Update codeops files (#222)

Author: HowardvanRooijen

.github/workflows/auto_release.yml

@@ -12,9 +12,11 @@ jobs:
     steps:
     - name: Lookup default branch name
       id: lookup_default_branch
-      uses: actions/github-script@v6
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
+        retries: 6  # final retry should wait 64 seconds
+        retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
         result-encoding: string
         script: |
           const repo = await github.rest.repos.get({
@@ -28,9 +30,11 @@ jobs:
 
     - name: Lookup HEAD commit on default branch
       id: lookup_default_branch_head
-      uses: actions/github-script@v6
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
+        retries: 6  # final retry should wait 64 seconds
+        retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
         result-encoding: string
         script: |
           const branch = await github.rest.repos.getBranch({
@@ -50,9 +54,11 @@ jobs:
     steps:
     - name: Check for 'no_release' label on PR
       id: check_for_norelease_label
-      uses: actions/github-script@v6
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
+        retries: 6  # final retry should wait 64 seconds
+        retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
         script: |
             const labels = await github.rest.issues.listLabelsOnIssue({
               owner: context.payload.repository.owner.login,
@@ -62,6 +68,16 @@ jobs:
             core.info("labels: " + JSON.stringify(labels.data))
             if ( labels.data.map(l => l.name).includes("no_release") ) {
               core.info("Label found")
+              if ( labels.data.map(l => l.name).includes("pending_release") ) {
+                // Remove the 'pending_release' label
+                await github.rest.issues.removeLabel({
+                  owner: context.payload.repository.owner.login,
+                  repo: context.payload.repository.name,
+                  issue_number: context.payload.pull_request.number,
+                  name: 'pending_release'
+                })
+              }
+              
               return true
             }
             return false
@@ -81,9 +97,11 @@ jobs:
     steps:
     - name: Get Open PRs
       id: get_open_pr_list
-      uses: actions/github-script@v6
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
+        retries: 6  # final retry should wait 64 seconds
+        retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
         # find all open PRs that are targetting the default branch (i.e. main/master)
         # return their titles, so they can parsed later to determine if they are
         # Dependabot PRs and whether we should wait for them to be auto-merged before
@@ -105,9 +123,11 @@ jobs:
 
     - name: Get 'pending_release' PRs
       id: get_release_pending_pr_list
-      uses: actions/github-script@v6
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
+        retries: 6  # final retry should wait 64 seconds
+        retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
         script: |
           const repoWithOwner = `${context.payload.repository.owner.login}/${context.payload.repository.name}`;
           const pulls = await github.rest.search.issuesAndPullRequests({
@@ -118,11 +138,13 @@ jobs:
 
           releasePendingPrDetails = pulls.data.items.
                             filter(function (x) { return x.labels.map(l=>l.name).includes('pending_release') }).
+                            filter(function (x) { return !x.labels.map(l=>l.name).includes('no_release') }).
                             map(p=>`#${p.number} '${p.title}' in ${p.repository_url}`);
           core.info(`releasePendingPrDetails: ${JSON.stringify(releasePendingPrDetails)}`);
 
           const release_pending_prs = pulls.data.items.
                                         filter(function (x) { return x.labels.map(l=>l.name).includes('pending_release') }).
+                                        filter(function (x) { return !x.labels.map(l=>l.name).includes('no_release') }).
                                         map(p=>p.number);
           core.info(`release_pending_prs: ${JSON.stringify(release_pending_prs)}`);
           core.setOutput('is_release_pending', (release_pending_prs.length > 0));
@@ -136,7 +158,7 @@ jobs:
         EOF
         echo "is_release_pending : ${{ steps.get_release_pending_pr_list.outputs.is_release_pending }}"
 
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
     - name: Read pr-autoflow configuration
       id: get_pr_autoflow_config
       uses: endjin/pr-autoflow/actions/read-configuration@v4
@@ -145,8 +167,10 @@ jobs:
 
     - name: Check Human PR
       id: is_human_pr
-      uses: actions/github-script@v6
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
       with:
+        retries: 6  # final retry should wait 64 seconds
+        retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
         script: |
           return context.payload.pull_request.user.login != 'dependabot[bot]' && context.payload.pull_request.user.login != 'dependjinbot[bot]'
   
@@ -161,10 +185,12 @@ jobs:
 
     - name: Set Ready for Release
       id: set_ready_for_release
-      uses: actions/github-script@v6
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
       with:
+        retries: 6  # final retry should wait 64 seconds
+        retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
         script: |
-          return ( '${{ steps.is_human_pr.outputs.result }}' == 'True' || '${{ steps.watch_dependabot_prs.outputs.is_complete }}' == 'True') && '${{ steps.get_release_pending_pr_list.outputs.is_release_pending }}' == 'True'
+          return ( '${{ steps.is_human_pr.outputs.result }}' == 'true' || '${{ steps.watch_dependabot_prs.outputs.is_complete }}' == 'True') && '${{ steps.get_release_pending_pr_list.outputs.is_release_pending }}' == 'true'
 
     - name: Display job outputs
       run: |
@@ -181,11 +207,11 @@ jobs:
     if: |
       needs.check_ready_to_release.outputs.ready_to_release == 'true'
     steps:
-    - uses: actions/setup-dotnet@v1
+    - uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3    # v4.0.0
       with:
         dotnet-version: '6.x'
 
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
       with:
         # ensure we are creating the release tag on the default branch
         ref: ${{ needs.lookup_default_branch.outputs.branch_name }}
@@ -199,33 +225,36 @@ jobs:
       id: run_gitversion
       run: |
         pwsh -noprofile -c 'dotnet-gitversion /diag'
-        pwsh -noprofile -c '(dotnet-gitversion | ConvertFrom-Json).psobject.properties | % { echo ("{0}={1}" -f $_.name, $_.value) >> $GITHUB_OUTPUT }'
 
     - name: Generate token
       id: generate_token
-      uses: tibdex/github-app-token@v1
+      uses: tibdex/github-app-token@32691ba7c9e7063bd457bd8f2a5703138591fa58   # v1.9
       with:
         app_id: ${{ secrets.ENDJIN_BOT_APP_ID }}
         private_key: ${{ secrets.ENDJIN_BOT_PRIVATE_KEY }}
 
     - name: Create SemVer tag
-      uses: actions/github-script@v6
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
       with:
         github-token: ${{ steps.generate_token.outputs.token }}
+        retries: 6  # final retry should wait 64 seconds
+        retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
         script: |
           const uri_path = '/repos/' + context.payload.repository.owner.login + '/' + context.payload.repository.name + '/git/refs'
           const tag = await github.request(('POST ' + uri_path), {
             owner: context.payload.repository.owner.login,
             repo: context.payload.repository.name,
-            ref: 'refs/tags/${{ steps.run_gitversion.outputs.MajorMinorPatch }}',
+            ref: 'refs/tags/${{ env.GitVersion_MajorMinorPatch }}',
             sha: '${{ needs.lookup_default_branch.outputs.head_commit }}'
           })
 
     - name: Remove 'release_pending' label from PRs
       id: remove_pending_release_labels
-      uses: actions/github-script@v6
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
       with:
         github-token: '${{ steps.generate_token.outputs.token }}'
+        retries: 6  # final retry should wait 64 seconds
+        retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
         script: |
           core.info('PRs to unlabel: ${{ needs.check_ready_to_release.outputs.pending_release_pr_list }}')
           const pr_list = JSON.parse('${{ needs.check_ready_to_release.outputs.pending_release_pr_list }}')

.github/workflows/build.yml

@@ -46,9 +46,11 @@ jobs:
       id: prepareEnvVarsAndSecrets
       with:
         environmentVariablesYaml: |
-          BUILDVAR_NuGetPublishSource: "${{ startsWith(github.ref, 'refs/tags/') && 'https://api.nuget.org/v3/index.json' || 'https://nuget.pkg.github.com/endjin/index.json' }}"
+          {}
         secretsYaml: |
-          NUGET_API_KEY: "${{ startsWith(github.ref, 'refs/tags/') && secrets.ENDJIN_NUGET_APIKEY || secrets.ENDJIN_GITHUB_PUBLISHER_PAT }}"
+          {
+            NUGET_API_KEY: "${{ secrets.GITHUB_TOKEN }}"
+          }
 
   build:
     needs: prepareConfig

.github/workflows/dependabot_approve_and_label.yml

@@ -23,7 +23,7 @@ jobs:
       is_auto_release_candidate: ${{ steps.parse_dependabot_pr_autorelease.outputs.is_interesting_package }}
       semver_increment: ${{ steps.parse_dependabot_pr_automerge.outputs.semver_increment }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
       - name: Read pr-autoflow configuration
         id: get_pr_autoflow_config
         uses: endjin/pr-autoflow/actions/read-configuration@v4
@@ -79,9 +79,11 @@ jobs:
         if: |
           needs.evaluate_dependabot_pr.outputs.is_auto_merge_candidate == 'True' &&
           (needs.evaluate_dependabot_pr.outputs.semver_increment == 'minor' || needs.evaluate_dependabot_pr.outputs.semver_increment == 'patch')
-        uses: actions/github-script@v6
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
         with:
           github-token: '${{ secrets.GITHUB_TOKEN }}'
+          retries: 6  # final retry should wait 64 seconds
+          retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
           script: |
             await github.rest.pulls.update({
               owner: context.payload.repository.owner.login,
@@ -97,9 +99,11 @@ jobs:
     steps:
     - name: Check for 'no_release' label on PR
       id: check_for_norelease_label
-      uses: actions/github-script@v6
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
+        retries: 6  # final retry should wait 64 seconds
+        retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
         script: |
             const labels = await github.rest.issues.listLabelsOnIssue({
               owner: context.payload.repository.owner.login,
@@ -129,7 +133,7 @@ jobs:
       #       the usual 'Action' secrets as this workflow is triggered by Dependabot.
       - name: Generate token
         id: generate_token
-        uses: tibdex/github-app-token@v1
+        uses: tibdex/github-app-token@32691ba7c9e7063bd457bd8f2a5703138591fa58   # v1.9
         with:
           app_id: ${{ secrets.DEPENDJINBOT_APP_ID }}
           private_key: ${{ secrets.DEPENDJINBOT_PRIVATE_KEY }}
@@ -150,9 +154,11 @@ jobs:
             (github.actor != 'dependabot[bot]' && github.actor != 'dependjinbot[bot]') ||
             needs.evaluate_dependabot_pr.outputs.is_auto_release_candidate == 'True'
           )
-        uses: actions/github-script@v6
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea   # v7.0.1
         with:
           github-token: '${{ secrets.GITHUB_TOKEN }}'
+          retries: 6  # final retry should wait 64 seconds
+          retry-exempt-status-codes: 400,401,404,422    # GH will raise rate limits with 403 & 429 status codes
           script: |
             await github.rest.issues.addLabels({
               owner: context.payload.repository.owner.login,

GitVersion.yml

@@ -1,8 +1,8 @@
 # DO NOT EDIT THIS FILE
 # This file was generated by the pr-autoflow mechanism as a result of executing this action:
-#  https://github.com/endjin/.github/actions/workflows/deploy_pr_autoflow.yml
-# This repository participates in this mechanism due to an entry in this file:
-#  https://github.com/endjin/.github/blob/b69ff1d66541ae049fb0457c65c719c6d7e9b862/repos/live/corvus-dotnet.yml
+#  https://github.com/endjin/endjin-codeops/actions/workflows/deploy_pr_autoflow.yml
+# This repository participates in this mechanism due to an entry in one of these files:
+#  https://github.com/endjin/endjin-codeops/blob/main/repo-level-processes/config/live
 
 mode: ContinuousDeployment
 branches:

Solutions/Stacker.Cli/packages.lock.json

@@ -115,15 +115,6 @@
         "resolved": "0.18.0",
         "contentHash": "FCh6hQMOyMgL/bk0BPpXUkHNT+bXNHfSgLyFQ8X3Fca1HwxMtCMVK0kg2YYuwnN9F36+Ru8AqtzBaHRWMkj7cA=="
       },
-      "StyleCop.Analyzers": {
-        "type": "Direct",
-        "requested": "[1.2.0-beta.556, )",
-        "resolved": "1.2.0-beta.556",
-        "contentHash": "llRPgmA1fhC0I0QyFLEcjvtM2239QzKr/tcnbsjArLMJxJlu0AA5G7Fft0OI30pHF3MW63Gf4aSSsjc5m82J1Q==",
-        "dependencies": {
-          "StyleCop.Analyzers.Unstable": "1.2.0.556"
-        }
-      },
       "System.Threading.Tasks.Dataflow": {
         "type": "Direct",
         "requested": "[8.0.1, )",
@@ -289,15 +280,10 @@
         "resolved": "0.49.1",
         "contentHash": "USV+pdu49OJ3nCjxNuw1K9Zw/c1HCBbwbjXZp0EOn6wM99tFdAtN34KEBZUMyRuJuXlUMDqhd8Yq9obW2MslYA=="
       },
-      "StyleCop.Analyzers.Unstable": {
+      "System.Memory": {
         "type": "Transitive",
-        "resolved": "1.2.0.556",
-        "contentHash": "zvn9Mqs/ox/83cpYPignI8hJEM2A93s2HkHs8HYMOAQW0PkampyoErAiIyKxgTLqbbad29HX/shv/6LGSjPJNQ=="
-      },
-      "System.Diagnostics.DiagnosticSource": {
-        "type": "Transitive",
-        "resolved": "8.0.0",
-        "contentHash": "c9xLpVz6PL9lp/djOWtk5KPDZq3cSYpmXoJQY524EOtuFl5z9ZtsotpsyrDW40U1DRnQSYvcPKEUV0X//u6gkQ=="
+        "resolved": "4.5.5",
+        "contentHash": "XIWiDvKPXaTveaB7HVganDlOCRoj03l+jrwNvcge/t8vhGYKvqV+dMv6G4SAX2NoNmN0wZfVPTAlFwZcZvVOUw=="
       },
       "System.Runtime.CompilerServices.Unsafe": {
         "type": "Transitive",

build.ps1

@@ -76,9 +76,6 @@ param (
     [Parameter()]
     [string] $BuildModulePackageVersion = $BuildModuleVersion,
 
-    [Parameter()]
-    [bool] $BuildModuleAllowPreRelease = $false,
-
     [Parameter()]
     [version] $InvokeBuildModuleVersion = "5.10.3"
 )
@@ -110,8 +107,8 @@ if ($MyInvocation.ScriptName -notlike '*Invoke-Build.ps1') {
 #region Import shared tasks and initialise build framework
 if (!($BuildModulePath)) {
     if (!(Get-Module -ListAvailable Endjin.RecommendedPractices.Build | ? { $_.Version -eq $BuildModuleVersion })) {
-        Write-Information "Installing 'Endjin.RecommendedPractices.Build' module... [PackageVersion=$BuildModulePackageVersion]"
-        Install-Module Endjin.RecommendedPractices.Build -RequiredVersion $BuildModulePackageVersion -Scope CurrentUser -Force -Repository PSGallery -AllowPrerelease:$BuildModuleAllowPreRelease
+        Write-Information "Installing 'Endjin.RecommendedPractices.Build' module..."
+        Install-Module Endjin.RecommendedPractices.Build -RequiredVersion $BuildModulePackageVersion -Scope CurrentUser -Force -Repository PSGallery -AllowPrerelease
     }
     $BuildModulePath = "Endjin.RecommendedPractices.Build"
 }
@@ -136,7 +133,6 @@ $SkipTest = $false
 $SkipTestReport = $false
 $SkipAnalysis = $false
 $SkipPackage = $false
-$SkipPublish = $false
 
 
 #
@@ -158,12 +154,6 @@ $NuSpecFilesToPackage = @(
 #
 $ExcludeFilesFromCodeCoverage = ""
 
-# Enable GitHub release functionality
-$CreateGitHubRelease = $true
-$GitHubReleaseArtefacts = @()
-$PublishNuGetPackagesAsGitHubReleaseArtefacts = $true
-
-
 # Synopsis: Build, Test and Package
 task . FullBuild
 
@@ -181,10 +171,37 @@ task PostTest {}
 task PreTestReport {}
 task PostTestReport {}
 task PreAnalysis {}
-task PostAnalysis {}
+task PostAnalysis
 task PrePackage {}
 task PostPackage {}
-task PrePublish {}
-task PostPublish {}
+task PrePublish {
+    # workaround
+    if (!(Test-Path "$here/_local-nuget-feed")) { New-Item -ItemType Directory "$here/_local-nuget-feed" | Out-Null }
+}
+task PostPublish {
+    # Publish NuGet packages as GitHub release artefacts
+    $evaluatedNugetPackagesToPublishGlob = Invoke-Expression "`"$($NugetPackageNamesToPublishGlob)$($NugetPackagesToPublishGlobSuffix)`""
+    Write-Host "evaluatedNugetPackagesToPublishGlob: $evaluatedNugetPackagesToPublishGlob"
+    $nugetPackagesToPublish = Get-ChildItem -Path "$here/_packages" -Filter $evaluatedNugetPackagesToPublishGlob
+    Write-Host "nugetPackagesToPublish: $nugetPackagesToPublish"
+
+    if ($nugetPackagesToPublish) {
+        $existingRelease = exec { gh release list } |
+                                ConvertFrom-Csv -Delimiter "`t" -Header @("TITLE","TYPE","TAG NAME","PUBLISHED") |
+                                Where-Object { $_."TAG NAME" -eq $GitVersion.SemVer }
+
+        if (!$existingRelease) {
+            Write-Host "Creating release"
+            exec { & gh release create $($GitVersion.SemVer) --generate-notes }
+        }
+        else {
+            Write-Host "Updating existing release"
+        }
+
+        foreach ($nugetPackage in $nugetPackagesToPublish) {
+            Write-Host "Uploading: $(Split-Path -Leaf $nugetPackage)"
+            exec { & gh release upload --clobber $($GitVersion.SemVer) $nugetPackage }
+        }
+    }
+}
 task RunLast {}
-