skarllot · skarllot · Oct 31, 2023 · Oct 31, 2023
@@ -0,0 +1,12 @@
+{
+  "version": 1,
+  "isRoot": true,
+  "tools": {
+    "dotnet-stryker": {
+      "version": "3.11.0",
+      "commands": [
+        "dotnet-stryker"
+      ]
+    }
+  }
+}
@@ -0,0 +1,25 @@
+{
+    "stryker-config": {
+        "reporters": [
+            "json",
+            "html",
+            "markdown",
+            "dashboard"
+        ],
+        "ignore-methods": [
+            "*Exception.ctor",
+            "ConfigureAwait",
+            "Dispose",
+            "DisposeAsync",
+            "DisposeAsyncCore",
+            "SuppressFinalize"
+        ],
+        "mutate": [
+            "!**/Sample*/**/*.*"
+        ],
+        "thresholds": {
+            "break": 55
+        },
+        "ignore-mutations": []
+    }
+}
@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: ['https://www.buymeacoffee.com/skarllot'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
@@ -0,0 +1,77 @@
+name: 🐞 Bug report
+description: Something not behaving as expected?
+title: '[Bug]: '
+labels: ['bug']
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please check for an existing issue and our documentation at [README file](https://github.com/skarllot/azure-keyvault-reference#guide) before submitting a bug report.
+  - type: textarea
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Expected behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Actual behavior
+      description: What actually happens.
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Steps to reproduce
+      description: |
+        Please include minimal steps to reproduce the problem if possible. E.g.: the smallest possible code snippet; or a small project, with steps to run it.
+        Always include text as text rather than screenshots so code can easily be copied and will show up in searches.
+        Stack Overflow has a great article about [how to create a minimal, reproducible example](https://stackoverflow.com/help/minimal-reproducible-example).
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Exception(s) (if any)
+      description: Include any exception(s) and stack trace(s) you get when facing this issue.
+      placeholder:
+    validations:
+      required: false
+  - type: dropdown
+    id: package-name
+    attributes:
+      label: Package Name
+      description: Which package are you using?
+      options:
+        - Raiqub.AzureKeyVaultReference
+        - Raiqub.AzureKeyVaultReference.Configuration
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Package version
+      description: |
+        Which version of Raiqub AzureKeyVaultReference are you facing the issue with?
+    validations:
+      required: false
+  - type: input
+    attributes:
+      label: .NET Version
+      description: |
+        Run `dotnet --version` to get the .NET SDK version you're using.
+        Alternatively, which target framework(s) (e.g. `net6.0`) does the project you're using Raiqub AzureKeyVaultReference in target?
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: |
+        Links? References? Anything that will give us more context about the issue you are encountering is useful.
+
+        💡Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+    validations:
+      required: false
@@ -0,0 +1,30 @@
+name: 💡 Feature request
+description: Suggest a feature request or improvement
+title: '[Feature request]: '
+labels: ['feature suggestion']
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please check for an existing issue and our documentation at [README file](https://github.com/skarllot/azure-keyvault-reference#guide) before submitting a feature request.
+  - type: textarea
+    attributes:
+      label: Is your feature request related to a specific problem? Or an existing feature?
+      description: A clear and concise description of what the problem is. Motivating examples help us prioritize things.
+      placeholder: I am trying to do [...] but [...]
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe the solution you'd like
+      description: |
+        A clear and concise description of what you want to happen. Include any alternative solutions you've considered.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: |
+        Add any other context or screenshots about the feature request here.
+    validations:
+      required: false
@@ -0,0 +1,32 @@
+name: 🤔 Question?
+description: You have something specific to achieve and the existing documentation hasn't covered how.
+title: '[Question]: '
+labels: ['question']
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please check for an existing issue and our documentation at [README file](https://github.com/skarllot/azure-keyvault-reference#guide) before asking a question.
+        Also consider asking your question on [Github Discussions](https://github.com/skarllot/azure-keyvault-reference/discussions) instead.
+  - type: textarea
+    attributes:
+      label: What are you wanting to achieve?
+      description: A clear and concise description of what you're trying to do.
+      placeholder: I am trying to do [...] but [...]
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What code or approach do you have so far?
+      description: |
+        We ❤ code! Point us to a [minimalistic project which shows what you have so far](https://stackoverflow.com/help/mcve) hosted in a public GitHub repository.
+        Code snippets wrapped in a codefence are also acceptable.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: |
+        Add any other context or screenshots related to your question here.
+    validations:
+      required: false
@@ -0,0 +1,11 @@
+blank_issues_enabled: true
+contact_links:
+  - name: 📚 Documentation
+    url: https://github.com/skarllot/azure-keyvault-reference#guide
+    about: Read our documentation.
+  - name: ⭐ Sponsor Raiqub Expressions
+    url: https://www.buymeacoffee.com/skarllot
+    about: Help the continued development.
+  - name: 💬 Ask on Github Discussions
+    url: https://github.com/skarllot/azure-keyvault-reference/discussions
+    about: The best place for asking general purpose questions.
@@ -0,0 +1,19 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "nuget"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    ignore:
+      # Ignore the libraries which are pinned
+      - dependency-name: "Microsoft.Extensions.*"
+        update-types: ["version-update:semver-major"]
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
@@ -0,0 +1,83 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '28 20 * * 1'
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+        language: [ 'csharp' ]
+
+    steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+      with:
+        egress-policy: audit
+
+    - name: Checkout repository
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        fetch-depth: 0
+
+    - name: Setup .NET
+      uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
+      with:
+        dotnet-version: 6.0.x
+
+    - name: Setup NuGet cache
+      uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props') }}
+        restore-keys: ${{ runner.os }}-nuget-
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    - name: Build
+      run: dotnet build -c Release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+      with:
+        category: "/language:${{matrix.language}}"
@@ -0,0 +1,27 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout Repository'
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0
@@ -9,22 +9,51 @@ on:
   pull_request:
     branches: [ "main" ]
 
+env:
+  DOTNET_GENERATE_ASPNET_CERTIFICATE: false
+  DOTNET_NOLOGO: true
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+
+permissions:
+  contents: read
+
 jobs:
   build:
 
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+      with:
+        egress-policy: audit
+
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       with:
         fetch-depth: 0
+
     - name: Setup .NET
-      uses: actions/setup-dotnet@v3
+      uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
       with:
         dotnet-version: 6.0.x
+
+    - name: Setup NuGet cache
+      uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props') }}
+        restore-keys: ${{ runner.os }}-nuget-
+
     - name: Restore dependencies
       run: dotnet restore
+
     - name: Build
       run: dotnet build --no-restore
+
     - name: Test
-      run: dotnet test --no-build --verbosity normal
+      run: dotnet test --no-build --verbosity normal /p:CollectCoverage=true /p:CoverletOutputFormat=opencover
+
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}