From 56a2e0e1d179353b3c1d623dd310cf594667ae20 Mon Sep 17 00:00:00 2001 From: Rainer Sigwald Date: Thu, 4 Jun 2026 11:44:40 -0500 Subject: [PATCH 1/4] Modernize CI: update to latest .NET SDK and actions - Bump actions/checkout v2->v4 and actions/setup-dotnet v1->v5 - Install .NET 10 SDK (latest) alongside 8.0; drop EOL 6.0 - Fix stale push trigger branch master->main - Add github-actions ecosystem to dependabot Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/dependabot.yml | 4 ++++ .github/workflows/pull-request.yml | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e6605f64..8614d128 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,3 +7,7 @@ updates: directory: "/" schedule: interval: "daily" # until we settle into a cadence + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index a2a87c55..34330aa0 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -2,7 +2,7 @@ name: Build and test on: push: - branches: [ master ] + branches: [ main ] pull_request: branches: - main @@ -14,15 +14,15 @@ jobs: runs-on: windows-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 # Nerdbank.GitVersioning requires non-shallow checkout - name: Setup .NET SDK - uses: actions/setup-dotnet@v1 + uses: actions/setup-dotnet@v5 with: dotnet-version: | - 6.0.x 8.0.x + 10.0.x - name: Restore run: dotnet restore -bl:LocatorRestore.binlog - name: Build From 05d85089eab9d7921616424701de9ba9377d5c03 Mon Sep 17 00:00:00 2001 From: Rainer Sigwald Date: Thu, 4 Jun 2026 15:17:47 -0500 Subject: [PATCH 2/4] Bump actions/checkout v4 -> v6 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 34330aa0..e9b49b95 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -14,7 +14,7 @@ jobs: runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 # Nerdbank.GitVersioning requires non-shallow checkout - name: Setup .NET SDK From 25eb1cc5b8ac26a56d780e313d82f5606fb6dae9 Mon Sep 17 00:00:00 2001 From: Rainer Sigwald Date: Mon, 8 Jun 2026 09:24:45 -0500 Subject: [PATCH 3/4] Pin to SHAs --- .github/workflows/pull-request.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index e9b49b95..1091d640 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -14,11 +14,11 @@ jobs: runs-on: windows-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 # Nerdbank.GitVersioning requires non-shallow checkout - name: Setup .NET SDK - uses: actions/setup-dotnet@v5 + uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5.3.0 with: dotnet-version: | 8.0.x @@ -32,13 +32,13 @@ jobs: - name: Pack run: dotnet pack --no-build --configuration Debug -bl:LocatorPack.binlog - name: Upload Packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: package path: '**/*.*nupkg' if-no-files-found: error - name: Upload logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: ${{ always() }} with: name: logs From f043a917d22f1d2cd3529151bbdd55c643b719a9 Mon Sep 17 00:00:00 2001 From: Rainer Sigwald Date: Mon, 8 Jun 2026 15:29:40 +0000 Subject: [PATCH 4/4] Don't persist creds on checkout Finding from zizmorcore/zizmor v1.25.2 --- .github/workflows/pull-request.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 1091d640..bfa0837b 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -17,6 +17,7 @@ jobs: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 # Nerdbank.GitVersioning requires non-shallow checkout + persist-credentials: false - name: Setup .NET SDK uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5.3.0 with: