From 469c22e7a4158aa9cf13543c2614ef2561b57e95 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 19 Mar 2024 12:45:34 -0400 Subject: [PATCH 01/35] ci/python-publish: bump, use trusted publishing Signed-off-by: William Woodruff --- ci/python-publish.yml | 58 +++++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 22 deletions(-) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index bdaab28..160b12f 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -1,4 +1,4 @@ -# This workflow will upload a Python Package using Twine when a release is created +# This workflow will upload a Python Package to PyPI when a release is created # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries # This workflow uses actions that are not certified by GitHub. @@ -12,28 +12,42 @@ on: release: types: [published] -permissions: - contents: read - jobs: - deploy: - + release-build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Set up Python - uses: actions/setup-python@v3 - with: - python-version: '3.x' - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install build - - name: Build package - run: python -m build - - name: Publish package - uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 - with: - user: __token__ - password: ${{ secrets.PYPI_API_TOKEN }} + - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + python-version: "3.x" + + - name: build release distributions + run: | + # NOTE: put your own distribution build steps here. + python -m pip install build + python -m build + + - name: upload distributions + uses: actions/upload-artifact@v4 + with: + name: release-dists + path: dist/ + + pypi-publish: + runs-on: ubuntu-latest + needs: + - release-build + permissions: + id-token: write + + steps: + - name: Retrieve release distributions + uses: actions/download-artifact@v4 + with: + name: release-dists + path: dist/ + + - name: Publish release distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 From f4c64fb836ab3e5b6e5c99f3fb47241e56178445 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 19 Mar 2024 15:40:07 -0400 Subject: [PATCH 02/35] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) --- ci/python-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 160b12f..ec73a48 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -23,13 +23,13 @@ jobs: with: python-version: "3.x" - - name: build release distributions + - name: Build release distributions run: | # NOTE: put your own distribution build steps here. python -m pip install build python -m build - - name: upload distributions + - name: Upload distributions uses: actions/upload-artifact@v4 with: name: release-dists From 231e6b5f6f635625f600d423d7fba591d99dfa47 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 19 Mar 2024 16:41:37 -0400 Subject: [PATCH 03/35] python-publish: contents: read at toplevel Signed-off-by: William Woodruff --- ci/python-publish.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index ec73a48..51b96ca 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -12,6 +12,9 @@ on: release: types: [published] +permissions: + contents: read + jobs: release-build: runs-on: ubuntu-latest From e23021529279bb3abf1f7253df1e3eb3bbe23a51 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 19 Mar 2024 16:42:35 -0400 Subject: [PATCH 04/35] python-publish: explanatory comment Signed-off-by: William Woodruff --- ci/python-publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 51b96ca..7675071 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -43,6 +43,7 @@ jobs: needs: - release-build permissions: + # IMPORTANT: this permission is mandatory for trusted publishing id-token: write steps: From 1fa8e1835028aa47cdb324027fc7c3bd8f93f875 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 19 Mar 2024 16:49:45 -0400 Subject: [PATCH 05/35] python-publish: copy gem-push.yml's pattern Signed-off-by: William Woodruff --- ci/python-publish.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 7675071..bb92010 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -54,4 +54,6 @@ jobs: path: dist/ - name: Publish release distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + # To automatically get updates, change this to: + # uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 From e44c7b519f7b4a81d578eddc0fa12e6463d45271 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 19 Mar 2024 16:57:58 -0400 Subject: [PATCH 06/35] python-publish: environment Signed-off-by: William Woodruff --- ci/python-publish.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index bb92010..bf13220 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -46,6 +46,13 @@ jobs: # IMPORTANT: this permission is mandatory for trusted publishing id-token: write + # Dedicated environments with protections for publishing are strongly recommended. + # For more information, see: https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules + environment: + name: pypi + # OPTIONAL: uncomment and update to include your PyPI project URL in the deployment status: + # url: https://pypi.org/p/YOURPROJECT + steps: - name: Retrieve release distributions uses: actions/download-artifact@v4 From a5047545ff35cae093b3c42b65804e6451fe615a Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Tue, 6 Aug 2024 01:11:49 -0400 Subject: [PATCH 07/35] Ubuntu-Latest: Update all workflows to use ubuntu-latest --- code-scanning/crda.yml | 2 +- code-scanning/devskim.yml | 2 +- code-scanning/kubesec.yml | 2 +- code-scanning/stackhawk.yml | 2 +- code-scanning/trivy.yml | 2 +- deployments/openshift.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/code-scanning/crda.yml b/code-scanning/crda.yml index 82610ac..011d80c 100644 --- a/code-scanning/crda.yml +++ b/code-scanning/crda.yml @@ -77,7 +77,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for redhat-actions/crda to upload SARIF results name: Scan project vulnerabilities with CRDA - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Check out repository diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index 794986a..69ae85e 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -16,7 +16,7 @@ on: jobs: lint: name: DevSkim - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest permissions: actions: read contents: read diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml index 750acc7..4f11399 100644 --- a/code-scanning/kubesec.yml +++ b/code-scanning/kubesec.yml @@ -17,7 +17,7 @@ on: jobs: lint: name: Kubesec - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest permissions: actions: read contents: read diff --git a/code-scanning/stackhawk.yml b/code-scanning/stackhawk.yml index cac0507..f1ceddb 100644 --- a/code-scanning/stackhawk.yml +++ b/code-scanning/stackhawk.yml @@ -46,7 +46,7 @@ jobs: contents: read # for actions/checkout to fetch code security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info name: StackHawk - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/code-scanning/trivy.yml b/code-scanning/trivy.yml index 7180f72..ca2fe88 100644 --- a/code-scanning/trivy.yml +++ b/code-scanning/trivy.yml @@ -24,7 +24,7 @@ jobs: security-events: write # for github/codeql-action/upload-sarif to upload SARIF results actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status name: Build - runs-on: "ubuntu-20.04" + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/deployments/openshift.yml b/deployments/openshift.yml index d6785c2..eed3934 100644 --- a/deployments/openshift.yml +++ b/deployments/openshift.yml @@ -77,7 +77,7 @@ jobs: # 🖊️ Uncomment this if you are using CRDA scan step above # needs: crda-scan name: Build and deploy to OpenShift - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest environment: production outputs: From 5ad49471fe52633f0a7355d1a085bdc6e1d66bcf Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Fri, 16 Aug 2024 12:58:55 -0400 Subject: [PATCH 08/35] Update ci/python-publish.yml Co-authored-by: Gagan Deep --- ci/python-publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index bf13220..165ac0a 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -63,4 +63,5 @@ jobs: - name: Publish release distributions to PyPI # To automatically get updates, change this to: # uses: pypa/gh-action-pypi-publish@release/v1 - uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 + uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0 + From 26ad7a75496845c3b4e74d113ff8f6f645fa871b Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 20 Aug 2024 13:39:26 -0400 Subject: [PATCH 09/35] Update ci/python-publish.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) --- ci/python-publish.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 165ac0a..72fdda2 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -52,6 +52,10 @@ jobs: name: pypi # OPTIONAL: uncomment and update to include your PyPI project URL in the deployment status: # url: https://pypi.org/p/YOURPROJECT + # + # ALTERNATIVE: if your GitHub Release name is the PyPI project version string + # ALTERNATIVE: exactly, uncomment the following line instead: + # url: https://pypi.org/project/YOURPROJECT/${{ github.event.release.name }} steps: - name: Retrieve release distributions From bc709b6e00fad0ad44efb7d35eaa31778a651c41 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 4 Sep 2024 17:08:14 -0400 Subject: [PATCH 10/35] python-publish: bump commit/ref Signed-off-by: William Woodruff --- ci/python-publish.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 72fdda2..710ca30 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -67,5 +67,4 @@ jobs: - name: Publish release distributions to PyPI # To automatically get updates, change this to: # uses: pypa/gh-action-pypi-publish@release/v1 - uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0 - + uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1 From 958eb203602c8c9a416f802e8464a0ce75b708fe Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Tue, 5 Nov 2024 12:50:41 -0500 Subject: [PATCH 11/35] Update ci/python-publish.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) --- ci/python-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 710ca30..0f5c53e 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -67,4 +67,4 @@ jobs: - name: Publish release distributions to PyPI # To automatically get updates, change this to: # uses: pypa/gh-action-pypi-publish@release/v1 - uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1 + uses: pypa/gh-action-pypi-publish@fb13cb306901256ace3dab689990e13a5550ffaa # v1.11.0 From 347784759f1270562584b69837c487fae1da0949 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 6 Nov 2024 17:10:48 -0500 Subject: [PATCH 12/35] Update ci/python-publish.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) --- ci/python-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 0f5c53e..43158c6 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -67,4 +67,4 @@ jobs: - name: Publish release distributions to PyPI # To automatically get updates, change this to: # uses: pypa/gh-action-pypi-publish@release/v1 - uses: pypa/gh-action-pypi-publish@fb13cb306901256ace3dab689990e13a5550ffaa # v1.11.0 + uses: pypa/gh-action-pypi-publish@1f5d4ec244f65dce93685ee3e98e77123f090866 # v1.12.1 From eb329790015fca7ee48f8b77ed44deb431544f23 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 6 Nov 2024 21:03:35 -0500 Subject: [PATCH 13/35] Update ci/python-publish.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) --- ci/python-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 43158c6..107d347 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -67,4 +67,4 @@ jobs: - name: Publish release distributions to PyPI # To automatically get updates, change this to: # uses: pypa/gh-action-pypi-publish@release/v1 - uses: pypa/gh-action-pypi-publish@1f5d4ec244f65dce93685ee3e98e77123f090866 # v1.12.1 + uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2 From eee067e3cabfb03efe484a8dbbbed3cc5bd2130f Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Fri, 22 Nov 2024 09:47:32 -0500 Subject: [PATCH 14/35] Apply suggestions from code review Co-authored-by: Zach Steindler --- ci/python-publish.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 107d347..3feb225 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -68,3 +68,5 @@ jobs: # To automatically get updates, change this to: # uses: pypa/gh-action-pypi-publish@release/v1 uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2 + with: + packages-dir: dist/ From 00795b7feebceed43fe2510ccb976238441d9c07 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Fri, 22 Nov 2024 09:48:05 -0500 Subject: [PATCH 15/35] Apply suggestions from code review --- ci/python-publish.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 3feb225..82f8dbd 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -65,8 +65,6 @@ jobs: path: dist/ - name: Publish release distributions to PyPI - # To automatically get updates, change this to: - # uses: pypa/gh-action-pypi-publish@release/v1 - uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2 + uses: pypa/gh-action-pypi-publish@release/v1 with: packages-dir: dist/ From f90b59f7cd6c78cb77ba8274dd8b01499074948b Mon Sep 17 00:00:00 2001 From: Rob E Date: Sat, 14 Dec 2024 02:54:28 +1000 Subject: [PATCH 16/35] Add Octopus Deploy release and deploy workflow (#2651) * Create Octopus Deploy workflow template * add properties file * Pin step versions * update some text * add octopus icon * added linebreak Co-authored-by: Alexis Abril * added linebreak Co-authored-by: Alexis Abril * update octopusdeploy icon name --------- Co-authored-by: Alexis Abril --- deployments/octopusdeploy.yml | 112 ++++++++++++++++++ .../properties/octopusdeploy.properties.json | 7 ++ icons/octopusdeploy.svg | 11 ++ 3 files changed, 130 insertions(+) create mode 100644 deployments/octopusdeploy.yml create mode 100644 deployments/properties/octopusdeploy.properties.json create mode 100644 icons/octopusdeploy.svg diff --git a/deployments/octopusdeploy.yml b/deployments/octopusdeploy.yml new file mode 100644 index 0000000..cc1f2f4 --- /dev/null +++ b/deployments/octopusdeploy.yml @@ -0,0 +1,112 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by separate terms of service, +# privacy policy, and support documentation. +# +# This workflow will build and publish a Docker container which is then deployed through Octopus Deploy. +# +# The build job in this workflow currently assumes that there is a Dockerfile that generates the relevant application image. +# If required, this job can be modified to generate whatever alternative build artifact is required for your deployment. +# +# This workflow assumes you have already created a Project in Octopus Deploy. +# For instructions see https://octopus.com/docs/projects/setting-up-projects +# +# To configure this workflow: +# +# 1. Decide where you are going to host your image. +# This template uses the GitHub Registry for simplicity but if required you can update the relevant DOCKER_REGISTRY variables below. +# +# 2. Create and configure an OIDC credential for a service account in Octopus. +# This allows for passwordless authentication to your Octopus instance through a trust relationship configured between Octopus, GitHub and your GitHub Repository. +# https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions +# +# 3. Configure your Octopus project details below: +# OCTOPUS_URL: update to your Octopus Instance Url +# OCTOPUS_SERVICE_ACCOUNT: update to your service account Id +# OCTOPUS_SPACE: update to the name of the space your project is configured in +# OCTOPUS_PROJECT: update to the name of your Octopus project +# OCTOPUS_ENVIRONMENT: update to the name of the environment to recieve the first deployment + + +name: 'Build and Deploy to Octopus Deploy' + +on: + push: + branches: + - '$default-branch' + +jobs: + build: + name: Build + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + env: + DOCKER_REGISTRY: ghcr.io # TODO: Update to your docker registry uri + DOCKER_REGISTRY_USERNAME: ${{ github.actor }} # TODO: Update to your docker registry username + DOCKER_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} # TODO: Update to your docker registry password + outputs: + image_tag: ${{ steps.meta.outputs.version }} + steps: + - uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.DOCKER_REGISTRY }} + username: ${{ env.DOCKER_REGISTRY_USERNAME }} + password: ${{ env.DOCKER_REGISTRY_PASSWORD }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }} + tags: type=semver,pattern={{version}},value=v1.0.0-{{sha}} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + deploy: + name: Deploy + permissions: + id-token: write + runs-on: ubuntu-latest + needs: [ build ] + env: + OCTOPUS_URL: 'https://your-octopus-url' # TODO: update to your Octopus Instance url + OCTOPUS_SERVICE_ACCOUNT: 'your-service-account-id' # TODO: update to your service account Id + OCTOPUS_SPACE: 'your-space' # TODO: update to the name of the space your project is configured in + OCTOPUS_PROJECT: 'your-project' # TODO: update to the name of your Octopus project + OCTOPUS_ENVIRONMENT: 'your-environment' # TODO: update to the name of the environment to recieve the first deployment + + steps: + - name: Login to Octopus Deploy + uses: OctopusDeploy/login@34b6dcc1e86fa373c14e6a28c5507d221e4de629 #v1.0.2 + with: + server: '${{ env.OCTOPUS_URL }}' + service_account_id: '${{ env.OCTOPUS_SERVICE_ACCOUNT }}' + + - name: Create Release + id: create_release + uses: OctopusDeploy/create-release-action@fea7e7b45c38c021b6bc5a14bd7eaa2ed5269214 #v3.2.2 + with: + project: '${{ env.OCTOPUS_PROJECT }}' + space: '${{ env.OCTOPUS_SPACE }}' + packages: '*:${{ needs.build.outputs.image_tag }}' + + - name: Deploy Release + uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1 + with: + project: '${{ env.OCTOPUS_PROJECT }}' + space: '${{ env.OCTOPUS_SPACE }}' + release_number: '${{ steps.create_release.outputs.release_number }}' + environments: ${{ env.OCTOPUS_ENVIRONMENT }} diff --git a/deployments/properties/octopusdeploy.properties.json b/deployments/properties/octopusdeploy.properties.json new file mode 100644 index 0000000..3743ea7 --- /dev/null +++ b/deployments/properties/octopusdeploy.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Build and Deploy with Octopus Deploy", + "description": "Build a docker container, create a release in Octopus Deploy and deploy it to your environment.", + "creator": "Octopus Deploy", + "iconName": "octopusdeploy", + "categories": ["Deployment", "Containers", "Dockerfile"] +} diff --git a/icons/octopusdeploy.svg b/icons/octopusdeploy.svg new file mode 100644 index 0000000..28545cc --- /dev/null +++ b/icons/octopusdeploy.svg @@ -0,0 +1,11 @@ + + + + + From 1cc15629495895cfae7a6cc84033cefdb35a9b73 Mon Sep 17 00:00:00 2001 From: Sadman Anik Date: Wed, 18 Dec 2024 17:52:20 +0600 Subject: [PATCH 17/35] Added Black-Duck-Security-Scan logo --- icons/black-duck-icon.png | Bin 0 -> 25487 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 icons/black-duck-icon.png diff --git a/icons/black-duck-icon.png b/icons/black-duck-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..b73482ce501f47c9e2daa7acf2f41aadd99b0e36 GIT binary patch literal 25487 zcmZ^~19)Z4(lEMX+upHl+cqb5GI1uhjfw4KV%ye)lT2(U6Pq{lp7Vd_-0%K(?Pu-o zRbAE9sOnW+)hj|tK@tHL7Zv~jAV^DzseGoRe{X2W&;Kf|>YUF6+(KAh7yzh?gL^fC z_8fPXLm@caq#KLP+;nE-$jLjZs$4FJG$$ZA*S`z#1H(~>rqmj}>% z=Ai))AgBPa&m73-4*-G-_*>g&4j==9_dj_R5UPLUfC2zvRsisS*e=n)e`!CJE zQm{Ob|J0ZV`ajsCd0_v^|0T0DQcC$uU>u~hodEziw7)k9AR`MK0014gQqywLl9%H# zvH!|oWNL40#^CGi9`Sv2n6yunVR#ch)MjL{PT&Q#L~sZfrpXN&CQL$jg`UP$%2uY zo12@FiG`7ch5i$R-r2*>#mJrB&YARImHeN2#LS#coU9yNtnBT8f9o|ews&>mCn5RE z=zp$%wbRAQ{6C!Rod4ae&ki#FEn#G4U}F5gk(s$${r`~tE%_JOKmGa_JHEe_@o1}< zIosR1{%w{3Ckx*{9R6Rx|FrL41pmQTx3h8)_&+573;e&SwEk26A2$CD{NDtMPF7~0 z1Nl$8nE&0Z|Aze+{@>p5C|S9i*=mVdeKoUl{@WK8CMG_{|7*$rrWCcewRci=FfuU{ z_+<1C$$x?VH}*e#wEutk{8!1pDft-x&h~%J{=Y=)ALyrS3Bd9({*Rmrz*c%~ZvX&7 z0BJE{HFuCdT`+kD;;w?e7Y~1Q_3z_@#gS1!Fvw|kPz$J}lxb45s+!9}emytnd~I_5 zF}tEs5$<|SG-F*Ap19SWAC9ahCb#sv)*dGQ?a%4MyI?M>vw7R*%UkzDz0mb__QSc` zR2KK)-}BvNx_bz6`Y?jRZwgt zF;U;yc$ws7qP|ylGRe+8Nhki4PHf~ItGDZ2w@PfbkY0r3mev6_w5mlDW$&igjjMbZ2snz-3RApMkw4}t!k2Ihu z1sQhvl)}ZvxHKJvAkYxHUq36yU}ChRE(cvT5%2I*(&R<>P!vukm&V}L2B3ars{2E zclS5r*kU$ZPIO}>qxRMzuqwZnw=n1v5vy?`TMpofgBD&YuF}?Y*4KHQb{@u<9n;P` zJtddrO-oiVb+omK=e!pd4vazPY&n=zjy{G7DD%#yg2p!G_KS~HZm5hLhfS$@7zXzb zf&)>QYvR;M3#R=ta^mOxlh8xN;=Vr52*O@RTo0 z$Hd5oHMM*jMf0$9XTl-EGpXnuA7}>Q$MdMf<8MDP1^lR{;krfnO3k-;g_{IUFa*W#pq&^`EnIjq67^WLPwo0ML!8`* zNiVDXTV?kF%CCnNSzy1WoyCgF5#gDaR#hV>7{ka=;glBe&V4dV{pTwI6k8JRa*Lvb zM5uP#(t`2C3{b#VFS!bQ(ixvEp}|FXA0Zf9hL}2jWDuVR{Ukm>E$k+kTU0!~fyIsw zcdGIS&ag<(wwAer_GPWa9Vn;Mz0{n#ayDILWGer;owj2b#@x5Pz=DgUP`+i;?+ro#yFu!V!& z`|I**PD^%UiFkT*7BY&E%rn4XZ;CtGgyj#BeIBg}T)xx7Z0Z-QyJlE^P16o#|nX zLx10-aoY8U5CaL%s>Rb`NXE_NS>aiF!xeg@#V&n4tk}HrW=8+k70Y|r%1p2|(zf{^ zGT$%cuKJ6KN#09HG{YNO{ZBS4PdlF1OPxqzR!lz?t}@KdB1!ub#TKoh11o)Y@g)jK z4;U>-9dww+IRGV1Jm3z1F(UzvX+W=IMJ_;6pC0}Q76>3KhU4)Ed$Gm0f5@EqQk)M@ z5@&E^Y4w`)t?N;M+`F`BXyf;*&x#NWUAolNU?=^e`|Fv7TTA0Zj5o4#9Z}ls^7`!R zNU3W_Y&E`L8%`QUjKUZ3}(og03^Rp}=_vHLUpsa<6v1fQT zc^ogaq6#wJAPmkferTb*H@P!*Y*imPM+){s+$w0K1rsCy>!KKPHUUS{U2%#ptqfln z*(DEb^a4!4K0ptw-q1wrd@k5c%2K(xW+bu!sq@@E_Jg=k9?lPc*yqZ*Tx487eCZIL z%(mUn>-ei=TxtX3H&+*WJX}JVVF}6FbJDMaMcwHMP7jM9!VvK1p)rW%_F9a=Gty)4J}+3$jU%?t zTh&BVm4$2R0Sz8u(|KjHdrKg(L0r3=Z=cIN*YPDfK&qk+G3b(9RszPL>-pYqh^7mv zrKy?H2dvARr;aWw88!7qNJR!hF=B7L z$4OG3NY9X0K8lADy8wd1!K5>A?n_B77=%)!Evc(XdVz2tCg8NP$?(KxR;klg?(sCv zI@^DNS2ZSJ1k|h^^tUh87IVKNZ|MfNx$0h7=e`*w=vs9wY=bA;2dwdcjn)iU;d^g^ z!lES;YSWM*7U{z!{CHAVcc|bU=RsVy#%sJKm|m)_`MUThS0OV0rP;-U<^v--qdvHmxX$x0jL)1Z!3}Zn7cq7< z?8w#GIvINE#uIf1ye)iiHf=rY>+Gj({QRpEmcmQFht87PNJBW6H!5{Ff3Hu=2#N7F zZg7V|7x84F;%pvL1F0aJunlj)L7(!l5VIt`sDwfdh45!sin*}IEPzz`5wv+&YQadL zfFNYE%YED3=-Biu%=a%m`kps7n+t@g#We-HKb+BWmJV71(3fl+a@J zkgOp5;BsKrjm4+Me`4Bp0f2du$v05t3Pprt(H*Woy6>hlBj7R z10Fi|=z|d8nD9)>jgVvlB-iymZJ^8CI#@13LKFDnk6O*4fvDEaY%<;`C}R=aMHrL+D~}#s z%M6ti>J0A;2(z%!vN39SR2u0M$`4X!Kw*eLn4>!wc0o7=Y?|4<-k;h+`xjR$ZlCqz z3;uUU)`=!Pf%#jf93IOWCgdq=y}PRlT&|7Q>zz!6zR8h?D<27)kF8#4mZh^_CK&kZ zYg)(e&Agppk@n?Lh@Ubcs|_&toCRa1GKU-?Akl4qz>Osm#3(X+IGB#q&C^YR{IEP1 zRX&MRu!aj62lQu?-QNK?#b{gnb@Dlm+AM*oQD;tHML`r^<{z>gV!ldqng8g^PHnd6 zS8NM#xchp|tj&=4ulOS%7_7m-!21TP z-D1+)P4VKJb&Np;d)hdTB^%%e8O*1sQaFm*Y|7cAGhl#n2p@{KG9e#M47M7GWn>LM zxn2SEqQS6F!5rT~6%;{FsF0Cyl#Ia=mAaLH43QczC@eC?uwXOXgc!xgGhs!J-ib3a z8;e8hS^`(4pEG4LSi|G2K5)G-^b*JHtJqOGDb$}{UeWD5;dWIujKk~MJcdhig!WXg z6O&|9hcX4VgJ-0ESP+zX>`>>)?p$~5ZO{!>?FR98W*05T+jx$$}&f(BgA=VqTjcYc2Tyi(JPdp|sX zJSJg>Pib6=E8A<%W3aZHciBo_a3D@jx|9CGjc3q;ktz~Z&2<S(6K6C3`-#Hx*KX zmvC|(E91Hl4aM5c2jB#PI10g83Ha$Z3Z+cCgD3)M!tzMGk!ub8m79Tz;9!w}+d;_4 z8$4vppcLvvP?TltjZ`+H%lBQ**Eg6N6Wd3jn6d|lEoshp+M3DBY$2ZesE>{xg>7}W zt5dPnCSK2OX?^YqsGr8V({5nAva)~Lk@<5bHj{EBg2Ymwe;!F^mn^15r#}!7WUA*G zx{CJns@-;?jk@dM`LiW)Hg(CLOlESY(9$e6K7fL>6BSQz%3eqdUZ+GUloEXuT(X^~ zJ@blxIwRBV^%?^|iVs8Lx(GKMcVtEV;oC#>ok0`m3z9V>0{O@Yf z#qM;pbur4&L^#mE$V&k@0ecW(fCLF?C(__kl$i|`l@UW+s7R4Vf{+9V%mEXKi4hG3 z3BEcR6|5LvTN;%Dn24${)iTlXS=#KH;LJ_fEJ0kS_tW@3sbX^ipA}@mup@VLp;6^U zdu;O*=`&=sqZ-YqHJpCJ1|LfqOGxmRn>!R&J_v=TvRw452J$iuXlLBDl0ST(|I++( zr&SZ2w=8B7Q|gG`Oq947G5|Z+8x(~lRR$faR_u`qnLIHnVux+Z5`SwRhM0~fFu{fW z0pYfi;KJjU{FA>JuSYP>YIdzw*B=e`==(1f!vSm=#fjmGk0y-ngRFa5F~-3!&Rmk@ z{+EfHFctvidzBevTK&3`dM*v(dO@ILy*jqfG;Sb>0MO7$LxD=iPhX9o{jEaGtHe-Et~(s0e?vl2 zR~UDOM;e3y@Wq8nZikd4GjIrp@pFfx(w+xKQn}_r%Y0AQbp?6=P=gc}e*}IiSD~%& zK{za%wv_FXmULGXsDeJ?>7_=X306C-G1i|)c~0KLh?`=Rkb%mo7;|U(!SuG8Q4!K(ObU*)>7KNb zqmdAqE)Jw({-SoLY%aJ)_1tHxMo+=2ZN);SzWcAF#Ce10k3kGk#Y~_rb72uMlk`Hr zJ_<&m@$Gg--Bh5`8zHMHaj_eYH6kNc`6~{KhJR-ZFnWitiJ5|6zKR3k)k%y!H%s-s zciW`Ihz?>zeXu0hFzKJ=EAbYc3eOD>cmbf3X`+oNG)3b- z)p!y`JPu$RwE(bD19*8m!w^mbu<|@^sgc51^hL4yH|7PRS2C!FgOnzF*ogTsb1|q5 z?z6&4LO|Ke@(F(^d2?a! z82-K*#hloIS11X|m{(BXAW|})W<_w5;ul)h+keZN)Bji2%1`FQkqcn&p|`<4Ei!4~ zYm;Nnpr|;Ec-;b6fpbo8V0}^@x%I%7;YH@h85rZseU1)9=PH7jVBzaRi=Dua;<_g% z{FT6+9WbA>WZ5C`78bYfG2bdS#3~w3+F6-DjeVT9YdCMAeNs?QC?0=P0p!E!C}=4P zhQfM}I%V7>3~}{*H#S5ik&BV1pD2)h0Jce#esKJ85CH-x;weclsT~`L!d5CnEoUn5 zi6sl1mv5J~DOcnZAKPZ9E+L^46Lx@a6#+-GS+w1*Z^ZjobAPxL@(7}w+6KgfSfllX zo8aFiApcrip=-qOz#ha>)GDO^Uaa;_SuMx(o{|O|;6jDdo6$Q<5AsQ63^{yn9S3ic z*j?-G;XoA{!IJtP9etg}gqZ;JCR8JXJh)K7Y?u;Rarg0qi?9bfBGh{^6Gro}{AWWU zq3( z8^A-h-~2U+6~VaT?*Cayx$;8Tas?T6fU@SD{*(Y|3kp(rRHTj~5K5brT1Fb9s{0i3 z1Ndesb{2=NQvOHPX!!c4y}bjB{HPnea5_i?8)Pi1{v*mrI91S3BRZ9I5@HM|zZ|Ok zRPTG7`}g7Px^3l7OM4`$)U^GqTsr2ZA15CT!g}Os&f1<~6;5XB` zI|pV)`th0`2W5K%iifa}63Rx((oQrMGB}X>%M1ug^D{#I?J!&#m=amO|0`P1R(=Lo zeoC^Zw>KRgF3uJTsJ7rYzcYfP{Wh}YUM0VQnb9rmI1@wHkueP`FI`H+dMkpF7)B6< z%X6x}!ynYsr@hiG*ZlA99&%ICY>ijXYkZ+(sr-Yo2fIKb)VS=8^P9gW0g z;7y$zrCr^1cN5M#X?b`}Qc)4LkJHL0-tjbEg=*|LfjhqQg;<#4ii09ld5q%~_NIqk zn-bySjn#^9dwJi4?ro0{$q~Bm<(R&`wUD>0y9J%-y#f0~lu!lUmnZ56khod6-M5XF zcOaljoh_ym>zMK4A{30g*@R3JJ@T|jc}DAKsHJ-UiV-*&EXiLnFR+1dcFae=)>!Be zi*$KnHg@U{%tKsR)mg!V429Hx820mAj%!lzq~?W^zo$@7oNxX3@XC9)?uDOM!7w5EgK-oiq;UCvZ?xQ}iO}9kOuHIj&pi zgW0-S+xf+jdM~1G+P33ZK?*^A=ZF(cpJwE-==*dSgb0h=D5)B%F(_K@D?Y{Sk^DP& zL&c*dvoIoem;1y+M%h@;XXo!hn1mTyFp+F?=p!T2Zj-Kk1$>$QqTE1C2I9ddOC&43 zQIsJG5S5{DJ!Mg5NW@XfIloc(W)>G+Ts*wfKAJ0wtgARi4`a7z$!|ZRLdFBUtnPJ& zy1HAdn!x7mz?$#EWlqLX4Z+quDuo1&9?LBLY6!XxmMTn|d)PyP=@`b(L_t&Fw`+4k2;i9oX?Wo{y?&wf~1@#S}7e|{Jm(X_+1RQ^Y zjWcm|6H7u5g2R4aN?BwDQ zfOX*Dx?}GwW{n$XCHn0ekJGoHqv56SnuTc$mO~qQPqLjAFh>itOl*TQW<&A9B3lJXHQ%WaT0da(%DP&#g$n=Er+PE1; z>OOO_hD*&h>uPz+kDH%@Po)_>1M*-`{(L+6GT7X$aB5%#fe6W(dv}3ebyN;$ELux zRz64duERZCW^SXlyont1A0z@{@jwM-u>rU*TL@q!zJl$y=U<*o-AdcFnr+MoV|JH+ zJ8<#eCl9_L+Ct%)Ekpc$RbXLmTK0bKb2_y_I9eG&Fb$EfVZcWtDfq%kgWwaxbVoG=ym6xtZ zE26*6yE45N@ocPWE3{%deWBS&b#hBmI#=7uwia$&e%}9G^FhU-`v_j@l3;o6<@B90 zl@$tn8EmSM9~~&l1VpqXu0BDiH~rp5ErJ^Xk&3Z4_bZXF+sx$YCDo7i>Aj{$JiC}J z`X?{ph`WDjhoce!GgOFoy|77M)luNjvyAV2&38uTz?ZF6f#j~sWk%UqcDc4H)DaGG z?N}LQex)ymI&1zdBAmimi4_+G_(~`y$Q<2)a$~a#C$^chzXX?Vra0ekCZ;!+Th3HD zkiS-Q*@OgcMvV6zMDx_v%cbnM=$r>2l@);6JmFV>Vef*W;fc!;)mo!M?u!p!&srxj zO$mu7YV494xTj(d_j5y0u6lA%iWc(qI9<50@*a#=YFunJ??3n~J75u~!3}-X+FOwQ&<)wkL)I&51;;ux++mzg?omGKh4e;SAxW44{dn_7x zdJ^Xua$c{9UfW@d5;^+j9l%&`h{wg9a!PDTYD{x*yu*6JG9^Qwx`qmgT&xL@*>`h? z=sbhny(F6qc#YTs)R;L?LFhq-`v++fjtF(u;WQ|aE*JMa_CyZ{XcxKIJ%Ef2(h*C@rS4W+Pzi?nnfQ(X;mk{>L+nCgmIS% zzTAB%`Tmrh-cmVDGUE(YD+~^(hb=cL+E9u#aR!(a`V+U51*TDLfIsTSN8z*5JZi~0 z>yoD2RQk+^rFQ$9iE}%v=^GPfxO{Io?{{U{y_=}1@gn-R7wQPV>lnG<<|2ofY6baK z2w8vuc=Ls6tfUmnmp1HnN*guV{+Eb|(vevN`6yMGroTW|jB2IubyX8{EEG`}qt}R} zqM{Z4jRgbhuHjHRgPlVWea{yk%$VIkXNr%2g`#sl z&66D(gZl*=bIRgHuUddT=HmNh5+(f1u@g63Afk(q93zId>7Fm>b0nUM814+#K4qka zZ&Z?a{csk)Bzv;a_xS=-p|rXs$9o81DUoa@>!Ae z#KZAiI2wANi1P3nA!s9z#i;V|XzPIdioC0{V7>KzN>Xf5j_8;;zF$l{4>%K=g#0Aa z;NDlb&T63)3xRZc?iuUG#rr{D{;-C-JVG@bc+5{J^^ifYpWbFNX3={mQzI{h8l)iNpMsWEs$f5^;nNeoHlr^yIu6EX1p1q>d@g>Iaa+pJr6Q!ankEuCv>)_ z9mMvap^LA6kWj)U3U@8SM1BfSef?$3QZK_4t86R8S!3^hwocaL5Q3wr>lmW{6H`n# zZh}Fp1DWx1)-!2kV$M75V!{OCIq?zxaPF2&<;xdaf6XjWZhvNBfFZI-t)4Fmnh19@)ZkF`(j58l6!w;%d4^}sbVw-mb2qeml{lKqi?VRmD|*guC} zy*Wqz^h5_f{;SOTfh=5e=CSQX)HGlzzO>a2g9)MxKxaY@g0LS^a&>k*p~-NXS%&fB z)7@{bi{v7=8B+tkIx_2-CnaH$NaJ?~5tm*=B_w8?gQ7r>i)AUK6j@qxeSBk3<4;LO zobVB~oE)M!V$Mfy-*G5`8%Bqh@0g}vNLF6-5+lgRk>=9$)6`?${_R$T;pa$NQQxF3 zcQW$KL^)(%zn5_#fd`PZU9d3`s@ODzZ$X{Z z0;U-K={4Nqx44u*{?X>YnS6nj!aK zSrw;+qDB7vDVkfNHM|8Yh!_d?p8C%r+gEBc1WpEilYl#&JvUIBiro@`)%nd|7gjKS zKD$wWY4oI>)|R0v@qs{&<@s0inB4B?N`pt?FEc{(E=gIil_VCbW6*fa%7OE0X9#6L zj_9Y?oo^PYZwFplmRwm=10AvLj@bNlUedd1>utcN>vF}C2Yx50l%l1p@P)1;)Y>(c zfdfC%w@m*w(G;;=xO4>hcYXC=aPsnI#Fd62OOepP$>>GwDQiI&(TvW79e4lA$e%Cj z2x8L}kbRpDMtHC^xic~$h{fRP;pH~|noeOVKm)d|?7*am?zwpjg*5|#*sEb~?vyZZ zmf|S0Q#XDG-EXss(~5`FdRewB-NM5J<1KPIvr<;5Y9pQ4AF7b*+tY zFt|wWP#ZT0f||>K$d@`y-I};WFziy|vtjdjFv|wwI=DgVMbnUO5g-~<76#ude>{6w zkg_$(#}zs7^eLmRoI;~A4PT=|H!s( zHq9}U73;mFj9vH3^BGc$en`NRu=Iz6qP`kG9j;Uz{ywv}qMy=rP(_dS^Uu3fi!!;_ zjioh-{8?O~O&(BBYKFrK3jkLz*%wc`R=3p6Mn(r zy05xjo>@38{2;z|t@mq~LHB_}d=?86RgflkqP98-`OL4c#8e7Oj|u&7`b-?d?$+q2 z@)Ygia;kNazqv$@eNDt^6OyfiBKH&Rd_^}nXEMKB-_%4z6L7WYM{i13g6V_((#znB zy@J+FWYoXDx;?n_qcfQ$B4j(uSn?8uRA+gkVd&PBDT>AoCCWpuMApU59~BBNpaEaH zt#34PXw8+*sXN)M$rZ8Annf^KwP z5X?toTmy}5EccWm$*bGZ9vUX`5zPk2d6Y;qt!xD3;ToCT$VG}ntf%VpLYme}&j-2z zzL?$9bqjn)SCAJ81nG!i?@>@dQSL?aPfbevG}{2s_6fX%-olf^EI?^}s7@WreuwEzBAPlA{{Z)yq0*IPmXewwy0D@aE6NugXyuWrD6z4|j7w7q!xi(frDK2O;tb%ijQV?JL zwON*+!DFcI$L6_gq%}P|aoPTqWxeJd<^7!kJmqkjyzpZ==pN?cQ2doybr3pHJw^l; zSysE3@drLiz1Ii>BKn{^*4+jq(oZMaFEW-KvxzoBC_6o|?JyXr61}N#CNB9kWBiQ- zPzOI6N|I)}-Uzyg2^8xYGU|d5*{gohXyMVCty&jw(p$XqM=;W>yR4}rZpfWeJ5U4% zk-{#I&@+P9?GFLUFK#33SrDLDnjfJ&KabVzf>EjsV@2%Ks|+$wiV+Ji)QN>WD(#PV zJhgjm@0GFtSRVJYWQwIY*=M?HnWCLDN5aw>=r}$=(XDpDt*+rmel_MIX`q*ir}Y;e zJ!BA>BLl^P;M0enhWN+riQxJ9?K=7!RXp1q8((wnxr?&hV~kKP zA}l>!54ZTfVoa;@D(P6zS7@eFZ-(sdqxCvaanSiYI@qPnIb0bq?rUr&#*cpBa9ocS zH!f;wQ?LM4kbMET)zC(u6#O$1jxva+!{;YRUpqgK#XRp18Lo3VaT-VVp;RuP5FJY& zOlhTMeRTOTetB)UVLg+NchpsD{MG7C3VXgz7JrV(BP6!)Ue`FTLcV`;#Aby}h_{24 zJfeRa!9G1aX+F&F!>()rTy3sG!`{^DO35s$Ga(U^(xz!}Dy!ixxR?|X%Ec*e>c$OG zGuM1G$&sRaA_+!<-V5Rg=@rFC%IyQ4IGcL0OMyOzQg`d92C*w`Z?iC|H#`s?i}Q1H zJVrC{uy^_>Je`ndLOtV%^KJXqW~<|wt2Y;!cVS=G@jJE})^NE=|Db44E<-IkCJ_`S zCC7zgf3{ALc)3}7HR}tsf3;M3gJzjJWn47;O?JGt4l3;8Aem%$RjshlZniYJ*1Xb2`Z?tw&4CdnyA*(R%si+g>-Y~0~r!u zH(}62!(7GU8$2&Xj2Zos?P?Rnxd6({gy^|GPdg1xZKXyo_X=w z8J_yC8th7|Wntz|R50x>&!$Jg=Q&r&pp!J>%C10G4Rq-$WAvwJARPpXHyM!T`!Ex; zl7hgyAlyOHH%gW>%HoQHqPi>RIqQ7#bGK@9pe)z@6z;zlBsYdjEao+y z#H9?_zV>x;vLJ7KgZA^BQncYJ2dmSF<*68V62vM83FoVmRQ>)>kwA)4)DicK#zfrc z15jd!Z74&z;c%eF5luKk)GLX?{EY;$h#35CtM-jaCK0(uBwD6JgOj`;up03^8Zx?@ z`)jw4p(;y{m!s34uRSzf7dL(h`i|>y6QToe=C+`-M<>s#yvi!*Q4^jN$ies>s58^t zF;14^VvU#)-CQS-nvcy*(VRU=e6rt*jq$FX2Z!|sG^X^&gfSUzMSsx=eW6+-`$O|X z3K}{}cmjPCJ(@Vh;8m%l$g1qEW=J;UNsb!Hhl_!9+m|Cw;3_Y8WaLW)_4f1h`2yhX zZ7^2y`&3H$SoGrZF@)fw+VOV-FTZc6KEG4BFZbIiZ>9z}^1QESyB1b!IN2rnKzL;G zZLqjlu2z;ckvgr4y%ql9Pe>)`y>f za8RpbJW>puUjeKJ!kv*z>d}WUg0VV|iQ=7O88xqBLstiNsDhPXC?OUch``JP|tvc$J4*U%s`H`Ky}2qR3c{M98t{4>Cfjb~N= z!tZp03aP2r8fY+GQoK+R!`#@+Mi?ZpyECi26EHDWv7(}cYxSoXIJ-j<48sHxP{3t& z>0MHsXGva!q)8jjCGdlba+-DJ!sk)JXq&Rw^E8R^a-P17m7kz~iwKb)m=Geup*1tj;L!=Ul?v^9OledjTx7-hY3tmrH zAon~^E)*v!TM}~Bcwb-U~9b6jOl{A=pR3NeHO+ge50zo;aMaWi)c7V zlKFP&ImiJ{u3TFJ&ug~cmUCXn7P1DOgF^LVxsQj^T-vTvR*NFd*DJ~WKR%g8RP=KN zqmP;hL*|U_Lm6h`)>_`;GG-3U>@oeyIDjndu%t&{ux3NOU8gK1S>)Yo6G;hfkD*wj zEGg{Cp*<=2%FojUE9eWNouAO=F}EiveSbf{Vc`4DYLKX-&FlKYZL43PB1*z;7-5!bD@@_92?B__fc zKW;0&joM;F?@Co(l{z{&7GOhp+@U_GXAsnC8axL|Q%`x@?B!gDb!d&SL z`p0<+Q3Jqr0bg%Df)!r2UdNG??h&Oc*|DrCu*8GV#oNrDN8@9kkGqoFxrv^f^^c=< zmcT<{!PlITXjM}-WQ;rw{%~k^WKGgOTyz_YVV?$;%HA~IH6>3TQZwgJ)QueHRN+5~ zWpqD^AV7ZjHKVp4A=f$%(*h^+3k>gs#AQ(^sB8BzkOT{NNwoxfSr-2kiD-Jk6hymz z8CFukDKz99xqaz*GSFY1$bF$)o{05P|8`VBs*+_M$|}dgjg|=JiMyDjr&iNQFiuR3 zJn`V31C0pahs{475@K5T*632nHWWS$zQ@^5>$pX_@!egD%KBe1Vp?T^S>TlaYjP=w zc|9)kgAf)nj@X+UiMY@21G5+c4nMYsF`LnM8GnBKuJiO7<_IsH!}nb_f`1KEMelK zPM@A0RY<2TPer?47R~Z3E1{;WY6BYqyBT*0Ppz9Ja47n>`55fxc;RX8#@kWV@%m<0 za;xnV?bKK-|IVZB)tab^_g%*IdI(W&yogpIQ4meIQaKkaJx0&1RGg`c)xzh;Bg_nf z;F7*d9PJk+?b5|0CX=>epd;>W!9bu|ynr5hG$=-$e#t%t$adUyl-~FGQ7+rg`rRnb zZ*^?gGUWqaRgkZLc62}egm~Nn368KFsM4Bm&;4^@Q+{60f`S5!UJkqbTIkDXw3QZ3 zcT>L-`e}r8x^m%9KkNd}6PSD2b4lRwDqE(<3InP$KKiW;TWxY zKz7rPS!~dHYasJ`(-k3(y*G$MlelrT+L)?f35$hJJ}IP1o1>#G>*t8h`SLv6#c;TJ=%!bs}F+71vNRUlx4N{267sA&&ie#TqK33Q_;Ft z1930g{-6cPw$JCQjDXu%*c`!|t_kVbLYU5wy2>ImPQb2B&B5?NXi=RDz&!2y(43eN zbxlR@(@GiYk!~p!3??Le-FKYJ@@T%APp&p7%ne^F#8Wx%vVA^9OO>gJQA0%VM*vzY>KvTF$!XIY!#M%! z&JCgmD3F;@3x%KALG9#}msIxLW8}WlW5ZyPn<}BSljx(QV1A+FCWBg?!|zlY*2zM+ z3Otz+r~ygO5u=`b1XGvTX#LHQvWWV;aDrV3%w&W!qTUC?b)@PAy&1&h7?7elrCSUx zha&4P7iQwvF{=eNnj3xNp@E_j{tQw??z5brPbYyL5|L0b)KzyJ7lJGj!7tY7Xmw-% z#GK+~8Zd=FY0ijctXPcjPQF18#!m(d(4Gm8UC^r&U?ZpD1G*0CYoXItg~Uw=GgH?q z1&lI3<|!SF!m*H+!Lo!av(u+J14BeSOq#vLe+jI=Ar+L|2P@nn$`#FymHxD2>0!1q z{`_19zmoNa$ZIvV;XHPk9RKc2A74VHP$(^z24$3I1kY0RfK9}><;jv|JEozB~w*X_VtTc)e&0*0zNWI|C$HJNpCsxjl zGBqW-L3Az|azyaG4m)&o0%-U^ZrcSuhhnw|`~EA(;|hbv=QE2QgOCR3RZ)nM&KGS< z$P#I781An;d=!*2e}3Y|ulingT9``m|5@6b8JdtBW{{``)K`Wql5VOGQj zBj4N zc&i;oAPbfd;CV6AoaQG8=h*Hgaaw7L2M@-;>(ZC7i~=Rdo4(AhtKqrJpWdl%=Ck{K zosTajamHARbpRo^j@C2u4^N#o4CeZH)KVjeqND8v&uI4TgjRY0fBkTsEto4@|5CkS z09q=GBO3Ux9+vwwo20^4UL9V%+Dt^qVT4_Gw*`L_PL{Ltbk`==(yvw7%hC7eMGakW zaF`u4L)MCTxOl}KtdaJd4!AXY4XxD+mE6kf5md};@r%szJdfXs=c`BDD7dr>kr57^ zF^f&nD|%4XQ49j&qp=Lt<Ukdv!1lA8i1Xv>K1X|mviG@NFMXyXDL?Z~MS60pHW8eYMsIyq|- z-NQyjby1=~HrC+hhx%>Ncj6Jg)iJe!@<_D4425N5lfF7)ha?0tU>})a9dN}aC?OO0 zGZV8)la9`D2%zXZF5>tl-lefXL(EBi*@jgralnypyT9uU(qBe*Kv8fMx=`p%WkVl^Kz;EkxbxoR96}2ZZm0yVWusSV+fPDmYqeY zzI&2sO?!hrd(K^?ICN&M~3oiPmk%hu2nHbl+@+_JuPdK8G zS@orK5Lw0}_*R$-1O_sCQGM!F5tY6c@(u_!bf)q}Y{&D^YIY^cZx4Ad-ft z%%F#K2^@FQHuGg6e$yNmQ5Alk8JhLVRF?83i(&}lIP}IPJFb)L3^$7I!S3;Ejn&}h zq1X0Yvq8nrH1BpzE88EfKq_Y`QF!)9nHm;CaQ*}k(uIA4M*I8Xdug)@N;J_rHq$@ zk49Kp8^MNSj%5=*09*}LgU0f}5TQj*)MbYq)@X&rWRLb&u>w_t*1&}@flC8T0#R0G za<{d$R8Z8r#x?5a^P=+f>~9@gv%z5)GM1;4E9P*bC}=OR&la`{HU{gFP!l50BUShJ z4XMC6wr3ut$g7N}3zufL^0`H_juw`%iKcPW0fEiEW zMsEIRBPN%s+-p0fN5UX%Kt=>;Arop;(f<>nAYR|NG`u}l2sSxVw9R0JNR5voJkmiH z&>5{+U2{txKI=Te&gzuUHVgB)uOkOX`(($$wd>cU8@4=@H8yhj9g7X;lw*Rmej`#1 z6f)F^)F}7?SSY0sIVmPXWNKxhlu0EnHUZn<1n=WoNwu{o6swt&$bw90JpC%p8J?pl zV9KF#K`&V&97YkwP$lG1j*0-EqS)dxIp**s>GD^eo$=_fIb8=tG}9?yR}G|VZ~ra6 zk>OyS&&Y{O7^yD`{I5U5cwRN+)cVPpk0@`)~amOWm=S+E=U zM8SXMNVP(!$%3L?X+YNNOaK5MlSxEDRBI$!X%x(ilVEbDK`SR0^trEyh!Gmfi}wNo z2*l`K@>`Mg;Q2>nTY4W$+M2oog6RYHV2OWc%dF%Fzx_t~*p^2!ejp{wxeJP@I;8LP zD1kh2M469_cqgE&}iC{&>_GT)Os--=GnZCuOBNtX6!4;dN*Q^d7(u zK#iT)SEj0zhCq#ip$exm3L`71Cq$Tf0?qK_u_W0t&|iL{bl~XtCdhxh)X-qQ1Diym zl}5p|l`+UifKrft7|MRdUPZr3Rs$AqhMs<5M)=2T}&L*lK%Ot&t_!CPdUv_ zjJ_KZaP70;_JJpo_NE!hcdj@;-L!oJ#v<4qL=>wV2Q+I?i?TO+`Y8UUJb9A*H zk@p8mHywPomOTSoW&5LVUH+wX^Nz>xUL@a&*pjMZ5DdV{sX-a&S9OL+jiQirQgW&$ zP!XYZId2ppAs-r;y`rJqNxT>cg13Z3m4XU#nnUG+UYtfaj3NS~V4R{IT@}F6sbLtZ z0%k?g&$+@VK05dnS<;Z6_OdsU1IyygURpW!eKtsqk7w8lsdXmHklwKVTDBs-Jb_{Y z(8o^%DN|KCL$J3QMVMW5qOjvAPOeJIw-Ij*B)ye0S*Uak-nz83^aH18pcKqeREbb( zA6;EQkRCzHszzbbQ+X!jI27#=22gZFokOw};fBbwX3Q)7%iF#vv37IhxFY3b?`uJB z`NQwjzj4`l>9(FtWp*jd#vM-8lP^+EhsBJ>B$Tv}re4caY#}7HIVN`cn}R-dhnG05@{EPD(cjC(jY4*M|TbNm{t zNVp$fGLQD-fXF6{Da$P0qC`9~^moIA9Fxj) z2m>fOqMkg`v{ayH9`cS|E$$nIZ%0ZiPXAEGJ#6RA;9K_T;xMB%xK#>s=@nl~dj_`S zgeE(qRj9*!xs6FEX+BoMH6sf-Y9jR^R+Gp@PBC#qE^Dw#<%Zu=%o<#!StrescOTgB z^xA=;eok-6H=2@;ra|91MF!PbQ4yVE@PMV8l2H`M)a0CCMMSiPNMV_*qNODn8%th% z%(C<)N1t5gSrju`r_0j#OeQ4ebRK|hfi|Xh+rqp{bOV4sI(wQ-L@$!EnmJ|45W8%`yJTf?tZNF#Bc-y zbuv5WB{|3ej;K0dX_cj_7L|a0;6k*E3XuV=mmMK%wiYp^4M9E)giFP-L?ivPSH6uA z8ILCB4A69OJp*Pl?;ri<;OzyUwWLIJwvSP)OQIzxAX0F%4>I=iGB@e2dM;Vf$U(oPL#HmBw zaG2Xma`wbrs&30%AX6wH!)`r^T9kq$;T>s73_3s-T$yVrutlClXhd z>Uk>5X8=id4M{FI=K>7K)65RgEmxNQ3bo`-sC{N!qQa^w0ZMdn00`q<0zY_{Gu}|S z%;&t3Ak=T&`;^>R?ts+TXpxU1zyl;(JnkvM59sO4XO9BP57XuaW8t5`#-Nxf$qEHq z$9Ei69f@-5`Z?Fdk zy_Iloh}5!3LsDr#NuSDNrE9>e6WJUYF!4}qHaa?zjEoFrL&Jl~z)&Bqe(b8zm!W@G z>Ko|A;^EN-oEVf2jtn4AsNy&)f?XNefD8gY6QHWuf36I_XDtbzG4Eg3hxVXGq;d)xK)`yz@Gz*FSd zYPB}CW!S#6y!NiE8+rWjbTN>jvHoN(X0+~j`1;a4kKSH>_S0V=8(X`FO0i0c)HEsF zUSt%S-!kf1+Ro>Z0p^UY~KEO^2C-6$%f4jCl5Y$cd}v21HSgzmy+NM zTdfdgzKUE(!xuGlddo!q!SjyD4w!Rb#^csz&zPHZcg-&2%(}FzqnlH;2|k2MIZexT zM`}DY7}Nd3&Z~0AC=%l2Kgc%GHVUmsx^>4UiL_^`FfY@>^$qt*Ij&gyqvVJKk6~A< zdMmOMCElY(!Te~Am>_Re$jVsFT|%Az!-{`Dc_ZI{;PM87T9I9N!P=%|MS?y<_VcEO z#wEjP2``Tt8aUm_)UjQCHaOIu?daPshJa5ulZQ6mm)!oq4WS_fH7k+x@7i$aBE+y_ zLW+5!Qy#im{B;Ghbx?{YPcAe9>|nV{i?GTdlH2F=tFQi%o`n5pT*4dtI9=dnUv|iX z!;=H%E>7mnT$s&*5zXkFm2|Xprd-`xYQ%vp%pZ&fM<&U@903s}zxbhn-Sf!p$$gLA zQJUE{Pd-2j(%R=iu3(li-*{Jc z7IGFQG>{~jHS0b>pxO8d_Obmax;&+xzOCggJ2oYcZGI$q;L*F2TkpF*dGHB&ZxR_o zd-DuFrKQVdj>Q^EMzE%7WDNe8Y<(GIX7_^9vSB4MwiT6CsvZ>{ zx1_kjgr(j;>)_{SPhWgwvKU82&!4p@!A>VQ)36(78McYhI0o4A{TtV3Utax5DL0LB zI=Z1zIjb;TbHioXVT+!{ErO!^JlQhuQNu9LtqHR-Nir)ZYeG*bX)HI0fy~-wUVSh! zQ~+W0HnP%Ro%)_T?tSFWBYt|f6M@9gl!N8!`cAw2kG$zIK}?t4aIi-XP)>T?6ix%RI= zbMgyN|IvZ5Ut5AC?B8c6o_Jy-B54#q!Sy~l@Ud++o+Di4I)l)c)bcUx>_9ytP{(S(LWqv0-#95O$9rluSv2@lB~9x zSqX5<2L^hx@htg1iNo#{!;yg?%ol{|ZTGLe4*t!!o?~(BW=(rXeT|L}$u;c@Tcd!S z;e$)ByKPN&;Jiao7t!aKQjMGv@uZu8DN3zTLPQy1<2Y8j5w9GsUUBZpcdlHCl_e|9 zG1$sn)VWln`L-nzZ7D0?_T%{T!vaqGz%r`IHOq@<>z z)?`r9nnaU{R6#yXnZ1JbUqtqW8!oJ92#O5EE;C8K10MFp`0l}rM4;}bvj)tq=8h+D z>Gjy$0j|pZCt5F(O~Or*T*>I~lB+HVA4fG{_NsRqW^H8ran1$jaQq#)A_HNIK}&i7 z*H3ZLsnM8F{dd}HfE&$m5@Xex3$VGv;C?yfsPj0t2n*o-s||%7FBM-TIZFdr1WdJ zNs`r&5JXK$Sk}PreXxtgS1Cc4TLsbttY#qE)LaItTXAt*Qg1~>W&6tyKd3TG;V-)U z3-~N|OR&K}&Gas zm|QIbVZ0i|mjQD-qp`udH{CTbINFO=WI^)B z^;f2kY`RaTeC^wISN(RmE^9sBWkI|f)r4_s7b~^X(&yiI-ts|yR$Hs}prnZmgfwap zp98F|$ZjbHh1cD_p#gq60GIv|XN%yIP%dJWYPid}*Sfsh1XZh=nQ1)+dp67%>tc^6 zDS9!O&&Fg7L|YNATKv2fP_tReCsGgZ>l#RtzLD*6w#d)__?`6e?HjTD1pE0;Fczs= zYBh>#b-5~IQG^OBiVJZmmbJGb&*`U@pLYUU4~#v6W$htl2v5d9NUyEPX92UjRUeB` zEBlSZJP#Hy+TA6wm~|bdIB}ZHRGil1sc}_FVamcdbJc|X7Ve$-&<+_YOf>e;gePkt z+KTW~x=&hWH5!#w_oulAb_{Nj68_-o|4VoDZ^Nh56SN{zuE(_$ICWvlfyyfjF7dVO zN0;M;;AF-gnv=;I2^n655`|3@o$YB`@M zH}&|vUITW@H@W8K%Vo+}cA3-~ss1jNLWNANY87#Dh6-=Hv7}^-hVp)st))|`^OKsz z3X98Dghs+uzCX0^q^%M3b+?aefK$G++UF;0?_QH`*!-X!tg{Ect4^!<-PPpxh20Jk(FMrOd8J^OzGbR@RPV88HrtYT1CB&t% z_LhzY?Be-OY({-8r*;3~+&53zKz61DVd-?h{-1!k1xRy%16X&{R|DK$c0B2Bo5Lce z>mR-qTgK|T)>@@zt({Ue7wSoKDWOSXw5_EbUkmp9;;+v=`5UXwT-C7R!X-O36xdk< zVK#KY{tl}ahE4V?qV7#!4fGA|kiuPk)6bK^p@EG1DpxFppIQ|cd2v0TK!3%=+-J85 z`#ujfW~H+ykT7BN&Kd{>vlU^>aTBhO;-cFrD>bb3-+f5~+;neN`vP>c)}@bZz8`~i z^t$EEdU36tsBFqL5uL=>CLV8V>EK)bcfb8}CqK-t72kbKN^Swst{4c#(ID8qei9eY zRiMGtjRZ>AAKWpE!K5J^F)_P8VLN^IwRK$_?)=q9C`hykcp7PaQ=~`)i zcGW*nH6_9>Dc>Ty%85`sXV?{i+@8TCH4}?s7fcT~o8n2nXpLj~syO zg}6p=?JoHcRd;)%2KZgbI8NFc85zl*|BMr`L3kri2SZlb^PYm6nnC0Rk9M|o;{crg zkDYVwDgR63*x6aDyx`r@f~ZU#2)z@CwYciz5!K8z_PMulciY_LmIwZjZrJkBq&~@Y z>Y!2R<&aYbIPPf1Zv8)paeTt8wOXRDA*L)W&#*fUghkaB<8^>J56G^U8Vb~mtE*nSFaP5WI9G6Fba*^%Xn4(vm9HJ( z?uff%+!1DRcN++0bMBAbtKZ=IYg}|Rklkk0BC-Cn*JwbO!4HoOrVl@HpDcryamemB z3R7k~$ieyb3Em36{_OvJ)g3EWu4-O3#f6BIQJ{8-CPOsDi%(ygWy+1YQ_Yw9N( z?ZS*z|8UP|vGLm%R-#+AyJoD4lHHRA5_YNn5{dr;SKUa8?!q*{ajJJ#`#hE;-LUBa zIrF~goyaa0b)=)Mn=@A5Jm<5o`A5!JeQf24dvp?LPZ|hy!Lf&St4;xYEv~weKnc^) z@q}YK9+!<%lF<{|oxQAVq_b@XjpIj{&gBDF+(i3YDc#Qcd)h#lFIu=73CALQnOHXx zC}Fy}!4d9Kn6E}7+0laV0lY`ulVKn%fDYO@ z1~~!OEx77N0wqi*He4TSljA!sZ1 z&w%g6^%Y!fT{x-E)xdSP4{3le4C%0UZ^|7F@s*!!d_BQCkrA%S#j$8*?A-W<73ZG% z1HK{WOTaz-o?{}_YUP}WZcoOuOU14hjrFUzmg3?j*))#&(iA9RUvlG_>0&*;?NPic z93PiKdzF!;t^D#m2aMy9Qkp)O#$mn&TsHPp8wd5iHy8->K^0Q79EV(u>sh$M{kH1k z5-4P!aMl>G`yy5qmTT3o@iKPU;$R%#b6h^!)$**r{_M%Oa#il0Tw66&9X{1vtbBgi zVzA}dfNKe^3viu-i>}_~GJ4o2e(_GE`VmxFGK!-Unz&U^|Gc{q6I8zvgcMYyiPbuq3N;nMEd-kNu0aX)svYq&!g zPw*T=-m8*XvzU%z>)s~rwvIJbKW}Mndh1{P$4Of_-T)rm>z&`+ZBJ@@Z?0r&2<&p* zhl|ToK89;0F6LXiV>|t-7BcE?H*27jHezaWELkvXaf!!8V;oXWvUI$ywXJDjcwnq| zpy$0SK6i>7qPaVFAKA^taN_pHE|$xj1+>dWL-;tZ=i|B&S2Hf+7+-gLi3S>AAavaw zvw3#NC_bVpb+&ai4Gs@niFYK=q;Z(Vh8a$J+PMv-pUk4}%`Hf%2kmmvC~m;TZ#qAO z>l3)x!f*zR#-d{vfOYp&Xh8Pp9ZSY$cFoPY+Gk>kdT$@PRR6HzbFblqOS1CJRn1sW zHIl4;DsngVH1`z)VaeF#Vz-KUra}BWu1j$J7p_0SMW?OJzR)t798a&`al8%ZK)h*Q z_W{Z1*vLiYfr0nG^ZYZO;9K#dZaXR!Vhr2%rM%4`Hf4DdEKjk6UVWJ!gc@2)d0Ix+O49|ybsqFTxt-!X}ozFuKT-J7tS!O zjvs>mc3k3Cp187+3k_|s?mdMX2)l~hO_|-Veq3r0bwlyGP@U|GpEnFXls<@yTRhRF zC!Tm>cux$r{`-__Am8m;h}?V@SKd%Ke%Y1Eu|M-tcO2)b4tP%GCveFY@9^o^o#MTy zyS-EcY|_I%FAaq)%4S@8V|kN#)yFAbC#svgPaUxZ4j(KJBFs+{X5ms-Hw@LpKH}#M zg-^Nn;<^)8SPAksKaAU-VHyN=6YAiP2%m+E)9vc&hM}6+NBz8^u=(e#*H3VT19LVr4U!&o*g zYiJbI#f`Y$k83e5b$qyR@LeBcs79u#&zr2%!&=0b0r(=W`*4NELYQ3*j#=`RC{MR9 zgjoh1gXQyk2jV`Bi#yJQj{4%Y-?{z$Nx)WxhQbP?j$MbB;Cd~tlW`r5D|CG7@}i^u zC}VHcBlD?708q*r=9TeWy7O~fKgM+(E_I}%QP7~Yyc)OP_@T1)n?hG9s6HXt+u0wH!vpNVm$BLGJimT4)>qQ2| z6V}SEaFMUPYLKMKJ8qVH4=%P6*WltT6uVLEGOD8-8U^#IdDXc6-Vbleey@xI1yDb% zfV@~~^Q{Zx55aXLF19r6jvayPU|c*4K;J9_+@p>&O`CAtkBbJty^n9j#n$05TzRLh zCCgMdioAA$aNR%xWlRDL4Tcq~S~sK>ar1F4!gZka*)>~$Yc4LnlbK Date: Wed, 18 Dec 2024 18:07:23 +0600 Subject: [PATCH 18/35] Added black duck security scan action template --- code-scanning/black-duck-security-scan-ci.yml | 34 +++++++++++++++++++ ...lack-duck-security-scan-ci.properties.json | 21 ++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 code-scanning/black-duck-security-scan-ci.yml create mode 100644 code-scanning/properties/black-duck-security-scan-ci.properties.json diff --git a/code-scanning/black-duck-security-scan-ci.yml b/code-scanning/black-duck-security-scan-ci.yml new file mode 100644 index 0000000..ab8efe5 --- /dev/null +++ b/code-scanning/black-duck-security-scan-ci.yml @@ -0,0 +1,34 @@ +name: CI-Black-Duck-Security-Scan +on: + push: + branches: [ $default-branch ] + pull_request: + branches: [ $default-branch ] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout Source + uses: actions/checkout@v3 + - name: Black Duck SCA Scan + uses: blackduck-inc/black-duck-security-scan@v2.0.0 + with: + ### ---------- BLACKDUCK SCA SCANNING: REQUIRED FIELDS ---------- + blackducksca_url: ${{ vars.BLACKDUCKSCA_URL }} + blackducksca_token: ${{ secrets.BLACKDUCKSCA_TOKEN }} + + ### ---------- COVERITY SCANNING: REQUIRED FIELDS ---------- + coverity_url: ${{ vars.COVERITY_URL }} + coverity_user: ${{ secrets.COVERITY_USER }} + coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} + + ### ---------- POLARIS SCANNING: REQUIRED FIELDS ---------- + polaris_server_url: ${{ vars.POLARIS_SERVER_URL }} + polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }} + polaris_assessment_types: "SCA,SAST" + + ### ---------- SRM SCANNING: REQUIRED FIELDS ---------- + srm_url: ${{ vars.SRM_URL }} + srm_apikey: ${{ secrets.SRM_API_KEY }} + srm_assessment_types: "SCA,SAST" \ No newline at end of file diff --git a/code-scanning/properties/black-duck-security-scan-ci.properties.json b/code-scanning/properties/black-duck-security-scan-ci.properties.json new file mode 100644 index 0000000..8376dbb --- /dev/null +++ b/code-scanning/properties/black-duck-security-scan-ci.properties.json @@ -0,0 +1,21 @@ +{ + "name": "Black Duck Security Scan Workflow", + "description": "The Black Duck Security Scan GitHub Action allows you to configure your pipeline to run Black Duck Security Scan and take action on the security results", + "iconName": "black-duck-icon.png", + "categories": [ + "Code Scanning", + "C", + "C++", + "C#", + "Go", + "Java", + "JavaScript", + "Ruby", + "PHP", + "Swift", + "Kotlin", + "Python", + "VB.NET", + "Objective C" + ] +} \ No newline at end of file From 84747ed35587c6e7075987c2c7e62744d8b381d2 Mon Sep 17 00:00:00 2001 From: Sadman Anik Date: Mon, 23 Dec 2024 16:49:39 +0600 Subject: [PATCH 19/35] Used hash instead of tag name --- code-scanning/black-duck-security-scan-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/black-duck-security-scan-ci.yml b/code-scanning/black-duck-security-scan-ci.yml index ab8efe5..2200b6a 100644 --- a/code-scanning/black-duck-security-scan-ci.yml +++ b/code-scanning/black-duck-security-scan-ci.yml @@ -12,7 +12,7 @@ jobs: - name: Checkout Source uses: actions/checkout@v3 - name: Black Duck SCA Scan - uses: blackduck-inc/black-duck-security-scan@v2.0.0 + uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9 with: ### ---------- BLACKDUCK SCA SCANNING: REQUIRED FIELDS ---------- blackducksca_url: ${{ vars.BLACKDUCKSCA_URL }} From 9351ace4ef71e2c5e689d880ae088a78bb0300b0 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Mon, 6 Jan 2025 09:13:48 -0500 Subject: [PATCH 20/35] Remove trailing whitespace > trim trailing whitespace.................................................Failed > - hook id: trailing-whitespace > - exit code: 1 > - files were modified by this hook > > Fixing deployments/octopusdeploy.yml Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- deployments/octopusdeploy.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/deployments/octopusdeploy.yml b/deployments/octopusdeploy.yml index cc1f2f4..188c4d0 100644 --- a/deployments/octopusdeploy.yml +++ b/deployments/octopusdeploy.yml @@ -1,5 +1,5 @@ # This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by separate terms of service, +# They are provided by a third-party and are governed by separate terms of service, # privacy policy, and support documentation. # # This workflow will build and publish a Docker container which is then deployed through Octopus Deploy. @@ -12,13 +12,13 @@ # # To configure this workflow: # -# 1. Decide where you are going to host your image. +# 1. Decide where you are going to host your image. # This template uses the GitHub Registry for simplicity but if required you can update the relevant DOCKER_REGISTRY variables below. # -# 2. Create and configure an OIDC credential for a service account in Octopus. +# 2. Create and configure an OIDC credential for a service account in Octopus. # This allows for passwordless authentication to your Octopus instance through a trust relationship configured between Octopus, GitHub and your GitHub Repository. -# https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions -# +# https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions +# # 3. Configure your Octopus project details below: # OCTOPUS_URL: update to your Octopus Instance Url # OCTOPUS_SERVICE_ACCOUNT: update to your service account Id @@ -42,14 +42,14 @@ jobs: packages: write contents: read env: - DOCKER_REGISTRY: ghcr.io # TODO: Update to your docker registry uri + DOCKER_REGISTRY: ghcr.io # TODO: Update to your docker registry uri DOCKER_REGISTRY_USERNAME: ${{ github.actor }} # TODO: Update to your docker registry username DOCKER_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} # TODO: Update to your docker registry password outputs: image_tag: ${{ steps.meta.outputs.version }} steps: - uses: actions/checkout@v4 - + - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 @@ -64,7 +64,7 @@ jobs: id: meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: - images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }} + images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }} tags: type=semver,pattern={{version}},value=v1.0.0-{{sha}} - name: Build and push Docker image @@ -74,7 +74,7 @@ jobs: context: . push: true tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + labels: ${{ steps.meta.outputs.labels }} deploy: name: Deploy permissions: @@ -89,9 +89,9 @@ jobs: OCTOPUS_ENVIRONMENT: 'your-environment' # TODO: update to the name of the environment to recieve the first deployment steps: - - name: Login to Octopus Deploy + - name: Login to Octopus Deploy uses: OctopusDeploy/login@34b6dcc1e86fa373c14e6a28c5507d221e4de629 #v1.0.2 - with: + with: server: '${{ env.OCTOPUS_URL }}' service_account_id: '${{ env.OCTOPUS_SERVICE_ACCOUNT }}' @@ -104,7 +104,7 @@ jobs: packages: '*:${{ needs.build.outputs.image_tag }}' - name: Deploy Release - uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1 + uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1 with: project: '${{ env.OCTOPUS_PROJECT }}' space: '${{ env.OCTOPUS_SPACE }}' From 17f0d2485e8a171372ba78d7775a1f8bd76a9fa1 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Mon, 6 Jan 2025 09:15:19 -0500 Subject: [PATCH 21/35] Use unix line endings Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- deployments/octopusdeploy.yml | 224 +++++++++++++++++----------------- 1 file changed, 112 insertions(+), 112 deletions(-) diff --git a/deployments/octopusdeploy.yml b/deployments/octopusdeploy.yml index 188c4d0..c8cd625 100644 --- a/deployments/octopusdeploy.yml +++ b/deployments/octopusdeploy.yml @@ -1,112 +1,112 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by separate terms of service, -# privacy policy, and support documentation. -# -# This workflow will build and publish a Docker container which is then deployed through Octopus Deploy. -# -# The build job in this workflow currently assumes that there is a Dockerfile that generates the relevant application image. -# If required, this job can be modified to generate whatever alternative build artifact is required for your deployment. -# -# This workflow assumes you have already created a Project in Octopus Deploy. -# For instructions see https://octopus.com/docs/projects/setting-up-projects -# -# To configure this workflow: -# -# 1. Decide where you are going to host your image. -# This template uses the GitHub Registry for simplicity but if required you can update the relevant DOCKER_REGISTRY variables below. -# -# 2. Create and configure an OIDC credential for a service account in Octopus. -# This allows for passwordless authentication to your Octopus instance through a trust relationship configured between Octopus, GitHub and your GitHub Repository. -# https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions -# -# 3. Configure your Octopus project details below: -# OCTOPUS_URL: update to your Octopus Instance Url -# OCTOPUS_SERVICE_ACCOUNT: update to your service account Id -# OCTOPUS_SPACE: update to the name of the space your project is configured in -# OCTOPUS_PROJECT: update to the name of your Octopus project -# OCTOPUS_ENVIRONMENT: update to the name of the environment to recieve the first deployment - - -name: 'Build and Deploy to Octopus Deploy' - -on: - push: - branches: - - '$default-branch' - -jobs: - build: - name: Build - runs-on: ubuntu-latest - permissions: - packages: write - contents: read - env: - DOCKER_REGISTRY: ghcr.io # TODO: Update to your docker registry uri - DOCKER_REGISTRY_USERNAME: ${{ github.actor }} # TODO: Update to your docker registry username - DOCKER_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} # TODO: Update to your docker registry password - outputs: - image_tag: ${{ steps.meta.outputs.version }} - steps: - - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - - name: Log in to the Container registry - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 - with: - registry: ${{ env.DOCKER_REGISTRY }} - username: ${{ env.DOCKER_REGISTRY_USERNAME }} - password: ${{ env.DOCKER_REGISTRY_PASSWORD }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 - with: - images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }} - tags: type=semver,pattern={{version}},value=v1.0.0-{{sha}} - - - name: Build and push Docker image - id: push - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - deploy: - name: Deploy - permissions: - id-token: write - runs-on: ubuntu-latest - needs: [ build ] - env: - OCTOPUS_URL: 'https://your-octopus-url' # TODO: update to your Octopus Instance url - OCTOPUS_SERVICE_ACCOUNT: 'your-service-account-id' # TODO: update to your service account Id - OCTOPUS_SPACE: 'your-space' # TODO: update to the name of the space your project is configured in - OCTOPUS_PROJECT: 'your-project' # TODO: update to the name of your Octopus project - OCTOPUS_ENVIRONMENT: 'your-environment' # TODO: update to the name of the environment to recieve the first deployment - - steps: - - name: Login to Octopus Deploy - uses: OctopusDeploy/login@34b6dcc1e86fa373c14e6a28c5507d221e4de629 #v1.0.2 - with: - server: '${{ env.OCTOPUS_URL }}' - service_account_id: '${{ env.OCTOPUS_SERVICE_ACCOUNT }}' - - - name: Create Release - id: create_release - uses: OctopusDeploy/create-release-action@fea7e7b45c38c021b6bc5a14bd7eaa2ed5269214 #v3.2.2 - with: - project: '${{ env.OCTOPUS_PROJECT }}' - space: '${{ env.OCTOPUS_SPACE }}' - packages: '*:${{ needs.build.outputs.image_tag }}' - - - name: Deploy Release - uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1 - with: - project: '${{ env.OCTOPUS_PROJECT }}' - space: '${{ env.OCTOPUS_SPACE }}' - release_number: '${{ steps.create_release.outputs.release_number }}' - environments: ${{ env.OCTOPUS_ENVIRONMENT }} +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by separate terms of service, +# privacy policy, and support documentation. +# +# This workflow will build and publish a Docker container which is then deployed through Octopus Deploy. +# +# The build job in this workflow currently assumes that there is a Dockerfile that generates the relevant application image. +# If required, this job can be modified to generate whatever alternative build artifact is required for your deployment. +# +# This workflow assumes you have already created a Project in Octopus Deploy. +# For instructions see https://octopus.com/docs/projects/setting-up-projects +# +# To configure this workflow: +# +# 1. Decide where you are going to host your image. +# This template uses the GitHub Registry for simplicity but if required you can update the relevant DOCKER_REGISTRY variables below. +# +# 2. Create and configure an OIDC credential for a service account in Octopus. +# This allows for passwordless authentication to your Octopus instance through a trust relationship configured between Octopus, GitHub and your GitHub Repository. +# https://octopus.com/docs/octopus-rest-api/openid-connect/github-actions +# +# 3. Configure your Octopus project details below: +# OCTOPUS_URL: update to your Octopus Instance Url +# OCTOPUS_SERVICE_ACCOUNT: update to your service account Id +# OCTOPUS_SPACE: update to the name of the space your project is configured in +# OCTOPUS_PROJECT: update to the name of your Octopus project +# OCTOPUS_ENVIRONMENT: update to the name of the environment to recieve the first deployment + + +name: 'Build and Deploy to Octopus Deploy' + +on: + push: + branches: + - '$default-branch' + +jobs: + build: + name: Build + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + env: + DOCKER_REGISTRY: ghcr.io # TODO: Update to your docker registry uri + DOCKER_REGISTRY_USERNAME: ${{ github.actor }} # TODO: Update to your docker registry username + DOCKER_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} # TODO: Update to your docker registry password + outputs: + image_tag: ${{ steps.meta.outputs.version }} + steps: + - uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.DOCKER_REGISTRY }} + username: ${{ env.DOCKER_REGISTRY_USERNAME }} + password: ${{ env.DOCKER_REGISTRY_PASSWORD }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.DOCKER_REGISTRY }}/${{ github.repository }} + tags: type=semver,pattern={{version}},value=v1.0.0-{{sha}} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + deploy: + name: Deploy + permissions: + id-token: write + runs-on: ubuntu-latest + needs: [ build ] + env: + OCTOPUS_URL: 'https://your-octopus-url' # TODO: update to your Octopus Instance url + OCTOPUS_SERVICE_ACCOUNT: 'your-service-account-id' # TODO: update to your service account Id + OCTOPUS_SPACE: 'your-space' # TODO: update to the name of the space your project is configured in + OCTOPUS_PROJECT: 'your-project' # TODO: update to the name of your Octopus project + OCTOPUS_ENVIRONMENT: 'your-environment' # TODO: update to the name of the environment to recieve the first deployment + + steps: + - name: Login to Octopus Deploy + uses: OctopusDeploy/login@34b6dcc1e86fa373c14e6a28c5507d221e4de629 #v1.0.2 + with: + server: '${{ env.OCTOPUS_URL }}' + service_account_id: '${{ env.OCTOPUS_SERVICE_ACCOUNT }}' + + - name: Create Release + id: create_release + uses: OctopusDeploy/create-release-action@fea7e7b45c38c021b6bc5a14bd7eaa2ed5269214 #v3.2.2 + with: + project: '${{ env.OCTOPUS_PROJECT }}' + space: '${{ env.OCTOPUS_SPACE }}' + packages: '*:${{ needs.build.outputs.image_tag }}' + + - name: Deploy Release + uses: OctopusDeploy/deploy-release-action@b10a606c903b0a5bce24102af9d066638ab429ac #v3.2.1 + with: + project: '${{ env.OCTOPUS_PROJECT }}' + space: '${{ env.OCTOPUS_SPACE }}' + release_number: '${{ steps.create_release.outputs.release_number }}' + environments: ${{ env.OCTOPUS_ENVIRONMENT }} From d9c5f62b74488662b960559f943550a084b81f08 Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Mon, 6 Jan 2025 09:25:01 -0500 Subject: [PATCH 22/35] Fix sentence style Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --- deployments/octopusdeploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/octopusdeploy.yml b/deployments/octopusdeploy.yml index c8cd625..686ebd5 100644 --- a/deployments/octopusdeploy.yml +++ b/deployments/octopusdeploy.yml @@ -89,7 +89,7 @@ jobs: OCTOPUS_ENVIRONMENT: 'your-environment' # TODO: update to the name of the environment to recieve the first deployment steps: - - name: Login to Octopus Deploy + - name: Log in to Octopus Deploy uses: OctopusDeploy/login@34b6dcc1e86fa373c14e6a28c5507d221e4de629 #v1.0.2 with: server: '${{ env.OCTOPUS_URL }}' From be1cddbe1dfcb88589ad5c2d8ca24aa30eff2e7c Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Tue, 6 Aug 2024 08:52:16 -0400 Subject: [PATCH 23/35] Checkout: Update all workflows to use Checkout V4 --- ci/datadog-synthetics.yml | 2 +- code-scanning/appknox.yml | 2 +- code-scanning/bandit.yml | 2 +- code-scanning/clj-holmes.yml | 2 +- code-scanning/clj-watson.yml | 2 +- code-scanning/crda.yml | 2 +- code-scanning/neuralegion.yml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ci/datadog-synthetics.yml b/ci/datadog-synthetics.yml index 0ea0678..a034c39 100644 --- a/ci/datadog-synthetics.yml +++ b/ci/datadog-synthetics.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 # Run Synthetic tests within your GitHub workflow. # For additional configuration options visit the action within the marketplace: https://github.com/marketplace/actions/datadog-synthetics-ci diff --git a/code-scanning/appknox.yml b/code-scanning/appknox.yml index 68e4672..8b8cb8a 100644 --- a/code-scanning/appknox.yml +++ b/code-scanning/appknox.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Grant execute permission for gradlew run: chmod +x gradlew diff --git a/code-scanning/bandit.yml b/code-scanning/bandit.yml index 1ee087c..1a33e8f 100644 --- a/code-scanning/bandit.yml +++ b/code-scanning/bandit.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Bandit Scan uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c with: # optional arguments diff --git a/code-scanning/clj-holmes.yml b/code-scanning/clj-holmes.yml index 2d919a5..49bca52 100644 --- a/code-scanning/clj-holmes.yml +++ b/code-scanning/clj-holmes.yml @@ -27,7 +27,7 @@ jobs: actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Scan code uses: clj-holmes/clj-holmes-action@200d2d03900917d7eb3c24fc691ab83579a87fcb diff --git a/code-scanning/clj-watson.yml b/code-scanning/clj-watson.yml index b0a7443..ce0b70e 100644 --- a/code-scanning/clj-watson.yml +++ b/code-scanning/clj-watson.yml @@ -32,7 +32,7 @@ jobs: actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Dependency scan uses: clj-holmes/clj-watson-action@39b8ed306f2c125860cf6e69b6939363689f998c diff --git a/code-scanning/crda.yml b/code-scanning/crda.yml index 82610ac..a23a158 100644 --- a/code-scanning/crda.yml +++ b/code-scanning/crda.yml @@ -81,7 +81,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@v2 + uses: actions/checkout@v4 # ******************************************************************* # Required: Instructions to setup project diff --git a/code-scanning/neuralegion.yml b/code-scanning/neuralegion.yml index e9189d5..218d16a 100644 --- a/code-scanning/neuralegion.yml +++ b/code-scanning/neuralegion.yml @@ -162,7 +162,7 @@ jobs: runs-on: ubuntu-18.04 name: A job to run a Nexploit scan steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Start Nexploit Scan 🏁 id: start uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe From f8ea592ee64ab87ab49675e542203d09c0718b7d Mon Sep 17 00:00:00 2001 From: Fabian Aguilar Gomez Date: Mon, 13 Jan 2025 14:54:01 -0600 Subject: [PATCH 24/35] Update jekyll.yml --- pages/jekyll.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pages/jekyll.yml b/pages/jekyll.yml index f07bc39..4dd1c20 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -34,7 +34,8 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Setup Ruby - uses: ruby/setup-ruby@8575951200e472d5f2d95c625da0c7bec8217c42 # v1.161.0 + # https://github.com/ruby/setup-ruby/releases/tag/v1.207.0 + uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 with: ruby-version: '3.1' # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically From 95a3224907f9382f93c0c43e351f2a04a6a8a04b Mon Sep 17 00:00:00 2001 From: Josh Soref <2119212+jsoref@users.noreply.github.com> Date: Mon, 13 Jan 2025 20:52:25 -0500 Subject: [PATCH 25/35] Remove stray `-` Co-authored-by: Beth Brennan <34719884+elbrenn@users.noreply.github.com> --- code-scanning/appknox.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/appknox.yml b/code-scanning/appknox.yml index 8b8cb8a..a5f62d9 100644 --- a/code-scanning/appknox.yml +++ b/code-scanning/appknox.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - - uses: actions/checkout@v4 + uses: actions/checkout@v4 - name: Grant execute permission for gradlew run: chmod +x gradlew From 1e05f3c86d6d916a8c3aa3c073f5a0891e844652 Mon Sep 17 00:00:00 2001 From: Josh Gross Date: Tue, 21 Jan 2025 15:06:02 -0500 Subject: [PATCH 26/35] Update starter workflows to use the latest artifact actions (#2726) * Update starter workflows to use the latest artifact actions * Ensure incompatible artifact actions aren't synced to GHES --- ci/dotnet-desktop.yml | 2 +- code-scanning/msvc.yml | 2 +- code-scanning/xanitizer.yml | 2 +- deployments/azure-webapps-dotnet-core.yml | 4 ++-- deployments/azure-webapps-java-jar-gradle.yml | 4 ++-- deployments/azure-webapps-java-jar.yml | 4 ++-- deployments/azure-webapps-node.yml | 4 ++-- deployments/azure-webapps-php.yml | 4 ++-- deployments/azure-webapps-python.yml | 4 ++-- script/sync-ghes/index.ts | 21 +++++++++++++++++++ 10 files changed, 36 insertions(+), 15 deletions(-) diff --git a/ci/dotnet-desktop.yml b/ci/dotnet-desktop.yml index ad99b56..a7b9152 100644 --- a/ci/dotnet-desktop.yml +++ b/ci/dotnet-desktop.yml @@ -109,7 +109,7 @@ jobs: # Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact - name: Upload build artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: MSIX Package path: ${{ env.Wap_Project_Directory }}\AppPackages diff --git a/code-scanning/msvc.yml b/code-scanning/msvc.yml index b8469de..1d7b31f 100644 --- a/code-scanning/msvc.yml +++ b/code-scanning/msvc.yml @@ -60,7 +60,7 @@ jobs: # Upload SARIF file as an Artifact to download and view # - name: Upload SARIF as an Artifact - # uses: actions/upload-artifact@v3 + # uses: actions/upload-artifact@v4 # with: # name: sarif-file # path: ${{ steps.run-analysis.outputs.sarif }} diff --git a/code-scanning/xanitizer.yml b/code-scanning/xanitizer.yml index 4e2b49b..834d71f 100644 --- a/code-scanning/xanitizer.yml +++ b/code-scanning/xanitizer.yml @@ -87,7 +87,7 @@ jobs: license: ${{ secrets.XANITIZER_LICENSE }} # Archiving the findings list reports - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: Xanitizer-Reports path: | diff --git a/deployments/azure-webapps-dotnet-core.yml b/deployments/azure-webapps-dotnet-core.yml index 73b6380..72eab26 100644 --- a/deployments/azure-webapps-dotnet-core.yml +++ b/deployments/azure-webapps-dotnet-core.yml @@ -59,7 +59,7 @@ jobs: run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/myapp - name: Upload artifact for deployment job - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: .net-app path: ${{env.DOTNET_ROOT}}/myapp @@ -75,7 +75,7 @@ jobs: steps: - name: Download artifact from build job - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: .net-app diff --git a/deployments/azure-webapps-java-jar-gradle.yml b/deployments/azure-webapps-java-jar-gradle.yml index 51817b5..9957493 100644 --- a/deployments/azure-webapps-java-jar-gradle.yml +++ b/deployments/azure-webapps-java-jar-gradle.yml @@ -50,7 +50,7 @@ jobs: run: gradle build - name: Upload artifact for deployment job - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: java-app path: '${{ github.workspace }}/build/libs/*.jar' @@ -66,7 +66,7 @@ jobs: steps: - name: Download artifact from build job - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: java-app diff --git a/deployments/azure-webapps-java-jar.yml b/deployments/azure-webapps-java-jar.yml index c98baed..14580c6 100644 --- a/deployments/azure-webapps-java-jar.yml +++ b/deployments/azure-webapps-java-jar.yml @@ -50,7 +50,7 @@ jobs: run: mvn clean install - name: Upload artifact for deployment job - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: java-app path: '${{ github.workspace }}/target/*.jar' @@ -66,7 +66,7 @@ jobs: steps: - name: Download artifact from build job - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: java-app diff --git a/deployments/azure-webapps-node.yml b/deployments/azure-webapps-node.yml index dfa9dbb..408c99e 100644 --- a/deployments/azure-webapps-node.yml +++ b/deployments/azure-webapps-node.yml @@ -49,7 +49,7 @@ jobs: npm run test --if-present - name: Upload artifact for deployment job - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: node-app path: . @@ -65,7 +65,7 @@ jobs: steps: - name: Download artifact from build job - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: node-app diff --git a/deployments/azure-webapps-php.yml b/deployments/azure-webapps-php.yml index 1182c2a..3391c83 100644 --- a/deployments/azure-webapps-php.yml +++ b/deployments/azure-webapps-php.yml @@ -70,7 +70,7 @@ jobs: run: composer validate --no-check-publish && composer install --prefer-dist --no-progress - name: Upload artifact for deployment job - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: php-app path: . @@ -86,7 +86,7 @@ jobs: steps: - name: Download artifact from build job - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: php-app diff --git a/deployments/azure-webapps-python.yml b/deployments/azure-webapps-python.yml index 656f95c..e4868c4 100644 --- a/deployments/azure-webapps-python.yml +++ b/deployments/azure-webapps-python.yml @@ -55,7 +55,7 @@ jobs: # Optional: Add step to run tests here (PyTest, Django test suites, etc.) - name: Upload artifact for deployment jobs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: python-app path: | @@ -73,7 +73,7 @@ jobs: steps: - name: Download artifact from build job - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: python-app path: . diff --git a/script/sync-ghes/index.ts b/script/sync-ghes/index.ts index fcdaaad..99c746b 100755 --- a/script/sync-ghes/index.ts +++ b/script/sync-ghes/index.ts @@ -196,6 +196,27 @@ async function checkWorkflow( }) ), ]); + + // The v4 versions of upload and download artifact are not yet supported on GHES + console.group("Updating all compatible workflows to use v3 of the artifact actions"); + for (const workflow of result.compatibleWorkflows) { + const path = join(workflow.folder, `${workflow.id}.yml`); + console.log(`Updating ${path}`); + const contents = await fs.readFile(path, "utf8"); + + if (contents.includes("actions/upload-artifact@v4") || contents.includes("actions/download-artifact@v4")) { + console.log("Found v4 artifact actions, updating to v3"); + } else { + continue; + } + + let updatedContents = contents.replace(/actions\/upload-artifact@v4/g, "actions/upload-artifact@v3"); + updatedContents = updatedContents.replace(/actions\/download-artifact@v4/g, "actions/download-artifact@v3"); + + await fs.writeFile(path, updatedContents); + } + console.groupEnd(); + } catch (e) { console.error("Unhandled error while syncing workflows", e); process.exitCode = 1; From 90859767037601d0655bb14ed4cbcf9a22c7d3cf Mon Sep 17 00:00:00 2001 From: SOOS-GSteen Date: Thu, 23 Jan 2025 19:15:51 -0500 Subject: [PATCH 27/35] SOOS Dast Feature Update (#2733) * Update soos-dast-scan.yml * Update soos-dast-scan.yml * Update soos-dast-scan.yml --- code-scanning/soos-dast-scan.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/code-scanning/soos-dast-scan.yml b/code-scanning/soos-dast-scan.yml index 0d42c92..4853c4e 100644 --- a/code-scanning/soos-dast-scan.yml +++ b/code-scanning/soos-dast-scan.yml @@ -36,15 +36,25 @@ jobs: runs-on: ubuntu-latest steps: - name: Run SOOS DAST Analysis - uses: soos-io/soos-dast-github-action@65d9878d77c8993f3db9e86a92bc2ad3a6e060af + uses: soos-io/soos-dast-github-action@a7eb40b94c1c81eb76b178ba1befdc21823f86fa with: client_id: ${{ secrets.SOOS_CLIENT_ID }} api_key: ${{ secrets.SOOS_API_KEY }} project_name: "" scan_mode: "baseline" target_url: "https://www.example.com/" - output_format: "sarif" + export_format: "Sarif" + export_file_type: "Json" + - name: Find and rename SARIF file since it is unique + run: | + file=$(find . -name "*.sarif.json" | head -n 1) + if [ -n "$file" ]; then + mv "$file" output.sarif.json + echo "Renamed $file to output.sarif.json" + else + echo "No SARIF file found" && exit 1 + fi - name: Upload SOOS DAST SARIF Report uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: results.sarif + sarif_file: output.sarif.json From 2abfcee18db6e143e9da1f75f6d08283650266a7 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Wed, 29 Jan 2025 14:23:54 -0800 Subject: [PATCH 28/35] Update codeql.yml Explicitly suggest that users add their setup steps before calling init. --- code-scanning/codeql.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml index 7e46549..7cdb425 100644 --- a/code-scanning/codeql.yml +++ b/code-scanning/codeql.yml @@ -55,6 +55,12 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + # Add any setup steps before running the `github/codeql-action/init` action. + # This includes steps like installing compilers or runtimes (`actions/setup-node` + # or others). This is typically only required for manual builds. + # - name: Setup runtime + # uses: actions/setup-XXX@vXXX + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 From 7398b4eca4dc8d1aa3c84fcbcb7a31fa0f22bfe7 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Wed, 29 Jan 2025 15:39:32 -0800 Subject: [PATCH 29/35] Remove trailing whitespace --- code-scanning/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml index 7cdb425..a0a86f3 100644 --- a/code-scanning/codeql.yml +++ b/code-scanning/codeql.yml @@ -56,7 +56,7 @@ jobs: uses: actions/checkout@v4 # Add any setup steps before running the `github/codeql-action/init` action. - # This includes steps like installing compilers or runtimes (`actions/setup-node` + # This includes steps like installing compilers or runtimes (`actions/setup-node` # or others). This is typically only required for manual builds. # - name: Setup runtime # uses: actions/setup-XXX@vXXX From 1de3a149b31945bb5edb3d500d0cb16baaf7d2c3 Mon Sep 17 00:00:00 2001 From: Sadman Anik <36187489+sadmananik@users.noreply.github.com> Date: Thu, 30 Jan 2025 13:48:02 +0600 Subject: [PATCH 30/35] Update black-duck-security-scan-ci.yml --- code-scanning/black-duck-security-scan-ci.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/code-scanning/black-duck-security-scan-ci.yml b/code-scanning/black-duck-security-scan-ci.yml index 2200b6a..1766443 100644 --- a/code-scanning/black-duck-security-scan-ci.yml +++ b/code-scanning/black-duck-security-scan-ci.yml @@ -1,3 +1,12 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# Black Duck Security Action allows you to integrate Static Analysis Security Testing (SAST) and Software Composition Analysis (SCA) into your CI/CD pipelines. +# For more information about configuring your workflow, +# read our documentation at https://github.com/blackduck-inc/black-duck-security-scan + name: CI-Black-Duck-Security-Scan on: push: @@ -31,4 +40,4 @@ jobs: ### ---------- SRM SCANNING: REQUIRED FIELDS ---------- srm_url: ${{ vars.SRM_URL }} srm_apikey: ${{ secrets.SRM_API_KEY }} - srm_assessment_types: "SCA,SAST" \ No newline at end of file + srm_assessment_types: "SCA,SAST" From adcb922ec209f8b3dd061a0901eeb325fec3edd1 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Thu, 30 Jan 2025 16:50:30 -0800 Subject: [PATCH 31/35] Make the example setup more explicit. --- code-scanning/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml index a0a86f3..eeb0dce 100644 --- a/code-scanning/codeql.yml +++ b/code-scanning/codeql.yml @@ -58,8 +58,8 @@ jobs: # Add any setup steps before running the `github/codeql-action/init` action. # This includes steps like installing compilers or runtimes (`actions/setup-node` # or others). This is typically only required for manual builds. - # - name: Setup runtime - # uses: actions/setup-XXX@vXXX + # - name: Setup runtime (example) + # uses: actions/setup-example@v1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL From 7db00754dc1478099891cb586cb1f8fab5a68dbd Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Mon, 3 Feb 2025 15:12:05 -0500 Subject: [PATCH 32/35] Code Scanning: bandit to latest hash ab1d87dfccc5a0ffab88be3aaac6ffe35c10d6cd --- code-scanning/bandit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/bandit.yml b/code-scanning/bandit.yml index 1a33e8f..a3858a3 100644 --- a/code-scanning/bandit.yml +++ b/code-scanning/bandit.yml @@ -31,7 +31,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Bandit Scan - uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c + uses: shundor/python-bandit-scan@ab1d87dfccc5a0ffab88be3aaac6ffe35c10d6cd with: # optional arguments # exit with 0, even with results found exit_zero: true # optional, default is DEFAULT From 5969febe64ddd5e977901cd7fb785fb7a7de50f9 Mon Sep 17 00:00:00 2001 From: Sadman Anik Date: Wed, 5 Feb 2025 13:47:33 +0600 Subject: [PATCH 33/35] Resolved reviwed comments --- code-scanning/black-duck-security-scan-ci.yml | 19 +- ...lack-duck-security-scan-ci.properties.json | 5 +- icons/black-duck-icon.png | Bin 25487 -> 0 bytes icons/black-duck.svg | 219 ++++++++++++++++++ 4 files changed, 237 insertions(+), 6 deletions(-) delete mode 100644 icons/black-duck-icon.png create mode 100644 icons/black-duck.svg diff --git a/code-scanning/black-duck-security-scan-ci.yml b/code-scanning/black-duck-security-scan-ci.yml index 1766443..a777a04 100644 --- a/code-scanning/black-duck-security-scan-ci.yml +++ b/code-scanning/black-duck-security-scan-ci.yml @@ -7,20 +7,30 @@ # For more information about configuring your workflow, # read our documentation at https://github.com/blackduck-inc/black-duck-security-scan -name: CI-Black-Duck-Security-Scan +name: CI Black Duck security scan + on: push: - branches: [ $default-branch ] + branches: [ $default-branch, $protected-branches ] pull_request: + # The branches below must be a subset of the branches above branches: [ $default-branch ] + schedule: + - cron: $cron-weekly jobs: build: runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + security-events: write + actions: read + steps: - - name: Checkout Source + - name: Checkout source uses: actions/checkout@v3 - - name: Black Duck SCA Scan + - name: Black Duck SCA scan uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9 with: ### ---------- BLACKDUCK SCA SCANNING: REQUIRED FIELDS ---------- @@ -41,3 +51,4 @@ jobs: srm_url: ${{ vars.SRM_URL }} srm_apikey: ${{ secrets.SRM_API_KEY }} srm_assessment_types: "SCA,SAST" + diff --git a/code-scanning/properties/black-duck-security-scan-ci.properties.json b/code-scanning/properties/black-duck-security-scan-ci.properties.json index 8376dbb..277ca27 100644 --- a/code-scanning/properties/black-duck-security-scan-ci.properties.json +++ b/code-scanning/properties/black-duck-security-scan-ci.properties.json @@ -1,7 +1,8 @@ { "name": "Black Duck Security Scan Workflow", + "creator": "Black Duck Software, Inc.", "description": "The Black Duck Security Scan GitHub Action allows you to configure your pipeline to run Black Duck Security Scan and take action on the security results", - "iconName": "black-duck-icon.png", + "iconName": "black-duck.svg", "categories": [ "Code Scanning", "C", @@ -18,4 +19,4 @@ "VB.NET", "Objective C" ] -} \ No newline at end of file +} diff --git a/icons/black-duck-icon.png b/icons/black-duck-icon.png deleted file mode 100644 index b73482ce501f47c9e2daa7acf2f41aadd99b0e36..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 25487 zcmZ^~19)Z4(lEMX+upHl+cqb5GI1uhjfw4KV%ye)lT2(U6Pq{lp7Vd_-0%K(?Pu-o zRbAE9sOnW+)hj|tK@tHL7Zv~jAV^DzseGoRe{X2W&;Kf|>YUF6+(KAh7yzh?gL^fC z_8fPXLm@caq#KLP+;nE-$jLjZs$4FJG$$ZA*S`z#1H(~>rqmj}>% z=Ai))AgBPa&m73-4*-G-_*>g&4j==9_dj_R5UPLUfC2zvRsisS*e=n)e`!CJE zQm{Ob|J0ZV`ajsCd0_v^|0T0DQcC$uU>u~hodEziw7)k9AR`MK0014gQqywLl9%H# zvH!|oWNL40#^CGi9`Sv2n6yunVR#ch)MjL{PT&Q#L~sZfrpXN&CQL$jg`UP$%2uY zo12@FiG`7ch5i$R-r2*>#mJrB&YARImHeN2#LS#coU9yNtnBT8f9o|ews&>mCn5RE z=zp$%wbRAQ{6C!Rod4ae&ki#FEn#G4U}F5gk(s$${r`~tE%_JOKmGa_JHEe_@o1}< zIosR1{%w{3Ckx*{9R6Rx|FrL41pmQTx3h8)_&+573;e&SwEk26A2$CD{NDtMPF7~0 z1Nl$8nE&0Z|Aze+{@>p5C|S9i*=mVdeKoUl{@WK8CMG_{|7*$rrWCcewRci=FfuU{ z_+<1C$$x?VH}*e#wEutk{8!1pDft-x&h~%J{=Y=)ALyrS3Bd9({*Rmrz*c%~ZvX&7 z0BJE{HFuCdT`+kD;;w?e7Y~1Q_3z_@#gS1!Fvw|kPz$J}lxb45s+!9}emytnd~I_5 zF}tEs5$<|SG-F*Ap19SWAC9ahCb#sv)*dGQ?a%4MyI?M>vw7R*%UkzDz0mb__QSc` zR2KK)-}BvNx_bz6`Y?jRZwgt zF;U;yc$ws7qP|ylGRe+8Nhki4PHf~ItGDZ2w@PfbkY0r3mev6_w5mlDW$&igjjMbZ2snz-3RApMkw4}t!k2Ihu z1sQhvl)}ZvxHKJvAkYxHUq36yU}ChRE(cvT5%2I*(&R<>P!vukm&V}L2B3ars{2E zclS5r*kU$ZPIO}>qxRMzuqwZnw=n1v5vy?`TMpofgBD&YuF}?Y*4KHQb{@u<9n;P` zJtddrO-oiVb+omK=e!pd4vazPY&n=zjy{G7DD%#yg2p!G_KS~HZm5hLhfS$@7zXzb zf&)>QYvR;M3#R=ta^mOxlh8xN;=Vr52*O@RTo0 z$Hd5oHMM*jMf0$9XTl-EGpXnuA7}>Q$MdMf<8MDP1^lR{;krfnO3k-;g_{IUFa*W#pq&^`EnIjq67^WLPwo0ML!8`* zNiVDXTV?kF%CCnNSzy1WoyCgF5#gDaR#hV>7{ka=;glBe&V4dV{pTwI6k8JRa*Lvb zM5uP#(t`2C3{b#VFS!bQ(ixvEp}|FXA0Zf9hL}2jWDuVR{Ukm>E$k+kTU0!~fyIsw zcdGIS&ag<(wwAer_GPWa9Vn;Mz0{n#ayDILWGer;owj2b#@x5Pz=DgUP`+i;?+ro#yFu!V!& z`|I**PD^%UiFkT*7BY&E%rn4XZ;CtGgyj#BeIBg}T)xx7Z0Z-QyJlE^P16o#|nX zLx10-aoY8U5CaL%s>Rb`NXE_NS>aiF!xeg@#V&n4tk}HrW=8+k70Y|r%1p2|(zf{^ zGT$%cuKJ6KN#09HG{YNO{ZBS4PdlF1OPxqzR!lz?t}@KdB1!ub#TKoh11o)Y@g)jK z4;U>-9dww+IRGV1Jm3z1F(UzvX+W=IMJ_;6pC0}Q76>3KhU4)Ed$Gm0f5@EqQk)M@ z5@&E^Y4w`)t?N;M+`F`BXyf;*&x#NWUAolNU?=^e`|Fv7TTA0Zj5o4#9Z}ls^7`!R zNU3W_Y&E`L8%`QUjKUZ3}(og03^Rp}=_vHLUpsa<6v1fQT zc^ogaq6#wJAPmkferTb*H@P!*Y*imPM+){s+$w0K1rsCy>!KKPHUUS{U2%#ptqfln z*(DEb^a4!4K0ptw-q1wrd@k5c%2K(xW+bu!sq@@E_Jg=k9?lPc*yqZ*Tx487eCZIL z%(mUn>-ei=TxtX3H&+*WJX}JVVF}6FbJDMaMcwHMP7jM9!VvK1p)rW%_F9a=Gty)4J}+3$jU%?t zTh&BVm4$2R0Sz8u(|KjHdrKg(L0r3=Z=cIN*YPDfK&qk+G3b(9RszPL>-pYqh^7mv zrKy?H2dvARr;aWw88!7qNJR!hF=B7L z$4OG3NY9X0K8lADy8wd1!K5>A?n_B77=%)!Evc(XdVz2tCg8NP$?(KxR;klg?(sCv zI@^DNS2ZSJ1k|h^^tUh87IVKNZ|MfNx$0h7=e`*w=vs9wY=bA;2dwdcjn)iU;d^g^ z!lES;YSWM*7U{z!{CHAVcc|bU=RsVy#%sJKm|m)_`MUThS0OV0rP;-U<^v--qdvHmxX$x0jL)1Z!3}Zn7cq7< z?8w#GIvINE#uIf1ye)iiHf=rY>+Gj({QRpEmcmQFht87PNJBW6H!5{Ff3Hu=2#N7F zZg7V|7x84F;%pvL1F0aJunlj)L7(!l5VIt`sDwfdh45!sin*}IEPzz`5wv+&YQadL zfFNYE%YED3=-Biu%=a%m`kps7n+t@g#We-HKb+BWmJV71(3fl+a@J zkgOp5;BsKrjm4+Me`4Bp0f2du$v05t3Pprt(H*Woy6>hlBj7R z10Fi|=z|d8nD9)>jgVvlB-iymZJ^8CI#@13LKFDnk6O*4fvDEaY%<;`C}R=aMHrL+D~}#s z%M6ti>J0A;2(z%!vN39SR2u0M$`4X!Kw*eLn4>!wc0o7=Y?|4<-k;h+`xjR$ZlCqz z3;uUU)`=!Pf%#jf93IOWCgdq=y}PRlT&|7Q>zz!6zR8h?D<27)kF8#4mZh^_CK&kZ zYg)(e&Agppk@n?Lh@Ubcs|_&toCRa1GKU-?Akl4qz>Osm#3(X+IGB#q&C^YR{IEP1 zRX&MRu!aj62lQu?-QNK?#b{gnb@Dlm+AM*oQD;tHML`r^<{z>gV!ldqng8g^PHnd6 zS8NM#xchp|tj&=4ulOS%7_7m-!21TP z-D1+)P4VKJb&Np;d)hdTB^%%e8O*1sQaFm*Y|7cAGhl#n2p@{KG9e#M47M7GWn>LM zxn2SEqQS6F!5rT~6%;{FsF0Cyl#Ia=mAaLH43QczC@eC?uwXOXgc!xgGhs!J-ib3a z8;e8hS^`(4pEG4LSi|G2K5)G-^b*JHtJqOGDb$}{UeWD5;dWIujKk~MJcdhig!WXg z6O&|9hcX4VgJ-0ESP+zX>`>>)?p$~5ZO{!>?FR98W*05T+jx$$}&f(BgA=VqTjcYc2Tyi(JPdp|sX zJSJg>Pib6=E8A<%W3aZHciBo_a3D@jx|9CGjc3q;ktz~Z&2<S(6K6C3`-#Hx*KX zmvC|(E91Hl4aM5c2jB#PI10g83Ha$Z3Z+cCgD3)M!tzMGk!ub8m79Tz;9!w}+d;_4 z8$4vppcLvvP?TltjZ`+H%lBQ**Eg6N6Wd3jn6d|lEoshp+M3DBY$2ZesE>{xg>7}W zt5dPnCSK2OX?^YqsGr8V({5nAva)~Lk@<5bHj{EBg2Ymwe;!F^mn^15r#}!7WUA*G zx{CJns@-;?jk@dM`LiW)Hg(CLOlESY(9$e6K7fL>6BSQz%3eqdUZ+GUloEXuT(X^~ zJ@blxIwRBV^%?^|iVs8Lx(GKMcVtEV;oC#>ok0`m3z9V>0{O@Yf z#qM;pbur4&L^#mE$V&k@0ecW(fCLF?C(__kl$i|`l@UW+s7R4Vf{+9V%mEXKi4hG3 z3BEcR6|5LvTN;%Dn24${)iTlXS=#KH;LJ_fEJ0kS_tW@3sbX^ipA}@mup@VLp;6^U zdu;O*=`&=sqZ-YqHJpCJ1|LfqOGxmRn>!R&J_v=TvRw452J$iuXlLBDl0ST(|I++( zr&SZ2w=8B7Q|gG`Oq947G5|Z+8x(~lRR$faR_u`qnLIHnVux+Z5`SwRhM0~fFu{fW z0pYfi;KJjU{FA>JuSYP>YIdzw*B=e`==(1f!vSm=#fjmGk0y-ngRFa5F~-3!&Rmk@ z{+EfHFctvidzBevTK&3`dM*v(dO@ILy*jqfG;Sb>0MO7$LxD=iPhX9o{jEaGtHe-Et~(s0e?vl2 zR~UDOM;e3y@Wq8nZikd4GjIrp@pFfx(w+xKQn}_r%Y0AQbp?6=P=gc}e*}IiSD~%& zK{za%wv_FXmULGXsDeJ?>7_=X306C-G1i|)c~0KLh?`=Rkb%mo7;|U(!SuG8Q4!K(ObU*)>7KNb zqmdAqE)Jw({-SoLY%aJ)_1tHxMo+=2ZN);SzWcAF#Ce10k3kGk#Y~_rb72uMlk`Hr zJ_<&m@$Gg--Bh5`8zHMHaj_eYH6kNc`6~{KhJR-ZFnWitiJ5|6zKR3k)k%y!H%s-s zciW`Ihz?>zeXu0hFzKJ=EAbYc3eOD>cmbf3X`+oNG)3b- z)p!y`JPu$RwE(bD19*8m!w^mbu<|@^sgc51^hL4yH|7PRS2C!FgOnzF*ogTsb1|q5 z?z6&4LO|Ke@(F(^d2?a! z82-K*#hloIS11X|m{(BXAW|})W<_w5;ul)h+keZN)Bji2%1`FQkqcn&p|`<4Ei!4~ zYm;Nnpr|;Ec-;b6fpbo8V0}^@x%I%7;YH@h85rZseU1)9=PH7jVBzaRi=Dua;<_g% z{FT6+9WbA>WZ5C`78bYfG2bdS#3~w3+F6-DjeVT9YdCMAeNs?QC?0=P0p!E!C}=4P zhQfM}I%V7>3~}{*H#S5ik&BV1pD2)h0Jce#esKJ85CH-x;weclsT~`L!d5CnEoUn5 zi6sl1mv5J~DOcnZAKPZ9E+L^46Lx@a6#+-GS+w1*Z^ZjobAPxL@(7}w+6KgfSfllX zo8aFiApcrip=-qOz#ha>)GDO^Uaa;_SuMx(o{|O|;6jDdo6$Q<5AsQ63^{yn9S3ic z*j?-G;XoA{!IJtP9etg}gqZ;JCR8JXJh)K7Y?u;Rarg0qi?9bfBGh{^6Gro}{AWWU zq3( z8^A-h-~2U+6~VaT?*Cayx$;8Tas?T6fU@SD{*(Y|3kp(rRHTj~5K5brT1Fb9s{0i3 z1Ndesb{2=NQvOHPX!!c4y}bjB{HPnea5_i?8)Pi1{v*mrI91S3BRZ9I5@HM|zZ|Ok zRPTG7`}g7Px^3l7OM4`$)U^GqTsr2ZA15CT!g}Os&f1<~6;5XB` zI|pV)`th0`2W5K%iifa}63Rx((oQrMGB}X>%M1ug^D{#I?J!&#m=amO|0`P1R(=Lo zeoC^Zw>KRgF3uJTsJ7rYzcYfP{Wh}YUM0VQnb9rmI1@wHkueP`FI`H+dMkpF7)B6< z%X6x}!ynYsr@hiG*ZlA99&%ICY>ijXYkZ+(sr-Yo2fIKb)VS=8^P9gW0g z;7y$zrCr^1cN5M#X?b`}Qc)4LkJHL0-tjbEg=*|LfjhqQg;<#4ii09ld5q%~_NIqk zn-bySjn#^9dwJi4?ro0{$q~Bm<(R&`wUD>0y9J%-y#f0~lu!lUmnZ56khod6-M5XF zcOaljoh_ym>zMK4A{30g*@R3JJ@T|jc}DAKsHJ-UiV-*&EXiLnFR+1dcFae=)>!Be zi*$KnHg@U{%tKsR)mg!V429Hx820mAj%!lzq~?W^zo$@7oNxX3@XC9)?uDOM!7w5EgK-oiq;UCvZ?xQ}iO}9kOuHIj&pi zgW0-S+xf+jdM~1G+P33ZK?*^A=ZF(cpJwE-==*dSgb0h=D5)B%F(_K@D?Y{Sk^DP& zL&c*dvoIoem;1y+M%h@;XXo!hn1mTyFp+F?=p!T2Zj-Kk1$>$QqTE1C2I9ddOC&43 zQIsJG5S5{DJ!Mg5NW@XfIloc(W)>G+Ts*wfKAJ0wtgARi4`a7z$!|ZRLdFBUtnPJ& zy1HAdn!x7mz?$#EWlqLX4Z+quDuo1&9?LBLY6!XxmMTn|d)PyP=@`b(L_t&Fw`+4k2;i9oX?Wo{y?&wf~1@#S}7e|{Jm(X_+1RQ^Y zjWcm|6H7u5g2R4aN?BwDQ zfOX*Dx?}GwW{n$XCHn0ekJGoHqv56SnuTc$mO~qQPqLjAFh>itOl*TQW<&A9B3lJXHQ%WaT0da(%DP&#g$n=Er+PE1; z>OOO_hD*&h>uPz+kDH%@Po)_>1M*-`{(L+6GT7X$aB5%#fe6W(dv}3ebyN;$ELux zRz64duERZCW^SXlyont1A0z@{@jwM-u>rU*TL@q!zJl$y=U<*o-AdcFnr+MoV|JH+ zJ8<#eCl9_L+Ct%)Ekpc$RbXLmTK0bKb2_y_I9eG&Fb$EfVZcWtDfq%kgWwaxbVoG=ym6xtZ zE26*6yE45N@ocPWE3{%deWBS&b#hBmI#=7uwia$&e%}9G^FhU-`v_j@l3;o6<@B90 zl@$tn8EmSM9~~&l1VpqXu0BDiH~rp5ErJ^Xk&3Z4_bZXF+sx$YCDo7i>Aj{$JiC}J z`X?{ph`WDjhoce!GgOFoy|77M)luNjvyAV2&38uTz?ZF6f#j~sWk%UqcDc4H)DaGG z?N}LQex)ymI&1zdBAmimi4_+G_(~`y$Q<2)a$~a#C$^chzXX?Vra0ekCZ;!+Th3HD zkiS-Q*@OgcMvV6zMDx_v%cbnM=$r>2l@);6JmFV>Vef*W;fc!;)mo!M?u!p!&srxj zO$mu7YV494xTj(d_j5y0u6lA%iWc(qI9<50@*a#=YFunJ??3n~J75u~!3}-X+FOwQ&<)wkL)I&51;;ux++mzg?omGKh4e;SAxW44{dn_7x zdJ^Xua$c{9UfW@d5;^+j9l%&`h{wg9a!PDTYD{x*yu*6JG9^Qwx`qmgT&xL@*>`h? z=sbhny(F6qc#YTs)R;L?LFhq-`v++fjtF(u;WQ|aE*JMa_CyZ{XcxKIJ%Ef2(h*C@rS4W+Pzi?nnfQ(X;mk{>L+nCgmIS% zzTAB%`Tmrh-cmVDGUE(YD+~^(hb=cL+E9u#aR!(a`V+U51*TDLfIsTSN8z*5JZi~0 z>yoD2RQk+^rFQ$9iE}%v=^GPfxO{Io?{{U{y_=}1@gn-R7wQPV>lnG<<|2ofY6baK z2w8vuc=Ls6tfUmnmp1HnN*guV{+Eb|(vevN`6yMGroTW|jB2IubyX8{EEG`}qt}R} zqM{Z4jRgbhuHjHRgPlVWea{yk%$VIkXNr%2g`#sl z&66D(gZl*=bIRgHuUddT=HmNh5+(f1u@g63Afk(q93zId>7Fm>b0nUM814+#K4qka zZ&Z?a{csk)Bzv;a_xS=-p|rXs$9o81DUoa@>!Ae z#KZAiI2wANi1P3nA!s9z#i;V|XzPIdioC0{V7>KzN>Xf5j_8;;zF$l{4>%K=g#0Aa z;NDlb&T63)3xRZc?iuUG#rr{D{;-C-JVG@bc+5{J^^ifYpWbFNX3={mQzI{h8l)iNpMsWEs$f5^;nNeoHlr^yIu6EX1p1q>d@g>Iaa+pJr6Q!ankEuCv>)_ z9mMvap^LA6kWj)U3U@8SM1BfSef?$3QZK_4t86R8S!3^hwocaL5Q3wr>lmW{6H`n# zZh}Fp1DWx1)-!2kV$M75V!{OCIq?zxaPF2&<;xdaf6XjWZhvNBfFZI-t)4Fmnh19@)ZkF`(j58l6!w;%d4^}sbVw-mb2qeml{lKqi?VRmD|*guC} zy*Wqz^h5_f{;SOTfh=5e=CSQX)HGlzzO>a2g9)MxKxaY@g0LS^a&>k*p~-NXS%&fB z)7@{bi{v7=8B+tkIx_2-CnaH$NaJ?~5tm*=B_w8?gQ7r>i)AUK6j@qxeSBk3<4;LO zobVB~oE)M!V$Mfy-*G5`8%Bqh@0g}vNLF6-5+lgRk>=9$)6`?${_R$T;pa$NQQxF3 zcQW$KL^)(%zn5_#fd`PZU9d3`s@ODzZ$X{Z z0;U-K={4Nqx44u*{?X>YnS6nj!aK zSrw;+qDB7vDVkfNHM|8Yh!_d?p8C%r+gEBc1WpEilYl#&JvUIBiro@`)%nd|7gjKS zKD$wWY4oI>)|R0v@qs{&<@s0inB4B?N`pt?FEc{(E=gIil_VCbW6*fa%7OE0X9#6L zj_9Y?oo^PYZwFplmRwm=10AvLj@bNlUedd1>utcN>vF}C2Yx50l%l1p@P)1;)Y>(c zfdfC%w@m*w(G;;=xO4>hcYXC=aPsnI#Fd62OOepP$>>GwDQiI&(TvW79e4lA$e%Cj z2x8L}kbRpDMtHC^xic~$h{fRP;pH~|noeOVKm)d|?7*am?zwpjg*5|#*sEb~?vyZZ zmf|S0Q#XDG-EXss(~5`FdRewB-NM5J<1KPIvr<;5Y9pQ4AF7b*+tY zFt|wWP#ZT0f||>K$d@`y-I};WFziy|vtjdjFv|wwI=DgVMbnUO5g-~<76#ude>{6w zkg_$(#}zs7^eLmRoI;~A4PT=|H!s( zHq9}U73;mFj9vH3^BGc$en`NRu=Iz6qP`kG9j;Uz{ywv}qMy=rP(_dS^Uu3fi!!;_ zjioh-{8?O~O&(BBYKFrK3jkLz*%wc`R=3p6Mn(r zy05xjo>@38{2;z|t@mq~LHB_}d=?86RgflkqP98-`OL4c#8e7Oj|u&7`b-?d?$+q2 z@)Ygia;kNazqv$@eNDt^6OyfiBKH&Rd_^}nXEMKB-_%4z6L7WYM{i13g6V_((#znB zy@J+FWYoXDx;?n_qcfQ$B4j(uSn?8uRA+gkVd&PBDT>AoCCWpuMApU59~BBNpaEaH zt#34PXw8+*sXN)M$rZ8Annf^KwP z5X?toTmy}5EccWm$*bGZ9vUX`5zPk2d6Y;qt!xD3;ToCT$VG}ntf%VpLYme}&j-2z zzL?$9bqjn)SCAJ81nG!i?@>@dQSL?aPfbevG}{2s_6fX%-olf^EI?^}s7@WreuwEzBAPlA{{Z)yq0*IPmXewwy0D@aE6NugXyuWrD6z4|j7w7q!xi(frDK2O;tb%ijQV?JL zwON*+!DFcI$L6_gq%}P|aoPTqWxeJd<^7!kJmqkjyzpZ==pN?cQ2doybr3pHJw^l; zSysE3@drLiz1Ii>BKn{^*4+jq(oZMaFEW-KvxzoBC_6o|?JyXr61}N#CNB9kWBiQ- zPzOI6N|I)}-Uzyg2^8xYGU|d5*{gohXyMVCty&jw(p$XqM=;W>yR4}rZpfWeJ5U4% zk-{#I&@+P9?GFLUFK#33SrDLDnjfJ&KabVzf>EjsV@2%Ks|+$wiV+Ji)QN>WD(#PV zJhgjm@0GFtSRVJYWQwIY*=M?HnWCLDN5aw>=r}$=(XDpDt*+rmel_MIX`q*ir}Y;e zJ!BA>BLl^P;M0enhWN+riQxJ9?K=7!RXp1q8((wnxr?&hV~kKP zA}l>!54ZTfVoa;@D(P6zS7@eFZ-(sdqxCvaanSiYI@qPnIb0bq?rUr&#*cpBa9ocS zH!f;wQ?LM4kbMET)zC(u6#O$1jxva+!{;YRUpqgK#XRp18Lo3VaT-VVp;RuP5FJY& zOlhTMeRTOTetB)UVLg+NchpsD{MG7C3VXgz7JrV(BP6!)Ue`FTLcV`;#Aby}h_{24 zJfeRa!9G1aX+F&F!>()rTy3sG!`{^DO35s$Ga(U^(xz!}Dy!ixxR?|X%Ec*e>c$OG zGuM1G$&sRaA_+!<-V5Rg=@rFC%IyQ4IGcL0OMyOzQg`d92C*w`Z?iC|H#`s?i}Q1H zJVrC{uy^_>Je`ndLOtV%^KJXqW~<|wt2Y;!cVS=G@jJE})^NE=|Db44E<-IkCJ_`S zCC7zgf3{ALc)3}7HR}tsf3;M3gJzjJWn47;O?JGt4l3;8Aem%$RjshlZniYJ*1Xb2`Z?tw&4CdnyA*(R%si+g>-Y~0~r!u zH(}62!(7GU8$2&Xj2Zos?P?Rnxd6({gy^|GPdg1xZKXyo_X=w z8J_yC8th7|Wntz|R50x>&!$Jg=Q&r&pp!J>%C10G4Rq-$WAvwJARPpXHyM!T`!Ex; zl7hgyAlyOHH%gW>%HoQHqPi>RIqQ7#bGK@9pe)z@6z;zlBsYdjEao+y z#H9?_zV>x;vLJ7KgZA^BQncYJ2dmSF<*68V62vM83FoVmRQ>)>kwA)4)DicK#zfrc z15jd!Z74&z;c%eF5luKk)GLX?{EY;$h#35CtM-jaCK0(uBwD6JgOj`;up03^8Zx?@ z`)jw4p(;y{m!s34uRSzf7dL(h`i|>y6QToe=C+`-M<>s#yvi!*Q4^jN$ies>s58^t zF;14^VvU#)-CQS-nvcy*(VRU=e6rt*jq$FX2Z!|sG^X^&gfSUzMSsx=eW6+-`$O|X z3K}{}cmjPCJ(@Vh;8m%l$g1qEW=J;UNsb!Hhl_!9+m|Cw;3_Y8WaLW)_4f1h`2yhX zZ7^2y`&3H$SoGrZF@)fw+VOV-FTZc6KEG4BFZbIiZ>9z}^1QESyB1b!IN2rnKzL;G zZLqjlu2z;ckvgr4y%ql9Pe>)`y>f za8RpbJW>puUjeKJ!kv*z>d}WUg0VV|iQ=7O88xqBLstiNsDhPXC?OUch``JP|tvc$J4*U%s`H`Ky}2qR3c{M98t{4>Cfjb~N= z!tZp03aP2r8fY+GQoK+R!`#@+Mi?ZpyECi26EHDWv7(}cYxSoXIJ-j<48sHxP{3t& z>0MHsXGva!q)8jjCGdlba+-DJ!sk)JXq&Rw^E8R^a-P17m7kz~iwKb)m=Geup*1tj;L!=Ul?v^9OledjTx7-hY3tmrH zAon~^E)*v!TM}~Bcwb-U~9b6jOl{A=pR3NeHO+ge50zo;aMaWi)c7V zlKFP&ImiJ{u3TFJ&ug~cmUCXn7P1DOgF^LVxsQj^T-vTvR*NFd*DJ~WKR%g8RP=KN zqmP;hL*|U_Lm6h`)>_`;GG-3U>@oeyIDjndu%t&{ux3NOU8gK1S>)Yo6G;hfkD*wj zEGg{Cp*<=2%FojUE9eWNouAO=F}EiveSbf{Vc`4DYLKX-&FlKYZL43PB1*z;7-5!bD@@_92?B__fc zKW;0&joM;F?@Co(l{z{&7GOhp+@U_GXAsnC8axL|Q%`x@?B!gDb!d&SL z`p0<+Q3Jqr0bg%Df)!r2UdNG??h&Oc*|DrCu*8GV#oNrDN8@9kkGqoFxrv^f^^c=< zmcT<{!PlITXjM}-WQ;rw{%~k^WKGgOTyz_YVV?$;%HA~IH6>3TQZwgJ)QueHRN+5~ zWpqD^AV7ZjHKVp4A=f$%(*h^+3k>gs#AQ(^sB8BzkOT{NNwoxfSr-2kiD-Jk6hymz z8CFukDKz99xqaz*GSFY1$bF$)o{05P|8`VBs*+_M$|}dgjg|=JiMyDjr&iNQFiuR3 zJn`V31C0pahs{475@K5T*632nHWWS$zQ@^5>$pX_@!egD%KBe1Vp?T^S>TlaYjP=w zc|9)kgAf)nj@X+UiMY@21G5+c4nMYsF`LnM8GnBKuJiO7<_IsH!}nb_f`1KEMelK zPM@A0RY<2TPer?47R~Z3E1{;WY6BYqyBT*0Ppz9Ja47n>`55fxc;RX8#@kWV@%m<0 za;xnV?bKK-|IVZB)tab^_g%*IdI(W&yogpIQ4meIQaKkaJx0&1RGg`c)xzh;Bg_nf z;F7*d9PJk+?b5|0CX=>epd;>W!9bu|ynr5hG$=-$e#t%t$adUyl-~FGQ7+rg`rRnb zZ*^?gGUWqaRgkZLc62}egm~Nn368KFsM4Bm&;4^@Q+{60f`S5!UJkqbTIkDXw3QZ3 zcT>L-`e}r8x^m%9KkNd}6PSD2b4lRwDqE(<3InP$KKiW;TWxY zKz7rPS!~dHYasJ`(-k3(y*G$MlelrT+L)?f35$hJJ}IP1o1>#G>*t8h`SLv6#c;TJ=%!bs}F+71vNRUlx4N{267sA&&ie#TqK33Q_;Ft z1930g{-6cPw$JCQjDXu%*c`!|t_kVbLYU5wy2>ImPQb2B&B5?NXi=RDz&!2y(43eN zbxlR@(@GiYk!~p!3??Le-FKYJ@@T%APp&p7%ne^F#8Wx%vVA^9OO>gJQA0%VM*vzY>KvTF$!XIY!#M%! z&JCgmD3F;@3x%KALG9#}msIxLW8}WlW5ZyPn<}BSljx(QV1A+FCWBg?!|zlY*2zM+ z3Otz+r~ygO5u=`b1XGvTX#LHQvWWV;aDrV3%w&W!qTUC?b)@PAy&1&h7?7elrCSUx zha&4P7iQwvF{=eNnj3xNp@E_j{tQw??z5brPbYyL5|L0b)KzyJ7lJGj!7tY7Xmw-% z#GK+~8Zd=FY0ijctXPcjPQF18#!m(d(4Gm8UC^r&U?ZpD1G*0CYoXItg~Uw=GgH?q z1&lI3<|!SF!m*H+!Lo!av(u+J14BeSOq#vLe+jI=Ar+L|2P@nn$`#FymHxD2>0!1q z{`_19zmoNa$ZIvV;XHPk9RKc2A74VHP$(^z24$3I1kY0RfK9}><;jv|JEozB~w*X_VtTc)e&0*0zNWI|C$HJNpCsxjl zGBqW-L3Az|azyaG4m)&o0%-U^ZrcSuhhnw|`~EA(;|hbv=QE2QgOCR3RZ)nM&KGS< z$P#I781An;d=!*2e}3Y|ulingT9``m|5@6b8JdtBW{{``)K`Wql5VOGQj zBj4N zc&i;oAPbfd;CV6AoaQG8=h*Hgaaw7L2M@-;>(ZC7i~=Rdo4(AhtKqrJpWdl%=Ck{K zosTajamHARbpRo^j@C2u4^N#o4CeZH)KVjeqND8v&uI4TgjRY0fBkTsEto4@|5CkS z09q=GBO3Ux9+vwwo20^4UL9V%+Dt^qVT4_Gw*`L_PL{Ltbk`==(yvw7%hC7eMGakW zaF`u4L)MCTxOl}KtdaJd4!AXY4XxD+mE6kf5md};@r%szJdfXs=c`BDD7dr>kr57^ zF^f&nD|%4XQ49j&qp=Lt<Ukdv!1lA8i1Xv>K1X|mviG@NFMXyXDL?Z~MS60pHW8eYMsIyq|- z-NQyjby1=~HrC+hhx%>Ncj6Jg)iJe!@<_D4425N5lfF7)ha?0tU>})a9dN}aC?OO0 zGZV8)la9`D2%zXZF5>tl-lefXL(EBi*@jgralnypyT9uU(qBe*Kv8fMx=`p%WkVl^Kz;EkxbxoR96}2ZZm0yVWusSV+fPDmYqeY zzI&2sO?!hrd(K^?ICN&M~3oiPmk%hu2nHbl+@+_JuPdK8G zS@orK5Lw0}_*R$-1O_sCQGM!F5tY6c@(u_!bf)q}Y{&D^YIY^cZx4Ad-ft z%%F#K2^@FQHuGg6e$yNmQ5Alk8JhLVRF?83i(&}lIP}IPJFb)L3^$7I!S3;Ejn&}h zq1X0Yvq8nrH1BpzE88EfKq_Y`QF!)9nHm;CaQ*}k(uIA4M*I8Xdug)@N;J_rHq$@ zk49Kp8^MNSj%5=*09*}LgU0f}5TQj*)MbYq)@X&rWRLb&u>w_t*1&}@flC8T0#R0G za<{d$R8Z8r#x?5a^P=+f>~9@gv%z5)GM1;4E9P*bC}=OR&la`{HU{gFP!l50BUShJ z4XMC6wr3ut$g7N}3zufL^0`H_juw`%iKcPW0fEiEW zMsEIRBPN%s+-p0fN5UX%Kt=>;Arop;(f<>nAYR|NG`u}l2sSxVw9R0JNR5voJkmiH z&>5{+U2{txKI=Te&gzuUHVgB)uOkOX`(($$wd>cU8@4=@H8yhj9g7X;lw*Rmej`#1 z6f)F^)F}7?SSY0sIVmPXWNKxhlu0EnHUZn<1n=WoNwu{o6swt&$bw90JpC%p8J?pl zV9KF#K`&V&97YkwP$lG1j*0-EqS)dxIp**s>GD^eo$=_fIb8=tG}9?yR}G|VZ~ra6 zk>OyS&&Y{O7^yD`{I5U5cwRN+)cVPpk0@`)~amOWm=S+E=U zM8SXMNVP(!$%3L?X+YNNOaK5MlSxEDRBI$!X%x(ilVEbDK`SR0^trEyh!Gmfi}wNo z2*l`K@>`Mg;Q2>nTY4W$+M2oog6RYHV2OWc%dF%Fzx_t~*p^2!ejp{wxeJP@I;8LP zD1kh2M469_cqgE&}iC{&>_GT)Os--=GnZCuOBNtX6!4;dN*Q^d7(u zK#iT)SEj0zhCq#ip$exm3L`71Cq$Tf0?qK_u_W0t&|iL{bl~XtCdhxh)X-qQ1Diym zl}5p|l`+UifKrft7|MRdUPZr3Rs$AqhMs<5M)=2T}&L*lK%Ot&t_!CPdUv_ zjJ_KZaP70;_JJpo_NE!hcdj@;-L!oJ#v<4qL=>wV2Q+I?i?TO+`Y8UUJb9A*H zk@p8mHywPomOTSoW&5LVUH+wX^Nz>xUL@a&*pjMZ5DdV{sX-a&S9OL+jiQirQgW&$ zP!XYZId2ppAs-r;y`rJqNxT>cg13Z3m4XU#nnUG+UYtfaj3NS~V4R{IT@}F6sbLtZ z0%k?g&$+@VK05dnS<;Z6_OdsU1IyygURpW!eKtsqk7w8lsdXmHklwKVTDBs-Jb_{Y z(8o^%DN|KCL$J3QMVMW5qOjvAPOeJIw-Ij*B)ye0S*Uak-nz83^aH18pcKqeREbb( zA6;EQkRCzHszzbbQ+X!jI27#=22gZFokOw};fBbwX3Q)7%iF#vv37IhxFY3b?`uJB z`NQwjzj4`l>9(FtWp*jd#vM-8lP^+EhsBJ>B$Tv}re4caY#}7HIVN`cn}R-dhnG05@{EPD(cjC(jY4*M|TbNm{t zNVp$fGLQD-fXF6{Da$P0qC`9~^moIA9Fxj) z2m>fOqMkg`v{ayH9`cS|E$$nIZ%0ZiPXAEGJ#6RA;9K_T;xMB%xK#>s=@nl~dj_`S zgeE(qRj9*!xs6FEX+BoMH6sf-Y9jR^R+Gp@PBC#qE^Dw#<%Zu=%o<#!StrescOTgB z^xA=;eok-6H=2@;ra|91MF!PbQ4yVE@PMV8l2H`M)a0CCMMSiPNMV_*qNODn8%th% z%(C<)N1t5gSrju`r_0j#OeQ4ebRK|hfi|Xh+rqp{bOV4sI(wQ-L@$!EnmJ|45W8%`yJTf?tZNF#Bc-y zbuv5WB{|3ej;K0dX_cj_7L|a0;6k*E3XuV=mmMK%wiYp^4M9E)giFP-L?ivPSH6uA z8ILCB4A69OJp*Pl?;ri<;OzyUwWLIJwvSP)OQIzxAX0F%4>I=iGB@e2dM;Vf$U(oPL#HmBw zaG2Xma`wbrs&30%AX6wH!)`r^T9kq$;T>s73_3s-T$yVrutlClXhd z>Uk>5X8=id4M{FI=K>7K)65RgEmxNQ3bo`-sC{N!qQa^w0ZMdn00`q<0zY_{Gu}|S z%;&t3Ak=T&`;^>R?ts+TXpxU1zyl;(JnkvM59sO4XO9BP57XuaW8t5`#-Nxf$qEHq z$9Ei69f@-5`Z?Fdk zy_Iloh}5!3LsDr#NuSDNrE9>e6WJUYF!4}qHaa?zjEoFrL&Jl~z)&Bqe(b8zm!W@G z>Ko|A;^EN-oEVf2jtn4AsNy&)f?XNefD8gY6QHWuf36I_XDtbzG4Eg3hxVXGq;d)xK)`yz@Gz*FSd zYPB}CW!S#6y!NiE8+rWjbTN>jvHoN(X0+~j`1;a4kKSH>_S0V=8(X`FO0i0c)HEsF zUSt%S-!kf1+Ro>Z0p^UY~KEO^2C-6$%f4jCl5Y$cd}v21HSgzmy+NM zTdfdgzKUE(!xuGlddo!q!SjyD4w!Rb#^csz&zPHZcg-&2%(}FzqnlH;2|k2MIZexT zM`}DY7}Nd3&Z~0AC=%l2Kgc%GHVUmsx^>4UiL_^`FfY@>^$qt*Ij&gyqvVJKk6~A< zdMmOMCElY(!Te~Am>_Re$jVsFT|%Az!-{`Dc_ZI{;PM87T9I9N!P=%|MS?y<_VcEO z#wEjP2``Tt8aUm_)UjQCHaOIu?daPshJa5ulZQ6mm)!oq4WS_fH7k+x@7i$aBE+y_ zLW+5!Qy#im{B;Ghbx?{YPcAe9>|nV{i?GTdlH2F=tFQi%o`n5pT*4dtI9=dnUv|iX z!;=H%E>7mnT$s&*5zXkFm2|Xprd-`xYQ%vp%pZ&fM<&U@903s}zxbhn-Sf!p$$gLA zQJUE{Pd-2j(%R=iu3(li-*{Jc z7IGFQG>{~jHS0b>pxO8d_Obmax;&+xzOCggJ2oYcZGI$q;L*F2TkpF*dGHB&ZxR_o zd-DuFrKQVdj>Q^EMzE%7WDNe8Y<(GIX7_^9vSB4MwiT6CsvZ>{ zx1_kjgr(j;>)_{SPhWgwvKU82&!4p@!A>VQ)36(78McYhI0o4A{TtV3Utax5DL0LB zI=Z1zIjb;TbHioXVT+!{ErO!^JlQhuQNu9LtqHR-Nir)ZYeG*bX)HI0fy~-wUVSh! zQ~+W0HnP%Ro%)_T?tSFWBYt|f6M@9gl!N8!`cAw2kG$zIK}?t4aIi-XP)>T?6ix%RI= zbMgyN|IvZ5Ut5AC?B8c6o_Jy-B54#q!Sy~l@Ud++o+Di4I)l)c)bcUx>_9ytP{(S(LWqv0-#95O$9rluSv2@lB~9x zSqX5<2L^hx@htg1iNo#{!;yg?%ol{|ZTGLe4*t!!o?~(BW=(rXeT|L}$u;c@Tcd!S z;e$)ByKPN&;Jiao7t!aKQjMGv@uZu8DN3zTLPQy1<2Y8j5w9GsUUBZpcdlHCl_e|9 zG1$sn)VWln`L-nzZ7D0?_T%{T!vaqGz%r`IHOq@<>z z)?`r9nnaU{R6#yXnZ1JbUqtqW8!oJ92#O5EE;C8K10MFp`0l}rM4;}bvj)tq=8h+D z>Gjy$0j|pZCt5F(O~Or*T*>I~lB+HVA4fG{_NsRqW^H8ran1$jaQq#)A_HNIK}&i7 z*H3ZLsnM8F{dd}HfE&$m5@Xex3$VGv;C?yfsPj0t2n*o-s||%7FBM-TIZFdr1WdJ zNs`r&5JXK$Sk}PreXxtgS1Cc4TLsbttY#qE)LaItTXAt*Qg1~>W&6tyKd3TG;V-)U z3-~N|OR&K}&Gas zm|QIbVZ0i|mjQD-qp`udH{CTbINFO=WI^)B z^;f2kY`RaTeC^wISN(RmE^9sBWkI|f)r4_s7b~^X(&yiI-ts|yR$Hs}prnZmgfwap zp98F|$ZjbHh1cD_p#gq60GIv|XN%yIP%dJWYPid}*Sfsh1XZh=nQ1)+dp67%>tc^6 zDS9!O&&Fg7L|YNATKv2fP_tReCsGgZ>l#RtzLD*6w#d)__?`6e?HjTD1pE0;Fczs= zYBh>#b-5~IQG^OBiVJZmmbJGb&*`U@pLYUU4~#v6W$htl2v5d9NUyEPX92UjRUeB` zEBlSZJP#Hy+TA6wm~|bdIB}ZHRGil1sc}_FVamcdbJc|X7Ve$-&<+_YOf>e;gePkt z+KTW~x=&hWH5!#w_oulAb_{Nj68_-o|4VoDZ^Nh56SN{zuE(_$ICWvlfyyfjF7dVO zN0;M;;AF-gnv=;I2^n655`|3@o$YB`@M zH}&|vUITW@H@W8K%Vo+}cA3-~ss1jNLWNANY87#Dh6-=Hv7}^-hVp)st))|`^OKsz z3X98Dghs+uzCX0^q^%M3b+?aefK$G++UF;0?_QH`*!-X!tg{Ect4^!<-PPpxh20Jk(FMrOd8J^OzGbR@RPV88HrtYT1CB&t% z_LhzY?Be-OY({-8r*;3~+&53zKz61DVd-?h{-1!k1xRy%16X&{R|DK$c0B2Bo5Lce z>mR-qTgK|T)>@@zt({Ue7wSoKDWOSXw5_EbUkmp9;;+v=`5UXwT-C7R!X-O36xdk< zVK#KY{tl}ahE4V?qV7#!4fGA|kiuPk)6bK^p@EG1DpxFppIQ|cd2v0TK!3%=+-J85 z`#ujfW~H+ykT7BN&Kd{>vlU^>aTBhO;-cFrD>bb3-+f5~+;neN`vP>c)}@bZz8`~i z^t$EEdU36tsBFqL5uL=>CLV8V>EK)bcfb8}CqK-t72kbKN^Swst{4c#(ID8qei9eY zRiMGtjRZ>AAKWpE!K5J^F)_P8VLN^IwRK$_?)=q9C`hykcp7PaQ=~`)i zcGW*nH6_9>Dc>Ty%85`sXV?{i+@8TCH4}?s7fcT~o8n2nXpLj~syO zg}6p=?JoHcRd;)%2KZgbI8NFc85zl*|BMr`L3kri2SZlb^PYm6nnC0Rk9M|o;{crg zkDYVwDgR63*x6aDyx`r@f~ZU#2)z@CwYciz5!K8z_PMulciY_LmIwZjZrJkBq&~@Y z>Y!2R<&aYbIPPf1Zv8)paeTt8wOXRDA*L)W&#*fUghkaB<8^>J56G^U8Vb~mtE*nSFaP5WI9G6Fba*^%Xn4(vm9HJ( z?uff%+!1DRcN++0bMBAbtKZ=IYg}|Rklkk0BC-Cn*JwbO!4HoOrVl@HpDcryamemB z3R7k~$ieyb3Em36{_OvJ)g3EWu4-O3#f6BIQJ{8-CPOsDi%(ygWy+1YQ_Yw9N( z?ZS*z|8UP|vGLm%R-#+AyJoD4lHHRA5_YNn5{dr;SKUa8?!q*{ajJJ#`#hE;-LUBa zIrF~goyaa0b)=)Mn=@A5Jm<5o`A5!JeQf24dvp?LPZ|hy!Lf&St4;xYEv~weKnc^) z@q}YK9+!<%lF<{|oxQAVq_b@XjpIj{&gBDF+(i3YDc#Qcd)h#lFIu=73CALQnOHXx zC}Fy}!4d9Kn6E}7+0laV0lY`ulVKn%fDYO@ z1~~!OEx77N0wqi*He4TSljA!sZ1 z&w%g6^%Y!fT{x-E)xdSP4{3le4C%0UZ^|7F@s*!!d_BQCkrA%S#j$8*?A-W<73ZG% z1HK{WOTaz-o?{}_YUP}WZcoOuOU14hjrFUzmg3?j*))#&(iA9RUvlG_>0&*;?NPic z93PiKdzF!;t^D#m2aMy9Qkp)O#$mn&TsHPp8wd5iHy8->K^0Q79EV(u>sh$M{kH1k z5-4P!aMl>G`yy5qmTT3o@iKPU;$R%#b6h^!)$**r{_M%Oa#il0Tw66&9X{1vtbBgi zVzA}dfNKe^3viu-i>}_~GJ4o2e(_GE`VmxFGK!-Unz&U^|Gc{q6I8zvgcMYyiPbuq3N;nMEd-kNu0aX)svYq&!g zPw*T=-m8*XvzU%z>)s~rwvIJbKW}Mndh1{P$4Of_-T)rm>z&`+ZBJ@@Z?0r&2<&p* zhl|ToK89;0F6LXiV>|t-7BcE?H*27jHezaWELkvXaf!!8V;oXWvUI$ywXJDjcwnq| zpy$0SK6i>7qPaVFAKA^taN_pHE|$xj1+>dWL-;tZ=i|B&S2Hf+7+-gLi3S>AAavaw zvw3#NC_bVpb+&ai4Gs@niFYK=q;Z(Vh8a$J+PMv-pUk4}%`Hf%2kmmvC~m;TZ#qAO z>l3)x!f*zR#-d{vfOYp&Xh8Pp9ZSY$cFoPY+Gk>kdT$@PRR6HzbFblqOS1CJRn1sW zHIl4;DsngVH1`z)VaeF#Vz-KUra}BWu1j$J7p_0SMW?OJzR)t798a&`al8%ZK)h*Q z_W{Z1*vLiYfr0nG^ZYZO;9K#dZaXR!Vhr2%rM%4`Hf4DdEKjk6UVWJ!gc@2)d0Ix+O49|ybsqFTxt-!X}ozFuKT-J7tS!O zjvs>mc3k3Cp187+3k_|s?mdMX2)l~hO_|-Veq3r0bwlyGP@U|GpEnFXls<@yTRhRF zC!Tm>cux$r{`-__Am8m;h}?V@SKd%Ke%Y1Eu|M-tcO2)b4tP%GCveFY@9^o^o#MTy zyS-EcY|_I%FAaq)%4S@8V|kN#)yFAbC#svgPaUxZ4j(KJBFs+{X5ms-Hw@LpKH}#M zg-^Nn;<^)8SPAksKaAU-VHyN=6YAiP2%m+E)9vc&hM}6+NBz8^u=(e#*H3VT19LVr4U!&o*g zYiJbI#f`Y$k83e5b$qyR@LeBcs79u#&zr2%!&=0b0r(=W`*4NELYQ3*j#=`RC{MR9 zgjoh1gXQyk2jV`Bi#yJQj{4%Y-?{z$Nx)WxhQbP?j$MbB;Cd~tlW`r5D|CG7@}i^u zC}VHcBlD?708q*r=9TeWy7O~fKgM+(E_I}%QP7~Yyc)OP_@T1)n?hG9s6HXt+u0wH!vpNVm$BLGJimT4)>qQ2| z6V}SEaFMUPYLKMKJ8qVH4=%P6*WltT6uVLEGOD8-8U^#IdDXc6-Vbleey@xI1yDb% zfV@~~^Q{Zx55aXLF19r6jvayPU|c*4K;J9_+@p>&O`CAtkBbJty^n9j#n$05TzRLh zCCgMdioAA$aNR%xWlRDL4Tcq~S~sK>ar1F4!gZka*)>~$Yc4LnlbK + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 345594d7f51cb7226562ed4a32ef962ce7a61188 Mon Sep 17 00:00:00 2001 From: Sadman Anik Date: Fri, 7 Feb 2025 14:47:21 +0600 Subject: [PATCH 34/35] Updated actions/checkout v3 to v4 --- code-scanning/black-duck-security-scan-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/black-duck-security-scan-ci.yml b/code-scanning/black-duck-security-scan-ci.yml index a777a04..2b47330 100644 --- a/code-scanning/black-duck-security-scan-ci.yml +++ b/code-scanning/black-duck-security-scan-ci.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Black Duck SCA scan uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9 with: From fcdc1287fc1cf0705620c88aebe7ed39f30648de Mon Sep 17 00:00:00 2001 From: Sadman Anik Date: Mon, 10 Feb 2025 11:43:15 +0600 Subject: [PATCH 35/35] Fixed Linting Issues --- code-scanning/black-duck-security-scan-ci.yml | 10 +++---- ...lack-duck-security-scan-ci.properties.json | 28 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/code-scanning/black-duck-security-scan-ci.yml b/code-scanning/black-duck-security-scan-ci.yml index 2b47330..c6a132b 100644 --- a/code-scanning/black-duck-security-scan-ci.yml +++ b/code-scanning/black-duck-security-scan-ci.yml @@ -3,7 +3,7 @@ # separate terms of service, privacy policy, and support # documentation. -# Black Duck Security Action allows you to integrate Static Analysis Security Testing (SAST) and Software Composition Analysis (SCA) into your CI/CD pipelines. +# Black Duck Security Action allows you to integrate Static Analysis Security Testing (SAST) and Software Composition Analysis (SCA) into your CI/CD pipelines. # For more information about configuring your workflow, # read our documentation at https://github.com/blackduck-inc/black-duck-security-scan @@ -17,7 +17,7 @@ on: branches: [ $default-branch ] schedule: - cron: $cron-weekly - + jobs: build: runs-on: ubuntu-latest @@ -31,7 +31,7 @@ jobs: - name: Checkout source uses: actions/checkout@v4 - name: Black Duck SCA scan - uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9 + uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9 with: ### ---------- BLACKDUCK SCA SCANNING: REQUIRED FIELDS ---------- blackducksca_url: ${{ vars.BLACKDUCKSCA_URL }} @@ -46,9 +46,9 @@ jobs: polaris_server_url: ${{ vars.POLARIS_SERVER_URL }} polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }} polaris_assessment_types: "SCA,SAST" - + ### ---------- SRM SCANNING: REQUIRED FIELDS ---------- srm_url: ${{ vars.SRM_URL }} srm_apikey: ${{ secrets.SRM_API_KEY }} srm_assessment_types: "SCA,SAST" - + diff --git a/code-scanning/properties/black-duck-security-scan-ci.properties.json b/code-scanning/properties/black-duck-security-scan-ci.properties.json index 277ca27..3e196fd 100644 --- a/code-scanning/properties/black-duck-security-scan-ci.properties.json +++ b/code-scanning/properties/black-duck-security-scan-ci.properties.json @@ -2,21 +2,21 @@ "name": "Black Duck Security Scan Workflow", "creator": "Black Duck Software, Inc.", "description": "The Black Duck Security Scan GitHub Action allows you to configure your pipeline to run Black Duck Security Scan and take action on the security results", - "iconName": "black-duck.svg", + "iconName": "black-duck", "categories": [ - "Code Scanning", - "C", - "C++", - "C#", - "Go", - "Java", - "JavaScript", - "Ruby", - "PHP", - "Swift", - "Kotlin", - "Python", - "VB.NET", + "Code Scanning", + "C", + "C++", + "C#", + "Go", + "Java", + "JavaScript", + "Ruby", + "PHP", + "Swift", + "Kotlin", + "Python", + "VB.NET", "Objective C" ] }