From 6daaf84bb339a571defa58852159d40c88d94f1c Mon Sep 17 00:00:00 2001 From: Zachary Conger Date: Thu, 17 Jun 2021 06:40:39 -0600 Subject: [PATCH 01/18] update everything to emphasize stackhawk not hawkscan --- .../properties/stackhawk.properties.json | 24 ++++++++ code-scanning/stackhawk.yml | 57 +++++++++++++++++++ icons/stackhawk.svg | 17 ++++++ 3 files changed, 98 insertions(+) create mode 100644 code-scanning/properties/stackhawk.properties.json create mode 100644 code-scanning/stackhawk.yml create mode 100644 icons/stackhawk.svg diff --git a/code-scanning/properties/stackhawk.properties.json b/code-scanning/properties/stackhawk.properties.json new file mode 100644 index 0000000..de29b7a --- /dev/null +++ b/code-scanning/properties/stackhawk.properties.json @@ -0,0 +1,24 @@ +{ + "name": "StackHawk", + "creator": "StackHawk", + "description": "Integrate dynamic application security testing (DAST) into your CI pipeline with StackHawk", + "iconName": "stackhawk", + "categories": [ + "Code Scanning", + "C", + "C#", + "C++", + "Go", + "Java", + "JavaScript", + "Kotlin", + "Objective C", + "PHP", + "Python", + "Ruby", + "Rust", + "Scala", + "Swift", + "TypeScript" + ] +} diff --git a/code-scanning/stackhawk.yml b/code-scanning/stackhawk.yml new file mode 100644 index 0000000..e445bb4 --- /dev/null +++ b/code-scanning/stackhawk.yml @@ -0,0 +1,57 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# 🦅 STACKHAWK https://stackhawk.com + +# The StackHawk HawkScan action makes it easy to integrate dynamic application security testing (DAST) into your +# CI pipeline. See the Getting Started guide (https://docs.stackhawk.com/hawkscan/) to get up and running with +# StackHawk quickly. + +# To use this workflow, you must: +# +# 1. Create an API Key and Application: Sign up for a free StackHawk account to obtain an API Key and +# create your first app and configuration file at https://app.stackhawk.com. +# +# 2. Save your API Key as a Secret: Save your API key as a GitHub Secret named HAWK_API_KEY. +# +# 3. Add your Config File: Add your stackhawk.yml configuration file to the base of your repository directory. +# +# 4. Set the Scan Failure Threshold: Add the hawk.failureThreshold configuration option +# (https://docs.stackhawk.com/hawkscan/configuration/#hawk) to your stackhawk.yml configuration file. If your scan +# produces alerts that meet or exceed the hawk.failureThreshold alert level, the scan will return exit code 42 +# and trigger a Code Scanning alert with a link to your scan results. +# +# 5. Update the "Start your service" Step: Update the "Start your service" step in the StackHawk workflow below to +# start your service so that it can be scanned with the "Run HawkScan" step. + + +name: "StackHawk" + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + stackhawk: + name: StackHawk + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Start your service + run: ./your-service.sh & # ✏️ Update this to run your own service to be scanned + + - name: Run HawkScan + uses: stackhawk/hawkscan-action@v1.3.0 + continue-on-error: true # ✏️ Set to false to break your build on scan errors + with: + apiKey: ${{ secrets.HAWK_API_KEY }} + codeScanningAlerts: true + githubToken: ${{ github.token }} diff --git a/icons/stackhawk.svg b/icons/stackhawk.svg new file mode 100644 index 0000000..6b47520 --- /dev/null +++ b/icons/stackhawk.svg @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + From 3bb230a79aefd3eefa6b71545b43d0eef1b89b93 Mon Sep 17 00:00:00 2001 From: Ninad Kavimandan Date: Thu, 24 Jun 2021 10:51:42 +0530 Subject: [PATCH 02/18] added templates for gulp + grunt + webpack --- ci/grunt.yml | 27 ++++++++++++++++++++++++++ ci/gulp.yml | 27 ++++++++++++++++++++++++++ ci/properties/grunt.properties.json | 6 ++++++ ci/properties/gulp.properties.json | 6 ++++++ ci/properties/webpack.properties.json | 6 ++++++ ci/webpack.yml | 28 +++++++++++++++++++++++++++ 6 files changed, 100 insertions(+) create mode 100644 ci/grunt.yml create mode 100644 ci/gulp.yml create mode 100644 ci/properties/grunt.properties.json create mode 100644 ci/properties/gulp.properties.json create mode 100644 ci/properties/webpack.properties.json create mode 100644 ci/webpack.yml diff --git a/ci/grunt.yml b/ci/grunt.yml new file mode 100644 index 0000000..83464d1 --- /dev/null +++ b/ci/grunt.yml @@ -0,0 +1,27 @@ +name: Grunt CI + +on: + push: + branches: [ $default-branch ] + pull_request: + branches: [ $default-branch ] + +jobs: + build: + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [12.x, 14.x, 16.x] + + steps: + - uses: actions/checkout@v2 + + - uses: actions/setup-node@v1 + with: + node-version: {{{ matrix.node-version }}} + + - name: npm install, build + run: | + npm install + grunt diff --git a/ci/gulp.yml b/ci/gulp.yml new file mode 100644 index 0000000..708f9b3 --- /dev/null +++ b/ci/gulp.yml @@ -0,0 +1,27 @@ +name: Gulp CI + +on: + push: + branches: [ $default-branch ] + pull_request: + branches: [ $default-branch ] + +jobs: + build: + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [12.x, 14.x, 16.x] + + steps: + - uses: actions/checkout@v2 + + - uses: actions/setup-node@v1 + with: + node-version: {{{ matrix.node-version }}} + + - name: npm install, build + run: | + npm install + gulp diff --git a/ci/properties/grunt.properties.json b/ci/properties/grunt.properties.json new file mode 100644 index 0000000..b721ee4 --- /dev/null +++ b/ci/properties/grunt.properties.json @@ -0,0 +1,6 @@ +{ + "name": "Grunt", + "description": "Build a Grunt project with npm.", + "iconName": "nodejs", + "categories": ["JavaScript", "npm", "Grunt"] +} diff --git a/ci/properties/gulp.properties.json b/ci/properties/gulp.properties.json new file mode 100644 index 0000000..9e5b02e --- /dev/null +++ b/ci/properties/gulp.properties.json @@ -0,0 +1,6 @@ +{ + "name": "Gulp", + "description": "Build a Gulp project with npm.", + "iconName": "nodejs", + "categories": ["JavaScript", "npm", "Gulp"] +} diff --git a/ci/properties/webpack.properties.json b/ci/properties/webpack.properties.json new file mode 100644 index 0000000..4efd0b2 --- /dev/null +++ b/ci/properties/webpack.properties.json @@ -0,0 +1,6 @@ +{ + "name": "Webpack", + "description": "Build a Webpack project with npm.", + "iconName": "nodejs", + "categories": ["JavaScript", "npm", "Webpack"] +} diff --git a/ci/webpack.yml b/ci/webpack.yml new file mode 100644 index 0000000..d79e907 --- /dev/null +++ b/ci/webpack.yml @@ -0,0 +1,28 @@ +name: Webpack CI + +on: + push: + branches: [ $default-branch ] + pull_request: + branches: [ $default-branch ] + +jobs: + build: + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [12.x, 14.x, 16.x] + + steps: + - uses: actions/checkout@v2 + + - uses: actions/setup-node@v1 + with: + node-version: {{{ matrix.node-version }}} + + - name: npm install, build + run: | + npm install -g webpack webpack-cli --save-dev + npm install + npx webpack From edd7400d76d8ff347b62a0c662070b5256564be1 Mon Sep 17 00:00:00 2001 From: Ninad Kavimandan Date: Thu, 24 Jun 2021 11:00:38 +0530 Subject: [PATCH 03/18] removed CI from the name --- ci/grunt.yml | 9 +++++---- ci/gulp.yml | 9 +++++---- ci/webpack.yml | 9 +++++---- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/ci/grunt.yml b/ci/grunt.yml index 83464d1..767e8fa 100644 --- a/ci/grunt.yml +++ b/ci/grunt.yml @@ -1,4 +1,4 @@ -name: Grunt CI +name: Grunt on: push: @@ -17,11 +17,12 @@ jobs: steps: - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 with: - node-version: {{{ matrix.node-version }}} + node-version: ${{ matrix.node-version }} - - name: npm install, build + - name: Build run: | npm install grunt diff --git a/ci/gulp.yml b/ci/gulp.yml index 708f9b3..962d15f 100644 --- a/ci/gulp.yml +++ b/ci/gulp.yml @@ -1,4 +1,4 @@ -name: Gulp CI +name: Gulp on: push: @@ -17,11 +17,12 @@ jobs: steps: - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 with: - node-version: {{{ matrix.node-version }}} + node-version: ${{ matrix.node-version }} - - name: npm install, build + - name: Build run: | npm install gulp diff --git a/ci/webpack.yml b/ci/webpack.yml index d79e907..eb85baf 100644 --- a/ci/webpack.yml +++ b/ci/webpack.yml @@ -1,4 +1,4 @@ -name: Webpack CI +name: Webpack on: push: @@ -17,11 +17,12 @@ jobs: steps: - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 with: - node-version: {{{ matrix.node-version }}} + node-version: ${{ matrix.node-version }} - - name: npm install, build + - name: Build run: | npm install -g webpack webpack-cli --save-dev npm install From 808fc345148c564ae892021e80c9484bfb7da32c Mon Sep 17 00:00:00 2001 From: Yong Yan Date: Thu, 24 Jun 2021 15:54:15 -0700 Subject: [PATCH 04/18] Add flawfinder workflow --- code-scanning/flawfinder.yml | 38 +++++++++++++++++++ .../properties/flawfinder.properties.json | 7 ++++ 2 files changed, 45 insertions(+) create mode 100644 code-scanning/flawfinder.yml create mode 100644 code-scanning/properties/flawfinder.properties.json diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml new file mode 100644 index 0000000..b057020 --- /dev/null +++ b/code-scanning/flawfinder.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: flawfinder + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + flawfinder: + name: Flawfinder + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run Flawfinder + uses: david-a-wheeler/flawfinder@v1.0 + with: + arguments: '--sarif ./' + output: 'flawfinder_results.sarif' + + - name: Upload analysis results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: flawfinder_results.sarif \ No newline at end of file diff --git a/code-scanning/properties/flawfinder.properties.json b/code-scanning/properties/flawfinder.properties.json new file mode 100644 index 0000000..f784d03 --- /dev/null +++ b/code-scanning/properties/flawfinder.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Flawfinder", + "creator": "David A. Wheeler", + "description": "Flawfinder is a simple program that scans C/C++ source code and reports potential security flaws.", + "iconName": "flawfinder", + "categories": [ "Code Scanning", "C", "C++" ] +} \ No newline at end of file From 09bec32a030252712d21206d6db4c8cd244cbf25 Mon Sep 17 00:00:00 2001 From: Zachary Conger Date: Mon, 28 Jun 2021 16:05:58 -0600 Subject: [PATCH 05/18] update hawkscan-action reference to commit hash --- code-scanning/stackhawk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/stackhawk.yml b/code-scanning/stackhawk.yml index e445bb4..9701b1f 100644 --- a/code-scanning/stackhawk.yml +++ b/code-scanning/stackhawk.yml @@ -49,7 +49,7 @@ jobs: run: ./your-service.sh & # ✏️ Update this to run your own service to be scanned - name: Run HawkScan - uses: stackhawk/hawkscan-action@v1.3.0 + uses: stackhawk/hawkscan-action@4c3258cd62248dac6d9fe91dd8d45928c697dee0 continue-on-error: true # ✏️ Set to false to break your build on scan errors with: apiKey: ${{ secrets.HAWK_API_KEY }} From a72fa8fd8b1f0e4b9ea81194dfdc39d50c53613c Mon Sep 17 00:00:00 2001 From: Yong Yan Date: Wed, 30 Jun 2021 14:18:24 -0700 Subject: [PATCH 06/18] Add icon file --- code-scanning/flawfinder.yml | 2 +- icons/flawfinder.svg | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 icons/flawfinder.svg diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml index b057020..17fcae1 100644 --- a/code-scanning/flawfinder.yml +++ b/code-scanning/flawfinder.yml @@ -35,4 +35,4 @@ jobs: - name: Upload analysis results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: - sarif_file: flawfinder_results.sarif \ No newline at end of file + sarif_file: ${{github.workspace}}/flawfinder_results.sarif \ No newline at end of file diff --git a/icons/flawfinder.svg b/icons/flawfinder.svg new file mode 100644 index 0000000..2324dca --- /dev/null +++ b/icons/flawfinder.svg @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + + From 55ff908b82fea8b82e0e5c4c8cd2f7f1c683c8dd Mon Sep 17 00:00:00 2001 From: Yong Yan Date: Mon, 19 Jul 2021 10:02:01 -0700 Subject: [PATCH 07/18] Update published action name and version --- code-scanning/flawfinder.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml index 17fcae1..9479847 100644 --- a/code-scanning/flawfinder.yml +++ b/code-scanning/flawfinder.yml @@ -26,8 +26,8 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - - name: Run Flawfinder - uses: david-a-wheeler/flawfinder@v1.0 + - name: flawfinder_scan + uses: david-a-wheeler/flawfinder@2.0.19-alpha1 with: arguments: '--sarif ./' output: 'flawfinder_results.sarif' From 5175c338194a0e9a233f37ccdef824a8b5e5732c Mon Sep 17 00:00:00 2001 From: Ninad Kavimandan Date: Tue, 20 Jul 2021 10:19:59 +0530 Subject: [PATCH 08/18] updated icons for gulp + grunt + webpack ci --- ci/properties/grunt.properties.json | 2 +- ci/properties/gulp.properties.json | 2 +- ci/properties/webpack.properties.json | 2 +- ci/webpack.yml | 1 - 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/ci/properties/grunt.properties.json b/ci/properties/grunt.properties.json index b721ee4..bbda07f 100644 --- a/ci/properties/grunt.properties.json +++ b/ci/properties/grunt.properties.json @@ -1,6 +1,6 @@ { "name": "Grunt", "description": "Build a Grunt project with npm.", - "iconName": "nodejs", + "iconName": "grunt", "categories": ["JavaScript", "npm", "Grunt"] } diff --git a/ci/properties/gulp.properties.json b/ci/properties/gulp.properties.json index 9e5b02e..58304fe 100644 --- a/ci/properties/gulp.properties.json +++ b/ci/properties/gulp.properties.json @@ -1,6 +1,6 @@ { "name": "Gulp", "description": "Build a Gulp project with npm.", - "iconName": "nodejs", + "iconName": "gulp", "categories": ["JavaScript", "npm", "Gulp"] } diff --git a/ci/properties/webpack.properties.json b/ci/properties/webpack.properties.json index 4efd0b2..240393b 100644 --- a/ci/properties/webpack.properties.json +++ b/ci/properties/webpack.properties.json @@ -1,6 +1,6 @@ { "name": "Webpack", "description": "Build a Webpack project with npm.", - "iconName": "nodejs", + "iconName": "webpack", "categories": ["JavaScript", "npm", "Webpack"] } diff --git a/ci/webpack.yml b/ci/webpack.yml index eb85baf..5839a82 100644 --- a/ci/webpack.yml +++ b/ci/webpack.yml @@ -24,6 +24,5 @@ jobs: - name: Build run: | - npm install -g webpack webpack-cli --save-dev npm install npx webpack From e12559a4f839a7109e282761ed5421f8afbb9a38 Mon Sep 17 00:00:00 2001 From: Ninad Kavimandan Date: Tue, 20 Jul 2021 10:43:58 +0530 Subject: [PATCH 09/18] updated descriptions and workflow names --- ci/grunt.yml | 2 +- ci/gulp.yml | 2 +- ci/properties/grunt.properties.json | 2 +- ci/properties/gulp.properties.json | 2 +- ci/properties/webpack.properties.json | 2 +- ci/webpack.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ci/grunt.yml b/ci/grunt.yml index 767e8fa..8c83cb6 100644 --- a/ci/grunt.yml +++ b/ci/grunt.yml @@ -1,4 +1,4 @@ -name: Grunt +name: NodeJS with Grunt on: push: diff --git a/ci/gulp.yml b/ci/gulp.yml index 962d15f..cc5da13 100644 --- a/ci/gulp.yml +++ b/ci/gulp.yml @@ -1,4 +1,4 @@ -name: Gulp +name: NodeJS with Gulp on: push: diff --git a/ci/properties/grunt.properties.json b/ci/properties/grunt.properties.json index bbda07f..aac35f1 100644 --- a/ci/properties/grunt.properties.json +++ b/ci/properties/grunt.properties.json @@ -1,6 +1,6 @@ { "name": "Grunt", - "description": "Build a Grunt project with npm.", + "description": "Build a NodeJS project with npm and grunt.", "iconName": "grunt", "categories": ["JavaScript", "npm", "Grunt"] } diff --git a/ci/properties/gulp.properties.json b/ci/properties/gulp.properties.json index 58304fe..5eeabb7 100644 --- a/ci/properties/gulp.properties.json +++ b/ci/properties/gulp.properties.json @@ -1,6 +1,6 @@ { "name": "Gulp", - "description": "Build a Gulp project with npm.", + "description": "Build a NodeJS project with npm and gulp.", "iconName": "gulp", "categories": ["JavaScript", "npm", "Gulp"] } diff --git a/ci/properties/webpack.properties.json b/ci/properties/webpack.properties.json index 240393b..3f4e4aa 100644 --- a/ci/properties/webpack.properties.json +++ b/ci/properties/webpack.properties.json @@ -1,6 +1,6 @@ { "name": "Webpack", - "description": "Build a Webpack project with npm.", + "description": "Build a NodeJS project with npm and webpack.", "iconName": "webpack", "categories": ["JavaScript", "npm", "Webpack"] } diff --git a/ci/webpack.yml b/ci/webpack.yml index 5839a82..8edb34f 100644 --- a/ci/webpack.yml +++ b/ci/webpack.yml @@ -1,4 +1,4 @@ -name: Webpack +name: NodeJS with Webpack on: push: From 3e7eb56f2798bbcf2641285055071fa5db322f99 Mon Sep 17 00:00:00 2001 From: Ninad Kavimandan Date: Tue, 20 Jul 2021 13:30:46 +0530 Subject: [PATCH 10/18] added `TypeScript` for gulp + grunt + webpack --- ci/properties/grunt.properties.json | 2 +- ci/properties/gulp.properties.json | 2 +- ci/properties/webpack.properties.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ci/properties/grunt.properties.json b/ci/properties/grunt.properties.json index aac35f1..c8a5b9f 100644 --- a/ci/properties/grunt.properties.json +++ b/ci/properties/grunt.properties.json @@ -2,5 +2,5 @@ "name": "Grunt", "description": "Build a NodeJS project with npm and grunt.", "iconName": "grunt", - "categories": ["JavaScript", "npm", "Grunt"] + "categories": ["JavaScript", "TypeScript", "npm", "Grunt"] } diff --git a/ci/properties/gulp.properties.json b/ci/properties/gulp.properties.json index 5eeabb7..658325b 100644 --- a/ci/properties/gulp.properties.json +++ b/ci/properties/gulp.properties.json @@ -2,5 +2,5 @@ "name": "Gulp", "description": "Build a NodeJS project with npm and gulp.", "iconName": "gulp", - "categories": ["JavaScript", "npm", "Gulp"] + "categories": ["JavaScript", "TypeScript", "npm", "Gulp"] } diff --git a/ci/properties/webpack.properties.json b/ci/properties/webpack.properties.json index 3f4e4aa..1e22ccb 100644 --- a/ci/properties/webpack.properties.json +++ b/ci/properties/webpack.properties.json @@ -2,5 +2,5 @@ "name": "Webpack", "description": "Build a NodeJS project with npm and webpack.", "iconName": "webpack", - "categories": ["JavaScript", "npm", "Webpack"] + "categories": ["JavaScript", "TypeScript", "npm", "Webpack"] } From 8ba0ca0797f1852b9f689a07c015c19bc723c980 Mon Sep 17 00:00:00 2001 From: Josh Gross Date: Mon, 26 Jul 2021 11:26:46 -0400 Subject: [PATCH 11/18] Remove extra character (#1023) --- ci/ios.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/ios.yml b/ci/ios.yml index 032b77a..ab92d32 100644 --- a/ci/ios.yml +++ b/ci/ios.yml @@ -26,7 +26,7 @@ jobs: platform: ${{ 'iOS Simulator' }} run: | # xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959) - device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`` + device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'` if [ $scheme = default ]; then scheme=$(cat default); fi if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi file_to_build=`echo $file_to_build | awk '{$1=$1;print}'` From 5ba97df54d7ca126e06bc34e57de480349aca331 Mon Sep 17 00:00:00 2001 From: David Sherret Date: Mon, 26 Jul 2021 13:22:45 -0400 Subject: [PATCH 12/18] Remove matrix for Deno template. (#1024) Fixes: The actions/checkout action on windows checks out files with \r\n line endings instead of preserving them. This causes deno fmt --check to fail because the line endings are \r\n instead of \n. Instead of working around this problem specifically on Windows, this change removes the matrix in order to simplify the action. Co-authored-by: Josh Gross --- ci/deno.yml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/ci/deno.yml b/ci/deno.yml index cf91f5e..38f2319 100644 --- a/ci/deno.yml +++ b/ci/deno.yml @@ -3,7 +3,7 @@ # separate terms of service, privacy policy, and support # documentation. -# This workflow will install Deno and run tests across stable and canary builds on Windows, Ubuntu and macOS. +# This workflow will install Deno then run Deno lint and test. # For more information see: https://github.com/denoland/setup-deno name: Deno @@ -16,12 +16,7 @@ on: jobs: test: - runs-on: ${{ matrix.os }} # runs a test on Ubuntu, Windows and macOS - - strategy: - matrix: - deno: ["v1.x", "canary"] - os: [macOS-latest, windows-latest, ubuntu-latest] + runs-on: ubuntu-latest steps: - name: Setup repo @@ -29,9 +24,9 @@ jobs: - name: Setup Deno # uses: denoland/setup-deno@v1 - uses: denoland/setup-deno@4a4e59637fa62bd6c086a216c7e4c5b457ea9e79 + uses: denoland/setup-deno@004814556e37c54a2f6e31384c9e18e9833173669 with: - deno-version: ${{ matrix.deno }} # tests across multiple Deno versions + deno-version: v1.x # Uncomment this step to verify the use of 'deno fmt' on each commit. # - name: Verify formatting @@ -40,8 +35,5 @@ jobs: - name: Run linter run: deno lint - - name: Cache dependencies - run: deno cache deps.ts - - name: Run tests run: deno test -A --unstable From 74200f122dee7d4100a784513de0cc7faee04e53 Mon Sep 17 00:00:00 2001 From: jxlwqq Date: Thu, 29 Jul 2021 01:02:21 +0800 Subject: [PATCH 13/18] Fix login TKE registry error (#882) Error response from daemon: Get https://ccr.ccs.tencentyun.com/v2/: unauthorized: authentication required Co-authored-by: Josh Gross --- ci/tencent.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/tencent.yml b/ci/tencent.yml index 1a059a6..0be339e 100644 --- a/ci/tencent.yml +++ b/ci/tencent.yml @@ -43,7 +43,7 @@ jobs: - name: Login TKE Registry run: | - docker login -u ${{ secrets.TENCENT_CLOUD_ACCOUNT_ID }} -p ${{ secrets.TKE_REGISTRY_PASSWORD }} ${TKE_IMAGE_URL} + docker login -u ${{ secrets.TENCENT_CLOUD_ACCOUNT_ID }} -p '${{ secrets.TKE_REGISTRY_PASSWORD }}' ${TKE_IMAGE_URL} # Push the Docker image to TKE Registry - name: Publish @@ -73,4 +73,4 @@ jobs: ./kustomize edit set image ${TKE_IMAGE_URL}:${GITHUB_SHA} ./kustomize build . | kubectl apply -f - kubectl rollout status deployment/${DEPLOYMENT_NAME} - kubectl get services -o wide \ No newline at end of file + kubectl get services -o wide From bc28e7ed6b0c14a520a85ff34a4fc124ca8a4b9f Mon Sep 17 00:00:00 2001 From: Yong Yan Date: Wed, 28 Jul 2021 14:08:48 -0700 Subject: [PATCH 14/18] Replace action tag with commit hash. --- code-scanning/flawfinder.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/flawfinder.yml b/code-scanning/flawfinder.yml index 9479847..080953e 100644 --- a/code-scanning/flawfinder.yml +++ b/code-scanning/flawfinder.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v2 - name: flawfinder_scan - uses: david-a-wheeler/flawfinder@2.0.19-alpha1 + uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c with: arguments: '--sarif ./' output: 'flawfinder_results.sarif' From 7135450ec14e7e47bf3e41dd65d399e5e315fa39 Mon Sep 17 00:00:00 2001 From: Andy McKay Date: Thu, 29 Jul 2021 09:24:43 -0700 Subject: [PATCH 15/18] Update README.md --- README.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e276691..2c2f1b5 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,8 @@ These are the workflow files for helping people get started with GitHub Actions. -**Directory structure:** +### Directory structure + * [ci](ci): solutions for Continuous Integration * [automation](automation): solutions for automating workflows. * [code-scanning](code-scanning): starter workflows for [Code Scanning](https://github.com/features/security) @@ -20,8 +21,16 @@ Each workflow must be written in YAML and have a `.yml` extension. They also nee For example: `ci/django.yml` and `ci/properties/django.properties.json`. -**Valid properties:** +### Valid properties + * `name`: the name shown in onboarding * `description`: the description shown in onboarding * `iconName`: the icon name in the relevant folder, for example `django` should have an icon `icons/django.svg`. Only SVG is supported at this time * `categories`: the categories that it will be shown under + +### Variables +These variables can be placed in the starter workflow and will be substituted as detailed below: + +* `$default-branch`: will substitute the branch from the repository, for example `main` and `master` +* `$protected-branches`: will substitue any protected branches from the repository. +* `$cron-daily`: will substitute a valid but random time within the day From bd814059fc9a15c1024948fdbb5c0f512666a766 Mon Sep 17 00:00:00 2001 From: Zachary Conger Date: Thu, 5 Aug 2021 06:39:44 -0600 Subject: [PATCH 16/18] update stackhawk code scanning workflow description --- code-scanning/properties/stackhawk.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/stackhawk.properties.json b/code-scanning/properties/stackhawk.properties.json index de29b7a..f422535 100644 --- a/code-scanning/properties/stackhawk.properties.json +++ b/code-scanning/properties/stackhawk.properties.json @@ -1,7 +1,7 @@ { "name": "StackHawk", "creator": "StackHawk", - "description": "Integrate dynamic application security testing (DAST) into your CI pipeline with StackHawk", + "description": "Integrate dynamic application security testing (DAST) and API security testing into your CI pipeline with StackHawk", "iconName": "stackhawk", "categories": [ "Code Scanning", From 443876fc449e5fc8767c5f9ebe0d0fb36b580d9e Mon Sep 17 00:00:00 2001 From: Nick Fyson Date: Tue, 10 Aug 2021 20:15:41 +0100 Subject: [PATCH 17/18] add labeller workflow to triage code scanning PRs --- .github/labeler.yml | 3 +++ .github/workflows/labeler-triage.yml | 11 +++++++++++ 2 files changed, 14 insertions(+) create mode 100644 .github/labeler.yml create mode 100644 .github/workflows/labeler-triage.yml diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000..2d04e26 --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,3 @@ +# Add 'code-scanning' label to any changes within 'code-scanning' folder or any subfolders +code-scanning: +- code-scanning/**/* diff --git a/.github/workflows/labeler-triage.yml b/.github/workflows/labeler-triage.yml new file mode 100644 index 0000000..ce0cff3 --- /dev/null +++ b/.github/workflows/labeler-triage.yml @@ -0,0 +1,11 @@ +name: "Pull Request Labeler" +on: +- pull_request_target + +jobs: + triage: + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@v3 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file From 9267d74ede7efdc46434eec1d69423b1b0ca617c Mon Sep 17 00:00:00 2001 From: Nick Fyson Date: Thu, 12 Aug 2021 12:33:42 +0100 Subject: [PATCH 18/18] add specific permissions to the labeler-triage workflow --- .github/workflows/labeler-triage.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/labeler-triage.yml b/.github/workflows/labeler-triage.yml index ce0cff3..eba05f0 100644 --- a/.github/workflows/labeler-triage.yml +++ b/.github/workflows/labeler-triage.yml @@ -1,4 +1,9 @@ name: "Pull Request Labeler" + +permissions: + contents: read + pull-requests: write + on: - pull_request_target