Merge branch 'main' into patch-5
This commit is contained in:
@@ -90,4 +90,4 @@ jobs:
|
||||
COSIGN_EXPERIMENTAL: "true"
|
||||
# This step uses the identity token to provision an ephemeral certificate
|
||||
# against the sigstore community Fulcio instance.
|
||||
run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
|
||||
run: cosign sign ${{ steps.meta.outputs.tags }}@${{ steps.build-and-push.outputs.digest }}
|
||||
|
||||
@@ -105,7 +105,7 @@ jobs:
|
||||
|
||||
# Remove the pfx
|
||||
- name: Remove the pfx
|
||||
run: Remove-Item -path $env:Wap_Project_Directory\$env:Signing_Certificate
|
||||
run: Remove-Item -path $env:Wap_Project_Directory\GitHubActionsWorkflow.pfx
|
||||
|
||||
# Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact
|
||||
- name: Upload build artifacts
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env npx ts-node
|
||||
import { promises as fs } from "fs";
|
||||
import { safeLoad } from "js-yaml";
|
||||
import { basename, extname, join } from "path";
|
||||
import { basename, extname, join, dirname } from "path";
|
||||
import { Validator as validator } from "jsonschema";
|
||||
import { endGroup, error, info, setFailed, startGroup } from '@actions/core';
|
||||
|
||||
@@ -14,6 +14,7 @@ interface WorkflowWithErrors {
|
||||
interface WorkflowProperties {
|
||||
name: string;
|
||||
description: string;
|
||||
creator: string;
|
||||
iconName: string;
|
||||
categories: string[];
|
||||
}
|
||||
@@ -40,7 +41,7 @@ const propertiesSchema = {
|
||||
}
|
||||
}
|
||||
|
||||
async function checkWorkflows(folders: string[], allowed_categories: string[]): Promise<WorkflowWithErrors[]> {
|
||||
async function checkWorkflows(folders: string[], allowed_categories: object[]): Promise<WorkflowWithErrors[]> {
|
||||
const result: WorkflowWithErrors[] = []
|
||||
const workflow_template_names = new Set()
|
||||
for (const folder of folders) {
|
||||
@@ -69,7 +70,7 @@ async function checkWorkflows(folders: string[], allowed_categories: string[]):
|
||||
return result;
|
||||
}
|
||||
|
||||
async function checkWorkflow(workflowPath: string, propertiesPath: string, allowed_categories: string[]): Promise<WorkflowWithErrors> {
|
||||
async function checkWorkflow(workflowPath: string, propertiesPath: string, allowed_categories: object[]): Promise<WorkflowWithErrors> {
|
||||
let workflowErrors: WorkflowWithErrors = {
|
||||
id: workflowPath,
|
||||
name: null,
|
||||
@@ -104,9 +105,19 @@ async function checkWorkflow(workflowPath: string, propertiesPath: string, allow
|
||||
}
|
||||
|
||||
}
|
||||
if (!workflowPath.endsWith("blank.yml") && (!properties.categories ||
|
||||
!properties.categories.some(category => allowed_categories.some(ac => ac.toLowerCase() == category.toLowerCase())))) {
|
||||
workflowErrors.errors.push(`Workflow does not contain at least one allowed category - ${allowed_categories}`)
|
||||
var path = dirname(workflowPath)
|
||||
var folder_categories = allowed_categories.find( category => category["path"] == path)["categories"]
|
||||
if (!workflowPath.endsWith("blank.yml")) {
|
||||
if(!properties.categories || properties.categories.length == 0) {
|
||||
workflowErrors.errors.push(`Workflow categories cannot be null or empty`)
|
||||
}
|
||||
else if(!folder_categories.some(category => properties.categories[0].toLowerCase() == category.toLowerCase())) {
|
||||
workflowErrors.errors.push(`The first category in properties.json categories for workflow in ${basename(path)} folder must be one of "${folder_categories}. Either move the workflow to an appropriate directory or change the category."`)
|
||||
}
|
||||
}
|
||||
|
||||
if(basename(path).toLowerCase() == 'deployments' && !properties.creator) {
|
||||
workflowErrors.errors.push(`The "creator" in properties.json must be present.`)
|
||||
}
|
||||
} catch (e) {
|
||||
workflowErrors.errors.push(e.toString())
|
||||
|
||||
@@ -5,11 +5,22 @@
|
||||
"../../deployments",
|
||||
"../../code-scanning"
|
||||
],
|
||||
"allowed_categories" : [
|
||||
"Continuous integration",
|
||||
"Deployment",
|
||||
"Code Scanning",
|
||||
"Dependency review",
|
||||
"Automation"
|
||||
"allowed_categories": [
|
||||
{
|
||||
"path": "../../ci",
|
||||
"categories": ["Continuous integration"]
|
||||
},
|
||||
{
|
||||
"path": "../../automation",
|
||||
"categories": ["Automation"]
|
||||
},
|
||||
{
|
||||
"path": "../../deployments",
|
||||
"categories": ["Deployment"]
|
||||
},
|
||||
{
|
||||
"path": "../../code-scanning",
|
||||
"categories": ["Code Scanning", "Dependency review"]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user