Merge branch 'main' into patch-1
@@ -26,6 +26,7 @@ It is not:
|
||||
- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
|
||||
- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
|
||||
- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
|
||||
- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
|
||||
|
||||
**For _CI_ workflows, the workflow:**
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
cache: gradle
|
||||
|
||||
- name: Grant execute permission for gradlew
|
||||
|
||||
@@ -20,6 +20,6 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
- name: Build with Ant
|
||||
run: ant -noinput -buildfile build.xml
|
||||
|
||||
@@ -12,9 +12,8 @@ env:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
# The CMake configure and build commands are platform agnostic and should work equally
|
||||
# well on Windows or Mac. You can convert this to a matrix build if you need
|
||||
# cross-platform coverage.
|
||||
# The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
|
||||
# You can convert this to a matrix build if you need cross-platform coverage.
|
||||
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
# This workflow will trigger Datadog Synthetic tests within your Datadog organisation
|
||||
# For more information on running Synthetic tests within your GitHub workflows see: https://docs.datadoghq.com/synthetics/cicd_integrations/github_actions/
|
||||
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# To get started:
|
||||
|
||||
# 1. Add your Datadog API (DD_API_KEY) and Application Key (DD_APP_KEY) as secrets to your GitHub repository. For more information, see: https://docs.datadoghq.com/account_management/api-app-keys/.
|
||||
# 2. Start using the action within your workflow
|
||||
|
||||
name: Run Datadog Synthetic tests
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
# Run Synthetic tests within your GitHub workflow.
|
||||
# For additional configuration options visit the action within the marketplace: https://github.com/marketplace/actions/datadog-synthetics-ci
|
||||
- name: Run Datadog Synthetic tests
|
||||
uses: DataDog/synthetics-ci-github-action@2b56dc0cca9daa14ab69c0d1d6844296de8f941e
|
||||
with:
|
||||
api_key: ${{secrets.DD_API_KEY}}
|
||||
app_key: ${{secrets.DD_APP_KEY}}
|
||||
test_search_query: 'tag:e2e-tests' #Modify this tag to suit your tagging strategy
|
||||
|
||||
|
||||
@@ -29,11 +29,27 @@ jobs:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
# This is used to complete the identity challenge
|
||||
# with sigstore/fulcio when running outside of PRs.
|
||||
id-token: write
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Install the cosign tool except on PR
|
||||
# https://github.com/sigstore/cosign-installer
|
||||
- name: Install cosign
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
|
||||
with:
|
||||
cosign-release: 'v1.4.0'
|
||||
|
||||
|
||||
# Workaround: https://github.com/docker/build-push-action/issues/461
|
||||
- name: Setup Docker buildx
|
||||
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
|
||||
|
||||
# Login against a Docker registry except on PR
|
||||
# https://github.com/docker/login-action
|
||||
- name: Log into registry ${{ env.REGISTRY }}
|
||||
@@ -55,9 +71,23 @@ jobs:
|
||||
# Build and push Docker image with Buildx (don't push on PR)
|
||||
# https://github.com/docker/build-push-action
|
||||
- name: Build and push Docker image
|
||||
id: build-and-push
|
||||
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
|
||||
with:
|
||||
context: .
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
|
||||
# Sign the resulting Docker image digest except on PRs.
|
||||
# This will only write to the public Rekor transparency log when the Docker
|
||||
# repository is public to avoid leaking data. If you would like to publish
|
||||
# transparency data even for private images, pass --force to cosign below.
|
||||
# https://github.com/sigstore/cosign
|
||||
- name: Sign the published Docker image
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
env:
|
||||
COSIGN_EXPERIMENTAL: "true"
|
||||
# This step uses the identity token to provision an ephemeral certificate
|
||||
# against the sigstore community Fulcio instance.
|
||||
run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
|
||||
|
||||
@@ -15,10 +15,10 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Elixir
|
||||
uses: erlef/setup-elixir@885971a72ed1f9240973bd92ab57af8c1aa68f24
|
||||
uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f
|
||||
with:
|
||||
elixir-version: '1.10.3' # Define the elixir version [required]
|
||||
otp-version: '22.3' # Define the OTP version [required]
|
||||
elixir-version: '1.12.3' # Define the elixir version [required]
|
||||
otp-version: '24.1' # Define the OTP version [required]
|
||||
- name: Restore dependencies cache
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
|
||||
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
|
||||
|
||||
@@ -21,17 +25,21 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
|
||||
settings-path: ${{ github.workspace }} # location for the settings.xml file
|
||||
|
||||
- name: Build with Gradle
|
||||
run: gradle build
|
||||
uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
|
||||
with:
|
||||
arguments: build
|
||||
|
||||
# The USERNAME and TOKEN need to correspond to the credentials environment variables used in
|
||||
# the publishing section of your build.gradle
|
||||
- name: Publish to GitHub Packages
|
||||
run: gradle publish
|
||||
uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
|
||||
with:
|
||||
arguments: publish
|
||||
env:
|
||||
USERNAME: ${{ github.actor }}
|
||||
TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
|
||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
|
||||
|
||||
@@ -20,9 +24,8 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
cache: gradle
|
||||
- name: Grant execute permission for gradlew
|
||||
run: chmod +x gradlew
|
||||
distribution: 'temurin'
|
||||
- name: Build with Gradle
|
||||
run: ./gradlew build
|
||||
uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
|
||||
with:
|
||||
arguments: build
|
||||
|
||||
@@ -21,7 +21,7 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
|
||||
settings-path: ${{ github.workspace }} # location for the settings.xml file
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
cache: maven
|
||||
- name: Build with Maven
|
||||
run: mvn -B package --file pom.xml
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
|
||||
# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
|
||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
|
||||
|
||||
name: Node.js CI
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
|
||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
|
||||
|
||||
name: Node.js Package
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [created]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: 16
|
||||
- run: npm ci
|
||||
- run: npm test
|
||||
|
||||
publish-gpr:
|
||||
needs: build
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: 16
|
||||
registry-url: $registry-url(npm)
|
||||
- run: npm ci
|
||||
- run: npm publish
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||
@@ -14,7 +14,7 @@ jobs:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: 14
|
||||
node-version: 16
|
||||
- run: npm ci
|
||||
- run: npm test
|
||||
|
||||
@@ -25,26 +25,9 @@ jobs:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: 14
|
||||
node-version: 16
|
||||
registry-url: https://registry.npmjs.org/
|
||||
- run: npm ci
|
||||
- run: npm publish
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
|
||||
|
||||
publish-gpr:
|
||||
needs: build
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: 14
|
||||
registry-url: $registry-url(npm)
|
||||
- run: npm ci
|
||||
- run: npm publish
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Datadog Synthetics",
|
||||
"description": "Run Datadog Synthetic tests within your GitHub Actions workflow",
|
||||
"iconName": "datadog",
|
||||
"categories": ["Continuous integration", "JavaScript", "TypeScript", "Testing"]
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Publish Node.js Package to GitHub Packages",
|
||||
"description": "Publishes a Node.js package to GitHub Packages.",
|
||||
"iconName": "node-package-transparent",
|
||||
"categories": ["Continuous integration", "JavaScript", "npm"]
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "Publish Node.js Package",
|
||||
"description": "Publishes a Node.js package to npm and GitHub Packages.",
|
||||
"description": "Publishes a Node.js package to npm.",
|
||||
"iconName": "node-package-transparent",
|
||||
"categories": ["Continuous integration", "JavaScript", "npm"]
|
||||
}
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
{
|
||||
"name": "Rails - Install Dependencies and Run Linters",
|
||||
"description": "Install dependencies and run linters on Rails application",
|
||||
"iconName": "ruby",
|
||||
"categories": ["Continuous integration", "Ruby", "Rails"]
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Ruby on Rails continuous integration",
|
||||
"description": "Build, lint, and test a Rails application",
|
||||
"iconName": "rails",
|
||||
"categories": ["Continuous integration", "Ruby", "Rails"]
|
||||
}
|
||||
@@ -4,19 +4,20 @@ on: [push]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
python-version: ["3.8", "3.9", "3.10"]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Python 3.9
|
||||
- name: Set up Python ${{ matrix.python-version }}
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: 3.9
|
||||
python-version: ${{ matrix.python-version }}
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install pylint
|
||||
- name: Analysing the code with pylint
|
||||
run: |
|
||||
pylint `ls -R|grep .py$|xargs`
|
||||
pylint $(git ls-files '*.py')
|
||||
|
||||
@@ -16,10 +16,10 @@ jobs:
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Python 3.9
|
||||
- name: Set up Python 3.10
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: 3.9
|
||||
python-version: "3.10"
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
|
||||
@@ -10,10 +10,10 @@ jobs:
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Python 3.8
|
||||
- name: Set up Python 3.10
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: 3.8
|
||||
python-version: 3.10
|
||||
- name: Add conda to system path
|
||||
run: |
|
||||
# $CONDA is an environment variable pointing to the root of the miniconda directory
|
||||
|
||||
@@ -16,7 +16,7 @@ jobs:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
python-version: [3.7, 3.8, 3.9]
|
||||
python-version: ["3.8", "3.9", "3.10"]
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
@@ -19,12 +19,12 @@ jobs:
|
||||
runs-on: macos-latest
|
||||
strategy:
|
||||
matrix:
|
||||
r-version: [3.5, 3.6]
|
||||
r-version: ['3.6.3', '4.1.1']
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up R ${{ matrix.r-version }}
|
||||
uses: r-lib/actions/setup-r@ffe45a39586f073cc2e9af79c4ba563b657dc6e3
|
||||
uses: r-lib/actions/setup-r@f57f1301a053485946083d7a45022b278929a78a
|
||||
with:
|
||||
r-version: ${{ matrix.r-version }}
|
||||
- name: Install dependencies
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# This workflow will download a prebuilt Ruby version, install dependencies, and run linters
|
||||
name: Rails - Install dependencies and run linters
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
jobs:
|
||||
run-lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Setup Ruby and install gems
|
||||
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
|
||||
with:
|
||||
bundler-cache: true
|
||||
# Add or Replace any other security checks here
|
||||
- name: Run security checks
|
||||
run: |
|
||||
bin/bundler-audit --update
|
||||
bin/brakeman -q -w2
|
||||
# Add or Replace any other Linters here
|
||||
- name: Run linters
|
||||
run: |
|
||||
bin/rubocop --parallel
|
||||
@@ -0,0 +1,58 @@
|
||||
# This workflow uses actions that are not certified by GitHub. They are
|
||||
# provided by a third-party and are governed by separate terms of service,
|
||||
# privacy policy, and support documentation.
|
||||
#
|
||||
# This workflow will install a prebuilt Ruby version, install dependencies, and
|
||||
# run tests and linters.
|
||||
name: "Ruby on Rails CI"
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:11-alpine
|
||||
ports:
|
||||
- "5432:5432"
|
||||
env:
|
||||
POSTGRES_DB: rails_test
|
||||
POSTGRES_USER: rails
|
||||
POSTGRES_PASSWORD: password
|
||||
env:
|
||||
RAILS_ENV: test
|
||||
DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
# Add or replace dependency steps here
|
||||
- name: Install Ruby and gems
|
||||
uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92
|
||||
with:
|
||||
bundler-cache: true
|
||||
# Add or replace database setup steps here
|
||||
- name: Set up database schema
|
||||
run: bin/rails db:schema:load
|
||||
# Add or replace test runners here
|
||||
- name: Run tests
|
||||
run: bin/rake
|
||||
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Ruby and gems
|
||||
uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92
|
||||
with:
|
||||
bundler-cache: true
|
||||
# Add or replace any other lints here
|
||||
- name: Security audit dependencies
|
||||
run: bin/bundler-audit --update
|
||||
- name: Security audit application code
|
||||
run: bin/brakeman -q -w2
|
||||
- name: Lint Ruby files
|
||||
run: bin/rubocop --parallel
|
||||
@@ -17,6 +17,6 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
- name: Run tests
|
||||
run: sbt test
|
||||
|
||||
@@ -0,0 +1,39 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow checks out code, builds an image, performs a container image
|
||||
# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security
|
||||
# code scanning feature. For more information on the Anchore scan action usage
|
||||
# and parameters, see https://github.com/anchore/scan-action. For more
|
||||
# information on Anchore's container image scanning tool Grype, see
|
||||
# https://github.com/anchore/grype
|
||||
name: Anchore Container Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
Anchore-Build-Scan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout the code
|
||||
uses: actions/checkout@v2
|
||||
- name: Build the Docker image
|
||||
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
|
||||
- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
|
||||
uses: anchore/scan-action@b08527d5ae7f7dc76f9621edb6e49eaf47933ccd
|
||||
with:
|
||||
image: "localbuild/testimage:latest"
|
||||
acs-report-enable: true
|
||||
- name: Upload Anchore Scan Report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -0,0 +1,64 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# APIsec addresses the critical need to secure APIs before they reach production.
|
||||
# APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.
|
||||
# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
|
||||
|
||||
# How to Get Started with APIsec.ai
|
||||
# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
|
||||
#
|
||||
# 2. Register your account at https://cloud.fxlabs.io/#/signup .
|
||||
#
|
||||
# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
|
||||
#
|
||||
# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
|
||||
#
|
||||
# apisec-run-scan
|
||||
#
|
||||
# This action triggers the on-demand scans for projects registered in APIsec.
|
||||
# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings.
|
||||
# Else you can view the scan results from the project home page in APIsec Platform.
|
||||
# The link to view the scan results is also displayed on the console on successful completion of action.
|
||||
|
||||
# This is a starter workflow to help you get started with APIsec-Scan Actions
|
||||
|
||||
name: APIsec
|
||||
|
||||
# Controls when the workflow will run
|
||||
on:
|
||||
# Triggers the workflow on push or pull request events but only for the $default-branch branch
|
||||
# Customize trigger events based on your DevSecOps processes.
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
# Allows you to run this workflow manually from the Actions tab
|
||||
workflow_dispatch:
|
||||
|
||||
|
||||
jobs:
|
||||
Trigger APIsec scan:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: APIsec scan
|
||||
uses: apisec-inc/apisec-run-scan@f62d0c6fae8a80f97b091a323befdb56e6ad9993
|
||||
with:
|
||||
# The APIsec username with which the scans will be executed
|
||||
apisec-username: ${{ secrets.apisec_username }}
|
||||
# The Password of the APIsec user with which the scans will be executed
|
||||
apisec-password: ${{ secrets.apisec_password}}
|
||||
# The name of the project for security scan
|
||||
apisec-project: "VAmPI"
|
||||
# The name of the sarif format result file The file is written only if this property is provided.
|
||||
sarif-result-file: "apisec-results.sarif"
|
||||
- name: Import results
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: ./apisec-results.sarif
|
||||
@@ -0,0 +1,51 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow integrates Brakeman with GitHub's Code Scanning feature
|
||||
# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
|
||||
|
||||
name: Brakeman Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
brakeman-scan:
|
||||
name: Brakeman Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checkout the repository to the GitHub Actions runner
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Customize the ruby version depending on your needs
|
||||
- name: Setup Ruby
|
||||
uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf
|
||||
with:
|
||||
ruby-version: '2.7'
|
||||
|
||||
- name: Setup Brakeman
|
||||
env:
|
||||
BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
|
||||
run: |
|
||||
gem install brakeman --version $BRAKEMAN_VERSION
|
||||
|
||||
# Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
|
||||
- name: Scan
|
||||
continue-on-error: true
|
||||
run: |
|
||||
brakeman -f sarif -o output.sarif.json .
|
||||
|
||||
# Upload the SARIF file generated in the previous step
|
||||
- name: Upload SARIF
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: output.sarif.json
|
||||
@@ -0,0 +1,46 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This is a basic workflow to help you get started with Using Checkmarx CxFlow Action
|
||||
|
||||
name: CxFlow
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
|
||||
jobs:
|
||||
# This workflow contains a single job called "build"
|
||||
build:
|
||||
# The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
|
||||
steps:
|
||||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
|
||||
- uses: actions/checkout@v2
|
||||
# Runs the Checkmarx Scan leveraging the latest version of CxFlow - REFER to Action README for list of inputs
|
||||
- name: Checkmarx CxFlow Action
|
||||
uses: checkmarx-ts/checkmarx-cxflow-github-action@9975af7d6b957abec9ee9646effa3fb3b82c5314
|
||||
with:
|
||||
project: ${{ secrets.CHECKMARX_PROJECT }}
|
||||
team: ${{ secrets.CHECKMARX_TEAMS }}
|
||||
checkmarx_url: ${{ secrets.CHECKMARX_URL }}
|
||||
checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
|
||||
checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
|
||||
checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
|
||||
scanners: sast
|
||||
params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory
|
||||
# Upload the Report for CodeQL/Security Alerts
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: cx.sarif
|
||||
@@ -0,0 +1,54 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow checks out code, performs a Codacy security scan
|
||||
# and integrates the results with the
|
||||
# GitHub Advanced Security code scanning feature. For more information on
|
||||
# the Codacy security scan action usage and parameters, see
|
||||
# https://github.com/codacy/codacy-analysis-cli-action.
|
||||
# For more information on Codacy Analysis CLI in general, see
|
||||
# https://github.com/codacy/codacy-analysis-cli.
|
||||
|
||||
name: Codacy Security Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
codacy-security-scan:
|
||||
name: Codacy Security Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checkout the repository to the GitHub Actions runner
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
|
||||
- name: Run Codacy Analysis CLI
|
||||
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
|
||||
with:
|
||||
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
|
||||
# You can also omit the token and run the tools that support default configurations
|
||||
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
|
||||
verbose: true
|
||||
output: results.sarif
|
||||
format: sarif
|
||||
# Adjust severity of non-security issues
|
||||
gh-code-scanning-compat: true
|
||||
# Force 0 exit code to allow SARIF file generation
|
||||
# This will handover control about PR rejection to the GitHub side
|
||||
max-allowed-issues: 2147483647
|
||||
|
||||
# Upload the SARIF file generated in the previous step
|
||||
- name: Upload SARIF results file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -0,0 +1,42 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow requires that you have an existing account with codescan.io
|
||||
# For more information about configuring your workflow,
|
||||
# read our documentation at https://github.com/codescan-io/codescan-scanner-action
|
||||
name: CodeScan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
CodeScan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Cache files
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: |
|
||||
~/.sonar
|
||||
key: ${{ runner.os }}-sonar
|
||||
restore-keys: ${{ runner.os }}-sonar
|
||||
- name: Run Analysis
|
||||
uses: codescan-io/codescan-scanner-action@5b2e8c5683ef6a5adc8fa3b7950bb07debccce12
|
||||
with:
|
||||
login: ${{ secrets.CODESCAN_AUTH_TOKEN }}
|
||||
organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
|
||||
projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: codescan.sarif
|
||||
@@ -0,0 +1,53 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow locates REST API file contracts
|
||||
# (Swagger or OpenAPI format, v2 and v3, JSON and YAML)
|
||||
# and runs 200+ security checks on them using 42Crunch Security Audit technology.
|
||||
#
|
||||
# Documentation is located here: https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
|
||||
#
|
||||
# To use this workflow, you will need to complete the following setup steps.
|
||||
#
|
||||
# 1. Create a free 42Crunch account at https://platform.42crunch.com/register
|
||||
#
|
||||
# 2. Follow steps at https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
|
||||
# to create an API Token on the 42Crunch platform
|
||||
#
|
||||
# 3. Add a secret in GitHub as explained in https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm,
|
||||
# store the 42Crunch API Token in that secret, and supply the secret's name as api-token parameter in this workflow
|
||||
#
|
||||
# If you have any questions or need help contact https://support.42crunch.com
|
||||
|
||||
name: "42Crunch REST API Static Security Testing"
|
||||
|
||||
# follow standard Code Scanning triggers
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
rest-api-static-security-testing:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: 42Crunch REST API Static Security Testing
|
||||
uses: 42Crunch/api-security-audit-action@96228d9c48873fe001354047d47fb62be42abeb1
|
||||
with:
|
||||
# Please create free account at https://platform.42crunch.com/register
|
||||
# Follow these steps to configure API_TOKEN https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
|
||||
api-token: ${{ secrets.API_TOKEN }}
|
||||
# Fail if any OpenAPI file scores lower than 75
|
||||
min-score: 75
|
||||
# Upload results to Github code scanning
|
||||
upload-to-code-scanning: true
|
||||
# Github token for uploading the results
|
||||
github-token: ${{ github.token }}
|
||||
@@ -0,0 +1,118 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow performs a static analysis of your Kotlin source code using
|
||||
# Detekt.
|
||||
#
|
||||
# Scans are triggered:
|
||||
# 1. On every push to default and protected branches
|
||||
# 2. On every Pull Request targeting the default branch
|
||||
# 3. On a weekly schedule
|
||||
# 4. Manually, on demand, via the "workflow_dispatch" event
|
||||
#
|
||||
# The workflow should work with no modifications, but you might like to use a
|
||||
# later version of the Detekt CLI by modifing the $DETEKT_RELEASE_TAG
|
||||
# environment variable.
|
||||
name: Scan with Detekt
|
||||
|
||||
on:
|
||||
# Triggers the workflow on push or pull request events but only for default and protected branches
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
# Allows you to run this workflow manually from the Actions tab
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
# Release tag associated with version of Detekt to be installed
|
||||
# SARIF support (required for this workflow) was introduced in Detekt v1.15.0
|
||||
DETEKT_RELEASE_TAG: v1.15.0
|
||||
|
||||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
|
||||
jobs:
|
||||
# This workflow contains a single job called "scan"
|
||||
scan:
|
||||
name: Scan
|
||||
# The type of runner that the job will run on
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
# Steps represent a sequence of tasks that will be executed as part of the job
|
||||
steps:
|
||||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
# Gets the download URL associated with the $DETEKT_RELEASE_TAG
|
||||
- name: Get Detekt download URL
|
||||
id: detekt_info
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
gh api graphql --field tagName=$DETEKT_RELEASE_TAG --raw-field query='
|
||||
query getReleaseAssetDownloadUrl($tagName: String!) {
|
||||
repository(name: "detekt", owner: "detekt") {
|
||||
release(tagName: $tagName) {
|
||||
releaseAssets(name: "detekt", first: 1) {
|
||||
nodes {
|
||||
downloadUrl
|
||||
}
|
||||
}
|
||||
tagCommit {
|
||||
oid
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
' 1> gh_response.json
|
||||
|
||||
DETEKT_RELEASE_SHA=$(jq --raw-output '.data.repository.release.releaseAssets.tagCommit.oid' gh_response.json)
|
||||
if [ $DETEKT_RELEASE_SHA != "37f0a1d006977512f1f216506cd695039607c3e5" ]; then
|
||||
echo "Release tag doesn't match expected commit SHA"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
DETEKT_DOWNLOAD_URL=$(jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' gh_response.json)
|
||||
echo "::set-output name=download_url::$DETEKT_DOWNLOAD_URL"
|
||||
|
||||
# Sets up the detekt cli
|
||||
- name: Setup Detekt
|
||||
run: |
|
||||
dest=$( mktemp -d )
|
||||
curl --request GET \
|
||||
--url ${{ steps.detekt_info.outputs.download_url }} \
|
||||
--silent \
|
||||
--location \
|
||||
--output $dest/detekt
|
||||
chmod a+x $dest/detekt
|
||||
echo $dest >> $GITHUB_PATH
|
||||
|
||||
# Performs static analysis using Detekt
|
||||
- name: Run Detekt
|
||||
continue-on-error: true
|
||||
run: |
|
||||
detekt --input ${{ github.workspace }} --report sarif:${{ github.workspace }}/detekt.sarif.json
|
||||
|
||||
# Modifies the SARIF output produced by Detekt so that absolute URIs are relative
|
||||
# This is so we can easily map results onto their source files
|
||||
# This can be removed once relative URI support lands in Detekt: https://git.io/JLBbA
|
||||
- name: Make artifact location URIs relative
|
||||
continue-on-error: true
|
||||
run: |
|
||||
echo "$(
|
||||
jq \
|
||||
--arg github_workspace ${{ github.workspace }} \
|
||||
'. | ( .runs[].results[].locations[].physicalLocation.artifactLocation.uri |= if test($github_workspace) then .[($github_workspace | length | . + 1):] else . end )' \
|
||||
${{ github.workspace }}/detekt.sarif.json
|
||||
)" > ${{ github.workspace }}/detekt.sarif.json
|
||||
|
||||
# Uploads results to GitHub repository using the upload-sarif action
|
||||
- uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: ${{ github.workspace }}/detekt.sarif.json
|
||||
checkout_path: ${{ github.workspace }}
|
||||
@@ -0,0 +1,35 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow integrates njsscan with GitHub's Code Scanning feature
|
||||
# nodejsscan is a static security code scanner that finds insecure code patterns in your Node.js applications
|
||||
|
||||
name: njsscan sarif
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
njsscan:
|
||||
runs-on: ubuntu-latest
|
||||
name: njsscan code scanning
|
||||
steps:
|
||||
- name: Checkout the code
|
||||
uses: actions/checkout@v2
|
||||
- name: nodejsscan scan
|
||||
id: njsscan
|
||||
uses: ajinabraham/njsscan-action@7237412fdd36af517e2745077cedbf9d6900d711
|
||||
with:
|
||||
args: '. --sarif --output results.sarif || true'
|
||||
- name: Upload njsscan report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -0,0 +1,52 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# NowSecure: The Mobile Security Experts <https://www.nowsecure.com/>.
|
||||
#
|
||||
# To use this workflow, you must be an existing NowSecure customer with GitHub Advanced Security (GHAS) enabled for your
|
||||
# repository.
|
||||
#
|
||||
# If you *are not* an existing customer, click here to contact us for licensing and pricing details:
|
||||
# <https://info.nowsecure.com/github-request>.
|
||||
#
|
||||
# Instructions:
|
||||
#
|
||||
# 1. In the settings for your repository, click "Secrets" then "New repository secret". Name the secret "NS_TOKEN" and
|
||||
# paste in your Platform token. If you do not have a Platform token, or wish to create a new one for GitHub, visit
|
||||
# NowSecure Platform and go to "Profile & Preferences" then create a token labelled "GitHub".
|
||||
#
|
||||
# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
|
||||
# and review the "Security" tab once the action has run.
|
||||
|
||||
name: "NowSecure"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
jobs:
|
||||
nowsecure:
|
||||
name: NowSecure
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Build your application
|
||||
run: ./gradlew assembleDebug # Update this to build your Android or iOS application
|
||||
|
||||
- name: Run NowSecure
|
||||
uses: nowsecure/nowsecure-action@3b439db31b6dce857b09f5222fd13ffc3159ad26
|
||||
with:
|
||||
token: ${{ secrets.NS_TOKEN }}
|
||||
app_file: app-debug.apk # Update this to a path to your .ipa or .apk
|
||||
group_id: {{ groupId }} # Update this to your desired Platform group ID
|
||||
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: NowSecure.sarif
|
||||
@@ -0,0 +1,49 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow integrates a collection of open source static analysis tools
|
||||
# with GitHub code scanning. For documentation, or to provide feedback, visit
|
||||
# https://github.com/github/ossar-action
|
||||
name: OSSAR
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
OSSAR-Scan:
|
||||
# OSSAR runs on windows-latest.
|
||||
# ubuntu-latest and macos-latest support coming soon
|
||||
runs-on: windows-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Ensure a compatible version of dotnet is installed.
|
||||
# The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
|
||||
# A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
|
||||
# GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
|
||||
# For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
|
||||
# - name: Install .NET
|
||||
# uses: actions/setup-dotnet@v1
|
||||
# with:
|
||||
# dotnet-version: '3.1.x'
|
||||
|
||||
# Run open source static analysis tools
|
||||
- name: Run OSSAR
|
||||
uses: github/ossar-action@v1
|
||||
id: ossar
|
||||
|
||||
# Upload results to the Security tab
|
||||
- name: Upload OSSAR results
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: ${{ steps.ossar.outputs.sarifFile }}
|
||||
@@ -0,0 +1,36 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
name: pmd
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
pmd-code-scan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up JDK 11
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'temurin'
|
||||
cache: maven
|
||||
- name: Run PMD
|
||||
id: pmd
|
||||
uses: pmd/pmd-github-action@6d98898be0d59f46ec37dafcea33d8f8f55acfd1
|
||||
with:
|
||||
rulesets: 'rulesets/java/quickstart.xml'
|
||||
sourcePath: 'src/main/java'
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: pmd-report.sarif
|
||||
@@ -0,0 +1,54 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# A sample workflow that checks for security issues using
|
||||
# the Prisma Cloud Infrastructure as Code Scan Action on
|
||||
# the IaC files present in the repository.
|
||||
# The results are uploaded to GitHub Security Code Scanning
|
||||
#
|
||||
# For more details on the Action configuration see https://github.com/prisma-cloud-shiftleft/iac-scan-action
|
||||
|
||||
name: Prisma Cloud IaC Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
prisma_cloud_iac_scan:
|
||||
runs-on: ubuntu-latest
|
||||
name: Run Prisma Cloud IaC Scan to check
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
- id: iac-scan
|
||||
name: Run Scan on CFT files in the repository
|
||||
uses: prisma-cloud-shiftleft/iac-scan-action@53278c231c438216d99b463308a3cbed351ba0c3
|
||||
with:
|
||||
# You will need Prisma Cloud API Access Token
|
||||
# More details in https://github.com/prisma-cloud-shiftleft/iac-scan-action
|
||||
prisma_api_url: ${{ secrets.PRISMA_CLOUD_API_URL }}
|
||||
access_key: ${{ secrets.PRISMA_CLOUD_ACCESS_KEY }}
|
||||
secret_key: ${{ secrets.PRISMA_CLOUD_SECRET_KEY }}
|
||||
# Scan sources on Prisma Cloud are uniquely identified by their name
|
||||
asset_name: 'my-asset-name'
|
||||
# The service need to know the type of IaC being scanned
|
||||
template_type: 'CFT'
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
# Results are generated only on a success or failure
|
||||
# this is required since GitHub by default won't run the next step
|
||||
# when the previous one has failed.
|
||||
# And alternative it to add `continue-on-error: true` to the previous step
|
||||
if: success() || failure()
|
||||
with:
|
||||
# The SARIF Log file name is configurable on scan action
|
||||
# therefore the file name is best read from the steps output
|
||||
sarif_file: ${{ steps.iac-scan.outputs.iac_scan_result_sarif_path }}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Anchore Container Scan",
|
||||
"creator": "Indeni Cloudrail",
|
||||
"description": "Produce container image vulnerability and compliance reports based on the open-source Anchore container image scanner.",
|
||||
"iconName": "anchore",
|
||||
"categories": ["Code Scanning", "dockerfile"]
|
||||
}
|
||||
@@ -0,0 +1,24 @@
|
||||
{
|
||||
"name": "APIsec Scan",
|
||||
"creator": "APIsec",
|
||||
"description": "APIsec addresses the critical need to secure APIs before they reach production. APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs. Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.",
|
||||
"iconName": "apisec",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"C",
|
||||
"C#",
|
||||
"C++",
|
||||
"Go",
|
||||
"Java",
|
||||
"JavaScript",
|
||||
"Kotlin",
|
||||
"Objective C",
|
||||
"PHP",
|
||||
"Python",
|
||||
"Ruby",
|
||||
"Rust",
|
||||
"Scala",
|
||||
"Swift",
|
||||
"TypeScript"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Brakeman",
|
||||
"creator": "Brakeman",
|
||||
"description": "Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications.",
|
||||
"iconName": "brakeman",
|
||||
"categories": ["Code Scanning", "ruby"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "CxSAST",
|
||||
"creator": "Checkmarx",
|
||||
"description": "Scan your code with Checkmarx CxSAST and see your results in the GitHub security tab.",
|
||||
"iconName": "checkmarx",
|
||||
"categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Codacy Security Scan",
|
||||
"creator": "Codacy",
|
||||
"description": "Free, out-of-the-box, security analysis provided by multiple open source static analysis tools.",
|
||||
"iconName": "codacy",
|
||||
"categories": ["Code Scanning", "apex", "bash", "c", "coffeescript", "c++", "c#", "crystal", "dockerfile", "elixir", "go", "groovy", "java", "javascript", "jsp", "kotlin", "markdown", "php", "plsql", "powershell", "python", "ruby", "scala", "swift", "tsql", "typescript", "velocity", "vba", "xml"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "CodeScan",
|
||||
"creator": "CodeScan Enterprises, LLC",
|
||||
"description": "CodeScan allows for better visibility on your code quality checks based on your custom rulesets.",
|
||||
"iconName": "codescan",
|
||||
"categories": ["Code Scanning", "javascript", "apex"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "42Crunch API Security Audit",
|
||||
"creator": "42Crunch",
|
||||
"description": "Use the 42Crunch API Security Audit REST API to perform static application security testing (SAST) on OpenAPI/Swagger files.",
|
||||
"iconName": "42crunch",
|
||||
"categories": ["Code Scanning"]
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"name": "Detekt",
|
||||
"creator": "Detekt",
|
||||
"description": "Static code analysis for Kotlin",
|
||||
"iconName": "detekt",
|
||||
"categories": ["Code Scanning", "Kotlin"]
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "njsscan",
|
||||
"creator": "NodeJSScan",
|
||||
"description": "nodejsscan is a static security code scanner that finds insecure code patterns in your Node.js applications.",
|
||||
"iconName": "njsscan",
|
||||
"categories": ["Code Scanning", "JavaScript", "TypeScript"]
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
{
|
||||
"name": "NowSecure",
|
||||
"creator": "NowSecure",
|
||||
"description": "The NowSecure Action delivers fast, accurate, automated security analysis of iOS and Android apps coded in any language",
|
||||
"iconName": "nowsecure",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Java",
|
||||
"Kotlin",
|
||||
"Scala",
|
||||
"Swift",
|
||||
"Objective C",
|
||||
"C",
|
||||
"C++",
|
||||
"C#",
|
||||
"Rust",
|
||||
"JavaScript",
|
||||
"TypeScript",
|
||||
"Node"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "OSSAR",
|
||||
"creator": "GitHub",
|
||||
"description": "Run multiple open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner).",
|
||||
"iconName": "octicon mark-github",
|
||||
"categories": ["Code Scanning", "python", "javascript"]
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"name": "pmd",
|
||||
"creator": "pmd",
|
||||
"description": "PMD is a static source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.",
|
||||
"iconName": "pmd",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Java",
|
||||
"JavaScript",
|
||||
"Apex",
|
||||
"Modelica",
|
||||
"PLSQL",
|
||||
"Apache Velocity",
|
||||
"XML",
|
||||
"XSl",
|
||||
"Scala",
|
||||
"Apex"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Prisma Cloud IaC Scan",
|
||||
"creator": "Palo Alto Prisma Cloud",
|
||||
"description": "Scan your Infrastructure as Code files with Prisma Cloud to detect security issues",
|
||||
"iconName": "prisma",
|
||||
"categories": ["Code Scanning"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "RuboCop Linting",
|
||||
"creator": "arthurnn",
|
||||
"description": "A Ruby static code analyzer and formatter, based on the community Ruby style guide.",
|
||||
"iconName": "rubocop",
|
||||
"categories": ["Code Scanning", "ruby"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "OSSF Scorecards supply-chain security analysis",
|
||||
"creator": "Open Source Security Foundation (OpenSSF) - https://github.com/ossf",
|
||||
"description": "Scorecards is a static analysis tool to assess the security posture of your project",
|
||||
"iconName": "scorecards",
|
||||
"categories": ["Code Scanning"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "SecurityCodeScan",
|
||||
"creator": "@security-code-scan",
|
||||
"description": "Vulnerability Patterns Detector for C# and VB.NET",
|
||||
"iconName": "securitycodescan",
|
||||
"categories": ["Code Scanning", "C#", "Visual Basic .NET"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Semgrep",
|
||||
"creator": "Returntocorp",
|
||||
"description": "Continuously run Semgrep to find bugs and enforce secure code standards. Start with 1k+ community rules or write your own in a few minutes.",
|
||||
"iconName": "semgrep",
|
||||
"categories": ["Code Scanning", "Go", "Java", "JavaScript", "JSON", "Python", "Ruby", "TypeScript", "JSX", "TSX"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Scan",
|
||||
"creator": "ShiftLeft",
|
||||
"description": "Scan is a free open-source security tool for modern DevOps teams from ShiftLeft.",
|
||||
"iconName": "shiftleft",
|
||||
"categories": ["Code Scanning"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Snyk Container",
|
||||
"creator": "Snyk",
|
||||
"description": "Detect vulnerabilities in your container images and surface the issues in GitHub code scanning.",
|
||||
"iconName": "snyk",
|
||||
"categories": ["Code Scanning", "dockerfile"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Snyk Infrastructure as Code",
|
||||
"creator": "Snyk",
|
||||
"description": "Detect vulnerabilities in your infrastructure as code files and surface the issues in GitHub code scanning.",
|
||||
"iconName": "snyk",
|
||||
"categories": ["Code Scanning"]
|
||||
}
|
||||
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"name": "Trivy",
|
||||
"creator": "Aqua Security",
|
||||
"description": "Scan Docker container images for vulnerabilities in OS packages and language dependencies with Trivy from Aqua Security.",
|
||||
"iconName": "trivy",
|
||||
"categories": ["Code Scanning", "dockerfile"],
|
||||
"enterprise_requirements": ["docker"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Veracode Static Analysis",
|
||||
"creator": "Veracode",
|
||||
"description": "Get fast feedback on flaws with Veracode Static Analysis and the pipeline scan. Break the build based on flaw severity and CWE category.",
|
||||
"iconName": "veracode",
|
||||
"categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "kotlin", "scala", "groovy", "tsql", "plsql", "perl", "cobol"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Xanitizer",
|
||||
"creator": "RIGS IT",
|
||||
"description": "Automatically scan your code for vulnerabilities and generate compliance reports with the static security analysis tool Xanitizer (SAST).",
|
||||
"iconName": "xanitizer",
|
||||
"categories": ["Code Scanning", "javascript", "java", "scala", "typescript", "xml", "json"]
|
||||
}
|
||||
@@ -0,0 +1,52 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# pulled from repo
|
||||
name: "Rubocop"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
rubocop:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# If running on a self-hosted runner, check it meets the requirements
|
||||
# listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
|
||||
- name: Set up Ruby
|
||||
uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf
|
||||
with:
|
||||
ruby-version: 2.6
|
||||
|
||||
# This step is not necessary if you add the gem to your Gemfile
|
||||
- name: Install Code Scanning integration
|
||||
run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
|
||||
|
||||
- name: Install dependencies
|
||||
run: bundle install
|
||||
|
||||
- name: Rubocop run
|
||||
run: |
|
||||
bash -c "
|
||||
bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
|
||||
[[ $? -ne 2 ]]
|
||||
"
|
||||
|
||||
- name: Upload Sarif output
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: rubocop.sarif
|
||||
@@ -0,0 +1,55 @@
|
||||
name: Scorecards supply-chain security
|
||||
on:
|
||||
# Only the default branch is supported.
|
||||
branch_protection_rule:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
# Declare default permissions as read only.
|
||||
permissions: read-all
|
||||
|
||||
jobs:
|
||||
analysis:
|
||||
name: Scorecards analysis
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
# Needed to upload the results to code-scanning dashboard.
|
||||
security-events: write
|
||||
actions: read
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: "Run analysis"
|
||||
uses: ossf/scorecard-action@e3e75cf2ffbf9364bbff86cdbdf52b23176fe492 # v1.0.1
|
||||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
# Read-only PAT token. To create it,
|
||||
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
|
||||
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
|
||||
# Publish the results to enable scorecard badges. For more details, see
|
||||
# https://github.com/ossf/scorecard-action#publishing-results.
|
||||
# For private repositories, `publish_results` will automatically be set to `false`,
|
||||
# regardless of the value entered here.
|
||||
publish_results: true
|
||||
|
||||
# Upload the results as artifacts (optional).
|
||||
- name: "Upload artifact"
|
||||
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
retention-days: 5
|
||||
|
||||
# Upload the results to GitHub's code scanning dashboard.
|
||||
- name: "Upload to code-scanning"
|
||||
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -0,0 +1,41 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow integrates SecurityCodeScan with GitHub's Code Scanning feature
|
||||
# SecurityCodeScan is a vulnerability patterns detector for C# and VB.NET
|
||||
|
||||
name: SecurityCodeScan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
SCS:
|
||||
runs-on: windows-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
|
||||
- uses: microsoft/setup-msbuild@v1.0.2
|
||||
|
||||
- name: Set up projects for analysis
|
||||
uses: security-code-scan/security-code-scan-add-action@f8ff4f2763ed6f229eded80b1f9af82ae7f32a0d
|
||||
|
||||
- name: Restore dependencies
|
||||
run: dotnet restore
|
||||
|
||||
- name: Build
|
||||
run: dotnet build --no-restore
|
||||
|
||||
- name: Convert sarif for uploading to GitHub
|
||||
uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687
|
||||
|
||||
- name: Upload sarif
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
@@ -0,0 +1,42 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow file requires a free account on Semgrep.dev to
|
||||
# manage rules, file ignores, notifications, and more.
|
||||
#
|
||||
# See https://semgrep.dev/docs
|
||||
|
||||
name: Semgrep
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
semgrep:
|
||||
name: Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checkout project source
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
# Scan code using project's configuration on https://semgrep.dev/manage
|
||||
- uses: returntocorp/semgrep-action@fcd5ab7459e8d91cb1777481980d1b18b4fc6735
|
||||
with:
|
||||
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
|
||||
publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
|
||||
generateSarif: "1"
|
||||
|
||||
# Upload SARIF file generated in previous step
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: semgrep.sarif
|
||||
if: always()
|
||||
@@ -0,0 +1,47 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow integrates Scan with GitHub's code scanning feature
|
||||
# Scan is a free open-source security tool for modern DevOps teams from ShiftLeft
|
||||
# Visit https://slscan.io/en/latest/integrations/code-scan for help
|
||||
name: SL Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
Scan-Build:
|
||||
# Scan runs on ubuntu, mac and windows
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
# Instructions
|
||||
# 1. Setup JDK, Node.js, Python etc depending on your project type
|
||||
# 2. Compile or build the project before invoking scan
|
||||
# Example: mvn compile, or npm install or pip install goes here
|
||||
# 3. Invoke Scan with the github token. Leave the workspace empty to use relative url
|
||||
|
||||
- name: Perform Scan
|
||||
uses: ShiftLeftSecurity/scan-action@39af9e54bc599c8077e710291d790175c9231f64
|
||||
env:
|
||||
WORKSPACE: ""
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
SCAN_AUTO_BUILD: true
|
||||
with:
|
||||
output: reports
|
||||
# Scan auto-detects the languages in your project. To override uncomment the below variable and set the type
|
||||
# type: credscan,java
|
||||
# type: python
|
||||
|
||||
- name: Upload report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: reports
|
||||
@@ -0,0 +1,48 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# A sample workflow which checks out the code, builds a container
|
||||
# image using Docker and scans that image for vulnerabilities using
|
||||
# Snyk. The results are then uploaded to GitHub Security Code Scanning
|
||||
#
|
||||
# For more examples, including how to limit scans to only high-severity
|
||||
# issues, monitor images for newly disclosed vulnerabilities in Snyk and
|
||||
# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/
|
||||
|
||||
name: Snyk Container
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
snyk:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Build a Docker image
|
||||
run: docker build -t your/image-to-test .
|
||||
- name: Run Snyk to check Docker image for vulnerabilities
|
||||
# Snyk can be used to break the build when it detects vulnerabilities.
|
||||
# In this case we want to upload the issues to GitHub Code Scanning
|
||||
continue-on-error: true
|
||||
uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4
|
||||
env:
|
||||
# In order to use the Snyk Action you will need to have a Snyk API token.
|
||||
# More details in https://github.com/snyk/actions#getting-your-snyk-token
|
||||
# or you can signup for free at https://snyk.io/login
|
||||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||
with:
|
||||
image: your/image-to-test
|
||||
args: --file=Dockerfile
|
||||
- name: Upload result to GitHub Code Scanning
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: snyk.sarif
|
||||
@@ -0,0 +1,47 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# A sample workflow which checks out your Infrastructure as Code Configuration files,
|
||||
# such as Kubernetes, Helm & Terraform and scans them for any security issues.
|
||||
# The results are then uploaded to GitHub Security Code Scanning
|
||||
#
|
||||
# For more examples, including how to limit scans to only high-severity issues
|
||||
# and fail PR checks, see https://github.com/snyk/actions/
|
||||
|
||||
name: Snyk Infrastructure as Code
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
snyk:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Run Snyk to check configuration files for security issues
|
||||
# Snyk can be used to break the build when it detects security issues.
|
||||
# In this case we want to upload the issues to GitHub Code Scanning
|
||||
continue-on-error: true
|
||||
uses: snyk/actions/iac@14818c4695ecc4045f33c9cee9e795a788711ca4
|
||||
env:
|
||||
# In order to use the Snyk Action you will need to have a Snyk API token.
|
||||
# More details in https://github.com/snyk/actions#getting-your-snyk-token
|
||||
# or you can signup for free at https://snyk.io/login
|
||||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||
with:
|
||||
# Add the path to the configuration file that you would like to test.
|
||||
# For example `deployment.yaml` for a Kubernetes deployment manifest
|
||||
# or `main.tf` for a Terraform configuration file
|
||||
file: your-file-to-test.yaml
|
||||
- name: Upload result to GitHub Code Scanning
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: snyk.sarif
|
||||
@@ -0,0 +1,41 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
name: build
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Build
|
||||
runs-on: "ubuntu-18.04"
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Build an image from Dockerfile
|
||||
run: |
|
||||
docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
|
||||
with:
|
||||
image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
|
||||
format: 'template'
|
||||
template: '@/contrib/sarif.tpl'
|
||||
output: 'trivy-results.sarif'
|
||||
severity: 'CRITICAL,HIGH'
|
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
@@ -0,0 +1,51 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow will initiate a Veracode Static Analysis Pipeline scan, return a results.json and convert to SARIF for upload as a code scanning alert
|
||||
|
||||
name: Veracode Static Analysis Pipeline Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
|
||||
jobs:
|
||||
# This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter
|
||||
build-and-pipeline-scan:
|
||||
# The type of runner that the job will run on
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
repository: ''
|
||||
|
||||
- run: zip -r veracode-scan-target.zip ./
|
||||
|
||||
# download the Veracode Static Analysis Pipeline scan jar
|
||||
- run: curl --silent --show-error --fail -O https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
|
||||
- run: unzip -o pipeline-scan-LATEST.zip
|
||||
|
||||
- uses: actions/setup-java@v1
|
||||
with:
|
||||
java-version: 1.8
|
||||
- run: java -jar pipeline-scan.jar --veracode_api_id "${{secrets.VERACODE_API_ID}}" --veracode_api_key "${{secrets.VERACODE_API_KEY}}" --fail_on_severity="Very High, High" --file veracode-scan-target.zip
|
||||
continue-on-error: true
|
||||
- name: Convert pipeline scan output to SARIF format
|
||||
id: convert
|
||||
uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be
|
||||
with:
|
||||
pipeline-results-json: results.json
|
||||
- uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: veracode-results.sarif
|
||||
@@ -0,0 +1,92 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow downloads and installs the latest version of Xanitizer, builds your project, runs a Xanitizer security analysis on it,
|
||||
# and then archives the findings list reports and uploads the findings into the GitHub code scanning alert section of your repository.
|
||||
#
|
||||
# Documentation for the `RIGS-IT/xanitizer-action` is located here: https://github.com/RIGS-IT/xanitizer-action
|
||||
#
|
||||
# To use this basic workflow, you will need to complete the following setup steps:
|
||||
#
|
||||
# 1. The underlying Xanitizer, used in this workflow, needs a separate license file.
|
||||
# Licenses are free of charge for open source projects and for educational usage.
|
||||
# To get more information about the Xanitizer licenses and how to obtain a license file,
|
||||
# please consult https://www.xanitizer.com/xanitizer-pricing/.
|
||||
#
|
||||
# 2. The content of the license file has to be stored as a GitHub secret (e.g. XANITIZER_LICENSE) on this repository.
|
||||
# Please consult https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets for details.
|
||||
#
|
||||
# 3. Reference the GitHub secret in the step using the `RIGS-IT/xanitizer-action` GitHub action.
|
||||
# Example:
|
||||
# - name: Xanitizer Security Analysis
|
||||
# uses: RIGS-IT/xanitizer-action@v1
|
||||
# with:
|
||||
# license: ${{ secrets.XANITIZER_LICENSE }}
|
||||
#
|
||||
# 4. As a static application security testing (SAST) tool,
|
||||
# Xanitizer requires that all dependencies of the artifacts being analyzed can be resolved successfully.
|
||||
# So you have to install all used libraries and build your project before running the security analysis,
|
||||
# e.g. via `mvn compile` for Java or `npm install` for JavaScript
|
||||
|
||||
name: "Xanitizer Security Analysis"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
xanitizer-security-analysis:
|
||||
# Xanitizer runs on ubuntu-latest and windows-latest.
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
# Check out the repository
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Set up the correct Java version for your project
|
||||
# Please comment out, if your project does not contain Java source code.
|
||||
- name: Set up JDK 11
|
||||
uses: actions/setup-java@v1
|
||||
with:
|
||||
java-version: 11
|
||||
|
||||
# Compile the code for Java projects and get all libraries, e.g. via Maven
|
||||
# Please adapt, if your project uses another build system to compile Java source code.
|
||||
# Please comment out, if your project does not contain Java source code.
|
||||
- name: Compile Java code
|
||||
run: mvn -B compile
|
||||
|
||||
# Install all dependent libraries for JavaScript/TypeScript projects, e.g. via npm
|
||||
# Please adapt to run `npm install` in the correct directories.
|
||||
# Please adapt, if your project uses another package manager for getting JavaScript libraries.
|
||||
# Please comment out, if your project does not use a package manager for getting JavaScript libraries.
|
||||
- name: Install JavaScript libraries
|
||||
run: npm install
|
||||
|
||||
# Run the security analysis with default settings
|
||||
- name: Xanitizer Security Analysis
|
||||
uses: RIGS-IT/xanitizer-action@87d13138fb113b727cbe040c744a15a2b4fe5316
|
||||
with:
|
||||
license: ${{ secrets.XANITIZER_LICENSE }}
|
||||
|
||||
# Archiving the findings list reports
|
||||
- uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: Xanitizer-Reports
|
||||
path: |
|
||||
*-Findings-List.pdf
|
||||
*-Findings-List.sarif
|
||||
|
||||
# Uploads the findings into the GitHub code scanning alert section using the upload-sarif action
|
||||
- uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: Xanitizer-Findings-List.sarif
|
||||
@@ -0,0 +1,82 @@
|
||||
# This workflow will build and push a Docker container to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-custom-container?tabs=dotnet&pivots=container-linux
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Create a GitHub Personal access token with "repo" and "read:packages" permissions.
|
||||
#
|
||||
# 4. Create three app settings on your Azure Web app:
|
||||
# DOCKER_REGISTRY_SERVER_URL: Set this to "https://ghcr.io"
|
||||
# DOCKER_REGISTRY_SERVER_USERNAME: Set this to the GitHub username or organization that owns the repository
|
||||
# DOCKER_REGISTRY_SERVER_PASSWORD: Set this to the value of your PAT token from the previous step
|
||||
#
|
||||
# 5. Change the value for the AZURE_WEBAPP_NAME.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
name: Build and deploy a container to an Azure Web App
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: Log in to GitHub container registry
|
||||
uses: docker/login-action@v1.10.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ github.token }}
|
||||
|
||||
- name: Lowercase the repo name and username
|
||||
run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
|
||||
|
||||
- name: Build and push container image to registry
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: true
|
||||
tags: ghcr.io/${{ env.REPO }}:${{ github.sha }}
|
||||
file: ./Dockerfile
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Lowercase the repo name and username
|
||||
run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
|
||||
|
||||
- name: Deploy to Azure Web App
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
images: 'ghcr.io/${{ env.REPO }}:${{ github.sha }}'
|
||||
@@ -0,0 +1,80 @@
|
||||
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
|
||||
#
|
||||
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
|
||||
# https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
|
||||
# https://github.com/Azure/aks-create-action
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set the following secrets in your repository:
|
||||
# - AZURE_CREDENTIALS (instructions for getting this https://github.com/Azure/login#configure-a-service-principal-with-a-secret)
|
||||
#
|
||||
# 2. Set the following environment variables (or replace the values below):
|
||||
# - AZURE_CONTAINER_REGISTRY (name of your container registry)
|
||||
# - PROJECT_NAME
|
||||
# - RESOURCE_GROUP (where your cluster is deployed)
|
||||
# - CLUSTER_NAME (name of your AKS cluster)
|
||||
#
|
||||
# 3. Choose the approrpiate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes helm, then set
|
||||
# any needed environment variables such as:
|
||||
# - CHART_PATH
|
||||
# - CHART_OVERRIDE_PATH
|
||||
#
|
||||
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
|
||||
# For more options with the actions used below please see the folllowing
|
||||
# https://github.com/Azure/login
|
||||
# https://github.com/Azure/aks-set-context
|
||||
# https://github.com/marketplace/actions/azure-cli-action
|
||||
# https://github.com/Azure/k8s-bake
|
||||
# https://github.com/Azure/k8s-deploy
|
||||
|
||||
on: [push]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
|
||||
- name: Azure Login
|
||||
uses: azure/login@v1
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
||||
|
||||
- name: Build image on ACR
|
||||
uses: azure/CLI@v1
|
||||
with:
|
||||
azcliversion: 2.29.1
|
||||
inlineScript: |
|
||||
az configure --defaults acr=${{ env.AZURE_CONTAINER_REGISTRY }}
|
||||
az acr build -t -t ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.PROJECT_NAME }}:${{ github.sha }}
|
||||
|
||||
- name: Gets K8s context
|
||||
uses: azure/aks-set-context@v1
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
||||
resource-group: ${{ env.RESOURCE_GROUP }}
|
||||
cluster-name: ${{ env.CLUSTER_NAME }}
|
||||
id: login
|
||||
|
||||
- name: Configure deployment
|
||||
uses: azure/k8s-bake@v1
|
||||
with:
|
||||
renderEngine: 'helm'
|
||||
helmChart: ${{ env.CHART_PATH }}
|
||||
overrideFiles: ${{ env.CHART_OVERRIDE_PATH }}
|
||||
overrides: |
|
||||
replicas:2
|
||||
helm-version: 'latest'
|
||||
id: bake
|
||||
|
||||
- name: Deploys application
|
||||
- uses: Azure/k8s-deploy@v1
|
||||
with:
|
||||
manifests: ${{ steps.bake.outputs.manifestsBundle }}
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.PROJECT_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.PROJECT_NAME }}
|
||||
@@ -0,0 +1,64 @@
|
||||
# This workflow will build and push a web application to an Azure Static Web App when you change your code.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure Static Web App.
|
||||
# For instructions see https://docs.microsoft.com/azure/static-web-apps/get-started-portal?tabs=vanilla-javascript
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set up a secret in your repository named AZURE_STATIC_WEB_APPS_API_TOKEN with the value of your Static Web Apps deployment token.
|
||||
# For instructions on obtaining the deployment token see: https://docs.microsoft.com/azure/static-web-apps/deployment-token-management
|
||||
#
|
||||
# 3. Change the values for the APP_LOCATION, API_LOCATION and APP_ARTIFACT_LOCATION, AZURE_STATIC_WEB_APPS_API_TOKEN environment variables (below).
|
||||
# For instructions on setting up the appropriate configuration values go to https://docs.microsoft.com/azure/static-web-apps/front-end-frameworks
|
||||
name: Deploy web app to Azure Static Web Apps
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
pull_request:
|
||||
types: [opened, synchronize, reopened, closed]
|
||||
branches:
|
||||
- $default-branch
|
||||
|
||||
# Environment variables available to all jobs and steps in this workflow
|
||||
env:
|
||||
APP_LOCATION: "/" # location of your client code
|
||||
API_LOCATION: "api" # location of your api source code - optional
|
||||
APP_ARTIFACT_LOCATION: "build" # location of client code build output
|
||||
AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing deployment token for your static web app
|
||||
|
||||
jobs:
|
||||
build_and_deploy_job:
|
||||
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed')
|
||||
runs-on: ubuntu-latest
|
||||
name: Build and Deploy Job
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
submodules: true
|
||||
- name: Build And Deploy
|
||||
id: builddeploy
|
||||
uses: Azure/static-web-apps-deploy@v1
|
||||
with:
|
||||
azure_static_web_apps_api_token: ${{ env.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing api token for app
|
||||
repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments)
|
||||
action: "upload"
|
||||
###### Repository/Build Configurations - These values can be configured to match you app requirements. ######
|
||||
# For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig
|
||||
app_location: ${{ env.APP_LOCATION }}
|
||||
api_location: ${{ env.API_LOCATION }}
|
||||
app_artifact_location: ${{ env.APP_ARTIFACT_LOCATION }}
|
||||
###### End of Repository/Build Configurations ######
|
||||
|
||||
close_pull_request_job:
|
||||
if: github.event_name == 'pull_request' && github.event.action == 'closed'
|
||||
runs-on: ubuntu-latest
|
||||
name: Close Pull Request Job
|
||||
steps:
|
||||
- name: Close Pull Request
|
||||
id: closepullrequest
|
||||
uses: Azure/static-web-apps-deploy@v1
|
||||
with:
|
||||
azure_static_web_apps_api_token: ${{ env.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing api token for app
|
||||
action: "close"
|
||||
@@ -0,0 +1,84 @@
|
||||
# This workflow will build and push a .NET Core app to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-dotnetcore?tabs=net60&pivots=development-environment-vscode
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and DOTNET_VERSION environment variables below.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
name: Build and deploy ASP.Net Core app to an Azure Web App
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
DOTNET_VERSION: '5' # set this to the .NET Core version to use
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up .NET Core
|
||||
uses: actions/setup-dotnet@v1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNET_VERSION }}
|
||||
|
||||
- name: Set up dependency caching for faster builds
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/.nuget/packages
|
||||
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-nuget-
|
||||
|
||||
- name: Build with dotnet
|
||||
run: dotnet build --configuration Release
|
||||
|
||||
- name: dotnet publish
|
||||
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/myapp
|
||||
|
||||
- name: Upload artifact for deployment job
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: .net-app
|
||||
path: ${{env.DOTNET_ROOT}}/myapp
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Download artifact from build job
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: .net-app
|
||||
|
||||
- name: Deploy to Azure Web App
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
|
||||
@@ -0,0 +1,73 @@
|
||||
# This workflow will build and push a Java application to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-java?tabs=javase&pivots=platform-linux
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the JAVA_VERSION environment variable below.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
name: Build and deploy JAR app to Azure Web App
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
|
||||
JAVA_VERSION: '11' # set this to the Java version to use
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Java version
|
||||
uses: actions/setup-java@v2.3.1
|
||||
with:
|
||||
java-version: ${{ env.JAVA_VERSION }}
|
||||
cache: 'maven'
|
||||
|
||||
- name: Build with Maven
|
||||
run: mvn clean install
|
||||
|
||||
- name: Upload artifact for deployment job
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: java-app
|
||||
path: '${{ github.workspace }}/target/*.jar'
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Download artifact from build job
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: java-app
|
||||
|
||||
- name: Deploy to Azure Web App
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: '*.jar'
|
||||
@@ -0,0 +1,74 @@
|
||||
# This workflow will build and push a node.js application to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-nodejs?tabs=linux&pivots=development-environment-cli
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables below.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
NODE_VERSION: '14.x' # set this to the node version to use
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Node.js
|
||||
uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
cache: 'npm'
|
||||
|
||||
- name: npm install, build, and test
|
||||
run: |
|
||||
npm install
|
||||
npm run build --if-present
|
||||
npm run test --if-present
|
||||
|
||||
- name: Upload artifact for deployment job
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: node-app
|
||||
path: .
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Download artifact from build job
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: node-app
|
||||
|
||||
- name: 'Deploy to Azure WebApp'
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
|
||||
@@ -0,0 +1,95 @@
|
||||
# This workflow will build and push a PHP application to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-php?pivots=platform-linux
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and PHP_VERSION environment variables below.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
name: Build and deploy PHP app to Azure Web App
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
PHP_VERSION: '8.x' # set this to the PHP version to use
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Setup PHP
|
||||
uses: shivammathur/setup-php@7c0b4c8c8ebed23eca9ec2802474895d105b11bc
|
||||
with:
|
||||
php-version: ${{ env.PHP_VERSION }}
|
||||
|
||||
- name: Check if composer.json exists
|
||||
id: check_files
|
||||
uses: andstor/file-existence-action@87d74d4732ddb824259d80c8a508c0124bf1c673
|
||||
with:
|
||||
files: 'composer.json'
|
||||
|
||||
- name: Get Composer Cache Directory
|
||||
id: composer-cache
|
||||
if: steps.check_files.outputs.files_exists == 'true'
|
||||
run: |
|
||||
echo "::set-output name=dir::$(composer config cache-files-dir)"
|
||||
|
||||
- name: Set up dependency caching for faster installs
|
||||
uses: actions/cache@v2
|
||||
if: steps.check_files.outputs.files_exists == 'true'
|
||||
with:
|
||||
path: ${{ steps.composer-cache.outputs.dir }}
|
||||
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-composer-
|
||||
|
||||
- name: Run composer install if composer.json exists
|
||||
if: steps.check_files.outputs.files_exists == 'true'
|
||||
run: composer validate --no-check-publish && composer install --prefer-dist --no-progress
|
||||
|
||||
- name: Upload artifact for deployment job
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: php-app
|
||||
path: .
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Download artifact from build job
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: php-app
|
||||
|
||||
- name: 'Deploy to Azure Web App'
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: .
|
||||
@@ -0,0 +1,82 @@
|
||||
# This workflow will build and push a Python application to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-python?tabs=bash&pivots=python-framework-flask
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the PYTHON_VERSION environment variables below.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
name: Build and deploy Python app to Azure Web App
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
|
||||
PYTHON_VERSION: '3.8' # set this to the Python version to use
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Python version
|
||||
uses: actions/setup-python@v2.2.2
|
||||
with:
|
||||
python-version: ${{ env.PYTHON_VERSION }}
|
||||
cache: 'pip'
|
||||
|
||||
- name: Create and start virtual environment
|
||||
run: |
|
||||
python -m venv venv
|
||||
source venv/bin/activate
|
||||
|
||||
- name: Install dependencies
|
||||
run: pip install -r requirements.txt
|
||||
|
||||
# Optional: Add step to run tests here (PyTest, Django test suites, etc.)
|
||||
|
||||
- name: Upload artifact for deployment jobs
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: python-app
|
||||
path: |
|
||||
.
|
||||
!venv/
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Download artifact from build job
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: python-app
|
||||
path: .
|
||||
|
||||
- name: 'Deploy to Azure Web App'
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
@@ -1,51 +0,0 @@
|
||||
# This workflow will build and push a node.js application to an Azure Web App when there is a push to the $default-branch branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/azure/app-service/app-service-plan-manage#create-an-app-service-plan
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. For Linux apps, add an app setting called WEBSITE_WEBDEPLOY_USE_SCM and set it to true in your app **before downloading the file**.
|
||||
# For more instructions see: https://docs.microsoft.com/azure/app-service/configure-common#configure-app-settings
|
||||
#
|
||||
# 2. Set up a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE with the value of your Azure publish profile.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the values for the AZURE_WEBAPP_NAME, AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables (below).
|
||||
#
|
||||
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
NODE_VERSION: '10.x' # set this to the node version to use
|
||||
|
||||
jobs:
|
||||
build-and-deploy:
|
||||
name: Build and Deploy
|
||||
runs-on: ubuntu-latest
|
||||
environment: production
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Use Node.js ${{ env.NODE_VERSION }}
|
||||
uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
- name: npm install, build, and test
|
||||
run: |
|
||||
# Build and test the project, then
|
||||
# deploy to Azure Web App.
|
||||
npm install
|
||||
npm run build --if-present
|
||||
npm run test --if-present
|
||||
- name: 'Deploy to Azure WebApp'
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
|
||||
@@ -4,11 +4,11 @@
|
||||
#
|
||||
# 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc.
|
||||
#
|
||||
# 2. Set up secrets in your workspace: GKE_PROJECT with the name of the project and GKE_SA_KEY with the Base64 encoded JSON service account key (https://github.com/GoogleCloudPlatform/github-actions/tree/docs/service-account-key/setup-gcloud#inputs).
|
||||
# 2. Create and configure a Workload Identity Provider for GitHub (https://github.com/google-github-actions/auth#setting-up-workload-identity-federation)
|
||||
#
|
||||
# 3. Change the values for the GKE_ZONE, GKE_CLUSTER, IMAGE, and DEPLOYMENT_NAME environment variables (below).
|
||||
# 3. Change the values for the GAR_LOCATION, GKE_ZONE, GKE_CLUSTER, IMAGE, REPOSITORY and DEPLOYMENT_NAME environment variables (below).
|
||||
#
|
||||
# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke
|
||||
# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke-kustomize
|
||||
|
||||
name: Build and Deploy to GKE
|
||||
|
||||
@@ -19,11 +19,17 @@ on:
|
||||
|
||||
env:
|
||||
PROJECT_ID: ${{ secrets.GKE_PROJECT }}
|
||||
GAR_LOCATION: us-central1 # TODO: update region of the Artifact Registry
|
||||
GKE_CLUSTER: cluster-1 # TODO: update to cluster name
|
||||
GKE_ZONE: us-central1-c # TODO: update to cluster zone
|
||||
DEPLOYMENT_NAME: gke-test # TODO: update to deployment name
|
||||
REPOSITORY: samples # TODO: update to Artifact Registry docker repository
|
||||
IMAGE: static-site
|
||||
|
||||
permissions:
|
||||
contents: 'read'
|
||||
id-token: 'write'
|
||||
|
||||
jobs:
|
||||
setup-build-publish-deploy:
|
||||
name: Setup, Build, Publish, and Deploy
|
||||
@@ -34,48 +40,47 @@ jobs:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Setup gcloud CLI
|
||||
- uses: google-github-actions/setup-gcloud@v0.2.0
|
||||
# Configure Workload Identity Federation and generate an access token.
|
||||
- id: 'auth'
|
||||
name: 'Authenticate to Google Cloud'
|
||||
uses: 'google-github-actions/auth@v0.4.0'
|
||||
with:
|
||||
service_account_key: ${{ secrets.GKE_SA_KEY }}
|
||||
project_id: ${{ secrets.GKE_PROJECT }}
|
||||
|
||||
# Configure Docker to use the gcloud command-line tool as a credential
|
||||
# helper for authentication
|
||||
- run: |-
|
||||
gcloud --quiet auth configure-docker
|
||||
token_format: 'access_token'
|
||||
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
|
||||
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
|
||||
|
||||
- name: Docker configuration
|
||||
run: |-
|
||||
echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GAR_LOCATION-docker.pkg.dev
|
||||
# Get the GKE credentials so we can deploy to the cluster
|
||||
- uses: google-github-actions/get-gke-credentials@v0.2.1
|
||||
- name: Set up GKE credentials
|
||||
uses: google-github-actions/get-gke-credentials@v0.4.0
|
||||
with:
|
||||
cluster_name: ${{ env.GKE_CLUSTER }}
|
||||
location: ${{ env.GKE_ZONE }}
|
||||
credentials: ${{ secrets.GKE_SA_KEY }}
|
||||
|
||||
# Build the Docker image
|
||||
- name: Build
|
||||
run: |-
|
||||
docker build \
|
||||
--tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \
|
||||
--tag "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" \
|
||||
--build-arg GITHUB_SHA="$GITHUB_SHA" \
|
||||
--build-arg GITHUB_REF="$GITHUB_REF" \
|
||||
.
|
||||
|
||||
# Push the Docker image to Google Container Registry
|
||||
# Push the Docker image to Google Artifact Registry
|
||||
- name: Publish
|
||||
run: |-
|
||||
docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA"
|
||||
|
||||
docker push "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA"
|
||||
# Set up kustomize
|
||||
- name: Set up Kustomize
|
||||
run: |-
|
||||
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
|
||||
chmod u+x ./kustomize
|
||||
|
||||
# Deploy the Docker image to the GKE cluster
|
||||
- name: Deploy
|
||||
run: |-
|
||||
./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA
|
||||
# replacing the image name in the k8s template
|
||||
./kustomize edit set image LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG=$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA
|
||||
./kustomize build . | kubectl apply -f -
|
||||
kubectl rollout status deployment/$DEPLOYMENT_NAME
|
||||
kubectl get services -o wide
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy a container to an Azure Web App",
|
||||
"description": "Build a container and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "Dockerfile"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy to a AKS Cluster",
|
||||
"description": "Deploy an application to a Azure Kubernetes Service Cluster using Azure Credentials",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "Kompose", "Helm", "Kustomize", "Kubernetes", "Dockerfile"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy web app to Azure Static Web Apps",
|
||||
"description": "Build and deploy web application to an Azure Static Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure-staticwebapp",
|
||||
"categories": ["Deployment", "React", "Angular", "Vue", "Svelte", "Gatsby", "Next", "Nuxt", "Jekyll", "Blazor"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy a .NET Core app to an Azure Web App",
|
||||
"description": "Build a .NET Core project and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "C#", "aspNetCore"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy a Java .jar app to an Azure Web App",
|
||||
"description": "Build a Java project and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "Java", "Maven"]
|
||||
}
|
||||
@@ -3,5 +3,5 @@
|
||||
"description": "Build a Node.js project and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment"]
|
||||
}
|
||||
"categories": ["Deployment", "JavaScript", "TypeScript", "npm"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy a PHP app to an Azure Web App",
|
||||
"description": "Build a PHP app and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "PHP"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy a Python app to an Azure Web App",
|
||||
"description": "Build a Python app and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "Python", "Django", "Flask", "Pip"]
|
||||
}
|
||||
@@ -3,5 +3,5 @@
|
||||
"description": "Build a docker container, publish it to Google Container Registry, and deploy to GKE.",
|
||||
"creator": "Google Cloud",
|
||||
"iconName": "googlegke",
|
||||
"categories": ["Deployment", "Dockerfile"]
|
||||
"categories": ["Deployment", "Dockerfile", "Kubernetes", "Kustomize"]
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 23.0.4, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 160.0 180.0" style="enable-background:new 0 0 566.93 192.22;" xml:space="preserve">
|
||||
<style type="text/css">
|
||||
.st0{fill:#2D2D2D;}
|
||||
.st1{fill:#7F488E;}
|
||||
.st2{fill:#FFFFFF;}
|
||||
</style>
|
||||
<polygon class="st1" points="154.94,136.71 154.94,53.26 82.67,11.54 10.4,53.26 10.4,136.71 82.67,178.44 "/>
|
||||
<path class="st2" d="M71.02,77.04h11.61v43.88h0.14v9.83h-0.14v13.8H71.72v-13.8H35.09v-9.63L71.02,77.04z M71.72,120.91V91.42
|
||||
l-24.04,29.49H71.72z"/>
|
||||
<path class="st2" d="M82.06,57.1c6.68-4.57,14.16-6.85,22.44-6.85c7.08,0,12.81,1.64,17.17,4.91c4.37,3.28,6.55,7.96,6.55,14.05
|
||||
c0,5.05-1.68,9.36-5.05,12.93c-3.37,3.57-7.95,7.07-13.75,10.47c-0.45,0.28-1.29,0.79-2.5,1.54c-1.22,0.75-2.08,1.28-2.59,1.59
|
||||
c-0.51,0.31-1.29,0.79-2.33,1.43c-1.05,0.64-1.82,1.12-2.33,1.43c-0.51,0.31-1.17,0.79-2,1.43c-0.82,0.64-1.43,1.18-1.82,1.62
|
||||
c-0.39,0.44-0.85,0.98-1.38,1.62c-0.53,0.64-0.9,1.23-1.13,1.77c-0.23,0.54-0.44,1.15-0.64,1.83c-0.2,0.68-0.3,1.35-0.3,2.03
|
||||
l36.19-0.1v10.23h-48.8v-5.16c0-8.6,3.64-15.75,10.92-21.44c2.03-1.53,5.84-3.99,11.41-7.39c5.61-3.22,9.22-5.56,10.83-7.01
|
||||
c2.65-2.58,3.97-5.46,3.97-8.64c0-2.91-1.18-5.13-3.52-6.65c-2.35-1.52-5.64-2.28-9.88-2.28c-7.35,0-14.49,2.52-21.44,7.54V57.1z"/>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.4 KiB |
@@ -0,0 +1 @@
|
||||
<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 31.44 37.52"><defs><style>.cls-1{fill:#307fe2;}</style></defs><path class="cls-1" d="M24.8,29.72V13.77C24.8,9,21,5.51,15.65,5.51A8.83,8.83,0,0,0,7,11.35c0,.45.06,1.25,1.37,1.66s2-.3,2.16-.79A5.29,5.29,0,0,1,15.65,8.7c3.21,0,5.55,2.15,5.55,5.11v1.27c0,.6-.8,1-1.54,1.15L13.27,17.9C8.49,19,6.63,20.84,6.63,24.5c0,4.26,3.83,7.47,8.93,7.51a.48.48,0,0,0,.2,0,1.47,1.47,0,0,0,.78-1.5,1.69,1.69,0,0,0-.78-1.6.42.42,0,0,0-.21-.06c-3.09,0-5.31-1.84-5.31-4.31,0-2.28,1.25-3,3.88-3.61,0,0,4.62-1.22,6.44-1.76a.48.48,0,0,1,.62.46l0,1v5.61a.65.65,0,0,0,0,.2A7.49,7.49,0,0,0,24.42,30C24.73,30.15,24.8,29.89,24.8,29.72Z"/></svg>
|
||||
|
After Width: | Height: | Size: 699 B |
@@ -0,0 +1,9 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="533px" height="617px" viewBox="0 0 533 617" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<title>Fill 11</title>
|
||||
<g id="Screens" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
|
||||
<g id="Logo-Mark" transform="translate(-484.000000, -442.000000)" fill="#025C7A">
|
||||
<path d="M746.975832,712.678783 C764.128375,712.678783 778.123597,726.606828 778.123597,743.759372 C778.123597,760.889523 764.128375,774.884745 746.975832,774.884745 C729.823288,774.884745 715.872851,760.889523 715.872851,743.759372 C715.872851,726.606828 729.823288,712.678783 746.975832,712.678783 L746.975832,712.678783 Z M746.707124,442 L484,586.565042 L484,707.618111 C483.977626,778.26599 504.444238,846.876165 543.183012,905.991981 C581.944178,965.063013 636.693485,1011.16887 701.541744,1039.38324 L745.385975,1058.39435 L777.048764,1044.35434 L777.048764,829.90276 C812.76457,817.407826 838.605347,783.707332 838.605347,743.759372 C838.605347,693.264612 797.515376,652.174641 746.975832,652.174641 C696.481072,652.174641 655.391101,693.264612 655.391101,743.759372 C655.391101,783.729725 681.231878,817.430219 716.947684,829.90276 L716.947684,979.39412 C666.945556,955.725401 624.512044,919.091509 594.080834,872.69455 C561.858236,823.498547 544.817654,766.442827 544.817654,707.662896 L544.817654,622.504771 L546.317941,621.676254 L747.132578,511.192376 L748.520904,511.931324 L955.493439,622.706302 L955.493439,704.304043 C955.560616,763.845314 938.161756,821.550412 905.155425,871.127085 C892.526137,890.09341 877.456083,907.805762 860.325931,923.838688 L860.325931,1001.60734 C898.392934,975.408281 930.481178,942.87219 955.762147,904.872364 C995.463792,845.3087 1016.35586,775.937185 1016.26658,704.348827 L1016.26658,586.318726 L746.707124,442 Z" id="Fill-11"></path>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.9 KiB |
@@ -0,0 +1,17 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 18 18" width="18" height="18">
|
||||
<defs>
|
||||
<linearGradient id="e6ad4df9-0ab7-4b49-9706-620b42380f0b" x1="9" y1="16.236" x2="9" y2="5.599" gradientUnits="userSpaceOnUse">
|
||||
<stop offset="0" stop-color="#005ba1" />
|
||||
<stop offset="0.775" stop-color="#0078d4" />
|
||||
</linearGradient>
|
||||
</defs>
|
||||
<g id="e7885b9c-9714-4276-bd41-591cb7e086a5">
|
||||
<path d="M0,5.6H18a0,0,0,0,1,0,0V15.635a.6.6,0,0,1-.6.6H.6a.6.6,0,0,1-.6-.6V5.6A0,0,0,0,1,0,5.6Z" fill="url(#e6ad4df9-0ab7-4b49-9706-620b42380f0b)" />
|
||||
<rect x="1.309" y="6.657" width="15.527" height="8.514" rx="0.6" fill="#5ea0ef" opacity="0.6" />
|
||||
<path d="M.6,1.764H17.4a.6.6,0,0,1,.6.6V5.6a0,0,0,0,1,0,0H0a0,0,0,0,1,0,0V2.365A.6.6,0,0,1,.6,1.764Z" fill="#005ba1" />
|
||||
<path d="M7.109,13.217l-.321.32a.144.144,0,0,1-.205,0L4.258,11.205a.29.29,0,0,1,0-.41l.321-.32L7.11,13.012A.145.145,0,0,1,7.109,13.217Zm3.653,0,.321.32a.144.144,0,0,0,.205,0l2.325-2.332a.29.29,0,0,0,0-.41l-.322-.32-2.53,2.537A.145.145,0,0,0,10.762,13.217Z" fill="#fff" opacity="0.8" />
|
||||
<path d="M6.831,8.433l.32.321a.144.144,0,0,1,0,.205L4.576,11.527l-.32-.322a.289.289,0,0,1,0-.41l2.37-2.363A.145.145,0,0,1,6.831,8.433Zm4.207,0-.32.321a.144.144,0,0,0,0,.205l2.575,2.568.32-.321a.292.292,0,0,0,0-.411l-2.37-2.362A.144.144,0,0,0,11.038,8.434Z" fill="#fff" />
|
||||
<path d="M8.159,14.363,7.646,14.2a.105.105,0,0,1-.067-.131L9.669,7.54a.1.1,0,0,1,.13-.067l.513.164a.1.1,0,0,1,.067.13L8.289,14.3A.1.1,0,0,1,8.159,14.363Z" fill="#fff" />
|
||||
<path d="M3.166,3.847a.76.76,0,1,1-.76-.76A.76.76,0,0,1,3.166,3.847ZM4.8,3.087a.76.76,0,1,0,.76.76A.76.76,0,0,0,4.8,3.087Zm2.393,0a.76.76,0,1,0,.76.76A.76.76,0,0,0,7.191,3.087Z" fill="#fff" />
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.7 KiB |
|
After Width: | Height: | Size: 439 KiB |
@@ -0,0 +1,14 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 24.2.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 128 128" style="enable-background:new 0 0 128 128;" xml:space="preserve">
|
||||
<style type="text/css">
|
||||
.st0{fill:#54B848;}
|
||||
</style>
|
||||
<path class="st0" d="M98.3,72.1c-4.2,0-7.7,3.4-7.7,7.7v2.9c0,4.2-3.4,7.5-7.5,7.5H44.9c-4.2,0-7.5-3.4-7.5-7.5v-37
|
||||
c0-4.2,3.4-7.5,7.5-7.5H83c1,0,1.8,0,2.5,0h0.1c1.9,0.5,3,1.6,3.6,3c0.7,1.6,1.2,3.9-1.4,6.1L65.9,63.2l-6.7-8.5
|
||||
c-2.6-3.3-7.4-4-10.8-1.4c-3.3,2.6-4,7.4-1.4,10.8l11.2,14.5c2.5,3.3,7.2,4,10.6,1.5l25.4-18.6c0.3-0.2,3.6-2.8,3.9-3.1
|
||||
c7.6-6.8,9.2-15.6,6.1-23.3c-3.2-7.8-11.4-12.7-21.3-12.7H44.9C32.3,22.4,22,32.7,22,45.3v37.3c0,12.6,10.3,22.9,22.9,22.9h38.2
|
||||
c12.6,0,22.9-10.2,22.9-22.9v-2.9C106,75.5,102.6,72.1,98.3,72.1z M95.1,39c-0.2-0.1-0.3-0.1-0.5-0.2C94.8,38.9,94.9,38.9,95.1,39
|
||||
L95.1,39z"/>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1016 B |
@@ -0,0 +1,16 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 23.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 35 35" style="enable-background:new 0 0 35 35;" xml:space="preserve">
|
||||
<title>codacy-white</title>
|
||||
<g>
|
||||
<path d="M5.7,14.3c0.8-3.1,2.9-5.8,5.7-7.4L8.7,2.3C4.7,4.7,1.8,8.5,0.6,13L5.7,14.3z"/>
|
||||
<path d="M14.3,5.7c1-0.3,2.1-0.4,3.2-0.4V0c-1.5,0-3,0.2-4.5,0.6L14.3,5.7z"/>
|
||||
<path d="M20.7,5.7c3.1,0.8,5.8,2.9,7.4,5.7l4.6-2.6c-2.3-4-6.1-6.9-10.6-8.1L20.7,5.7z"/>
|
||||
<path d="M0,17.5c0,1.5,0.2,3,0.6,4.5l5.1-1.4c-0.3-1-0.4-2.1-0.4-3.2L0,17.5L0,17.5z"/>
|
||||
<path d="M2.3,26.3c0.8,1.3,1.7,2.5,2.8,3.6l3.7-3.7c-0.8-0.8-1.4-1.6-1.9-2.5L2.3,26.3z"/>
|
||||
<path d="M8.7,32.7c2.7,1.5,5.7,2.3,8.7,2.3v-5.2c-2.1,0-4.3-0.6-6.1-1.6L8.7,32.7z"/>
|
||||
<path d="M28.1,23.6c-1.6,2.8-4.3,4.8-7.4,5.7l1.4,5.1c4.5-1.2,8.3-4.1,10.6-8.1L28.1,23.6z"/>
|
||||
<path d="M34.4,22.2c0.8-3,0.8-6.1,0-9.1l-5.1,1.4c0.6,2.1,0.6,4.3,0,6.4L34.4,22.2z"/>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.1 KiB |
@@ -0,0 +1,69 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 24.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 32 32" enable-background="new 0 0 32 32" xml:space="preserve">
|
||||
<g>
|
||||
<defs>
|
||||
<rect id="SVGID_1_" x="1" y="8.78" width="30.126" height="15.07"/>
|
||||
</defs>
|
||||
<clipPath id="SVGID_2_">
|
||||
<use xlink:href="#SVGID_1_" overflow="visible"/>
|
||||
</clipPath>
|
||||
<path clip-path="url(#SVGID_2_)" d="M17.178,14.913c-0.11-0.564-0.387-1.083-0.794-1.489c-0.448-0.382-1.025-0.577-1.613-0.546
|
||||
c-0.452-0.015-0.899,0.097-1.291,0.323c-0.366,0.197-0.681,0.478-0.918,0.819c-0.246,0.347-0.43,0.733-0.546,1.142
|
||||
c-0.264,0.857-0.264,1.774,0,2.631c0.121,0.407,0.305,0.792,0.546,1.142c0.237,0.341,0.552,0.622,0.918,0.819
|
||||
c0.396,0.214,0.84,0.325,1.291,0.323c0.307,0.007,0.612-0.052,0.893-0.174c0.275-0.121,0.527-0.289,0.745-0.496
|
||||
c0.223-0.225,0.408-0.485,0.546-0.77c0.143-0.306,0.235-0.633,0.273-0.968h1.042c-0.097,0.904-0.489,1.75-1.117,2.408
|
||||
c-0.596,0.596-1.39,0.869-2.358,0.869c-0.589,0.008-1.173-0.111-1.713-0.348c-0.488-0.214-0.915-0.547-1.241-0.968
|
||||
c-0.352-0.413-0.614-0.895-0.769-1.415c-0.364-1.13-0.364-2.345,0-3.475c0.155-0.52,0.417-1.002,0.769-1.415
|
||||
c0.345-0.402,0.767-0.731,1.241-0.968c0.536-0.248,1.122-0.367,1.713-0.348c0.827-0.017,1.637,0.236,2.308,0.72
|
||||
c0.621,0.472,0.993,1.216,1.117,2.184H17.178z"/>
|
||||
<path clip-path="url(#SVGID_2_)" d="M25.013,14.739c0.005-0.286-0.063-0.568-0.199-0.819c-0.115-0.222-0.276-0.416-0.472-0.571
|
||||
c-0.207-0.16-0.443-0.277-0.695-0.348c-0.275-0.071-0.559-0.104-0.844-0.099c-0.234,0-0.467,0.025-0.695,0.074
|
||||
c-0.228,0.046-0.446,0.129-0.645,0.248c-0.186,0.116-0.346,0.268-0.472,0.447c-0.127,0.209-0.188,0.451-0.174,0.695
|
||||
c-0.011,0.205,0.05,0.407,0.174,0.571c0.115,0.157,0.258,0.291,0.422,0.397c0.183,0.106,0.374,0.197,0.571,0.273
|
||||
c0.199,0.074,0.397,0.124,0.571,0.174l1.365,0.323c0.299,0.045,0.591,0.128,0.869,0.248c0.273,0.119,0.531,0.269,0.77,0.447
|
||||
c0.227,0.192,0.413,0.429,0.546,0.695c0.155,0.298,0.232,0.632,0.223,0.968c0.015,0.413-0.098,0.82-0.323,1.167
|
||||
c-0.199,0.323-0.471,0.595-0.794,0.794c-0.335,0.206-0.705,0.349-1.092,0.422c-0.392,0.078-0.791,0.12-1.191,0.124
|
||||
c-0.993,0-1.787-0.223-2.408-0.695c-0.62-0.472-0.968-1.216-1.067-2.259h1.042c0.009,0.617,0.291,1.199,0.769,1.588
|
||||
c0.506,0.359,1.117,0.543,1.737,0.521c0.258,0,0.516-0.025,0.769-0.074c0.262-0.049,0.513-0.142,0.745-0.273
|
||||
c0.223-0.124,0.417-0.293,0.571-0.496c0.155-0.217,0.233-0.479,0.223-0.745c0.021-0.427-0.199-0.83-0.571-1.042
|
||||
c-0.193-0.109-0.392-0.209-0.596-0.298c-0.22-0.078-0.443-0.144-0.67-0.199L22.158,16.7c-0.347-0.099-0.645-0.199-0.943-0.298
|
||||
c-0.271-0.095-0.523-0.238-0.745-0.422c-0.212-0.165-0.382-0.378-0.496-0.62c-0.129-0.288-0.188-0.603-0.174-0.918
|
||||
c-0.011-0.386,0.092-0.766,0.298-1.092c0.196-0.295,0.449-0.549,0.745-0.745c0.315-0.187,0.659-0.321,1.018-0.397
|
||||
c0.365-0.09,0.741-0.132,1.117-0.124c0.404-0.007,0.806,0.052,1.191,0.174c0.354,0.094,0.685,0.264,0.968,0.496
|
||||
c0.276,0.235,0.504,0.522,0.67,0.844c0.172,0.374,0.265,0.78,0.273,1.191h-1.067V14.739z"/>
|
||||
</g>
|
||||
<polygon fill="#3666F0" points="9.91,8.782 4.897,20.944 5.765,20.944 10.754,8.782 "/>
|
||||
<g>
|
||||
<defs>
|
||||
<rect id="SVGID_3_" x="1" y="8.78" width="30.126" height="15.07"/>
|
||||
</defs>
|
||||
<clipPath id="SVGID_4_">
|
||||
<use xlink:href="#SVGID_3_" overflow="visible"/>
|
||||
</clipPath>
|
||||
<path clip-path="url(#SVGID_4_)" fill="#3666F0" d="M2.365,16.054c0.154-0.132,0.28-0.292,0.372-0.472
|
||||
c0.149-0.249,0.266-0.516,0.348-0.794c0.108-0.371,0.158-0.756,0.149-1.142v-2.308c0.004-0.208,0.021-0.415,0.05-0.621
|
||||
c0.02-0.189,0.07-0.373,0.149-0.546c0.062-0.143,0.155-0.27,0.273-0.372c0.117-0.1,0.268-0.153,0.422-0.149H4.45V8.782H3.631
|
||||
C3.203,8.758,2.795,8.966,2.564,9.328c-0.269,0.449-0.398,0.967-0.372,1.489v2.432c0,0.323-0.025,0.645-0.05,0.968
|
||||
c-0.014,0.288-0.073,0.573-0.174,0.844c-0.082,0.222-0.209,0.425-0.372,0.596C1.436,15.81,1.221,15.891,1,15.881v0.869
|
||||
c0.221-0.011,0.436,0.07,0.596,0.223c0.171,0.165,0.299,0.369,0.372,0.596c0.089,0.274,0.147,0.557,0.174,0.844
|
||||
c0.025,0.323,0.05,0.645,0.05,0.968v2.408c-0.026,0.522,0.104,1.04,0.372,1.489c0.235,0.357,0.64,0.565,1.067,0.546H4.45v-0.025
|
||||
v-0.05v-0.819H4.127c-0.155,0.008-0.307-0.045-0.422-0.149c-0.11-0.109-0.203-0.234-0.273-0.372
|
||||
C3.35,22.237,3.3,22.052,3.283,21.862c-0.029-0.214-0.045-0.429-0.05-0.645v-2.283c0.008-0.386-0.043-0.771-0.149-1.142
|
||||
c-0.082-0.278-0.199-0.545-0.348-0.794c-0.099-0.176-0.224-0.335-0.372-0.472c-0.081-0.086-0.172-0.162-0.273-0.223v-0.025
|
||||
C2.142,16.228,2.241,16.154,2.365,16.054"/>
|
||||
<path clip-path="url(#SVGID_4_)" fill="#3666F0" d="M28.495,8.782c0.427-0.019,0.832,0.189,1.067,0.546
|
||||
c0.269,0.449,0.398,0.967,0.372,1.489v2.432c0,0.323,0.025,0.645,0.05,0.968c0.026,0.287,0.085,0.57,0.174,0.844
|
||||
c0.073,0.226,0.201,0.431,0.372,0.596c0.159,0.153,0.375,0.234,0.596,0.223v0.869c-0.221-0.011-0.436,0.07-0.596,0.223
|
||||
c-0.163,0.171-0.29,0.374-0.372,0.596c-0.101,0.271-0.159,0.555-0.174,0.844c-0.025,0.323-0.05,0.645-0.05,0.968v2.432
|
||||
c0.026,0.522-0.104,1.04-0.372,1.489c-0.231,0.362-0.639,0.57-1.067,0.546h-0.819v-0.869h0.323
|
||||
c0.154,0.004,0.304-0.049,0.422-0.149c0.118-0.102,0.211-0.229,0.273-0.372c0.082-0.172,0.132-0.357,0.149-0.546
|
||||
c0.03-0.214,0.046-0.429,0.05-0.645v-2.283c-0.01-0.386,0.041-0.771,0.149-1.142c0.082-0.278,0.199-0.545,0.347-0.794
|
||||
c0.092-0.18,0.219-0.34,0.372-0.471c0.124-0.099,0.223-0.174,0.273-0.223v-0.025c-0.101-0.062-0.193-0.137-0.273-0.223
|
||||
c-0.148-0.137-0.273-0.296-0.372-0.472c-0.144-0.251-0.261-0.518-0.347-0.794c-0.106-0.371-0.157-0.756-0.149-1.142v-2.308
|
||||
c-0.003-0.208-0.02-0.415-0.05-0.62c-0.023-0.188-0.073-0.372-0.149-0.546c-0.071-0.138-0.163-0.264-0.273-0.372
|
||||
c-0.117-0.1-0.268-0.153-0.422-0.149h-0.323V8.832h0.819V8.782z"/>
|
||||
</g>
|
||||
<rect x="27.676" y="8.782" fill="#3666F0" width="0.819" height="0.099"/>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 5.7 KiB |