Configure SAST in .gitlab-ci.yml, creating this file if it does not already exist

.gitlab-ci.yml

@@ -1,18 +1,26 @@
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
 stages:
-  - test
-  - publish
-
+- test
+- publish
 running tests for tag:
   image: mcr.microsoft.com/dotnet/sdk:5.0
   stage: test
   script:
-    - dotnet test tests/update-tag.tests
-
+  - dotnet test tests/update-tag.tests
 publish to nuget:
   only:
-    - /^\d*.\d*.\d*$/ # gets triggered if the commit tag is in the form n.n.n where n is any number
+  - "/^\\d*.\\d*.\\d*$/"
   image: mcr.microsoft.com/dotnet/sdk:5.0
   stage: publish
   script:
-    - dotnet pack src/Cli -o ./packaged
-    - dotnet nuget push ./packaged/*.nupkg -k $NUGET_API_KEY -s https://api.nuget.org/v3/index.json
+  - dotnet pack src/Cli -o ./packaged
+  - dotnet nuget push ./packaged/*.nupkg -k $NUGET_API_KEY -s https://api.nuget.org/v3/index.json
+sast:
+  stage: test
+include:
+- template: Security/SAST.gitlab-ci.yml

src/Cli/AppRunner.cs

@@ -103,15 +103,6 @@ namespace Cli
                             new Selection("no", null)
                         )
                 );
-                var serviceName = AnsiConsole.Prompt(
-                    new TextPrompt<string>("[grey][[Optional]][/] Enter [green]service name[/]:")
-                        .AllowEmpty()
-                );
-
-                if (!string.IsNullOrWhiteSpace(serviceName))
-                {
-                    selection.Version.SetService(serviceName.Trim());
-                }
             }
 
             if (selection.Version == null)

src/Cli/Cli.csproj

@@ -9,7 +9,7 @@
         <PackageId>Novaloop.UpdateTag</PackageId>
         <title>Updates the tag of a repo to the next chosen version according the semver symantic.</title>
         <PackageTags>semver;update-tag;tag;git</PackageTags>
-        <Version>0.2.1</Version>
+        <Version>0.1.7</Version>
         <Authors>Matthias Langhard</Authors>
         <Company>Novaloop AG</Company>
         <PackageProjectUrl>https://gitlab.com/novaloop-oss/novaloop.update-tag</PackageProjectUrl>

src/Core/Models/Version.cs

@@ -57,7 +57,7 @@ namespace Application.Models
         public int Minor { get; private set; }
         public int Patch { get; private set; }
         public int? Rc { get; private set; }
-        public string Service { get; private set; }
+        public string Service { get; }
 
 
         public override string ToString()
@@ -198,10 +198,5 @@ namespace Application.Models
         {
             return Rc != null;
         }
-
-        public void SetService(string service)
-        {
-            Service = service;
-        }
     }
 }

src/Core/Queries/GetVersionInformationFromRepo.cs

@@ -1,14 +1,12 @@
 using System;
 using System.Linq;
-using System.Threading;
-using System.Threading.Tasks;
 using Application.Interfaces;
 using Application.Models;
 using MediatR;
 
 namespace Application.Queries
 {
-    public class GetVersionInformationFromRepo : IRequestHandler<GetVersionInformationFromRepo.Query, VersionInformation>
+    public class GetVersionInformationFromRepo : RequestHandler<GetVersionInformationFromRepo.Query, VersionInformation>
     {
         public class Query : IRequest<VersionInformation>
         {
@@ -29,7 +27,7 @@ namespace Application.Queries
             _gitRepoReadService = gitRepoReadService;
         }
 
-        public async Task<VersionInformation> Handle(Query request, CancellationToken cancellationToken)
+        protected override VersionInformation Handle(Query request)
         {
             var versions = _gitRepoReadService
                 .GetAllVersions(request.RepositoryPath);
@@ -44,11 +42,10 @@ namespace Application.Queries
                 .OrderByDescending(v => v.Major)
                 .ThenByDescending(v => v.Minor)
                 .ThenByDescending(v => v.Patch)
-                .ThenByDescending(v => v.Rc == null)
                 .ThenByDescending(v => v.Rc)
                 .FirstOrDefault();
 
-            return await Task.FromResult(currentVersion == null ? null : new VersionInformation(currentVersion));
+            return currentVersion == null ? null : new VersionInformation(currentVersion);
         }
     }
 }

tests/update-tag.tests/GetVersionInformationFromRepoTests.cs

@@ -1,39 +0,0 @@
-using System.Collections.Generic;
-using System.Threading;
-using Application.Interfaces;
-using Application.Models;
-using Application.Queries;
-using Moq;
-using Xunit;
-
-namespace UpdateTag.Tests
-{
-    public class GetVersionInformationFromRepoTests
-    {
-        [Fact]
-        public async void DoesReadCurrentVersionCorrectly()
-        {
-            // Arrange
-            var mockedVersionList = new List<Version>
-            {
-                new Version(0, 1, 5),
-                new Version(0, 1, 7),
-                new Version(0, 2, 0),
-                new Version(0, 2, 0, 0),
-                new Version(0, 2, 0, 1),
-                new Version(0, 2, 0, 2)
-            };
-            var gitRepoMock = new Mock<IGitRepoReadService>();
-            gitRepoMock.Setup(m => m.GetAllVersions(It.IsAny<string>()))
-                .Returns(mockedVersionList);
-            var handler = new GetVersionInformationFromRepo(gitRepoMock.Object);
-            var query = new GetVersionInformationFromRepo.Query("");
-
-            // Act
-            var versionInformation = await handler.Handle(query, CancellationToken.None);
-
-            // Assert
-            Assert.Equal("0.2.0", versionInformation.CurrentVersion.ToString());
-        }
-    }
-}

tests/update-tag.tests/update-tag.tests.csproj

@@ -9,7 +9,6 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.9.4" />
-    <PackageReference Include="Moq" Version="4.16.1" />
     <PackageReference Include="xunit" Version="2.4.1" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.3">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>