Merge remote-tracking branch 'origin/main' into screenshots

# Conflicts:
#	.github/workflows/starter.yml

Author: spbsoluble

.github/dependabot.yml

@@ -0,0 +1,8 @@
+# See GitHub's documentation for more information on this file:
+# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/assign-env-from-json.yml

@@ -14,6 +14,9 @@ on:
       update_catalog:
         description: The release_dir property from integration-manifest.json
         value: ${{ jobs.assign-from-json.outputs.update_catalog }}      
+      release_project:
+        description: The release_project property from integration-manifest.json
+        value: ${{ jobs.assign-from-json.outputs.release_project }}      
       UOFramework:
         description: The UOFramework property from integration-manifest.json
         value: ${{ jobs.assign-from-json.outputs.UOFramework }}      
@@ -28,6 +31,7 @@ jobs:
       update_catalog: ${{ steps.read-update_catalog.outputs.output-value }}
       UOFramework: ${{ steps.read-UOFramework.outputs.output-value }}
       description: ${{ steps.read-description.outputs.output-value }}
+      release_project: ${{ steps.read-release_project.outputs.output-value }}
     name: Set workflow variables from integration-manifest.json
     steps:
       - name: checkout-json-file
@@ -60,6 +64,14 @@ jobs:
           input-file: 'src/integration-manifest.json'
           input-property: 'integration_type'
 
+      - name: Read release_project property 
+        uses: ./tools
+        id: read-release_project
+        with:
+          input-file: 'src/integration-manifest.json'
+          input-property: 'release_project'
+          required-value: 'false'
+
       - name: Read update_catalog property 
         uses: ./tools
         id: read-update_catalog
@@ -93,7 +105,6 @@ jobs:
           input-property: 'about.orchestrator.keyfactor_platform_version'
 
       - name: Read release_dir property 
-        if: steps.read-type.outputs.output-value == 'orchestrator' || steps.read-type.outputs.output-value == 'ca-gateway' || steps.read-type.outputs.output-value == 'pam' || steps.read-type.outputs.output-value == 'anyca-plugin'  
         uses: ./tools
         id: read-release_dir
         with:
@@ -122,5 +133,6 @@ jobs:
             fi
           fi
           echo "* ${{ steps.read-release_dir.outputs.output-property }} : ${{ steps.read-release_dir.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY 
+          echo "* ${{ steps.read-release_project.outputs.output-property }} : ${{ steps.read-release_project.outputs.output-value }}" >> $GITHUB_STEP_SUMMARY 
 
 

.github/workflows/check-todos-license-headers.yml

@@ -0,0 +1,35 @@
+name: Check for TODOs and License headers
+
+on: workflow_call
+
+jobs:
+  grep_todo_job:
+    name: Grep TODO and License Headers
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Check for TODO statements
+        run: (find . -iname "*.cs" "*.go" -exec grep -qi "todo" {} \; -print) | tee ./todo_log.txt
+
+      - name: Save todo log
+        if: success()
+        uses: actions/upload-artifact@v4
+        with:
+          name: todologs  
+          path: ./**/todo_log.txt 
+
+      - name: Check for Apache License headers
+        run: (find . \( -path "./git*" -o -name "README.md" -o -name "AssemblyInfo.cs" \) -prune -o -type f -iname "*.cs" -iname "*.go"-exec grep -L "Apache License" {} \;) | tee ./license_log.txt
+
+      - name: Save license log
+        if: success()
+        uses: actions/upload-artifact@v4
+        with:
+          name: licenselogs  
+          path: ./**/license_log.txt  
+
+      - name: Fail if no headers
+        run: if [ -s "./license_log.txt" ]; then echo "Some files are missing the license header"; exit 1; fi

.github/workflows/dotnet-build-and-release.yml

@@ -8,11 +8,15 @@ on:
         type: string
         default: 1.0.0 # for non-released builds
       release_url:
-        description: The url to upload a publsihed release
+        description: The url to upload a published release
         required: false # leave empty for non-release build
         type: string
       release_dir:
         description: The relative directory inside the repo where the build artifacts to publish for release will be located
+        required: true 
+        type: string
+      release_project:
+        description: The relative file location for csproj
         required: false 
         type: string
       integration_type:
@@ -55,7 +59,7 @@ jobs:
 
             echo "release_dir: ${{ inputs.release_dir }}"
 
-            $creatingRelease = ("${{ inputs.release_url }}".Trim().Length -gt 0) -and ("${{ inputs.release_dir }}".Trim().Length -gt 0)
+            $creatingRelease = "${{ inputs.release_url }}".Trim().Length -gt 0
             echo "Flagged to create release: ${creatingRelease}"
             echo "CREATE_RELEASE=${creatingRelease}" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
 
@@ -74,6 +78,7 @@ jobs:
             if ($assemblyInfoFiles -ne $null)
             {
               $newVer = "${{ inputs.release_version || '1.0.0' }}".TrimStart('v').Split('-')[0]
+              echo "newver=${newVer}" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
               echo "Prepared to overwrite Assembly version to: ${newVer}"
               foreach ($assemblyInfoFile in $assemblyInfoFiles)
               {
@@ -88,37 +93,64 @@ jobs:
           $newVer = "${{ inputs.release_version || '1.0.0' }}".TrimStart('v').Split('-')[0]
           MSBuild.exe $Env:SOLUTION_PATH -p:RestorePackagesConfig=false -p:Configuration=Release -p:Version=$newVer
       
-      - name: Check for manifest
-        if: success() && env.CREATE_RELEASE == 'True' && inputs.integration_type == 'orchestrator'
+      - name: Read Target Frameworks
+        id: read_target_frameworks  
+        shell: pwsh
         run: |
-          $fileExists = Get-ChildItem -Path ${{ github.workspace }}\${{ inputs.release_dir }} -Recurse -Filter 'manifest.json' | Select-Object -First 1
-          if (-not $fileExists) { exit 1 }
+          [xml]$csproj = Get-Content "${{ inputs.release_project }}"
+          $targetFrameworks = $csproj.Project.PropertyGroup.TargetFrameworks
+          if ($null -eq $targetFrameworks) {
+            $targetFrameworks = $csproj.Project.PropertyGroup.TargetFramework
+          }
+          echo "release_platforms: $targetFrameworks"
+          echo "release_platforms=$targetFrameworks" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
 
       - name: Archive Files
         if: success() && env.CREATE_RELEASE == 'True'
+        shell: pwsh
         run: |
-           md ${{ github.workspace }}\zip\Keyfactor
-           Compress-Archive -Path `
-           ${{ github.workspace }}\${{ inputs.release_dir }}\ `
-           -DestinationPath ${{ github.workspace }}\zip\Keyfactor\$Env:REPO_NAME.zip -Force
-
-      - name: Upload Release Asset (x64)
+          $platforms = "${{ env.release_platforms }}".Split(';')
+          $outputDir = "${{ github.workspace }}\zip\Keyfactor"
+          echo "outputDir=$outputDir" | Out-File $env:GITHUB_ENV -Encoding utf8 -Append
+          if (Test-Path $outputDir) {
+           Remove-Item -Recurse -Force $outputDir
+          }
+          md $outputDir
+          foreach ($platform in $platforms) {
+            $platform = $platform.Trim()
+            $sourcePath = "${{ github.workspace }}\${{ inputs.release_dir }}\$platform\"
+            $zipPath = "$outputDir\${{ env.REPO_NAME }}_${{ inputs.release_version }}_$platform.zip"
+            Get-ChildItem -File -Path $sourcePath
+            Compress-Archive -Path $sourcePath -DestinationPath $zipPath -Force -Verbose
+          }
+          Get-ChildItem -File -Path $outputDir
+          $buildFiles = Get-ChildItem -File -Path $outputDir -Name
+          $releaseArtifacts
+          foreach ($zipFile in $buildFiles) {
+            $releaseArtifacts = $releaseArtifacts + $outputDir + "\" + $zipFile + [Environment]::NewLine
+          }
+          echo "release_artifacts: $releaseArtifacts"
+          echo "Writing in as multiline github env variable"
+          echo "release_artifacts<<EOF" >> $env:GITHUB_ENV
+          echo "$releaseArtifacts" >> $env:GITHUB_ENV
+          echo "EOF" >> $env:GITHUB_ENV
+
+      - name: Release Asset(s)
+        uses: softprops/action-gh-release@v2
         if: success() && env.CREATE_RELEASE == 'True'
-        id: upload-release-asset-x64
-        uses: keyfactor/upload-release-assets@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          upload_url: ${{ inputs.release_url }}
-          asset_path: ${{ github.workspace }}\zip\Keyfactor\${{ env.REPO_NAME}}.zip
-          asset_name: ${{ env.REPO_NAME}}_${{ inputs.release_version }}.zip
-          asset_content_type: application/zip
-
-      - name: Delete Failed Release
-        if: failure() && env.CREATE_RELEASE == 'True'
-        id: delete-failed-release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          gh release delete ${{ inputs.release_version }} --yes --cleanup-tag  
+          repository: ${{ github.repository }}
+          files: |
+              ${{ env.release_artifacts }}
+          append_body: true
+          tag_name: ${{ inputs.release_version }}
+          token: ${{ secrets.token }}
+
+      # - name: Delete Failed Release
+      #   if: failure() && env.CREATE_RELEASE == 'True'
+      #   id: delete-failed-release
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #   run: |
+      #     gh release delete ${{ inputs.release_version }} --yes --cleanup-tag  
 

.github/workflows/github-release.yml

@@ -20,7 +20,7 @@ on:
 
 jobs:
   call-check-file-action:
-    uses: keyfactor/cpr-release-checks/.github/workflows/check-files.yml@main
+    uses: keyfactor/actions/.github/workflows/check-todos-license-headers.yml@v3
 
   create-github-release-workflow:
     runs-on: ubuntu-latest

.github/workflows/semantic-release.yml

@@ -0,0 +1,40 @@
+name: Semantic Release
+
+on:
+  push:
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Download Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: ./artifacts  # Download artifacts to this directory
+
+      - name: Create package.json
+        run: |
+          echo '{"version": "1.0.0"}' > package.json
+
+      - name: Install dependencies
+        run: npm install --save-dev semantic-release @semantic-release/git @semantic-release/changelog
+
+      # - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+      #   run: npm audit signatures
+
+      # Create a new release using the rules in .releaserc.yml
+      - name: Release
+        env:
+          GH_TOKEN: ${{ secrets.V2BUILDTOKEN }}
+        run: npx semantic-release
+        #if: github.ref == 'refs/heads/main'

.github/workflows/starter.yml

@@ -118,6 +118,7 @@ jobs:
       release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }}
       release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }}
       release_dir: ${{ needs.call-assign-from-json-workflow.outputs.release_dir }}
+      release_project: ${{ needs.call-assign-from-json-workflow.outputs.release_project }}
       integration_type: ${{ needs.call-assign-from-json-workflow.outputs.integration_type }}
     secrets:
       token: ${{ secrets.token  }}

.releaserc.yml

@@ -0,0 +1,62 @@
+---
+branches:
+  - name: main
+    prerelease: false
+  - name: '.*'
+    prerelease: true
+
+
+ci: true
+tagFormat: "${version}"
+plugins:
+  - "@semantic-release/commit-analyzer"
+  - "@semantic-release/release-notes-generator"
+  - "@semantic-release/changelog"
+  - "@semantic-release/git"
+  - "@semantic-release/github"
+
+verifyConditions:
+  - "@semantic-release/changelog"
+  - '@semantic-release/git'
+  - "@semantic-release/github"
+analyzeCommits:
+  - path: "@semantic-release/commit-analyzer"
+generateNotes:
+  - path: "@semantic-release/release-notes-generator"
+    writerOpts:
+      groupBy: "type"
+      commitGroupsSort:
+        - "title" # Sort by title
+        - "feat" # Sort "feat" first
+        - "fix" # Then sort "fix"
+        - "chore" # Then sort "chore"
+        - "docs" # Then sort "docs"
+        - "refactor" # Then sort "refactor"
+      commitsSort: "header"
+      linkCompare: true
+      linkReferences: true
+    presetConfig: true
+prepare:
+  - path: "@semantic-release/changelog"
+    ifBranch: main
+  - path: "@semantic-release/git"
+    message: "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+    assets:
+      - "CHANGELOG.md"
+      - "README.md"
+      - "artifacts/*"
+      - "artifacts/**/*"
+
+publish:
+  - path: "@semantic-release/github"
+    assets:
+      - "CHANGELOG.md"
+      - "README.md"
+      - "artifacts/*"
+      - "artifacts/**/*"
+
+success:
+  - "@semantic-release/github"
+
+fail:
+  - "@semantic-release/github"

CHANGELOG.md

@@ -0,0 +1,36 @@
+## [3.3.1](https://github.com/Keyfactor/actions/compare/3.3.0...3.3.1) (2025-06-23)
+
+
+### Bug Fixes
+
+* **rename:** set workflow to .yml extension ([6daa700](https://github.com/Keyfactor/actions/commit/6daa700022d5492004ee5cffa23bddd25275fe40))
+
+# [3.3.0](https://github.com/Keyfactor/actions/compare/3.2.0...3.3.0) (2025-06-23)
+
+
+### Bug Fixes
+
+* **build:** syntax error in evaluated powershell ([04e3a8a](https://github.com/Keyfactor/actions/commit/04e3a8a93c1edb8339d7f87dff9b9a25c1392438))
+
+
+### Features
+
+* **build:** populate release_dir for any build, allowing arbitrary integration_type ([c9e7a67](https://github.com/Keyfactor/actions/commit/c9e7a67b230f902367114b56de49f784891485b9))
+* **build:** prepare 3.3.0 for release and v3 tagging ([238c248](https://github.com/Keyfactor/actions/commit/238c24810a43ed4a981592d7259131585229b80f))
+
+# 3.3.0 - tagged v3
+* allow any integration_type to generate a release build
+* update to use v3 tag throughout workflow steps
+* disable polaris scan (not configured correctly)
+
+# [3.2.0](https://github.com/Keyfactor/actions/compare/3.1.2...3.2.0) (2025-05-08)
+
+
+### Bug Fixes
+
+* **workflow:** Update semantic-release token. ([4673a86](https://github.com/Keyfactor/actions/commit/4673a86050903c689ce861df284735c515cac8ea))
+
+
+### Features
+
+* **workflow:** Add semantic release ([0af8218](https://github.com/Keyfactor/actions/commit/0af82184f0be6700a23ae444f39c74d0de449567))