Merge branch 'actions:main' into main
This commit is contained in:
@@ -5,6 +5,8 @@ on:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
permissions:
|
||||
issues: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Close Issue
|
||||
|
||||
@@ -5,6 +5,8 @@ on:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
permissions:
|
||||
issues: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Close Issue
|
||||
|
||||
@@ -7,6 +7,9 @@ on:
|
||||
jobs:
|
||||
stale:
|
||||
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
||||
@@ -7,6 +7,8 @@ on:
|
||||
|
||||
jobs:
|
||||
sync:
|
||||
permissions:
|
||||
contents: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
@@ -6,6 +6,8 @@ on:
|
||||
|
||||
jobs:
|
||||
validate-data:
|
||||
permissions:
|
||||
contents: read
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
@@ -12,7 +12,7 @@ These are the workflow files for helping people get started with GitHub Actions.
|
||||
|
||||
### Directory structure
|
||||
|
||||
* [ci](ci): solutions for Continuous Integration
|
||||
* [ci](ci): solutions for Continuous Integration and Deployments
|
||||
* [automation](automation): solutions for automating workflows.
|
||||
* [code-scanning](code-scanning): starter workflows for [Code Scanning](https://github.com/features/security)
|
||||
* [icons](icons): svg icons for the relevant template
|
||||
@@ -23,10 +23,22 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`.
|
||||
|
||||
### Valid properties
|
||||
|
||||
* `name`: the name shown in onboarding
|
||||
* `name`: the name shown in onboarding. This property is unique within the repository.
|
||||
* `description`: the description shown in onboarding
|
||||
* `iconName`: the icon name in the relevant folder, for example `django` should have an icon `icons/django.svg`. Only SVG is supported at this time
|
||||
* `categories`: the categories that it will be shown under
|
||||
* `iconName`: the icon name in the relevant folder, for example, `django` should have an icon `icons/django.svg`. Only SVG is supported at this time. Another option is to use [octicon](https://primer.style/octicons/). The format to use an octicon is `octicon <<icon name>>`. Example: `octicon person`
|
||||
* `creator`: creator of the template shown in onboarding. All the workflow templates from an author will have the same `creator` field.
|
||||
* `categories`: the categories that it will be shown under. Choose at least one category from the list [here](#categories). Further, choose the categories from the list of languages available [here](https://github.com/github/linguist/blob/master/lib/linguist/languages.yml). When a user views the available templates, those templates that match the same language will feature more prominently.
|
||||
|
||||
### Categories
|
||||
* continuous-integration
|
||||
* deployment
|
||||
* testing
|
||||
* code-quality
|
||||
* code-review
|
||||
* dependency-management
|
||||
* monitoring
|
||||
* Automation
|
||||
* utilities
|
||||
|
||||
### Variables
|
||||
These variables can be placed in the starter workflow and will be substituted as detailed below:
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
|
||||
#
|
||||
# You can adjust the behavior by modifying this file.
|
||||
# For more information, see:
|
||||
# https://github.com/actions/stale
|
||||
name: Mark stale issues and pull requests
|
||||
|
||||
on:
|
||||
|
||||
@@ -18,6 +18,7 @@ jobs:
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
cache: gradle
|
||||
|
||||
- name: Grant execute permission for gradlew
|
||||
run: chmod +x gradlew
|
||||
|
||||
@@ -107,7 +107,7 @@ jobs:
|
||||
- name: Remove the pfx
|
||||
run: Remove-Item -path $env:Wap_Project_Directory\$env:Signing_Certificate
|
||||
|
||||
# Upload the MSIX package: https://github.com/marketplace/actions/upload-artifact
|
||||
# Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact
|
||||
- name: Upload build artifacts
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
|
||||
@@ -16,7 +16,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: 1.16
|
||||
go-version: 1.17
|
||||
|
||||
- name: Build
|
||||
run: go build -v ./...
|
||||
|
||||
+2
-1
@@ -1,4 +1,4 @@
|
||||
# This workflow will build a Java project with Gradle
|
||||
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
|
||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
|
||||
|
||||
name: Java CI with Gradle
|
||||
@@ -21,6 +21,7 @@ jobs:
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
cache: gradle
|
||||
- name: Grant execute permission for gradlew
|
||||
run: chmod +x gradlew
|
||||
- name: Build with Gradle
|
||||
|
||||
+2
-1
@@ -1,4 +1,4 @@
|
||||
# This workflow will build a Java project with Maven
|
||||
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
|
||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
|
||||
|
||||
name: Java CI with Maven
|
||||
@@ -21,5 +21,6 @@ jobs:
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
cache: maven
|
||||
- name: Build with Maven
|
||||
run: mvn -B package --file pom.xml
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Ruby Gem",
|
||||
"description": "Pushes a Ruby Gem to RubyGems and GitHub Package Registry.",
|
||||
"iconName": "ruby-gems",
|
||||
"categories": ["Ruby", "SDLC"]
|
||||
"categories": ["Ruby"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Publish Java Package with Gradle",
|
||||
"description": "Build a Java Package using Gradle and publish to GitHub Packages.",
|
||||
"iconName": "gradle",
|
||||
"categories": ["Java", "Gradle"]
|
||||
"categories": ["Java", "Gradle", "Spring", "JSF"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Java with Gradle",
|
||||
"description": "Build and test a Java project using a Gradle wrapper script.",
|
||||
"iconName": "gradle",
|
||||
"categories": ["Java", "Gradle"]
|
||||
"categories": ["Java", "Gradle", "Spring", "JSF"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Publish Java Package with Maven",
|
||||
"description": "Build a Java Package using Maven and publish to GitHub Packages.",
|
||||
"iconName": "maven",
|
||||
"categories": ["Java", "Maven"]
|
||||
"categories": ["Java", "Maven", "Spring", "JSF"]
|
||||
}
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Java with Maven",
|
||||
"description": "Build and test a Java project with Apache Maven.",
|
||||
"iconName": "maven",
|
||||
"categories": ["Java", "Maven"]
|
||||
"categories": ["Java", "Maven", "Spring", "JSF"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Node.js",
|
||||
"description": "Build and test a Node.js project with npm.",
|
||||
"iconName": "nodejs",
|
||||
"categories": ["JavaScript", "Node", "Npm"]
|
||||
"categories": ["JavaScript", "npm", "React", "Angular"]
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@
|
||||
"name": "Publish Node.js Package",
|
||||
"description": "Publishes a Node.js package to npm and GitHub Packages.",
|
||||
"iconName": "node-package-transparent",
|
||||
"categories": ["JavaScript", "SDLC"]
|
||||
"categories": ["JavaScript", "npm"]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Rails - Build and Run Linters",
|
||||
"description": "Build Rails application and run linters",
|
||||
"iconName": "ruby",
|
||||
"categories": ["Ruby", "Rails"]
|
||||
}
|
||||
@@ -16,7 +16,7 @@ on:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: macOS-latest
|
||||
runs-on: macos-latest
|
||||
strategy:
|
||||
matrix:
|
||||
r-version: [3.5, 3.6]
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# This workflow will download a prebuilt Ruby version, install dependencies, and run linters
|
||||
name: Build Rails and run linters
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
jobs:
|
||||
run-lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Setup Ruby and install gems
|
||||
uses: ruby/setup-ruby@v1
|
||||
with:
|
||||
bundler-cache: true
|
||||
# Add or Replace any other security checks here
|
||||
- name: Run security checks
|
||||
run: |
|
||||
bin/bundler-audit --update
|
||||
bin/brakeman -q -w2
|
||||
# Add or Replace any other Linters here
|
||||
- name: Run linters
|
||||
run: |
|
||||
bin/rubocop --parallel
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "DevSkim",
|
||||
"creator": "Microsoft CST-E",
|
||||
"description": "DevSkim is security linter that highlights common security issues in source code.",
|
||||
"description": "DevSkim is a security linter that highlights common security issues in source code.",
|
||||
"iconName": "cst-logo",
|
||||
"categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"]
|
||||
}
|
||||
|
||||
+1
-1
@@ -3,5 +3,5 @@
|
||||
"description": "Deploy a container to Alibaba Cloud Container Service for Kubernetes (ACK).",
|
||||
"creator": "Alibaba Cloud",
|
||||
"iconName": "alibabacloud",
|
||||
"categories": null
|
||||
"categories": ["Deployment"]
|
||||
}
|
||||
@@ -3,5 +3,5 @@
|
||||
"description": "Deploy a container to an Amazon ECS service powered by AWS Fargate or Amazon EC2.",
|
||||
"creator": "Amazon Web Services",
|
||||
"iconName": "aws",
|
||||
"categories": null
|
||||
"categories": ["Deployment"]
|
||||
}
|
||||
@@ -3,5 +3,5 @@
|
||||
"description": "Build a Node.js project and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": null
|
||||
"categories": ["Deployment"]
|
||||
}
|
||||
+1
-1
@@ -3,5 +3,5 @@
|
||||
"description": "Build a docker container, publish it to Google Container Registry, and deploy to GKE.",
|
||||
"creator": "Google Cloud",
|
||||
"iconName": "googlegke",
|
||||
"categories": null
|
||||
"categories": ["Deployment"]
|
||||
}
|
||||
@@ -3,5 +3,5 @@
|
||||
"description": "Build a docker container, publish it to IBM Cloud Container Registry, and deploy to IBM Cloud Kubernetes Service.",
|
||||
"creator": "IBM",
|
||||
"iconName": "ibm",
|
||||
"categories": null
|
||||
"categories": ["Deployment"]
|
||||
}
|
||||
+1
-1
@@ -3,5 +3,5 @@
|
||||
"description": "Build a Docker-based project and deploy it to OpenShift.",
|
||||
"creator": "Red Hat",
|
||||
"iconName": "openshift",
|
||||
"categories": [ "Dockerfile" ]
|
||||
"categories": ["Dockerfile","Deployment" ]
|
||||
}
|
||||
+1
-1
@@ -3,5 +3,5 @@
|
||||
"description": "This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE).",
|
||||
"creator": "Tencent Cloud",
|
||||
"iconName": "tencentcloud",
|
||||
"categories": null
|
||||
"categories": ["Deployment"]
|
||||
}
|
||||
+1
-1
@@ -3,5 +3,5 @@
|
||||
"description": "Set up Terraform CLI in your GitHub Actions workflow.",
|
||||
"creator": "HashiCorp",
|
||||
"iconName": "terraform",
|
||||
"categories": null
|
||||
"categories": ["Deployment"]
|
||||
}
|
||||
@@ -19,6 +19,8 @@ interface WorkflowProperties {
|
||||
iconName?: string;
|
||||
|
||||
categories: string[] | null;
|
||||
|
||||
creator?: string;
|
||||
}
|
||||
|
||||
interface WorkflowsCheckResult {
|
||||
@@ -28,12 +30,14 @@ interface WorkflowsCheckResult {
|
||||
|
||||
async function checkWorkflows(
|
||||
folders: string[],
|
||||
enabledActions: string[]
|
||||
enabledActions: string[],
|
||||
partners: string[]
|
||||
): Promise<WorkflowsCheckResult> {
|
||||
const result: WorkflowsCheckResult = {
|
||||
compatibleWorkflows: [],
|
||||
incompatibleWorkflows: [],
|
||||
};
|
||||
const partnersSet = new Set(partners.map((x) => x.toLowerCase()));
|
||||
|
||||
for (const folder of folders) {
|
||||
const dir = await fs.readdir(folder, {
|
||||
@@ -41,7 +45,7 @@ async function checkWorkflows(
|
||||
});
|
||||
|
||||
for (const e of dir) {
|
||||
if (e.isFile()) {
|
||||
if (e.isFile() && extname(e.name) === ".yml") {
|
||||
const workflowFilePath = join(folder, e.name);
|
||||
const workflowId = basename(e.name, extname(e.name));
|
||||
const workflowProperties: WorkflowProperties = require(join(
|
||||
@@ -51,11 +55,10 @@ async function checkWorkflows(
|
||||
));
|
||||
const iconName: string | undefined = workflowProperties["iconName"];
|
||||
|
||||
const isBlankTemplate = workflowId === "blank";
|
||||
const partnerWorkflow = workflowProperties.categories === null;
|
||||
const isPartnerWorkflow = workflowProperties.creator ? partnersSet.has(workflowProperties.creator.toLowerCase()) : false;
|
||||
|
||||
const enabled =
|
||||
(isBlankTemplate || !partnerWorkflow) &&
|
||||
!isPartnerWorkflow &&
|
||||
(await checkWorkflow(workflowFilePath, enabledActions));
|
||||
|
||||
const workflowDesc: WorkflowDesc = {
|
||||
@@ -90,7 +93,6 @@ async function checkWorkflow(
|
||||
): Promise<boolean> {
|
||||
// Create set with lowercase action names for easier, case-insensitive lookup
|
||||
const enabledActionsSet = new Set(enabledActions.map((x) => x.toLowerCase()));
|
||||
|
||||
try {
|
||||
const workflowFileContent = await fs.readFile(workflowPath, "utf8");
|
||||
const workflow = safeLoad(workflowFileContent);
|
||||
@@ -102,7 +104,8 @@ async function checkWorkflow(
|
||||
if (!!step.uses) {
|
||||
// Check if allowed action
|
||||
const [actionName, _] = step.uses.split("@");
|
||||
if (!enabledActionsSet.has(actionName.toLowerCase())) {
|
||||
const actionNwo = actionName.split("/").slice(0, 2).join("/");
|
||||
if (!enabledActionsSet.has(actionNwo.toLowerCase())) {
|
||||
console.info(
|
||||
`Workflow ${workflowPath} uses '${actionName}' which is not supported for GHES.`
|
||||
);
|
||||
@@ -126,7 +129,8 @@ async function checkWorkflow(
|
||||
|
||||
const result = await checkWorkflows(
|
||||
settings.folders,
|
||||
settings.enabledActions
|
||||
settings.enabledActions,
|
||||
settings.partners
|
||||
);
|
||||
|
||||
console.group(
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
{
|
||||
"folders": [
|
||||
"../../ci",
|
||||
"../../automation"
|
||||
"../../automation",
|
||||
"../../deployments",
|
||||
"../../code-scanning"
|
||||
],
|
||||
"enabledActions": [
|
||||
"actions/checkout",
|
||||
@@ -15,6 +17,17 @@
|
||||
"actions/stale",
|
||||
"actions/starter-workflows",
|
||||
"actions/upload-artifact",
|
||||
"actions/upload-release-asset"
|
||||
"actions/upload-release-asset",
|
||||
"github/codeql-action"
|
||||
],
|
||||
"partners": [
|
||||
"Alibaba Cloud",
|
||||
"Amazon Web Services",
|
||||
"Microsoft Azure",
|
||||
"Google Cloud",
|
||||
"IBM",
|
||||
"Red Hat",
|
||||
"Tencent Cloud",
|
||||
"HashiCorp"
|
||||
]
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import { endGroup, error, info, setFailed, startGroup } from '@actions/core';
|
||||
|
||||
interface WorkflowWithErrors {
|
||||
id: string;
|
||||
name: string;
|
||||
errors: string[];
|
||||
}
|
||||
|
||||
@@ -20,7 +21,7 @@ interface WorkflowProperties {
|
||||
const propertiesSchema = {
|
||||
type: "object",
|
||||
properties: {
|
||||
name: { type: "string", required: true },
|
||||
name: { type: "string", required: true , "minLength": 1},
|
||||
description: { type: "string", required: true },
|
||||
creator: { type: "string", required: false },
|
||||
iconName: { type: "string", required: true },
|
||||
@@ -41,7 +42,7 @@ const propertiesSchema = {
|
||||
|
||||
async function checkWorkflows(folders: string[]): Promise<WorkflowWithErrors[]> {
|
||||
const result: WorkflowWithErrors[] = []
|
||||
|
||||
const workflow_template_names = new Set()
|
||||
for (const folder of folders) {
|
||||
const dir = await fs.readdir(folder, {
|
||||
withFileTypes: true,
|
||||
@@ -54,9 +55,12 @@ async function checkWorkflows(folders: string[]): Promise<WorkflowWithErrors[]>
|
||||
const workflowFilePath = join(folder, e.name);
|
||||
const propertiesFilePath = join(folder, "properties", `${fileType}.properties.json`)
|
||||
|
||||
const errors = await checkWorkflow(workflowFilePath, propertiesFilePath);
|
||||
if (errors.errors.length > 0) {
|
||||
result.push(errors)
|
||||
const workflowWithErrors = await checkWorkflow(workflowFilePath, propertiesFilePath);
|
||||
if(workflowWithErrors.name && workflow_template_names.size == workflow_template_names.add(workflowWithErrors.name).size) {
|
||||
workflowWithErrors.errors.push(`Workflow template name "${workflowWithErrors.name}" already exists`)
|
||||
}
|
||||
if (workflowWithErrors.errors.length > 0) {
|
||||
result.push(workflowWithErrors)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -68,6 +72,7 @@ async function checkWorkflows(folders: string[]): Promise<WorkflowWithErrors[]>
|
||||
async function checkWorkflow(workflowPath: string, propertiesPath: string): Promise<WorkflowWithErrors> {
|
||||
let workflowErrors: WorkflowWithErrors = {
|
||||
id: workflowPath,
|
||||
name: null,
|
||||
errors: []
|
||||
}
|
||||
|
||||
@@ -77,17 +82,28 @@ async function checkWorkflow(workflowPath: string, propertiesPath: string): Prom
|
||||
|
||||
const propertiesFileContent = await fs.readFile(propertiesPath, "utf8")
|
||||
const properties: WorkflowProperties = JSON.parse(propertiesFileContent)
|
||||
|
||||
if(properties.name && properties.name.trim().length > 0) {
|
||||
workflowErrors.name = properties.name
|
||||
}
|
||||
let v = new validator();
|
||||
const res = v.validate(properties, propertiesSchema)
|
||||
workflowErrors.errors = res.errors.map(e => e.toString())
|
||||
|
||||
if (properties.iconName && !properties.iconName.startsWith("octicon")) {
|
||||
try {
|
||||
await fs.access(`../../icons/${properties.iconName}.svg`)
|
||||
} catch (e) {
|
||||
workflowErrors.errors.push(`No icon named ${properties.iconName} found`)
|
||||
|
||||
if (properties.iconName) {
|
||||
if(! /^octicon\s+/.test(properties.iconName)) {
|
||||
try {
|
||||
await fs.access(`../../icons/${properties.iconName}.svg`)
|
||||
} catch (e) {
|
||||
workflowErrors.errors.push(`No icon named ${properties.iconName} found`)
|
||||
}
|
||||
}
|
||||
else {
|
||||
let iconName = properties.iconName.match(/^octicon\s+(.*)/)
|
||||
if(!iconName || iconName[1].split(".")[0].length <= 0) {
|
||||
workflowErrors.errors.push(`No icon named ${properties.iconName} found`)
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
} catch (e) {
|
||||
workflowErrors.errors.push(e.toString())
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"folders": [
|
||||
"../../ci",
|
||||
"../../automation"
|
||||
"../../automation",
|
||||
"../../deployments"
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user