Merge branch 'actions:main' into main

This commit is contained in:
fredster33
2021-09-13 20:00:15 -07:00
committed by GitHub
43 changed files with 151 additions and 48 deletions
+2
View File
@@ -5,6 +5,8 @@ on:
jobs:
build:
permissions:
issues: write
runs-on: ubuntu-latest
steps:
- name: Close Issue
+2
View File
@@ -5,6 +5,8 @@ on:
jobs:
build:
permissions:
issues: write
runs-on: ubuntu-latest
steps:
- name: Close Issue
+3
View File
@@ -7,6 +7,9 @@ on:
jobs:
stale:
permissions:
issues: write
pull-requests: write
runs-on: ubuntu-latest
steps:
+2
View File
@@ -7,6 +7,8 @@ on:
jobs:
sync:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+2
View File
@@ -6,6 +6,8 @@ on:
jobs:
validate-data:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+16 -4
View File
@@ -12,7 +12,7 @@ These are the workflow files for helping people get started with GitHub Actions.
### Directory structure
* [ci](ci): solutions for Continuous Integration
* [ci](ci): solutions for Continuous Integration and Deployments
* [automation](automation): solutions for automating workflows.
* [code-scanning](code-scanning): starter workflows for [Code Scanning](https://github.com/features/security)
* [icons](icons): svg icons for the relevant template
@@ -23,10 +23,22 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`.
### Valid properties
* `name`: the name shown in onboarding
* `name`: the name shown in onboarding. This property is unique within the repository.
* `description`: the description shown in onboarding
* `iconName`: the icon name in the relevant folder, for example `django` should have an icon `icons/django.svg`. Only SVG is supported at this time
* `categories`: the categories that it will be shown under
* `iconName`: the icon name in the relevant folder, for example, `django` should have an icon `icons/django.svg`. Only SVG is supported at this time. Another option is to use [octicon](https://primer.style/octicons/). The format to use an octicon is `octicon <<icon name>>`. Example: `octicon person`
* `creator`: creator of the template shown in onboarding. All the workflow templates from an author will have the same `creator` field.
* `categories`: the categories that it will be shown under. Choose at least one category from the list [here](#categories). Further, choose the categories from the list of languages available [here](https://github.com/github/linguist/blob/master/lib/linguist/languages.yml). When a user views the available templates, those templates that match the same language will feature more prominently.
### Categories
* continuous-integration
* deployment
* testing
* code-quality
* code-review
* dependency-management
* monitoring
* Automation
* utilities
### Variables
These variables can be placed in the starter workflow and will be substituted as detailed below:
+5
View File
@@ -1,3 +1,8 @@
# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
#
# You can adjust the behavior by modifying this file.
# For more information, see:
# https://github.com/actions/stale
name: Mark stale issues and pull requests
on:
+1
View File
@@ -18,6 +18,7 @@ jobs:
with:
java-version: '11'
distribution: 'adopt'
cache: gradle
- name: Grant execute permission for gradlew
run: chmod +x gradlew
+1 -1
View File
@@ -107,7 +107,7 @@ jobs:
- name: Remove the pfx
run: Remove-Item -path $env:Wap_Project_Directory\$env:Signing_Certificate
# Upload the MSIX package: https://github.com/marketplace/actions/upload-artifact
# Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact
- name: Upload build artifacts
uses: actions/upload-artifact@v2
with:
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
go-version: 1.17
- name: Build
run: go build -v ./...
+2 -1
View File
@@ -1,4 +1,4 @@
# This workflow will build a Java project with Gradle
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
name: Java CI with Gradle
@@ -21,6 +21,7 @@ jobs:
with:
java-version: '11'
distribution: 'adopt'
cache: gradle
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Build with Gradle
+2 -1
View File
@@ -1,4 +1,4 @@
# This workflow will build a Java project with Maven
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
name: Java CI with Maven
@@ -21,5 +21,6 @@ jobs:
with:
java-version: '11'
distribution: 'adopt'
cache: maven
- name: Build with Maven
run: mvn -B package --file pom.xml
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Ruby Gem",
"description": "Pushes a Ruby Gem to RubyGems and GitHub Package Registry.",
"iconName": "ruby-gems",
"categories": ["Ruby", "SDLC"]
"categories": ["Ruby"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Java Package with Gradle",
"description": "Build a Java Package using Gradle and publish to GitHub Packages.",
"iconName": "gradle",
"categories": ["Java", "Gradle"]
"categories": ["Java", "Gradle", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Gradle",
"description": "Build and test a Java project using a Gradle wrapper script.",
"iconName": "gradle",
"categories": ["Java", "Gradle"]
"categories": ["Java", "Gradle", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Java Package with Maven",
"description": "Build a Java Package using Maven and publish to GitHub Packages.",
"iconName": "maven",
"categories": ["Java", "Maven"]
"categories": ["Java", "Maven", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Maven",
"description": "Build and test a Java project with Apache Maven.",
"iconName": "maven",
"categories": ["Java", "Maven"]
"categories": ["Java", "Maven", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Node.js",
"description": "Build and test a Node.js project with npm.",
"iconName": "nodejs",
"categories": ["JavaScript", "Node", "Npm"]
"categories": ["JavaScript", "npm", "React", "Angular"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Node.js Package",
"description": "Publishes a Node.js package to npm and GitHub Packages.",
"iconName": "node-package-transparent",
"categories": ["JavaScript", "SDLC"]
"categories": ["JavaScript", "npm"]
}
+6
View File
@@ -0,0 +1,6 @@
{
"name": "Rails - Build and Run Linters",
"description": "Build Rails application and run linters",
"iconName": "ruby",
"categories": ["Ruby", "Rails"]
}
+1 -1
View File
@@ -16,7 +16,7 @@ on:
jobs:
build:
runs-on: macOS-latest
runs-on: macos-latest
strategy:
matrix:
r-version: [3.5, 3.6]
+32
View File
@@ -0,0 +1,32 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will download a prebuilt Ruby version, install dependencies, and run linters
name: Build Rails and run linters
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
run-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Ruby and install gems
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
# Add or Replace any other security checks here
- name: Run security checks
run: |
bin/bundler-audit --update
bin/brakeman -q -w2
# Add or Replace any other Linters here
- name: Run linters
run: |
bin/rubocop --parallel
@@ -1,7 +1,7 @@
{
"name": "DevSkim",
"creator": "Microsoft CST-E",
"description": "DevSkim is security linter that highlights common security issues in source code.",
"description": "DevSkim is a security linter that highlights common security issues in source code.",
"iconName": "cst-logo",
"categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"]
}
View File
View File
@@ -3,5 +3,5 @@
"description": "Deploy a container to Alibaba Cloud Container Service for Kubernetes (ACK).",
"creator": "Alibaba Cloud",
"iconName": "alibabacloud",
"categories": null
"categories": ["Deployment"]
}
@@ -3,5 +3,5 @@
"description": "Deploy a container to an Amazon ECS service powered by AWS Fargate or Amazon EC2.",
"creator": "Amazon Web Services",
"iconName": "aws",
"categories": null
"categories": ["Deployment"]
}
@@ -3,5 +3,5 @@
"description": "Build a Node.js project and deploy it to an Azure Web App.",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": null
"categories": ["Deployment"]
}
@@ -3,5 +3,5 @@
"description": "Build a docker container, publish it to Google Container Registry, and deploy to GKE.",
"creator": "Google Cloud",
"iconName": "googlegke",
"categories": null
"categories": ["Deployment"]
}
@@ -3,5 +3,5 @@
"description": "Build a docker container, publish it to IBM Cloud Container Registry, and deploy to IBM Cloud Kubernetes Service.",
"creator": "IBM",
"iconName": "ibm",
"categories": null
"categories": ["Deployment"]
}
@@ -3,5 +3,5 @@
"description": "Build a Docker-based project and deploy it to OpenShift.",
"creator": "Red Hat",
"iconName": "openshift",
"categories": [ "Dockerfile" ]
"categories": ["Dockerfile","Deployment" ]
}
@@ -3,5 +3,5 @@
"description": "This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE).",
"creator": "Tencent Cloud",
"iconName": "tencentcloud",
"categories": null
"categories": ["Deployment"]
}
@@ -3,5 +3,5 @@
"description": "Set up Terraform CLI in your GitHub Actions workflow.",
"creator": "HashiCorp",
"iconName": "terraform",
"categories": null
"categories": ["Deployment"]
}
+12 -8
View File
@@ -19,6 +19,8 @@ interface WorkflowProperties {
iconName?: string;
categories: string[] | null;
creator?: string;
}
interface WorkflowsCheckResult {
@@ -28,12 +30,14 @@ interface WorkflowsCheckResult {
async function checkWorkflows(
folders: string[],
enabledActions: string[]
enabledActions: string[],
partners: string[]
): Promise<WorkflowsCheckResult> {
const result: WorkflowsCheckResult = {
compatibleWorkflows: [],
incompatibleWorkflows: [],
};
const partnersSet = new Set(partners.map((x) => x.toLowerCase()));
for (const folder of folders) {
const dir = await fs.readdir(folder, {
@@ -41,7 +45,7 @@ async function checkWorkflows(
});
for (const e of dir) {
if (e.isFile()) {
if (e.isFile() && extname(e.name) === ".yml") {
const workflowFilePath = join(folder, e.name);
const workflowId = basename(e.name, extname(e.name));
const workflowProperties: WorkflowProperties = require(join(
@@ -51,11 +55,10 @@ async function checkWorkflows(
));
const iconName: string | undefined = workflowProperties["iconName"];
const isBlankTemplate = workflowId === "blank";
const partnerWorkflow = workflowProperties.categories === null;
const isPartnerWorkflow = workflowProperties.creator ? partnersSet.has(workflowProperties.creator.toLowerCase()) : false;
const enabled =
(isBlankTemplate || !partnerWorkflow) &&
!isPartnerWorkflow &&
(await checkWorkflow(workflowFilePath, enabledActions));
const workflowDesc: WorkflowDesc = {
@@ -90,7 +93,6 @@ async function checkWorkflow(
): Promise<boolean> {
// Create set with lowercase action names for easier, case-insensitive lookup
const enabledActionsSet = new Set(enabledActions.map((x) => x.toLowerCase()));
try {
const workflowFileContent = await fs.readFile(workflowPath, "utf8");
const workflow = safeLoad(workflowFileContent);
@@ -102,7 +104,8 @@ async function checkWorkflow(
if (!!step.uses) {
// Check if allowed action
const [actionName, _] = step.uses.split("@");
if (!enabledActionsSet.has(actionName.toLowerCase())) {
const actionNwo = actionName.split("/").slice(0, 2).join("/");
if (!enabledActionsSet.has(actionNwo.toLowerCase())) {
console.info(
`Workflow ${workflowPath} uses '${actionName}' which is not supported for GHES.`
);
@@ -126,7 +129,8 @@ async function checkWorkflow(
const result = await checkWorkflows(
settings.folders,
settings.enabledActions
settings.enabledActions,
settings.partners
);
console.group(
+15 -2
View File
@@ -1,7 +1,9 @@
{
"folders": [
"../../ci",
"../../automation"
"../../automation",
"../../deployments",
"../../code-scanning"
],
"enabledActions": [
"actions/checkout",
@@ -15,6 +17,17 @@
"actions/stale",
"actions/starter-workflows",
"actions/upload-artifact",
"actions/upload-release-asset"
"actions/upload-release-asset",
"github/codeql-action"
],
"partners": [
"Alibaba Cloud",
"Amazon Web Services",
"Microsoft Azure",
"Google Cloud",
"IBM",
"Red Hat",
"Tencent Cloud",
"HashiCorp"
]
}
+28 -12
View File
@@ -7,6 +7,7 @@ import { endGroup, error, info, setFailed, startGroup } from '@actions/core';
interface WorkflowWithErrors {
id: string;
name: string;
errors: string[];
}
@@ -20,7 +21,7 @@ interface WorkflowProperties {
const propertiesSchema = {
type: "object",
properties: {
name: { type: "string", required: true },
name: { type: "string", required: true , "minLength": 1},
description: { type: "string", required: true },
creator: { type: "string", required: false },
iconName: { type: "string", required: true },
@@ -41,7 +42,7 @@ const propertiesSchema = {
async function checkWorkflows(folders: string[]): Promise<WorkflowWithErrors[]> {
const result: WorkflowWithErrors[] = []
const workflow_template_names = new Set()
for (const folder of folders) {
const dir = await fs.readdir(folder, {
withFileTypes: true,
@@ -54,9 +55,12 @@ async function checkWorkflows(folders: string[]): Promise<WorkflowWithErrors[]>
const workflowFilePath = join(folder, e.name);
const propertiesFilePath = join(folder, "properties", `${fileType}.properties.json`)
const errors = await checkWorkflow(workflowFilePath, propertiesFilePath);
if (errors.errors.length > 0) {
result.push(errors)
const workflowWithErrors = await checkWorkflow(workflowFilePath, propertiesFilePath);
if(workflowWithErrors.name && workflow_template_names.size == workflow_template_names.add(workflowWithErrors.name).size) {
workflowWithErrors.errors.push(`Workflow template name "${workflowWithErrors.name}" already exists`)
}
if (workflowWithErrors.errors.length > 0) {
result.push(workflowWithErrors)
}
}
}
@@ -68,6 +72,7 @@ async function checkWorkflows(folders: string[]): Promise<WorkflowWithErrors[]>
async function checkWorkflow(workflowPath: string, propertiesPath: string): Promise<WorkflowWithErrors> {
let workflowErrors: WorkflowWithErrors = {
id: workflowPath,
name: null,
errors: []
}
@@ -77,17 +82,28 @@ async function checkWorkflow(workflowPath: string, propertiesPath: string): Prom
const propertiesFileContent = await fs.readFile(propertiesPath, "utf8")
const properties: WorkflowProperties = JSON.parse(propertiesFileContent)
if(properties.name && properties.name.trim().length > 0) {
workflowErrors.name = properties.name
}
let v = new validator();
const res = v.validate(properties, propertiesSchema)
workflowErrors.errors = res.errors.map(e => e.toString())
if (properties.iconName && !properties.iconName.startsWith("octicon")) {
try {
await fs.access(`../../icons/${properties.iconName}.svg`)
} catch (e) {
workflowErrors.errors.push(`No icon named ${properties.iconName} found`)
if (properties.iconName) {
if(! /^octicon\s+/.test(properties.iconName)) {
try {
await fs.access(`../../icons/${properties.iconName}.svg`)
} catch (e) {
workflowErrors.errors.push(`No icon named ${properties.iconName} found`)
}
}
else {
let iconName = properties.iconName.match(/^octicon\s+(.*)/)
if(!iconName || iconName[1].split(".")[0].length <= 0) {
workflowErrors.errors.push(`No icon named ${properties.iconName} found`)
}
}
}
} catch (e) {
workflowErrors.errors.push(e.toString())
+2 -1
View File
@@ -1,6 +1,7 @@
{
"folders": [
"../../ci",
"../../automation"
"../../automation",
"../../deployments"
]
}