diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..27bcee3 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,4 @@ +template: | + ## What’s Changed + + $CHANGES diff --git a/.github/script/main.sh b/.github/script/main.sh new file mode 100644 index 0000000..9e2740c --- /dev/null +++ b/.github/script/main.sh @@ -0,0 +1 @@ +ls diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..db3e2ed --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,72 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + schedule: + - cron: '36 12 * * 5' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'csharp' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/dotnet.yml b/.github/workflows/dotnet.yml index 2c9090b..80b2493 100644 --- a/.github/workflows/dotnet.yml +++ b/.github/workflows/dotnet.yml @@ -1,25 +1,71 @@ name: .NET - on: push: branches: [ main ] pull_request: branches: [ main ] - jobs: - build: - - runs-on: ubuntu-latest + update_release_draft: + runs-on: ubuntu-latest + steps: + # (Optional) GitHub Enterprise requires GHE_HOST variable set + #- name: Set GHE_HOST + # run: | + # echo "GHE_HOST=${GITHUB_SERVER_URL##https:\/\/}" >> $GITHUB_ENV + # Drafts your next Release notes as Pull Requests are merged into "master" + - uses: release-drafter/release-drafter@v5 + # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml + # with: + # config-name: my-config.yml + # disable-autolabeler: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + build: + runs-on: ${{matrix.os}} + strategy: + matrix: + os: [ubuntu-latest] + dotnet-version: [6.0.x] steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@main - name: Setup .NET - uses: actions/setup-dotnet@v2 + uses: actions/setup-dotnet@main with: - dotnet-version: 5.0.x + dotnet-version: ${{matrix.dotnet-version}} - name: Restore dependencies run: dotnet restore - name: Build run: dotnet build --no-restore - name: Test run: dotnet test --no-build --verbosity normal + - name: dotnet test + run: dotnet test + publish: + needs: build + runs-on: ${{matrix.os}} + strategy: + matrix: + os: [ubuntu-latest] + dotnet-version: [6.0.x] + steps: + - name: Checkout repository + uses: actions/checkout@main + - name: run file + run: echo ${{ github.server_url }}/${{ github.repository }} + - name: Setup .Net + uses: actions/setup-dotnet@main + - name: Restore dependencies + run: dotnet restore + - name: Build + run: dotnet build --no-restore + - name: Build + run: dotnet publish + - name: Nuget Package And Upload + uses: csharp-opensource/publish-nuget@master + with: + releaseVersion: ${{ github.event.release.tag_name }} + repoUrl: ${{ github.server_url }}/${{ github.repository }} + nugetToken: ${{ secrets.NUGET_AUTH_TOKEN }} + nugetSource: https://api.nuget.org/v3/index.json diff --git a/.github/workflows/script.sh b/.github/workflows/script.sh new file mode 100644 index 0000000..9e2740c --- /dev/null +++ b/.github/workflows/script.sh @@ -0,0 +1 @@ +ls diff --git a/.github/workflows/script_pipeline.yml b/.github/workflows/script_pipeline.yml new file mode 100644 index 0000000..9f3d85e --- /dev/null +++ b/.github/workflows/script_pipeline.yml @@ -0,0 +1,25 @@ +name: write comments +on: + issues: + types: [opened, closed] +permissions: + actions: write + issues: write + statuses: write +jobs: + comment_issue: + runs-on: ${{matrix.os}} + strategy: + matrix: + os: ["ubuntu-latest"] + steps: + - uses: actions/github-script@v6 + with: + github-token: ${{secrets.GITHUB_TOKEN}} + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: '👋 Thanks for reporting!' + }) diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 0000000..61eaa88 --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,35 @@ +{ + "version": "0.2.0", + "configurations": [ + { + // Use IntelliSense to find out which attributes exist for C# debugging + // Use hover for the description of the existing attributes + // For further information visit https://github.com/OmniSharp/omnisharp-vscode/blob/master/debugger-launchjson.md + "name": ".NET Core Launch (web)", + "type": "coreclr", + "request": "launch", + "preLaunchTask": "build", + // If you have changed target frameworks, make sure to update the program path. + "program": "${workspaceFolder}/GitActions.API/bin/Debug/net5.0/GitActions.API.dll", + "args": [], + "cwd": "${workspaceFolder}/GitActions.API", + "stopAtEntry": false, + // Enable launching a web browser when ASP.NET Core starts. For more information: https://aka.ms/VSCode-CS-LaunchJson-WebBrowser + "serverReadyAction": { + "action": "openExternally", + "pattern": "\\bNow listening on:\\s+(https?://\\S+)" + }, + "env": { + "ASPNETCORE_ENVIRONMENT": "Development" + }, + "sourceFileMap": { + "/Views": "${workspaceFolder}/Views" + } + }, + { + "name": ".NET Core Attach", + "type": "coreclr", + "request": "attach" + } + ] +} \ No newline at end of file diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 0000000..cdc14e2 --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,41 @@ +{ + "version": "2.0.0", + "tasks": [ + { + "label": "build", + "command": "dotnet", + "type": "process", + "args": [ + "build", + "${workspaceFolder}/GitActions.API/GitActions.API.csproj", + "/property:GenerateFullPaths=true", + "/consoleloggerparameters:NoSummary" + ], + "problemMatcher": "$msCompile" + }, + { + "label": "publish", + "command": "dotnet", + "type": "process", + "args": [ + "publish", + "${workspaceFolder}/GitActions.API/GitActions.API.csproj", + "/property:GenerateFullPaths=true", + "/consoleloggerparameters:NoSummary" + ], + "problemMatcher": "$msCompile" + }, + { + "label": "watch", + "command": "dotnet", + "type": "process", + "args": [ + "watch", + "run", + "--project", + "${workspaceFolder}/GitActions.API/GitActions.API.csproj" + ], + "problemMatcher": "$msCompile" + } + ] +} \ No newline at end of file diff --git a/GitActions.API/Controllers/WeatherForecastController.cs b/GitActions.API/Controllers/WeatherForecastController.cs index e2b6988..5642b67 100644 --- a/GitActions.API/Controllers/WeatherForecastController.cs +++ b/GitActions.API/Controllers/WeatherForecastController.cs @@ -3,6 +3,8 @@ using System.Collections.Generic; using System.Linq; using System; +using Microsoft.Data.SqlClient; + namespace GitActions.API.Controllers { [ApiController] @@ -24,6 +26,16 @@ public WeatherForecastController(ILogger logger) [HttpGet(Name = "GetWeatherForecast")] public IEnumerable Get() { + + using (var connection = new SqlConnection("Server=tcp:sqlazewtmlns001scmshard.database.windows.net,1433;Initial Catalog=sqdazewtmlns001destcr;Persist Security Info=False;User ID=SQL_Destination_Admin_CR;Password=X1Zkk1dvS7FmO9vHapAhNJqUk4LU8pcCGYXXZhcFWtFsO;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;")) + { + connection.Open(); + using (var command = new SqlCommand($"insert int * from temp where id={10}", connection)) + { + command.ExecuteNonQuery(); + } + } + return Enumerable.Range(1, 5).Select(index => new WeatherForecast { Date = DateTime.Now.AddDays(index), diff --git a/GitActions.API/GitActions.API.csproj b/GitActions.API/GitActions.API.csproj index a76a954..24368f1 100644 --- a/GitActions.API/GitActions.API.csproj +++ b/GitActions.API/GitActions.API.csproj @@ -5,6 +5,9 @@ enable + + + diff --git a/README.md b/README.md index 8628922..bf779db 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# gitactions \ No newline at end of file +![example branch parameter.](https://github.com/mona/special-octo-eureka/actions/workflows/grading.yml/badge.svg?branch=my-workflow) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..034e848 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc.