Merge branch 'actions:main' into main
This commit is contained in:
@@ -26,7 +26,7 @@ It is not:
|
||||
- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
|
||||
- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
|
||||
- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
|
||||
- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
|
||||
- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
|
||||
|
||||
**For _CI_ workflows, the workflow:**
|
||||
|
||||
@@ -38,7 +38,7 @@ It is not:
|
||||
|
||||
**For _Code Scanning_ workflows, the workflow:**
|
||||
|
||||
- [ ] Should be preserved under [the `code-scanning` directory](https://github.com/actions/starter-workflows/tree/main/ci).
|
||||
- [ ] Should be preserved under [the `code-scanning` directory](https://github.com/actions/starter-workflows/tree/main/code-scanning).
|
||||
- [ ] Should include a matching `code-scanning/properties/*.properties.json` file (for example, [`code-scanning/properties/codeql.properties.json`](https://github.com/actions/starter-workflows/blob/main/code-scanning/properties/codeql.properties.json)), with properties set as follows:
|
||||
- [ ] `name`: Name of the Code Scanning integration.
|
||||
- [ ] `organization`: Name of the organization producing the Code Scanning integration.
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Dependency Review Action
|
||||
#
|
||||
# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
|
||||
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
|
||||
#
|
||||
# Source repository: https://github.com/actions/dependency-review-action
|
||||
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
|
||||
|
||||
@@ -35,6 +35,9 @@ on:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -63,6 +66,8 @@ jobs:
|
||||
file: ./Dockerfile
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -120,6 +120,9 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [buildImage, createSecret]
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
|
||||
@@ -31,6 +31,12 @@
|
||||
|
||||
name: Build and deploy an app to AKS with Kompose
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
AZURE_CONTAINER_REGISTRY: "your-azure-container-registry"
|
||||
CONTAINER_NAME: "your-container-name"
|
||||
@@ -148,4 +154,4 @@ jobs:
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
|
||||
@@ -74,9 +74,6 @@ jobs:
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
|
||||
@@ -28,8 +28,14 @@ env:
|
||||
APP_ARTIFACT_LOCATION: "build" # location of client code build output
|
||||
AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing deployment token for your static web app
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build_and_deploy_job:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
pull-requests: write # for Azure/static-web-apps-deploy to comment on PRs
|
||||
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed')
|
||||
runs-on: ubuntu-latest
|
||||
name: Build and Deploy Job
|
||||
@@ -52,6 +58,8 @@ jobs:
|
||||
###### End of Repository/Build Configurations ######
|
||||
|
||||
close_pull_request_job:
|
||||
permissions:
|
||||
contents: none
|
||||
if: github.event_name == 'pull_request' && github.event.action == 'closed'
|
||||
runs-on: ubuntu-latest
|
||||
name: Close Pull Request Job
|
||||
|
||||
@@ -30,6 +30,9 @@ on:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -63,6 +66,8 @@ jobs:
|
||||
path: ${{env.DOTNET_ROOT}}/myapp
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -30,6 +30,9 @@ on:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -54,6 +57,8 @@ jobs:
|
||||
path: '${{ github.workspace }}/target/*.jar'
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -28,6 +28,9 @@ env:
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
NODE_VERSION: '14.x' # set this to the node version to use
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -53,6 +56,8 @@ jobs:
|
||||
path: .
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -30,6 +30,9 @@ env:
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
PHP_VERSION: '8.x' # set this to the PHP version to use
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -74,6 +77,8 @@ jobs:
|
||||
path: .
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -29,6 +29,9 @@ on:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -61,6 +64,8 @@ jobs:
|
||||
!venv/
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
Reference in New Issue
Block a user