Testing Partner Toggle, Synced with Main (#1083)

* Secure workflows (#1) (#1072)

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-feature.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-support.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/stale.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/sync_ghes.yaml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/validate-data.yaml

Co-authored-by: Step Security <bot@stepsecurity.io>

Co-authored-by: step-security[bot] <89328102+step-security[bot]@users.noreply.github.com>
Co-authored-by: Step Security <bot@stepsecurity.io>

* Directory for deployments (#1071)

* moving deployment templates

* including deployment directory in scripts

* validate categories script init

* introducing scout

* introducing workflow

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate.rb

* Update validate.rb

* Update validate.rb

* Update validate.rb

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate.rb

* Update validate-categories.yaml

* Update validate-categories.yaml

* Create test_comment.yaml

* rename

* using [enter]

* testing newline

* test

* setting up variable

* using echo -e

* using join

* testing space space new line

* setting multi line in echo

* removing checkout

* setting rows-generator

* fixing error

* using join

* commit

* Update test_comment.yaml

* escaping pipe

* printing debug line

* using %0A

* Update validate-categories.yaml

* Update validate.rb

* Update validate.rb

* removing debug

* removing variable

* Update validate.rb

* Update validate-categories.yaml

* Validate categories comment on pr (#32)

* reverting deployment directory

* checking for output

* Categories validation two workflows (#34)

comment on pr in a separate workflow

* Categories validation two workflows (#35)

using right dir name

* Categories validation two workflows (#36)

.

* Categories validation two workflows (#37)

fixing typo

* adding if conditions

* adding try catch

* using console instead of echo

* equating to upstream

* moving deployment templates

* add codeql workflow to ghes

* restoring from main (#1078)

* Revert "add codeql workflow to ghes branch"

* add codeql workflow to ghes

* only run ghes sync checks on YML files

* only check nwo of supported actions

* Testing Partner Toggle.

Co-authored-by: Varun Sharma <varunsh@stepsecurity.io>
Co-authored-by: step-security[bot] <89328102+step-security[bot]@users.noreply.github.com>
Co-authored-by: Step Security <bot@stepsecurity.io>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
This commit is contained in:
Ashwin Sangem
2021-09-09 08:35:04 +05:30
committed by GitHub
parent ea5c3f66f6
commit 44278596c1
26 changed files with 61 additions and 7 deletions
+2
View File
@@ -5,6 +5,8 @@ on:
jobs:
build:
permissions:
issues: write
runs-on: ubuntu-latest
steps:
- name: Close Issue
+2
View File
@@ -5,6 +5,8 @@ on:
jobs:
build:
permissions:
issues: write
runs-on: ubuntu-latest
steps:
- name: Close Issue
+3
View File
@@ -7,6 +7,9 @@ on:
jobs:
stale:
permissions:
issues: write
pull-requests: write
runs-on: ubuntu-latest
steps:
+2
View File
@@ -7,6 +7,8 @@ on:
jobs:
sync:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+2
View File
@@ -6,6 +6,8 @@ on:
jobs:
validate-data:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+6
View File
@@ -0,0 +1,6 @@
{
"name": "Rails - Build and Run Linters",
"description": "Build Rails application and run linters",
"iconName": "ruby",
"categories": ["Ruby", "Rails"]
}
+32
View File
@@ -0,0 +1,32 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will download a prebuilt Ruby version, install dependencies, and run linters
name: Build Rails and run linters
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
run-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Ruby and install gems
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
# Add or Replace any other security checks here
- name: Run security checks
run: |
bin/bundler-audit --update
bin/brakeman -q -w2
# Add or Replace any other Linters here
- name: Run linters
run: |
bin/rubocop --parallel
View File
View File
@@ -1,6 +1,6 @@
{
"name": "Deploy Node.js to Azure Web App",
"description": "Build a Node.js project and deploy it to an Azure Web App.",
"description": "[Test Partner]Build a Node.js project and deploy it to an Azure Web App.",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment"]
+4 -3
View File
@@ -45,7 +45,7 @@ async function checkWorkflows(
});
for (const e of dir) {
if (e.isFile()) {
if (e.isFile() && extname(e.name) === ".yml") {
const workflowFilePath = join(folder, e.name);
const workflowId = basename(e.name, extname(e.name));
const workflowProperties: WorkflowProperties = require(join(
@@ -58,7 +58,7 @@ async function checkWorkflows(
const isPartnerWorkflow = workflowProperties.creator ? partnersSet.has(workflowProperties.creator.toLowerCase()) : false;
const enabled =
!isPartnerWorkflow &&
!isPartnerWorkflow &&
(await checkWorkflow(workflowFilePath, enabledActions));
const workflowDesc: WorkflowDesc = {
@@ -104,7 +104,8 @@ async function checkWorkflow(
if (!!step.uses) {
// Check if allowed action
const [actionName, _] = step.uses.split("@");
if (!enabledActionsSet.has(actionName.toLowerCase())) {
const actionNwo = actionName.split("/").slice(0, 2).join("/");
if (!enabledActionsSet.has(actionNwo.toLowerCase())) {
console.info(
`Workflow ${workflowPath} uses '${actionName}' which is not supported for GHES.`
);
+5 -2
View File
@@ -1,7 +1,9 @@
{
"folders": [
"../../ci",
"../../automation"
"../../automation",
"../../deployments",
"../../code-scanning"
],
"enabledActions": [
"actions/checkout",
@@ -15,7 +17,8 @@
"actions/stale",
"actions/starter-workflows",
"actions/upload-artifact",
"actions/upload-release-asset"
"actions/upload-release-asset",
"github/codeql-action"
],
"partners": [
"Alibaba Cloud",
+2 -1
View File
@@ -1,6 +1,7 @@
{
"folders": [
"../../ci",
"../../automation"
"../../automation",
"../../deployments"
]
}