From 4e20b526184631f70591dc040dbed47a83f712b3 Mon Sep 17 00:00:00 2001 From: Ashwin Sangem Date: Fri, 22 Oct 2021 14:47:00 +0530 Subject: [PATCH] Sync partner_templates branch with main (#1184) * Added Cloudrail according to instructions and existing examples * Adding Cloudrail according to documentation and examples * Oops * Add original Fortify on Demand workflow * Update Fortify on Demand workflow * Update Fortify on Demand supported languages * Add 3rd-party GitHub Actions disclaimer * Sysdig Secure Inline Scan with SARIF report to starter workflows * Added some extra comments, Github Actions V2 and changed env vars * Reviews from PR #1110 * Adding 'Dockerfile' to category list * Update according to PR review comments * File renames as requested in PR comments * Revert "Azure Data Factory CI starter workflow (#1111)" (#1146) This reverts commit 7f30309ccedb0e3dee186e0ee58c232752a78e24. * use env variables for user-set values (#1117) Co-authored-by: Josh Gross * Apply suggestions from nickfyson's code review Co-authored-by: Nick Fyson * removing "deployment" templates from sync-ghes (#1127) * Update code-scanning/properties/sysdig-scan.properties.json Co-authored-by: Nick Fyson * Update code-scanning/properties/sysdig-scan.properties.json Co-authored-by: Nick Fyson * Changed svg logo * Rename sysdig.svg to sysdig-scan.svg * Switched svg logo (again) for a better fit * Rename fortify.json to fortify.properties.json * Correct character-case of "c" in Cloudrail * AWS template also used Docker * trigger on push instead of release (#1157) Co-authored-by: Josh Gross * Added new templates for 3 clouds. * Revert "Added new templates for 3 clouds." This reverts commit c765d6316fb380d15d81206ede83b0042cdac377. * Add workflow for Microsoft C++ Code Analysis * Updated action to meet guidelines * correct typo in msvc.properties.json Co-authored-by: Yoni Leitersdorf Co-authored-by: Ruud Senden Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com> Co-authored-by: Manuel Boira Cuevas Co-authored-by: manuelbcd Co-authored-by: Nick Fyson Co-authored-by: Sarah Edwards Co-authored-by: Josh Gross Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com> Co-authored-by: manuelbcd Co-authored-by: Daniel Winsor --- code-scanning/cloudrail.yml | 2 +- code-scanning/msvc.yml | 59 +++++++++++++++++++ code-scanning/properties/msvc.properties.json | 7 +++ deployments/alibabacloud.yml | 7 ++- deployments/aws.yml | 7 ++- deployments/azure.yml | 7 ++- deployments/google.yml | 7 ++- deployments/ibm.yml | 7 ++- deployments/properties/aws.properties.json | 4 +- deployments/tencent.yml | 7 ++- icons/microsoft.svg | 34 +++++++++++ 11 files changed, 127 insertions(+), 21 deletions(-) create mode 100644 code-scanning/msvc.yml create mode 100644 code-scanning/properties/msvc.properties.json create mode 100644 icons/microsoft.svg diff --git a/code-scanning/cloudrail.yml b/code-scanning/cloudrail.yml index 9f95c5c..00e270a 100644 --- a/code-scanning/cloudrail.yml +++ b/code-scanning/cloudrail.yml @@ -3,7 +3,7 @@ # separate terms of service, privacy policy, and support # documentation. -name: cloudrail +name: Cloudrail on: push: diff --git a/code-scanning/msvc.yml b/code-scanning/msvc.yml new file mode 100644 index 0000000..c6bb29f --- /dev/null +++ b/code-scanning/msvc.yml @@ -0,0 +1,59 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# +# Find more information at: +# https://github.com/microsoft/msvc-code-analysis-action + +name: Microsoft C++ Code Analysis + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +env: + # Path to the CMake build directory. + build: '${{ github.workspace }}/build' + +jobs: + analyze: + name: Analyze + runs-on: windows-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Configure CMake + run: cmake -B ${{ env.build }} + + # Build is not required unless generated source files are used + # - name: Build CMake + # run: cmake --build ${{ env.build }} + + - name: Initialize MSVC Code Analysis + uses: microsoft/msvc-code-analysis-action@502db28262ba134c9a621d5a509b9f7e696c99b6 + # Provide a unique ID to access the sarif output path + id: run-analysis + with: + cmakeBuildDirectory: ${{ env.build }} + # Ruleset file that will determine what checks will be run + ruleset: NativeRecommendRules.ruleset + + # Upload SARIF file to GitHub Code Scanning Alerts + - name: Upload SARIF to GitHub + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: ${{ steps.run-analysis.outputs.sarif }} + + # Upload SARIF file as an Artifact to download and view + # - name: Upload SARIF as an Artifact + # uses: actions/upload-artifact@v2 + # with: + # name: sarif-file + # path: ${{ steps.run-analysis.outputs.sarif }} diff --git a/code-scanning/properties/msvc.properties.json b/code-scanning/properties/msvc.properties.json new file mode 100644 index 0000000..641d5e6 --- /dev/null +++ b/code-scanning/properties/msvc.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Microsoft C++ Code Analysis", + "creator": "Microsoft", + "description": "Code Analysis with the Microsoft C & C++ Compiler for CMake based projects.", + "iconName": "microsoft", + "categories": ["Code Scanning", "C", "C++"] +} diff --git a/deployments/alibabacloud.yml b/deployments/alibabacloud.yml index 9ccc033..ded9178 100644 --- a/deployments/alibabacloud.yml +++ b/deployments/alibabacloud.yml @@ -1,5 +1,5 @@ # This workflow will build and push a new container image to Alibaba Cloud Container Registry (ACR), -# and then will deploy it to Alibaba Cloud Container Service for Kubernetes (ACK), when a release is created. +# and then will deploy it to Alibaba Cloud Container Service for Kubernetes (ACK), when there is a push to the $default-branch branch. # # To use this workflow, you will need to complete the following set-up steps: # @@ -20,8 +20,9 @@ name: Build and Deploy to ACK on: - release: - types: [created] + push: + branches: + - $default-branch # Environment variables available to all jobs and steps in this workflow. env: diff --git a/deployments/aws.yml b/deployments/aws.yml index 6a6643c..dab851f 100644 --- a/deployments/aws.yml +++ b/deployments/aws.yml @@ -1,5 +1,5 @@ # This workflow will build and push a new container image to Amazon ECR, -# and then will deploy a new task definition to Amazon ECS, when a release is created +# and then will deploy a new task definition to Amazon ECS, when there is a push to the $default-branch branch. # # To use this workflow, you will need to complete the following set-up steps: # @@ -27,8 +27,9 @@ name: Deploy to Amazon ECS on: - release: - types: [created] + push: + branches: + - $default-branch env: AWS_REGION: MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1 diff --git a/deployments/azure.yml b/deployments/azure.yml index 0262b49..904ff25 100644 --- a/deployments/azure.yml +++ b/deployments/azure.yml @@ -1,4 +1,4 @@ -# This workflow will build and push a node.js application to an Azure Web App when a release is created. +# This workflow will build and push a node.js application to an Azure Web App when there is a push to the $default-branch branch. # # This workflow assumes you have already created the target Azure App Service web app. # For instructions see https://docs.microsoft.com/azure/app-service/app-service-plan-manage#create-an-app-service-plan @@ -16,8 +16,9 @@ # For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions # For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples on: - release: - types: [created] + push: + branches: + - $default-branch env: AZURE_WEBAPP_NAME: your-app-name # set this to your application's name diff --git a/deployments/google.yml b/deployments/google.yml index 5e803ed..267d3cb 100644 --- a/deployments/google.yml +++ b/deployments/google.yml @@ -1,4 +1,4 @@ -# This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when a release is created +# This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when there is a push to the $default-branch branch. # # To configure this workflow: # @@ -13,8 +13,9 @@ name: Build and Deploy to GKE on: - release: - types: [created] + push: + branches: + - $default-branch env: PROJECT_ID: ${{ secrets.GKE_PROJECT }} diff --git a/deployments/ibm.yml b/deployments/ibm.yml index a8502cd..216b04d 100644 --- a/deployments/ibm.yml +++ b/deployments/ibm.yml @@ -1,4 +1,4 @@ -# This workflow will build a docker container, publish it to IBM Container Registry, and deploy it to IKS when a release is created +# This workflow will build a docker container, publish it to IBM Container Registry, and deploy it to IKS when there is a push to the $default-branch branch. # # To configure this workflow: # @@ -9,8 +9,9 @@ name: Build and Deploy to IKS on: - release: - types: [created] + push: + branches: + - $default-branch # Environment variables available to all jobs and steps in this workflow env: diff --git a/deployments/properties/aws.properties.json b/deployments/properties/aws.properties.json index 10a7ed3..1b5955a 100644 --- a/deployments/properties/aws.properties.json +++ b/deployments/properties/aws.properties.json @@ -3,5 +3,5 @@ "description": "Deploy a container to an Amazon ECS service powered by AWS Fargate or Amazon EC2.", "creator": "Amazon Web Services", "iconName": "aws", - "categories": ["Deployment"] -} \ No newline at end of file + "categories": ["Deployment", "Dockerfile"] +} diff --git a/deployments/tencent.yml b/deployments/tencent.yml index 0be339e..83bde94 100644 --- a/deployments/tencent.yml +++ b/deployments/tencent.yml @@ -1,4 +1,4 @@ -# This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE). +# This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE) when there is a push to the $default-branch branch. # # To configure this workflow: # @@ -16,8 +16,9 @@ name: Tencent Kubernetes Engine on: - release: - types: [created] + push: + branches: + - $default-branch # Environment variables available to all jobs and steps in this workflow env: diff --git a/icons/microsoft.svg b/icons/microsoft.svg new file mode 100644 index 0000000..990fa84 --- /dev/null +++ b/icons/microsoft.svg @@ -0,0 +1,34 @@ +microsoft + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file