Merge master into openapi

.config/dotnet-tools.json

@@ -3,31 +3,25 @@
   "isRoot": true,
   "tools": {
     "jetbrains.resharper.globaltools": {
-      "version": "2023.1.2",
+      "version": "2023.2.1",
       "commands": [
         "jb"
       ]
     },
     "regitlint": {
-      "version": "6.3.11",
+      "version": "6.3.12",
       "commands": [
         "regitlint"
       ]
     },
-    "codecov.tool": {
-      "version": "1.13.0",
-      "commands": [
-        "codecov"
-      ]
-    },
     "dotnet-reportgenerator-globaltool": {
-      "version": "5.1.20",
+      "version": "5.1.25",
       "commands": [
         "reportgenerator"
       ]
     },
     "docfx": {
-      "version": "2.67.1",
+      "version": "2.70.4",
       "commands": [
         "docfx"
       ]

.github/dependabot.yml

@@ -0,0 +1,24 @@
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  pull-request-branch-name:
+    separator: "-"
+- package-ecosystem: nuget
+  directory: "/"
+  schedule:
+    interval: daily
+  pull-request-branch-name:
+    separator: "-"
+  open-pull-requests-limit: 25
+  ignore:
+  # Block updates to all exposed dependencies of the NuGet packages we produce, as updating them would be a breaking change.
+  - dependency-name: 'Ben.Demystifier'
+  - dependency-name: 'Humanizer*'
+  - dependency-name: 'Microsoft.CodeAnalysis*'
+  - dependency-name: 'Microsoft.EntityFrameworkCore*'
+  # Block major updates of packages that require a matching .NET version.
+  - dependency-name: 'Microsoft.AspNetCore*'
+    update-types: ["version-update:semver-major"]

.github/workflows/build.yml

@@ -0,0 +1,279 @@
+# General links
+# https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables
+# https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
+# https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads
+# https://docs.github.com/en/actions/learn-github-actions/expressions
+# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
+# https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+
+name: Build
+
+on:
+  push:
+    branches: [ 'master', 'release/**', 'openapi' ]
+  pull_request:
+    branches: [ 'master', 'release/**', 'openapi' ]
+    tags:
+    - 'v*'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+  DOTNET_CLI_TELEMETRY_OPTOUT: true
+  # The Windows runner image has PostgreSQL pre-installed and sets the PGPASSWORD environment variable to "root".
+  # This conflicts with the default password "postgres", which is used by ikalnytskyi/action-setup-postgres.
+  # Because action-setup-postgres forgets to update the environment variable accordingly, we do so here.
+  PGPASSWORD: "postgres"
+
+jobs:
+  build-and-test:
+    timeout-minutes: 60
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
+    steps:
+    - name: Setup PostgreSQL
+      uses: ikalnytskyi/action-setup-postgres@v4
+      with:
+        username: postgres
+        password: postgres
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v3
+      with:
+        dotnet-version: 6.0.x
+    - name: Setup PowerShell (Ubuntu)
+      if: matrix.os == 'ubuntu-latest'
+      run: |
+        dotnet tool install --global PowerShell
+    - name: Setup PowerShell (Windows)
+      if: matrix.os == 'windows-latest'
+      shell: cmd
+      run: |
+        curl --location --output "%RUNNER_TEMP%\PowerShell-7.3.6-win-x64.msi" https://github.com/PowerShell/PowerShell/releases/download/v7.3.6/PowerShell-7.3.6-win-x64.msi
+        msiexec.exe /package "%RUNNER_TEMP%\PowerShell-7.3.6-win-x64.msi" /quiet USE_MU=1 ENABLE_MU=1 ADD_PATH=1 DISABLE_TELEMETRY=1
+    - name: Setup PowerShell (macOS)
+      if: matrix.os == 'macos-latest'
+      run: |
+        /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+        brew install --cask powershell
+    - name: Show installed versions
+      shell: pwsh
+      run: |
+        Write-Host "$(pwsh --version) is installed at $PSHOME"
+        psql --version
+        Write-Host "Active .NET SDK: $(dotnet --version)"
+    - name: Git checkout
+      uses: actions/checkout@v4
+    - name: Restore tools
+      run: |
+        dotnet tool restore
+    - name: Restore packages
+      run: |
+        dotnet restore
+    - name: Calculate version suffix
+      shell: pwsh
+      run: |
+        if ($env:GITHUB_REF_TYPE -eq 'tag') {
+            # Get the version prefix/suffix from the git tag. For example: 'v1.0.0-preview1-final' => '1.0.0' and 'preview1-final'
+            $segments = $env:GITHUB_REF_NAME -split "-"
+            $versionPrefix = $segments[0].TrimStart('v')
+            $versionSuffix = $segments[1..-1] -join "-"
+
+            [xml]$xml = Get-Content Directory.Build.props
+            $configuredVersionPrefix = $xml.Project.PropertyGroup[0].JsonApiDotNetCoreVersionPrefix
+            if ($configuredVersionPrefix -ne $versionPrefix) {
+                Write-Error "Version prefix from git release tag '$versionPrefix' does not match version prefix '$configuredVersionPrefix' stored in Directory.Build.props."
+                # To recover from this:
+                # - Delete the GitHub release
+                # - Run: git push --delete the-invalid-tag-name
+                # - Adjust JsonApiDotNetCoreVersionPrefix in Directory.Build.props, commit and push
+                # - Recreate the GitHub release
+            }
+        }
+        else {
+            # Get the version suffix from the auto-incrementing build number. For example: '123' => 'master-00123'
+            $revision = "{0:D5}" -f [convert]::ToInt32($env:GITHUB_RUN_NUMBER, 10)
+            $branchName = ![string]::IsNullOrEmpty($env:GITHUB_HEAD_REF) ? $env:GITHUB_HEAD_REF : $env:GITHUB_REF_NAME
+            $safeName = $branchName.Replace('/', '-').Replace('_', '-')
+            $versionSuffix = "$safeName-$revision"
+        }
+        Write-Output "Using version suffix: $versionSuffix"
+        Write-Output "PACKAGE_VERSION_SUFFIX=$versionSuffix" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+    - name: Build
+      shell: pwsh
+      run: |
+        dotnet build --no-restore --configuration Release --version-suffix=$env:PACKAGE_VERSION_SUFFIX
+    - name: Test
+      run: |
+        dotnet test --no-build --configuration Release --collect:"XPlat Code Coverage" --logger "GitHubActions;summary.includeSkippedTests=true" -- RunConfiguration.CollectSourceInformation=true DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.DeterministicReport=true
+    - name: Upload coverage to codecov.io
+      if: matrix.os == 'ubuntu-latest'
+      uses: codecov/codecov-action@v3
+    - name: Generate packages
+      shell: pwsh
+      run: |
+        dotnet pack --no-build --configuration Release --output $env:GITHUB_WORKSPACE/artifacts/packages --version-suffix=$env:PACKAGE_VERSION_SUFFIX
+    - name: Upload packages to artifacts
+      if: matrix.os == 'ubuntu-latest'
+      uses: actions/upload-artifact@v3
+      with:
+        name: packages
+        path: artifacts/packages
+    - name: Generate documentation
+      shell: pwsh
+      env:
+        # This contains the git tag name on release; in that case we build the docs without publishing them.
+        DOCFX_SOURCE_BRANCH_NAME: ${{ github.base_ref || github.ref_name }}
+      run: |
+        cd docs
+        & ./generate-examples.ps1
+        dotnet docfx docfx.json
+        if ($LastExitCode -ne 0) {
+            Write-Error "docfx failed with exit code $LastExitCode."
+        }
+        Copy-Item CNAME _site/CNAME
+        Copy-Item home/*.html _site/
+        Copy-Item home/*.ico _site/
+        New-Item -Force _site/styles -ItemType Directory | Out-Null
+        Copy-Item -Recurse home/assets/* _site/styles/
+    - name: Upload documentation to artifacts
+      if: matrix.os == 'ubuntu-latest'
+      uses: actions/upload-artifact@v3
+      with:
+        name: documentation
+        path: docs/_site
+
+  inspect-code:
+    timeout-minutes: 60
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
+    steps:
+    - name: Git checkout
+      uses: actions/checkout@v4
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v3
+      with:
+        dotnet-version: 6.0.x
+    - name: Restore tools
+      run: |
+        dotnet tool restore
+    - name: InspectCode
+      shell: pwsh
+      run: |
+        $inspectCodeOutputPath = Join-Path $env:RUNNER_TEMP 'jetbrains-inspectcode-results.xml'
+        Write-Output "INSPECT_CODE_OUTPUT_PATH=$inspectCodeOutputPath" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+        dotnet jb inspectcode JsonApiDotNetCore.sln --build --output="$inspectCodeOutputPath" --profile=WarningSeverities.DotSettings --properties:Configuration=Release --properties:ContinuousIntegrationBuild=false --severity=WARNING --verbosity=WARN -dsl=GlobalAll -dsl=GlobalPerProduct -dsl=SolutionPersonal -dsl=ProjectPersonal
+    - name: Verify outcome
+      shell: pwsh
+      run: |
+        [xml]$xml = Get-Content $env:INSPECT_CODE_OUTPUT_PATH
+        if ($xml.report.Issues -and $xml.report.Issues.Project) {
+            foreach ($project in $xml.report.Issues.Project) {
+                if ($project.Issue.Count -gt 0) {
+                    $project.ForEach({
+                        Write-Output "`nProject $($project.Name)"
+                        $failed = $true
+
+                        $_.Issue.ForEach({
+                            $issueType = $xml.report.IssueTypes.SelectSingleNode("IssueType[@Id='$($_.TypeId)']")
+                            $severity = $_.Severity ?? $issueType.Severity
+
+                            Write-Output "[$severity] $($_.File):$($_.Line) $($_.TypeId): $($_.Message)"
+                        })
+                    })
+                }
+            }
+
+            if ($failed) {
+                Write-Error "One or more projects failed code inspection."
+            }
+        }
+
+  cleanup-code:
+    timeout-minutes: 60
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
+    steps:
+    - name: Git checkout
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 2
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v3
+      with:
+        dotnet-version: 6.0.x
+    - name: Restore tools
+      run: |
+        dotnet tool restore
+    - name: Restore packages
+      run: |
+        dotnet restore
+    - name: CleanupCode (on PR diff)
+      if: github.event_name == 'pull_request'
+      shell: pwsh
+      run: |
+        # Not using the environment variables for SHAs, because they may be outdated. This may happen on force-push after the build is queued, but before it starts.
+        # The below works because HEAD is detached (at the merge commit), so HEAD~1 is at the base branch. When a PR contains no commits, this job will not run.
+        $headCommitHash = git rev-parse HEAD
+        $baseCommitHash = git rev-parse HEAD~1
+
+        Write-Output "Running code cleanup on commit range $baseCommitHash..$headCommitHash in pull request."
+        dotnet regitlint -s JsonApiDotNetCore.sln --print-command --skip-tool-check --max-runs=5 --jb-profile="JADNC Full Cleanup" --jb --properties:Configuration=Release --jb --verbosity=WARN -f commits -a $headCommitHash -b $baseCommitHash --fail-on-diff --print-diff
+    - name: CleanupCode (on branch)
+      if: github.event_name == 'push'
+      shell: pwsh
+      run: |
+        Write-Output "Running code cleanup on all files."
+        dotnet regitlint -s JsonApiDotNetCore.sln --print-command --skip-tool-check --jb-profile="JADNC Full Cleanup" --jb --properties:Configuration=Release --jb --verbosity=WARN --fail-on-diff --print-diff
+
+  publish:
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+    needs: [ build-and-test, inspect-code, cleanup-code ]
+    if: ${{ !github.event.pull_request.head.repo.fork }}
+    permissions:
+      packages: write
+      contents: write
+    steps:
+    - name: Download artifacts
+      uses: actions/download-artifact@v3
+    - name: Publish to GitHub Packages
+      if: github.event_name == 'push'
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      shell: pwsh
+      run: |
+        dotnet nuget add source --username 'json-api-dotnet' --password "$env:GITHUB_TOKEN" --store-password-in-clear-text --name 'github' 'https://nuget.pkg.github.com/json-api-dotnet/index.json'
+        dotnet nuget push "$env:GITHUB_WORKSPACE/packages/*.nupkg" --api-key "$env:GITHUB_TOKEN" --source 'github'
+    - name: Publish documentation
+      if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+      uses: peaceiris/actions-gh-pages@v3
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        publish_branch: gh-pages
+        publish_dir: ./documentation
+        commit_message: 'Auto-generated documentation from'
+    - name: Publish to NuGet
+      if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+      env:
+        NUGET_ORG_API_KEY: ${{ secrets.NUGET_ORG_API_KEY }}
+      shell: pwsh
+      run: |
+        dotnet nuget push "$env:GITHUB_WORKSPACE/packages/*.nupkg" --api-key "$env:NUGET_ORG_API_KEY" --source 'nuget.org'

.github/workflows/qodana.yml

@@ -0,0 +1,33 @@
+# https://www.jetbrains.com/help/qodana/cloud-forward-reports.html#cloud-forward-reports-github-actions
+
+name: Qodana
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - master
+      - 'release/*'
+
+jobs:
+  qodana:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      checks: write
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.sha }}  # to check out the actual pull request commit, not the merge commit
+        fetch-depth: 0  # a full history is required for pull request analysis
+    - name: 'Qodana Scan'
+      uses: JetBrains/qodana-action@v2023.2
+      env:
+        QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
+    - name: Upload results to artifacts on failure
+      if: failure()
+      uses: actions/upload-artifact@v3
+      with:
+        name: qodana_results
+        path: ${{ runner.temp }}/qodana/results