From 699ae9f31029ed28305871a1b76ba416962bae6c Mon Sep 17 00:00:00 2001 From: Guilherme Branco Stracini Date: Wed, 13 Nov 2024 11:24:14 +0000 Subject: [PATCH] Update VTEX.API.csproj (#374) * Update VTEX.API.csproj * Update VtexHealthClientTests.cs * Update VTEX.Tests.csproj * Update deep-source.yml * Update deep-source.yml * Update infisical-secrets-check.yml * Rename deploy-docs.yml to publish-docs.yml * Update publish-docs.yml * Update contributors-readme.yml * Create codacy.yml * Update dependabot.yml * Update settings.json * Create VTEX-SDK-dotnet.json * Create .gitattributes * Delete SECURITY.md * Update appveyor.yml * Update appveyor.yml --------- Co-authored-by: gstraccini[bot] <150967461+gstraccini[bot]@users.noreply.github.com> --- .gitattributes | 63 +++++++++++++++++++ .github/dependabot.yml | 6 +- .github/workflows/codacy.yml | 61 ++++++++++++++++++ .github/workflows/contributors-readme.yml | 5 +- .github/workflows/deep-source.yml | 4 +- .github/workflows/infisical-secrets-check.yml | 2 +- .../{deploy-docs.yml => publish-docs.yml} | 2 +- .sonarlint/VTEX-SDK-dotnet.json | 4 ++ .vscode/settings.json | 8 ++- SECURITY.md | 19 ------ Src/VTEX.API/VTEX.API.csproj | 7 ++- .../Health/VtexHealthClientTests.cs | 18 +++--- Tests/VTEX.Tests/VTEX.Tests.csproj | 1 + 13 files changed, 162 insertions(+), 38 deletions(-) create mode 100644 .gitattributes create mode 100644 .github/workflows/codacy.yml rename .github/workflows/{deploy-docs.yml => publish-docs.yml} (95%) create mode 100644 .sonarlint/VTEX-SDK-dotnet.json delete mode 100644 SECURITY.md diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..5896c1692 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,63 @@ +############################################################################### +# Set default behavior to automatically normalize line endings. +############################################################################### +* text=auto + +############################################################################### +# Set default behavior for command prompt diff. +# +# This is need for earlier builds of msysgit that does not have it on by +# default for csharp files. +# Note: This is only used by command line +############################################################################### +#*.cs diff=csharp + +############################################################################### +# Set the merge driver for project and solution files +# +# Merging from the command prompt will add diff markers to the files if there +# are conflicts (Merging from VS is not affected by the settings below, in VS +# the diff markers are never inserted). Diff markers may cause the following +# file extensions to fail to load in VS. An alternative would be to treat +# these files as binary and thus will always conflict and require user +# intervention with every merge. To do so, just uncomment the entries below +############################################################################### +#*.sln merge=binary +#*.csproj merge=binary +#*.vbproj merge=binary +#*.vcxproj merge=binary +#*.vcproj merge=binary +#*.dbproj merge=binary +#*.fsproj merge=binary +#*.lsproj merge=binary +#*.wixproj merge=binary +#*.modelproj merge=binary +#*.sqlproj merge=binary +#*.wwaproj merge=binary + +############################################################################### +# behavior for image files +# +# image files are treated as binary by default. +############################################################################### +#*.jpg binary +#*.png binary +#*.gif binary + +############################################################################### +# diff behavior for common document formats +# +# Convert binary document formats to text before diffing them. This feature +# is only available from the command line. Turn it on by uncommenting the +# entries below. +############################################################################### +#*.doc diff=astextplain +#*.DOC diff=astextplain +#*.docx diff=astextplain +#*.DOCX diff=astextplain +#*.dot diff=astextplain +#*.DOT diff=astextplain +#*.pdf diff=astextplain +#*.PDF diff=astextplain +#*.rtf diff=astextplain +#*.RTF diff=astextplain diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c4a1c9a68..a64159626 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,6 +16,10 @@ updates: - "packages" - ".NET" - "dependencies" + groups: + CrispyWaffle: + patterns: + - "CrispyWaffle*" - package-ecosystem: "github-actions" directory: "/" @@ -28,4 +32,4 @@ updates: - "guibranco" labels: - "github-actions" - - "dependencies" \ No newline at end of file + - "dependencies" diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml new file mode 100644 index 000000000..1fab408f5 --- /dev/null +++ b/.github/workflows/codacy.yml @@ -0,0 +1,61 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow checks out code, performs a Codacy security scan +# and integrates the results with the +# GitHub Advanced Security code scanning feature. For more information on +# the Codacy security scan action usage and parameters, see +# https://github.com/codacy/codacy-analysis-cli-action. +# For more information on Codacy Analysis CLI in general, see +# https://github.com/codacy/codacy-analysis-cli. + +name: Codacy Security Scan + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '42 17 * * 5' + +permissions: + contents: read + +jobs: + codacy-security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + name: Codacy Security Scan + runs-on: ubuntu-latest + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout code + uses: actions/checkout@v4 + + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis + - name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@97bf5df3c09e75f5bcd72695998f96ebd701846e + with: + # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository + # You can also omit the token and run the tools that support default configurations + project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + verbose: true + output: results.sarif + format: sarif + # Adjust severity of non-security issues + gh-code-scanning-compat: true + # Force 0 exit code to allow SARIF file generation + # This will handover control about PR rejection to the GitHub side + max-allowed-issues: 2147483647 + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif diff --git a/.github/workflows/contributors-readme.yml b/.github/workflows/contributors-readme.yml index 39af63dd3..d64f0fcfc 100644 --- a/.github/workflows/contributors-readme.yml +++ b/.github/workflows/contributors-readme.yml @@ -12,8 +12,11 @@ jobs: contrib-readme-job: runs-on: ubuntu-latest name: Update files - + permissions: + contents: write + pull-requests: write steps: + - name: Contribute List in README.md uses: akhilmhdh/contributors-readme-action@v2.3.10 env: diff --git a/.github/workflows/deep-source.yml b/.github/workflows/deep-source.yml index 7e41d5055..f9d0db855 100644 --- a/.github/workflows/deep-source.yml +++ b/.github/workflows/deep-source.yml @@ -29,5 +29,5 @@ jobs: DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }} run: | dotnet build -c Debug --verbosity minimal - dotnet test -c Debug --verbosity minimal --no-build --no-restore /p:CollectCoverage=true /p:CoverletOutputFormat="cobertura" - ./bin/deepsource report --analyzer test-coverage --key csharp --value-file ./Tests/VTEX.Tests/coverage.cobertura.xml + dotnet test -c Debug --verbosity minimal --no-build --no-restore /p:CollectCoverage=true /p:CoverletOutputFormat="cobertura" + ./bin/deepsource report --analyzer test-coverage --key csharp --value-file ./Tests/VTEX.Tests/coverage.net8.0.cobertura.xml diff --git a/.github/workflows/infisical-secrets-check.yml b/.github/workflows/infisical-secrets-check.yml index fc6d3a803..4fb5786fe 100644 --- a/.github/workflows/infisical-secrets-check.yml +++ b/.github/workflows/infisical-secrets-check.yml @@ -23,4 +23,4 @@ jobs: fetch-depth: 0 - name: Infisical secrets check - uses: guibranco/github-infisical-secrets-check-action@v1.1.15 + uses: guibranco/github-infisical-secrets-check-action@v1.1.16 diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/publish-docs.yml similarity index 95% rename from .github/workflows/deploy-docs.yml rename to .github/workflows/publish-docs.yml index e8cce3986..474cf21d9 100644 --- a/.github/workflows/deploy-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -1,4 +1,4 @@ -name: Deploy Documentation +name: Publish Documentation on: push: diff --git a/.sonarlint/VTEX-SDK-dotnet.json b/.sonarlint/VTEX-SDK-dotnet.json new file mode 100644 index 000000000..d7982bc0f --- /dev/null +++ b/.sonarlint/VTEX-SDK-dotnet.json @@ -0,0 +1,4 @@ +{ + "sonarCloudOrganization": "guibranco", + "projectKey": "guibranco_VTEX-SDK-dotnet" +} diff --git a/.vscode/settings.json b/.vscode/settings.json index a0daf86e8..446e39e91 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -18,5 +18,9 @@ "titleBar.inactiveBackground": "#e4276099", "titleBar.inactiveForeground": "#e7e7e799" }, - "peacock.color": "#e42760" -} \ No newline at end of file + "peacock.color": "#e42760" + "sonarlint.connectedMode.project": { + "connectionId": "guibranco-github", + "projectKey": "guibranco_VTEX-SDK-dotnet" + } +} diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index aa0c7577b..000000000 --- a/SECURITY.md +++ /dev/null @@ -1,19 +0,0 @@ -# Security Policy - -## Reporting Security Issues -If you believe you have found a security vulnerability in this repository, please report it to us through coordinated disclosure. - -Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests because this could lead to leaked security breaches. - -Instead, please send an email to opensource-security\[@\]straccini.com. - -Please include as much of the information listed below as you can to help us better understand and resolve the issue: - -The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting) -Full paths of source file(s) related to the manifestation of the issue -The location of the affected source code (tag/branch/commit or direct URL) -Any special configuration required to reproduce the issue -Step-by-step instructions to reproduce the issue -Proof-of-concept or exploit code (if possible) -Impact of the issue, including how an attacker might exploit the issue -This information will help us triage your report more quickly. diff --git a/Src/VTEX.API/VTEX.API.csproj b/Src/VTEX.API/VTEX.API.csproj index da529f708..3e215f165 100644 --- a/Src/VTEX.API/VTEX.API.csproj +++ b/Src/VTEX.API/VTEX.API.csproj @@ -1,8 +1,11 @@ - netstandard2.0;netstandard2.1;net6.0;net8.0 - latest + {931C39A1-583E-5587-AB8D-508C7B1FC15E} + $(DotNetVersions) + The VTEX platform (PaaS) (e-commerce) SDK. A .NET client to consume VTEX APIs for both Core and Framework projects + vtex paas client sdk ecommerce e-commerce platform apis + Chore diff --git a/Tests/VTEX.Tests/Health/VtexHealthClientTests.cs b/Tests/VTEX.Tests/Health/VtexHealthClientTests.cs index 3c21180e3..ea6fd69e9 100644 --- a/Tests/VTEX.Tests/Health/VtexHealthClientTests.cs +++ b/Tests/VTEX.Tests/Health/VtexHealthClientTests.cs @@ -18,7 +18,7 @@ namespace VTEX.Tests.Health using System.Linq; using System.Threading; using System.Threading.Tasks; - using Moq; + using NSubstitute; using VTEX.Health; using Xunit; @@ -31,9 +31,9 @@ public class VtexHealthClientTests /// Asynchronously validates the health status of a platform by retrieving platform statuses from a health client. /// /// - /// This test method sets up a mock implementation of the interface to simulate the retrieval of platform statuses. + /// This test method sets up a substitute implementation of the interface to simulate the retrieval of platform statuses. /// It creates a collection of objects, representing both healthy and unhealthy statuses. - /// The method then calls the mocked client's method and verifies that the result is not null. + /// The method then calls the substitute's method and verifies that the result is not null. /// It also checks that the returned list contains exactly two items, one with a healthy status and one with an unhealthy status. /// This ensures that the health client is functioning as expected and returning the correct platform statuses. /// @@ -58,13 +58,13 @@ public async Task ValidateHealthClient() }, }; - var clientMock = new Mock(); - clientMock - .Setup(c => c.GetPlatformStatuesAsync(It.IsAny())) - .ReturnsAsync(fixtures); + var clientSubstitute = Substitute.For(); + clientSubstitute + .GetPlatformStatuesAsync(Arg.Any()) + .Returns(fixtures); - var result = await clientMock - .Object.GetPlatformStatuesAsync(CancellationToken.None) + var result = await clientSubstitute + .GetPlatformStatuesAsync(CancellationToken.None) .ConfigureAwait(false); Assert.NotNull(result); diff --git a/Tests/VTEX.Tests/VTEX.Tests.csproj b/Tests/VTEX.Tests/VTEX.Tests.csproj index fc12587cf..315349768 100644 --- a/Tests/VTEX.Tests/VTEX.Tests.csproj +++ b/Tests/VTEX.Tests/VTEX.Tests.csproj @@ -15,6 +15,7 @@ + all