Update VTEX.API.csproj (#374)

* Update VTEX.API.csproj

* Update VtexHealthClientTests.cs

* Update VTEX.Tests.csproj

* Update deep-source.yml

* Update deep-source.yml

* Update infisical-secrets-check.yml

* Rename deploy-docs.yml to publish-docs.yml

* Update publish-docs.yml

* Update contributors-readme.yml

* Create codacy.yml

* Update dependabot.yml

* Update settings.json

* Create VTEX-SDK-dotnet.json

* Create .gitattributes

* Delete SECURITY.md

* Update appveyor.yml

* Update appveyor.yml

---------

Co-authored-by: gstraccini[bot] <150967461+gstraccini[bot]@users.noreply.github.com>

.gitattributes

@@ -0,0 +1,63 @@
+###############################################################################
+# Set default behavior to automatically normalize line endings.
+###############################################################################
+* text=auto
+
+###############################################################################
+# Set default behavior for command prompt diff.
+#
+# This is need for earlier builds of msysgit that does not have it on by
+# default for csharp files.
+# Note: This is only used by command line
+###############################################################################
+#*.cs     diff=csharp
+
+###############################################################################
+# Set the merge driver for project and solution files
+#
+# Merging from the command prompt will add diff markers to the files if there
+# are conflicts (Merging from VS is not affected by the settings below, in VS
+# the diff markers are never inserted). Diff markers may cause the following
+# file extensions to fail to load in VS. An alternative would be to treat
+# these files as binary and thus will always conflict and require user
+# intervention with every merge. To do so, just uncomment the entries below
+###############################################################################
+#*.sln       merge=binary
+#*.csproj    merge=binary
+#*.vbproj    merge=binary
+#*.vcxproj   merge=binary
+#*.vcproj    merge=binary
+#*.dbproj    merge=binary
+#*.fsproj    merge=binary
+#*.lsproj    merge=binary
+#*.wixproj   merge=binary
+#*.modelproj merge=binary
+#*.sqlproj   merge=binary
+#*.wwaproj   merge=binary
+
+###############################################################################
+# behavior for image files
+#
+# image files are treated as binary by default.
+###############################################################################
+#*.jpg   binary
+#*.png   binary
+#*.gif   binary
+
+###############################################################################
+# diff behavior for common document formats
+#
+# Convert binary document formats to text before diffing them. This feature
+# is only available from the command line. Turn it on by uncommenting the
+# entries below.
+###############################################################################
+#*.doc   diff=astextplain
+#*.DOC   diff=astextplain
+#*.docx  diff=astextplain
+#*.DOCX  diff=astextplain
+#*.dot   diff=astextplain
+#*.DOT   diff=astextplain
+#*.pdf   diff=astextplain
+#*.PDF   diff=astextplain
+#*.rtf   diff=astextplain
+#*.RTF   diff=astextplain

.github/dependabot.yml

@@ -16,6 +16,10 @@ updates:
     - "packages"
     - ".NET"
     - "dependencies"
+  groups:
+    CrispyWaffle:
+      patterns:
+        - "CrispyWaffle*"
 
 - package-ecosystem: "github-actions"
   directory: "/"
@@ -28,4 +32,4 @@ updates:
     - "guibranco"
   labels:
     - "github-actions"
-    - "dependencies"
+    - "dependencies"

.github/workflows/codacy.yml

@@ -0,0 +1,61 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, performs a Codacy security scan
+# and integrates the results with the
+# GitHub Advanced Security code scanning feature.  For more information on
+# the Codacy security scan action usage and parameters, see
+# https://github.com/codacy/codacy-analysis-cli-action.
+# For more information on Codacy Analysis CLI in general, see
+# https://github.com/codacy/codacy-analysis-cli.
+
+name: Codacy Security Scan
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '42 17 * * 5'
+
+permissions:
+  contents: read
+
+jobs:
+  codacy-security-scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
+      - name: Run Codacy Analysis CLI
+        uses: codacy/codacy-analysis-cli-action@97bf5df3c09e75f5bcd72695998f96ebd701846e
+        with:
+          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
+          # You can also omit the token and run the tools that support default configurations
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          verbose: true
+          output: results.sarif
+          format: sarif
+          # Adjust severity of non-security issues
+          gh-code-scanning-compat: true
+          # Force 0 exit code to allow SARIF file generation
+          # This will handover control about PR rejection to the GitHub side
+          max-allowed-issues: 2147483647
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

.github/workflows/contributors-readme.yml

@@ -12,8 +12,11 @@ jobs:
     contrib-readme-job:
         runs-on: ubuntu-latest
         name: Update files
-
+        permissions:
+          contents: write
+          pull-requests: write
         steps:
+
             - name: Contribute List in README.md
               uses: akhilmhdh/[email protected]
               env:

.github/workflows/deep-source.yml

@@ -29,5 +29,5 @@ jobs:
           DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
         run: |
           dotnet build -c Debug --verbosity minimal
-          dotnet test  -c Debug --verbosity minimal --no-build --no-restore /p:CollectCoverage=true /p:CoverletOutputFormat="cobertura"
-          ./bin/deepsource report --analyzer test-coverage --key csharp --value-file ./Tests/VTEX.Tests/coverage.cobertura.xml
+          dotnet test -c Debug --verbosity minimal --no-build --no-restore /p:CollectCoverage=true /p:CoverletOutputFormat="cobertura"
+          ./bin/deepsource report --analyzer test-coverage --key csharp --value-file ./Tests/VTEX.Tests/coverage.net8.0.cobertura.xml

.github/workflows/infisical-secrets-check.yml

@@ -23,4 +23,4 @@ jobs:
           fetch-depth: 0
 
       - name: Infisical secrets check
-        uses: guibranco/[email protected].15
+        uses: guibranco/[email protected].16

.github/workflows/deploy-docs.yml → .github/workflows/publish-docs.yml

@@ -1,4 +1,4 @@
-name: Deploy Documentation
+name: Publish Documentation
 
 on:
   push:

.sonarlint/VTEX-SDK-dotnet.json

@@ -0,0 +1,4 @@
+{
+    "sonarCloudOrganization": "guibranco",
+    "projectKey": "guibranco_VTEX-SDK-dotnet"
+}

.vscode/settings.json

@@ -18,5 +18,9 @@
         "titleBar.inactiveBackground": "#e4276099",
         "titleBar.inactiveForeground": "#e7e7e799"
     },
-    "peacock.color": "#e42760"
-}
+    "peacock.color": "#e42760" 
+    "sonarlint.connectedMode.project": {
+        "connectionId": "guibranco-github",
+        "projectKey": "guibranco_VTEX-SDK-dotnet"
+    }
+}

Src/VTEX.API/VTEX.API.csproj

@@ -1,8 +1,11 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>netstandard2.0;netstandard2.1;net6.0;net8.0</TargetFrameworks>
-    <LangVersion>latest</LangVersion>
+    <ProjectGuid>{931C39A1-583E-5587-AB8D-508C7B1FC15E}</ProjectGuid>
+    <TargetFrameworks>$(DotNetVersions)</TargetFrameworks>    
+    <Description>The VTEX platform (PaaS) (e-commerce) SDK. A .NET client to consume VTEX APIs for both Core and Framework projects</Description>
+    <PackageTags>vtex paas client sdk ecommerce e-commerce platform apis</PackageTags>
+    <PackageReleaseNotes>Chore</PackageReleaseNotes>
   </PropertyGroup>
 
   <ItemGroup>

Tests/VTEX.Tests/Health/VtexHealthClientTests.cs

@@ -18,7 +18,7 @@ namespace VTEX.Tests.Health
     using System.Linq;
     using System.Threading;
     using System.Threading.Tasks;
-    using Moq;
+    using NSubstitute;
     using VTEX.Health;
     using Xunit;
 
@@ -31,9 +31,9 @@ public class VtexHealthClientTests
         /// Asynchronously validates the health status of a platform by retrieving platform statuses from a health client.
         /// </summary>
         /// <remarks>
-        /// This test method sets up a mock implementation of the <see cref="IVtexHealthClient"/> interface to simulate the retrieval of platform statuses.
+        /// This test method sets up a substitute implementation of the <see cref="IVtexHealthClient"/> interface to simulate the retrieval of platform statuses.
         /// It creates a collection of <see cref="PlatformStatus"/> objects, representing both healthy and unhealthy statuses.
-        /// The method then calls the mocked client's <see cref="IVtexHealthClient.GetPlatformStatuesAsync"/> method and verifies that the result is not null.
+        /// The method then calls the substitute's <see cref="IVtexHealthClient.GetPlatformStatuesAsync"/> method and verifies that the result is not null.
         /// It also checks that the returned list contains exactly two items, one with a healthy status and one with an unhealthy status.
         /// This ensures that the health client is functioning as expected and returning the correct platform statuses.
         /// </remarks>
@@ -58,13 +58,13 @@ public async Task ValidateHealthClient()
                 },
             };
 
-            var clientMock = new Mock<IVtexHealthClient>();
-            clientMock
-                .Setup(c => c.GetPlatformStatuesAsync(It.IsAny<CancellationToken>()))
-                .ReturnsAsync(fixtures);
+            var clientSubstitute = Substitute.For<IVtexHealthClient>();
+            clientSubstitute
+                .GetPlatformStatuesAsync(Arg.Any<CancellationToken>())
+                .Returns(fixtures);
 
-            var result = await clientMock
-                .Object.GetPlatformStatuesAsync(CancellationToken.None)
+            var result = await clientSubstitute
+                .GetPlatformStatuesAsync(CancellationToken.None)
                 .ConfigureAwait(false);
 
             Assert.NotNull(result);

Tests/VTEX.Tests/VTEX.Tests.csproj

@@ -15,6 +15,7 @@
     <PackageReference Include="JunitXml.TestLogger" Version="4.1.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+    <PackageReference Include="NSubstitute" Version="5.3.0" />
     <PackageReference Include="xunit" Version="2.9.2" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
       <PrivateAssets>all</PrivateAssets>