diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 0cae015..ecdf037 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/stale@v7
+ - uses: actions/stale@v8
with:
stale-issue-message: 'This issue has become stale and will be closed automatically within a period of time. Sorry about that.'
stale-pr-message: 'This pull request has become stale and will be closed automatically within a period of time. Sorry about that.'
diff --git a/CODEOWNERS b/CODEOWNERS
index 0a7c0a5..a47bd5b 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -1,4 +1,4 @@
-* @actions/starter-workflows
+* @actions/actions-workflow-development-reviewers
-/code-scanning/ @actions/advanced-security-code-scanning @actions/starter-workflows
-/pages/ @actions/pages @actions/starter-workflows
+/code-scanning/ @actions/advanced-security-code-scanning @actions/actions-workflow-development-reviewers
+/pages/ @actions/pages @actions/actions-workflow-development-reviewers
diff --git a/automation/label.yml b/automation/label.yml
index a8a1bd7..4613569 100644
--- a/automation/label.yml
+++ b/automation/label.yml
@@ -6,7 +6,7 @@
# https://github.com/actions/labeler
name: Labeler
-on: [pull_request]
+on: [pull_request_target]
jobs:
label:
diff --git a/automation/manual.yml b/automation/manual.yml
index 4a7131e..11b2e35 100644
--- a/automation/manual.yml
+++ b/automation/manual.yml
@@ -15,6 +15,8 @@ on:
default: 'World'
# Input has to be provided for the workflow to run
required: true
+ # The data type of the input
+ type: string
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
@@ -27,4 +29,4 @@ jobs:
steps:
# Runs a single command using the runners shell
- name: Send greeting
- run: echo "Hello ${{ github.event.inputs.name }}"
\ No newline at end of file
+ run: echo "Hello ${{ inputs.name }}"
diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml
index 11dd662..d57b2f1 100644
--- a/ci/docker-publish.yml
+++ b/ci/docker-publish.yml
@@ -43,7 +43,7 @@ jobs:
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
with:
- cosign-release: 'v1.11.0'
+ cosign-release: 'v1.13.1'
# Workaround: https://github.com/docker/build-push-action/issues/461
diff --git a/ci/elixir.yml b/ci/elixir.yml
index 6c76f54..371ff24 100644
--- a/ci/elixir.yml
+++ b/ci/elixir.yml
@@ -1,3 +1,8 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
name: Elixir CI
on:
diff --git a/ci/msbuild.yml b/ci/msbuild.yml
index c50354e..a52ec35 100644
--- a/ci/msbuild.yml
+++ b/ci/msbuild.yml
@@ -1,3 +1,8 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
name: MSBuild
on:
diff --git a/ci/ruby.yml b/ci/ruby.yml
index e1551d5..9e94081 100644
--- a/ci/ruby.yml
+++ b/ci/ruby.yml
@@ -30,7 +30,7 @@ jobs:
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
# change this to (see https://github.com/ruby/setup-ruby#versioning):
# uses: ruby/setup-ruby@v1
- uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0
+ uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
with:
ruby-version: ${{ matrix.ruby-version }}
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
diff --git a/ci/rubyonrails.yml b/ci/rubyonrails.yml
index 5102b3d..20ff014 100644
--- a/ci/rubyonrails.yml
+++ b/ci/rubyonrails.yml
@@ -30,7 +30,7 @@ jobs:
uses: actions/checkout@v3
# Add or replace dependency steps here
- name: Install Ruby and gems
- uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0
+ uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
with:
bundler-cache: true
# Add or replace database setup steps here
@@ -46,7 +46,7 @@ jobs:
- name: Checkout code
uses: actions/checkout@v3
- name: Install Ruby and gems
- uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0
+ uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
with:
bundler-cache: true
# Add or replace any other lints here
diff --git a/ci/symfony.yml b/ci/symfony.yml
index d1ac71a..4b957e1 100644
--- a/ci/symfony.yml
+++ b/ci/symfony.yml
@@ -1,3 +1,8 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
name: Symfony
on:
diff --git a/code-scanning/apisec-scan.yml b/code-scanning/apisec-scan.yml
index ec8b8bb..34defa9 100644
--- a/code-scanning/apisec-scan.yml
+++ b/code-scanning/apisec-scan.yml
@@ -10,7 +10,7 @@
# How to Get Started with APIsec.ai
# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
#
-# 2. Register your account at https://cloud.fxlabs.io/#/signup .
+# 2. Register your account at https://cloud.apisec.ai/#/signup .
#
# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
#
@@ -55,7 +55,7 @@ jobs:
steps:
- name: APIsec scan
- uses: apisec-inc/apisec-run-scan@f748a240d69ca6cd7e9532fd0a47bec4ccd6a73c
+ uses: apisec-inc/apisec-run-scan@025432089674a28ba8fb55f8ab06c10215e772ea
with:
# The APIsec username with which the scans will be executed
apisec-username: ${{ secrets.apisec_username }}
diff --git a/code-scanning/brakeman.yml b/code-scanning/brakeman.yml
index d381e85..197300c 100644
--- a/code-scanning/brakeman.yml
+++ b/code-scanning/brakeman.yml
@@ -35,7 +35,7 @@ jobs:
# Customize the ruby version depending on your needs
- name: Setup Ruby
- uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0
+ uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
with:
ruby-version: '2.7'
diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml
index f0c3beb..0b8af33 100644
--- a/code-scanning/codeql.yml
+++ b/code-scanning/codeql.yml
@@ -23,7 +23,8 @@ on:
jobs:
analyze:
name: Analyze
- runs-on: ubuntu-latest
+ runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+ timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
actions: read
contents: read
@@ -51,11 +52,11 @@ jobs:
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
- # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
- # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
+ # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
diff --git a/code-scanning/credo.yml b/code-scanning/credo.yml
new file mode 100644
index 0000000..c1fb8d1
--- /dev/null
+++ b/code-scanning/credo.yml
@@ -0,0 +1,61 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+
+# Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency.
+# https://github.com/rrrene/credo
+#
+# To use this workflow, you must have GitHub Advanced Security (GHAS) enabled for your repository.
+#
+# Instructions:
+# 1. Add :credo as a dependency to your project's mix.exs with version ~> 1.7.0-rc.1 - https://github.com/rrrene/credo#installation-and-usage
+# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
+# and review the "Security" tab once the action has run.
+
+name: Credo
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+permissions:
+ contents: read
+
+jobs:
+ security-scan:
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ otp: [version]
+ elixir: [version]
+ steps:
+ - uses: actions/checkout@v3
+ - uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f
+ with:
+ otp-version: ${{matrix.otp}}
+ elixir-version: ${{matrix.elixir}}
+ - name: get dependencies
+ run: mix deps.get
+ - name: compile dependencies
+ run: mix deps.compile
+ - name: compile
+ run: mix compile
+ - name: credo-scan
+ run: mix credo --format=sarif > credo_output.sarif
+ - name: upload sarif
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ # Path to SARIF file relative to the root of the repository
+ sarif_file: credo_output.sarif
diff --git a/code-scanning/defender-for-devops.yml b/code-scanning/defender-for-devops.yml
new file mode 100644
index 0000000..71971cd
--- /dev/null
+++ b/code-scanning/defender-for-devops.yml
@@ -0,0 +1,47 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+#
+# Microsoft Security DevOps (MSDO) is a command line application which integrates static analysis tools into the development cycle.
+# MSDO installs, configures and runs the latest versions of static analysis tools
+# (including, but not limited to, SDL/security and compliance tools).
+#
+# The Microsoft Security DevOps action is currently in beta and runs on the windows-latest queue,
+# as well as Windows self hosted agents. ubuntu-latest support coming soon.
+#
+# For more information about the action , check out https://github.com/microsoft/security-devops-action
+#
+# Please note this workflow do not integrate your GitHub Org with Microsoft Defender For DevOps. You have to create an integration
+# and provide permission before this can report data back to azure.
+# Read the official documentation here : https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github
+
+name: "Microsoft Defender For Devops"
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+jobs:
+ MSDO:
+ # currently only windows latest is supported
+ runs-on: windows-latest
+
+ steps:
+ - uses: actions/checkout@v3
+ - uses: actions/setup-dotnet@v3
+ with:
+ dotnet-version: |
+ 5.0.x
+ 6.0.x
+ - name: Run Microsoft Security DevOps
+ uses: microsoft/security-devops-action@v1.6.0
+ id: msdo
+ - name: Upload results to Security tab
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: ${{ steps.msdo.outputs.sarifFile }}
diff --git a/code-scanning/detekt.yml b/code-scanning/detekt.yml
index a13a517..15aeb45 100644
--- a/code-scanning/detekt.yml
+++ b/code-scanning/detekt.yml
@@ -77,7 +77,7 @@ jobs:
fi
DETEKT_DOWNLOAD_URL=$(jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' gh_response.json)
- echo "::set-output name=download_url::$DETEKT_DOWNLOAD_URL"
+ echo "download_url=$DETEKT_DOWNLOAD_URL" >> $GITHUB_OUTPUT
# Sets up the detekt cli
- name: Setup Detekt
diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml
index 12414a1..feacb7f 100644
--- a/code-scanning/frogbot-scan-and-fix.yml
+++ b/code-scanning/frogbot-scan-and-fix.yml
@@ -7,6 +7,8 @@
# Uses JFrog Xray to scan the project.
# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot
+# Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md
+
name: "Frogbot Scan and Fix"
on:
push:
@@ -21,36 +23,47 @@ jobs:
steps:
- uses: actions/checkout@v3
- # Install prerequisites - uncomment the relevant one
+ # IMPORTANT:
+ # 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix
+ # 2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md
- # - uses: actions/setup-go@v3
- # with:
- # go-version: 1.17.x
-
- # - uses: actions/setup-java@v3
- # with:
- # java-version: "11"
- # distribution: "temurin"
-
- # - uses: actions/setup-node@v3
- # with:
- # node-version: "16.x"
-
-
- - uses: jfrog/frogbot@b92e53d9631139a697cb71d9e70229a70ca56694
+ - uses: jfrog/frogbot@3395426f351556d4568e30a6dfd2909dbedae99e
env:
+ # [Mandatory if the two conditions below are met]
+ # 1. The project uses npm, yarn 2, NuGet or .NET to download its dependencies
+ # 2. The `installCommand` variable isn't set in your frogbot-config.yml file.
+ #
+ # The command that installs the project dependencies (e.g "npm i", "nuget restore" or "dotnet restore")
+ # JF_INSTALL_DEPS_CMD: ""
+
# [Mandatory]
- # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
- JF_URL: ${{ secrets.FROGBOT_URL }}
+ # JFrog platform URL
+ JF_URL: ${{ secrets.JF_URL }}
# [Mandatory if JF_USER and JF_PASSWORD are not provided]
# JFrog access token with 'read' permissions on Xray service
- JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }}
+ JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+
+ # [Mandatory if JF_ACCESS_TOKEN is not provided]
+ # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
+ # JF_USER: ${{ secrets.JF_USER }}
+
+ # [Mandatory if JF_ACCESS_TOKEN is not provided]
+ # JFrog password. Must be provided with JF_USER
+ # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
# [Mandatory]
# The GitHub token automatically generated for the job
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # [Mandatory if using npm]
- # The command that installs the dependencies
- # JF_INSTALL_DEPS_CMD: "npm i"
+ # [Optional]
+ # If the machine that runs Frogbot has no access to the internat, set the name of a remote repository
+ # in Artifactory, which proxies https://releases.jfrog.io/artifactory
+ # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
+ # JF_RELEASES_REPO: ""
+
+ # [Optional]
+ # Frogbot will download the project dependencies, if they're not cached locally. To download the
+ # dependencies from a virtual repository in Artifactory, set the name of of the repository. There's no
+ # need to set this value, if it is set in the frogbot-config.yml file.
+ # JF_DEPS_REPO: ""
\ No newline at end of file
diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml
index 74ee41e..9e8b6c5 100644
--- a/code-scanning/frogbot-scan-pr.yml
+++ b/code-scanning/frogbot-scan-pr.yml
@@ -7,6 +7,8 @@
# Uses JFrog Xray to scan the project.
# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot
+# Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md
+
name: "Frogbot Scan Pull Request"
on:
pull_request_target:
@@ -19,57 +21,54 @@ jobs:
runs-on: ubuntu-latest
# A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
# "frogbot" GitHub environment can approve the pull request to be scanned.
+ # Read more here (Install Frogbot Using GitHub Actions): https://github.com/jfrog/frogbot/blob/master/docs/install-github.md
environment: frogbot
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
- # Install prerequisites - uncomment the relevant ones
+ # IMPORTANT:
+ # 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix
+ # 2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md
- # - uses: actions/setup-go@v3
- # with:
- # go-version: 1.17.x
-
- # - uses: actions/setup-java@v3
- # with:
- # java-version: "11"
- # distribution: "temurin"
-
- # - uses: actions/setup-node@v3
- # with:
- # node-version: "16.x"
-
- # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request
-
- - uses: jfrog/frogbot@b92e53d9631139a697cb71d9e70229a70ca56694
+ - uses: jfrog/frogbot@3395426f351556d4568e30a6dfd2909dbedae99e
env:
+ # [Mandatory if the two conditions below are met]
+ # 1. The project uses npm, yarn 2, NuGet or .NET to download its dependencies
+ # 2. The `installCommand` variable isn't set in your frogbot-config.yml file.
+ #
+ # The command that installs the project dependencies (e.g "npm i", "nuget restore" or "dotnet restore")
+ # JF_INSTALL_DEPS_CMD: ""
+
# [Mandatory]
- # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray)
+ # JFrog platform URL
JF_URL: ${{ secrets.JF_URL }}
+ # [Mandatory if JF_USER and JF_PASSWORD are not provided]
+ # JFrog access token with 'read' permissions on Xray service
+ JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+
# [Mandatory if JF_ACCESS_TOKEN is not provided]
# JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD
- JF_USER: ${{ secrets.JF_USER }}
+ # JF_USER: ${{ secrets.JF_USER }}
# [Mandatory if JF_ACCESS_TOKEN is not provided]
# JFrog password. Must be provided with JF_USER
- JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
+ # JF_PASSWORD: ${{ secrets.JF_PASSWORD }}
# [Mandatory]
# The GitHub token automatically generated for the job
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # [Mandatory if JF_USER and JF_PASSWORD are not provided]
- # JFrog access token with 'read' permissions on Xray service
- # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
+ # [Optional]
+ # If the machine that runs Frogbot has no access to the internat, set the name of a remote repository
+ # in Artifactory, which proxies https://releases.jfrog.io/artifactory
+ # The 'frogbot' executable and other tools it needs will be downloaded through this repository.
+ # JF_RELEASES_REPO: ""
- # [Mandatory when using npm]
- # The command that installs the dependencies
- # JF_INSTALL_DEPS_CMD: "npm i"
-
- # [Mandatory when using .NET]
- # The command that installs the dependencies
- # JF_INSTALL_DEPS_CMD: "dotnet restore"
-
- # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request
+ # [Optional]
+ # Frogbot will download the project dependencies, if they're not cached locally. To download the
+ # dependencies from a virtual repository in Artifactory, set the name of of the repository. There's no
+ # need to set this value, if it is set in the frogbot-config.yml file.
+ # JF_DEPS_REPO: ""
\ No newline at end of file
diff --git a/code-scanning/jscrambler-code-integrity.yml b/code-scanning/jscrambler-code-integrity.yml
new file mode 100644
index 0000000..cbc9345
--- /dev/null
+++ b/code-scanning/jscrambler-code-integrity.yml
@@ -0,0 +1,47 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This is a basic workflow to help you get started with Using Jscrambler Code Integrity Action.
+# It automates the protection of your JavaScript Applications, so you can run it whenever a new version of your application is built.
+# A Jscrambler account is required to use this Workflow.
+#
+# More info can be found here : https://docs.jscrambler.com/latest/code-integrity/documentation/github-ci-integration
+
+name: Jscrambler Code Integrity
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ $default-branch ]
+
+permissions:
+ contents: read
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ steps:
+ - uses: actions/checkout@v3
+ - uses: actions/setup-node@v3
+ with:
+ node-version: 18
+ - run: npm ci
+ - run: npm run build
+ - name: Jscrambler Code Integrity
+ id: jscrambler
+ # the complete list of inputs can be found here: https://github.com/marketplace/actions/jscrambler#inputs
+ uses: jscrambler/code-integrity-actions/protect@ab65962a2ecffcc362b75a997e24a181d0bde5fb
+ with:
+ application-id: ${{ secrets.JSCRAMBLER_APPLICATION_ID }} # This value should be created within your Jscrambler account
+ secret-key: ${{ secrets.JSCRAMBLER_SECRET_KEY }} # This value can be found in your Jscrambler account
+ access-key: ${{ secrets.JSCRAMBLER_ACCESS_KEY }} # This value can be found in your Jscrambler account
+ jscrambler-config-path: jscrambler.json # Download from your Jscrambler account
+ files-src: | # List of Files to be protected
+ dist/**/*
+ files-dest: .
diff --git a/code-scanning/properties/codeql.properties.json b/code-scanning/properties/codeql.properties.json
index f5e78bf..8aaa8f5 100644
--- a/code-scanning/properties/codeql.properties.json
+++ b/code-scanning/properties/codeql.properties.json
@@ -2,7 +2,7 @@
"name": "CodeQL Analysis",
"creator": "GitHub",
"enterprise": true,
- "description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, Ruby and Kotlin developers.",
+ "description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, Ruby, Kotlin and Swift developers.",
"iconName": "octicon mark-github",
- "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby", "Kotlin"]
+ "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby", "Kotlin", "Swift"]
}
diff --git a/code-scanning/properties/credo.properties.json b/code-scanning/properties/credo.properties.json
new file mode 100644
index 0000000..cdc621f
--- /dev/null
+++ b/code-scanning/properties/credo.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Credo Scan",
+ "creator": "Credo",
+ "description": "Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency.",
+ "iconName": "code",
+ "categories": ["Code Scanning", "Elixir"]
+}
diff --git a/code-scanning/properties/defender-for-devops.properties.json b/code-scanning/properties/defender-for-devops.properties.json
new file mode 100644
index 0000000..495fa26
--- /dev/null
+++ b/code-scanning/properties/defender-for-devops.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Microsoft Defender For DevOps Scan",
+ "creator": "Microsoft",
+ "description": "Defender for DevOps helps integrate multiple tools with GitHub Advanced Security and sends the results to Defender for Cloud dashboard.",
+ "iconName": "microsoft",
+ "categories": ["Code Scanning", "HCL","Dockerfile", "Python", "JavaScript", "EcmaScript", "TypeScript"]
+}
diff --git a/code-scanning/properties/jscrambler-code-integrity.properties.json b/code-scanning/properties/jscrambler-code-integrity.properties.json
new file mode 100644
index 0000000..f231d5c
--- /dev/null
+++ b/code-scanning/properties/jscrambler-code-integrity.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Jscrambler Code Integrity",
+ "description": "Protect your JavaScript Application with polymorphic obfuscation, code locks, and self-defensive techniques",
+ "creator": "Jscrambler",
+ "iconName": "jscrambler",
+ "categories": ["Code Scanning", "JavaScript", "HTML"]
+}
diff --git a/code-scanning/properties/snyk-security.properties.json b/code-scanning/properties/snyk-security.properties.json
new file mode 100644
index 0000000..3c10ca1
--- /dev/null
+++ b/code-scanning/properties/snyk-security.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Snyk Security",
+ "creator": "Snyk",
+ "description": "Detect vulnerabilities across your applications and infrastructure with the Snyk platform.",
+ "iconName": "snyk",
+ "categories": ["Code Scanning","JavaScript", "Python", "Java", "PHP", "C#", "C", "C++", "Ruby", "Swift", "Go", "TypeScript", "Kotlin", "Apex", "Scala", "Terraform", "Dockerfile"]
+}
diff --git a/code-scanning/puppet-lint.yml b/code-scanning/puppet-lint.yml
index 0804ba9..047ff00 100644
--- a/code-scanning/puppet-lint.yml
+++ b/code-scanning/puppet-lint.yml
@@ -36,7 +36,7 @@ jobs:
uses: actions/checkout@v3
- name: Setup Ruby
- uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0
+ uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
with:
ruby-version: 2.7
bundler-cache: true
diff --git a/code-scanning/rubocop.yml b/code-scanning/rubocop.yml
index 97a693f..e2347db 100644
--- a/code-scanning/rubocop.yml
+++ b/code-scanning/rubocop.yml
@@ -28,7 +28,7 @@ jobs:
# If running on a self-hosted runner, check it meets the requirements
# listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
- name: Set up Ruby
- uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0
+ uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
with:
ruby-version: 2.6
diff --git a/code-scanning/scorecard.yml b/code-scanning/scorecard.yml
index 69cf948..19b9b00 100644
--- a/code-scanning/scorecard.yml
+++ b/code-scanning/scorecard.yml
@@ -37,7 +37,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
+ uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
with:
results_file: results.sarif
results_format: sarif
@@ -67,6 +67,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27
+ uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
with:
sarif_file: results.sarif
diff --git a/code-scanning/snyk-security.yml b/code-scanning/snyk-security.yml
new file mode 100644
index 0000000..715fa1b
--- /dev/null
+++ b/code-scanning/snyk-security.yml
@@ -0,0 +1,79 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# A sample workflow which sets up Snyk to analyze the full Snyk platform (Snyk Open Source, Snyk Code,
+# Snyk Container and Snyk Infrastructure as Code)
+# The setup installs the Snyk CLI - for more details on the possible commands
+# check https://docs.snyk.io/snyk-cli/cli-reference
+# The results of Snyk Code are then uploaded to GitHub Security Code Scanning
+#
+# In order to use the Snyk Action you will need to have a Snyk API token.
+# More details in https://github.com/snyk/actions#getting-your-snyk-token
+# or you can signup for free at https://snyk.io/login
+#
+# For more examples, including how to limit scans to only high-severity issues
+# and fail PR checks, see https://github.com/snyk/actions/
+
+name: Snyk Security
+
+on:
+ push:
+ branches: [$default-branch, $protected-branches]
+ pull_request:
+ branches: [$default-branch]
+
+permissions:
+ contents: read
+
+jobs:
+ snyk:
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - name: Set up Snyk CLI to check for security issues
+ # Snyk can be used to break the build when it detects security issues.
+ # In this case we want to upload the SAST issues to GitHub Code Scanning
+ uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb
+
+ # For Snyk Open Source you must first set up the development environment for your application's dependencies
+ # For example for Node
+ #- uses: actions/setup-node@v3
+ # with:
+ # node-version: 16
+
+ env:
+ # This is where you will need to introduce the Snyk API token created with your Snyk account
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+ # Runs Snyk Code (SAST) analysis and uploads result into GitHub.
+ # Use || true to not fail the pipeline
+ - name: Snyk Code test
+ run: snyk code test --sarif > snyk-code.sarif # || true
+
+ # Runs Snyk Open Source (SCA) analysis and uploads result to Snyk.
+ - name: Snyk Open Source monitor
+ run: snyk monitor --all-projects
+
+ # Runs Snyk Infrastructure as Code (IaC) analysis and uploads result to Snyk.
+ # Use || true to not fail the pipeline.
+ - name: Snyk IaC test and report
+ run: snyk iac test --report # || true
+
+ # Build the docker image for testing
+ - name: Build a Docker image
+ run: docker build -t your/image-to-test .
+ # Runs Snyk Container (Container and SCA) analysis and uploads result to Snyk.
+ - name: Snyk Container monitor
+ run: snyk container monitor your/image-to-test --file=Dockerfile
+
+ # Push the Snyk Code results into GitHub Code Scanning tab
+ - name: Upload result to GitHub Code Scanning
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: snyk-code.sarif
diff --git a/deployments/azure-functions-app-container.yml b/deployments/azure-functions-app-container.yml
index 7b438be..1173b95 100644
--- a/deployments/azure-functions-app-container.yml
+++ b/deployments/azure-functions-app-container.yml
@@ -21,8 +21,7 @@ name: Deploy container to Azure Functions App
on:
push:
- branches:
- - [$default-branch]
+ branches: [$default-branch]
permissions:
contents: read
diff --git a/deployments/azure-functions-app-dotnet.yml b/deployments/azure-functions-app-dotnet.yml
index 8b2c23b..824614e 100644
--- a/deployments/azure-functions-app-dotnet.yml
+++ b/deployments/azure-functions-app-dotnet.yml
@@ -20,8 +20,7 @@ name: Deploy DotNet project to Azure Function App
on:
push:
- branches:
- - [$default-branch]
+ branches: [$default-branch]
env:
AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure
diff --git a/deployments/azure-functions-app-java-gradle.yml b/deployments/azure-functions-app-java-gradle.yml
new file mode 100644
index 0000000..36c50b8
--- /dev/null
+++ b/deployments/azure-functions-app-java-gradle.yml
@@ -0,0 +1,69 @@
+# This workflow will build a Java project and deploy it to an Azure Functions App on Windows or Linux when a commit is pushed to your default branch.
+#
+# This workflow assumes you have already created the target Azure Functions app and applied azure functions plugin for gradle.
+# For instructions see https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-first-java-gradle
+#
+# To configure this workflow:
+# 1. Set up the following secrets in your repository:
+# - AZURE_FUNCTIONAPP_PUBLISH_PROFILE
+# 2. Change env variables for your configuration.
+#
+# For more information on:
+# - GitHub Actions for Azure: https://github.com/Azure/Actions
+# - Azure Functions Action: https://github.com/Azure/functions-action
+# - Publish Profile: https://github.com/Azure/functions-action#using-publish-profile-as-deployment-credential-recommended
+# - Azure Service Principal for RBAC: https://github.com/Azure/functions-action#using-azure-service-principal-for-rbac-as-deployment-credential
+#
+# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples/tree/master/FunctionApp
+
+name: Deploy Gradle Java project to Azure Function App
+
+on:
+ push:
+ branches: [$default-branch]
+
+permissions:
+ contents: read
+
+env:
+ AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure
+ BUILD_GRADLE_DIRECTORY: '.' # set this to the directory which contains build.gradle file
+ JAVA_VERSION: '8' # set this to the java version to use (e.g. '8', '11', '17')
+
+jobs:
+ build-and-deploy:
+ permissions:
+ contents: none
+ runs-on: windows-latest # For Linux, use ubuntu-latest
+ environment: dev
+ steps:
+ - name: 'Checkout GitHub Action'
+ uses: actions/checkout@v3
+
+ # If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below
+ # - name: 'Login via Azure CLI'
+ # uses: azure/login@v1
+ # with:
+ # creds: ${{ secrets.AZURE_RBAC_CREDENTIALS }} # set up AZURE_RBAC_CREDENTIALS secrets in your repository
+
+ - name: Setup Java Sdk ${{ env.JAVA_VERSION }}
+ uses: actions/setup-java@v1
+ with:
+ java-version: ${{ env.JAVA_VERSION }}
+
+ # Build function project with functions gradle plugin
+ # For project with function plugin lower than 1.12.1, please make sure you have set same app name in gradle configuration
+ - name: 'Restore Project Dependencies Using Gradle Plugin for Azure Functions'
+ shell: pwsh # For Linux, use bash
+ run: |
+ pushd './${{ env.BUILD_GRADLE_DIRECTORY }}'
+ gradle azureFunctionsPackage -DappName=${{ env.AZURE_FUNCTIONAPP_NAME }}
+ popd
+
+ - name: 'Run Azure Functions Action'
+ uses: Azure/functions-action@v1
+ id: fa
+ with:
+ app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
+ package: '${{ env.BUILD_GRADLE_DIRECTORY }}/build/azure-functions/${{ env.AZURE_FUNCTIONAPP_NAME }}'
+ publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} # Remove publish-profile to use Azure RBAC
diff --git a/deployments/azure-functions-app-java.yml b/deployments/azure-functions-app-java.yml
index 0774544..5608328 100644
--- a/deployments/azure-functions-app-java.yml
+++ b/deployments/azure-functions-app-java.yml
@@ -20,8 +20,7 @@ name: Deploy Java project to Azure Function App
on:
push:
- branches:
- - [$default-branch]
+ branches: [$default-branch]
env:
AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure
diff --git a/deployments/azure-functions-app-nodejs.yml b/deployments/azure-functions-app-nodejs.yml
index b8033f0..916f396 100644
--- a/deployments/azure-functions-app-nodejs.yml
+++ b/deployments/azure-functions-app-nodejs.yml
@@ -22,8 +22,7 @@ name: Deploy Node.js project to Azure Function App
on:
push:
- branches:
- - [$default-branch]
+ branches: [$default-branch]
env:
AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure
diff --git a/deployments/azure-functions-app-powershell.yml b/deployments/azure-functions-app-powershell.yml
index 505b5af..5d62316 100644
--- a/deployments/azure-functions-app-powershell.yml
+++ b/deployments/azure-functions-app-powershell.yml
@@ -20,8 +20,7 @@ name: Deploy PowerShell project to Azure Function App
on:
push:
- branches:
- - [$default-branch]
+ branches: [$default-branch]
env:
AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure
diff --git a/deployments/azure-functions-app-python.yml b/deployments/azure-functions-app-python.yml
index 0220227..6452a18 100644
--- a/deployments/azure-functions-app-python.yml
+++ b/deployments/azure-functions-app-python.yml
@@ -20,8 +20,7 @@ name: Deploy Python project to Azure Function App
on:
push:
- branches:
- - [$default-branch]
+ branches: [$default-branch]
env:
AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure
diff --git a/deployments/azure-webapps-java-jar-gradle.yml b/deployments/azure-webapps-java-jar-gradle.yml
new file mode 100644
index 0000000..b1c1df9
--- /dev/null
+++ b/deployments/azure-webapps-java-jar-gradle.yml
@@ -0,0 +1,79 @@
+# This workflow will build and push a Java application to an Azure Web App when a commit is pushed to your default branch.
+#
+# This workflow assumes you have already created the target Azure App Service web app.
+# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-java?tabs=javase&pivots=platform-linux
+#
+# To configure this workflow:
+#
+# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
+# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
+#
+# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
+# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
+#
+# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the JAVA_VERSION environment variable below.
+#
+# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
+# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
+# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
+
+name: Build and deploy Gradle app to Azure Web App
+
+env:
+ AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
+ JAVA_VERSION: '11' # set this to the Java version to use
+ DISTRIBUTION: zulu # set this to the Java distribution
+
+on:
+ push:
+ branches: [ $default-branch ]
+ workflow_dispatch:
+
+permissions:
+ contents: read
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Set up Java version
+ uses: actions/setup-java@v3.0.0
+ with:
+ java-version: ${{ env.JAVA_VERSION }}
+ distribution: ${{ env.DISTRIBUTION }}
+ cache: 'gradle'
+
+ - name: Build with Gradle
+ run: gradle build
+
+ - name: Upload artifact for deployment job
+ uses: actions/upload-artifact@v3
+ with:
+ name: java-app
+ path: '${{ github.workspace }}/build/libs/*.jar'
+
+ deploy:
+ permissions:
+ contents: none
+ runs-on: ubuntu-latest
+ needs: build
+ environment:
+ name: 'Development'
+ url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
+
+ steps:
+ - name: Download artifact from build job
+ uses: actions/download-artifact@v3
+ with:
+ name: java-app
+
+ - name: Deploy to Azure Web App
+ id: deploy-to-webapp
+ uses: azure/webapps-deploy@v2
+ with:
+ app-name: ${{ env.AZURE_WEBAPP_NAME }}
+ publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
+ package: '*.jar'
diff --git a/deployments/azure-webapps-php.yml b/deployments/azure-webapps-php.yml
index 4d08dbd..b3aee8d 100644
--- a/deployments/azure-webapps-php.yml
+++ b/deployments/azure-webapps-php.yml
@@ -54,7 +54,7 @@ jobs:
id: composer-cache
if: steps.check_files.outputs.files_exists == 'true'
run: |
- echo "::set-output name=dir::$(composer config cache-files-dir)"
+ echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Set up dependency caching for faster installs
uses: actions/cache@v3
diff --git a/deployments/properties/azure-functions-app-java-gradle.properties.json b/deployments/properties/azure-functions-app-java-gradle.properties.json
new file mode 100644
index 0000000..5c3bd16
--- /dev/null
+++ b/deployments/properties/azure-functions-app-java-gradle.properties.json
@@ -0,0 +1,8 @@
+{
+ "name": "Deploy Gradle app to Azure Functions App",
+ "description": "Build a Java project and deploy it to an Azure Functions App on Windows or Linux.",
+ "creator": "Microsoft Azure",
+ "iconName": "azure",
+ "categories": ["Deployment", "Java", "Gradle", "Azure Functions"],
+ "labels": ["preview"]
+}
diff --git a/deployments/properties/azure-webapps-java-jar-gradle.properties.json b/deployments/properties/azure-webapps-java-jar-gradle.properties.json
new file mode 100644
index 0000000..31804d7
--- /dev/null
+++ b/deployments/properties/azure-webapps-java-jar-gradle.properties.json
@@ -0,0 +1,8 @@
+{
+ "name": "Deploy a Gradle .jar app to an Azure Web App",
+ "description": "Build a Gradle project and deploy it to an Azure Web App.",
+ "creator": "Microsoft Azure",
+ "iconName": "azure",
+ "categories": ["Deployment", "Java", "Gradle"],
+ "labels": ["preview"]
+}
diff --git a/icons/azure.svg b/icons/azure.svg
index 2ff63c1..3b89df5 100644
--- a/icons/azure.svg
+++ b/icons/azure.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
diff --git a/icons/code.svg b/icons/code.svg
new file mode 100644
index 0000000..ee64cbc
--- /dev/null
+++ b/icons/code.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/jscrambler.svg b/icons/jscrambler.svg
new file mode 100644
index 0000000..7b96427
--- /dev/null
+++ b/icons/jscrambler.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/mdbook.svg b/icons/mdbook.svg
new file mode 100644
index 0000000..c61e0a6
--- /dev/null
+++ b/icons/mdbook.svg
@@ -0,0 +1,17 @@
+
+
diff --git a/pages/astro.yml b/pages/astro.yml
index 1b6478f..4278958 100644
--- a/pages/astro.yml
+++ b/pages/astro.yml
@@ -18,10 +18,11 @@ permissions:
pages: write
id-token: write
-# Allow one concurrent deployment
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
- cancel-in-progress: true
+ cancel-in-progress: false
env:
BUILD_PATH: "." # default value when not using subfolders
@@ -48,7 +49,7 @@ jobs:
echo "runner=npx --no-install" >> $GITHUB_OUTPUT
exit 0
else
- echo "Unable to determine packager manager"
+ echo "Unable to determine package manager"
exit 1
fi
- name: Setup Node
@@ -84,4 +85,4 @@ jobs:
steps:
- name: Deploy to GitHub Pages
id: deployment
- uses: actions/deploy-pages@v1
+ uses: actions/deploy-pages@v2
diff --git a/pages/gatsby.yml b/pages/gatsby.yml
index 34f15dd..1fe2d24 100644
--- a/pages/gatsby.yml
+++ b/pages/gatsby.yml
@@ -18,10 +18,11 @@ permissions:
pages: write
id-token: write
-# Allow one concurrent deployment
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
- cancel-in-progress: true
+ cancel-in-progress: false
# Default to bash
defaults:
@@ -47,7 +48,7 @@ jobs:
echo "command=ci" >> $GITHUB_OUTPUT
exit 0
else
- echo "Unable to determine packager manager"
+ echo "Unable to determine package manager"
exit 1
fi
- name: Setup Node
@@ -93,4 +94,4 @@ jobs:
steps:
- name: Deploy to GitHub Pages
id: deployment
- uses: actions/deploy-pages@v1
+ uses: actions/deploy-pages@v2
diff --git a/pages/hugo.yml b/pages/hugo.yml
index d4363fd..fd6c4b4 100644
--- a/pages/hugo.yml
+++ b/pages/hugo.yml
@@ -15,10 +15,11 @@ permissions:
pages: write
id-token: write
-# Allow one concurrent deployment
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
- cancel-in-progress: true
+ cancel-in-progress: false
# Default to bash
defaults:
@@ -71,4 +72,4 @@ jobs:
steps:
- name: Deploy to GitHub Pages
id: deployment
- uses: actions/deploy-pages@v1
+ uses: actions/deploy-pages@v2
diff --git a/pages/jekyll-gh-pages.yml b/pages/jekyll-gh-pages.yml
index 792aa18..851f2ce 100644
--- a/pages/jekyll-gh-pages.yml
+++ b/pages/jekyll-gh-pages.yml
@@ -15,10 +15,11 @@ permissions:
pages: write
id-token: write
-# Allow one concurrent deployment
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
- cancel-in-progress: true
+ cancel-in-progress: false
jobs:
# Build job
@@ -47,4 +48,4 @@ jobs:
steps:
- name: Deploy to GitHub Pages
id: deployment
- uses: actions/deploy-pages@v1
+ uses: actions/deploy-pages@v2
diff --git a/pages/jekyll.yml b/pages/jekyll.yml
index f4f1825..5adebe4 100644
--- a/pages/jekyll.yml
+++ b/pages/jekyll.yml
@@ -20,10 +20,11 @@ permissions:
pages: write
id-token: write
-# Allow one concurrent deployment
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
- cancel-in-progress: true
+ cancel-in-progress: false
jobs:
# Build job
@@ -33,9 +34,9 @@ jobs:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Ruby
- uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0
+ uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
with:
- ruby-version: '3.0' # Not needed with a .ruby-version file
+ ruby-version: '3.1' # Not needed with a .ruby-version file
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
cache-version: 0 # Increment this number if you need to re-download cached gems
- name: Setup Pages
@@ -60,4 +61,4 @@ jobs:
steps:
- name: Deploy to GitHub Pages
id: deployment
- uses: actions/deploy-pages@v1
+ uses: actions/deploy-pages@v2
diff --git a/pages/mdbook.yml b/pages/mdbook.yml
new file mode 100644
index 0000000..78d664e
--- /dev/null
+++ b/pages/mdbook.yml
@@ -0,0 +1,60 @@
+# Sample workflow for building and deploying a mdBook site to GitHub Pages
+#
+# To get started with mdBook see: https://rust-lang.github.io/mdBook/index.html
+#
+name: Deploy mdBook site to Pages
+
+on:
+ # Runs on pushes targeting the default branch
+ push:
+ branches: [$default-branch]
+
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+ contents: read
+ pages: write
+ id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+ group: "pages"
+ cancel-in-progress: false
+
+jobs:
+ # Build job
+ build:
+ runs-on: ubuntu-latest
+ env:
+ MDBOOK_VERSION: 0.4.21
+ steps:
+ - uses: actions/checkout@v3
+ - name: Install mdBook
+ run: |
+ curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf -y | sh
+ rustup update
+ cargo install --version ${MDBOOK_VERSION} mdbook
+ - name: Setup Pages
+ id: pages
+ uses: actions/configure-pages@v3
+ - name: Build with mdBook
+ run: mdbook build
+ - name: Upload artifact
+ uses: actions/upload-pages-artifact@v1
+ with:
+ path: ./book
+
+ # Deployment job
+ deploy:
+ environment:
+ name: github-pages
+ url: ${{ steps.deployment.outputs.page_url }}
+ runs-on: ubuntu-latest
+ needs: build
+ steps:
+ - name: Deploy to GitHub Pages
+ id: deployment
+ uses: actions/deploy-pages@v2
diff --git a/pages/nextjs.yml b/pages/nextjs.yml
index 5bd6c15..81073e6 100644
--- a/pages/nextjs.yml
+++ b/pages/nextjs.yml
@@ -18,10 +18,11 @@ permissions:
pages: write
id-token: write
-# Allow one concurrent deployment
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
- cancel-in-progress: true
+ cancel-in-progress: false
jobs:
# Build job
@@ -44,7 +45,7 @@ jobs:
echo "runner=npx --no-install" >> $GITHUB_OUTPUT
exit 0
else
- echo "Unable to determine packager manager"
+ echo "Unable to determine package manager"
exit 1
fi
- name: Setup Node
@@ -91,4 +92,4 @@ jobs:
steps:
- name: Deploy to GitHub Pages
id: deployment
- uses: actions/deploy-pages@v1
+ uses: actions/deploy-pages@v2
diff --git a/pages/nuxtjs.yml b/pages/nuxtjs.yml
index e7d8891..ddf8f4f 100644
--- a/pages/nuxtjs.yml
+++ b/pages/nuxtjs.yml
@@ -18,10 +18,11 @@ permissions:
pages: write
id-token: write
-# Allow one concurrent deployment
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
- cancel-in-progress: true
+ cancel-in-progress: false
jobs:
# Build job
@@ -42,7 +43,7 @@ jobs:
echo "command=ci" >> $GITHUB_OUTPUT
exit 0
else
- echo "Unable to determine packager manager"
+ echo "Unable to determine package manager"
exit 1
fi
- name: Setup Node
@@ -86,4 +87,4 @@ jobs:
steps:
- name: Deploy to GitHub Pages
id: deployment
- uses: actions/deploy-pages@v1
+ uses: actions/deploy-pages@v2
diff --git a/pages/properties/mdbook.properties.json b/pages/properties/mdbook.properties.json
new file mode 100644
index 0000000..2a4fe8d
--- /dev/null
+++ b/pages/properties/mdbook.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "mdBook",
+ "description": "Package a site using mdBook.",
+ "iconName": "mdbook",
+ "categories": ["Pages", "mdBook"]
+}
diff --git a/pages/static.yml b/pages/static.yml
index d6b7192..43bec60 100644
--- a/pages/static.yml
+++ b/pages/static.yml
@@ -15,10 +15,11 @@ permissions:
pages: write
id-token: write
-# Allow one concurrent deployment
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
- cancel-in-progress: true
+ cancel-in-progress: false
jobs:
# Single deploy job since we're just deploying
@@ -39,4 +40,4 @@ jobs:
path: '.'
- name: Deploy to GitHub Pages
id: deployment
- uses: actions/deploy-pages@v1
+ uses: actions/deploy-pages@v2