From a188baf4344e4f29212cd40221e46a752158fefe Mon Sep 17 00:00:00 2001 From: Owen Rumney Date: Fri, 21 May 2021 08:39:23 +0100 Subject: [PATCH 01/25] Update the tfsec ref point Use the latest commit hash for the action - resolves the issue support code signing --- code-scanning/tfsec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/tfsec.yml b/code-scanning/tfsec.yml index 9040659..479f713 100644 --- a/code-scanning/tfsec.yml +++ b/code-scanning/tfsec.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v2 - name: Run tfsec - uses: tfsec/tfsec-sarif-action@2ec44316ed27c50d48c931c3c628adc4c8bb1d2b + uses: tfsec/tfsec-sarif-action@9a83b5c3524f825c020e356335855741fd02745f with: sarif_file: tfsec.sarif From 7c29ac248118d9e004eb6776e22cadbca1dd524a Mon Sep 17 00:00:00 2001 From: Luca Casonato Date: Mon, 24 May 2021 22:02:03 +0200 Subject: [PATCH 02/25] switch to official denoland/setup-deno action (#909) * switch to official denoland/setup-deno action Also adds formatting and linting to the workflow (like dart workflow), and use uniform capitalization. * update commit hash Co-authored-by: Josh Gross --- ci/deno.yml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/ci/deno.yml b/ci/deno.yml index 178b61f..cf91f5e 100644 --- a/ci/deno.yml +++ b/ci/deno.yml @@ -3,8 +3,8 @@ # separate terms of service, privacy policy, and support # documentation. -# This workflow will install Deno and run tests across stable and nightly builds on Windows, Ubuntu and macOS. -# For more information see: https://github.com/denolib/setup-deno +# This workflow will install Deno and run tests across stable and canary builds on Windows, Ubuntu and macOS. +# For more information see: https://github.com/denoland/setup-deno name: Deno @@ -20,7 +20,7 @@ jobs: strategy: matrix: - deno: ["v1.x", "nightly"] + deno: ["v1.x", "canary"] os: [macOS-latest, windows-latest, ubuntu-latest] steps: @@ -28,12 +28,20 @@ jobs: uses: actions/checkout@v2 - name: Setup Deno - uses: denolib/setup-deno@c7d7968ad4a59c159a777f79adddad6872ee8d96 + # uses: denoland/setup-deno@v1 + uses: denoland/setup-deno@4a4e59637fa62bd6c086a216c7e4c5b457ea9e79 with: deno-version: ${{ matrix.deno }} # tests across multiple Deno versions - - name: Cache Dependencies + # Uncomment this step to verify the use of 'deno fmt' on each commit. + # - name: Verify formatting + # run: deno fmt --check + + - name: Run linter + run: deno lint + + - name: Cache dependencies run: deno cache deps.ts - - name: Run Tests + - name: Run tests run: deno test -A --unstable From 1c4f13f8814ed74b3bd7e63b864c65bde209dd52 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Tue, 25 May 2021 17:32:21 -0700 Subject: [PATCH 03/25] Adds DevSkim example file --- code-scanning/devskim.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 code-scanning/devskim.yml diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml new file mode 100644 index 0000000..b668b14 --- /dev/null +++ b/code-scanning/devskim.yml @@ -0,0 +1,35 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: DevSkim + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +jobs: + lint: + name: DevSkim + runs-on: ubuntu-20.04 + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run DevSkim scanner + uses: microsoft/DevSkim-Action@v1 + + - name: Upload DevSkim scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: devskim-results.sarif \ No newline at end of file From d0779b618fe7a8b89791a2d154b2633f6cbae869 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Tue, 25 May 2021 17:32:55 -0700 Subject: [PATCH 04/25] Update devskim.yml --- code-scanning/devskim.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index b668b14..0aae4e8 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -32,4 +32,5 @@ jobs: - name: Upload DevSkim scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: - sarif_file: devskim-results.sarif \ No newline at end of file + sarif_file: devskim-results.sarif + should-scan-archives: false \ No newline at end of file From 98db90085801aaada3adad829688e454f93d044f Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Tue, 25 May 2021 17:36:54 -0700 Subject: [PATCH 05/25] Add logo and properties.json --- code-scanning/properties/devskim.properties.json | 7 +++++++ icons/cst-logo.svg | 11 +++++++++++ 2 files changed, 18 insertions(+) create mode 100644 code-scanning/properties/devskim.properties.json create mode 100644 icons/cst-logo.svg diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json new file mode 100644 index 0000000..1dcc121 --- /dev/null +++ b/code-scanning/properties/devskim.properties.json @@ -0,0 +1,7 @@ +{ + "name": "DevSkim", + "creator": "Microsoft CST-E", + "description": "Security issue linter.", + "iconName": "cst-logo", + "categories": ["Code Scanning"] +} diff --git a/icons/cst-logo.svg b/icons/cst-logo.svg new file mode 100644 index 0000000..7ecffdd --- /dev/null +++ b/icons/cst-logo.svg @@ -0,0 +1,11 @@ + + + + + + From c0f3fd1127961fb342c5d7de96a849ce55b556a5 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Tue, 25 May 2021 17:39:15 -0700 Subject: [PATCH 06/25] Update devskim.properties.json --- code-scanning/properties/devskim.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json index 1dcc121..6412a17 100644 --- a/code-scanning/properties/devskim.properties.json +++ b/code-scanning/properties/devskim.properties.json @@ -3,5 +3,5 @@ "creator": "Microsoft CST-E", "description": "Security issue linter.", "iconName": "cst-logo", - "categories": ["Code Scanning"] + "categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"] } From 72fb7d83894441f62267c599709be21a03978bbc Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Tue, 25 May 2021 17:44:51 -0700 Subject: [PATCH 07/25] Update devskim.yml --- code-scanning/devskim.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index 0aae4e8..1b6ea44 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -26,11 +26,13 @@ jobs: - name: Checkout code uses: actions/checkout@v2 + # Enable Should Scan Archives to scan all files inside archives as well - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@v1 + with: + should-scan-archives: false - name: Upload DevSkim scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: sarif_file: devskim-results.sarif - should-scan-archives: false \ No newline at end of file From 1f734b1213323fba15a97c3b4892963046d4a087 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Wed, 26 May 2021 05:08:44 -0700 Subject: [PATCH 08/25] Update devskim.properties.json --- code-scanning/properties/devskim.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json index 6412a17..377b1da 100644 --- a/code-scanning/properties/devskim.properties.json +++ b/code-scanning/properties/devskim.properties.json @@ -1,7 +1,7 @@ { "name": "DevSkim", "creator": "Microsoft CST-E", - "description": "Security issue linter.", + "description": "DevSkim is a security linter for multiple programming languages which indicates potentially unsafe code patterns.", "iconName": "cst-logo", "categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"] } From 16a4b621815b3abd69039707eb45aa358d1c7459 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Wed, 26 May 2021 08:26:56 -0700 Subject: [PATCH 09/25] Update cst-logo.svg --- icons/cst-logo.svg | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/icons/cst-logo.svg b/icons/cst-logo.svg index 7ecffdd..6b0ed78 100644 --- a/icons/cst-logo.svg +++ b/icons/cst-logo.svg @@ -1,11 +1,9 @@ - - - - - - + + + + + + + + + \ No newline at end of file From 0fdd36cae158e489dd50164ba6bd1de28b4211dd Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Wed, 26 May 2021 08:36:28 -0700 Subject: [PATCH 10/25] Update devskim.properties.json --- code-scanning/properties/devskim.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/devskim.properties.json b/code-scanning/properties/devskim.properties.json index 377b1da..0eab5c6 100644 --- a/code-scanning/properties/devskim.properties.json +++ b/code-scanning/properties/devskim.properties.json @@ -1,7 +1,7 @@ { "name": "DevSkim", "creator": "Microsoft CST-E", - "description": "DevSkim is a security linter for multiple programming languages which indicates potentially unsafe code patterns.", + "description": "DevSkim is security linter that highlights common security issues in source code.", "iconName": "cst-logo", "categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python", "Powershell", "Cobol", "Objective C", "PHP", "Ruby", "Rust", "SQL", "Swift", "Visual Basic"] } From 9c10407107c689af9fdfb0a434317af52a565144 Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Wed, 26 May 2021 08:37:19 -0700 Subject: [PATCH 11/25] Update devskim.yml --- code-scanning/devskim.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/code-scanning/devskim.yml b/code-scanning/devskim.yml index 1b6ea44..3a5c45f 100644 --- a/code-scanning/devskim.yml +++ b/code-scanning/devskim.yml @@ -9,7 +9,6 @@ on: push: branches: [ $default-branch, $protected-branches ] pull_request: - # The branches below must be a subset of the branches above branches: [ $default-branch ] schedule: - cron: $cron-weekly @@ -26,11 +25,8 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - # Enable Should Scan Archives to scan all files inside archives as well - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@v1 - with: - should-scan-archives: false - name: Upload DevSkim scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 From 282b038713fd99bfd12e127b95ec8467f409b0ac Mon Sep 17 00:00:00 2001 From: Sven Pfleiderer Date: Wed, 26 May 2021 10:41:53 -0700 Subject: [PATCH 12/25] Update push docker container to support container registry Also simplify the existing workflow by replacing shell code with actions --- ci/docker-publish.yml | 69 ++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 34 deletions(-) diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index ba69744..6152fde 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -2,20 +2,22 @@ name: Docker on: push: - # Publish `$default-branch` as Docker `latest` image. - branches: - - $default-branch - + branches: [ $default-branch ] # Publish `v1.2.3` tags as releases. - tags: - - v* + tags: [ 'v*.*.*' ] + pull_request_target: + branches: [ $default-branch ] # Run tests for any PRs. pull_request: env: - # TODO: Change variable to your image's name. - IMAGE_NAME: image + # TODO: Creates container named ACCOUNT/REPO + # Append /IMAGE-NAME to create a container named ACCOUNT/REPO/IMAGE-NAME + IMAGE_NAME: ${{ github.repository }} + + # Registry. Use docker.io for DockerHub + REGISTRY: ghcr.io jobs: # Run tests. @@ -49,32 +51,31 @@ jobs: packages: write steps: - - uses: actions/checkout@v2 + - name: Checkout repository + uses: actions/checkout@v2 - - name: Build image - run: docker build . --file Dockerfile --tag $IMAGE_NAME + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@v1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Log into registry - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} - - name: Push image - run: | - IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/$IMAGE_NAME - - # Change all uppercase to lowercase - IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') - - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use Docker `latest` tag convention - [ "$VERSION" == "$default-branch" ] && VERSION=latest - - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - - docker tag $IMAGE_NAME $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION + - name: Build and push Docker image + uses: docker/build-push-action@v2 + with: + context: . + # Don't push on pull requests + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} From b574e6db5060fafbf91fafb5c1e2e824fe5e11db Mon Sep 17 00:00:00 2001 From: Sven Pfleiderer Date: Wed, 26 May 2021 10:55:50 -0700 Subject: [PATCH 13/25] Add notice about third party actions --- ci/docker-publish.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index 6152fde..63b02f2 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -1,5 +1,10 @@ name: Docker +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + on: push: branches: [ $default-branch ] From 41a66c656e20c398aa7143b649d3678dae503afc Mon Sep 17 00:00:00 2001 From: Sven Pfleiderer Date: Wed, 26 May 2021 13:46:54 -0700 Subject: [PATCH 14/25] Use git shas rather than version tags --- ci/docker-publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index 63b02f2..26a5f89 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -60,7 +60,7 @@ jobs: uses: actions/checkout@v2 - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@v1 + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c with: registry: ${{ env.REGISTRY }} username: ${{ github.repository_owner }} @@ -68,7 +68,7 @@ jobs: - name: Extract Docker metadata id: meta - uses: docker/metadata-action@v3 + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -77,7 +77,7 @@ jobs: type=semver,pattern={{version}} - name: Build and push Docker image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc with: context: . # Don't push on pull requests From aa30f1448e6f181d695a784d284dbeaefc12a208 Mon Sep 17 00:00:00 2001 From: Sven Pfleiderer Date: Wed, 26 May 2021 14:07:29 -0700 Subject: [PATCH 15/25] Update ci/docker-publish.yml Co-authored-by: Bryan Clark --- ci/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index 26a5f89..d2672ab 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -63,7 +63,7 @@ jobs: uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c with: registry: ${{ env.REGISTRY }} - username: ${{ github.repository_owner }} + username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract Docker metadata From 6fe53a9ebd963520a1da2b470d71380c14c284fb Mon Sep 17 00:00:00 2001 From: Sven Pfleiderer Date: Wed, 26 May 2021 15:03:41 -0700 Subject: [PATCH 16/25] Remove context configuration since it's already the default --- ci/docker-publish.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index 26a5f89..c820f91 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -79,7 +79,6 @@ jobs: - name: Build and push Docker image uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc with: - context: . # Don't push on pull requests push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} From 9317366c912201db28a76971bf16ffcb807f2087 Mon Sep 17 00:00:00 2001 From: Sven Pfleiderer Date: Wed, 2 Jun 2021 14:21:03 -0700 Subject: [PATCH 17/25] Remove docker tags section to simplify configuration --- ci/docker-publish.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index e676dea..3a5a084 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -71,10 +71,6 @@ jobs: uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - name: Build and push Docker image uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc From 9d73235e0373a25865567ea98cba64564503fe68 Mon Sep 17 00:00:00 2001 From: Sven Pfleiderer Date: Wed, 2 Jun 2021 15:41:23 -0700 Subject: [PATCH 18/25] Remove pull request condition --- ci/docker-publish.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index 3a5a084..84c07c5 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -75,7 +75,5 @@ jobs: - name: Build and push Docker image uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc with: - # Don't push on pull requests - push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From 7b6d03675b1fac8ce90a9273c862548d5324ab24 Mon Sep 17 00:00:00 2001 From: Sven Pfleiderer Date: Wed, 2 Jun 2021 15:58:44 -0700 Subject: [PATCH 19/25] Revert "Remove pull request condition" This reverts commit 9d73235e0373a25865567ea98cba64564503fe68. --- ci/docker-publish.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index 84c07c5..3a5a084 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -75,5 +75,7 @@ jobs: - name: Build and push Docker image uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc with: + # Don't push on pull requests + push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From aaea7d2c9163c76a095b8c3f483ab92c900bdd65 Mon Sep 17 00:00:00 2001 From: James Curtin Date: Thu, 3 Jun 2021 10:55:41 -0400 Subject: [PATCH 20/25] Update Python package build and upload example (#900) * Update Python package build and upload example * Update python-publish.yml --- ci/python-publish.yml | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/ci/python-publish.yml b/ci/python-publish.yml index 1a03a7b..3bfabfc 100644 --- a/ci/python-publish.yml +++ b/ci/python-publish.yml @@ -1,11 +1,16 @@ # This workflow will upload a Python Package using Twine when a release is created # For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + name: Upload Python Package on: release: - types: [created] + types: [published] jobs: deploy: @@ -21,11 +26,11 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install setuptools wheel twine - - name: Build and publish - env: - TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} - TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} - run: | - python setup.py sdist bdist_wheel - twine upload dist/* + pip install build + - name: Build package + run: python -m build + - name: Publish package + uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 + with: + user: __token__ + password: ${{ secrets.PYPI_API_TOKEN }} From 4c00e7ffc6203ba2fca6a59e9017a17649bb29a6 Mon Sep 17 00:00:00 2001 From: Tim Etchells Date: Thu, 3 Jun 2021 13:19:02 -0400 Subject: [PATCH 21/25] Replace oc-installer with tools-installer --- ci/openshift.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/openshift.yml b/ci/openshift.yml index 6d5c20a..ec5e0fb 100644 --- a/ci/openshift.yml +++ b/ci/openshift.yml @@ -144,7 +144,8 @@ jobs: # oc-login works on all platforms, but oc must be installed first. # The GitHub Ubuntu runner already includes oc. - # Otherwise, https://github.com/redhat-actions/oc-installer#readme is available. + # Otherwise, https://github.com/redhat-actions/openshift-tools-installer can be used to install oc, + # as well as many other tools. # https://github.com/redhat-actions/oc-login#readme - name: Log in to OpenShift From 0c715d6fe2fb18fcbdeb32a8a8315353b4cf320f Mon Sep 17 00:00:00 2001 From: Josh Gross Date: Thu, 3 Jun 2021 15:07:11 -0400 Subject: [PATCH 22/25] Use $cron-daily for daily schedules (#923) --- .github/workflows/stale.yml | 2 +- automation/stale.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index c116b93..b34c768 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -2,7 +2,7 @@ name: Mark stale issues and pull requests on: schedule: - - cron: "21 4 * * *" + - cron: $cron-daily jobs: stale: diff --git a/automation/stale.yml b/automation/stale.yml index 30c3dd9..277380b 100644 --- a/automation/stale.yml +++ b/automation/stale.yml @@ -2,7 +2,7 @@ name: Mark stale issues and pull requests on: schedule: - - cron: "30 1 * * *" + - cron: $cron-daily jobs: stale: From 90ba42df70b9ef88c62b697b955eb30a46b65732 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Fri, 4 Jun 2021 20:23:02 +0200 Subject: [PATCH 23/25] Simplify Docker publish workflow (#921) Co-authored-by: CrazyMax Co-authored-by: Josh Gross --- ci/docker-publish.yml | 50 ++++++++++++++----------------------------- 1 file changed, 16 insertions(+), 34 deletions(-) diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index 3a5a084..ab266ef 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -6,51 +6,26 @@ name: Docker # documentation. on: + schedule: + - cron: $cron-daily push: branches: [ $default-branch ] - # Publish `v1.2.3` tags as releases. + # Publish semver tags as releases. tags: [ 'v*.*.*' ] - pull_request_target: - branches: [ $default-branch ] - - # Run tests for any PRs. pull_request: + branches: [ $default-branch ] env: - # TODO: Creates container named ACCOUNT/REPO - # Append /IMAGE-NAME to create a container named ACCOUNT/REPO/IMAGE-NAME + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / IMAGE_NAME: ${{ github.repository }} - # Registry. Use docker.io for DockerHub - REGISTRY: ghcr.io jobs: - # Run tests. - # See also https://docs.docker.com/docker-hub/builds/automated-testing/ - test: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Run tests - run: | - if [ -f docker-compose.test.yml ]; then - docker-compose --file docker-compose.test.yml build - docker-compose --file docker-compose.test.yml run sut - else - docker build . --file Dockerfile - fi - - # Push image to GitHub Packages. - # See also https://docs.docker.com/docker-hub/builds/ - push: - # Ensure test job passes before pushing image. - needs: test + build: runs-on: ubuntu-latest - if: github.event_name == 'push' - permissions: contents: read packages: write @@ -59,23 +34,30 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 + # Login against a Docker registry except on PR + # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action - name: Build and push Docker image uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc with: - # Don't push on pull requests + context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From ef2ae0412b4176c94dfb3abdd6495402623ca5bc Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Wed, 9 Jun 2021 08:24:51 -0700 Subject: [PATCH 24/25] Update cst-logo.svg --- icons/cst-logo.svg | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/icons/cst-logo.svg b/icons/cst-logo.svg index 6b0ed78..a7beb3d 100644 --- a/icons/cst-logo.svg +++ b/icons/cst-logo.svg @@ -1,9 +1,5 @@ - - - - - \ No newline at end of file + From 85b7086a46f78f798472bef7b53ef74a9df5f905 Mon Sep 17 00:00:00 2001 From: DezorkIT <12272599+DezorkIT@users.noreply.github.com> Date: Mon, 14 Jun 2021 15:19:02 +0300 Subject: [PATCH 25/25] Removed *`* because it crashes build There was a mistake in [last commit](https://github.com/actions/starter-workflows/commit/5ac32fc0977190a464c62c63cad5fcb04067c34e), that added additional *`* which causes this error ``` /Users/runner/work/_temp/2259bec8-2d05-441b-ada0-fad594134af2.sh: line 5: unexpected EOF while looking for matching ``' 14 Error: Process completed with exit code 2. ``` I just simply removed it. --- ci/ios.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/ios.yml b/ci/ios.yml index 74c974d..032b77a 100644 --- a/ci/ios.yml +++ b/ci/ios.yml @@ -37,7 +37,7 @@ jobs: platform: ${{ 'iOS Simulator' }} run: | # xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959) - device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`` + device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'` if [ $scheme = default ]; then scheme=$(cat default); fi if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`