Conversation
Added ItemGroups to all relevant .csproj files to exclude obj\ artifacts from Compile, EmbeddedResource, None, and Page items, preventing accidental inclusion of build outputs. Refactored Sokoban.Server/Program.cs to use SOKOSERVER_TLS_* environment variables instead of SHARPHACK_TLS_*, with constants for consistency. Console output now displays the assembly name dynamically. Reordered ProjectReference entries in Sokoban.Server.csproj. Changed PreBuild target condition in Sokoban_Base.csproj from net6.0 to net6.01. Added a conditional using for System.Runtime.Loader in AppWithPlugin.cs for .NET 6.0 or greater, and a clarifying comment in AppWithPlugin.csproj.
Exclude obj\ files from build, update TLS env vars
Updated CI workflow to version 3 and removed additional projects from the solution.
--- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major - dependency-name: coverlet.collector dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
….0.3 --- updated-dependencies: - dependency-name: Microsoft.Extensions.Configuration.UserSecrets dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Configuration.UserSecrets dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…2 to 10.0.3 --- updated-dependencies: - dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…s.Hosting Bumps Microsoft.Extensions.DependencyInjection from 10.0.2 to 10.0.3 Bumps Microsoft.Extensions.Hosting from 10.0.2 to 10.0.3 --- updated-dependencies: - dependency-name: Microsoft.Extensions.DependencyInjection dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Hosting dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.DependencyInjection dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Hosting dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
--- updated-dependencies: - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…s/TestStatementsTest/TestStatements/multi-3b6822d52c
…s/AppWithPlugin/TestStatements/multi-5f80093d01
…ibraries/BaseLib/TestStatements/Microsoft.Extensions.DependencyInjection.Abstractions-10.0.3
…s/TestStatements/TestStatements/multi-059737ced7
…s/AppWithPlugin/TestStatements/multi-6b90601411
| runs-on: windows-latest | ||
| defaults: | ||
| run: | ||
| working-directory: CSharpBible | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| # Install the .NET Core workload | ||
| - name: Install .NET Core | ||
| uses: actions/setup-dotnet@v3 | ||
| with: | ||
| dotnet-version: 6.0.x | ||
|
|
||
| # Add MSBuild to the PATH: https://github.com/microsoft/setup-msbuild | ||
| - name: Setup MSBuild.exe | ||
| uses: microsoft/setup-msbuild@v1.0.2 | ||
|
|
||
| # Execute all unit tests in the solution | ||
| - name: Execute unit tests | ||
| run: dotnet test | ||
|
|
||
| # Restore the application to populate the obj folder with RuntimeIdentifiers | ||
| - name: Restore the application | ||
| run: msbuild $env:Solution_Name /t:Restore /p:Configuration=$env:Configuration | ||
| env: | ||
| Configuration: ${{ matrix.configuration }} | ||
|
|
||
| # Decode the base 64 encoded pfx and save the Signing_Certificate | ||
| - name: Decode the pfx | ||
| run: | | ||
| $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.Base64_Encoded_Pfx }}") | ||
| $certificatePath = Join-Path -Path $env:Wap_Project_Directory -ChildPath GitHubActionsWorkflow.pfx | ||
| [IO.File]::WriteAllBytes("$certificatePath", $pfx_cert_byte) | ||
|
|
||
| # Create the app package by building and packaging the Windows Application Packaging project | ||
| - name: Create the app package | ||
| run: msbuild $env:Wap_Project_Path /p:Configuration=$env:Configuration /p:UapAppxPackageBuildMode=$env:Appx_Package_Build_Mode /p:AppxBundle=$env:Appx_Bundle /p:PackageCertificateKeyFile=GitHubActionsWorkflow.pfx /p:PackageCertificatePassword=${{ secrets.Pfx_Key }} | ||
| env: | ||
| Appx_Bundle: Always | ||
| Appx_Bundle_Platforms: x86|x64 | ||
| Appx_Package_Build_Mode: StoreUpload | ||
| Configuration: ${{ matrix.configuration }} | ||
|
|
||
| # Remove the pfx | ||
| - name: Remove the pfx | ||
| run: Remove-Item -path $env:Wap_Project_Directory\GitHubActionsWorkflow.pfx | ||
|
|
||
| # Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact | ||
| - name: Upload build artifacts | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: MSIX Package | ||
| path: ${{ env.Wap_Project_Directory }}\AppPackages | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup .NET 8.0 | ||
| uses: actions/setup-dotnet@v4 | ||
| with: | ||
| dotnet-version: "8.0.x" | ||
|
|
||
| - name: Remove private projects | ||
| run: | | ||
| dotnet sln CSharpBible.sln remove "Mobile/MauiApp1/MauiApp1.csproj" | ||
| dotnet sln CSharpBible.sln remove "Simulation/AGVFktTests/AGVFktTests.csproj" | ||
| dotnet sln CSharpBible.sln remove "Simulation/AGVFkt/AGVFkt.csproj" | ||
| dotnet sln CSharpBible.sln remove "DB/ADO_Test/ADO_Test.csproj" | ||
| dotnet sln CSharpBible.sln remove "Libraries/CSFreeVision_/CSFreeVision.csproj" | ||
| dotnet sln CSharpBible.sln remove "Mobile/DXMauiApp1/DXMauiApp1.csproj" | ||
| dotnet sln CSharpBible.sln remove "Web/MyComponent/Client/MyComponent.Client.csproj" | ||
| dotnet sln CSharpBible.sln remove "Web/MyComponent/Server/MyComponent.Server.csproj" | ||
| dotnet sln CSharpBible.sln remove "Web/MyComponent/Shared/MyComponent.csproj" | ||
| dotnet sln CSharpBible.sln remove "WinUI/App1/App1/App1.csproj" | ||
| dotnet sln CSharpBible.sln remove "App2/App2.csproj" | ||
| dotnet sln CSharpBible.sln remove "../PackageDwnLd.csproj" | ||
| dotnet sln CSharpBible.sln remove "Web/BlazorApp1/BlazorApp1.csproj" | ||
| dotnet sln CSharpBible.sln remove "Web/WebApp1/BlazorApp2/BlazorApp2.csproj" | ||
| dotnet sln CSharpBible.sln remove "Web/WebApp1/WebApplication1/WebApplication1/WebApplication1.csproj" | ||
|
|
||
| - name: Restore | ||
| run: dotnet restore CSharpBible.sln -p:TargetFramework=net8.0-windows | ||
|
|
||
| - name: Build | ||
| run: dotnet build CSharpBible.sln --configuration Release --no-restore -p:TargetFramework=net8.0-windows | ||
|
|
||
| - name: Test | ||
| run: dotnet test CSharpBible.sln --configuration Release --no-build --verbosity normal -p:TargetFramework=net8.0-windows |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
In general, the fix is to define an explicit permissions block for the workflow or individual jobs, granting only the minimal scopes required. For this workflow, the job only needs to read repository contents to allow actions/checkout to fetch the code; it does not appear to need any write permissions or additional scopes.
The single best fix with no functional change is to add a root-level permissions section that applies to all jobs, immediately below the name (or on) block. Set contents: read as recommended by CodeQL. No imports or additional methods are needed; this is purely a YAML configuration change within .github/workflows/CSharpBible.yml.
Concretely: in .github/workflows/CSharpBible.yml, after line 1 (name: CSharpBible CI3) insert a permissions: block specifying contents: read. This will constrain the GITHUB_TOKEN for the build-test job (and any future jobs without their own permissions block) to read-only access to repository contents.
| @@ -1,5 +1,8 @@ | ||
| name: CSharpBible CI3 | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| push: | ||
| paths: |
| runs-on: windows-latest | ||
| defaults: | ||
| run: | ||
| working-directory: TestStatements | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup .NET 8.0 | ||
| uses: actions/setup-dotnet@v4 | ||
| with: | ||
| dotnet-version: "8.0.x" | ||
|
|
||
| - name: Remove private projects | ||
| run: | | ||
|
|
||
| - name: Restore | ||
| run: dotnet restore TestStatements.sln -p:TargetFramework=net8.0-windows | ||
|
|
||
| - name: Build | ||
| run: dotnet build TestStatements.sln --configuration Release --no-restore -p:TargetFramework=net8.0-windows | ||
| - name: Test | ||
| run: dotnet test TestStatements.sln --configuration Release --no-build --verbosity normal -p:TargetFramework=net8.0-windows |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
In general, the fix is to add an explicit permissions block that grants only the minimal required access to the GITHUB_TOKEN. For a CI workflow that only needs to check out the repository and build/test, contents: read is typically sufficient. This can be added at the root of the workflow (applies to all jobs) or under a specific job. Here, adding it at the root keeps the change simple and does not alter functionality.
Concretely, in .github/workflows/Teststatements.yml, add a permissions: section after the name: (before on:) with contents: read. No extra scopes are needed because there are no steps that write to the repo, issues, or pull requests. This change does not affect the existing build/test behavior but ensures that GITHUB_TOKEN is restricted to read‑only repository contents for this workflow.
| @@ -1,5 +1,8 @@ | ||
| name: TestStatemens CI0 | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| push: | ||
| paths: |
No description provided.