Merge branch 'main' into main

This commit is contained in:
Jacob Wallraff
2024-08-01 14:50:04 -07:00
committed by GitHub
87 changed files with 168 additions and 144 deletions
+2 -2
View File
@@ -15,9 +15,9 @@ jobs:
git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*
git config user.email "cschleiden@github.com"
git config user.name "GitHub Actions"
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: '16'
node-version: '20'
cache: 'npm'
cache-dependency-path: script/sync-ghes/package-lock.json
- name: Check starter workflows for GHES compat
+2 -2
View File
@@ -12,9 +12,9 @@ jobs:
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: '16'
node-version: '20'
cache: 'npm'
cache-dependency-path: script/validate-data/package-lock.json
+1 -1
View File
@@ -14,7 +14,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
+1 -1
View File
@@ -17,7 +17,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
+1 -1
View File
@@ -29,7 +29,7 @@ jobs:
# Run Synthetic tests within your GitHub workflow.
# For additional configuration options visit the action within the marketplace: https://github.com/marketplace/actions/datadog-synthetics-ci
- name: Run Datadog Synthetic tests
uses: DataDog/synthetics-ci-github-action@2b56dc0cca9daa14ab69c0d1d6844296de8f941e
uses: DataDog/synthetics-ci-github-action@87b505388a22005bb8013481e3f73a367b9a53eb # v1.4.0
with:
api_key: ${{secrets.DD_API_KEY}}
app_key: ${{secrets.DD_APP_KEY}}
+2 -2
View File
@@ -41,9 +41,9 @@ jobs:
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
with:
cosign-release: 'v2.1.1'
cosign-release: 'v2.2.4'
# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
+1 -1
View File
@@ -30,7 +30,7 @@ jobs:
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Setup Gradle
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
- name: Build with Gradle
run: ./gradlew build
+4 -4
View File
@@ -28,10 +28,10 @@ jobs:
java-version: '17'
distribution: 'temurin'
# Configure Gradle for optimal use in GiHub Actions, including caching of downloaded dependencies.
# Configure Gradle for optimal use in GitHub Actions, including caching of downloaded dependencies.
# See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
- name: Setup Gradle
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
- name: Build with Gradle Wrapper
run: ./gradlew build
@@ -40,7 +40,7 @@ jobs:
# If your project does not have the Gradle Wrapper configured, you can use the following configuration to run Gradle with a specified version.
#
# - name: Setup Gradle
# uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
# uses: gradle/actions/setup-gradle@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
# with:
# gradle-version: '8.5'
#
@@ -64,4 +64,4 @@ jobs:
# Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
# See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
uses: gradle/actions/dependency-submission@dbbdc275be76ac10734476cc723d82dfe7ec6eda # v3.4.2
+1 -1
View File
@@ -18,7 +18,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
+1 -1
View File
@@ -22,7 +22,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
+2 -2
View File
@@ -16,13 +16,13 @@ jobs:
strategy:
matrix:
node-version: [14.x, 16.x, 18.x]
node-version: [18.x, 20.x, 22.x]
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
+2 -2
View File
@@ -12,13 +12,13 @@ jobs:
strategy:
matrix:
node-version: [14.x, 16.x, 18.x]
node-version: [18.x, 20.x, 22.x]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
+2 -2
View File
@@ -12,13 +12,13 @@ jobs:
strategy:
matrix:
node-version: [14.x, 16.x, 18.x]
node-version: [18.x, 20.x, 22.x]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
+4 -4
View File
@@ -12,9 +12,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: 16
node-version: 20
- run: npm ci
- run: npm test
@@ -26,9 +26,9 @@ jobs:
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: 16
node-version: 20
registry-url: $registry-url(npm)
- run: npm ci
- run: npm publish
+4 -4
View File
@@ -12,9 +12,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: 16
node-version: 20
- run: npm ci
- run: npm test
@@ -23,9 +23,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: 16
node-version: 20
registry-url: https://registry.npmjs.org/
- run: npm ci
- run: npm publish
+4 -2
View File
@@ -30,7 +30,7 @@ jobs:
uses: actions/checkout@v4
# Add or replace dependency steps here
- name: Install Ruby and gems
uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
uses: ruby/setup-ruby@78c01b705fd9d5ad960d432d3a0cfa341d50e410 # v1.179.1
with:
bundler-cache: true
# Add or replace database setup steps here
@@ -46,9 +46,11 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Ruby and gems
uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
uses: ruby/setup-ruby@78c01b705fd9d5ad960d432d3a0cfa341d50e410 # v1.179.1
with:
bundler-cache: true
- name: Generate binstubs
run: bundle binstubs bundler-audit brakeman rubocop
# Add or replace any other lints here
- name: Security audit dependencies
run: bin/bundler-audit --update
+1 -1
View File
@@ -22,7 +22,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
+2 -2
View File
@@ -12,13 +12,13 @@ jobs:
strategy:
matrix:
node-version: [14.x, 16.x, 18.x]
node-version: [18.x, 20.x, 22.x]
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
+1 -1
View File
@@ -43,6 +43,6 @@ jobs:
fail-build: true
severity-cutoff: critical
- name: Upload vulnerability report
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
+1 -1
View File
@@ -66,6 +66,6 @@ jobs:
# The name of the sarif format result file The file is written only if this property is provided.
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ./apisec-results.sarif
+1 -1
View File
@@ -38,6 +38,6 @@ jobs:
exit-code: 0
# Upload SARIF file generated in previous step
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -53,6 +53,6 @@ jobs:
# Upload the SARIF file generated in the previous step
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: output.sarif.json
+1 -1
View File
@@ -49,7 +49,7 @@ jobs:
cx_tenant: ${{ secrets.CX_TENANT }} # This should be replaced by your tenant for Checkmarx One
additional_params: --report-format sarif --output-path .
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: cx_result.sarif
+1 -1
View File
@@ -50,6 +50,6 @@ jobs:
params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filter-severity --cx-flow.filter-category --checkmarx.disable-clubbing=true --repo-url=${{ github.event.repository.url }}
# Upload the Report for CodeQL/Security Alerts
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: cx.sarif
+1 -1
View File
@@ -38,7 +38,7 @@ jobs:
fail-on-result: 'false'
- name: Upload analysis results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{github.workspace}}/clj-holmes-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -48,7 +48,7 @@ jobs:
fail-on-result: false
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{github.workspace}}/clj-watson-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -50,7 +50,7 @@ jobs:
cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
# Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always()
# is needed to ensure the SARIF file is uploaded
if: always()
+1 -1
View File
@@ -56,6 +56,6 @@ jobs:
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -44,6 +44,6 @@ jobs:
organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: codescan.sarif
+1 -1
View File
@@ -48,6 +48,6 @@ jobs:
authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
#Upload the results to GitHub
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif # The file name must be 'results.sarif', as this is what the Github Action will output
+2 -2
View File
@@ -94,9 +94,9 @@ jobs:
#
# Example:
# - name: Setup Node
# uses: actions/setup-node@v2
# uses: actions/setup-node@v4
# with:
# node-version: '14'
# node-version: '20'
# https://github.com/redhat-actions/openshift-tools-installer/blob/main/README.md
- name: Install CRDA CLI
+1 -1
View File
@@ -55,7 +55,7 @@ jobs:
- name: credo-scan
run: mix credo --format=sarif > credo_output.sarif
- name: upload sarif
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: credo_output.sarif
+1 -1
View File
@@ -42,6 +42,6 @@ jobs:
# Setting a SARIF output will generate a file named "datree.sarif" containing your test results
cliArguments: "-o sarif"
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: datree.sarif
+2 -2
View File
@@ -33,7 +33,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v3
- uses: actions/setup-dotnet@v4
with:
dotnet-version: |
5.0.x
@@ -42,6 +42,6 @@ jobs:
uses: microsoft/security-devops-action@v1.6.0
id: msdo
- name: Upload results to Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.msdo.outputs.sarifFile }}
+1 -1
View File
@@ -111,7 +111,7 @@ jobs:
)" > ${{ github.workspace }}/detekt.sarif.json
# Uploads results to GitHub repository using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v2
- uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: ${{ github.workspace }}/detekt.sarif.json
+1 -1
View File
@@ -29,6 +29,6 @@ jobs:
uses: microsoft/DevSkim-Action@v1
- name: Upload DevSkim scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: devskim-results.sarif
+2 -2
View File
@@ -26,7 +26,7 @@ jobs:
### Use this section to define the build steps used by your software package.
### Endor Labs builds your software for you where possible but the required build tools must be made available.
# - name: Setup Java
# uses: actions/setup-java@v3
# uses: actions/setup-java@v4
# with:
# distribution: 'microsoft'
# java-version: '17'
@@ -46,6 +46,6 @@ jobs:
ci_run: "false"
sarif_file: findings.sarif
- name: Upload SARIF to github
uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: findings.sarif
+1 -1
View File
@@ -44,7 +44,7 @@ jobs:
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: eslint-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -63,7 +63,7 @@ jobs:
sarif-result-file: "ethicalcheck-results.sarif"
- name: Upload sarif file to repository
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ./ethicalcheck-results.sarif
+1 -1
View File
@@ -33,6 +33,6 @@ jobs:
output: 'flawfinder_results.sarif'
- name: Upload analysis results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{github.workspace}}/flawfinder_results.sarif
+3 -7
View File
@@ -5,9 +5,9 @@
# Frogbot Scan and Fix does the following:
# Automatically creates pull requests with fixes for vulnerable project dependencies.
# Uses JFrog Xray to scan the project.
# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot
# Read more about Frogbot here - https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot
# Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md
# Some projects require creating a frogbot-config.yml file. Read more about it here - https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot/setup-frogbot/frogbot-configuration
name: "Frogbot Scan and Fix"
on:
@@ -23,11 +23,7 @@ jobs:
steps:
- uses: actions/checkout@v4
# IMPORTANT:
# 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix
# 2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md
- uses: jfrog/frogbot@8fbeca612957ae5f5f0c03a19cb6e59e237026f3 # v2.10.0
- uses: jfrog/frogbot@5d9c42c30f1169d8be4ba5510b40e75ffcbbc2a9 # v2.21.2
env:
# [Mandatory if the two conditions below are met]
# 1. The project uses npm, yarn 2, NuGet or .NET to download its dependencies
+5 -9
View File
@@ -5,9 +5,9 @@
# Frogbot Scan Pull Request does the following:
# Automatically scans new pull requests for security vulnerabilities.
# Uses JFrog Xray to scan the project.
# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot
# Read more about Frogbot here - https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot
# Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md
# Some projects require creating a frogbot-config.yml file. Read more about it here - https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot/setup-frogbot/frogbot-configuration
name: "Frogbot Scan Pull Request"
on:
@@ -21,18 +21,14 @@ jobs:
runs-on: ubuntu-latest
# A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the
# "frogbot" GitHub environment can approve the pull request to be scanned.
# Read more here (Install Frogbot Using GitHub Actions): https://github.com/jfrog/frogbot/blob/master/docs/install-github.md
# Read more here (Install Frogbot Using GitHub Actions): https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot/setup-frogbot/setup-frogbot-using-github-actions
environment: frogbot
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
# IMPORTANT:
# 1. See the following link for information about the tools that need to be installed for Frogbot to work - https://github.com/jfrog/frogbot/tree/master/docs/templates/github-actions/scan-and-fix
# 2. Some projects require creating a frogbot-config.yml file. Read more about it here - https://github.com/jfrog/frogbot/blob/master/docs/frogbot-config.md
- uses: jfrog/frogbot@8fbeca612957ae5f5f0c03a19cb6e59e237026f3 # v2.10.0
- uses: jfrog/frogbot@5d9c42c30f1169d8be4ba5510b40e75ffcbbc2a9 # v2.21.2
env:
# [Mandatory if the two conditions below are met]
# 1. The project uses npm, yarn 2, NuGet or .NET to download its dependencies
+1 -1
View File
@@ -41,7 +41,7 @@ jobs:
no-fail: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: hadolint-results.sarif
wait-for-processing: true
+2 -2
View File
@@ -28,9 +28,9 @@ jobs:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: 18
node-version: 20
- run: npm ci
- run: npm run build
- name: Jscrambler Code Integrity
+1 -1
View File
@@ -36,6 +36,6 @@ jobs:
exit-code: "0"
- name: Upload Kubesec scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: kubesec-results.sarif
+1 -1
View File
@@ -49,7 +49,7 @@ jobs:
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: lintr-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -59,6 +59,6 @@ jobs:
sarif-report: mapi.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: mapi.sarif
+1 -1
View File
@@ -38,6 +38,6 @@ jobs:
args: . --sarif --output results.sarif || true
- name: Upload mobsfscan report
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -54,7 +54,7 @@ jobs:
# Upload SARIF file to GitHub Code Scanning Alerts
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+1 -1
View File
@@ -37,6 +37,6 @@ jobs:
with:
args: '. --sarif --output results.sarif || true'
- name: Upload njsscan report
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -47,6 +47,6 @@ jobs:
group_id: {{ groupId }} # Update this to your desired Platform group ID
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: NowSecure.sarif
+2 -2
View File
@@ -40,7 +40,7 @@ jobs:
# GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
# For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
# - name: Install .NET
# uses: actions/setup-dotnet@v2
# uses: actions/setup-dotnet@v4
# with:
# dotnet-version: '3.1.x'
@@ -51,6 +51,6 @@ jobs:
# Upload results to the Security tab
- name: Upload OSSAR results
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+1 -1
View File
@@ -51,7 +51,7 @@ jobs:
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: phpmd-results.sarif
wait-for-processing: true
+2 -2
View File
@@ -26,7 +26,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
@@ -38,6 +38,6 @@ jobs:
sourcePath: 'src/main/java'
analyzeModifiedFilesOnly: false
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: pmd-report.sarif
+19 -5
View File
@@ -20,7 +20,8 @@ env:
AWS_ROLE: MY_ROLE # set this with the role ARN which has permissions to invoke access-analyzer:ValidatePolicy,access-analyzer:CheckNoNewAccess, access-analyzer:CheckAccessNotGranted and can be used in GitHub actions
REGION: MY_AWS_REGION # set this to your preferred AWS region where you plan to deploy your policies, e.g. us-west-1
TEMPLATE_PATH: FILE_PATH_TO_CFN_TEMPLATE # set to the file path to the CloudFormation template.
ACTIONS: MY_LIST_OF_ACTIONS # set to pass list of actions in the format action1, action2,.. This is required if you are using `CHECK_ACCESS_NOT_GRANTED` policy-check-type.
ACTIONS: MY_LIST_OF_ACTIONS # set to pass list of actions in the format action1, action2,.. One of `ACTIONS` or `RESOURCES` is required if you are using `CHECK_ACCESS_NOT_GRANTED` policy-check-type.
RESOURCES: MY_LIST_OF_RESOURCES # set to pass list of resource ARNs in the format resource1, resource2,.. One of `ACTIONS` or `RESOURCES` is required if you are using `CHECK_ACCESS_NOT_GRANTED` policy-check-type.
REFERENCE_POLICY: REFERENCE_POLICY # set to pass a JSON formatted file that specifies the path to the reference policy that is used for a permissions comparison. For example, if you stored such path in a GitHub secret with name REFERENCE_IDENTITY_POLICY , you can pass ${{ secrets.REFERENCE_IDENTITY_POLICY }}. If not you have the reference policy in the repository, you can directly pass it's file path. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
REFERENCE_POLICY_TYPE: TYPE_OF_REFERENCE_POLICY # set to pass the policy type associated with the IAM policy under analysis and the reference policy. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
jobs:
@@ -45,7 +46,7 @@ jobs:
# Run the VALIDATE_POLICY check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
- name: Run AWS AccessAnalyzer ValidatePolicy check
id: run-aws-validate-policy
uses: aws-actions/cloudformation-aws-iam-policy-validator@10479bdc0c8322ffb6f5eaa75d096195f97b798a #v1.0.0
uses: aws-actions/cloudformation-aws-iam-policy-validator@8cadb086bd7cce9ffd5a0bb8051b36f778b556bd #v1.0.2
with:
policy-check-type: "VALIDATE_POLICY"
template-path: ${{ env.TEMPLATE_PATH}}
@@ -57,11 +58,12 @@ jobs:
# Run the CHECK_ACCESS_NOT_GRANTED check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
- name: Run AWS AccessAnalyzer CheckAccessNotGranted check
id: run-aws-check-access-not-granted
uses: aws-actions/cloudformation-aws-iam-policy-validator@10479bdc0c8322ffb6f5eaa75d096195f97b798a #v1.0.0
uses: aws-actions/cloudformation-aws-iam-policy-validator@8cadb086bd7cce9ffd5a0bb8051b36f778b556bd #v1.0.2
with:
policy-check-type: "CHECK_ACCESS_NOT_GRANTED"
template-path: ${{ env.TEMPLATE_PATH}}
actions: ${{ env.ACTIONS }}
resources: ${{ env.RESOURCES }}
region: ${{ env.REGION }}
# Print result from CHECK_ACCESS_NOT_GRANTED check
- name: Print the result for CheckAccessNotGranted check
@@ -71,14 +73,26 @@ jobs:
# reference-policy is stored in GitHub secrets
- name: Run AWS AccessAnalyzer CheckNoNewAccess check
id: run-aws-check-no-new-access
uses: aws-actions/cloudformation-aws-iam-policy-validator@10479bdc0c8322ffb6f5eaa75d096195f97b798a #v1.0.0
uses: aws-actions/cloudformation-aws-iam-policy-validator@8cadb086bd7cce9ffd5a0bb8051b36f778b556bd #v1.0.2
with:
policy-check-type: "CHECK_NO_NEW_ACCESS"
template-path: ${{ env.TEMPLATE_PATH}}
reference-policy: ${{ env.REFERENCE }}
reference-policy: ${{ env.REFERENCE_POLICY }}
reference-policy-type: ${{ env.REFERENCE_POLICY_TYPE }}
region: ${{env.REGION }}
# Print result from CHECK_NO_NEW_ACCESS check
- name: Print the result for CheckNoNewAccess check
if: success() || failure()
run: echo "${{ steps.run-aws-check-no-new-access.outputs.result }}"
# Run the CHECK_NO_PUBLIC_ACCESS check. More configuration details here - https://github.com/aws-actions/cloudformation-aws-iam-policy-validator
- name: Run AWS AccessAnalyzer CheckNoPublicAccess check
id: run-aws-check-no-public-access
uses: aws-actions/cloudformation-aws-iam-policy-validator@8cadb086bd7cce9ffd5a0bb8051b36f778b556bd #v1.0.2
with:
policy-check-type: "CHECK_NO_PUBLIC_ACCESS"
template-path: ${{ env.TEMPLATE_PATH }}
region: ${{ env.REGION }}
# Print result from CHECK_NO_PUBLIC_ACCESS check
- name: Print the result for CheckNoPublicAccess check
if: success() || failure()
run: echo "${{ steps.run-aws-check-no-public-access.outputs.result }}"
+18 -4
View File
@@ -21,7 +21,8 @@ env:
AWS_ROLE: MY_ROLE # set this with the role ARN which has permissions to invoke access-analyzer:ValidatePolicy,access-analyzer:CheckNoNewAccess, access-analyzer:CheckAccessNotGranted and can be used in GitHub actions
REGION: MY_AWS_REGION # set this to your preferred AWS region where you plan to deploy your policies, e.g. us-west-1
TEMPLATE_PATH: FILE_PATH_TO_THE_TF_PLAN # set this to the file path to the terraform plan in JSON
ACTIONS: MY_LIST_OF_ACTIONS # set to pass list of actions in the format action1, action2,.. This is required if you are using `CHECK_ACCESS_NOT_GRANTED` policy-check-type.
ACTIONS: MY_LIST_OF_ACTIONS # set to pass list of actions in the format action1, action2,.. One of `ACTIONS` or `RESOURCES` is required if you are using `CHECK_ACCESS_NOT_GRANTED` policy-check-type.
RESOURCES: MY_LIST_OF_RESOURCES # set to pass list of resource ARNs in the format resource1, resource2,.. One of `ACTIONS` or `RESOURCES` is required if you are using `CHECK_ACCESS_NOT_GRANTED` policy-check-type.
REFERENCE_POLICY: REFERENCE_POLICY # set to pass a JSON formatted file that specifies the path to the reference policy that is used for a permissions comparison. For example, if you stored such path in a GitHub secret with name REFERENCE_IDENTITY_POLICY , you can pass ${{ secrets.REFERENCE_IDENTITY_POLICY }}. If not you have the reference policy in the repository, you can directly pass it's path. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
REFERENCE_POLICY_TYPE: TYPE_OF_REFERENCE_POLICY # set to pass the policy type associated with the IAM policy under analysis and the reference policy. This is required if you are using `CHECK_NO_NEW_ACCESS_CHECK` policy-check-type.
@@ -48,7 +49,7 @@ jobs:
# Run the VALIDATE_POLICY check. More configuration details here - https://github.com/aws-actions/terraform-aws-iam-policy-validator
- name: Run AWS AccessAnalyzer ValidatePolicy check
id: run-aws-validate-policy
uses: aws-actions/terraform-aws-iam-policy-validator@3e527234ccf8ca494450942c4a91d54b291b013e #v1.0.0
uses: aws-actions/terraform-aws-iam-policy-validator@26797c40250bf1ee50af8996a2475b9b5a8b8927 #v1.0.2
with:
policy-check-type: "VALIDATE_POLICY"
template-path: ${{ env.TEMPLATE_PATH }}
@@ -60,11 +61,12 @@ jobs:
# Run the CHECK_ACCESS_NOT_GRANTED check. More configuration details here - https://github.com/aws-actions/terraform-aws-iam-policy-validator
- name: Run AWS AccessAnalyzer CheckAccessNotGranted check
id: run-aws-check-access-not-granted
uses: aws-actions/terraform-aws-iam-policy-validator@3e527234ccf8ca494450942c4a91d54b291b013e #v1.0.0
uses: aws-actions/terraform-aws-iam-policy-validator@26797c40250bf1ee50af8996a2475b9b5a8b8927 #v1.0.2
with:
policy-check-type: "CHECK_ACCESS_NOT_GRANTED"
template-path: ${{ env.TEMPLATE_PATH }}
actions: ${{ env.ACTIONS }}
resources: ${{ env.RESOURCES }}
region: ${{ env.REGION }}
# Print result from CHECK_ACCESS_NOT_GRANTED check
- name: Print the result for CheckAccessNotGranted check
@@ -74,7 +76,7 @@ jobs:
# reference-policy is stored in GitHub secrets
- name: Run AWS AccessAnalyzer CheckNoNewAccess check
id: run-aws-check-no-new-access
uses: aws-actions/terraform-aws-iam-policy-validator@3e527234ccf8ca494450942c4a91d54b291b013e #v1.0.0
uses: aws-actions/terraform-aws-iam-policy-validator@26797c40250bf1ee50af8996a2475b9b5a8b8927 #v1.0.2
with:
policy-check-type: "CHECK_NO_NEW_ACCESS"
template-path: ${{ env.TEMPLATE_PATH }}
@@ -85,3 +87,15 @@ jobs:
- name: Print the result CheckNoNewAccess check
if: success() || failure()
run: echo "${{ steps.run-aws-check-no-new-access.outputs.result }}"
# Run the CHECK_NO_PUBLIC_ACCESS check. More configuration details here - https://github.com/aws-actions/terraform-aws-iam-policy-validator
- name: Run AWS AccessAnalyzer CheckNoPublicAccess check
id: run-aws-check-no-public-access
uses: aws-actions/terraform-aws-iam-policy-validator@26797c40250bf1ee50af8996a2475b9b5a8b8927 #v1.0.2
with:
policy-check-type: "CHECK_NO_PUBLIC_ACCESS"
template-path: ${{ env.TEMPLATE_PATH }}
region: ${{ env.REGION }}
# Print result from CHECK_NO_PUBLIC_ACCESS check
- name: Print the result for CheckNoPublicAccess check
if: success() || failure()
run: echo "${{ steps.run-aws-check-no-public-access.outputs.result }}"
+1 -1
View File
@@ -44,6 +44,6 @@ jobs:
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -49,7 +49,7 @@ jobs:
# The service need to know the type of IaC being scanned
template_type: 'CFT'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
# Results are generated only on a success or failure
# this is required since GitHub by default won't run the next step
# when the previous one has failed.
+1 -1
View File
@@ -33,6 +33,6 @@ jobs:
uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287
- name: Upload Security Analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -49,7 +49,7 @@ jobs:
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: puppet-lint-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -47,6 +47,6 @@ jobs:
"
- name: Upload Sarif output
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: rubocop.sarif
+1 -1
View File
@@ -49,7 +49,7 @@ jobs:
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: rust-clippy-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -68,6 +68,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+1 -1
View File
@@ -38,4 +38,4 @@ jobs:
uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687
- name: Upload sarif
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
+1 -1
View File
@@ -43,7 +43,7 @@ jobs:
# Upload SARIF file generated in previous step
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: semgrep.sarif
if: always()
+1 -1
View File
@@ -50,6 +50,6 @@ jobs:
image: your/image-to-test
args: --file=Dockerfile
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
+1 -1
View File
@@ -49,6 +49,6 @@ jobs:
# or `main.tf` for a Terraform configuration file
file: your-file-to-test.yaml
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
+3 -3
View File
@@ -43,9 +43,9 @@ jobs:
# For Snyk Open Source you must first set up the development environment for your application's dependencies
# For example for Node
#- uses: actions/setup-node@v3
#- uses: actions/setup-node@v4
# with:
# node-version: 16
# node-version: 20
env:
# This is where you will need to introduce the Snyk API token created with your Snyk account
@@ -74,6 +74,6 @@ jobs:
# Push the Snyk Code results into GitHub Code Scanning tab
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk-code.sarif
+1 -1
View File
@@ -36,6 +36,6 @@ jobs:
- id: run-action
uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912
- name: Upload report
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+5 -6
View File
@@ -46,13 +46,12 @@ jobs:
- name: Analyze with SonarCloud
# You can pin the exact commit or the version.
# uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
# uses: SonarSource/sonarcloud-github-action@v2.2.0
uses: SonarSource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
with:
# Additional arguments for the sonarcloud scanner
# Additional arguments for the SonarScanner CLI
args:
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
# mandatory
@@ -60,9 +59,9 @@ jobs:
-Dsonar.organization=
# Comma-separated paths to directories containing main source files.
#-Dsonar.sources= # optional, default is project base directory
# When you need the analysis to take place in a directory other than the one from which it was launched
#-Dsonar.projectBaseDir= # optional, default is .
# Comma-separated paths to directories containing test source files.
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
#-Dsonar.verbose= # optional, default is false
# When you need the analysis to take place in a directory other than the one from which it was launched, default is .
projectBaseDir: .
+1 -1
View File
@@ -71,7 +71,7 @@ jobs:
- name: Upload SARIF file
if: ${{steps.prescription.outputs.sastScan == 'true' }}
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: workflowengine-results.sarif.json
+1 -1
View File
@@ -55,7 +55,7 @@ jobs:
# Sysdig inline scanner requires privileged rights
run-as-user: root
- uses: github/codeql-action/upload-sarif@v2
- uses: github/codeql-action/upload-sarif@v3
#Upload SARIF file
if: always()
with:
+1 -1
View File
@@ -32,7 +32,7 @@ jobs:
sarif_file: tfsec.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: tfsec.sarif
+1 -1
View File
@@ -43,6 +43,6 @@ jobs:
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
+2 -2
View File
@@ -42,7 +42,7 @@ jobs:
- run: curl --silent --show-error --fail -O https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
- run: unzip -o pipeline-scan-LATEST.zip
- uses: actions/setup-java@v3
- uses: actions/setup-java@v4
with:
java-version: 8
distribution: 'temurin'
@@ -53,7 +53,7 @@ jobs:
uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be
with:
pipeline-results-json: results.json
- uses: github/codeql-action/upload-sarif@v2
- uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: veracode-results.sarif
+2 -2
View File
@@ -62,7 +62,7 @@ jobs:
# Set up the correct Java version for your project
# Please comment out, if your project does not contain Java source code.
- name: Set up JDK 11
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: 11
distribution: 'temurin'
@@ -95,6 +95,6 @@ jobs:
*-Findings-List.sarif
# Uploads the findings into the GitHub code scanning alert section using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v2
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: Xanitizer-Findings-List.sarif
+1 -1
View File
@@ -51,6 +51,6 @@ jobs:
#Ensure that the following step is included in order to post the scan results under the code scanning alerts section within the repository.
- name: Upload SARIF file
if: ${{ success() || failure() && (steps.zscaler-iac-scan.outputs.sarif_file_path != '') }}
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.zscaler-iac-scan.sarif_file_path }}
+1 -1
View File
@@ -55,6 +55,6 @@ jobs:
app_file: app-release-unsigned.apk
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: Zimperium.sarif
+1 -1
View File
@@ -42,7 +42,7 @@ jobs:
# creds: ${{ secrets.AZURE_RBAC_CREDENTIALS }} # set up AZURE_RBAC_CREDENTIALS secrets in your repository
- name: Setup DotNet ${{ env.DOTNET_VERSION }} Environment
uses: actions/setup-dotnet@v3
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
@@ -28,6 +28,7 @@ permissions:
env:
AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure
BUILD_GRADLE_DIRECTORY: '.' # set this to the directory which contains build.gradle file
DISTRIBUTION: 'zulu' # set this to the java version to use (e.g. 'zulu', 'temurin', 'microsoft')
JAVA_VERSION: '8' # set this to the java version to use (e.g. '8', '11', '17')
jobs:
@@ -47,8 +48,9 @@ jobs:
# creds: ${{ secrets.AZURE_RBAC_CREDENTIALS }} # set up AZURE_RBAC_CREDENTIALS secrets in your repository
- name: Setup Java Sdk ${{ env.JAVA_VERSION }}
uses: actions/setup-java@v1
uses: actions/setup-java@v4
with:
distribution: ${{ env.DISTRIBUTION }}
java-version: ${{ env.JAVA_VERSION }}
# Build function project with functions gradle plugin
+3 -1
View File
@@ -25,6 +25,7 @@ on:
env:
AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure
POM_XML_DIRECTORY: '.' # set this to the directory which contains pom.xml file
DISTRIBUTION: 'zulu' # set this to the java version to use (e.g. 'zulu', 'temurin', 'microsoft')
JAVA_VERSION: '8' # set this to the java version to use (e.g. '8', '11', '17')
jobs:
@@ -42,8 +43,9 @@ jobs:
# creds: ${{ secrets.AZURE_RBAC_CREDENTIALS }} # set up AZURE_RBAC_CREDENTIALS secrets in your repository
- name: Setup Java Sdk ${{ env.JAVA_VERSION }}
uses: actions/setup-java@v1
uses: actions/setup-java@v4
with:
distribution: ${{ env.DISTRIBUTION }}
java-version: ${{ env.JAVA_VERSION }}
- name: 'Restore Project Dependencies Using Mvn'
+2 -2
View File
@@ -27,7 +27,7 @@ on:
env:
AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure
AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your function app project, defaults to the repository root
NODE_VERSION: '16.x' # set this to the node version to use (e.g. '8.x', '10.x', '12.x')
NODE_VERSION: '20.x' # set this to the node version to use (e.g. '8.x', '10.x', '12.x')
jobs:
build-and-deploy:
@@ -44,7 +44,7 @@ jobs:
# creds: ${{ secrets.AZURE_RBAC_CREDENTIALS }} # set up AZURE_RBAC_CREDENTIALS secrets in your repository
- name: Setup Node ${{ env.NODE_VERSION }} Environment
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
+1 -1
View File
@@ -40,7 +40,7 @@ jobs:
- uses: actions/checkout@v4
- name: Set up .NET Core
uses: actions/setup-dotnet@v2
uses: actions/setup-dotnet@v4
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
@@ -40,7 +40,7 @@ jobs:
- uses: actions/checkout@v4
- name: Set up Java version
uses: actions/setup-java@v3.0.0
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.DISTRIBUTION }}
+1 -1
View File
@@ -40,7 +40,7 @@ jobs:
- uses: actions/checkout@v4
- name: Set up Java version
uses: actions/setup-java@v3.0.0
uses: actions/setup-java@v4
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.DISTRIBUTION }}
+2 -2
View File
@@ -25,7 +25,7 @@ on:
env:
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '14.x' # set this to the node version to use
NODE_VERSION: '20.x' # set this to the node version to use
permissions:
contents: read
@@ -37,7 +37,7 @@ jobs:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
+2 -3
View File
@@ -31,7 +31,7 @@ jobs:
build:
runs-on: ubuntu-latest
env:
HUGO_VERSION: 0.124.1
HUGO_VERSION: 0.128.0
steps:
- name: Install Hugo CLI
run: |
@@ -50,9 +50,8 @@ jobs:
run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true"
- name: Build with Hugo
env:
# For maximum backward compatibility with Hugo modules
HUGO_CACHEDIR: ${{ runner.temp }}/hugo_cache
HUGO_ENVIRONMENT: production
HUGO_ENV: production
run: |
hugo \
--minify \