Merge branch 'main' into veracode_workflow

This commit is contained in:
Ana Armas Romero
2021-12-07 11:50:58 +01:00
committed by GitHub
14 changed files with 295 additions and 29 deletions
+2 -3
View File
@@ -12,9 +12,8 @@ env:
jobs:
build:
# The CMake configure and build commands are platform agnostic and should work equally
# well on Windows or Mac. You can convert this to a matrix build if you need
# cross-platform coverage.
# The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
# You can convert this to a matrix build if you need cross-platform coverage.
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
runs-on: ubuntu-latest
+30
View File
@@ -29,11 +29,24 @@ jobs:
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
@@ -55,9 +68,26 @@ jobs:
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# Sign the resulting Docker image digest except on PRs and private repos
# The keyless signing process records signatures on the Rekor public
# transparency log, so signing is disabled for private repos by default
# to avoid leaking private data. If you wish to sign things anyways,
# then this check can be removed and --force can be added to the cosign
# command below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' && !github.event.repository.private }}
env:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance, and records it to the
# sigstore community Rekor transparency log.
run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+10 -2
View File
@@ -1,3 +1,7 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
@@ -26,12 +30,16 @@ jobs:
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Build with Gradle
run: gradle build
uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
with:
arguments: build
# The USERNAME and TOKEN need to correspond to the credentials environment variables used in
# the publishing section of your build.gradle
- name: Publish to GitHub Packages
run: gradle publish
uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
with:
arguments: publish
env:
USERNAME: ${{ github.actor }}
TOKEN: ${{ secrets.GITHUB_TOKEN }}
+7 -4
View File
@@ -1,3 +1,7 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
@@ -21,8 +25,7 @@ jobs:
with:
java-version: '11'
distribution: 'adopt'
cache: gradle
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Build with Gradle
run: ./gradlew build
uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
with:
arguments: build
+36
View File
@@ -0,0 +1,36 @@
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
name: Node.js Package
on:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 16
- run: npm ci
- run: npm test
publish-gpr:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 16
registry-url: $registry-url(npm)
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+2 -19
View File
@@ -14,7 +14,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 14
node-version: 16
- run: npm ci
- run: npm test
@@ -25,26 +25,9 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 14
node-version: 16
registry-url: https://registry.npmjs.org/
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
publish-gpr:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 14
registry-url: $registry-url(npm)
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
@@ -0,0 +1,6 @@
{
"name": "Publish Node.js Package to GitHub Packages",
"description": "Publishes a Node.js package to GitHub Packages.",
"iconName": "node-package-transparent",
"categories": ["Continuous integration", "JavaScript", "npm"]
}
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "Publish Node.js Package",
"description": "Publishes a Node.js package to npm and GitHub Packages.",
"description": "Publishes a Node.js package to npm.",
"iconName": "node-package-transparent",
"categories": ["Continuous integration", "JavaScript", "npm"]
}
+64
View File
@@ -0,0 +1,64 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# APIsec addresses the critical need to secure APIs before they reach production.
# APIsec provides the industrys only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.
# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
# How to Get Started with APIsec.ai
# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
#
# 2. Register your account at https://cloud.fxlabs.io/#/signup .
#
# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
#
# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
#
# apisec-run-scan
#
# This action triggers the on-demand scans for projects registered in APIsec.
# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings.
# Else you can view the scan results from the project home page in APIsec Platform.
# The link to view the scan results is also displayed on the console on successful completion of action.
# This is a starter workflow to help you get started with APIsec-Scan Actions
name: APIsec
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the $default-branch branch
# Customize trigger events based on your DevSecOps processes.
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
Trigger APIsec scan:
runs-on: ubuntu-latest
steps:
- name: APIsec scan
uses: apisec-inc/apisec-run-scan@f62d0c6fae8a80f97b091a323befdb56e6ad9993
with:
# The APIsec username with which the scans will be executed
apisec-username: ${{ secrets.apisec_username }}
# The Password of the APIsec user with which the scans will be executed
apisec-password: ${{ secrets.apisec_password}}
# The name of the project for security scan
apisec-project: "VAmPI"
# The name of the sarif format result file The file is written only if this property is provided.
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ./apisec-results.sarif
+36
View File
@@ -0,0 +1,36 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: pmd
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
pmd-code-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
cache: maven
- name: Run PMD
id: pmd
uses: pmd/pmd-github-action@7ed79622882840855e297f090460face22328ece
with:
rulesets: 'rulesets/java/quickstart.xml'
sourcePath: 'src/main/java'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: pmd-report.sarif
@@ -0,0 +1,24 @@
{
"name": "APIsec Scan",
"creator": "APIsec",
"description": "APIsec addresses the critical need to secure APIs before they reach production. APIsec provides the industrys only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs. Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.",
"iconName": "apisec",
"categories": [
"Code Scanning",
"C",
"C#",
"C++",
"Go",
"Java",
"JavaScript",
"Kotlin",
"Objective C",
"PHP",
"Python",
"Ruby",
"Rust",
"Scala",
"Swift",
"TypeScript"
]
}
@@ -0,0 +1,19 @@
{
"name": "pmd",
"creator": "pmd",
"description": "PMD is a static source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.",
"iconName": "pmd",
"categories": [
"Code Scanning",
"Java",
"JavaScript",
"Apex",
"Modelica",
"PLSQL",
"Apache Velocity",
"XML",
"XSl",
"Scala",
"Apex"
]
}
+9
View File
@@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="533px" height="617px" viewBox="0 0 533 617" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<title>Fill 11</title>
<g id="Screens" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="Logo-Mark" transform="translate(-484.000000, -442.000000)" fill="#025C7A">
<path d="M746.975832,712.678783 C764.128375,712.678783 778.123597,726.606828 778.123597,743.759372 C778.123597,760.889523 764.128375,774.884745 746.975832,774.884745 C729.823288,774.884745 715.872851,760.889523 715.872851,743.759372 C715.872851,726.606828 729.823288,712.678783 746.975832,712.678783 L746.975832,712.678783 Z M746.707124,442 L484,586.565042 L484,707.618111 C483.977626,778.26599 504.444238,846.876165 543.183012,905.991981 C581.944178,965.063013 636.693485,1011.16887 701.541744,1039.38324 L745.385975,1058.39435 L777.048764,1044.35434 L777.048764,829.90276 C812.76457,817.407826 838.605347,783.707332 838.605347,743.759372 C838.605347,693.264612 797.515376,652.174641 746.975832,652.174641 C696.481072,652.174641 655.391101,693.264612 655.391101,743.759372 C655.391101,783.729725 681.231878,817.430219 716.947684,829.90276 L716.947684,979.39412 C666.945556,955.725401 624.512044,919.091509 594.080834,872.69455 C561.858236,823.498547 544.817654,766.442827 544.817654,707.662896 L544.817654,622.504771 L546.317941,621.676254 L747.132578,511.192376 L748.520904,511.931324 L955.493439,622.706302 L955.493439,704.304043 C955.560616,763.845314 938.161756,821.550412 905.155425,871.127085 C892.526137,890.09341 877.456083,907.805762 860.325931,923.838688 L860.325931,1001.60734 C898.392934,975.408281 930.481178,942.87219 955.762147,904.872364 C995.463792,845.3087 1016.35586,775.937185 1016.26658,704.348827 L1016.26658,586.318726 L746.707124,442 Z" id="Fill-11"></path>
</g>
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.9 KiB

+49
View File
@@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
xml:space="preserve"
enable-background="new 0 0 1600 1200"
viewBox="0 0 567.79999 232.97284"
y="0px"
x="0px"
id="Layer_1"
version="1.1"
width="567.79999"
height="232.97284"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/"><metadata
id="metadata79"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
id="defs77" />
<g
id="g72"
transform="translate(-516,-478.61358)"><g
id="g947"><path
fill="none"
d="m 934.8,558.4 h -24.9 v 79.3 H 936 c 21.4,0 37.1,-16.1 37.1,-39.5 0.1,-23.5 -16.4,-39.8 -38.3,-39.8 z"
id="path4" /><path
fill="#58595b"
d="m 569.6,682.1 c -0.5,-3.1 -1.1,-6.2 -1.1,-9.3 -0.1,-17.6 0,-35.2 -0.2,-52.8 -0.1,-7.3 -1.9,-14.2 -7.1,-19.7 -1.8,-1.9 -3.9,-3.6 -5.9,-5.4 2,-1.8 4.1,-3.5 5.9,-5.4 5.2,-5.5 7,-12.3 7.1,-19.7 0.2,-17.6 0.1,-35.2 0.2,-52.8 0,-3.1 0.6,-6.2 1.1,-9.3 0.6,-4 3.1,-6.3 7,-6.8 h 20.8 v -22.2 h -14.3 c -11.2,-0.5 -22,1 -31.3,9 -7.6,6.6 -10.1,15.5 -10.3,25 -0.4,16.3 -0.1,32.6 -0.3,48.9 0,3.6 -0.4,7.2 -1.3,10.7 -0.1,0.3 -0.2,0.6 -0.3,0.9 -1.2,3.2 -3.2,5.3 -5.6,6.8 -1.2,0.7 -2.6,1.3 -4.1,1.7 -1.3,0.4 -2.4,0.6 -3.2,0.9 -0.8,0.1 -1.5,0.2 -2.2,0.3 H 516 v 11.8 11.8 h 8.5 c 0.7,0.1 1.4,0.1 2.2,0.3 0.8,0.3 1.8,0.6 3.2,0.9 1.5,0.4 2.9,1 4.1,1.7 2.3,1.5 4.4,3.6 5.6,6.8 0.1,0.3 0.2,0.6 0.3,0.9 0.9,3.5 1.3,7.1 1.3,10.7 0.2,16.3 -0.1,32.6 0.3,48.9 0.2,9.5 2.8,18.4 10.3,25 9.3,8.1 20.1,9.5 31.3,9 h 14.3 v -22.2 h -20.8 c -3.8,-0.1 -6.4,-2.4 -7,-6.4 z"
id="path60" /><path
fill="#58595b"
d="m 1075.3,583.3 c -0.7,-0.1 -1.4,-0.1 -2.2,-0.3 -0.8,-0.3 -1.8,-0.6 -3.2,-0.9 -1.5,-0.4 -2.9,-1 -4.1,-1.7 -2.3,-1.5 -4.4,-3.6 -5.6,-6.8 -0.1,-0.3 -0.2,-0.6 -0.3,-0.9 -0.9,-3.5 -1.3,-7.1 -1.3,-10.7 -0.2,-16.3 0.1,-32.6 -0.3,-48.9 -0.2,-9.5 -2.8,-18.4 -10.3,-25 -9.3,-8.1 -20.1,-9.5 -31.3,-9 h -14.3 v 22.2 h 20.8 c 3.9,0.5 6.4,2.8 7,6.8 0.5,3.1 1.1,6.2 1.1,9.3 0.1,17.6 0,35.2 0.2,52.8 0.1,7.3 1.9,14.2 7.1,19.7 1.8,1.9 3.9,3.6 5.9,5.4 -2,1.8 -4.1,3.5 -5.9,5.4 -5.2,5.5 -7,12.3 -7.1,19.7 -0.2,17.6 -0.1,35.2 -0.2,52.8 0,3.1 -0.6,6.2 -1.1,9.3 -0.6,4 -3.1,6.3 -7,6.8 h -20.8 v 22.2 h 14.3 c 11.2,0.5 22,-1 31.3,-9 7.6,-6.6 10.1,-15.5 10.3,-25 0.4,-16.3 0.1,-32.6 0.3,-48.9 0,-3.6 0.4,-7.2 1.3,-10.7 0.1,-0.3 0.2,-0.6 0.3,-0.9 1.2,-3.2 3.2,-5.3 5.6,-6.8 1.2,-0.7 2.6,-1.3 4.1,-1.7 1.3,-0.4 2.4,-0.6 3.2,-0.9 0.8,-0.1 1.5,-0.2 2.2,-0.3 h 8.5 v -11.8 -11.8 h -8.5 z"
id="path62" /><g
id="g70">
<polygon
fill="#1dbf73"
points="721.4,534.1 721.4,662 747.5,662 747.5,575.8 781.5,649.1 800.3,649.1 834.3,575.8 834.3,662 860.2,662 860.2,534.1 828.1,534.1 791,612.3 753.7,534.1 "
id="polygon64" />
<path
fill="#1dbf73"
d="M 935.3,534.1 H 881 V 662 h 53.2 c 40.4,0 68.3,-26.3 68.3,-64 0.1,-37.8 -27.5,-63.9 -67.2,-63.9 z m 0.8,103.6 H 910 v -79.3 h 24.9 c 21.9,0 38.4,16.3 38.4,39.8 -0.1,23.4 -15.8,39.5 -37.2,39.5 z"
id="path66" />
<path
fill="#1dbf73"
d="m 723.3,525.6 c -4,2.2 -7.9,4.7 -11.7,7.2 -7.4,5 -14.1,10.3 -19.8,15.2 -2.7,2.4 -5.2,4.6 -7.4,6.7 -1.1,0.9 -2.1,1.8 -3.1,2.7 -3.4,3 -6.6,6 -9.7,8.8 -17,15.8 -29.2,28.9 -29.2,28.9 l -16,-18 -8,-8.9 -5.7,-6.4 c 0.6,-3.1 2.9,-5.7 5.7,-7.9 1.9,-1.5 4,-2.7 6.1,-3.8 4.1,-2.1 7.7,-3.2 7.7,-3.2 l 2.7,3.2 6.8,7.9 8,9.3 c 2.9,-3 5.8,-5.9 8.6,-8.6 3.2,-3.1 6.4,-6 9.5,-8.6 2.2,-1.9 4.4,-3.8 6.6,-5.5 2.1,-1.6 4.2,-3.1 6.5,-4.6 -7.8,-3.8 -17.6,-5.9 -29,-5.9 H 597.6 V 662 h 28.9 v -36.5 h 25.4 c 32.5,0 51.2,-17.2 51.2,-47 0,-9.9 -2.3,-18.4 -6.7,-25.1 z"
id="path68" />
</g></g>
</g>
</svg>

After

Width:  |  Height:  |  Size: 3.8 KiB