Merge branch 'main' into main

This commit is contained in:
Jeroen Rietveld
2021-06-16 11:01:03 +09:00
committed by GitHub
11 changed files with 124 additions and 81 deletions
+1 -1
View File
@@ -2,7 +2,7 @@ name: Mark stale issues and pull requests
on:
schedule:
- cron: "21 4 * * *"
- cron: $cron-daily
jobs:
stale:
+1 -1
View File
@@ -2,7 +2,7 @@ name: Mark stale issues and pull requests
on:
schedule:
- cron: "30 1 * * *"
- cron: $cron-daily
jobs:
stale:
+14 -6
View File
@@ -3,8 +3,8 @@
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will install Deno and run tests across stable and nightly builds on Windows, Ubuntu and macOS.
# For more information see: https://github.com/denolib/setup-deno
# This workflow will install Deno and run tests across stable and canary builds on Windows, Ubuntu and macOS.
# For more information see: https://github.com/denoland/setup-deno
name: Deno
@@ -20,7 +20,7 @@ jobs:
strategy:
matrix:
deno: ["v1.x", "nightly"]
deno: ["v1.x", "canary"]
os: [macOS-latest, windows-latest, ubuntu-latest]
steps:
@@ -28,12 +28,20 @@ jobs:
uses: actions/checkout@v2
- name: Setup Deno
uses: denolib/setup-deno@c7d7968ad4a59c159a777f79adddad6872ee8d96
# uses: denoland/setup-deno@v1
uses: denoland/setup-deno@4a4e59637fa62bd6c086a216c7e4c5b457ea9e79
with:
deno-version: ${{ matrix.deno }} # tests across multiple Deno versions
- name: Cache Dependencies
# Uncomment this step to verify the use of 'deno fmt' on each commit.
# - name: Verify formatting
# run: deno fmt --check
- name: Run linter
run: deno lint
- name: Cache dependencies
run: deno cache deps.ts
- name: Run Tests
- name: Run tests
run: deno test -A --unstable
+44 -61
View File
@@ -1,80 +1,63 @@
name: Docker
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
schedule:
- cron: $cron-daily
push:
# Publish `$default-branch` as Docker `latest` image.
branches:
- $default-branch
# Publish `v1.2.3` tags as releases.
tags:
- v*
# Run tests for any PRs.
branches: [ $default-branch ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
pull_request:
branches: [ $default-branch ]
env:
# TODO: Change variable to your image's name.
IMAGE_NAME: image
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
jobs:
# Run tests.
# See also https://docs.docker.com/docker-hub/builds/automated-testing/
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run tests
run: |
if [ -f docker-compose.test.yml ]; then
docker-compose --file docker-compose.test.yml build
docker-compose --file docker-compose.test.yml run sut
else
docker build . --file Dockerfile
fi
# Push image to GitHub Packages.
# See also https://docs.docker.com/docker-hub/builds/
push:
# Ensure test job passes before pushing image.
needs: test
build:
runs-on: ubuntu-latest
if: github.event_name == 'push'
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- name: Checkout repository
uses: actions/checkout@v2
- name: Build image
run: docker build . --file Dockerfile --tag $IMAGE_NAME
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log into registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Push image
run: |
IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/$IMAGE_NAME
# Change all uppercase to lowercase
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
# Use Docker `latest` tag convention
[ "$VERSION" == "$default-branch" ] && VERSION=latest
echo IMAGE_ID=$IMAGE_ID
echo VERSION=$VERSION
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
+1 -1
View File
@@ -37,7 +37,7 @@ jobs:
platform: ${{ 'iOS Simulator' }}
run: |
# xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'``
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`
if [ $scheme = default ]; then scheme=$(cat default); fi
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
+2 -1
View File
@@ -144,7 +144,8 @@ jobs:
# oc-login works on all platforms, but oc must be installed first.
# The GitHub Ubuntu runner already includes oc.
# Otherwise, https://github.com/redhat-actions/oc-installer#readme is available.
# Otherwise, https://github.com/redhat-actions/openshift-tools-installer can be used to install oc,
# as well as many other tools.
# https://github.com/redhat-actions/oc-login#readme
- name: Log in to OpenShift
+14 -9
View File
@@ -1,11 +1,16 @@
# This workflow will upload a Python Package using Twine when a release is created
# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Upload Python Package
on:
release:
types: [created]
types: [published]
jobs:
deploy:
@@ -21,11 +26,11 @@ jobs:
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine
- name: Build and publish
env:
TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
run: |
python setup.py sdist bdist_wheel
twine upload dist/*
pip install build
- name: Build package
run: python -m build
- name: Publish package
uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}
+34
View File
@@ -0,0 +1,34 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: DevSkim
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
lint:
name: DevSkim
runs-on: ubuntu-20.04
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run DevSkim scanner
uses: microsoft/DevSkim-Action@v1
- name: Upload DevSkim scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: devskim-results.sarif
@@ -0,0 +1,7 @@
{
"name": "DevSkim",
"creator": "Microsoft CST-E",
"description": "DevSkim is security linter that highlights common security issues in source code.",
"iconName": "cst-logo",
"categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"]
}
+1 -1
View File
@@ -27,7 +27,7 @@ jobs:
uses: actions/checkout@v2
- name: Run tfsec
uses: tfsec/tfsec-sarif-action@2ec44316ed27c50d48c931c3c628adc4c8bb1d2b
uses: tfsec/tfsec-sarif-action@9a83b5c3524f825c020e356335855741fd02745f
with:
sarif_file: tfsec.sarif
+5
View File
@@ -0,0 +1,5 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="480" height="480" viewBox="0 0 480 480" xml:space="preserve">
<g transform="matrix(1.27 0 0 1.27 240.37 240.13)" >
<path style="stroke: none; stroke-width: 0; stroke-dasharray: none; stroke-linecap: butt; stroke-dashoffset: 0; stroke-linejoin: miter; stroke-miterlimit: 4; fill: rgb(0,166,81); fill-rule: evenodd; opacity: 1;" vector-effect="non-scaling-stroke" transform=" translate(-254.79, -255.14)" d="M 385 126 q 3 29.5 6 59 c 14.887 99.029 -26.989 173.188 -76 210 c -15.011 11.275 -34.444 28.678 -55 33 c -23.295 4.9 -62.125 -29.538 -74 -40 c -47.1 -41.491 -81.871 -110.908 -67 -207 q 2.5 -27.5 5 -55 c 56.2 0 79.764 -31.923 122 -43 c 21.768 -5.709 39.243 10.642 51 17 C 321.744 113.382 347.824 125.771 385 126 Z M 257 146 l 10 20 l -10 16 v 1 c 54.64 4.6 54.618 49.256 64 95 l 23 2 C 366.547 210.191 324.832 147.532 257 146 Z m -20 1 c -13.088 6.944 -27.628 8 -39 16 c -23.257 16.355 -58.678 71.48 -34 114 l 14 -13 l 2 -3 l 18 5 v -4 c -12.586 -32.148 9.054 -62.976 29 -73 l 17 -5 q 6 -9 12 -18 l -10 -19 h -9 Z M 183 271 c -4.776 6.187 -12.116 10.084 -14 19 c 15.62 18.551 27.581 36.088 53 45 c 43.771 15.347 110.459 -10.4 116 -46 l -23 -1 l -7 -17 l -2 1 c -3.756 9.36 -10.955 14.8 -19 20 C 243.212 320.315 218.111 283.968 183 271 Z" stroke-linecap="round" />
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.4 KiB