFIG }} -v=minimal -r "${{ env.TEST_RESULTS }}" --collect:"XPlat Code Coverage" --settings coverlet.runsettings
234+ run : find ~+ -type f -name "*.Test.csproj" | xargs -L1 dotnet test -c ${{ env.BUILD_CONFIG }} -v=minimal --results-directory "${{ env.TEST_RESULTS }}" --collect:"XPlat Code Coverage" --settings coverlet.runsettings
235235 working-directory : ./src
236236
237237 - name : End SonarScanner
@@ -244,7 +244,7 @@ jobs:
244244 - uses : codecov/codecov-action@v3
245245 with :
246246 token : ${{ secrets.CODECOV_TOKEN }}
247- directory : " src/${{ env.TEST_RESULTS }} "
247+ directory : " src/"
248248 files : " **/coverage.opencover.xml"
249249 flags : unittests
250250 name : codecov-umbrella
@@ -264,16 +264,16 @@ jobs:
264264 DOTNET_TEST : ${{ matrix.database }}
265265 steps :
266266 - name : Checkout repository
267- uses : actions/checkout@v3
267+ uses : actions/checkout@v4
268268 with :
269269 fetch-depth : 0
270270
271271 - uses : actions/setup-dotnet@v3
272272 with :
273- dotnet-version : " 6 .0.x"
273+ dotnet-version : " 8 .0.x"
274274
275275 - name : Enable NuGet cache
276- 276+ 277277 with :
278278 path : ~/.nuget/packages
279279 key : ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -315,7 +315,7 @@ jobs:
315315 MAJORMINORPATCH : ${{ needs.calc-version.outputs.majorMinorPatch }}
316316 strategy :
317317 matrix :
318- os : [ubuntu-latest, windows-latest ]
318+ os : [ubuntu-latest]
319319 fail-fast : true
320320
321321 outputs :
@@ -329,16 +329,16 @@ jobs:
329329
330330 steps :
331331 - name : Checkout repository
332- uses : actions/checkout@v3
332+ uses : actions/checkout@v4
333333 with :
334334 fetch-depth : 0
335335
336336 - uses : actions/setup-dotnet@v3
337337 with :
338- dotnet-version : " 6 .0.x"
338+ dotnet-version : " 8 .0.x"
339339
340340 - name : Enable NuGet cache
341- 341+ 342342 with :
343343 path : ~/.nuget/packages
344344 key : ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -394,7 +394,7 @@ jobs:
394394 if : ${{ (matrix.os == 'ubuntu-latest') }}
395395 run : |
396396 mkdir ~/nupkg
397- dotnet pack --no-build - c ${{ env.BUILD_CONFIG }} -o ~/nupkg -p:PackageVersion=${{ env.NUGETVER }}
397+ dotnet pack -c ${{ env.BUILD_CONFIG }} -o ~/nupkg -p:PackageVersion=${{ env.NUGETVER }}
398398 ls -lR ~/nupkg
399399working-directory : ./src/Api
400400
@@ -433,13 +433,26 @@ jobs:
433433 tags : ${{ steps.meta.outputs.tags }}
434434 labels : ${{ steps.meta.outputs.labels }}
435435
436- - name : Scan image with Azure Container Scan
437- env :
438- TRIVY_TIMEOUT_SEC : 360s
439- 436+ - name : Run Trivy vulnerability scanner
437+ uses : aquasecurity/trivy-action@master
440438 if : ${{ (matrix.os == 'ubuntu-latest') }}
441439 with :
442- image-name : ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
440+ image-ref : ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
441+ format : ' table'
442+ exit-code : ' 1'
443+ ignore-unfixed : true
444+ vuln-type : ' os,library'
445+ severity : ' CRITICAL'
446+
447+ - name : Run dockle scan
448+ id : dockle-scan
449+ uses : goodwithtech/dockle-action@main
450+ if : ${{ (matrix.os == 'ubuntu-latest') }}
451+ with :
452+ image : ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
453+ format : ' list'
454+ exit-code : ' 1'
455+ exit-level : ' warn'
443456
444457 - name : Anchore container scan
445458 id : anchore-scan
@@ -450,7 +463,7 @@ jobs:
450463 fail-build : true
451464 severity-cutoff : critical
452465
453- - name : Upload Anchore scan SARIF report
466+ - name : Upload scan SARIF report
454467 uses : github/codeql-action/upload-sarif@v2
455468 if : ${{ (matrix.os == 'ubuntu-latest') }}
456469 with :
@@ -468,24 +481,24 @@ jobs:
468481 env :
469482 SEMVER : ${{ needs.calc-version.outputs.semVer }}
470483 steps :
471- - uses : actions/checkout@v3
484+ - uses : actions/checkout@v4
472485 with :
473486 fetch-depth : 0
474487
475488 - uses : actions/setup-dotnet@v3
476489 with :
477- dotnet-version : " 6 .0.x"
490+ dotnet-version : " 8 .0.x"
478491
479492 - name : Enable NuGet cache
480- 493+ 481494 with :
482495 path : ~/.nuget/packages
483496 key : ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
484497 restore-keys : |
485498 ${{ runner.os }}-nuget
486499
487500name : Setup DocFX
488- uses : crazy-max/ghaction-chocolatey@v2
501+ uses : crazy-max/ghaction-chocolatey@v3
489502 with :
490503 args : install docfx
491504
@@ -539,7 +552,7 @@ jobs:
539552 env :
540553 NUGET_AUTH_TOKEN : ${{secrets.GITHUB_TOKEN}}
541554 with :
542- dotnet-version : " 6 .0.x"
555+ dotnet-version : " 8 .0.x"
543556 source-url : https://nuget.pkg.github.com/Project-MONAI/index.json
544557
545558 - name : Publish to GitHub
@@ -555,7 +568,7 @@ jobs:
555568 MAJORMINORPATCH : ${{ needs.calc-version.outputs.majorMinorPatch }}
556569
557570 steps :
558- - uses : actions/checkout@v3
571+ - uses : actions/checkout@v4
559572 with :
560573 fetch-depth : 0
561574
@@ -572,7 +585,7 @@ jobs:
572585 env :
573586 NUGET_AUTH_TOKEN : ${{secrets.GITHUB_TOKEN}}
574587 with :
575- dotnet-version : " 6 .0.x"
588+ dotnet-version : " 8 .0.x"
576589 source-url : https://nuget.pkg.github.com/Project-MONAI/index.json
577590
578591 - name : Publish to GitHub
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
0 commit comments