Merge branch 'actions:main' into main

This commit is contained in:
fredster33
2022-05-27 13:47:12 -07:00
committed by GitHub
12 changed files with 51 additions and 7 deletions
+2 -2
View File
@@ -26,7 +26,7 @@ It is not:
- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
**For _CI_ workflows, the workflow:**
@@ -38,7 +38,7 @@ It is not:
**For _Code Scanning_ workflows, the workflow:**
- [ ] Should be preserved under [the `code-scanning` directory](https://github.com/actions/starter-workflows/tree/main/ci).
- [ ] Should be preserved under [the `code-scanning` directory](https://github.com/actions/starter-workflows/tree/main/code-scanning).
- [ ] Should include a matching `code-scanning/properties/*.properties.json` file (for example, [`code-scanning/properties/codeql.properties.json`](https://github.com/actions/starter-workflows/blob/main/code-scanning/properties/codeql.properties.json)), with properties set as follows:
- [ ] `name`: Name of the Code Scanning integration.
- [ ] `organization`: Name of the organization producing the Code Scanning integration.
+1 -1
View File
@@ -1,6 +1,6 @@
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+5
View File
@@ -35,6 +35,9 @@ on:
- $default-branch
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -63,6 +66,8 @@ jobs:
file: ./Dockerfile
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
@@ -120,6 +120,9 @@ jobs:
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
@@ -31,6 +31,12 @@
name: Build and deploy an app to AKS with Kompose
on:
push:
branches:
- $default-branch
workflow_dispatch:
env:
AZURE_CONTAINER_REGISTRY: "your-azure-container-registry"
CONTAINER_NAME: "your-container-name"
@@ -148,4 +154,4 @@ jobs:
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
${{ env.IMAGE_PULL_SECRET_NAME }}
@@ -74,9 +74,6 @@ jobs:
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
+8
View File
@@ -28,8 +28,14 @@ env:
APP_ARTIFACT_LOCATION: "build" # location of client code build output
AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing deployment token for your static web app
permissions:
contents: read
jobs:
build_and_deploy_job:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: write # for Azure/static-web-apps-deploy to comment on PRs
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed')
runs-on: ubuntu-latest
name: Build and Deploy Job
@@ -52,6 +58,8 @@ jobs:
###### End of Repository/Build Configurations ######
close_pull_request_job:
permissions:
contents: none
if: github.event_name == 'pull_request' && github.event.action == 'closed'
runs-on: ubuntu-latest
name: Close Pull Request Job
@@ -30,6 +30,9 @@ on:
- $default-branch
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -63,6 +66,8 @@ jobs:
path: ${{env.DOTNET_ROOT}}/myapp
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
+5
View File
@@ -30,6 +30,9 @@ on:
- $default-branch
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -54,6 +57,8 @@ jobs:
path: '${{ github.workspace }}/target/*.jar'
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
+5
View File
@@ -28,6 +28,9 @@ env:
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '14.x' # set this to the node version to use
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -53,6 +56,8 @@ jobs:
path: .
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
+5
View File
@@ -30,6 +30,9 @@ env:
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
PHP_VERSION: '8.x' # set this to the PHP version to use
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -74,6 +77,8 @@ jobs:
path: .
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
+5
View File
@@ -29,6 +29,9 @@ on:
- $default-branch
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -61,6 +64,8 @@ jobs:
!venv/
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment: