release/0.2.1 (#1023)

Address CVE-2024-38229, CVE-2024-35264

Author: mocsharp

.github/.gitversion.yml

@@ -12,22 +12,29 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-next-version: 0.2.0
+workflow: GitHubFlow/v1
 assembly-versioning-scheme: MajorMinorPatchTag
+assembly-file-versioning-scheme: MajorMinorPatchTag
 mode: ContinuousDelivery
 branches:
   main:
-    tag: ''
+    label: ''
+    regex: ^main$
   release:
-    regex: ^release/(?!2022)
-    tag: rc
+    label: rc
+    regex: ^releases?[/-](?<BranchName>.+)
   develop:
-    tag: beta
+    label: beta
+    increment: Patch
+    regex: ^develop$
   feature:
-    tag: alpha.{BranchName}
+    label: alpha.{BranchName}
+    regex: ^features?[/-](?<BranchName>.+)
   pull-request:
-    tag: pr
-
+    label: pr
+    increment: Patch
+    regex: ^(pull|pull\-requests|pr)[/-]
+    
 ignore:
   sha: []
 merge-message-formats: {}

.github/workflows/build.yml

@@ -45,16 +45,18 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Install GitVersion
-        run: dotnet tool install --global GitVersion.Tool
+      - name: Setup GitVersion
+        uses: gittools/actions/gitversion/[email protected]
+        with:
+          versionSpec: '6.0.5'
 
       - name: Determine Version
         id: gitversion
-        uses: gittools/actions/gitversion/execute@v1.1.1
+        uses: gittools/actions/gitversion/execute@v3.1.11
         with:
           useConfigFile: true
           updateAssemblyInfo: true
@@ -147,16 +149,16 @@ jobs:
     env:
       SEMVER: ${{ needs.build-and-deploy.outputs.semVer }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-dotnet@v3
+      - uses: actions/setup-dotnet@v4
         with:
           dotnet-version: "8.0.x"
 
       - name: Enable NuGet cache
-        uses: actions/cache@v4.0.2
+        uses: actions/cache@v4.2.3
         with:
           path: ~/.nuget/packages
           key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -193,7 +195,7 @@ jobs:
           Get-ChildItem ~\release -Recurse
 
       - name: Upload docs
-        uses: actions/upload-artifact@v3.1.2
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: artifacts
           path: ~/release
@@ -208,11 +210,11 @@ jobs:
       MAJORMINORPATCH: ${{ needs.build-and-deploy.outputs.majorMinorPatch }}
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         id: download
 
       - name: List artifacts
@@ -241,12 +243,12 @@ jobs:
           publish_branch: docs
 
       - name: Install GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/setup@v1.1.1
+        uses: gittools/actions/gitreleasemanager/setup@v3.1.11
         with:
-          versionSpec: "0.13.x"
+          versionSpec: '0.18.x'
 
       - name: Create release with GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/create@v1.1.1
+        uses: gittools/actions/gitreleasemanager/create@v3.1.11
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           owner: ${{ steps.repo.outputs._0 }}
@@ -257,7 +259,7 @@ jobs:
             artifacts/mwm-docs-${{ env.SEMVER }}.zip
 
       - name: Publish release with GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/publish@v1.1.1
+        uses: gittools/actions/gitreleasemanager/publish@v3.1.11
         if: ${{ contains(github.ref, 'refs/heads/main') }}
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -266,10 +268,25 @@ jobs:
           tagName: ${{ env.MAJORMINORPATCH }}
 
       - name: Close release with GitReleaseManager
-        uses: gittools/actions/gitreleasemanager/close@v1.1.1
+        uses: gittools/actions/gitreleasemanager/close@v3.1.11
         if: ${{ contains(github.ref, 'refs/heads/main') }}
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           owner: ${{ steps.repo.outputs._0 }}
           repository: ${{ steps.repo.outputs._1 }}
           milestone: ${{ env.MAJORMINORPATCH }}
+
+      - name: Unzip docs
+        if: ${{ contains(github.ref, 'refs/heads/main') }}
+        run: |
+          mkdir userguide
+          unzip artifacts/mwm-docs-${{ env.SEMVER }}.zip -d userguide/
+          ls -lR userguide/
+
+      - name: Deploy Docs
+        uses: peaceiris/actions-gh-pages@v4
+        if: ${{ contains(github.ref, 'refs/heads/main') }}
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: userguide/
+          publish_branch: docs

.github/workflows/codeql.yml

@@ -37,25 +37,25 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Install Dotnet
-      uses: actions/setup-dotnet@v3
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{ env.DOTNET_VERSION }}
 
     - name: Enable NuGet cache
-      uses: actions/cache@v4.0.2
+      uses: actions/cache@v4.2.3
       with:
         path: ~/.nuget/packages
         key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
         restore-keys: |
           ${{ runner.os }}-nuget
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: csharp
 
@@ -68,4 +68,4 @@ jobs:
       working-directory: ./src
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/license-scanning.yml

@@ -26,7 +26,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
@@ -40,12 +40,12 @@ jobs:
       run: gem install license_finder
 
     - name: Install Dotnet
-      uses: actions/setup-dotnet@v3
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{ env.DOTNET_VERSION }}
 
     - name: Enable NuGet cache
-      uses: actions/cache@v4.0.2
+      uses: actions/cache@v4.2.3
       with:
         path: ~/.nuget/packages
         key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}

.github/workflows/nightly.yml

@@ -38,7 +38,7 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

.github/workflows/security.yml

@@ -26,7 +26,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -42,17 +42,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Install Dotnet
-      uses: actions/setup-dotnet@v3
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{ env.DOTNET_VERSION }}
 
     - name: Enable NuGet cache
-      uses: actions/cache@v4.0.2
+      uses: actions/cache@v4.2.3
       with:
         path: ~/.nuget/packages
         key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}

.github/workflows/test.yml

@@ -29,17 +29,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Install Dotnet
-      uses: actions/setup-dotnet@v3
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{ env.DOTNET_VERSION }}
 
     - name: Enable NuGet cache
-      uses: actions/cache@v4.0.2
+      uses: actions/cache@v4.2.3
       with:
         path: ~/.nuget/packages
         key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -62,7 +62,7 @@ jobs:
       working-directory: ./tests
 
     - name: Archive code coverage results
-      uses: actions/upload-artifact@v3.1.2
+      uses: actions/upload-artifact@v4.6.2
       with:
         name: code-coverage-reports
         path: ./tests/**/coverage.opencover.xml
@@ -100,20 +100,20 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Install Dotnet
-      uses: actions/setup-dotnet@v3
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{ env.DOTNET_VERSION }}
 
     - name: Install LivingDoc CLI
       run: dotnet tool install --global SpecFlow.Plus.LivingDoc.CLI
 
     - name: Enable NuGet cache
-      uses: actions/cache@v4.0.2
+      uses: actions/cache@v4.2.3
       with:
         path: ~/.nuget/packages
         key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -139,7 +139,7 @@ jobs:
 
     - name: Publish report
       if: always()
-      uses: actions/upload-artifact@v3.1.2
+      uses: actions/upload-artifact@v4.6.2
       with:
         name: WorkflowExecutorIntegrationTestReport
         path: ./tests/IntegrationTests/WorkflowExecutor.IntegrationTests/bin/Debug/net8.0/LivingDoc.html
@@ -177,20 +177,20 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Install Dotnet
-      uses: actions/setup-dotnet@v3
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{ env.DOTNET_VERSION }}
 
     - name: Install LivingDoc CLI
       run: dotnet tool install --global SpecFlow.Plus.LivingDoc.CLI
 
     - name: Enable NuGet cache
-      uses: actions/cache@v4.0.2
+      uses: actions/cache@v4.2.3
       with:
         path: ~/.nuget/packages
         key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -216,7 +216,7 @@ jobs:
 
     - name: Publish report
       if: always()
-      uses: actions/upload-artifact@v3.1.2
+      uses: actions/upload-artifact@v4.6.2
       with:
         name: TaskManagerIntegrationTestReport
         path: ./tests/IntegrationTests/TaskManager.IntegrationTests/bin/Debug/net8.0/LivingDoc.html
@@ -232,17 +232,17 @@ jobs:
         distribution: 'zulu' # Alternative distribution options are available.
 
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Install Dotnet
-      uses: actions/setup-dotnet@v3
+      uses: actions/setup-dotnet@v4
       with:
         dotnet-version: ${{ env.DOTNET_VERSION }}
 
     - name: Enable NuGet cache
-      uses: actions/cache@v4.0.2
+      uses: actions/cache@v4.2.3
       with:
         path: ~/.nuget/packages
         key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
@@ -269,7 +269,7 @@ jobs:
       working-directory: ./src
 
     - name: Download code coverage from unit tests
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: code-coverage-reports
 

CallbackApp.Dockerfile

@@ -11,8 +11,10 @@
 
 FROM python:3.10-alpine
 
-RUN apk update && apk upgrade
-RUN apk add libcom_err=1.47.0-r5
+RUN apk update && \
+    apk upgrade && \
+    apk add libcom_err=1.47.1-r1 && \
+    rm -rf /var/cache/apk/*
 WORKDIR /app
 COPY src/TaskManager/CallbackApp/app.py ./
 COPY src/TaskManager/CallbackApp/requirements.txt ./