diff --git a/.github/workflows/label-feature.yml b/.github/workflows/label-feature.yml index 122caac..aaf1e7e 100644 --- a/.github/workflows/label-feature.yml +++ b/.github/workflows/label-feature.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Close Issue - uses: peter-evans/close-issue@v2 + uses: peter-evans/close-issue@v3 if: contains(github.event.issue.labels.*.name, 'feature') with: comment: | diff --git a/.github/workflows/label-support.yml b/.github/workflows/label-support.yml index e762afc..639ae0a 100644 --- a/.github/workflows/label-support.yml +++ b/.github/workflows/label-support.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Close Issue - uses: peter-evans/close-issue@v2 + uses: peter-evans/close-issue@v3 if: contains(github.event.issue.labels.*.name, 'support') with: comment: | diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 0cae015..ecdf037 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/stale@v7 + - uses: actions/stale@v8 with: stale-issue-message: 'This issue has become stale and will be closed automatically within a period of time. Sorry about that.' stale-pr-message: 'This pull request has become stale and will be closed automatically within a period of time. Sorry about that.' diff --git a/CODEOWNERS b/CODEOWNERS index 0a7c0a5..a47bd5b 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,4 +1,4 @@ -* @actions/starter-workflows +* @actions/actions-workflow-development-reviewers -/code-scanning/ @actions/advanced-security-code-scanning @actions/starter-workflows -/pages/ @actions/pages @actions/starter-workflows +/code-scanning/ @actions/advanced-security-code-scanning @actions/actions-workflow-development-reviewers +/pages/ @actions/pages @actions/actions-workflow-development-reviewers diff --git a/ci/deno.yml b/ci/deno.yml index 5ee940d..92338c9 100644 --- a/ci/deno.yml +++ b/ci/deno.yml @@ -27,7 +27,7 @@ jobs: - name: Setup Deno # uses: denoland/setup-deno@v1 - uses: denoland/setup-deno@9db7f66e8e16b5699a514448ce994936c63f0d54 + uses: denoland/setup-deno@61fe2df320078202e33d7d5ad347e7dcfa0e8f31 # v1.1.2 with: deno-version: v1.x diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index d57b2f1..31da0e3 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -41,10 +41,9 @@ jobs: # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0 + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 with: - cosign-release: 'v1.13.1' - + cosign-release: 'v2.1.1' # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx @@ -90,7 +89,9 @@ jobs: - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} env: - COSIGN_EXPERIMENTAL: "true" + # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.build-and-push.outputs.digest }} # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} diff --git a/ci/elixir.yml b/ci/elixir.yml index 371ff24..58f0b27 100644 --- a/ci/elixir.yml +++ b/ci/elixir.yml @@ -23,10 +23,10 @@ jobs: steps: - uses: actions/checkout@v3 - name: Set up Elixir - uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f + uses: erlef/setup-beam@61e01a43a562a89bfc54c7f9a378ff67b03e4a21 # v1.16.0 with: - elixir-version: '1.12.3' # Define the elixir version [required] - otp-version: '24.1' # Define the OTP version [required] + elixir-version: '1.15.2' # [Required] Define the Elixir version + otp-version: '26.0' # [Required] Define the Erlang/OTP version - name: Restore dependencies cache uses: actions/cache@v3 with: diff --git a/ci/gem-push.yml b/ci/gem-push.yml index 8905272..dd6d867 100644 --- a/ci/gem-push.yml +++ b/ci/gem-push.yml @@ -17,7 +17,10 @@ jobs: steps: - uses: actions/checkout@v3 - name: Set up Ruby 2.6 - uses: actions/setup-ruby@v1 + # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby, + # change this to (see https://github.com/ruby/setup-ruby#versioning): + # uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 with: ruby-version: 2.6.x diff --git a/ci/go.yml b/ci/go.yml index e89f6c9..9f74f87 100644 --- a/ci/go.yml +++ b/ci/go.yml @@ -17,9 +17,9 @@ jobs: - uses: actions/checkout@v3 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: - go-version: 1.19 + go-version: '1.20' - name: Build run: go build -v ./... diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml index f0c3beb..f53c061 100644 --- a/code-scanning/codeql.yml +++ b/code-scanning/codeql.yml @@ -23,7 +23,13 @@ on: jobs: analyze: name: Analyze - runs-on: ubuntu-latest + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners + # Consider using larger runners for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} permissions: actions: read contents: read @@ -51,11 +57,11 @@ jobs: # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild uses: github/codeql-action/autobuild@v2 diff --git a/code-scanning/credo.yml b/code-scanning/credo.yml new file mode 100644 index 0000000..c1fb8d1 --- /dev/null +++ b/code-scanning/credo.yml @@ -0,0 +1,61 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + + +# Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency. +# https://github.com/rrrene/credo +# +# To use this workflow, you must have GitHub Advanced Security (GHAS) enabled for your repository. +# +# Instructions: +# 1. Add :credo as a dependency to your project's mix.exs with version ~> 1.7.0-rc.1 - https://github.com/rrrene/credo#installation-and-usage +# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository +# and review the "Security" tab once the action has run. + +name: Credo + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +permissions: + contents: read + +jobs: + security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + otp: [version] + elixir: [version] + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f + with: + otp-version: ${{matrix.otp}} + elixir-version: ${{matrix.elixir}} + - name: get dependencies + run: mix deps.get + - name: compile dependencies + run: mix deps.compile + - name: compile + run: mix compile + - name: credo-scan + run: mix credo --format=sarif > credo_output.sarif + - name: upload sarif + uses: github/codeql-action/upload-sarif@v2 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: credo_output.sarif diff --git a/code-scanning/dependency-review.yml b/code-scanning/dependency-review.yml index fe461b4..b0dedc4 100644 --- a/code-scanning/dependency-review.yml +++ b/code-scanning/dependency-review.yml @@ -17,4 +17,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@v3 - name: 'Dependency Review' - uses: actions/dependency-review-action@v2 + uses: actions/dependency-review-action@v3 diff --git a/code-scanning/endorlabs.yml b/code-scanning/endorlabs.yml new file mode 100644 index 0000000..1ad0e26 --- /dev/null +++ b/code-scanning/endorlabs.yml @@ -0,0 +1,51 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Endor Labs +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly +jobs: + scan: + permissions: + security-events: write # Used to upload sarif artifact to GitHub + contents: read # Used to checkout a private repository by actions/checkout. + actions: read # Required for private repositories to upload sarif files. GitHub Advanced Security licenses are required. + id-token: write # Used for keyless authentication to Endor Labs + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + #### Package Build Instructions + ### Use this section to define the build steps used by your software package. + ### Endor Labs builds your software for you where possible but the required build tools must be made availible. + # - name: Setup Java + # uses: actions/setup-java@v3 + # with: + # distribution: 'microsoft' + # java-version: '17' + # - name: Build Package + # run: mvn clean install + - name: Endor Labs scan pull request + if: github.event_name == 'pull_request' + uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c + with: + namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. + sarif_file: findings.sarif + - name: Endor Labs scan monitor + if: github.event_name == 'push' + uses: endorlabs/github-action@b51bd06466b545f01a6ac788e3e1147695d3936c + with: + namespace: "example" # Modify the namespace to your Endor Labs tenant namespace. + ci_run: "false" + sarif_file: findings.sarif + - name: Upload SARIF to github + uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd + with: + sarif_file: findings.sarif diff --git a/code-scanning/properties/codeql.properties.json b/code-scanning/properties/codeql.properties.json index f5e78bf..8aaa8f5 100644 --- a/code-scanning/properties/codeql.properties.json +++ b/code-scanning/properties/codeql.properties.json @@ -2,7 +2,7 @@ "name": "CodeQL Analysis", "creator": "GitHub", "enterprise": true, - "description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, Ruby and Kotlin developers.", + "description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, Ruby, Kotlin and Swift developers.", "iconName": "octicon mark-github", - "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby", "Kotlin"] + "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby", "Kotlin", "Swift"] } diff --git a/code-scanning/properties/credo.properties.json b/code-scanning/properties/credo.properties.json new file mode 100644 index 0000000..cdc621f --- /dev/null +++ b/code-scanning/properties/credo.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Credo Scan", + "creator": "Credo", + "description": "Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency.", + "iconName": "code", + "categories": ["Code Scanning", "Elixir"] +} diff --git a/code-scanning/properties/endorlabs.properties.json b/code-scanning/properties/endorlabs.properties.json new file mode 100644 index 0000000..4347f4c --- /dev/null +++ b/code-scanning/properties/endorlabs.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Endor Labs scan", + "creator": "Endor Labs", + "description": "Identify, prioritize and address open source and code governance issues with Endor Labs.", + "iconName": "endorlabs", + "categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "ruby", "go", "kotlin", "scala" ] +} diff --git a/code-scanning/properties/psalm.properties.json b/code-scanning/properties/psalm.properties.json new file mode 100644 index 0000000..381a312 --- /dev/null +++ b/code-scanning/properties/psalm.properties.json @@ -0,0 +1,10 @@ +{ + "name": "Psalm Security Scan", + "creator": "psalm", + "description": "Psalm is a static analysis tool for finding errors in PHP applications", + "iconName": "psalm", + "categories": [ + "Code Scanning", + "PHP" + ] +} diff --git a/code-scanning/psalm.yml b/code-scanning/psalm.yml new file mode 100644 index 0000000..1e88766 --- /dev/null +++ b/code-scanning/psalm.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Psalm Security Scan + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +permissions: + contents: read + +jobs: + php-security: + runs-on: ubuntu-latest + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Psalm Security Scan + uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 + + - name: Upload Security Analysis results to GitHub + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif diff --git a/deployments/azure-functions-app-container.yml b/deployments/azure-functions-app-container.yml index 7b438be..1173b95 100644 --- a/deployments/azure-functions-app-container.yml +++ b/deployments/azure-functions-app-container.yml @@ -21,8 +21,7 @@ name: Deploy container to Azure Functions App on: push: - branches: - - [$default-branch] + branches: [$default-branch] permissions: contents: read diff --git a/deployments/azure-functions-app-dotnet.yml b/deployments/azure-functions-app-dotnet.yml index 8b2c23b..824614e 100644 --- a/deployments/azure-functions-app-dotnet.yml +++ b/deployments/azure-functions-app-dotnet.yml @@ -20,8 +20,7 @@ name: Deploy DotNet project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] env: AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure diff --git a/deployments/azure-functions-app-java-gradle.yml b/deployments/azure-functions-app-java-gradle.yml index 69f6343..36c50b8 100644 --- a/deployments/azure-functions-app-java-gradle.yml +++ b/deployments/azure-functions-app-java-gradle.yml @@ -20,8 +20,7 @@ name: Deploy Gradle Java project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] permissions: contents: read diff --git a/deployments/azure-functions-app-java.yml b/deployments/azure-functions-app-java.yml index 0774544..5608328 100644 --- a/deployments/azure-functions-app-java.yml +++ b/deployments/azure-functions-app-java.yml @@ -20,8 +20,7 @@ name: Deploy Java project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] env: AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure diff --git a/deployments/azure-functions-app-nodejs.yml b/deployments/azure-functions-app-nodejs.yml index b8033f0..916f396 100644 --- a/deployments/azure-functions-app-nodejs.yml +++ b/deployments/azure-functions-app-nodejs.yml @@ -22,8 +22,7 @@ name: Deploy Node.js project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] env: AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure diff --git a/deployments/azure-functions-app-powershell.yml b/deployments/azure-functions-app-powershell.yml index 505b5af..5d62316 100644 --- a/deployments/azure-functions-app-powershell.yml +++ b/deployments/azure-functions-app-powershell.yml @@ -20,8 +20,7 @@ name: Deploy PowerShell project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] env: AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure diff --git a/deployments/azure-functions-app-python.yml b/deployments/azure-functions-app-python.yml index 0220227..6452a18 100644 --- a/deployments/azure-functions-app-python.yml +++ b/deployments/azure-functions-app-python.yml @@ -20,8 +20,7 @@ name: Deploy Python project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] env: AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure diff --git a/icons/code.svg b/icons/code.svg new file mode 100644 index 0000000..ee64cbc --- /dev/null +++ b/icons/code.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/icons/endorlabs.svg b/icons/endorlabs.svg new file mode 100644 index 0000000..04f1287 --- /dev/null +++ b/icons/endorlabs.svg @@ -0,0 +1,426 @@ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/icons/psalm.svg b/icons/psalm.svg new file mode 100644 index 0000000..fd9d347 --- /dev/null +++ b/icons/psalm.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/pages/astro.yml b/pages/astro.yml index 4278958..ccbae47 100644 --- a/pages/astro.yml +++ b/pages/astro.yml @@ -71,7 +71,7 @@ jobs: --base "${{ steps.pages.outputs.base_path }}" working-directory: ${{ env.BUILD_PATH }} - name: Upload artifact - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@v2 with: path: ${{ env.BUILD_PATH }}/dist diff --git a/pages/gatsby.yml b/pages/gatsby.yml index 1fe2d24..676740b 100644 --- a/pages/gatsby.yml +++ b/pages/gatsby.yml @@ -80,7 +80,7 @@ jobs: PREFIX_PATHS: 'true' run: ${{ steps.detect-package-manager.outputs.manager }} run build - name: Upload artifact - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@v2 with: path: ./public diff --git a/pages/hugo.yml b/pages/hugo.yml index fd6c4b4..b312295 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -31,14 +31,14 @@ jobs: build: runs-on: ubuntu-latest env: - HUGO_VERSION: 0.108.0 + HUGO_VERSION: 0.114.0 steps: - name: Install Hugo CLI run: | wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.deb \ && sudo dpkg -i ${{ runner.temp }}/hugo.deb - - name: Install Dart Sass Embedded - run: sudo snap install dart-sass-embedded + - name: Install Dart Sass + run: sudo snap install dart-sass - name: Checkout uses: actions/checkout@v3 with: @@ -58,7 +58,7 @@ jobs: --minify \ --baseURL "${{ steps.pages.outputs.base_url }}/" - name: Upload artifact - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@v2 with: path: ./public diff --git a/pages/jekyll-gh-pages.yml b/pages/jekyll-gh-pages.yml index 851f2ce..044e34c 100644 --- a/pages/jekyll-gh-pages.yml +++ b/pages/jekyll-gh-pages.yml @@ -36,7 +36,7 @@ jobs: source: ./ destination: ./_site - name: Upload artifact - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@v2 # Deployment job deploy: diff --git a/pages/jekyll.yml b/pages/jekyll.yml index 5adebe4..bd2f2e8 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -49,7 +49,7 @@ jobs: JEKYLL_ENV: production - name: Upload artifact # Automatically uploads an artifact from the './_site' directory by default - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@v2 # Deployment job deploy: diff --git a/pages/mdbook.yml b/pages/mdbook.yml index 78d664e..0fae7a4 100644 --- a/pages/mdbook.yml +++ b/pages/mdbook.yml @@ -43,7 +43,7 @@ jobs: - name: Build with mdBook run: mdbook build - name: Upload artifact - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@v2 with: path: ./book diff --git a/pages/nextjs.yml b/pages/nextjs.yml index 81073e6..308b76e 100644 --- a/pages/nextjs.yml +++ b/pages/nextjs.yml @@ -78,7 +78,7 @@ jobs: - name: Static HTML export with Next.js run: ${{ steps.detect-package-manager.outputs.runner }} next export - name: Upload artifact - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@v2 with: path: ./out diff --git a/pages/nuxtjs.yml b/pages/nuxtjs.yml index ddf8f4f..2951136 100644 --- a/pages/nuxtjs.yml +++ b/pages/nuxtjs.yml @@ -73,7 +73,7 @@ jobs: - name: Static HTML export with Nuxt run: ${{ steps.detect-package-manager.outputs.manager }} run generate - name: Upload artifact - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@v2 with: path: ./dist diff --git a/pages/static.yml b/pages/static.yml index 43bec60..31ac428 100644 --- a/pages/static.yml +++ b/pages/static.yml @@ -34,7 +34,7 @@ jobs: - name: Setup Pages uses: actions/configure-pages@v3 - name: Upload artifact - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@v2 with: # Upload entire repository path: '.'