diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 0cae015..ecdf037 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/stale@v7 + - uses: actions/stale@v8 with: stale-issue-message: 'This issue has become stale and will be closed automatically within a period of time. Sorry about that.' stale-pr-message: 'This pull request has become stale and will be closed automatically within a period of time. Sorry about that.' diff --git a/CODEOWNERS b/CODEOWNERS index 0a7c0a5..a47bd5b 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,4 +1,4 @@ -* @actions/starter-workflows +* @actions/actions-workflow-development-reviewers -/code-scanning/ @actions/advanced-security-code-scanning @actions/starter-workflows -/pages/ @actions/pages @actions/starter-workflows +/code-scanning/ @actions/advanced-security-code-scanning @actions/actions-workflow-development-reviewers +/pages/ @actions/pages @actions/actions-workflow-development-reviewers diff --git a/automation/label.yml b/automation/label.yml index a8a1bd7..4613569 100644 --- a/automation/label.yml +++ b/automation/label.yml @@ -6,7 +6,7 @@ # https://github.com/actions/labeler name: Labeler -on: [pull_request] +on: [pull_request_target] jobs: label: diff --git a/automation/manual.yml b/automation/manual.yml index 4a7131e..11b2e35 100644 --- a/automation/manual.yml +++ b/automation/manual.yml @@ -15,6 +15,8 @@ on: default: 'World' # Input has to be provided for the workflow to run required: true + # The data type of the input + type: string # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -27,4 +29,4 @@ jobs: steps: # Runs a single command using the runners shell - name: Send greeting - run: echo "Hello ${{ github.event.inputs.name }}" \ No newline at end of file + run: echo "Hello ${{ inputs.name }}" diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index 11dd662..d57b2f1 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -43,7 +43,7 @@ jobs: if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0 with: - cosign-release: 'v1.11.0' + cosign-release: 'v1.13.1' # Workaround: https://github.com/docker/build-push-action/issues/461 diff --git a/ci/elixir.yml b/ci/elixir.yml index 6c76f54..371ff24 100644 --- a/ci/elixir.yml +++ b/ci/elixir.yml @@ -1,3 +1,8 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + name: Elixir CI on: diff --git a/ci/msbuild.yml b/ci/msbuild.yml index c50354e..a52ec35 100644 --- a/ci/msbuild.yml +++ b/ci/msbuild.yml @@ -1,3 +1,8 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + name: MSBuild on: diff --git a/ci/ruby.yml b/ci/ruby.yml index e1551d5..9e94081 100644 --- a/ci/ruby.yml +++ b/ci/ruby.yml @@ -30,7 +30,7 @@ jobs: # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby, # change this to (see https://github.com/ruby/setup-ruby#versioning): # uses: ruby/setup-ruby@v1 - uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0 + uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 with: ruby-version: ${{ matrix.ruby-version }} bundler-cache: true # runs 'bundle install' and caches installed gems automatically diff --git a/ci/rubyonrails.yml b/ci/rubyonrails.yml index 5102b3d..20ff014 100644 --- a/ci/rubyonrails.yml +++ b/ci/rubyonrails.yml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@v3 # Add or replace dependency steps here - name: Install Ruby and gems - uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0 + uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 with: bundler-cache: true # Add or replace database setup steps here @@ -46,7 +46,7 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - name: Install Ruby and gems - uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0 + uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 with: bundler-cache: true # Add or replace any other lints here diff --git a/ci/symfony.yml b/ci/symfony.yml index d1ac71a..4b957e1 100644 --- a/ci/symfony.yml +++ b/ci/symfony.yml @@ -1,3 +1,8 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + name: Symfony on: diff --git a/code-scanning/apisec-scan.yml b/code-scanning/apisec-scan.yml index ec8b8bb..34defa9 100644 --- a/code-scanning/apisec-scan.yml +++ b/code-scanning/apisec-scan.yml @@ -10,7 +10,7 @@ # How to Get Started with APIsec.ai # 1. Schedule a demo at https://www.apisec.ai/request-a-demo . # -# 2. Register your account at https://cloud.fxlabs.io/#/signup . +# 2. Register your account at https://cloud.apisec.ai/#/signup . # # 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly. # @@ -55,7 +55,7 @@ jobs: steps: - name: APIsec scan - uses: apisec-inc/apisec-run-scan@f748a240d69ca6cd7e9532fd0a47bec4ccd6a73c + uses: apisec-inc/apisec-run-scan@025432089674a28ba8fb55f8ab06c10215e772ea with: # The APIsec username with which the scans will be executed apisec-username: ${{ secrets.apisec_username }} diff --git a/code-scanning/brakeman.yml b/code-scanning/brakeman.yml index d381e85..197300c 100644 --- a/code-scanning/brakeman.yml +++ b/code-scanning/brakeman.yml @@ -35,7 +35,7 @@ jobs: # Customize the ruby version depending on your needs - name: Setup Ruby - uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0 + uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 with: ruby-version: '2.7' diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml index f0c3beb..0b8af33 100644 --- a/code-scanning/codeql.yml +++ b/code-scanning/codeql.yml @@ -23,7 +23,8 @@ on: jobs: analyze: name: Analyze - runs-on: ubuntu-latest + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} permissions: actions: read contents: read @@ -51,11 +52,11 @@ jobs: # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild uses: github/codeql-action/autobuild@v2 diff --git a/code-scanning/credo.yml b/code-scanning/credo.yml new file mode 100644 index 0000000..c1fb8d1 --- /dev/null +++ b/code-scanning/credo.yml @@ -0,0 +1,61 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + + +# Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency. +# https://github.com/rrrene/credo +# +# To use this workflow, you must have GitHub Advanced Security (GHAS) enabled for your repository. +# +# Instructions: +# 1. Add :credo as a dependency to your project's mix.exs with version ~> 1.7.0-rc.1 - https://github.com/rrrene/credo#installation-and-usage +# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository +# and review the "Security" tab once the action has run. + +name: Credo + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +permissions: + contents: read + +jobs: + security-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + otp: [version] + elixir: [version] + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f + with: + otp-version: ${{matrix.otp}} + elixir-version: ${{matrix.elixir}} + - name: get dependencies + run: mix deps.get + - name: compile dependencies + run: mix deps.compile + - name: compile + run: mix compile + - name: credo-scan + run: mix credo --format=sarif > credo_output.sarif + - name: upload sarif + uses: github/codeql-action/upload-sarif@v2 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: credo_output.sarif diff --git a/code-scanning/defender-for-devops.yml b/code-scanning/defender-for-devops.yml new file mode 100644 index 0000000..71971cd --- /dev/null +++ b/code-scanning/defender-for-devops.yml @@ -0,0 +1,47 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# +# Microsoft Security DevOps (MSDO) is a command line application which integrates static analysis tools into the development cycle. +# MSDO installs, configures and runs the latest versions of static analysis tools +# (including, but not limited to, SDL/security and compliance tools). +# +# The Microsoft Security DevOps action is currently in beta and runs on the windows-latest queue, +# as well as Windows self hosted agents. ubuntu-latest support coming soon. +# +# For more information about the action , check out https://github.com/microsoft/security-devops-action +# +# Please note this workflow do not integrate your GitHub Org with Microsoft Defender For DevOps. You have to create an integration +# and provide permission before this can report data back to azure. +# Read the official documentation here : https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github + +name: "Microsoft Defender For Devops" + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + MSDO: + # currently only windows latest is supported + runs-on: windows-latest + + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-dotnet@v3 + with: + dotnet-version: | + 5.0.x + 6.0.x + - name: Run Microsoft Security DevOps + uses: microsoft/security-devops-action@v1.6.0 + id: msdo + - name: Upload results to Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: ${{ steps.msdo.outputs.sarifFile }} diff --git a/code-scanning/detekt.yml b/code-scanning/detekt.yml index a13a517..15aeb45 100644 --- a/code-scanning/detekt.yml +++ b/code-scanning/detekt.yml @@ -77,7 +77,7 @@ jobs: fi DETEKT_DOWNLOAD_URL=$(jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' gh_response.json) - echo "::set-output name=download_url::$DETEKT_DOWNLOAD_URL" + echo "download_url=$DETEKT_DOWNLOAD_URL" >> $GITHUB_OUTPUT # Sets up the detekt cli - name: Setup Detekt diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml index 12414a1..feacb7f 100644 --- a/code-scanning/frogbot-scan-and-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -7,6 +7,8 @@ # Uses JFrog Xray to scan the project. # Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot +# Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md + name: "Frogbot Scan and Fix" on: push: @@ -21,36 +23,47 @@ jobs: steps: - uses: actions/checkout@v3 - # Install prerequisites - uncomment the relevant one + # IMPORTANT: + # 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix + # 2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md - # - uses: actions/setup-go@v3 - # with: - # go-version: 1.17.x - - # - uses: actions/setup-java@v3 - # with: - # java-version: "11" - # distribution: "temurin" - - # - uses: actions/setup-node@v3 - # with: - # node-version: "16.x" - - - - uses: jfrog/frogbot@b92e53d9631139a697cb71d9e70229a70ca56694 + - uses: jfrog/frogbot@3395426f351556d4568e30a6dfd2909dbedae99e env: + # [Mandatory if the two conditions below are met] + # 1. The project uses npm, yarn 2, NuGet or .NET to download its dependencies + # 2. The `installCommand` variable isn't set in your frogbot-config.yml file. + # + # The command that installs the project dependencies (e.g "npm i", "nuget restore" or "dotnet restore") + # JF_INSTALL_DEPS_CMD: "" + # [Mandatory] - # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) - JF_URL: ${{ secrets.FROGBOT_URL }} + # JFrog platform URL + JF_URL: ${{ secrets.JF_URL }} # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service - JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + # JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} # [Mandatory] # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # [Mandatory if using npm] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "npm i" + # [Optional] + # If the machine that runs Frogbot has no access to the internat, set the name of a remote repository + # in Artifactory, which proxies https://releases.jfrog.io/artifactory + # The 'frogbot' executable and other tools it needs will be downloaded through this repository. + # JF_RELEASES_REPO: "" + + # [Optional] + # Frogbot will download the project dependencies, if they're not cached locally. To download the + # dependencies from a virtual repository in Artifactory, set the name of of the repository. There's no + # need to set this value, if it is set in the frogbot-config.yml file. + # JF_DEPS_REPO: "" \ No newline at end of file diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index 74ee41e..9e8b6c5 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -7,6 +7,8 @@ # Uses JFrog Xray to scan the project. # Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot +# Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md + name: "Frogbot Scan Pull Request" on: pull_request_target: @@ -19,57 +21,54 @@ jobs: runs-on: ubuntu-latest # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the # "frogbot" GitHub environment can approve the pull request to be scanned. + # Read more here (Install Frogbot Using GitHub Actions): https://github.com/jfrog/frogbot/blob/master/docs/install-github.md environment: frogbot steps: - uses: actions/checkout@v2 with: ref: ${{ github.event.pull_request.head.sha }} - # Install prerequisites - uncomment the relevant ones + # IMPORTANT: + # 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix + # 2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md - # - uses: actions/setup-go@v3 - # with: - # go-version: 1.17.x - - # - uses: actions/setup-java@v3 - # with: - # java-version: "11" - # distribution: "temurin" - - # - uses: actions/setup-node@v3 - # with: - # node-version: "16.x" - - # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - - - uses: jfrog/frogbot@b92e53d9631139a697cb71d9e70229a70ca56694 + - uses: jfrog/frogbot@3395426f351556d4568e30a6dfd2909dbedae99e env: + # [Mandatory if the two conditions below are met] + # 1. The project uses npm, yarn 2, NuGet or .NET to download its dependencies + # 2. The `installCommand` variable isn't set in your frogbot-config.yml file. + # + # The command that installs the project dependencies (e.g "npm i", "nuget restore" or "dotnet restore") + # JF_INSTALL_DEPS_CMD: "" + # [Mandatory] - # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) + # JFrog platform URL JF_URL: ${{ secrets.JF_URL }} + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + # [Mandatory if JF_ACCESS_TOKEN is not provided] # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD - JF_USER: ${{ secrets.JF_USER }} + # JF_USER: ${{ secrets.JF_USER }} # [Mandatory if JF_ACCESS_TOKEN is not provided] # JFrog password. Must be provided with JF_USER - JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + # JF_PASSWORD: ${{ secrets.JF_PASSWORD }} # [Mandatory] # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + # [Optional] + # If the machine that runs Frogbot has no access to the internat, set the name of a remote repository + # in Artifactory, which proxies https://releases.jfrog.io/artifactory + # The 'frogbot' executable and other tools it needs will be downloaded through this repository. + # JF_RELEASES_REPO: "" - # [Mandatory when using npm] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "npm i" - - # [Mandatory when using .NET] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "dotnet restore" - - # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request + # [Optional] + # Frogbot will download the project dependencies, if they're not cached locally. To download the + # dependencies from a virtual repository in Artifactory, set the name of of the repository. There's no + # need to set this value, if it is set in the frogbot-config.yml file. + # JF_DEPS_REPO: "" \ No newline at end of file diff --git a/code-scanning/jscrambler-code-integrity.yml b/code-scanning/jscrambler-code-integrity.yml new file mode 100644 index 0000000..cbc9345 --- /dev/null +++ b/code-scanning/jscrambler-code-integrity.yml @@ -0,0 +1,47 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This is a basic workflow to help you get started with Using Jscrambler Code Integrity Action. +# It automates the protection of your JavaScript Applications, so you can run it whenever a new version of your application is built. +# A Jscrambler account is required to use this Workflow. +# +# More info can be found here : https://docs.jscrambler.com/latest/code-integrity/documentation/github-ci-integration + +name: Jscrambler Code Integrity + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 18 + - run: npm ci + - run: npm run build + - name: Jscrambler Code Integrity + id: jscrambler + # the complete list of inputs can be found here: https://github.com/marketplace/actions/jscrambler#inputs + uses: jscrambler/code-integrity-actions/protect@ab65962a2ecffcc362b75a997e24a181d0bde5fb + with: + application-id: ${{ secrets.JSCRAMBLER_APPLICATION_ID }} # This value should be created within your Jscrambler account + secret-key: ${{ secrets.JSCRAMBLER_SECRET_KEY }} # This value can be found in your Jscrambler account + access-key: ${{ secrets.JSCRAMBLER_ACCESS_KEY }} # This value can be found in your Jscrambler account + jscrambler-config-path: jscrambler.json # Download from your Jscrambler account + files-src: | # List of Files to be protected + dist/**/* + files-dest: . diff --git a/code-scanning/properties/codeql.properties.json b/code-scanning/properties/codeql.properties.json index f5e78bf..8aaa8f5 100644 --- a/code-scanning/properties/codeql.properties.json +++ b/code-scanning/properties/codeql.properties.json @@ -2,7 +2,7 @@ "name": "CodeQL Analysis", "creator": "GitHub", "enterprise": true, - "description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, Ruby and Kotlin developers.", + "description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, Ruby, Kotlin and Swift developers.", "iconName": "octicon mark-github", - "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby", "Kotlin"] + "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby", "Kotlin", "Swift"] } diff --git a/code-scanning/properties/credo.properties.json b/code-scanning/properties/credo.properties.json new file mode 100644 index 0000000..cdc621f --- /dev/null +++ b/code-scanning/properties/credo.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Credo Scan", + "creator": "Credo", + "description": "Credo is a static code analysis tool for the Elixir language with a focus on teaching and code consistency.", + "iconName": "code", + "categories": ["Code Scanning", "Elixir"] +} diff --git a/code-scanning/properties/defender-for-devops.properties.json b/code-scanning/properties/defender-for-devops.properties.json new file mode 100644 index 0000000..495fa26 --- /dev/null +++ b/code-scanning/properties/defender-for-devops.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Microsoft Defender For DevOps Scan", + "creator": "Microsoft", + "description": "Defender for DevOps helps integrate multiple tools with GitHub Advanced Security and sends the results to Defender for Cloud dashboard.", + "iconName": "microsoft", + "categories": ["Code Scanning", "HCL","Dockerfile", "Python", "JavaScript", "EcmaScript", "TypeScript"] +} diff --git a/code-scanning/properties/jscrambler-code-integrity.properties.json b/code-scanning/properties/jscrambler-code-integrity.properties.json new file mode 100644 index 0000000..f231d5c --- /dev/null +++ b/code-scanning/properties/jscrambler-code-integrity.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Jscrambler Code Integrity", + "description": "Protect your JavaScript Application with polymorphic obfuscation, code locks, and self-defensive techniques", + "creator": "Jscrambler", + "iconName": "jscrambler", + "categories": ["Code Scanning", "JavaScript", "HTML"] +} diff --git a/code-scanning/properties/snyk-security.properties.json b/code-scanning/properties/snyk-security.properties.json new file mode 100644 index 0000000..3c10ca1 --- /dev/null +++ b/code-scanning/properties/snyk-security.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Snyk Security", + "creator": "Snyk", + "description": "Detect vulnerabilities across your applications and infrastructure with the Snyk platform.", + "iconName": "snyk", + "categories": ["Code Scanning","JavaScript", "Python", "Java", "PHP", "C#", "C", "C++", "Ruby", "Swift", "Go", "TypeScript", "Kotlin", "Apex", "Scala", "Terraform", "Dockerfile"] +} diff --git a/code-scanning/puppet-lint.yml b/code-scanning/puppet-lint.yml index 0804ba9..047ff00 100644 --- a/code-scanning/puppet-lint.yml +++ b/code-scanning/puppet-lint.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@v3 - name: Setup Ruby - uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0 + uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 with: ruby-version: 2.7 bundler-cache: true diff --git a/code-scanning/rubocop.yml b/code-scanning/rubocop.yml index 97a693f..e2347db 100644 --- a/code-scanning/rubocop.yml +++ b/code-scanning/rubocop.yml @@ -28,7 +28,7 @@ jobs: # If running on a self-hosted runner, check it meets the requirements # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners - name: Set up Ruby - uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0 + uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 with: ruby-version: 2.6 diff --git a/code-scanning/scorecard.yml b/code-scanning/scorecard.yml index 69cf948..19b9b00 100644 --- a/code-scanning/scorecard.yml +++ b/code-scanning/scorecard.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6 + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 with: results_file: results.sarif results_format: sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27 + uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 with: sarif_file: results.sarif diff --git a/code-scanning/snyk-security.yml b/code-scanning/snyk-security.yml new file mode 100644 index 0000000..715fa1b --- /dev/null +++ b/code-scanning/snyk-security.yml @@ -0,0 +1,79 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# A sample workflow which sets up Snyk to analyze the full Snyk platform (Snyk Open Source, Snyk Code, +# Snyk Container and Snyk Infrastructure as Code) +# The setup installs the Snyk CLI - for more details on the possible commands +# check https://docs.snyk.io/snyk-cli/cli-reference +# The results of Snyk Code are then uploaded to GitHub Security Code Scanning +# +# In order to use the Snyk Action you will need to have a Snyk API token. +# More details in https://github.com/snyk/actions#getting-your-snyk-token +# or you can signup for free at https://snyk.io/login +# +# For more examples, including how to limit scans to only high-severity issues +# and fail PR checks, see https://github.com/snyk/actions/ + +name: Snyk Security + +on: + push: + branches: [$default-branch, $protected-branches] + pull_request: + branches: [$default-branch] + +permissions: + contents: read + +jobs: + snyk: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up Snyk CLI to check for security issues + # Snyk can be used to break the build when it detects security issues. + # In this case we want to upload the SAST issues to GitHub Code Scanning + uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb + + # For Snyk Open Source you must first set up the development environment for your application's dependencies + # For example for Node + #- uses: actions/setup-node@v3 + # with: + # node-version: 16 + + env: + # This is where you will need to introduce the Snyk API token created with your Snyk account + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + + # Runs Snyk Code (SAST) analysis and uploads result into GitHub. + # Use || true to not fail the pipeline + - name: Snyk Code test + run: snyk code test --sarif > snyk-code.sarif # || true + + # Runs Snyk Open Source (SCA) analysis and uploads result to Snyk. + - name: Snyk Open Source monitor + run: snyk monitor --all-projects + + # Runs Snyk Infrastructure as Code (IaC) analysis and uploads result to Snyk. + # Use || true to not fail the pipeline. + - name: Snyk IaC test and report + run: snyk iac test --report # || true + + # Build the docker image for testing + - name: Build a Docker image + run: docker build -t your/image-to-test . + # Runs Snyk Container (Container and SCA) analysis and uploads result to Snyk. + - name: Snyk Container monitor + run: snyk container monitor your/image-to-test --file=Dockerfile + + # Push the Snyk Code results into GitHub Code Scanning tab + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: snyk-code.sarif diff --git a/deployments/azure-functions-app-container.yml b/deployments/azure-functions-app-container.yml index 7b438be..1173b95 100644 --- a/deployments/azure-functions-app-container.yml +++ b/deployments/azure-functions-app-container.yml @@ -21,8 +21,7 @@ name: Deploy container to Azure Functions App on: push: - branches: - - [$default-branch] + branches: [$default-branch] permissions: contents: read diff --git a/deployments/azure-functions-app-dotnet.yml b/deployments/azure-functions-app-dotnet.yml index 8b2c23b..824614e 100644 --- a/deployments/azure-functions-app-dotnet.yml +++ b/deployments/azure-functions-app-dotnet.yml @@ -20,8 +20,7 @@ name: Deploy DotNet project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] env: AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure diff --git a/deployments/azure-functions-app-java-gradle.yml b/deployments/azure-functions-app-java-gradle.yml new file mode 100644 index 0000000..36c50b8 --- /dev/null +++ b/deployments/azure-functions-app-java-gradle.yml @@ -0,0 +1,69 @@ +# This workflow will build a Java project and deploy it to an Azure Functions App on Windows or Linux when a commit is pushed to your default branch. +# +# This workflow assumes you have already created the target Azure Functions app and applied azure functions plugin for gradle. +# For instructions see https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-first-java-gradle +# +# To configure this workflow: +# 1. Set up the following secrets in your repository: +# - AZURE_FUNCTIONAPP_PUBLISH_PROFILE +# 2. Change env variables for your configuration. +# +# For more information on: +# - GitHub Actions for Azure: https://github.com/Azure/Actions +# - Azure Functions Action: https://github.com/Azure/functions-action +# - Publish Profile: https://github.com/Azure/functions-action#using-publish-profile-as-deployment-credential-recommended +# - Azure Service Principal for RBAC: https://github.com/Azure/functions-action#using-azure-service-principal-for-rbac-as-deployment-credential +# +# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples/tree/master/FunctionApp + +name: Deploy Gradle Java project to Azure Function App + +on: + push: + branches: [$default-branch] + +permissions: + contents: read + +env: + AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure + BUILD_GRADLE_DIRECTORY: '.' # set this to the directory which contains build.gradle file + JAVA_VERSION: '8' # set this to the java version to use (e.g. '8', '11', '17') + +jobs: + build-and-deploy: + permissions: + contents: none + runs-on: windows-latest # For Linux, use ubuntu-latest + environment: dev + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@v3 + + # If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below + # - name: 'Login via Azure CLI' + # uses: azure/login@v1 + # with: + # creds: ${{ secrets.AZURE_RBAC_CREDENTIALS }} # set up AZURE_RBAC_CREDENTIALS secrets in your repository + + - name: Setup Java Sdk ${{ env.JAVA_VERSION }} + uses: actions/setup-java@v1 + with: + java-version: ${{ env.JAVA_VERSION }} + + # Build function project with functions gradle plugin + # For project with function plugin lower than 1.12.1, please make sure you have set same app name in gradle configuration + - name: 'Restore Project Dependencies Using Gradle Plugin for Azure Functions' + shell: pwsh # For Linux, use bash + run: | + pushd './${{ env.BUILD_GRADLE_DIRECTORY }}' + gradle azureFunctionsPackage -DappName=${{ env.AZURE_FUNCTIONAPP_NAME }} + popd + + - name: 'Run Azure Functions Action' + uses: Azure/functions-action@v1 + id: fa + with: + app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }} + package: '${{ env.BUILD_GRADLE_DIRECTORY }}/build/azure-functions/${{ env.AZURE_FUNCTIONAPP_NAME }}' + publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} # Remove publish-profile to use Azure RBAC diff --git a/deployments/azure-functions-app-java.yml b/deployments/azure-functions-app-java.yml index 0774544..5608328 100644 --- a/deployments/azure-functions-app-java.yml +++ b/deployments/azure-functions-app-java.yml @@ -20,8 +20,7 @@ name: Deploy Java project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] env: AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure diff --git a/deployments/azure-functions-app-nodejs.yml b/deployments/azure-functions-app-nodejs.yml index b8033f0..916f396 100644 --- a/deployments/azure-functions-app-nodejs.yml +++ b/deployments/azure-functions-app-nodejs.yml @@ -22,8 +22,7 @@ name: Deploy Node.js project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] env: AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure diff --git a/deployments/azure-functions-app-powershell.yml b/deployments/azure-functions-app-powershell.yml index 505b5af..5d62316 100644 --- a/deployments/azure-functions-app-powershell.yml +++ b/deployments/azure-functions-app-powershell.yml @@ -20,8 +20,7 @@ name: Deploy PowerShell project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] env: AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure diff --git a/deployments/azure-functions-app-python.yml b/deployments/azure-functions-app-python.yml index 0220227..6452a18 100644 --- a/deployments/azure-functions-app-python.yml +++ b/deployments/azure-functions-app-python.yml @@ -20,8 +20,7 @@ name: Deploy Python project to Azure Function App on: push: - branches: - - [$default-branch] + branches: [$default-branch] env: AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure diff --git a/deployments/azure-webapps-java-jar-gradle.yml b/deployments/azure-webapps-java-jar-gradle.yml new file mode 100644 index 0000000..b1c1df9 --- /dev/null +++ b/deployments/azure-webapps-java-jar-gradle.yml @@ -0,0 +1,79 @@ +# This workflow will build and push a Java application to an Azure Web App when a commit is pushed to your default branch. +# +# This workflow assumes you have already created the target Azure App Service web app. +# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-java?tabs=javase&pivots=platform-linux +# +# To configure this workflow: +# +# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal. +# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials +# +# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret. +# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret +# +# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the JAVA_VERSION environment variable below. +# +# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions +# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy +# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples + +name: Build and deploy Gradle app to Azure Web App + +env: + AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App + JAVA_VERSION: '11' # set this to the Java version to use + DISTRIBUTION: zulu # set this to the Java distribution + +on: + push: + branches: [ $default-branch ] + workflow_dispatch: + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + + - name: Set up Java version + uses: actions/setup-java@v3.0.0 + with: + java-version: ${{ env.JAVA_VERSION }} + distribution: ${{ env.DISTRIBUTION }} + cache: 'gradle' + + - name: Build with Gradle + run: gradle build + + - name: Upload artifact for deployment job + uses: actions/upload-artifact@v3 + with: + name: java-app + path: '${{ github.workspace }}/build/libs/*.jar' + + deploy: + permissions: + contents: none + runs-on: ubuntu-latest + needs: build + environment: + name: 'Development' + url: ${{ steps.deploy-to-webapp.outputs.webapp-url }} + + steps: + - name: Download artifact from build job + uses: actions/download-artifact@v3 + with: + name: java-app + + - name: Deploy to Azure Web App + id: deploy-to-webapp + uses: azure/webapps-deploy@v2 + with: + app-name: ${{ env.AZURE_WEBAPP_NAME }} + publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} + package: '*.jar' diff --git a/deployments/azure-webapps-php.yml b/deployments/azure-webapps-php.yml index 4d08dbd..b3aee8d 100644 --- a/deployments/azure-webapps-php.yml +++ b/deployments/azure-webapps-php.yml @@ -54,7 +54,7 @@ jobs: id: composer-cache if: steps.check_files.outputs.files_exists == 'true' run: | - echo "::set-output name=dir::$(composer config cache-files-dir)" + echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - name: Set up dependency caching for faster installs uses: actions/cache@v3 diff --git a/deployments/properties/azure-functions-app-java-gradle.properties.json b/deployments/properties/azure-functions-app-java-gradle.properties.json new file mode 100644 index 0000000..5c3bd16 --- /dev/null +++ b/deployments/properties/azure-functions-app-java-gradle.properties.json @@ -0,0 +1,8 @@ +{ + "name": "Deploy Gradle app to Azure Functions App", + "description": "Build a Java project and deploy it to an Azure Functions App on Windows or Linux.", + "creator": "Microsoft Azure", + "iconName": "azure", + "categories": ["Deployment", "Java", "Gradle", "Azure Functions"], + "labels": ["preview"] +} diff --git a/deployments/properties/azure-webapps-java-jar-gradle.properties.json b/deployments/properties/azure-webapps-java-jar-gradle.properties.json new file mode 100644 index 0000000..31804d7 --- /dev/null +++ b/deployments/properties/azure-webapps-java-jar-gradle.properties.json @@ -0,0 +1,8 @@ +{ + "name": "Deploy a Gradle .jar app to an Azure Web App", + "description": "Build a Gradle project and deploy it to an Azure Web App.", + "creator": "Microsoft Azure", + "iconName": "azure", + "categories": ["Deployment", "Java", "Gradle"], + "labels": ["preview"] +} diff --git a/icons/azure.svg b/icons/azure.svg index 2ff63c1..3b89df5 100644 --- a/icons/azure.svg +++ b/icons/azure.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/icons/code.svg b/icons/code.svg new file mode 100644 index 0000000..ee64cbc --- /dev/null +++ b/icons/code.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/icons/jscrambler.svg b/icons/jscrambler.svg new file mode 100644 index 0000000..7b96427 --- /dev/null +++ b/icons/jscrambler.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/icons/mdbook.svg b/icons/mdbook.svg new file mode 100644 index 0000000..c61e0a6 --- /dev/null +++ b/icons/mdbook.svg @@ -0,0 +1,17 @@ + + + + diff --git a/pages/astro.yml b/pages/astro.yml index 1b6478f..4278958 100644 --- a/pages/astro.yml +++ b/pages/astro.yml @@ -18,10 +18,11 @@ permissions: pages: write id-token: write -# Allow one concurrent deployment +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. concurrency: group: "pages" - cancel-in-progress: true + cancel-in-progress: false env: BUILD_PATH: "." # default value when not using subfolders @@ -48,7 +49,7 @@ jobs: echo "runner=npx --no-install" >> $GITHUB_OUTPUT exit 0 else - echo "Unable to determine packager manager" + echo "Unable to determine package manager" exit 1 fi - name: Setup Node @@ -84,4 +85,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v1 + uses: actions/deploy-pages@v2 diff --git a/pages/gatsby.yml b/pages/gatsby.yml index 34f15dd..1fe2d24 100644 --- a/pages/gatsby.yml +++ b/pages/gatsby.yml @@ -18,10 +18,11 @@ permissions: pages: write id-token: write -# Allow one concurrent deployment +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. concurrency: group: "pages" - cancel-in-progress: true + cancel-in-progress: false # Default to bash defaults: @@ -47,7 +48,7 @@ jobs: echo "command=ci" >> $GITHUB_OUTPUT exit 0 else - echo "Unable to determine packager manager" + echo "Unable to determine package manager" exit 1 fi - name: Setup Node @@ -93,4 +94,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v1 + uses: actions/deploy-pages@v2 diff --git a/pages/hugo.yml b/pages/hugo.yml index d4363fd..fd6c4b4 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -15,10 +15,11 @@ permissions: pages: write id-token: write -# Allow one concurrent deployment +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. concurrency: group: "pages" - cancel-in-progress: true + cancel-in-progress: false # Default to bash defaults: @@ -71,4 +72,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v1 + uses: actions/deploy-pages@v2 diff --git a/pages/jekyll-gh-pages.yml b/pages/jekyll-gh-pages.yml index 792aa18..851f2ce 100644 --- a/pages/jekyll-gh-pages.yml +++ b/pages/jekyll-gh-pages.yml @@ -15,10 +15,11 @@ permissions: pages: write id-token: write -# Allow one concurrent deployment +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. concurrency: group: "pages" - cancel-in-progress: true + cancel-in-progress: false jobs: # Build job @@ -47,4 +48,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v1 + uses: actions/deploy-pages@v2 diff --git a/pages/jekyll.yml b/pages/jekyll.yml index f4f1825..5adebe4 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -20,10 +20,11 @@ permissions: pages: write id-token: write -# Allow one concurrent deployment +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. concurrency: group: "pages" - cancel-in-progress: true + cancel-in-progress: false jobs: # Build job @@ -33,9 +34,9 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Setup Ruby - uses: ruby/setup-ruby@ee2113536afb7f793eed4ce60e8d3b26db912da4 # v1.127.0 + uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 with: - ruby-version: '3.0' # Not needed with a .ruby-version file + ruby-version: '3.1' # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically cache-version: 0 # Increment this number if you need to re-download cached gems - name: Setup Pages @@ -60,4 +61,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v1 + uses: actions/deploy-pages@v2 diff --git a/pages/mdbook.yml b/pages/mdbook.yml new file mode 100644 index 0000000..78d664e --- /dev/null +++ b/pages/mdbook.yml @@ -0,0 +1,60 @@ +# Sample workflow for building and deploying a mdBook site to GitHub Pages +# +# To get started with mdBook see: https://rust-lang.github.io/mdBook/index.html +# +name: Deploy mdBook site to Pages + +on: + # Runs on pushes targeting the default branch + push: + branches: [$default-branch] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. +concurrency: + group: "pages" + cancel-in-progress: false + +jobs: + # Build job + build: + runs-on: ubuntu-latest + env: + MDBOOK_VERSION: 0.4.21 + steps: + - uses: actions/checkout@v3 + - name: Install mdBook + run: | + curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf -y | sh + rustup update + cargo install --version ${MDBOOK_VERSION} mdbook + - name: Setup Pages + id: pages + uses: actions/configure-pages@v3 + - name: Build with mdBook + run: mdbook build + - name: Upload artifact + uses: actions/upload-pages-artifact@v1 + with: + path: ./book + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v2 diff --git a/pages/nextjs.yml b/pages/nextjs.yml index 5bd6c15..81073e6 100644 --- a/pages/nextjs.yml +++ b/pages/nextjs.yml @@ -18,10 +18,11 @@ permissions: pages: write id-token: write -# Allow one concurrent deployment +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. concurrency: group: "pages" - cancel-in-progress: true + cancel-in-progress: false jobs: # Build job @@ -44,7 +45,7 @@ jobs: echo "runner=npx --no-install" >> $GITHUB_OUTPUT exit 0 else - echo "Unable to determine packager manager" + echo "Unable to determine package manager" exit 1 fi - name: Setup Node @@ -91,4 +92,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v1 + uses: actions/deploy-pages@v2 diff --git a/pages/nuxtjs.yml b/pages/nuxtjs.yml index e7d8891..ddf8f4f 100644 --- a/pages/nuxtjs.yml +++ b/pages/nuxtjs.yml @@ -18,10 +18,11 @@ permissions: pages: write id-token: write -# Allow one concurrent deployment +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. concurrency: group: "pages" - cancel-in-progress: true + cancel-in-progress: false jobs: # Build job @@ -42,7 +43,7 @@ jobs: echo "command=ci" >> $GITHUB_OUTPUT exit 0 else - echo "Unable to determine packager manager" + echo "Unable to determine package manager" exit 1 fi - name: Setup Node @@ -86,4 +87,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v1 + uses: actions/deploy-pages@v2 diff --git a/pages/properties/mdbook.properties.json b/pages/properties/mdbook.properties.json new file mode 100644 index 0000000..2a4fe8d --- /dev/null +++ b/pages/properties/mdbook.properties.json @@ -0,0 +1,6 @@ +{ + "name": "mdBook", + "description": "Package a site using mdBook.", + "iconName": "mdbook", + "categories": ["Pages", "mdBook"] +} diff --git a/pages/static.yml b/pages/static.yml index d6b7192..43bec60 100644 --- a/pages/static.yml +++ b/pages/static.yml @@ -15,10 +15,11 @@ permissions: pages: write id-token: write -# Allow one concurrent deployment +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. concurrency: group: "pages" - cancel-in-progress: true + cancel-in-progress: false jobs: # Single deploy job since we're just deploying @@ -39,4 +40,4 @@ jobs: path: '.' - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v1 + uses: actions/deploy-pages@v2