Skip to content

OSOE-917: Update vulnerable NuGet packages #8008

OSOE-917: Update vulnerable NuGet packages

OSOE-917: Update vulnerable NuGet packages #8008

name: Build and Test
# Runs for PRs opened for any branch, and pushes to the dev branch.
on:
pull_request:
push:
branches:
- dev
jobs:
build-and-test-larger-runners:
if: github.ref_name != github.event.repository.default_branch
name: Build and Test - root solution (larger runners)
uses: Lombiq/GitHub-Actions/.github/workflows/build-and-test-orchard-core.yml@dev
with:
parent-job-name: root-solution-larger-runners
machine-types: '["warp-ubuntu-2404-x64-4x"]'
timeout-minutes: 30
set-up-sql-server: 'true'
set-up-azurite: 'true'
set-up-elasticsearch: 'true'
build-create-binary-log: 'true'
dotnet-test-process-timeout: 600000
build-enable-nuget-caching: 'true'
build-enable-npm-caching: 'true'
build-and-test-standard-runners:
if: github.ref_name == github.event.repository.default_branch
name: Build and Test - root solution (standard runners)
uses: Lombiq/GitHub-Actions/.github/workflows/build-and-test-orchard-core.yml@dev
with:
# Since dev builds are not awaited by anyone, they can run on the slower free runners.
parent-job-name: root-solution-standard-runners
timeout-minutes: 50
set-up-sql-server: 'true'
set-up-azurite: 'true'
set-up-elasticsearch: 'true'
build-create-binary-log: 'true'
dotnet-test-process-timeout: 780000
build-and-test-nuget-test:
name: Build and Test - NuGetTest solution
uses: Lombiq/GitHub-Actions/.github/workflows/build-and-test-orchard-core.yml@dev
with:
parent-job-name: nuget-solution
build-directory: NuGetTest
timeout-minutes: 20
dotnet-test-process-timeout: 480000
spelling:
name: Spelling
uses: Lombiq/GitHub-Actions/.github/workflows/spelling.yml@dev
with:
additional-dictionaries: |
cspell:csharp/csharp.txt
cspell:css/dict/css.txt
cspell:fullstack/dict/fullstack.txt
cspell:html-symbol-entities/entities.txt
cspell:html/dict/html.txt
cspell:html/src/svg.txt
cspell:node/dict/node.txt
cspell:npm/dict/npm.txt
lombiq-lgha:dictionaries/Liquid.txt
lombiq-lgha:dictionaries/Lombiq.people.txt
lombiq-lgha:dictionaries/Security.txt
lombiq-lgha:dictionaries/Xml.txt
powershell-static-code-analysis:
name: PowerShell Static Code Analysis
uses: Lombiq/PowerShell-Analyzers/.github/workflows/static-code-analysis.yml@dev
with:
machine-types: "['ubuntu-24.04']"
yaml-linting:
name: YAML Linting
uses: Lombiq/GitHub-Actions/.github/workflows/yaml-lint.yml@dev
with:
config-file-path: tools/Lombiq.GitHub.Actions/.trunk/configs/.yamllint.yaml
search-path: .
post-pull-request-checks-automation:
name: Post Pull Request Checks Automation
needs: [build-and-test-larger-runners, build-and-test-nuget-test, spelling, powershell-static-code-analysis]
if: github.event.pull_request != ''
uses: Lombiq/GitHub-Actions/.github/workflows/post-pull-request-checks-automation.yml@dev
secrets:
JIRA_BASE_URL: ${{ secrets.DEFAULT_JIRA_BASE_URL }}
JIRA_USER_EMAIL: ${{ secrets.DEFAULT_JIRA_USER_EMAIL }}
JIRA_API_TOKEN: ${{ secrets.DEFAULT_JIRA_API_TOKEN }}
MERGE_TOKEN: ${{ secrets.LOMBIQBOT_GITHUB_PERSONAL_ACCESS_TOKEN }}
add-windows-build-warning-label:
name: Add Windows Build Warning Label
runs-on: ubuntu-24.04
timeout-minutes: 2
needs: [build-and-test-larger-runners, build-and-test-nuget-test, powershell-static-code-analysis]
steps:
- name: Add Windows Build Warning Label
uses: Lombiq/GitHub-Actions/.github/actions/add-remove-label@dev
with:
# The token is necessary to be able to add the label even if the workflow is triggered by a pull request
# coming from a fork.
token: ${{ secrets.LOMBIQBOT_GITHUB_PERSONAL_ACCESS_TOKEN }}
labels: requires-windows-build
type: add