Merge branch 'main' into main

This commit is contained in:
Omer Zidkoni
2022-11-08 16:07:00 +02:00
committed by GitHub
54 changed files with 929 additions and 455 deletions
+1 -1
View File
@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Auto-assign issue'
uses: pozil/auto-assign-issue@v1.10.0
uses: pozil/auto-assign-issue@v1.11.0
with:
assignees: phantsure,tiwarishub,anuragc617,vsvipul,bishal-pdmsft
numOfAssignee: 1
+1 -1
View File
@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v5
- uses: actions/stale@v6
with:
stale-issue-message: 'This issue has become stale and will be closed automatically within a period of time. Sorry about that.'
stale-pr-message: 'This pull request has become stale and will be closed automatically within a period of time. Sorry about that.'
+1 -2
View File
@@ -2,8 +2,7 @@ name: Sync workflows for GHES
on:
push:
branches: [ $default-branch ]
workflow_dispatch:
branches: [ main ]
jobs:
sync:
+7 -4
View File
@@ -12,10 +12,11 @@ These are the workflow files for helping people get started with GitHub Actions.
### Directory structure
* [ci](ci): solutions for Continuous Integration workflows.
* [deployments](deployments): solutions for Deployment workflows.
* [automation](automation): solutions for automating workflows.
* [code-scanning](code-scanning): starter workflows for [Code Scanning](https://github.com/features/security)
* [ci](ci): solutions for Continuous Integration workflows
* [deployments](deployments): solutions for Deployment workflows
* [automation](automation): solutions for automating workflows
* [code-scanning](code-scanning): solutions for [Code Scanning](https://github.com/features/security)
* [pages](pages): solutions for Pages workflows
* [icons](icons): svg icons for the relevant template
Each workflow must be written in YAML and have a `.yml` extension. They also need a corresponding `.properties.json` file that contains extra metadata about the workflow (this is displayed in the GitHub.com UI).
@@ -40,6 +41,8 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`.
* monitoring
* Automation
* utilities
* Pages
* Hugo
### Variables
These variables can be placed in the starter workflow and will be substituted as detailed below:
+1 -1
View File
@@ -1,5 +1,5 @@
# This workflow will build a Java project with Ant
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-ant
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-ant
name: Java CI
+3 -3
View File
@@ -3,7 +3,7 @@
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will install Deno then run Deno lint and test.
# This workflow will install Deno then run `deno lint` and `deno test`.
# For more information see: https://github.com/denoland/setup-deno
name: Deno
@@ -27,7 +27,7 @@ jobs:
- name: Setup Deno
# uses: denoland/setup-deno@v1
uses: denoland/setup-deno@004814556e37c54a2f6e31384c9e18e983317366
uses: denoland/setup-deno@9db7f66e8e16b5699a514448ce994936c63f0d54
with:
deno-version: v1.x
@@ -39,4 +39,4 @@ jobs:
run: deno lint
- name: Run tests
run: deno test -A --unstable
run: deno test -A
+2 -2
View File
@@ -41,9 +41,9 @@ jobs:
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
with:
cosign-release: 'v1.9.0'
cosign-release: 'v1.11.0'
# Workaround: https://github.com/docker/build-push-action/issues/461
+1 -1
View File
@@ -69,7 +69,7 @@ jobs:
# Install the .NET Core workload
- name: Install .NET Core
uses: actions/setup-dotnet@v2
uses: actions/setup-dotnet@v3
with:
dotnet-version: 6.0.x
+4 -1
View File
@@ -1,3 +1,6 @@
# This workflow will build a .NET project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
name: .NET
on:
@@ -14,7 +17,7 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Setup .NET
uses: actions/setup-dotnet@v2
uses: actions/setup-dotnet@v3
with:
dotnet-version: 6.0.x
- name: Restore dependencies
+3
View File
@@ -1,3 +1,6 @@
# This workflow will build a golang project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
name: Go
on:
+1 -1
View File
@@ -3,7 +3,7 @@
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
name: Java CI with Gradle
+10 -1
View File
@@ -1,5 +1,10 @@
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Java CI with Maven
@@ -24,3 +29,7 @@ jobs:
cache: maven
- name: Build with Maven
run: mvn -B package --file pom.xml
# Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
- name: Update dependency graph
uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
+1 -1
View File
@@ -1,5 +1,5 @@
# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs
name: Node.js CI
+1 -1
View File
@@ -1,5 +1,5 @@
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
name: Node.js Package
+1 -1
View File
@@ -1,5 +1,5 @@
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
name: Node.js Package
+1 -1
View File
@@ -1,5 +1,5 @@
{
"name": "Jekyll",
"name": "Jekyll using Docker image",
"description": "Package a Jekyll site using the jekyll/builder Docker image.",
"iconName": "jekyll",
"categories": ["Continuous integration", "HTML"]
+1 -1
View File
@@ -1,5 +1,5 @@
# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
name: Python application
+1 -1
View File
@@ -1,5 +1,5 @@
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
name: Python package
+1 -1
View File
@@ -1,5 +1,5 @@
# This workflow will upload a Python Package using Twine when a release is created
# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
+8
View File
@@ -1,3 +1,8 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Scala CI
on:
@@ -24,3 +29,6 @@ jobs:
cache: 'sbt'
- name: Run tests
run: sbt test
# Optional: This step uploads information to the GitHub dependency graph and unblocking Dependabot alerts for the repository
- name: Upload dependency graph
uses: scalacenter/sbt-dependency-submission@ab086b50c947c9774b70f39fc7f6e20ca2706c91
+3
View File
@@ -1,3 +1,6 @@
# This workflow will build a Swift project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-swift
name: Swift
on:
+10 -9
View File
@@ -9,7 +9,7 @@
# and parameters, see https://github.com/anchore/scan-action. For more
# information on Anchore's container image scanning tool Grype, see
# https://github.com/anchore/grype
name: Anchore Container Scan
name: Anchore Grype vulnerability scan
on:
push:
@@ -28,20 +28,21 @@ jobs:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- name: Checkout the code
- name: Check out the code
uses: actions/checkout@v3
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
uses: anchore/scan-action@b08527d5ae7f7dc76f9621edb6e49eaf47933ccd
- name: Run the Anchore Grype scan action
uses: anchore/scan-action@d5aa5b6cb9414b0c7771438046ff5bcfa2854ed7
id: scan
with:
image: "localbuild/testimage:latest"
acs-report-enable: true
fail-build: false
- name: Upload Anchore Scan Report
fail-build: true
severity-cutoff: critical
- name: Upload vulnerability report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
sarif_file: ${{ steps.scan.outputs.sarif }}
+3 -2
View File
@@ -46,7 +46,8 @@ permissions:
contents: read
jobs:
Trigger APIsec scan:
Trigger_APIsec_scan:
permissions:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
@@ -54,7 +55,7 @@ jobs:
steps:
- name: APIsec scan
uses: apisec-inc/apisec-run-scan@f62d0c6fae8a80f97b091a323befdb56e6ad9993
uses: apisec-inc/apisec-run-scan@f748a240d69ca6cd7e9532fd0a47bec4ccd6a73c
with:
# The APIsec username with which the scans will be executed
apisec-username: ${{ secrets.apisec_username }}
+55
View File
@@ -0,0 +1,55 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow.
# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository
# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling
# scan customization using the full functionality and flexibility of the CLI tool.
# This is a basic workflow to help you get started with Using Checkmarx One Action,
# documentation can be found here : https://checkmarx.com/resource/documents/en/34965-68702-checkmarx-one-github-actions.html
name: Checkmarx Scan
# Controls when the workflow will run
on:
pull_request:
types: [opened, reopened, synchronize]
branches: [ $default-branch, $protected-branches ]
permissions:
contents: read
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# This step checks out a copy of your repository.
- name: Checkout repository
uses: actions/checkout@v3
# This step creates the Checkmarx One scan
- name: Checkmarx One scan
uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc
with:
base_uri: https://ast.checkmarx.net # This should be replaced by your base uri for Checkmarx One
cx_client_id: ${{ secrets.CX_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
cx_client_secret: ${{ secrets.CX_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One
additional_params: --report-format sarif --output-path .
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: cx_result.sarif
+1 -1
View File
@@ -53,7 +53,7 @@ jobs:
# queries: security-extended,security-and-quality
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
+69
View File
@@ -0,0 +1,69 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# EthicalCheck addresses the critical need to continuously security test APIs in development and in production.
# EthicalCheck provides the industrys only free & automated API security testing service that uncovers security vulnerabilities using OWASP API list.
# Developers relies on EthicalCheck to evaluate every update and release, ensuring that no APIs go to production with exploitable vulnerabilities.
# You develop the application and API, we bring complete and continuous security testing to you, accelerating development.
# Know your API and Applications are secure with EthicalCheck our free & automated API security testing service.
# How EthicalCheck works?
# EthicalCheck functions in the following simple steps.
# 1. Security Testing.
# Provide your OpenAPI specification or start with a public Postman collection URL.
# EthicalCheck instantly instrospects your API and creates a map of API endpoints for security testing.
# It then automatically creates hundreds of security tests that are non-intrusive to comprehensively and completely test for authentication, authorizations, and OWASP bugs your API. The tests addresses the OWASP API Security categories including OAuth 2.0, JWT, Rate Limit etc.
# 2. Reporting.
# EthicalCheck generates security test report that includes all the tested endpoints, coverage graph, exceptions, and vulnerabilities.
# Vulnerabilities are fully triaged, it contains CVSS score, severity, endpoint information, and OWASP tagging.
# This is a starter workflow to help you get started with EthicalCheck Actions
name: EthicalCheck-Workflow
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the $default-branch branch
# Customize trigger events based on your DevSecOps processes.
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
contents: read
jobs:
Trigger_EthicalCheck:
permissions:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- name: EthicalCheck Free & Automated API Security Testing Service
uses: apisec-inc/ethicalcheck-action@005fac321dd843682b1af6b72f30caaf9952c641
with:
# The OpenAPI Specification URL or Swagger Path or Public Postman collection URL.
oas-url: "http://netbanking.apisec.ai:8080/v2/api-docs"
# The email address to which the penetration test report will be sent.
email: "xxx@apisec.ai"
sarif-result-file: "ethicalcheck-results.sarif"
- name: Upload sarif file to repository
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ./ethicalcheck-results.sarif
+55
View File
@@ -0,0 +1,55 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# NowSecure: The Mobile Security Experts <https://www.nowsecure.com/>.
#
# To use this workflow, you must have a token for NowSecure Platform. If you are a NowSecure customer,
# you can find it in NowSecure Platform.
#
# If you *are not* a NowSecure customer, click here to sign up for a free trial to get access:
# <https://bit.ly/ns-git-sbom>.
#
# Instructions:
#
# 1. In the settings for your repository, click "Secrets" then "New repository secret". Name the secret "NS_TOKEN" and
# paste in your Platform token. If you do not have a Platform token, or wish to create a new one for GitHub, visit
# NowSecure Platform and go to "Profile & Preferences" then create a token labelled "GitHub".
#
# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
# and review the "Dependency graph" tab in the "Insights" pane once the action has run.
name: "NowSecure Mobile SBOM"
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
nowsecure:
name: NowSecure Mobile SBOM
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Build your application
run: ./gradlew assembleDebug # Update this to build your Android or iOS application
- name: NowSecure upload app
uses: nowsecure/nowsecure-sbom-action@ecb731b6f17a83fa53f756f9dae2ec7034c5ed7c
with:
token: ${{ secrets.NS_TOKEN }}
app_file: app-debug.apk # Update this to a path to your .ipa or .apk
group_id: {{ groupId }} # Update this to your desired Platform group ID
@@ -1,6 +1,6 @@
{
"name": "Anchore Syft SBOM Scan",
"organization": "Anchore",
"creator": "Anchore",
"description": "Produce Software Bills of Materials based on Anchore's open source Syft tool.",
"iconName": "anchore",
"categories": ["Code Scanning", "dockerfile", "dependency-management"]
@@ -1,7 +1,7 @@
{
"name": "Anchore Container Scan",
"creator": "Indeni Cloudrail",
"description": "Produce container image vulnerability and compliance reports based on the open-source Anchore container image scanner.",
"name": "Anchore Grype Vulnerability Scan",
"creator": "Anchore",
"description": "Produce source and container vulnerability reports based on Anchore's open source Grype tool.",
"iconName": "anchore",
"categories": ["Code Scanning", "dockerfile"]
}
}
@@ -0,0 +1,7 @@
{
"name": "Checkmarx",
"creator": "Checkmarx",
"description": "Beat vulnerabilities with more secure code.Scan your code with Checkmarx One and see results in the GitHub code scanning.",
"iconName": "checkmarx",
"categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"]
}
@@ -1,6 +1,7 @@
{
"name": "CodeQL Analysis",
"creator": "GitHub",
"enterprise": true,
"description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.",
"iconName": "octicon mark-github",
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"]
@@ -2,10 +2,11 @@
"name": "ESLint",
"description": "A tool for identifying and reporting the problems found in ECMAScript/JavaScript code.",
"iconName": "eslint",
"enterprise": false,
"categories": [
"Code Scanning",
"JavaScript",
"EcmaScript",
"TypeScript"
]
}
}
@@ -0,0 +1,24 @@
{
"name": "EthicalCheck",
"creator": "APIsec",
"description": "EthicalCheck provides the industrys only free & automated API security testing service that uncovers security vulnerabilities using OWASP API list.",
"iconName": "apisec",
"categories": [
"Code Scanning",
"C",
"C#",
"C++",
"Go",
"Java",
"JavaScript",
"Kotlin",
"Objective C",
"PHP",
"Python",
"Ruby",
"Rust",
"Scala",
"Swift",
"TypeScript"
]
}
@@ -0,0 +1,21 @@
{
"name": "NowSecure Mobile SBOM",
"creator": "NowSecure",
"description": "Generate a Mobile SBOM for an application and submit to Dependency Graph",
"iconName": "nowsecure",
"categories": [
"Code Scanning",
"Java",
"Kotlin",
"Scala",
"Swift",
"Objective C",
"C",
"C++",
"C#",
"Rust",
"JavaScript",
"TypeScript",
"Node"
]
}
@@ -0,0 +1,7 @@
{
"name": "Zscaler IaC Scan",
"creator": "Zscaler CWP",
"description": "Scan your Infrastructure as Code files using Zscaler Infrastructure as Code (IaC) Scan app",
"iconName": "zscaler",
"categories": ["Code Scanning"]
}
@@ -0,0 +1,14 @@
{
"name": "zScan",
"creator": "Zimperium",
"description": "The zimperium-zscan GitHub action scans your mobile app binary (iOS or Android) and identifies security, privacy, and compliance-related vulnerabilities. ",
"iconName": "zscan",
"categories": [
"Code Scanning",
"Java",
"Kotlin",
"Scala",
"Swift",
"Objective C"
]
}
+25 -15
View File
@@ -1,7 +1,14 @@
# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: $cron-weekly
push:
@@ -17,20 +24,20 @@ jobs:
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Used to receive a badge.
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Needs for private repositories.
contents: read
actions: read
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@865b4092859256271290c77adbd10a43f4779972 # tag=v2.0.3
uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
with:
results_file: results.sarif
results_format: sarif
@@ -40,23 +47,26 @@ jobs:
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Publish the results for public repositories to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`, regardless
# of the value entered here.
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26
uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27
with:
sarif_file: results.sarif
+10 -5
View File
@@ -3,13 +3,18 @@
# separate terms of service, privacy policy, and support
# documentation.
#
# SOOS is the easy-to-integrate software security solution for your whole team, learn more at https://soos.io/
# SOOS is the easy-to-integrate and affordable software security solution for your whole team.
# Learn more at https://soos.io/
#
# To use this action you need to fill the following requirements:
# To use this action, perform the following steps:
#
# 1. Create an account on https://app.soos.io to obtain a Client ID and API Key (Free 30 days trials for both our SCA/DAST product).
# 1. Create an account on https://app.soos.io. SOOS offers a free 30 day trial for our SCA and DAST products.
#
# 2. Set up your API KEY/Client ID as Github Secrets named SOOS_CLIENT_ID & SOOS_API_KEY. (Also set SOOS_GITHUB_PAT with your Github Personal Access Token if you're going to use sarif upload)
# 2. Navigate to the "Integrate" page in the SOOS app (https://app.soos.io/integrate). Note the "API Credentials" section of this page; the keys you will need for the next step are here.
#
# 3. Set up your SOOS API Key and SOOS Client Id as Github Secrets named SOOS_API_KEY and SOOS_CLIENT_ID.
#
# 4. (Optional) If you'd like to upload SARIF results of DAST scans to GitHub, set SOOS_GITHUB_PAT with your Github Personal Access Token.
#
name: "SOOS DAST Scan"
@@ -29,7 +34,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Run SOOS DAST Scan
uses: soos-io/soos-dast-github-action@b524e2cfbc4f4a5733153a7e624f569913f6c6e9
uses: soos-io/soos-dast-github-action@093de8c09530d4b96f12322adeb74444def866db # Use latest version from https://github.com/marketplace/actions/soos-dast
with:
client_id: ${{ secrets.SOOS_CLIENT_ID }}
api_key: ${{ secrets.SOOS_API_KEY }}
+56
View File
@@ -0,0 +1,56 @@
#This workflow uses actions that are not certified by GitHub.
#They are provided by a third party and are governed by
#separate terms of service, privacy policy, and support
#documentation.
#This workflow runs the Zscaler Infrastructure as Code (IaC) Scan app,
#which detects security misconfigurations in IaC templates and publishes the findings
#under the code scanning alerts section within the repository.
#Log into the Zscaler Posture Control(ZPC) Portal to begin the onboarding process.
#Copy the client ID and client secret key generated during the onboarding process and configure.
#GitHub secrets (ZSCANNER_CLIENT_ID, ZSCANNER_CLIENT_SECRET).
#Refer https://github.com/marketplace/actions/zscaler-iac-scan for additional details on setting up this workflow.
#Any issues with this workflow, please raise it on https://github.com/ZscalerCWP/Zscaler-IaC-Action/issues for further investigation.
name: Zscaler IaC Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
zscaler-iac-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- name : Code Checkout
uses: actions/checkout@v3
- name : Zscaler IAC Scan
uses : ZscalerCWP/Zscaler-IaC-Action@8d2afb33b10b4bd50e2dc2c932b37c6e70ac1087
id : zscaler-iac-scan
with:
client_id : ${{ secrets.ZSCANNER_CLIENT_ID }}
client_secret : ${{ secrets.ZSCANNER_CLIENT_SECRET }}
#This is the user region specified during the onboarding process within the ZPC Admin Portal.
region : 'US'
iac_dir : #Enter the IaC directory path from root.
iac_file : #Enter the IaC file path from root.
output_format : #(Optional) By default, the output is provided in a human readable format. However, if you require a different format, you can specify it here.
#To fail the build based on policy violations identified in the IaC templates, set the input value (fail_build) to true.
fail_build : #Enter true/false
#Ensure that the following step is included in order to post the scan results under the code scanning alerts section within the repository.
- name: Upload SARIF file
if: ${{ success() || failure() && (steps.zscaler-iac-scan.outputs.sarif_file_path != '') }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.zscaler-iac-scan.sarif_file_path }}
+61
View File
@@ -0,0 +1,61 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# The zimperium-zscan GitHub action scans your mobile app binary (iOS or Android)
# and identifies security, privacy, and compliance-related vulnerabilities.
#
# Prerequisites:
# * An active Zimperium zScan account is required. If you are not an existing Zimperium
# zScan customer, please request a zSCAN demo by visiting https://www.zimperium.com/contact-us.
# * Either GitHub Advanced Security (GHAS) or a public repository is required to display
# issues and view the remediation information inside of GitHub code scanning alerts.
#
# For additional information and setup instructions
# please visit: https://github.com/Zimperium/zScanMarketplace#readme
name: "Zimperium zScan"
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
permissions:
contents: read
jobs:
zscan:
name: zScan
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Execute gradle build
run: ./gradlew build # Change this to build your mobile application
- name: Run Zimperium zScan
uses: zimperium/zscanmarketplace@bfc6670f6648d796098c251ccefcfdb98983174d
timeout-minutes: 60
with:
# REPLACE: Zimperium Client Environment Name
client_env: env_string
# REPLACE: Zimperium Client ID
client_id: id_string
# REPLACE: Zimperium Client Secret
client_secret: ${{ secrets.ZSCAN_CLIENT_SECRET }}
# REPLACE: The path to an .ipa or .apk
app_file: app-release-unsigned.apk
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: Zimperium.sarif
+54 -97
View File
@@ -1,14 +1,16 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
# The ACR should be attached to the AKS cluster
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
# - https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli#configure-acr-integration-for-existing-aks-clusters
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# 1. Set the following secrets in your repository (instructions for getting these
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux)):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
@@ -34,7 +36,7 @@ name: Build and deploy an app to AKS with Helm
on:
push:
branches: [ $default-branch ]
branches: [$default-branch]
workflow_dispatch:
env:
@@ -42,7 +44,6 @@ env:
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
CHART_PATH: "your-chart-path"
CHART_OVERRIDE_PATH: "your-chart-override-path"
@@ -53,63 +54,21 @@ jobs:
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
# Checks out the repository this file is in
- uses: actions/checkout@v3
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.6
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Retrieves the credentials for pulling images from your Azure Container Registry
- name: Get ACR credentials
run: |
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
# Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- name: Create K8s secret for pulling image from ACR
uses: Azure/k8s-create-secret@v1.1
with:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
deploy:
permissions:
@@ -117,45 +76,43 @@ jobs:
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
needs: [buildImage]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Runs Helm to create manifest files
- name: Bake deployment
uses: azure/k8s-bake@v2.1
with:
renderEngine: 'helm'
helmChart: ${{ env.CHART_PATH }}
overrideFiles: ${{ env.CHART_OVERRIDE_PATH }}
overrides: |
replicas:2
helm-version: 'latest'
id: bake
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.6
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v3
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Runs Helm to create manifest files
- name: Bake deployment
uses: azure/k8s-bake@v2
with:
renderEngine: "helm"
helmChart: ${{ env.CHART_PATH }}
overrideFiles: ${{ env.CHART_OVERRIDE_PATH }}
overrides: |
replicas:2
helm-version: "latest"
id: bake
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v4
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
@@ -1,14 +1,16 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
# The ACR should be attached to the AKS cluster
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
# - https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli#configure-acr-integration-for-existing-aks-clusters
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# 1. Set the following secrets in your repository (instructions for getting these
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
@@ -33,7 +35,7 @@ name: Build and deploy an app to AKS with Kompose
on:
push:
branches: [ $default-branch ]
branches: [$default-branch]
workflow_dispatch:
env:
@@ -41,7 +43,6 @@ env:
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
DOCKER_COMPOSE_FILE_PATH: "your-docker-compose-file-path"
jobs:
@@ -51,106 +52,62 @@ jobs:
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Retrieves the credentials for pulling images from your Azure Container Registry
- name: Get ACR credentials
run: |
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.6
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
# Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- name: Create K8s secret for pulling image from ACR
uses: Azure/k8s-create-secret@v1.1
with:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
needs: [buildImage]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.6
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Runs Kompose to create manifest files
- name: Bake deployment
uses: azure/k8s-bake@v2.1
with:
renderEngine: 'kompose'
dockerComposeFile: ${{ env.DOCKER_COMPOSE_FILE_PATH }}
kompose-version: 'latest'
id: bake
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v3
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
# Runs Kompose to create manifest files
- name: Bake deployment
uses: azure/k8s-bake@v2
with:
renderEngine: "kompose"
dockerComposeFile: ${{ env.DOCKER_COMPOSE_FILE_PATH }}
kompose-version: "latest"
id: bake
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v4
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
@@ -1,14 +1,16 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
# The ACR should be attached to the AKS cluster
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
# - https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli#configure-acr-integration-for-existing-aks-clusters
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# 1. Set the following secrets in your repository (instructions for getting these
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
@@ -33,7 +35,7 @@ name: Build and deploy an app to AKS with Kustomize
on:
push:
branches: [ $default-branch ]
branches: [$default-branch]
workflow_dispatch:
env:
@@ -41,7 +43,6 @@ env:
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
KUSTOMIZE_PATH: "your-kustomize-path"
jobs:
@@ -51,106 +52,62 @@ jobs:
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.6
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
# Retrieves the credentials for pulling images from your Azure Container Registry
- name: Get ACR credentials
run: |
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
# Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- name: Create K8s secret for pulling image from ACR
uses: Azure/k8s-create-secret@v1.1
with:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
needs: [buildImage]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.6
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v3
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Runs Kustomize to create manifest files
- name: Bake deployment
uses: azure/k8s-bake@v2.1
with:
renderEngine: 'kustomize'
kustomizationPath: ${{ env.KUSTOMIZE_PATH }}
kubectl-version: latest
id: bake
# Runs Kustomize to create manifest files
- name: Bake deployment
uses: azure/k8s-bake@v2
with:
renderEngine: "kustomize"
kustomizationPath: ${{ env.KUSTOMIZE_PATH }}
kubectl-version: latest
id: bake
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v4
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
+43 -86
View File
@@ -1,9 +1,11 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
# The ACR should be attached to the AKS cluster
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
# - https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli#configure-acr-integration-for-existing-aks-clusters
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
@@ -29,7 +31,7 @@ name: Build and deploy an app to AKS
on:
push:
branches: [ $default-branch ]
branches: [$default-branch]
workflow_dispatch:
env:
@@ -37,8 +39,7 @@ env:
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
DEPLOYMENT_MANIFEST_PATH: 'your-deployment-manifest-path'
DEPLOYMENT_MANIFEST_PATH: "your-deployment-manifest-path"
jobs:
buildImage:
@@ -47,63 +48,21 @@ jobs:
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
# Checks out the repository this file is in
- uses: actions/checkout@v3
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.6
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves the credentials for pulling images from your Azure Container Registry
- name: Get ACR credentials
run: |
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
# Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- name: Create K8s secret for pulling image from ACR
uses: Azure/k8s-create-secret@v1.1
with:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
deploy:
permissions:
@@ -111,33 +70,31 @@ jobs:
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
needs: [buildImage]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Deploys application based on given manifest file
- name: Deploys application
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.6
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v3
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Deploys application based on given manifest file
- name: Deploys application
uses: Azure/k8s-deploy@v4
with:
action: deploy
manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
+20
View File
@@ -0,0 +1,20 @@
<svg width="124" height="124" viewBox="0 0 124 124" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_1_5)">
<path fill-rule="evenodd" clip-rule="evenodd" d="M78.9569 9.16863C79.8984 10.3374 80.3785 11.9147 81.3388 15.0692L102.316 83.981C94.5604 79.9575 86.1289 77.0556 77.2366 75.49L63.5781 29.3336C63.3546 28.5783 62.6609 28.0602 61.8734 28.0602C61.0838 28.0602 60.3888 28.581 60.1671 29.3389L46.6739 75.4667C37.7405 77.0253 29.2704 79.9324 21.4812 83.9706L42.5617 15.0532H42.5618C43.5251 11.9042 44.0066 10.3297 44.9483 9.16295C45.7794 8.13296 46.8607 7.33303 48.0887 6.83939C49.4799 6.28025 51.1264 6.28025 54.4194 6.28025H69.4762C72.7737 6.28025 74.4223 6.28025 75.8147 6.84057C77.0439 7.33522 78.1257 8.13675 78.9569 9.16863Z" fill="url(#paint0_linear_1_5)"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M81.4671 87.2605C78.0089 90.2177 71.1064 92.2344 63.1556 92.2344C53.3972 92.2344 45.2181 89.1964 43.0477 85.1106C42.2718 87.4522 42.0978 90.1321 42.0978 91.8441C42.0978 91.8441 41.5866 100.25 47.4335 106.097C47.4335 103.061 49.8947 100.601 52.9307 100.601C58.1344 100.601 58.1285 105.14 58.1237 108.824C58.1236 108.934 58.1235 109.043 58.1235 109.152C58.1235 114.743 61.5403 119.535 66.3997 121.556C65.6739 120.063 65.2667 118.386 65.2667 116.615C65.2667 111.283 68.397 109.297 72.0351 106.99C74.9298 105.154 78.146 103.115 80.3625 99.0227C81.519 96.8876 82.1757 94.4428 82.1757 91.8441C82.1757 90.2461 81.9274 88.7061 81.4671 87.2605Z" fill="#FF5D01"/>
<path fill-rule="evenodd" clip-rule="evenodd" d="M81.4671 87.2605C78.0089 90.2177 71.1064 92.2344 63.1556 92.2344C53.3972 92.2344 45.2181 89.1964 43.0477 85.1106C42.2718 87.4522 42.0978 90.1321 42.0978 91.8441C42.0978 91.8441 41.5866 100.25 47.4335 106.097C47.4335 103.061 49.8947 100.601 52.9307 100.601C58.1344 100.601 58.1285 105.14 58.1237 108.824C58.1236 108.934 58.1235 109.043 58.1235 109.152C58.1235 114.743 61.5403 119.535 66.3997 121.556C65.6739 120.063 65.2667 118.386 65.2667 116.615C65.2667 111.283 68.397 109.297 72.0351 106.99C74.9298 105.154 78.146 103.115 80.3625 99.0227C81.519 96.8876 82.1757 94.4428 82.1757 91.8441C82.1757 90.2461 81.9274 88.7061 81.4671 87.2605Z" fill="url(#paint1_linear_1_5)"/>
</g>
<defs>
<linearGradient id="paint0_linear_1_5" x1="85.5403" y1="2.62659" x2="61.8988" y2="83.9811" gradientUnits="userSpaceOnUse">
<stop stop-color="#000014"/>
<stop offset="1" stop-color="#150426"/>
</linearGradient>
<linearGradient id="paint1_linear_1_5" x1="97.0378" y1="63.2061" x2="76.5628" y2="106.069" gradientUnits="userSpaceOnUse">
<stop stop-color="#FF1639"/>
<stop offset="1" stop-color="#FF1639" stop-opacity="0"/>
</linearGradient>
<clipPath id="clip0_1_5">
<rect width="124" height="124" fill="white"/>
</clipPath>
</defs>
</svg>

After

Width:  |  Height:  |  Size: 2.7 KiB

+72 -13
View File
@@ -1,14 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 24.2.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 128 128" style="enable-background:new 0 0 128 128;" xml:space="preserve">
<style type="text/css">
.st0{fill:#54B848;}
</style>
<path class="st0" d="M98.3,72.1c-4.2,0-7.7,3.4-7.7,7.7v2.9c0,4.2-3.4,7.5-7.5,7.5H44.9c-4.2,0-7.5-3.4-7.5-7.5v-37
c0-4.2,3.4-7.5,7.5-7.5H83c1,0,1.8,0,2.5,0h0.1c1.9,0.5,3,1.6,3.6,3c0.7,1.6,1.2,3.9-1.4,6.1L65.9,63.2l-6.7-8.5
c-2.6-3.3-7.4-4-10.8-1.4c-3.3,2.6-4,7.4-1.4,10.8l11.2,14.5c2.5,3.3,7.2,4,10.6,1.5l25.4-18.6c0.3-0.2,3.6-2.8,3.9-3.1
c7.6-6.8,9.2-15.6,6.1-23.3c-3.2-7.8-11.4-12.7-21.3-12.7H44.9C32.3,22.4,22,32.7,22,45.3v37.3c0,12.6,10.3,22.9,22.9,22.9h38.2
c12.6,0,22.9-10.2,22.9-22.9v-2.9C106,75.5,102.6,72.1,98.3,72.1z M95.1,39c-0.2-0.1-0.3-0.1-0.5-0.2C94.8,38.9,94.9,38.9,95.1,39
L95.1,39z"/>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
version="1.1"
id="svg888"
width="326.66666"
height="332"
viewBox="0 0 326.66666 332"
sodipodi:docname="logo.svg"
inkscape:version="1.1.1 (3bf5ae0d25, 2021-09-20)"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg">
<defs
id="defs892" />
<sodipodi:namedview
id="namedview890"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageshadow="2"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="0"
showgrid="false"
inkscape:zoom="0.62650602"
inkscape:cx="-14.365385"
inkscape:cy="108.53846"
inkscape:window-width="1278"
inkscape:window-height="1008"
inkscape:window-x="1913"
inkscape:window-y="0"
inkscape:window-maximized="0"
inkscape:current-layer="g894" />
<g
inkscape:groupmode="layer"
inkscape:label="Image"
id="g894">
<g
id="g1071"
transform="translate(3.1923058,7.9807692)">
<path
style="fill:#de97a7;stroke-width:0.666667"
d="M 21.174633,318.70543 C 7.5554998,314.35173 -0.16630266,302.27313 0.88225798,286.96369 1.307963,280.7482 3.0561977,275.79769 6.4656402,271.15309 7.8855765,269.21875 25.304936,253.83037 49.75681,232.90937 c 22.503362,-19.25386 41.213995,-35.56532 41.579195,-36.2477 1.023873,-1.91312 0.7818,-5.47089 -0.50618,-7.43939 C 90.190085,188.24453 71.516665,171.933 49.333332,152.97444 25.277137,132.41527 7.9562052,117.1246 6.4135672,115.08549 3.0206443,110.60062 1.6308778,107.25325 0.59008405,101.05915 -1.0532723,91.278987 1.8126922,82.110747 8.6597532,75.244227 19.411462,64.461955 35.987306,63.137219 47.999999,72.100167 c 2.380565,1.776193 15.943097,16.995253 38.666666,43.389423 19.249995,22.3595 35.591755,41.07141 36.315005,41.58202 1.99887,1.4112 5.85794,1.14306 8.22663,-0.57161 1.13967,-0.825 32.10508,-34.05 68.812,-73.833333 36.70693,-39.783334 67.99383,-73.4679857 69.52645,-74.854783 11.84466,-10.717692 31.20357,-10.0490691 42.44224,1.4658807 2.02272,2.0724483 4.57767,5.5577703 5.67767,7.7451613 1.88495,3.748295 1.99797,4.418095 1.96461,11.643741 -0.0422,9.148671 -1.32946,13.175748 -6.19769,19.389295 -1.70514,2.176345 -36.30127,34.553385 -76.88028,71.948968 -58.22422,53.65654 -73.87271,68.414 -74.21963,69.99353 -0.70455,3.20777 0.19453,5.59219 3.19499,8.47334 1.54257,1.48123 19.60467,17.00967 40.138,34.50765 20.53334,17.49797 38.4706,33.06086 39.86059,34.58419 1.39,1.52333 3.75595,5.22836 5.25767,8.23339 2.47221,4.94704 2.76155,6.05917 3.05977,11.76058 0.2704,5.16953 0.076,7.13098 -1.08574,10.95582 -1.57728,5.19284 -5.73539,11.38417 -9.64197,14.35668 -3.6752,2.79644 -10.24662,5.62336 -15.0386,6.46938 -7.49554,1.32332 -17.42847,-1.38625 -23.32448,-6.3626 -1.23535,-1.04266 -17.969,-20.12805 -37.18587,-42.41197 -19.21687,-22.28392 -35.59789,-40.97717 -36.40224,-41.54057 -1.66309,-1.16487 -5.31593,-1.3477 -7.16413,-0.35857 -0.68422,0.36618 -16.96452,18.89118 -36.178468,41.16667 -19.21394,22.27548 -36.170893,41.61289 -37.682111,42.97201 -7.271808,6.53993 -19.301542,8.99059 -28.966448,5.90097 z"
id="path1085" />
<path
style="fill:#96a8d6;stroke-width:0.666667"
d="M 21.174633,318.70543 C 7.5554998,314.35173 -0.16630266,302.27313 0.88225798,286.96369 1.307789,280.75074 3.0560946,275.79783 6.4608654,271.1596 7.8747092,269.23356 25.462395,253.69753 50.02247,232.67957 c 22.654722,-19.3874 41.356535,-35.7965 41.559575,-36.46469 0.203046,-0.66819 0.436806,-2.65141 0.51946,-4.40716 0.12378,-2.62909 -0.136547,-3.46623 -1.475607,-4.7451 C 89.731652,186.20857 71.143892,170.22526 49.319768,151.54415 27.495641,132.86303 8.6729178,116.35803 7.4914952,114.86636 5.139144,111.89628 2.0168196,105.64735 2.0065126,103.88889 2.0029306,103.27778 1.65,102.66111 1.2222222,102.51852 0.25813211,102.19715 0.13555608,90.093947 1.0897823,89.441347 1.4447182,89.198607 2.2569273,87.608 2.8946916,85.906667 5.4542554,79.078647 10.244351,73.831333 17.028378,70.423907 28.520751,64.651618 42.46551,67.094767 51.412048,76.448 c 1.693294,1.770267 17.255391,19.718667 34.582437,39.88533 17.327045,20.16667 32.726825,37.93937 34.221735,39.4949 3.06622,3.19053 5.81326,4.03881 9.32546,2.87968 1.80133,-0.59449 16.04925,-15.63636 66.20986,-69.89937 35.15304,-38.02803 66.57621,-71.909012 69.82927,-75.29107 6.20411,-6.4501147 10.30249,-9.4702242 14.75252,-10.8711716 1.46666,-0.4617331 2.86527,-1.146041 3.10801,-1.5206843 0.63636,-0.98214631 12.74741,-0.89267545 13.07717,0.096608 C 296.66111,1.65 297.30485,2 297.94907,2 c 2.2936,0 9.28512,4.0805734 12.62586,7.3690327 4.26608,4.1993223 6.413,7.8417103 7.78982,13.2160043 2.03732,7.95241 -0.79119,19.270905 -6.43318,25.742882 -1.2457,1.428954 -35.32346,33.128741 -75.72837,70.443971 -40.4049,37.31523 -73.75392,68.38861 -74.10893,69.05196 -0.76771,1.43447 0.15753,7.19293 1.40345,8.73483 0.45959,0.56875 18.53561,16.15471 40.16894,34.63545 21.63334,18.48073 40.4706,34.84736 41.86059,36.37027 1.39,1.52291 3.75595,5.2276 5.25767,8.23263 2.47221,4.94704 2.76155,6.05917 3.05977,11.76058 0.2704,5.16953 0.076,7.13098 -1.08574,10.95582 -1.57728,5.19284 -5.73539,11.38417 -9.64197,14.35668 -3.6752,2.79644 -10.24662,5.62336 -15.0386,6.46938 -7.49554,1.32332 -17.42847,-1.38625 -23.32448,-6.3626 -1.23535,-1.04266 -17.969,-20.12805 -37.18587,-42.41197 -19.21687,-22.28392 -35.59789,-40.97717 -36.40224,-41.54057 -1.66309,-1.16487 -5.31593,-1.3477 -7.16413,-0.35857 -0.68422,0.36618 -16.96452,18.89118 -36.178468,41.16667 -19.21394,22.27548 -36.170893,41.61289 -37.682111,42.97201 -7.271808,6.53993 -19.301542,8.99059 -28.966448,5.90097 z"
id="path1083" />
<path
style="fill:#cc7088;stroke-width:0.666667"
d="M 20.809439,317.44176 C 11.259316,314.04587 3.4968918,304.90991 2.214937,295.55703 c -0.2155774,-1.5728 -0.652129,-2.69885 -0.9701146,-2.50233 -0.31798569,0.19653 -0.57815575,-1.32809 -0.57815575,-3.38803 0,-2.32714 0.25243966,-3.58934 0.66666665,-3.33334 C 1.7071159,286.56435 2,286.04171 2,285.14371 c 0,-2.06438 2.1213054,-8.2234 3.7408445,-10.86122 2.56302,-4.1745 5.6149135,-6.92969 45.0253925,-40.64804 22.128568,-18.93251 40.758761,-35.3657 41.400428,-36.5182 1.352453,-2.42914 1.489633,-5.01134 0.393986,-7.41604 -0.42498,-0.93272 -19.165839,-17.46019 -41.64636,-36.72772 C 28.433771,133.70497 8.9967371,116.66671 7.7208845,115.1097 5.2569412,112.10279 2.0173715,105.74153 2.0065126,103.88889 2.0029306,103.27778 1.65,102.66111 1.2222222,102.51852 0.25813211,102.19715 0.13555608,90.093947 1.0897823,89.441347 1.4447182,89.198607 2.2569273,87.608 2.8946916,85.906667 5.4542554,79.078647 10.244351,73.831333 17.028378,70.423907 28.520751,64.651618 42.46551,67.094767 51.412048,76.448 c 1.693294,1.770267 17.255391,19.718667 34.582437,39.88533 17.327045,20.16667 32.726825,37.93937 34.221735,39.4949 3.06622,3.19053 5.81326,4.03881 9.32546,2.87968 1.80133,-0.59449 16.04925,-15.63636 66.20986,-69.89937 35.15304,-38.02803 66.57621,-71.909012 69.82927,-75.29107 6.20411,-6.4501147 10.30249,-9.4702242 14.75252,-10.8711716 1.46666,-0.4617331 2.86527,-1.146041 3.10801,-1.5206843 0.63636,-0.98214631 12.74741,-0.89267545 13.07717,0.096608 C 296.66111,1.65 297.30485,2 297.94907,2 c 2.2936,0 9.28512,4.0805734 12.62586,7.3690327 4.26608,4.1993223 6.413,7.8417103 7.78982,13.2160043 2.03732,7.95241 -0.79119,19.270905 -6.43318,25.742882 -1.2457,1.428954 -35.35214,33.155214 -75.79209,70.502811 -46.37375,42.82764 -73.91898,68.72632 -74.58811,70.12949 -1.37217,2.87747 -0.77742,6.12327 1.62002,8.84119 1.00573,1.14018 18.77861,16.54058 39.49527,34.22311 20.71667,17.68254 38.8282,33.23579 40.24784,34.56277 9.55343,8.92995 12.66505,23.73685 7.41119,35.26686 -4.63078,10.16261 -17.61471,17.632 -28.82909,16.58479 -4.47747,-0.41811 -10.7774,-2.67157 -14.55675,-5.2069 -1.28341,-0.86095 -18.54288,-20.35269 -38.35439,-43.31496 -19.8115,-22.96227 -36.76204,-42.08727 -37.66788,-42.5 -2.35752,-1.07415 -4.9528,-0.92761 -7.3716,0.41625 -1.15494,0.64167 -17.44674,19.01667 -36.204022,40.83334 -18.757279,21.81666 -35.507653,40.98882 -37.223052,42.60478 -1.715399,1.61597 -5.068907,3.85952 -7.45224,4.98567 -3.839228,1.81408 -5.131504,2.06979 -11.333333,2.24262 -5.523889,0.15393 -7.743094,-0.0692 -10.523894,-1.05798 z"
id="path1081" />
<path
style="fill:#6b85c7;stroke-width:0.666667"
d="M 20.809439,317.44176 C 11.259316,314.04587 3.4968918,304.90991 2.214937,295.55703 c -0.2155774,-1.5728 -0.652129,-2.69885 -0.9701146,-2.50233 -0.31798569,0.19653 -0.57815575,-1.32809 -0.57815575,-3.38803 0,-2.32714 0.25243966,-3.58934 0.66666665,-3.33334 C 1.7071159,286.56435 2,286.04171 2,285.14371 c 0,-2.06438 2.1213054,-8.2234 3.7408445,-10.86122 2.56302,-4.1745 5.6149135,-6.92969 45.0253925,-40.64804 22.128568,-18.93251 40.773521,-35.37038 41.433228,-36.5286 0.73724,-1.29434 1.115806,-3.06925 0.98238,-4.60585 l -0.21708,-2.5 h 33.763175 33.76316 l 0.36231,2.70121 c 0.19927,1.48566 1.06377,3.5698 1.92111,4.63144 0.85735,1.06163 18.65881,16.53482 39.55881,34.38488 20.9,17.85006 39.16153,33.54091 40.58117,34.86856 9.5544,8.93531 12.66504,23.73807 7.41119,35.26806 -4.63078,10.16261 -17.61471,17.632 -28.82909,16.58479 -4.47747,-0.41811 -10.7774,-2.67157 -14.55675,-5.2069 -1.28341,-0.86095 -18.54288,-20.35269 -38.35439,-43.31496 -19.8115,-22.96227 -36.76204,-42.08727 -37.66788,-42.5 -2.35752,-1.07415 -4.9528,-0.92761 -7.3716,0.41625 -1.15494,0.64167 -17.44674,19.01667 -36.204022,40.83334 -18.757279,21.81666 -35.507653,40.98882 -37.223052,42.60478 -1.715399,1.61597 -5.068907,3.85952 -7.45224,4.98567 -3.839228,1.81408 -5.131504,2.06979 -11.333333,2.24262 -5.523889,0.15393 -7.743094,-0.0692 -10.523894,-1.05798 z M 91.914958,187.54934 C 91.411731,186.93481 72.549999,170.61484 49.999999,151.28273 4.4924434,112.26912 4.4624331,112.23837 2.3331219,102.4444 1.668497,99.387393 1.4029056,98.846127 1.297258,100.33333 c -0.1065237,1.49954 -0.2525694,1.20761 -0.58364508,-1.166663 -0.2428634,-1.741667 -0.2428634,-4.591667 0,-6.333334 0.33997078,-2.43806 0.47887128,-2.706493 0.60368888,-1.166666 0.1402001,1.729593 0.2413319,1.594393 0.748,-1 1.6146118,-8.267607 8.1540402,-16.300867 16.4174792,-20.1678 8.508916,-3.981802 19.248794,-3.138034 27.506681,2.16104 2.454337,1.57494 12.783111,13.112806 39.435583,44.051923 38.443515,44.62656 37.779735,43.96094 42.884105,43.00336 1.22224,-0.2293 3.02712,-1.05001 4.01085,-1.82381 0.98373,-0.77381 32.81601,-34.95044 70.73839,-75.948087 68.35823,-73.9016437 68.99122,-74.5615863 73.77903,-76.9209589 2.65608,-1.3088843 6.17924,-2.6414925 7.82924,-2.9613515 2.59052,-0.5021827 2.72701,-0.6036898 1,-0.7436807 -1.56371,-0.1267536 -1.32211,-0.2570135 1.10752,-0.5971259 1.70914,-0.23925377 4.70914,-0.24140931 6.66667,-0.004793 2.32126,0.28058546 2.86354,0.482583 1.55914,0.5807789 -1.69925,0.1279216 -1.4946,0.2733463 1.36097,0.9670904 5.68837,1.3819575 9.78413,3.7825289 14.39236,8.4355247 6.48056,6.543511 8.55855,12.809868 7.26131,21.897017 -0.72441,5.074471 -2.31556,9.408242 -4.88063,13.293289 -0.80704,1.222334 -34.16734,32.39909 -74.134,69.281687 -39.96667,36.8826 -74.05966,68.5075 -75.7622,70.27758 l -3.09552,3.21832 H 126.4861 c -30.678909,0 -33.737115,-0.0988 -34.571142,-1.11733 z"
id="path1079" />
<path
style="fill:#cf687f;stroke-width:0.666667"
d="m 189.20446,243.5 c -0.93315,-1.24973 -5.46726,-1.50667 -9.70446,-0.54995 -1.44116,0.32541 -2.16667,0.2404 -2.16667,-0.25387 0,-0.54499 -0.36806,-0.54611 -1.38059,-0.004 -0.99364,0.53178 -1.95555,0.53843 -3.43202,0.0237 -1.29288,-0.4507 -2.33136,-0.48282 -2.80844,-0.0869 -0.467,0.38758 -1.13152,0.39139 -1.73464,0.01 -1.42481,-0.90114 -8.44282,-0.77588 -9.97015,0.17796 -1.09356,0.68294 -1.45496,0.61538 -2.20657,-0.4125 -0.77478,-1.05958 -1.09159,-1.10882 -2.29574,-0.35682 -1.09542,0.68411 -1.60619,0.69871 -2.36655,0.0677 -0.5333,-0.4426 -1.45833,-0.61719 -2.05563,-0.38799 -2.2422,0.86041 -4.25357,-0.51663 -10.02813,-6.86554 -3.26569,-3.5905 -6.564,-6.89256 -7.32958,-7.3379 -0.76558,-0.44534 -2.88714,-0.82034 -4.71459,-0.83333 l -3.32262,-0.0238 -7.18729,7.3836 c -6.86023,7.0476 -7.30144,7.37535 -9.69595,7.20246 -1.37977,-0.0996 -2.87128,0.043 -3.31446,0.31688 -0.4432,0.2739 -1.8228,0.2172 -3.0658,-0.126 -1.295109,-0.3576 -2.650909,-0.3764 -3.175622,-0.044 -1.531787,0.97027 -2.582293,0.67211 -2.582293,-0.73294 0,-1.53542 -1.01642,-1.78745 -1.554427,-0.38543 -0.254887,0.66422 -1.124187,0.86424 -2.90466,0.66835 -2.84084,-0.31256 -8.361293,-0.46185 -8.874246,-0.23999 -0.183334,0.0793 -2.058334,0.19797 -4.166667,0.26374 -3.30608,0.10313 -3.833333,-0.0473 -3.833333,-1.09355 0,-0.66722 -0.3,-1.21312 -0.666667,-1.21312 -0.366666,0 -0.666666,0.45 -0.666666,1 0,1.06718 -1.73852,1.40174 -2.111114,0.40626 -0.12464,-0.33301 -1.682266,-0.36887 -3.547164,-0.0817 -3.01838,0.46484 -12.728495,-0.66091 -14.351263,-1.66383 -0.311243,-0.19236 -1.04488,0.33027 -1.630305,1.16141 -0.798781,1.13404 -1.197798,1.29755 -1.598915,0.65524 -0.318442,-0.50993 -1.025583,-0.66747 -1.749356,-0.38974 -3.85705,1.4801 7.853612,-9.55504 33.654783,-31.71342 5.683333,-4.88092 10.873093,-9.81186 11.5328,-10.95766 0.7395,-1.2844 1.11622,-3.04195 0.98238,-4.58327 l -0.21708,-2.5 h 33.850945 33.85095 v 1.73258 c 0,3.64745 2.15908,6.12307 14.80348,16.97381 26.14078,22.43263 37.86319,33.14988 37.86319,34.61657 0,1.09056 -1.37671,1.47097 -2.36253,0.65281 -0.76318,-0.63339 -1.2001,-0.6154 -2.04294,0.0841 -0.9047,0.75083 -1.19739,0.71852 -1.87402,-0.20683 -0.54757,-0.74884 -1.42325,-0.99257 -2.76119,-0.76853 -3.73953,0.62619 -9.2985,0.7136 -10.38931,0.16336 -0.71624,-0.36129 -1.38053,-0.21115 -1.91497,0.4328 -1.06767,1.28648 -1.72002,1.24414 -2.78391,-0.18067 z M 91.914958,187.54934 C 91.411731,186.93481 72.549999,170.61484 49.999999,151.28273 4.4924434,112.26912 4.4624331,112.23837 2.3331219,102.4444 1.668497,99.387393 1.4029056,98.846127 1.297258,100.33333 c -0.1065237,1.49954 -0.2525694,1.20761 -0.58364508,-1.166663 -0.2428634,-1.741667 -0.2428634,-4.591667 0,-6.333334 0.33997078,-2.43806 0.47887128,-2.706493 0.60368888,-1.166666 0.1402001,1.729593 0.2413319,1.594393 0.748,-1 1.6146118,-8.267607 8.1540402,-16.300867 16.4174792,-20.1678 8.508916,-3.981802 19.248794,-3.138034 27.506681,2.16104 2.454337,1.57494 12.783111,13.112806 39.435583,44.051923 38.443515,44.62656 37.779735,43.96094 42.884105,43.00336 1.22224,-0.2293 3.02712,-1.05001 4.01085,-1.82381 0.98373,-0.77381 32.81601,-34.95044 70.73839,-75.948087 68.35823,-73.9016437 68.99122,-74.5615863 73.77903,-76.9209589 2.65608,-1.3088843 6.17924,-2.6414925 7.82924,-2.9613515 2.59052,-0.5021827 2.72701,-0.6036898 1,-0.7436807 -1.56371,-0.1267536 -1.32211,-0.2570135 1.10752,-0.5971259 1.70914,-0.23925377 4.70914,-0.24140931 6.66667,-0.004793 2.32126,0.28058546 2.86354,0.482583 1.55914,0.5807789 -1.69925,0.1279216 -1.4946,0.2733463 1.36097,0.9670904 5.68837,1.3819575 9.78413,3.7825289 14.39236,8.4355247 6.48056,6.543511 8.55855,12.809868 7.26131,21.897017 -0.72441,5.074471 -2.31556,9.408242 -4.88063,13.293289 -0.80704,1.222334 -34.16734,32.39909 -74.134,69.281687 -39.96667,36.8826 -74.05966,68.5075 -75.7622,70.27758 l -3.09552,3.21832 H 126.4861 c -30.678909,0 -33.737115,-0.0988 -34.571142,-1.11733 z"
id="path1077" />
<path
style="fill:#7080be;stroke-width:0.666667"
d="m 189.20446,243.5 c -0.93315,-1.24973 -5.46726,-1.50667 -9.70446,-0.54995 -1.44116,0.32541 -2.16667,0.2404 -2.16667,-0.25387 0,-0.54499 -0.36806,-0.54611 -1.38059,-0.004 -0.99364,0.53178 -1.95555,0.53843 -3.43202,0.0237 -1.29288,-0.4507 -2.33136,-0.48282 -2.80844,-0.0869 -0.467,0.38758 -1.13152,0.39139 -1.73464,0.01 -1.42481,-0.90114 -8.44282,-0.77588 -9.97015,0.17796 -1.09356,0.68294 -1.45496,0.61538 -2.20657,-0.4125 -0.77478,-1.05958 -1.09159,-1.10882 -2.29574,-0.35682 -1.09542,0.68411 -1.60619,0.69871 -2.36655,0.0677 -0.5333,-0.4426 -1.45833,-0.61719 -2.05563,-0.38799 -2.2422,0.86041 -4.25357,-0.51663 -10.02813,-6.86554 -3.26569,-3.5905 -6.564,-6.89256 -7.32958,-7.3379 -0.76558,-0.44534 -2.88714,-0.82034 -4.71459,-0.83333 l -3.32262,-0.0238 -7.18729,7.3836 c -6.86023,7.0476 -7.30144,7.37535 -9.69595,7.20246 -1.37977,-0.0996 -2.87128,0.043 -3.31446,0.31688 -0.4432,0.2739 -1.8228,0.2172 -3.0658,-0.126 -1.295109,-0.3576 -2.650909,-0.3764 -3.175622,-0.044 -1.531787,0.97027 -2.582293,0.67211 -2.582293,-0.73294 0,-1.53542 -1.01642,-1.78745 -1.554427,-0.38543 -0.254887,0.66422 -1.124187,0.86424 -2.90466,0.66835 -2.84084,-0.31256 -8.361293,-0.46185 -8.874246,-0.23999 -0.183334,0.0793 -2.058334,0.19797 -4.166667,0.26374 -3.30608,0.10313 -3.833333,-0.0473 -3.833333,-1.09355 0,-0.66722 -0.3,-1.21312 -0.666667,-1.21312 -0.366666,0 -0.666666,0.45 -0.666666,1 0,1.06718 -1.73852,1.40174 -2.111114,0.40626 -0.12464,-0.33301 -1.682266,-0.36887 -3.547164,-0.0817 -3.01838,0.46484 -12.728495,-0.66091 -14.351263,-1.66383 -0.311243,-0.19236 -1.04488,0.33027 -1.630305,1.16141 -0.798781,1.13404 -1.197798,1.29755 -1.598915,0.65524 -0.318442,-0.50993 -1.025583,-0.66747 -1.749356,-0.38974 -3.85705,1.4801 7.853612,-9.55504 33.654783,-31.71342 5.683333,-4.88092 10.873093,-9.81186 11.5328,-10.95766 0.7395,-1.2844 1.11622,-3.04195 0.98238,-4.58327 l -0.21708,-2.5 h 33.850945 33.85095 v 1.73258 c 0,3.64745 2.15908,6.12307 14.80348,16.97381 26.14078,22.43263 37.86319,33.14988 37.86319,34.61657 0,1.09056 -1.37671,1.47097 -2.36253,0.65281 -0.76318,-0.63339 -1.2001,-0.6154 -2.04294,0.0841 -0.9047,0.75083 -1.19739,0.71852 -1.87402,-0.20683 -0.54757,-0.74884 -1.42325,-0.99257 -2.76119,-0.76853 -3.73953,0.62619 -9.2985,0.7136 -10.38931,0.16336 -0.71624,-0.36129 -1.38053,-0.21115 -1.91497,0.4328 -1.06767,1.28648 -1.72002,1.24414 -2.78391,-0.18067 z"
id="path1075" />
<path
style="fill:#717ebb;stroke-width:0.666667"
d="m 164.36892,207.48061 c -0.19289,-0.19349 -13.03128,-0.9833 -15.36892,-0.94548 -0.73334,0.0119 -3.16638,0.19749 -5.40676,0.41251 -3.46643,0.33269 -4.33286,0.18687 -5.81447,-0.97857 -1.43635,-1.12982 -1.99223,-1.23508 -3.17624,-0.60141 -0.78935,0.42245 -5.0271,0.90487 -9.41721,1.07205 -7.04049,0.2681 -8.08238,0.16672 -8.83276,-0.85948 -0.76626,-1.04792 -1.21998,-1.08081 -4.56956,-0.33121 -2.70464,0.60527 -4.0856,0.63595 -5.06372,0.11247 -0.89404,-0.47847 -2.58798,-0.52482 -5.05308,-0.13826 -2.039509,0.31983 -3.826049,0.39081 -3.970089,0.15774 -0.144046,-0.23306 -2.0096,-0.4949 -4.145673,-0.58186 -6.571893,-0.26752 -6.723386,-0.45292 -3.332453,-4.0781 3.242433,-3.46642 4.644413,-7.8786 3.096213,-9.74407 C 92.603791,190.12096 96.732798,190 126.66279,190 c 33.96731,0 34.1574,0.008 33.80649,1.34947 -0.79348,3.03427 0.84139,5.82768 6.49574,11.09894 l 5.5975,5.21826 h -4.00406 c -2.20223,0 -4.08752,-0.0837 -4.18954,-0.18606 z"
id="path1073" />
</g>
</g>
</svg>

Before

Width:  |  Height:  |  Size: 1016 B

After

Width:  |  Height:  |  Size: 18 KiB

+3
View File
@@ -0,0 +1,3 @@
<svg width="250" height="52" viewBox="0 0 250 52" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M83.3617 26.2877C84.7182 34.5501 77.5226 39.2067 70.2361 39.7434C65.5982 49.2532 49.2595 55.6749 35.0768 48.758C29.0142 49.6727 25.6911 48.1608 23.1259 45.2769C28.3094 38.6246 44.0002 26.6505 63.1694 32.8303C73.4 36.13 76.0524 28.3778 73.4872 25.4712C63.8325 14.5328 42.0374 24.3789 41.2493 25.1991C49.8127 12.1327 80.4402 8.46634 83.3617 26.2877ZM54.0073 11.2709C54.0603 11.252 47.0466 8.78383 37.2366 13.0095C36.8417 12.8634 36.4546 12.6969 36.0771 12.5106C45.512 6.25899 53.7837 3.60563 60.8542 4.63749C56.5725 -0.279907 35.9975 -3.89331 24.2095 7.88804C9.63655 5.0268 -0.556211 17.3449 0.0235256 28.5933C0.603262 39.8417 12.9066 46.8455 19.9165 44.9481C20.0849 44.9254 20.2557 44.9254 20.4242 44.9481C21.9777 37.5134 28.3207 20.2175 54.0073 11.2709ZM112.693 21.5441L114.001 15.8141H92.0539L91.5575 18.0328C90.9854 19.9944 92.5389 21.3854 94.2099 21.34H104.376L86.3551 37.2148L85.1387 42.5404H108.385L109.723 36.7083H95.0208L112.693 21.5441ZM127.334 26.1629C126.304 25.9021 120.533 25.029 120.893 23.0485C121.298 20.8146 124.034 20.603 125.364 20.6446C128.104 20.7239 128.968 21.9259 129.112 22.3492C129.491 23.4831 130.366 24.0539 131.647 24.0539H135.974C136.447 21.3816 136.576 15.2169 126.524 15.2169C123.295 15.2169 118.995 16.0258 116.149 19.2952C114.633 21.049 112 25.4032 114.686 28.6764C116.092 30.3282 119.756 31.6208 123.689 32.3881C126.232 32.887 127.577 33.9 127.297 35.0982C127.126 35.9032 126.114 37.7175 122.371 37.7137C120.696 37.7137 117.066 37.4491 117.759 33.6959H110.916C110.113 37.0976 109.817 43.0356 120.253 43.0356C124.277 43.0356 132.469 42.5253 134.602 33.9907C136.14 27.86 129.21 26.6467 127.334 26.1743V26.1629ZM151.524 35.6122C150.934 36.1561 150.242 36.5784 149.488 36.8547C148.733 37.131 147.932 37.256 147.129 37.2224C141.961 37.2715 142.544 32.1689 143.249 29.0884C143.954 26.008 145.617 21.0452 150.532 21.0565C154.014 21.0565 154.415 23.3055 154.594 23.9669H161.637C161.387 16.5511 155.689 15.1337 151.661 15.232C140.619 15.5042 137.425 24.7115 136.436 28.9902C133.552 41.4897 141.566 43.0507 145.401 43.0507C148.546 43.0507 155.431 42.2947 159.474 34.312H154.446C152.994 34.2591 152.324 34.9016 151.524 35.6084V35.6122ZM180.288 38.1748C178.256 40.5655 175.433 42.1506 172.33 42.6425C166.211 43.6516 157.799 43.3984 159.917 34.6106C160.595 31.806 161.645 29.9691 163.756 28.5857C167.291 26.2688 171.986 25.9399 173.509 25.7736C174.028 25.7169 177.878 25.4297 178.537 23.1581C179.181 20.9469 175.65 20.7655 174.661 20.7542C171.629 20.7202 170.603 21.9259 170.114 22.644H163.369C166.094 15.4928 173.6 15.2131 175.646 15.2131C177.919 15.2131 187.036 15.2131 185.297 22.7499C182.637 34.2628 182.523 35.4119 180.288 38.1748ZM177.256 29.1035C176.173 29.697 173.467 30.279 173.035 30.4038C171.648 30.812 168.996 30.9934 167.708 32.1954C166.605 33.2348 164.657 37.5285 169.284 37.6192C172.149 37.6721 175.725 36.0658 176.741 31.4016C176.953 30.3471 177.271 29.1035 177.271 29.1035H177.256ZM194.61 8.00143H190.973L183.069 42.5442H190.113L197.255 11.3162C197.566 10.3335 197.365 8.09593 194.61 8.00143ZM212.87 34.3082H217.906C216.322 37.4983 212.222 43.0507 203.826 43.0469C193.11 43.0469 193.769 33.5107 194.864 28.9864C197.896 16.4151 206.334 15.2282 210.093 15.2282C215.102 15.2282 222.949 17.2995 218.963 30.9934H201.533C201.109 32.8077 200.745 37.2715 205.55 37.2186C208.077 37.1921 209.024 36.2812 209.252 36.164C209.919 35.8314 210.525 34.3498 212.87 34.3082ZM202.583 26.4767H212.848C213.727 21.563 210.676 21.0528 208.956 21.0528C207.482 21.0528 203.973 21.5857 202.583 26.4767ZM227.97 18.7434C223.253 21.9523 221.691 27.1154 221.15 29.5911C220.718 31.5415 218.183 42.5442 218.183 42.5442H225.234C225.234 42.5442 227.906 30.4491 228.375 28.7898C228.932 26.8508 230.747 21.6084 237.772 21.8238L239.402 15.8254C233.718 15.644 229.967 17.3865 227.966 18.7434H227.97ZM240.27 10.617L240.448 9.7779H244.237L244.055 10.617H242.695L241.937 14.3135H240.914L241.69 10.617H240.27ZM246.506 9.7779L246.855 13.0625L248.606 9.7779H250L249.038 14.3135H248.113L248.947 10.7039L247.022 14.3135H246.264L245.824 10.7039L245.146 14.3135H244.203L245.157 9.7779H246.506Z" fill="#236BF5"/>
</svg>

After

Width:  |  Height:  |  Size: 4.1 KiB

+11
View File
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="900pt" height="750pt" viewBox="0 0 900 750" version="1.1" xmlns="http://www.w3.org/2000/svg">
<g id="#63788eff">
<path fill="#63788e" opacity="1.00" d=" M 169.76 58.08 C 248.92 45.26 328.85 36.97 408.99 34.00 C 434.66 34.01 460.32 33.98 485.98 34.01 C 566.09 36.97 645.97 45.22 725.07 58.14 C 773.12 123.20 820.59 188.70 868.62 253.78 C 857.86 253.89 847.46 250.91 836.96 248.98 C 699.42 221.76 559.34 204.66 418.96 206.84 C 416.92 207.01 414.93 207.43 412.94 207.86 C 389.26 208.73 365.56 209.50 341.91 211.16 C 286.53 214.80 231.34 221.09 176.45 229.24 C 125.58 236.94 74.79 245.53 24.64 257.10 C 25.55 254.66 27.15 252.60 28.71 250.54 C 75.59 186.29 122.48 122.04 169.76 58.08 Z" />
<path fill="#63788e" opacity="1.00" d=" M 428.98 510.59 C 522.23 511.26 615.32 501.64 707.12 485.63 C 622.30 560.00 537.49 634.39 452.56 708.65 C 450.19 710.68 448.64 713.49 446.12 715.36 C 441.25 709.40 435.10 704.72 429.35 699.67 C 349.99 630.09 270.59 560.55 191.23 490.97 C 198.21 487.63 205.87 489.81 213.04 491.12 C 273.93 500.89 335.34 507.54 396.96 510.28 C 407.63 510.63 418.31 511.53 428.98 510.59 Z" />
</g>
<g id="#4b596bff">
<path fill="#4b596b" opacity="1.00" d=" M 412.94 207.86 C 414.93 207.43 416.92 207.01 418.96 206.84 C 559.34 204.66 699.42 221.76 836.96 248.98 C 847.46 250.91 857.86 253.89 868.62 253.78 C 869.28 254.66 869.96 255.54 870.64 256.43 C 797.25 290.57 724.44 326.00 652.91 363.93 C 616.99 383.02 581.36 402.69 546.42 423.53 C 504.39 448.39 465.24 477.93 428.98 510.59 C 418.31 511.53 407.63 510.63 396.96 510.28 C 335.34 507.54 273.93 500.89 213.04 491.12 C 205.87 489.81 198.21 487.63 191.23 490.97 C 189.47 489.44 187.72 487.92 185.95 486.42 C 235.44 401.48 297.86 324.65 366.59 254.58 C 381.76 238.73 397.58 223.52 412.94 207.86 Z" />
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.9 KiB

+76
View File
@@ -0,0 +1,76 @@
# Sample workflow for building and deploying an Astro site to GitHub Pages
#
# To get started with Astro see: https://docs.astro.build/en/getting-started/
#
name: Deploy Astro site to Pages
on:
# Runs on pushes targeting the default branch
push:
branches: [$default-branch]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: read
pages: write
id-token: write
# Allow one concurrent deployment
concurrency:
group: "pages"
cancel-in-progress: true
env:
BUILD_PATH: "." # default value when not using subfolders
# BUILD_PATH: subfolder
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Detect package manager
id: detect-package-manager
run: |
if [ -f "${{ github.workspace }}/yarn.lock" ]; then
echo "::set-output name=manager::yarn"
echo "::set-output name=command::install"
echo "::set-output name=runner::yarn"
exit 0
elif [ -f "${{ github.workspace }}/package.json" ]; then
echo "::set-output name=manager::npm"
echo "::set-output name=command::ci"
echo "::set-output name=runner::npx --no-install"
exit 0
else
echo "Unable to determine packager manager"
exit 1
fi
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: "16"
cache: ${{ steps.detect-package-manager.outputs.manager }}
cache-dependency-path: ${{ env.BUILD_PATH }}/package-lock.json
- run: npm install && npm run build
working-directory: ${{ env.BUILD_PATH }}
- uses: actions/upload-pages-artifact@v1
with:
path: ${{ env.BUILD_PATH }}/dist
deploy:
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
needs: build
runs-on: ubuntu-latest
name: Deploy
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v1
+6
View File
@@ -0,0 +1,6 @@
{
"name": "Astro",
"description": "Deploy an Astro site.",
"iconName": "astro",
"categories": ["Pages", "Astro"]
}
+1 -1
View File
@@ -61,7 +61,7 @@ async function checkWorkflows(
const enabled =
!isPartnerWorkflow &&
workflowProperties.enterprise !== false &&
(workflowProperties.enterprise === true || folder !== 'code-scanning') &&
(await checkWorkflow(workflowFilePath, enabledActions));
const workflowDesc: WorkflowDesc = {
+57 -7
View File
@@ -9,7 +9,7 @@
"version": "1.0.0",
"license": "MIT",
"dependencies": {
"@actions/core": "^1.2.6",
"@actions/core": "^1.9.1",
"js-yaml": "^3.13.1",
"jsonschema": "^1.2.6"
},
@@ -21,9 +21,21 @@
}
},
"node_modules/@actions/core": {
"version": "1.2.6",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz",
"integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA=="
"version": "1.9.1",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
"integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
"dependencies": {
"@actions/http-client": "^2.0.1",
"uuid": "^8.3.2"
}
},
"node_modules/@actions/http-client": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
"integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
"dependencies": {
"tunnel": "^0.0.6"
}
},
"node_modules/@types/js-yaml": {
"version": "3.12.4",
@@ -153,6 +165,14 @@
"typescript": ">=2.7"
}
},
"node_modules/tunnel": {
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
"engines": {
"node": ">=0.6.11 <=0.7.0 || >=0.7.3"
}
},
"node_modules/typescript": {
"version": "3.9.2",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.2.tgz",
@@ -166,6 +186,14 @@
"node": ">=4.2.0"
}
},
"node_modules/uuid": {
"version": "8.3.2",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
"integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
"bin": {
"uuid": "dist/bin/uuid"
}
},
"node_modules/yn": {
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
@@ -178,9 +206,21 @@
},
"dependencies": {
"@actions/core": {
"version": "1.2.6",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz",
"integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA=="
"version": "1.9.1",
"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
"integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
"requires": {
"@actions/http-client": "^2.0.1",
"uuid": "^8.3.2"
}
},
"@actions/http-client": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
"integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
"requires": {
"tunnel": "^0.0.6"
}
},
"@types/js-yaml": {
"version": "3.12.4",
@@ -279,12 +319,22 @@
"yn": "3.1.1"
}
},
"tunnel": {
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
},
"typescript": {
"version": "3.9.2",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.2.tgz",
"integrity": "sha512-q2ktq4n/uLuNNShyayit+DTobV2ApPEo/6so68JaD5ojvc/6GClBipedB9zNWYxRSAlZXAe405Rlijzl6qDiSw==",
"dev": true
},
"uuid": {
"version": "8.3.2",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
"integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
},
"yn": {
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
+1 -1
View File
@@ -14,7 +14,7 @@
"typescript": "^3.9.2"
},
"dependencies": {
"@actions/core": "^1.2.6",
"@actions/core": "^1.9.1",
"js-yaml": "^3.13.1",
"jsonschema": "^1.2.6"
}
+6 -1
View File
@@ -3,7 +3,8 @@
"../../ci",
"../../automation",
"../../deployments",
"../../code-scanning"
"../../code-scanning",
"../../pages"
],
"allowed_categories": [
{
@@ -21,6 +22,10 @@
{
"path": "../../code-scanning",
"categories": ["Code Scanning", "Dependency review"]
},
{
"path": "../../pages",
"categories": ["Pages"]
}
]
}