Merge branch 'main' into main

This commit is contained in:
Sampark Sharma
2022-12-16 14:37:41 +05:30
committed by GitHub
29 changed files with 258 additions and 58 deletions
+1 -1
View File
@@ -26,7 +26,7 @@ It is not:
- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
- [ ] Should specify least privileged [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
**For _CI_ workflows, the workflow:**
+31
View File
@@ -0,0 +1,31 @@
name: Lint
on:
pull_request_target:
branches:
- main
jobs:
pre-commit:
name: pre-commit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: 3.8
- name: Cache pre-commit
uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: pre-commit-3|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
- name: Install pre-commit
run: pip3 install pre-commit
- name: Run pre-commit
run: pre-commit run --all-files --show-diff-on-failure --color always
+6
View File
@@ -0,0 +1,6 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0
hooks:
- id: trailing-whitespace
files: (automation/|ci/|code-scanning/|deployments/|pages/).*(yaml|yml|json)$
+21 -1
View File
@@ -29,7 +29,7 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`.
* `description`: the description shown in onboarding
* `iconName`: the icon name in the relevant folder, for example, `django` should have an icon `icons/django.svg`. Only SVG is supported at this time. Another option is to use [octicon](https://primer.style/octicons/). The format to use an octicon is `octicon <<icon name>>`. Example: `octicon person`
* `creator`: creator of the template shown in onboarding. All the workflow templates from an author will have the same `creator` field.
* `categories`: the categories that it will be shown under. Choose at least one category from the list [here](#categories). Further, choose the categories from the list of languages available [here](https://github.com/github/linguist/blob/master/lib/linguist/languages.yml). When a user views the available templates, those templates that match the same language will feature more prominently.
* `categories`: the categories that it will be shown under. Choose at least one category from the list [here](#categories). Further, choose the categories from the list of languages available [here](https://github.com/github/linguist/blob/master/lib/linguist/languages.yml) and the list of tech stacks available [here](https://github.com/github-starter-workflows/repo-analysis-partner/blob/main/tech_stacks.yml). When a user views the available templates, those templates that match the language and tech stacks will feature more prominently.
### Categories
* continuous-integration
@@ -50,3 +50,23 @@ These variables can be placed in the starter workflow and will be substituted as
* `$default-branch`: will substitute the branch from the repository, for example `main` and `master`
* `$protected-branches`: will substitute any protected branches from the repository
* `$cron-daily`: will substitute a valid but random time within the day
## How to test templates before publishing
### Disable template for public
The template author adds a `labels` array in the template's `properties.json` file with a label `preview`. This will hide the template from users, unless user uses query parameter `preview=true` in the URL.
Example `properties.json` file:
```json
{
"name": "Node.js",
"description": "Build and test a Node.js project with npm.",
"iconName": "nodejs",
"categories": ["Continuous integration", "JavaScript", "npm", "React", "Angular", "Vue"],
"labels": ["preview"]
}
```
For viewing the templates with `preview` label, provide query parameter `preview=true` to the `new workflow` page URL. Eg. `https://github.com/<owner>/<repo_name>/actions/new?preview=true`.
### Enable template for public
Remove the `labels` array from `properties.json` file to publish the template to public
+1 -1
View File
@@ -19,7 +19,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.18
go-version: 1.19
- name: Build
run: go build -v ./...
+6 -6
View File
@@ -3,12 +3,12 @@
# separate terms of service, privacy policy, and support
# documentation.
# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow.
# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository
# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling
# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow.
# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository
# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling
# scan customization using the full functionality and flexibility of the CLI tool.
# This is a basic workflow to help you get started with Using Checkmarx One Action,
# This is a basic workflow to help you get started with Using Checkmarx One Action,
# documentation can be found here : https://checkmarx.com/resource/documents/en/34965-68702-checkmarx-one-github-actions.html
name: Checkmarx Scan
@@ -30,7 +30,7 @@ jobs:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif
# The type of runner that the job will run on
runs-on: ubuntu-latest
@@ -39,7 +39,7 @@ jobs:
# This step checks out a copy of your repository.
- name: Checkout repository
uses: actions/checkout@v3
# This step creates the Checkmarx One scan
# This step creates the Checkmarx One scan
- name: Checkmarx One scan
uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc
with:
+2
View File
@@ -34,6 +34,8 @@ jobs:
matrix:
language: [ $detected-codeql-languages ]
# CodeQL supports [ $supported-codeql-languages ]
# Use only 'java' to analyze code written in Java, Kotlin or both
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
+47
View File
@@ -0,0 +1,47 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# A sample workflow which checks out your code and scans your desired k8s config files for misconfigurations using the Datree CLI.
# The results are then uploaded to GitHub Security Code Scanning.
#
# For more information and configurations options, see https://github.com/datreeio/action-datree/
name: Datree
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
permissions:
contents: read
jobs:
datree:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Datree policy check
continue-on-error: true
uses: datreeio/action-datree@de67ae7a5133d719dc794e1b75682cd4c5f94d8a
env:
# In order to use the Datree action you will need to have a Datree token.
# See https://hub.datree.io/setup/account-token#1-get-your-account-token-from-the-dashboard to acquire your token.
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
with:
# Add the path to the configuration file/s that you would like to test.
# See https://github.com/datreeio/action-datree#usage for all available options.
path: test-file.yaml
# Setting a SARIF output will generate a file named "datree.sarif" containing your test results
cliArguments: "-o sarif"
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: datree.sarif
@@ -2,7 +2,7 @@
"name": "CodeQL Analysis",
"creator": "GitHub",
"enterprise": true,
"description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.",
"description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, Ruby and Kotlin developers.",
"iconName": "octicon mark-github",
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"]
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby", "Kotlin"]
}
@@ -0,0 +1,7 @@
{
"name": "Datree",
"creator": "Datree",
"description": "Detect misconfigurations in your Kubernetes manifests and present them in Github code scanning",
"iconName": "datree",
"categories": ["Code Scanning", "YAML"]
}
@@ -13,4 +13,4 @@
"Ruby",
"Actions",
"PHP"]
}
}
@@ -4,10 +4,10 @@
"description": "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.",
"iconName": "mobsf",
"categories": [
"Code Scanning",
"Java",
"Swift",
"Objective-C",
"Code Scanning",
"Java",
"Swift",
"Objective-C",
"Kotlin"
]
}
+6 -6
View File
@@ -4,12 +4,12 @@
"description": "PMD is a static source code analyzer. It supports Java, JavaScript, Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.",
"iconName": "pmd",
"categories": [
"Code Scanning",
"Java",
"JavaScript",
"Apex",
"Modelica",
"PLSQL",
"Code Scanning",
"Java",
"JavaScript",
"Apex",
"Modelica",
"PLSQL",
"Apache Velocity",
"XML",
"XSl",
@@ -4,4 +4,4 @@
"description": "Continuously run Semgrep to find bugs and enforce secure code standards. Start with 1k+ community rules or write your own in a few minutes.",
"iconName": "semgrep",
"categories": ["Code Scanning", "Go", "Java", "JavaScript", "JSON", "Python", "Ruby", "TypeScript", "JSX", "TSX"]
}
}
@@ -8,4 +8,3 @@
"Elixir"
]
}
@@ -3,5 +3,5 @@
"creator": "Sonar",
"description": "Static analysis of code for vulnerability detection, covering 26+ languages. Start cleaning your code in minutes!",
"iconName": "sonarcloud",
"categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"]
"categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"]
}
@@ -0,0 +1,7 @@
{
"name": "SonarQube",
"creator": "Sonar",
"description": "Static analysis of code for vulnerability detection, covering 26+ languages. Start cleaning your code in minutes!",
"iconName": "sonarqube",
"categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"]
}
+2 -2
View File
@@ -41,11 +41,11 @@ jobs:
with:
results_file: results.sarif
results_format: sarif
# (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecards on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
+66
View File
@@ -0,0 +1,66 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow helps you trigger a SonarQube analysis of your code and populates
# GitHub Code Scanning alerts with the vulnerabilities found.
# (this feature is available starting from SonarQube 9.7, Developer Edition and above)
# 1. Make sure you add a valid GitHub configuration to your SonarQube (Administration > DevOps platforms > GitHub)
# 2. Import your project on SonarQube
# * Add your repository as a new project by clicking "Create project" from your homepage.
#
# 3. Select GitHub Actions as your CI and follow the tutorial
# * a. Generate a new token and add it to your GitHub repository's secrets using the name SONAR_TOKEN
# (On SonarQube, click on your avatar on top-right > My account > Security or ask your administrator)
#
# * b. Copy/paste your SonarQube host URL to your GitHub repository's secrets using the name SONAR_HOST_URL
#
# * c. Copy/paste the project Key into the args parameter below
# (You'll find this information in SonarQube by following the tutorial or by clicking on Project Information at the top-right of your project's homepage)
# Feel free to take a look at our documentation (https://docs.sonarqube.org/latest/analysis/github-integration/)
# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/sq/10)
name: SonarQube analysis
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
workflow_dispatch:
permissions:
pull-requests: read # allows SonarQube to decorate PRs with analysis results
jobs:
Analysis:
runs-on: ubuntu-latest
steps:
- name: Analyze with SonarQube
# You can pin the exact commit or the version.
# uses: SonarSource/sonarqube-scan-action@v1.1.0
uses: SonarSource/sonarqube-scan-action@7295e71c9583053f5bf40e9d4068a0c974603ec8
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on SonarQube, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} # add the URL of your instance to the secrets of this repo with the name SONAR_HOST_URL (Settings > Secrets > Actions > add new repository secret)
with:
# Additional arguments for the sonarcloud scanner
args:
# Unique key of your project. You can find it in SonarQube > [my project] > Project Information (top-right menu)
# mandatory
-Dsonar.projectKey=
# Comma-separated paths to directories containing main source files.
#-Dsonar.sources= # optional, default is project base directory
# When you need the analysis to take place in a directory other than the one from which it was launched
#-Dsonar.projectBaseDir= # optional, default is .
# Comma-separated paths to directories containing test source files.
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
#-Dsonar.verbose= # optional, default is false
+2 -4
View File
@@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Run SOOS DAST Scan
uses: soos-io/soos-dast-github-action@5b9c65687cee49aee1c776759f25561f908be565 # Use latest version from https://github.com/marketplace/actions/soos-dast
uses: soos-io/soos-dast-github-action@3e71b27756f4ed77d7ad3c0ad92afddb47a40e4d # Use latest version from https://github.com/marketplace/actions/soos-dast
with:
client_id: ${{ secrets.SOOS_CLIENT_ID }}
api_key: ${{ secrets.SOOS_API_KEY }}
@@ -45,6 +45,4 @@ jobs:
- name: Upload SOOS DAST SARIF Report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
sarif_file: results.sarif
+1 -1
View File
@@ -75,7 +75,7 @@ jobs:
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
+1
View File
@@ -0,0 +1 @@
<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 85 100"><defs><style>.cls-1{fill:#05ccc2;}.cls-1,.cls-2{fill-rule:evenodd;}.cls-2{fill:#00141e;}</style></defs><path class="cls-1" d="M59.2,45.29,49,55.47a12.15,12.15,0,0,0-1.67,2.06,12.63,12.63,0,0,0-1.22,2.37,14.44,14.44,0,0,0-.71,2.56,15.69,15.69,0,0,0-.24,2.77V88.38h5.45V65.23a10,10,0,0,1,.14-1.76,8.39,8.39,0,0,1,.44-1.6,6.59,6.59,0,0,1,.7-1.34,7.22,7.22,0,0,1,1-1.19L63.07,49.16Z"/><path class="cls-1" d="M73.4,31.89a8,8,0,0,0-1.72-2.57l-16-16a7.95,7.95,0,0,0-11.24,0l-1.82,1.83L19.16,38.66,23,42.53,46.52,19.05l1.83-1.83a2.44,2.44,0,0,1,.79-.53,2.64,2.64,0,0,1,1-.19,2.6,2.6,0,0,1,.95.19,2.48,2.48,0,0,1,.8.53l16,16a2.59,2.59,0,0,1,.53.8,2.64,2.64,0,0,1,.19.95,2.5,2.5,0,0,1-.72,1.75L66,38.51l-.15.15L62,42.53l3.88,3.87,5.84-5.84A8,8,0,0,0,73.4,38a8.19,8.19,0,0,0,.6-3v-.1A8.19,8.19,0,0,0,73.4,31.89Z"/><path class="cls-1" d="M16.66,51.07a2.54,2.54,0,0,1-.19-.94v-.21h0a2.23,2.23,0,0,1,.15-.63h0l-4-4a7.81,7.81,0,0,0-1,1.78,8.16,8.16,0,0,0-.6,2.84h0v.21a7.89,7.89,0,0,0,2.31,5.61L30.54,73V65.21L17.2,51.87A2.46,2.46,0,0,1,16.66,51.07Z"/><path class="cls-2" d="M69.71,42.53l.15.15,1.82,1.83A7.9,7.9,0,0,1,74,49.92h0v.21a8,8,0,0,1-.6,3,7.67,7.67,0,0,1-1.71,2.56L54.48,73V65.21L67.81,51.87a2.46,2.46,0,0,0,.54-.8,2.36,2.36,0,0,0,.19-.94v-.21h0a2.29,2.29,0,0,0-.18-.74,2.33,2.33,0,0,0-.53-.8L66,46.55l-4.17-4.17L45.21,25.78l3.87-3.87,16.61,16.6.15.15h0ZM11,34.89V35a8.19,8.19,0,0,0,.6,3,8,8,0,0,0,1.72,2.57L32.1,59.34a7.22,7.22,0,0,1,1,1.19,6.59,6.59,0,0,1,.7,1.34,9.19,9.19,0,0,1,.44,1.6,10,10,0,0,1,.14,1.76V88.38H39.8V65.23a15.69,15.69,0,0,0-.24-2.77,14.44,14.44,0,0,0-.71-2.56,12.63,12.63,0,0,0-1.22-2.37A12.15,12.15,0,0,0,36,55.47L23.19,42.68,23,42.53l-3.87-3.87L19,38.51l-1.83-1.82a2.5,2.5,0,0,1-.72-1.75,2.64,2.64,0,0,1,.19-.95,2.59,2.59,0,0,1,.53-.8l16-16a2.48,2.48,0,0,1,.8-.53,2.6,2.6,0,0,1,.95-.19,2.64,2.64,0,0,1,1,.19,2.44,2.44,0,0,1,.79.53l1.83,1.83.15.15,4-4-.15.15-.15-.15-1.82-1.83a7.95,7.95,0,0,0-11.24,0l-16,16a8,8,0,0,0-1.72,2.57A8.19,8.19,0,0,0,11,34.89Z"/><path class="cls-2" d="M69.71,42.53l.15.15,1.82,1.83A7.9,7.9,0,0,1,74,49.92h0v.21a8,8,0,0,1-.6,3,7.67,7.67,0,0,1-1.71,2.56L54.48,73V65.21L67.81,51.87a2.46,2.46,0,0,0,.54-.8,2.36,2.36,0,0,0,.19-.94v-.21h0a2.29,2.29,0,0,0-.18-.74,2.33,2.33,0,0,0-.53-.8L66,46.55l-4.17-4.17L45.21,25.78l3.87-3.87,16.61,16.6.15.15h0Z"/></svg>

After

Width:  |  Height:  |  Size: 2.3 KiB

+1
View File
@@ -0,0 +1 @@
<svg id="Calque_1" data-name="Calque 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><defs><style>.cls-1{fill:#549dd0;}</style></defs><title>SonarQube icon</title><g id="Illustration_5" data-name="Illustration 5"><path class="cls-1" d="M408.78,448.09H386.5c0-179.36-148-325.28-329.91-325.28V100.53C250.79,100.53,408.78,256.44,408.78,448.09Z"/><path class="cls-1" d="M424.18,328.48C397.43,216,306.27,122,192,89.2l5.12-17.84C317.73,106,414,205.23,442.24,324.19Z"/><path class="cls-1" d="M441.31,222.87c-27.55-60.08-74.49-112.46-132.17-147.51l7.72-12.7c60.19,36.58,109.18,91.27,138,154Z"/></g></svg>

After

Width:  |  Height:  |  Size: 609 B

+19 -8
View File
@@ -38,14 +38,14 @@ jobs:
id: detect-package-manager
run: |
if [ -f "${{ github.workspace }}/yarn.lock" ]; then
echo "::set-output name=manager::yarn"
echo "::set-output name=command::install"
echo "::set-output name=runner::yarn"
echo "manager=yarn" >> $GITHUB_OUTPUT
echo "command=install" >> $GITHUB_OUTPUT
echo "runner=yarn" >> $GITHUB_OUTPUT
exit 0
elif [ -f "${{ github.workspace }}/package.json" ]; then
echo "::set-output name=manager::npm"
echo "::set-output name=command::ci"
echo "::set-output name=runner::npx --no-install"
echo "manager=npm" >> $GITHUB_OUTPUT
echo "command=ci" >> $GITHUB_OUTPUT
echo "runner=npx --no-install" >> $GITHUB_OUTPUT
exit 0
else
echo "Unable to determine packager manager"
@@ -57,9 +57,20 @@ jobs:
node-version: "16"
cache: ${{ steps.detect-package-manager.outputs.manager }}
cache-dependency-path: ${{ env.BUILD_PATH }}/package-lock.json
- run: npm install && npm run build
- name: Setup Pages
id: pages
uses: actions/configure-pages@v2
- name: Install dependencies
run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }}
working-directory: ${{ env.BUILD_PATH }}
- uses: actions/upload-pages-artifact@v1
- name: Build with Astro
run: |
${{ steps.detect-package-manager.outputs.runner }} astro build \
--site "${{ steps.pages.outputs.origin }}" \
--base "${{ steps.pages.outputs.base_path }}"
working-directory: ${{ env.BUILD_PATH }}
- name: Upload artifact
uses: actions/upload-pages-artifact@v1
with:
path: ${{ env.BUILD_PATH }}/dist
+5 -5
View File
@@ -39,12 +39,12 @@ jobs:
id: detect-package-manager
run: |
if [ -f "${{ github.workspace }}/yarn.lock" ]; then
echo "::set-output name=manager::yarn"
echo "::set-output name=command::install"
echo "manager=yarn" >> $GITHUB_OUTPUT
echo "command=install" >> $GITHUB_OUTPUT
exit 0
elif [ -f "${{ github.workspace }}/package.json" ]; then
echo "::set-output name=manager::npm"
echo "::set-output name=command::ci"
echo "manager=npm" >> $GITHUB_OUTPUT
echo "command=ci" >> $GITHUB_OUTPUT
exit 0
else
echo "Unable to determine packager manager"
@@ -53,7 +53,7 @@ jobs:
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: "16"
node-version: "18"
cache: ${{ steps.detect-package-manager.outputs.manager }}
- name: Setup Pages
id: pages
+6 -2
View File
@@ -30,12 +30,14 @@ jobs:
build:
runs-on: ubuntu-latest
env:
HUGO_VERSION: 0.102.3
HUGO_VERSION: 0.108.0
steps:
- name: Install Hugo CLI
run: |
wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_Linux-64bit.deb \
wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.deb \
&& sudo dpkg -i ${{ runner.temp }}/hugo.deb
- name: Install Dart Sass Embedded
run: sudo snap install dart-sass-embedded
- name: Checkout
uses: actions/checkout@v3
with:
@@ -43,6 +45,8 @@ jobs:
- name: Setup Pages
id: pages
uses: actions/configure-pages@v2
- name: Install Node.js dependencies
run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true"
- name: Build with Hugo
env:
# For maximum backward compatibility with Hugo modules
+6 -6
View File
@@ -34,14 +34,14 @@ jobs:
id: detect-package-manager
run: |
if [ -f "${{ github.workspace }}/yarn.lock" ]; then
echo "::set-output name=manager::yarn"
echo "::set-output name=command::install"
echo "::set-output name=runner::yarn"
echo "manager=yarn" >> $GITHUB_OUTPUT
echo "command=install" >> $GITHUB_OUTPUT
echo "runner=yarn" >> $GITHUB_OUTPUT
exit 0
elif [ -f "${{ github.workspace }}/package.json" ]; then
echo "::set-output name=manager::npm"
echo "::set-output name=command::ci"
echo "::set-output name=runner::npx --no-install"
echo "manager=npm" >> $GITHUB_OUTPUT
echo "command=ci" >> $GITHUB_OUTPUT
echo "runner=npx --no-install" >> $GITHUB_OUTPUT
exit 0
else
echo "Unable to determine packager manager"
+4 -4
View File
@@ -34,12 +34,12 @@ jobs:
id: detect-package-manager
run: |
if [ -f "${{ github.workspace }}/yarn.lock" ]; then
echo "::set-output name=manager::yarn"
echo "::set-output name=command::install"
echo "manager=yarn" >> $GITHUB_OUTPUT
echo "command=install" >> $GITHUB_OUTPUT
exit 0
elif [ -f "${{ github.workspace }}/package.json" ]; then
echo "::set-output name=manager::npm"
echo "::set-output name=command::ci"
echo "manager=npm" >> $GITHUB_OUTPUT
echo "command=ci" >> $GITHUB_OUTPUT
exit 0
else
echo "Unable to determine packager manager"
+1 -1
View File
@@ -61,7 +61,7 @@ async function checkWorkflows(
const enabled =
!isPartnerWorkflow &&
(workflowProperties.enterprise === true || folder !== 'code-scanning') &&
(workflowProperties.enterprise === true || basename(folder) !== 'code-scanning') &&
(await checkWorkflow(workflowFilePath, enabledActions));
const workflowDesc: WorkflowDesc = {