diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 0a98861..05cb4b1 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -26,7 +26,7 @@ It is not: - [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests"). - [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build"). - [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification. -- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully. +- [ ] Should specify least privileged [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully. **For _CI_ workflows, the workflow:** diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..737e69c --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,31 @@ +name: Lint + +on: + pull_request_target: + branches: + - main + +jobs: + + pre-commit: + name: pre-commit + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - uses: actions/setup-python@v4 + with: + python-version: 3.8 + + - name: Cache pre-commit + uses: actions/cache@v3 + with: + path: ~/.cache/pre-commit + key: pre-commit-3|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }} + + - name: Install pre-commit + run: pip3 install pre-commit + + - name: Run pre-commit + run: pre-commit run --all-files --show-diff-on-failure --color always diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..19bf39d --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,6 @@ +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.3.0 + hooks: + - id: trailing-whitespace + files: (automation/|ci/|code-scanning/|deployments/|pages/).*(yaml|yml|json)$ diff --git a/README.md b/README.md index 7ff406f..d8ccca4 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`. * `description`: the description shown in onboarding * `iconName`: the icon name in the relevant folder, for example, `django` should have an icon `icons/django.svg`. Only SVG is supported at this time. Another option is to use [octicon](https://primer.style/octicons/). The format to use an octicon is `octicon <>`. Example: `octicon person` * `creator`: creator of the template shown in onboarding. All the workflow templates from an author will have the same `creator` field. -* `categories`: the categories that it will be shown under. Choose at least one category from the list [here](#categories). Further, choose the categories from the list of languages available [here](https://github.com/github/linguist/blob/master/lib/linguist/languages.yml). When a user views the available templates, those templates that match the same language will feature more prominently. +* `categories`: the categories that it will be shown under. Choose at least one category from the list [here](#categories). Further, choose the categories from the list of languages available [here](https://github.com/github/linguist/blob/master/lib/linguist/languages.yml) and the list of tech stacks available [here](https://github.com/github-starter-workflows/repo-analysis-partner/blob/main/tech_stacks.yml). When a user views the available templates, those templates that match the language and tech stacks will feature more prominently. ### Categories * continuous-integration @@ -50,3 +50,23 @@ These variables can be placed in the starter workflow and will be substituted as * `$default-branch`: will substitute the branch from the repository, for example `main` and `master` * `$protected-branches`: will substitute any protected branches from the repository * `$cron-daily`: will substitute a valid but random time within the day + +## How to test templates before publishing + +### Disable template for public +The template author adds a `labels` array in the template's `properties.json` file with a label `preview`. This will hide the template from users, unless user uses query parameter `preview=true` in the URL. +Example `properties.json` file: +```json +{ + "name": "Node.js", + "description": "Build and test a Node.js project with npm.", + "iconName": "nodejs", + "categories": ["Continuous integration", "JavaScript", "npm", "React", "Angular", "Vue"], + "labels": ["preview"] +} +``` + +For viewing the templates with `preview` label, provide query parameter `preview=true` to the `new workflow` page URL. Eg. `https://github.com///actions/new?preview=true`. + +### Enable template for public +Remove the `labels` array from `properties.json` file to publish the template to public diff --git a/ci/go.yml b/ci/go.yml index 4d95674..e89f6c9 100644 --- a/ci/go.yml +++ b/ci/go.yml @@ -19,7 +19,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.18 + go-version: 1.19 - name: Build run: go build -v ./... diff --git a/code-scanning/checkmarx-one.yml b/code-scanning/checkmarx-one.yml index d85c0c5..6214ab1 100644 --- a/code-scanning/checkmarx-one.yml +++ b/code-scanning/checkmarx-one.yml @@ -3,12 +3,12 @@ # separate terms of service, privacy policy, and support # documentation. -# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow. -# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository -# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling +# The Checkmarx One GitHub Action enables you to trigger SAST, SCA, and KICS scans directly from the GitHub workflow. +# It provides a wrapper around the Checkmarx One CLI Tool which creates a zip archive from your source code repository +# and uploads it to Checkmarx One for scanning. The Github Action provides easy integration with GitHub while enabling # scan customization using the full functionality and flexibility of the CLI tool. -# This is a basic workflow to help you get started with Using Checkmarx One Action, +# This is a basic workflow to help you get started with Using Checkmarx One Action, # documentation can be found here : https://checkmarx.com/resource/documents/en/34965-68702-checkmarx-one-github-actions.html name: Checkmarx Scan @@ -30,7 +30,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif - + # The type of runner that the job will run on runs-on: ubuntu-latest @@ -39,7 +39,7 @@ jobs: # This step checks out a copy of your repository. - name: Checkout repository uses: actions/checkout@v3 - # This step creates the Checkmarx One scan + # This step creates the Checkmarx One scan - name: Checkmarx One scan uses: checkmarx/ast-github-action@8e887bb93dacc44e0f5b64ee2b06d5815f89d4fc with: diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml index 3f0ecfb..002e424 100644 --- a/code-scanning/codeql.yml +++ b/code-scanning/codeql.yml @@ -34,6 +34,8 @@ jobs: matrix: language: [ $detected-codeql-languages ] # CodeQL supports [ $supported-codeql-languages ] + # Use only 'java' to analyze code written in Java, Kotlin or both + # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: diff --git a/code-scanning/datree.yml b/code-scanning/datree.yml new file mode 100644 index 0000000..2e44682 --- /dev/null +++ b/code-scanning/datree.yml @@ -0,0 +1,47 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# A sample workflow which checks out your code and scans your desired k8s config files for misconfigurations using the Datree CLI. +# The results are then uploaded to GitHub Security Code Scanning. +# +# For more information and configurations options, see https://github.com/datreeio/action-datree/ + +name: Datree + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + +permissions: + contents: read + +jobs: + datree: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Run Datree policy check + continue-on-error: true + uses: datreeio/action-datree@de67ae7a5133d719dc794e1b75682cd4c5f94d8a + env: + # In order to use the Datree action you will need to have a Datree token. + # See https://hub.datree.io/setup/account-token#1-get-your-account-token-from-the-dashboard to acquire your token. + DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} + with: + # Add the path to the configuration file/s that you would like to test. + # See https://github.com/datreeio/action-datree#usage for all available options. + path: test-file.yaml + # Setting a SARIF output will generate a file named "datree.sarif" containing your test results + cliArguments: "-o sarif" + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: datree.sarif diff --git a/code-scanning/properties/codeql.properties.json b/code-scanning/properties/codeql.properties.json index 8ee80b4..f5e78bf 100644 --- a/code-scanning/properties/codeql.properties.json +++ b/code-scanning/properties/codeql.properties.json @@ -2,7 +2,7 @@ "name": "CodeQL Analysis", "creator": "GitHub", "enterprise": true, - "description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.", + "description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, Ruby and Kotlin developers.", "iconName": "octicon mark-github", - "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"] + "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby", "Kotlin"] } diff --git a/code-scanning/properties/datree.properties.json b/code-scanning/properties/datree.properties.json new file mode 100644 index 0000000..b7c695c --- /dev/null +++ b/code-scanning/properties/datree.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Datree", + "creator": "Datree", + "description": "Detect misconfigurations in your Kubernetes manifests and present them in Github code scanning", + "iconName": "datree", + "categories": ["Code Scanning", "YAML"] +} diff --git a/code-scanning/properties/dependency-review.properties.json b/code-scanning/properties/dependency-review.properties.json index c195c73..f76aacd 100644 --- a/code-scanning/properties/dependency-review.properties.json +++ b/code-scanning/properties/dependency-review.properties.json @@ -13,4 +13,4 @@ "Ruby", "Actions", "PHP"] -} +} diff --git a/code-scanning/properties/mobsf.properties.json b/code-scanning/properties/mobsf.properties.json index a6afbfa..fb5d65b 100644 --- a/code-scanning/properties/mobsf.properties.json +++ b/code-scanning/properties/mobsf.properties.json @@ -4,10 +4,10 @@ "description": "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.", "iconName": "mobsf", "categories": [ - "Code Scanning", - "Java", - "Swift", - "Objective-C", + "Code Scanning", + "Java", + "Swift", + "Objective-C", "Kotlin" ] } \ No newline at end of file diff --git a/code-scanning/properties/pmd.properties.json b/code-scanning/properties/pmd.properties.json index b96ecb7..7b79709 100644 --- a/code-scanning/properties/pmd.properties.json +++ b/code-scanning/properties/pmd.properties.json @@ -4,12 +4,12 @@ "description": "PMD is a static source code analyzer. It supports Java, JavaScript, Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.", "iconName": "pmd", "categories": [ - "Code Scanning", - "Java", - "JavaScript", - "Apex", - "Modelica", - "PLSQL", + "Code Scanning", + "Java", + "JavaScript", + "Apex", + "Modelica", + "PLSQL", "Apache Velocity", "XML", "XSl", diff --git a/code-scanning/properties/semgrep.properties.json b/code-scanning/properties/semgrep.properties.json index 5f74ed5..f1fffe3 100644 --- a/code-scanning/properties/semgrep.properties.json +++ b/code-scanning/properties/semgrep.properties.json @@ -4,4 +4,4 @@ "description": "Continuously run Semgrep to find bugs and enforce secure code standards. Start with 1k+ community rules or write your own in a few minutes.", "iconName": "semgrep", "categories": ["Code Scanning", "Go", "Java", "JavaScript", "JSON", "Python", "Ruby", "TypeScript", "JSX", "TSX"] -} \ No newline at end of file +} diff --git a/code-scanning/properties/sobelow.properties.json b/code-scanning/properties/sobelow.properties.json index 163e866..960ac8a 100644 --- a/code-scanning/properties/sobelow.properties.json +++ b/code-scanning/properties/sobelow.properties.json @@ -8,4 +8,3 @@ "Elixir" ] } - \ No newline at end of file diff --git a/code-scanning/properties/sonarcloud.properties.json b/code-scanning/properties/sonarcloud.properties.json index 9b88a78..0f4e151 100644 --- a/code-scanning/properties/sonarcloud.properties.json +++ b/code-scanning/properties/sonarcloud.properties.json @@ -3,5 +3,5 @@ "creator": "Sonar", "description": "Static analysis of code for vulnerability detection, covering 26+ languages. Start cleaning your code in minutes!", "iconName": "sonarcloud", - "categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"] + "categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"] } diff --git a/code-scanning/properties/sonarqube.properties.json b/code-scanning/properties/sonarqube.properties.json new file mode 100644 index 0000000..009602b --- /dev/null +++ b/code-scanning/properties/sonarqube.properties.json @@ -0,0 +1,7 @@ +{ + "name": "SonarQube", + "creator": "Sonar", + "description": "Static analysis of code for vulnerability detection, covering 26+ languages. Start cleaning your code in minutes!", + "iconName": "sonarqube", + "categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"] +} diff --git a/code-scanning/scorecards.yml b/code-scanning/scorecards.yml index 11e305f..0e42bae 100644 --- a/code-scanning/scorecards.yml +++ b/code-scanning/scorecards.yml @@ -41,11 +41,11 @@ jobs: with: results_file: results.sarif results_format: sarif - # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if: + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: # - you want to enable the Branch-Protection check on a *public* repository, or # - you are installing Scorecards on a *private* repository # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} + # repo_token: ${{ secrets.SCORECARD_TOKEN }} # Public repositories: # - Publish results to OpenSSF REST API for easy access by consumers diff --git a/code-scanning/sonarqube.yml b/code-scanning/sonarqube.yml new file mode 100644 index 0000000..220e43a --- /dev/null +++ b/code-scanning/sonarqube.yml @@ -0,0 +1,66 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow helps you trigger a SonarQube analysis of your code and populates +# GitHub Code Scanning alerts with the vulnerabilities found. +# (this feature is available starting from SonarQube 9.7, Developer Edition and above) + +# 1. Make sure you add a valid GitHub configuration to your SonarQube (Administration > DevOps platforms > GitHub) + +# 2. Import your project on SonarQube +# * Add your repository as a new project by clicking "Create project" from your homepage. +# +# 3. Select GitHub Actions as your CI and follow the tutorial +# * a. Generate a new token and add it to your GitHub repository's secrets using the name SONAR_TOKEN +# (On SonarQube, click on your avatar on top-right > My account > Security or ask your administrator) +# +# * b. Copy/paste your SonarQube host URL to your GitHub repository's secrets using the name SONAR_HOST_URL +# +# * c. Copy/paste the project Key into the args parameter below +# (You'll find this information in SonarQube by following the tutorial or by clicking on Project Information at the top-right of your project's homepage) + +# Feel free to take a look at our documentation (https://docs.sonarqube.org/latest/analysis/github-integration/) +# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/sq/10) + +name: SonarQube analysis + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + workflow_dispatch: + +permissions: + pull-requests: read # allows SonarQube to decorate PRs with analysis results + +jobs: + Analysis: + runs-on: ubuntu-latest + + steps: + - name: Analyze with SonarQube + + # You can pin the exact commit or the version. + # uses: SonarSource/sonarqube-scan-action@v1.1.0 + uses: SonarSource/sonarqube-scan-action@7295e71c9583053f5bf40e9d4068a0c974603ec8 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on SonarQube, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} # add the URL of your instance to the secrets of this repo with the name SONAR_HOST_URL (Settings > Secrets > Actions > add new repository secret) + with: + # Additional arguments for the sonarcloud scanner + args: + # Unique key of your project. You can find it in SonarQube > [my project] > Project Information (top-right menu) + # mandatory + -Dsonar.projectKey= + # Comma-separated paths to directories containing main source files. + #-Dsonar.sources= # optional, default is project base directory + # When you need the analysis to take place in a directory other than the one from which it was launched + #-Dsonar.projectBaseDir= # optional, default is . + # Comma-separated paths to directories containing test source files. + #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ + # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. + #-Dsonar.verbose= # optional, default is false diff --git a/code-scanning/soos-dast-scan.yml b/code-scanning/soos-dast-scan.yml index 1c69dfb..99b9027 100644 --- a/code-scanning/soos-dast-scan.yml +++ b/code-scanning/soos-dast-scan.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Run SOOS DAST Scan - uses: soos-io/soos-dast-github-action@5b9c65687cee49aee1c776759f25561f908be565 # Use latest version from https://github.com/marketplace/actions/soos-dast + uses: soos-io/soos-dast-github-action@3e71b27756f4ed77d7ad3c0ad92afddb47a40e4d # Use latest version from https://github.com/marketplace/actions/soos-dast with: client_id: ${{ secrets.SOOS_CLIENT_ID }} api_key: ${{ secrets.SOOS_API_KEY }} @@ -45,6 +45,4 @@ jobs: - name: Upload SOOS DAST SARIF Report uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: results.sarif - - + sarif_file: results.sarif \ No newline at end of file diff --git a/deployments/aws.yml b/deployments/aws.yml index 9585844..af7d87d 100644 --- a/deployments/aws.yml +++ b/deployments/aws.yml @@ -75,7 +75,7 @@ jobs: # be deployed to ECS. docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" + echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT - name: Fill in the new image ID in the Amazon ECS task definition id: task-def diff --git a/icons/datree.svg b/icons/datree.svg new file mode 100644 index 0000000..ca986c6 --- /dev/null +++ b/icons/datree.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/icons/sonarqube.svg b/icons/sonarqube.svg new file mode 100644 index 0000000..a4bba35 --- /dev/null +++ b/icons/sonarqube.svg @@ -0,0 +1 @@ +SonarQube icon diff --git a/pages/astro.yml b/pages/astro.yml index 1d4ec5f..77f2924 100644 --- a/pages/astro.yml +++ b/pages/astro.yml @@ -38,14 +38,14 @@ jobs: id: detect-package-manager run: | if [ -f "${{ github.workspace }}/yarn.lock" ]; then - echo "::set-output name=manager::yarn" - echo "::set-output name=command::install" - echo "::set-output name=runner::yarn" + echo "manager=yarn" >> $GITHUB_OUTPUT + echo "command=install" >> $GITHUB_OUTPUT + echo "runner=yarn" >> $GITHUB_OUTPUT exit 0 elif [ -f "${{ github.workspace }}/package.json" ]; then - echo "::set-output name=manager::npm" - echo "::set-output name=command::ci" - echo "::set-output name=runner::npx --no-install" + echo "manager=npm" >> $GITHUB_OUTPUT + echo "command=ci" >> $GITHUB_OUTPUT + echo "runner=npx --no-install" >> $GITHUB_OUTPUT exit 0 else echo "Unable to determine packager manager" @@ -57,9 +57,20 @@ jobs: node-version: "16" cache: ${{ steps.detect-package-manager.outputs.manager }} cache-dependency-path: ${{ env.BUILD_PATH }}/package-lock.json - - run: npm install && npm run build + - name: Setup Pages + id: pages + uses: actions/configure-pages@v2 + - name: Install dependencies + run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }} working-directory: ${{ env.BUILD_PATH }} - - uses: actions/upload-pages-artifact@v1 + - name: Build with Astro + run: | + ${{ steps.detect-package-manager.outputs.runner }} astro build \ + --site "${{ steps.pages.outputs.origin }}" \ + --base "${{ steps.pages.outputs.base_path }}" + working-directory: ${{ env.BUILD_PATH }} + - name: Upload artifact + uses: actions/upload-pages-artifact@v1 with: path: ${{ env.BUILD_PATH }}/dist diff --git a/pages/gatsby.yml b/pages/gatsby.yml index 4f2857d..a288d7d 100644 --- a/pages/gatsby.yml +++ b/pages/gatsby.yml @@ -39,12 +39,12 @@ jobs: id: detect-package-manager run: | if [ -f "${{ github.workspace }}/yarn.lock" ]; then - echo "::set-output name=manager::yarn" - echo "::set-output name=command::install" + echo "manager=yarn" >> $GITHUB_OUTPUT + echo "command=install" >> $GITHUB_OUTPUT exit 0 elif [ -f "${{ github.workspace }}/package.json" ]; then - echo "::set-output name=manager::npm" - echo "::set-output name=command::ci" + echo "manager=npm" >> $GITHUB_OUTPUT + echo "command=ci" >> $GITHUB_OUTPUT exit 0 else echo "Unable to determine packager manager" @@ -53,7 +53,7 @@ jobs: - name: Setup Node uses: actions/setup-node@v3 with: - node-version: "16" + node-version: "18" cache: ${{ steps.detect-package-manager.outputs.manager }} - name: Setup Pages id: pages diff --git a/pages/hugo.yml b/pages/hugo.yml index f273fb2..05a5b50 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -30,12 +30,14 @@ jobs: build: runs-on: ubuntu-latest env: - HUGO_VERSION: 0.102.3 + HUGO_VERSION: 0.108.0 steps: - name: Install Hugo CLI run: | - wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_Linux-64bit.deb \ + wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.deb \ && sudo dpkg -i ${{ runner.temp }}/hugo.deb + - name: Install Dart Sass Embedded + run: sudo snap install dart-sass-embedded - name: Checkout uses: actions/checkout@v3 with: @@ -43,6 +45,8 @@ jobs: - name: Setup Pages id: pages uses: actions/configure-pages@v2 + - name: Install Node.js dependencies + run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true" - name: Build with Hugo env: # For maximum backward compatibility with Hugo modules diff --git a/pages/nextjs.yml b/pages/nextjs.yml index 5c2bf67..7e39f83 100644 --- a/pages/nextjs.yml +++ b/pages/nextjs.yml @@ -34,14 +34,14 @@ jobs: id: detect-package-manager run: | if [ -f "${{ github.workspace }}/yarn.lock" ]; then - echo "::set-output name=manager::yarn" - echo "::set-output name=command::install" - echo "::set-output name=runner::yarn" + echo "manager=yarn" >> $GITHUB_OUTPUT + echo "command=install" >> $GITHUB_OUTPUT + echo "runner=yarn" >> $GITHUB_OUTPUT exit 0 elif [ -f "${{ github.workspace }}/package.json" ]; then - echo "::set-output name=manager::npm" - echo "::set-output name=command::ci" - echo "::set-output name=runner::npx --no-install" + echo "manager=npm" >> $GITHUB_OUTPUT + echo "command=ci" >> $GITHUB_OUTPUT + echo "runner=npx --no-install" >> $GITHUB_OUTPUT exit 0 else echo "Unable to determine packager manager" diff --git a/pages/nuxtjs.yml b/pages/nuxtjs.yml index 4178f18..660202e 100644 --- a/pages/nuxtjs.yml +++ b/pages/nuxtjs.yml @@ -34,12 +34,12 @@ jobs: id: detect-package-manager run: | if [ -f "${{ github.workspace }}/yarn.lock" ]; then - echo "::set-output name=manager::yarn" - echo "::set-output name=command::install" + echo "manager=yarn" >> $GITHUB_OUTPUT + echo "command=install" >> $GITHUB_OUTPUT exit 0 elif [ -f "${{ github.workspace }}/package.json" ]; then - echo "::set-output name=manager::npm" - echo "::set-output name=command::ci" + echo "manager=npm" >> $GITHUB_OUTPUT + echo "command=ci" >> $GITHUB_OUTPUT exit 0 else echo "Unable to determine packager manager" diff --git a/script/sync-ghes/index.ts b/script/sync-ghes/index.ts index a320d36..f53d220 100755 --- a/script/sync-ghes/index.ts +++ b/script/sync-ghes/index.ts @@ -61,7 +61,7 @@ async function checkWorkflows( const enabled = !isPartnerWorkflow && - (workflowProperties.enterprise === true || folder !== 'code-scanning') && + (workflowProperties.enterprise === true || basename(folder) !== 'code-scanning') && (await checkWorkflow(workflowFilePath, enabledActions)); const workflowDesc: WorkflowDesc = {