Initial commit
Diff
.gitignore | 42 ++++++++++++++++++++++++++++++++++++++++++
LICENSE | 21 +++++++++++++++++++++
README.md | 47 +++++++++++++++++++++++++++++++++++++++++++++++
.github/dependabot.yml | 6 ++++++
code/Bootcamp.sln | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
code/readme.md | 0
.github/steps/1-dependency-graph.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
.github/steps/2-dependabot-alerts.md | 47 +++++++++++++++++++++++++++++++++++++++++++++++
.github/steps/3-dependabot-security.md | 20 ++++++++++++++++++++
.github/steps/4-dependabot-versions.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++
.github/steps/x-review.md | 26 ++++++++++++++++++++++++++
.github/workflows/0-start-exercise.yml | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.github/workflows/1-dependency-graph.yml | 139 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.github/workflows/2-dependabot-alerts.yml | 174 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.github/workflows/3-dependabot-security.yml | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.github/workflows/4-dependabot-versions.yml | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
code/src/Attendee/Attendee.cs | 24 ++++++++++++++++++++++++
code/src/Attendee/Attendee.csproj | 7 +++++++
code/src/AttendeeSite/Attendee.js | 3 +++
code/src/AttendeeSite/AttendeeSite.csproj | 11 +++++++++++
code/src/AttendeeSite/Program.cs | 26 ++++++++++++++++++++++++++
code/src/AttendeeSite/Startup.cs | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
code/src/AttendeeSite/WeatherForecast.cs | 15 +++++++++++++++
code/src/AttendeeSite/appsettings.Development.json | 9 +++++++++
code/src/AttendeeSite/appsettings.json | 10 ++++++++++
code/src/AttendeeSite/package-lock.json | 30 ++++++++++++++++++++++++++++++
code/src/AttendeeSite/package.json | 24 ++++++++++++++++++++++++
code/test/AttendeeTest/AttendeeExists.cs | 18 ++++++++++++++++++
code/test/AttendeeTest/AttendeeTest.csproj | 26 ++++++++++++++++++++++++++
code/src/AttendeeSite/Controllers/WeatherForecastController.cs | 39 +++++++++++++++++++++++++++++++++++++++
code/src/AttendeeSite/Properties/launchSettings.json | 31 +++++++++++++++++++++++++++++++
31 files changed, 1401 insertions(+)
@@ -1,0 +1,42 @@
# Compiled source #
###################
*.com
*.class
*.dll
*.exe
*.o
*.so
# Packages #
############
# it's better to unpack these files and commit the raw source
# git has its own built in compression methods
*.7z
*.dmg
*.gz
*.iso
*.jar
*.rar
*.tar
*.zip
# Logs and databases #
######################
*.log
*.sql
*.sqlite
# OS generated files #
######################
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db
# Sample payload files #
#####################
# These files are used for testing and should not be included in the repository
.temp/**
@@ -1,0 +1,21 @@
MIT License
Copyright (c) 2025 GitHub Skills
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
@@ -1,0 +1,47 @@
# Secure your repository's supply chain
_Secure your supply chain, understand dependencies in your environment, know about vulnerabilities in those dependencies and patch them._
## Welcome
GitHub helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies and patching them.
- **Who this is for**: Developers, DevOps Engineers, Site Reliability Engineers, Security experts
- **What you'll learn**: How to view repository dependencies, view Dependabot alerts, and enable Dependabot security and version updates
- **What you'll build**: Repository dependencies, Dependabot alerts, pull requests to fix dependencies and version updates
- **Prerequisites**: None
- **Timing**: This exercise can be completed in under an hour
In this exercise, you will explore:
1. Dependency graph
2. Dependency alerts
3. Dependency security updates
4. Dependency versions updates
### How to start this exercise
Simply copy the exercise to your account, then give your favorite Octocat (Mona) **about 20 seconds** to prepare the first lesson, then **refresh the page**.
[](https://github.com/new?template_owner=skills&template_name=secure-repository-supply-chain&owner=%40me&name=skills-secure-repository-supply-chain&description=Exercise:+Secure+your+Repository+Supply+Chain&visibility=public)
<details>
<summary>Having trouble? 🤷</summary><br/>
When copying the exercise, we recommend the following settings:
- For owner, choose your personal account or an organization to host the repository.
- We recommend creating a public repository, since private repositories will use Actions minutes.
If the exercise isn't ready in 20 seconds, please check the [Actions](../../actions) tab.
- Check to see if a job is running. Sometimes it simply takes a bit longer.
- If the page shows a failed job, please submit an issue. Nice, you found a bug! 🐛
</details>
---
© 2025 GitHub • [Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/code_of_conduct.md) • [MIT License](https://gh.io/mit)
@@ -1,0 +1,6 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
@@ -1,0 +1,71 @@
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.30114.105
MinimumVisualStudioVersion = 10.0.40219.1
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{B26D43AA-4A35-4035-9E99-48EF9A3E64DD}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Attendee", "src\Attendee\Attendee.csproj", "{2804EC63-670C-4970-85E4-2A63C9327FF8}"
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{348A52EC-7046-4D1A-88DB-55B025C2BB68}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AttendeeTest", "test\AttendeeTest\AttendeeTest.csproj", "{DED76823-F195-46D4-8509-5692E3431D53}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AttendeeSite", "src\AttendeeSite\AttendeeSite.csproj", "{024C85A1-1144-4D1A-ADCC-010845B94620}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Debug|Any CPU.Build.0 = Debug|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Debug|x64.ActiveCfg = Debug|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Debug|x64.Build.0 = Debug|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Debug|x86.ActiveCfg = Debug|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Debug|x86.Build.0 = Debug|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Release|Any CPU.ActiveCfg = Release|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Release|Any CPU.Build.0 = Release|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Release|x64.ActiveCfg = Release|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Release|x64.Build.0 = Release|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Release|x86.ActiveCfg = Release|Any CPU
{2804EC63-670C-4970-85E4-2A63C9327FF8}.Release|x86.Build.0 = Release|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Debug|Any CPU.Build.0 = Debug|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Debug|x64.ActiveCfg = Debug|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Debug|x64.Build.0 = Debug|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Debug|x86.ActiveCfg = Debug|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Debug|x86.Build.0 = Debug|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Release|Any CPU.ActiveCfg = Release|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Release|Any CPU.Build.0 = Release|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Release|x64.ActiveCfg = Release|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Release|x64.Build.0 = Release|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Release|x86.ActiveCfg = Release|Any CPU
{DED76823-F195-46D4-8509-5692E3431D53}.Release|x86.Build.0 = Release|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Debug|Any CPU.Build.0 = Debug|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Debug|x64.ActiveCfg = Debug|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Debug|x64.Build.0 = Debug|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Debug|x86.ActiveCfg = Debug|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Debug|x86.Build.0 = Debug|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Release|Any CPU.ActiveCfg = Release|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Release|Any CPU.Build.0 = Release|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Release|x64.ActiveCfg = Release|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Release|x64.Build.0 = Release|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Release|x86.ActiveCfg = Release|Any CPU
{024C85A1-1144-4D1A-ADCC-010845B94620}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(NestedProjects) = preSolution
{2804EC63-670C-4970-85E4-2A63C9327FF8} = {B26D43AA-4A35-4035-9E99-48EF9A3E64DD}
{DED76823-F195-46D4-8509-5692E3431D53} = {348A52EC-7046-4D1A-88DB-55B025C2BB68}
{024C85A1-1144-4D1A-ADCC-010845B94620} = {B26D43AA-4A35-4035-9E99-48EF9A3E64DD}
EndGlobalSection
EndGlobal
@@ -1,0 +1,51 @@
## Step 1: Review and add dependencies using dependency graph
**What's the big deal about securing your repository's supply chain?**: With the accelerated use of open source, most projects depend on hundreds of open-source dependencies. This poses a security problem: what if the dependencies you're using are vulnerable? You could be putting your users at risk of a supply chain attack. One of the most important things you can do to protect your supply chain is to patch your vulnerable dependencies and replace any malware.
GitHub offers a range of features to help you understand the dependencies in your environment, know about vulnerabilities in those dependencies, and patch them. The supply chain features on GitHub are:
- Dependency graph
- Dependency review
- Dependabot alerts
- Dependabot updates
- Dependabot security updates
- Dependabot version updates
**What is a dependency graph**: The dependency graph is a summary of the manifest and lock files stored in a repository and any dependencies that are submitted for the repository using the dependency submission API (beta). For each repository, it shows:
- Dependencies, the ecosystems and packages it depends on
- Dependents, the repositories and packages that depend on it
### :keyboard: Activity 1.1: Verify that dependency graph is enabled
**We recommend opening another browser tab to work through the following activities so you can keep these instructions open for reference.**
>[!NOTE]
> Dependency graph is enabled by default for all new public repositories.
1. Navigate to the **Settings** tab.
1. Click **Code Security**.
1. Verify **Dependency Graph** is **Enabled**
### :keyboard: Activity 1.2: Add a new dependency and view your dependency graph
1. Navigate to the **Code** tab and locate the `code/src/AttendeeSite` folder.
1. Commit the following content on the `main` branch to the `package-lock.json` file as the last item on the `dependencies` map _(after the third to last bracket `}` and before the last two brackets)_
> 🪧 **Note:** You can edit and commit the file on github.com directly or hit the `.` key to open the lightweight editor to edit and commit changes.
```json
,
"follow-redirects": {
"version": "1.14.1",
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.1.tgz",
"integrity": "sha512-HWqDgT7ZEkqRzBvc2s64vSZ/hfOceEol3ac/7tKwzuvEyWx3/4UegXh5oBOIotkGsObyk3xznnSRVADBgWSQVg=="
}
```
1. Navigate to the **Insights** tab.
1. Select **Dependency graph** from the side navigation bar.
1. Review all the dependencies on the **Dependencies** tab.
1. Search for `follow-redirects` and review the new dependency you just added.
1. With the new dependency added, Mona should already be busy checking your work. Give her a moment and keep watch in the comments. You will see her respond with progress info and the next lesson.
@@ -1,0 +1,47 @@
## Step 2: Enable and view Dependabot alerts
_Nice work! :tada: You added and viewed a dependency using Dependency graph!_
Given how many dependencies our repository uses, maintaining them needs to become an automated task. Keeping our code secure is a top priority, so the first thing we need to do is set up a way to be notified when a dependency we are using is vulnerable or malware. We can do this by enabling Dependabot alerts.
**What are Dependabot alerts?**
Dependabot alerts tell you that your code depends on a package that is insecure. These Dependabot alerts reference the [GitHub Advisory Database](https://github.com/advisories), which contains a list of known security vulnerabilities and malware, grouped in two categories: **GitHub reviewed advisories** and **unreviewed advisories**.
If your code depends on a package that has a security vulnerability, this can cause a range of problems for your project or the people who use it. You should upgrade to a secure version of the package as soon as possible. If your code uses malware, you need to replace the package with a secure alternative.
Let's try this out with our newly added `follow-redirects` dependency!
### :keyboard: Activity 2.1: View security advisories in the GitHub Advisory Database
1. Navigate to [GitHub Advisory Database](https://github.com/advisories).
1. Type or paste `follow-redirects` into the advisory search box.
1. Click on any of the advisories that were found to see more information.
1. You'll see the packages, impact, patches, workaround, and references for the advisory.
Notice the long list of advisories for our dependency! This can look scary but it's actually a good thing. It means that our dependency is actively being maintained and patches are being pushed to remove the vulnerability. If we had Dependabot alerts enabled, we could receive alerts when we need to update a dependency and act promptly to secure them.
Let's enable Dependabot alerts on our repository!
### :keyboard: Activity 2.2: Enable Dependabot alerts
1. Navigate to the **Settings** tab.
1. Display the settings for **Code Security**.
1. **Enable** Dependabot alerts.
1. **Wait about 60 seconds for Dependabot to check for alerts.**
1. Navigate to the **Security** tab.
1. Under "Vulnerability alerts" in the side bar, select **Dependabot** to view a list of the Dependabot alerts for the default branch.
Dependabot has alerted us to vulnerabilities in the dependencies that we use. We can also use Dependabot to help us address these vulnerabilities by creating pull requests to update the dependency to a safe version.
Let's see how this would work by using Dependabot to create a pull request for one of the alerts!
### :keyboard: Activity 2.3: Create a pull request based on a Dependabot alert
1. In the list of Dependabot alerts, click the "Prototype Pollution in minimist" to display more information.
1. Click the **Create Dependabot security update** button to create a pull request to update the dependency. This could take up to 2 minutes.
1. When the pull request is open, the alert page is updated to show a **Review security update** button.
1. Click the **Review security update** button to display the pull request.
- You can view the pull request and **Files changed** tab to review the update.
1. Navigate back to the **Conversation** tab and merge the pull request.
1. With the pull request merged, Mona should already be busy checking your work. Give her a moment and keep watch in the comments. You will see her respond with progress info and the next lesson.
@@ -1,0 +1,20 @@
## Step 3: Enable and trigger Dependabot security updates
_Nice work enabling, viewing, and creating Dependabot alerts :sparkles:_
Enabling Dependabot alerts on our repository was a great step toward improving our code security, but we still had to manually select an alert and then manually select the option to create the pull request. It would be nice to further improve the automation and maintenance of our dependencies! Well, with Dependabot security updates, we can do just that.
**What are Dependabot security updates?**
When this feature is enabled, Dependabot detects *and* fixes vulnerable dependencies for you by opening pull requests automatically to resolve Dependabot alerts.
We manually created a pull request to fix the "Prototype Pollution in minimist" alert, but let's enable Dependabot security updates to automate this process for future alerts!
### :keyboard: Activity 3.1: Enable and trigger Dependabot security updates
1. Navigate to the **Settings** tab and select **Code Security**.
1. Enable **Dependabot security updates**. You may need to wait 30-60 seconds before you see any new pull requests.
1. Navigate to the **Pull requests** repository tab to view the what Dependabot has found.
1. Find the new pull request that requests to patch the **axios** dependency.
1. Review and merge the pull request.
1. With the pull request merged, Mona should already be busy checking your work. Give her a moment and keep watch in the comments. You will see her respond with progress info and the next lesson.
@@ -1,0 +1,46 @@
## Step 4: Enable and trigger Dependabot version updates
_Nicely done!_ :partying_face:
You now have automated the process for Dependabot to alert you to vulnerabilities with your dependencies and to create pull requests to update them to secure versions! At this point, you only need to review the pull request and then merge it to stay on top of security problems with Dependencies.
> [!NOTE]
> Did you notice that there were several pull requests suggested by Dependabot? You only merged the one related to the **axios** dependency, but the others disappeared from the **Pull requests** panel. That's because the upgrade of the axios dependency triggered changes of other transitive dependencies, that might be either removed or updated to other versions. Whenever there is a change in your dependency graph, Dependabot will automatically review the existing pull requests and close the ones that are no longer relevant. So don't merge everything at once, let Dependabot do the job for you!
<img width="955" alt="Screenshot showing that the axios PR was merged and that the 2 others were closed" src="https://github.com/user-attachments/assets/6c97f90b-c6e2-4865-b1eb-dd7053383f07" />
The security updates feature helps automate the process to resolve alerts, but what about just keeping up-to-date with version updates? We can also automate pull request generation for updated versions of dependencies using the Dependabot version updates feature.
**What are Dependabot version updates?**: In addition to security alerts, Dependabot can also take the effort out of maintaining your dependencies. You can use it to ensure that your repository automatically keeps up with the latest releases of the packages and applications it depends on. Similar to security alerts, Dependabot will identify an outdated dependency and create a pull request to update the manifest to the latest version of the dependency.
Let's see how this works!
### :keyboard: Activity 4.1: Enable and trigger Dependabot version updates
1. Navigate to the **Settings** tab and select **Code Security**.
1. Locate **Dependabot version updates** and click **Configure** to open a new file editor with pre-poplulated contents. The file is called `dependabot.yml`.
1. Notice that the file is prepopulated to update the GitHub actions in the repository, the `github-actions` package ecosystem.
1. Edit your `dependabot.yml` configuration file to include another entry. It should look like:
```yaml
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
- package-ecosystem: "nuget"
directory: "/code/"
schedule:
interval: "weekly"
```
> 💡 **Tip:** While, you can edit and commit a file directly on github.com, you can also press the period key `.` to open a lightweight VS Code editor directly in browser.
1. Commit your changes directly to the `main` branch.
1. With the configuration file updated, Mona should already be busy checking your work. Give her a moment and keep watch in the comments. You will see her respond with progress info and the next lesson.
You have now configured Dependabot version updates to run and check for updates as follows:
- Check once a month for updates to GitHub Actions and create pull requests to update any that are out of date.
- Check once a week for updates to .NET packages and create pull requests to update any that are out of date. By default, this check runs on a Monday, to run the check on a different day, see [schedule.day](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#scheduleday).
@@ -1,0 +1,26 @@
## Review
_Congratulations, you've completed this exercise and learned a lot securing your supply chain!_
<img src="https://octodex.github.com/images/jetpacktocat.png" alt="celebrate" width=200 align=right>
Here's a recap of all the tasks you've accomplished in your repository:
- You've learned how to view and use dependency graph.
- You've learned how to enable and use Dependabot alerts.
- You've learned how to enable and use Dependabot security updates.
- You've learned how to enable and use Dependabot version updates.
### Additional learning and resources
- [Dependency graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)
- [Exploring the dependencies of a repository](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository)
- [About supply chain security](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)
- [Dependabot alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)
- [GitHub Advisory Database](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database)
### What's next?
- Learn more about securing your supply chain by reading: [Securing your supply chain](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security).
- Check out other security focused [GitHub Skills exercises](https://skills.github.com/#code-security-and-analysis).
- [Read the Get started with GitHub docs](https://docs.github.com/en/get-started).
- To find projects to contribute to, check out [GitHub Explore](https://github.com/explore).
@@ -1,0 +1,89 @@
name: Step 0
on:
push:
branches:
- main
permissions:
contents: write
actions: write
issues: write
env:
STEP_1_FILE: ".github/steps/1-dependency-graph.md"
jobs:
disable_workflows:
name: Disable workflows
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Disable all workflows
run: |
workflows=$(git ls-files .github/workflows | grep -E '\.yml$|\.yaml$')
for workflow in $workflows; do
workflow_name=$(basename "$workflow")
gh workflow disable "$workflow_name" || true
done
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
start_exercise:
if: |
!github.event.repository.is_template
name: Start Exercise
uses: skills/exercise-toolkit/.github/workflows/start-exercise.yml@v0.3.0
with:
exercise-title: "Secure your Repository's Supply Chain"
intro-message: "Let's explore how to secure your repository's supply chain, understand dependencies in your environment, and find vulnerabilities in those dependencies and patch them. 💻✨"
post_next_step_content:
name: Post next step content
runs-on: ubuntu-latest
needs: [start_exercise]
env:
ISSUE_URL: ${{ needs.start_exercise.outputs.issue-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get response templates
uses: actions/checkout@v4
with:
repository: skills/exercise-toolkit
path: exercise-toolkit
ref: v0.3.0
- name: Build comment - add step content
id: build-comment
uses: skills/action-text-variables@v2
with:
template-file: "${{ env.STEP_1_FILE }}"
template-vars: |
full_repo_name: "${{ github.repository }}"
- name: Create comment - add step content
run: |
gh issue comment "$ISSUE_URL" \
--body "$ISSUE_BODY"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE_BODY: ${{ steps.build-comment.outputs.updated-text }}
- name: Create comment - watching for progress
run: |
gh issue comment "$ISSUE_URL" \
--body-file exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Disable current workflow and enable next one
run: |
gh workflow enable "Step 1"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -1,0 +1,139 @@
name: Step 1
on:
push:
branches:
- main
paths:
- "code/src/AttendeeSite/**"
permissions:
contents: read
actions: write
issues: write
env:
STEP_2_FILE: ".github/steps/2-dependabot-alerts.md"
FOLLOW_REDIRECTS_FILE: "code/src/AttendeeSite/package-lock.json"
FOLLOW_REDIRECTS_KEYPHRASE: "1\\.14\\.1"
jobs:
find_exercise:
name: Find Exercise Issue
uses: skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml@v0.3.0
if: |
github.run_number != 1
check_step_work:
name: Check step work
runs-on: ubuntu-latest
needs: find_exercise
if: |
!github.event.repository.is_template
env:
ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get response templates
uses: actions/checkout@v4
with:
repository: skills/exercise-toolkit
path: exercise-toolkit
ref: v0.3.0
- name: Update comment - checking work
run: |
gh issue comment "$ISSUE_URL" \
--body-file exercise-toolkit/markdown-templates/step-feedback/checking-work.md \
--edit-last
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check package-lock.json
run: |
file="$FOLLOW_REDIRECTS_FILE"
keyphrase="$FOLLOW_REDIRECTS_KEYPHRASE"
if ! grep -q "$keyphrase" "$file"; then
message="The follow-redirects version $keyphrase is not present in file $file. Please try again."
gh issue comment "$ISSUE_URL" \
--body "$message" \
--edit-last
exit 1
fi
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build message - step finished
id: build-message-step-finish
uses: skills/action-text-variables@v2
with:
template-file: exercise-toolkit/markdown-templates/step-feedback/step-finished-prepare-next-step.md
template-vars: |
next_step_number: "2"
- name: Update comment - step finished
run: |
gh issue comment "$ISSUE_URL" \
--body "${{ steps.build-message-step-finish.outputs.updated-text }}" \
--edit-last
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
post_next_step_content:
name: Post next step content
needs: [find_exercise, check_step_work]
runs-on: ubuntu-latest
env:
ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get response templates
uses: actions/checkout@v4
with:
repository: skills/exercise-toolkit
path: exercise-toolkit
ref: v0.3.0
- name: Build comment - add step content
id: build-comment
uses: skills/action-text-variables@v2
with:
template-file: "${{ env.STEP_2_FILE }}"
template-vars: |
full_repo_name: "${{ github.repository }}"
- name: Create comment - add step content
run: |
gh issue comment "$ISSUE_URL" \
--body "$ISSUE_BODY"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE_BODY: ${{ steps.build-comment.outputs.updated-text }}
- name: Create comment - watching for progress
run: |
gh issue comment "$ISSUE_URL" \
--body-file exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Disable current workflow and enable next one
run: |
gh workflow disable "Step 1"
gh workflow enable "Step 2"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -1,0 +1,174 @@
name: Step 2
on:
push:
branches:
- main
paths:
- "code/src/AttendeeSite/**"
permissions:
contents: read
actions: write
issues: write
env:
STEP_3_FILE: ".github/steps/3-dependabot-security.md"
PACKAGE_JSON: "code/src/AttendeeSite/package.json"
PACKAGE_LOCK_JSON: "code/src/AttendeeSite/package-lock.json"
jobs:
find_exercise:
name: Find Exercise Issue
uses: skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml@v0.3.0
if: |
github.run_number != 1
check_step_work:
name: Check step work
runs-on: ubuntu-latest
needs: find_exercise
if: |
!github.event.repository.is_template
env:
ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get response templates
uses: actions/checkout@v4
with:
repository: skills/exercise-toolkit
path: exercise-toolkit
ref: v0.3.0
- name: Update comment - checking work
run: |
gh issue comment "$ISSUE_URL" \
--body-file exercise-toolkit/markdown-templates/step-feedback/checking-work.md \
--edit-last
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check package.json and package-lock.json for minimist version other than 1.2.5
id: check-user-work
run: |
checks='{
"package_json": {
"name": "package.json",
"passed": true,
"message": ""
},
"package_lock_json": {
"name": "package-lock.json",
"passed": true,
"message": ""
}
}'
file="$PACKAGE_JSON"
keyphrase="\"minimist\":[\ \\n\\r\\t]*\"\\^(?!1\\.2\\.[0-5])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?\""
minimum_occurrences=1
found_occurrences=$(grep -o "$keyphrase" "$file" | wc -l)
if [ "$found_occurrences" -lt "$minimum_occurrences" ]; then
checks=$(echo $checks | jq '.package_json.passed = false')
checks=$(echo $checks | jq '.package_json.message = "Please update package.json to use a valid minimist version."')
fi
file="$PACKAGE_LOCK_JSON"
keyphrase="minimist-(?!1\\.2\\.[0-5])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?"
minimum_occurrences=1
found_occurrences=$(grep -o "$keyphrase" "$file" | wc -l)
if [ "$found_occurrences" -lt "$minimum_occurrences" ]; then
checks=$(echo $checks | jq '.package_lock_json.passed = false')
checks=$(echo $checks | jq '.package_lock_json.message = "Please update package-lock.json to use a valid minimist version."')
fi
passed=$(echo $checks | jq '. | all(.passed?)')
results=$(echo $checks | jq 'to_entries | map({name: .key} + .value)')
echo "passed=$passed" >> $GITHUB_OUTPUT
echo 'results<<EOF' >> $GITHUB_OUTPUT
echo $results >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build message - step finished
id: build-message-step-finish
uses: skills/action-text-variables@v2
with:
template-file: exercise-toolkit/markdown-templates/step-feedback/step-finished-prepare-next-step.md
template-vars: |
next_step_number: "3"
- name: Update comment - step finished
run: |
gh issue comment "$ISSUE_URL" \
--body "${{ steps.build-message-step-finish.outputs.updated-text }}" \
--edit-last
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
post_next_step_content:
name: Post next step content
needs: [find_exercise, check_step_work]
runs-on: ubuntu-latest
env:
ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get response templates
uses: actions/checkout@v4
with:
repository: skills/exercise-toolkit
path: exercise-toolkit
ref: v0.3.0
- name: Build comment - add step content
id: build-comment
uses: skills/action-text-variables@v2
with:
template-file: "${{ env.STEP_3_FILE }}"
template-vars: |
full_repo_name: "${{ github.repository }}"
- name: Create comment - add step content
run: |
gh issue comment "$ISSUE_URL" \
--body "$ISSUE_BODY"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE_BODY: ${{ steps.build-comment.outputs.updated-text }}
- name: Create comment - watching for progress
run: |
gh issue comment "$ISSUE_URL" \
--body-file exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Disable current workflow and enable next one
run: |
gh workflow disable "Step 2"
gh workflow enable "Step 3"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -1,0 +1,175 @@
name: Step 3
on:
push:
branches:
- main
paths:
- "code/src/AttendeeSite/**"
permissions:
contents: read
actions: write
issues: write
env:
STEP_4_FILE: ".github/steps/4-dependabot-versions.md"
PACKAGE_JSON: "code/src/AttendeeSite/package.json"
PACKAGE_LOCK_JSON: "code/src/AttendeeSite/package-lock.json"
jobs:
find_exercise:
name: Find Exercise Issue
uses: skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml@v0.3.0
if: |
github.run_number != 1
check_step_work:
name: Check step work
runs-on: ubuntu-latest
needs: find_exercise
if: |
!github.event.repository.is_template
env:
ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get response templates
uses: actions/checkout@v4
with:
repository: skills/exercise-toolkit
path: exercise-toolkit
ref: v0.3.0
- name: Update comment - checking work
run: |
gh issue comment "$ISSUE_URL" \
--body-file exercise-toolkit/markdown-templates/step-feedback/checking-work.md \
--edit-last
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check package.json and package-lock.json for axios version other than 0.21.1
id: check-axios-version
run: |
checks='{
"package_json": {
"name": "package.json",
"passed": true,
"message": ""
},
"package_lock_json": {
"name": "package-lock.json",
"passed": true,
"message": ""
}
}'
file="$PACKAGE_JSON"
keyphrase="\"axios\":[\ \\n\\r\\t]*\"\\^(?!0\\.21\\.[01])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?\""
minimum_occurrences=1
found_occurrences=$(grep -o "$keyphrase" "$file" | wc -l)
if [ "$found_occurrences" -lt "$minimum_occurrences" ]; then
checks=$(echo $checks | jq '.package_json.passed = false')
checks=$(echo $checks | jq '.package_json.message = "Please update package.json to use a valid axios version."')
fi
file="$PACKAGE_LOCK_JSON"
keyphrase="axios-(?!0\\.21\\.[01])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?"
minimum_occurrences=1
found_occurrences=$(grep -o "$keyphrase" "$file" | wc -l)
if [ "$found_occurrences" -lt "$minimum_occurrences" ]; then
checks=$(echo $checks | jq '.package_lock_json.passed = false')
checks=$(echo $checks | jq '.package_lock_json.message = "Please update package-lock.json to use a valid axios version."')
fi
passed=$(echo $checks | jq '. | all(.passed?)')
results=$(echo $checks | jq 'to_entries | map({name: .key} + .value)')
echo "passed=$passed" >> $GITHUB_OUTPUT
echo 'results<<EOF' >> $GITHUB_OUTPUT
echo $results >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build message - step finished
id: build-message-step-finish
uses: skills/action-text-variables@v2
with:
template-file: exercise-toolkit/markdown-templates/step-feedback/step-finished-prepare-next-step.md
template-vars: |
next_step_number: "4"
- name: Update comment - step finished
run: |
gh issue comment "$ISSUE_URL" \
--body "${{ steps.build-message-step-finish.outputs.updated-text }}" \
--edit-last
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
post_next_step_content:
name: Post next step content
needs: [find_exercise, check_step_work]
runs-on: ubuntu-latest
env:
ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get response templates
uses: actions/checkout@v4
with:
repository: skills/exercise-toolkit
path: exercise-toolkit
ref: v0.3.0
- name: Build comment - add step content
id: build-comment
uses: skills/action-text-variables@v2
with:
template-file: "${{ env.STEP_4_FILE }}"
template-vars: |
full_repo_name: "${{ github.repository }}"
- name: Create comment - add step content
run: |
gh issue comment "$ISSUE_URL" \
--body "$ISSUE_BODY"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE_BODY: ${{ steps.build-comment.outputs.updated-text }}
- name: Create comment - watching for progress
run: |
gh issue comment "$ISSUE_URL" \
--body-file exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Disable current workflow and enable next one
run: |
gh workflow disable "Step 3"
gh workflow enable "Step 4"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -1,0 +1,115 @@
name: Step 4
on:
push:
branches:
- main
paths:
- ".github/dependabot.yml"
permissions:
contents: write
actions: write
issues: write
env:
REVIEW_FILE: ".github/steps/x-review.md"
DEPENDABOT_FILE: ".github/dependabot.yml"
DEPENDABOT_KEYPHRASE: "nuget"
jobs:
find_exercise:
name: Find Exercise Issue
uses: skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml@v0.3.0
if: |
github.run_number != 1
check_step_work:
name: Check step work
needs: find_exercise
runs-on: ubuntu-latest
if: |
!github.event.repository.is_template
env:
ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get response templates
uses: actions/checkout@v4
with:
repository: skills/exercise-toolkit
path: exercise-toolkit
ref: v0.3.0
- name: Check .github/dependabot.yml
run: |
file="$DEPENDABOT_FILE"
keyphrase="$DEPENDABOT_KEYPHRASE"
if ! grep -q "$keyphrase" "$file"; then
message="$keyphrase is not present in file $file. Please try again."
gh issue comment "$ISSUE_URL" \
--body "$message" \
--edit-last
exit 1
fi
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update comment - step finished - final review next
run: |
gh issue comment "$ISSUE_URL" \
--body-file exercise-toolkit/markdown-templates/step-feedback/lesson-review.md \
--edit-last
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
post_review_content:
name: Post review content
needs: [find_exercise, check_step_work]
runs-on: ubuntu-latest
if: |
!github.event.repository.is_template
env:
ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create comment - add review content
run: |
gh issue comment "$ISSUE_URL" \
--body-file ${{ env.REVIEW_FILE }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
finish_exercise:
name: Finish Exercise
needs: [find_exercise, post_review_content]
uses: skills/exercise-toolkit/.github/workflows/finish-exercise.yml@v0.3.0
with:
issue-url: ${{ needs.find_exercise.outputs.issue-url }}
disable_workflow:
name: Disable this workflow
needs: [find_exercise, post_review_content]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Disable current workflow
run: gh workflow disable "${{github.workflow}}"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -1,0 +1,24 @@
using System;
using System.IO;
using System.IO.Compression;
namespace Attendees
{
public class Attendee
{
public void WriteToDirectory(ZipArchiveEntry entry, string destDirectory)
{
string destFileName = Path.Combine(destDirectory, entry.FullName);
entry.ExtractToFile(destFileName);
}
public bool AddAttendee(string added)
{
if (added == "exists") {
return true;
}
return false;
}
}
}
@@ -1,0 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net5.0</TargetFramework>
</PropertyGroup>
</Project>
@@ -1,0 +1,3 @@
function attendeeName() {
document.getElementById("Name").innerHTML = "Enter Name.";
}
@@ -1,0 +1,11 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net5.0</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
</ItemGroup>
</Project>
@@ -1,0 +1,26 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
namespace AttendeeSite
{
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
}
@@ -1,0 +1,59 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.OpenApi.Models;
namespace AttendeeSite
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "AttendeeSite", Version = "v1" });
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "AttendeeSite v1"));
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
@@ -1,0 +1,15 @@
using System;
namespace AttendeeSite
{
public class WeatherForecast
{
public DateTime Date { get; set; }
public int TemperatureC { get; set; }
public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
public string Summary { get; set; }
}
}
@@ -1,0 +1,9 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
}
}
@@ -1,0 +1,10 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
@@ -1,0 +1,30 @@
{
"name": "app",
"version": "0.1.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"axios": {
"version": "0.21.1",
"resolved": "https://registry.npmjs.org/axios/-/axios-0.21.1.tgz",
"integrity": "sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==",
"requires": {
"follow-redirects": "^1.10.0",
"minimist": "^1.2.0"
}
},
"json5": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/json5/-/json5-2.2.0.tgz",
"integrity": "sha512-f+8cldu7X/y7RAJurMEJmdoKXGB/X550w2Nr3tTbezL6RwEE/iMcm+tZnXeoZtKuOq6ft8+CqzEkrIgx1fPoQA==",
"requires": {
"minimist": "^1.2.5"
}
},
"minimist": {
"version": "1.2.5",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz",
"integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw=="
}
}
}
@@ -1,0 +1,24 @@
{
"name": "azure_provision",
"version": "1.0.0",
"description": "provision to azure cloud",
"main": "provisionComposer.js",
"license": "MIT",
"scripts": {
"start": "node provisionComposer.js"
},
"dependencies": {
"@azure/arm-appinsights": "^2.1.0",
"@azure/arm-botservice": "^1.0.0",
"@azure/arm-resources": "^2.1.0",
"@azure/graph": "^5.0.1",
"@azure/ms-rest-nodeauth": "^3.0.3",
"@types/fs-extra": "^8.1.0",
"axios": "^0.21.1",
"chalk": "^4.0.0",
"fs-extra": "^8.1.0",
"minimist": "^1.2.5",
"ora": "^4.0.4",
"request-promise": "^4.2.5"
}
}
@@ -1,0 +1,18 @@
using System;
using Xunit;
using Xunit.Extensions;
using Attendees;
namespace AttendeeTest
{
public class AttendeeTest
{
[Fact]
public void AttendeeExistsReturnTrue()
{
Attendee attendee = new Attendee();
bool doesExist = attendee.AddAttendee("doesnotexist");
Assert.False(doesExist, "The attendee does not exist");
}
}
}
@@ -1,0 +1,26 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net5.0</TargetFramework>
<IsPackable>false</IsPackable>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.9.4" />
<PackageReference Include="xunit" Version="2.4.1" />
<PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
<PrivateAssets>all</PrivateAssets>
</PackageReference>
<PackageReference Include="coverlet.collector" Version="3.0.2">
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
<PrivateAssets>all</PrivateAssets>
</PackageReference>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\src\Attendee\Attendee.csproj" />
</ItemGroup>
</Project>
@@ -1,0 +1,39 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
namespace AttendeeSite.Controllers
{
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
{
private static readonly string[] Summaries = new[]
{
"Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
};
private readonly ILogger<WeatherForecastController> _logger;
public WeatherForecastController(ILogger<WeatherForecastController> logger)
{
_logger = logger;
}
[HttpGet]
public IEnumerable<WeatherForecast> Get()
{
var rng = new Random();
return Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)]
})
.ToArray();
}
}
}
@@ -1,0 +1,31 @@
{
"$schema": "http://json.schemastore.org/launchsettings.json",
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:25666",
"sslPort": 44370
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"launchUrl": "swagger",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"AttendeeSite": {
"commandName": "Project",
"dotnetRunMessages": "true",
"launchBrowser": true,
"launchUrl": "swagger",
"applicationUrl": "https://localhost:5001;http://localhost:5000",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}