Bump step-security/harden-runner from 2.14.1 to 2.14.2 #57
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Build | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'main' | |
| paths-ignore: | |
| - '.github/**' | |
| pull_request: | |
| branches: | |
| - 'main' | |
| permissions: | |
| contents: read | |
| env: | |
| DOTNET_GENERATE_ASPNET_CERTIFICATE: false | |
| DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true | |
| COVERAGE_REPORT: ${{ github.workspace}}/coveragereport | |
| jobs: | |
| build: | |
| name: Build and Test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| issues: read | |
| pull-requests: write | |
| checks: write | |
| steps: | |
| - name: 'Harden Runner' | |
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 | |
| with: | |
| egress-policy: audit | |
| - name: 'Checkout' | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 # avoid shallow clone so nbgv can do its work. | |
| persist-credentials: false | |
| - name: 'Setup .NET SDK' | |
| uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0 | |
| with: | |
| dotnet-version: | | |
| 10.0.x | |
| - name: 'Restore external dependencies' | |
| run: dotnet restore | |
| - name: 'Build' | |
| id: build | |
| run: dotnet build --configuration Debug --no-restore | |
| - name: Upload Build Artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| src/**/idunno.*.nupkg | |
| src/**/idunno.*.dll | |
| src/**/idunno.*.deps.json | |
| src/**/idunno.*.xml | |
| retention-days: 5 | |
| - name: 'Test' | |
| id: test | |
| run: dotnet test --no-build --restore --collect:"XPlat Code Coverage" --logger junit --settings .runsettings | |
| - name: Publish Test Results | |
| uses: EnricoMi/publish-unit-test-result-action@27d65e188ec43221b20d26de30f4892fad91df2f # v2.22.0 | |
| if: always() | |
| with: | |
| files: "test/**/TestResults.xml" | |
| - name: Upload Test Artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: test-results | |
| path: "test/**/TestResults.xml" | |
| retention-days: 5 |