Merge branch 'main' into setup-java-v2-update

This commit is contained in:
Alena Sviridenko
2021-04-05 17:45:30 +03:00
committed by GitHub
15 changed files with 205 additions and 33 deletions
+1 -1
View File
@@ -19,6 +19,6 @@ Before merging a new workflow, the following requirements need to be met:
- There are many programming languages and tools out there. Right now we don't have a page that allows for a really large number of workflows, so we do have to be a little choosy about what we accept. Less popular tools or languages might not be accepted.
- Automation and CI workflows should not send data to any 3rd party service except for the purposes of installing dependencies.
- Automation and CI workflows cannot be dependent on a paid service or product.
- We recommend that Actions outside of the `actions` organization be pinned to a specific SHA.
- We require that Actions outside of the `actions` organization be pinned to a specific SHA.
Thank you
+1
View File
@@ -42,6 +42,7 @@ env:
jobs:
build:
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
+2 -1
View File
@@ -33,6 +33,7 @@ jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
@@ -77,4 +78,4 @@ jobs:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: sample-app-service
cluster: default
wait-for-service-stability: true
wait-for-service-stability: true
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up Elixir
uses: actions/setup-elixir@v1
uses: erlef/setup-elixir@885971a72ed1f9240973bd92ab57af8c1aa68f24
with:
elixir-version: '1.10.3' # Define the elixir version [required]
otp-version: '22.3' # Define the OTP version [required]
+1
View File
@@ -28,6 +28,7 @@ jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
+55 -29
View File
@@ -27,6 +27,7 @@
# For a more sophisticated example, see https://github.com/redhat-actions/spring-petclinic/blob/main/.github/workflows/petclinic-sample.yaml
# Also see our GitHub organization, https://github.com/redhat-actions/
# ▶️ See a video of how to set up this workflow at https://www.youtube.com/watch?v=6hgBO-1pKho
name: OpenShift
@@ -64,8 +65,44 @@ jobs:
openshift-ci-cd:
name: Build and deploy to OpenShift
runs-on: ubuntu-20.04
environment: production
outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
steps:
- name: Check if secrets exists
uses: actions/github-script@v3
with:
script: |
const secrets = {
REGISTRY_PASSWORD: `${{ secrets.REGISTRY_PASSWORD }}`,
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
};
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
if (value.length === 0) {
core.warning(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`✅ All the required secrets are set`);
}
- uses: actions/checkout@v2
- name: Determine app name
@@ -80,12 +117,13 @@ jobs:
# https://github.com/redhat-actions/buildah-build#readme
- name: Build from Dockerfile
uses: redhat-actions/buildah-build@v1
id: image-build
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.APP_NAME }}
tag: ${{ env.TAG }}
tags: ${{ env.TAG }}
# If you don't have a dockerfile, see:
# https://github.com/redhat-actions/buildah-build#building-from-scratch
# https://github.com/redhat-actions/buildah-build#scratch-build-inputs
# Otherwise, point this to your Dockerfile relative to the repository root.
dockerfiles: |
./Dockerfile
@@ -93,10 +131,10 @@ jobs:
# https://github.com/redhat-actions/push-to-registry#readme
- name: Push to registry
id: push-to-registry
uses: redhat-actions/push-to-registry@v1
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ env.APP_NAME }}
tag: ${{ env.TAG }}
image: ${{ steps.image-build.outputs.image }}
tags: ${{ steps.image-build.outputs.tags }}
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
@@ -117,30 +155,15 @@ jobs:
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
# This step should create a deployment, service, and route to run your app and expose it to the internet.
# Feel free to replace this with 'oc apply', 'helm install', or however you like to deploy your app.
# https://github.com/redhat-actions/oc-new-app#readme
- name: Create and expose app
run: |
export IMAGE="${{ steps.push-to-registry.outputs.registry-path }}"
export PORT=${{ env.APP_PORT }}
export SELECTOR="app=${{ env.APP_NAME }}"
echo "SELECTOR=$SELECTOR" >> $GITHUB_ENV
set -x
# Take down any old deployment
oc delete all --selector="$SELECTOR"
oc new-app --name $APP_NAME --docker-image="$IMAGE"
# Make sure the app port is exposed
oc patch svc $APP_NAME -p "{ \"spec\": { \"ports\": [{ \"name\": \"$PORT-tcp\", \"port\": $PORT }] } }"
oc expose service $APP_NAME --port=$PORT
oc get all --selector="$SELECTOR"
set +x
export ROUTE="$(oc get route $APP_NAME -o jsonpath='{.spec.host}')"
echo "$APP_NAME is exposed at $ROUTE"
echo "ROUTE=$ROUTE" >> $GITHUB_ENV
id: deploy-and-expose
uses: redhat-actions/oc-new-app@v1
with:
app_name: ${{ env.APP_NAME }}
image: ${{ steps.push-to-registry.outputs.registry-path }}
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
port: ${{ env.APP_PORT }}
- name: View application route
run: |
@@ -150,3 +173,6 @@ jobs:
echo "==================================================================================="
echo
echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\""
env:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+1 -1
View File
@@ -27,7 +27,7 @@ jobs:
${{ runner.os }}-php-
- name: Install dependencies
run: composer install --prefer-dist --no-progress --no-suggest
run: composer install --prefer-dist --no-progress
# Add a test script to composer.json, for instance: "test": "vendor/bin/phpunit"
# Docs: https://getcomposer.org/doc/articles/scripts.md
+1
View File
@@ -30,6 +30,7 @@ jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
+1
View File
@@ -54,6 +54,7 @@ jobs:
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
environment: production
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
+37
View File
@@ -0,0 +1,37 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Kubesec
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
lint:
name: Kubesec
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run kubesec scanner
uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14
with:
input: file.yaml # specify configuration file to scan here
format: template
template: template/sarif.tpl
output: kubesec-results.sarif
exit-code: "0"
- name: Upload Kubesec scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: kubesec-results.sarif
@@ -0,0 +1,7 @@
{
"name": "Kubesec",
"creator": "Controlplane",
"description": "Security risk analysis for Kubernetes resources. Submit pod-types (such as deployment, cronjob) to receive an itemised security risk score.",
"iconName": "kubesec",
"categories": ["Code Scanning"]
}
@@ -0,0 +1,7 @@
{
"name": "Synopsys Intelligent Security Scan Action",
"creator": "Synopsys",
"description": "The Synopsys Intelligent Security Scan Action helps selectively perform SAST and SCA scans, triggered during a variety of GitHub Platform events",
"iconName": "synopsys-io",
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "Ruby", "PHP", "Swift", "Kotlin" , "Python", "VB.NET", "Objective C"]
}
+73
View File
@@ -0,0 +1,73 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Synopsys Intelligent Security Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Synopsys Intelligent Security Scan
id: prescription
uses: synopsys-sig/intelligent-security-scan@48eedfcd42bc342a294dc495ac452797b2d9ff08
with:
ioServerUrl: ${{secrets.IO_SERVER_URL}}
ioServerToken: ${{secrets.IO_SERVER_TOKEN}}
workflowServerUrl: ${{secrets.WORKFLOW_SERVER_URL}}
additionalWorkflowArgs: --polaris.url=${{secrets.POLARIS_SERVER_URL}} --polaris.token=${{secrets.POLARIS_ACCESS_TOKEN}}
stage: "IO"
# Please note that the ID in previous step was set to prescription
# in order for this logic to work also make sure that POLARIS_ACCESS_TOKEN
# is defined in settings
- name: Static Analysis with Polaris
if: ${{steps.prescription.outputs.sastScan == 'true' }}
run: |
export POLARIS_SERVER_URL=${{ secrets.POLARIS_SERVER_URL}}
export POLARIS_ACCESS_TOKEN=${{ secrets.POLARIS_ACCESS_TOKEN}}
wget -q ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
unzip -j polaris_cli-linux64.zip -d /tmp
/tmp/polaris analyze -w
# Please note that the ID in previous step was set to prescription
# in order for this logic to work
- name: Software Composition Analysis with Black Duck
if: ${{steps.prescription.outputs.scaScan == 'true' }}
uses: blackducksoftware/github-action@9ea442b34409737f64743781e9adc71fd8e17d38
with:
args: '--blackduck.url="${{ secrets.BLACKDUCK_URL}}" --blackduck.api.token="${{ secrets.BLACKDUCK_TOKEN}}" --detect.tools="SIGNATURE_SCAN,DETECTOR"'
- name: Synopsys Intelligent Security Scan
if: ${{ steps.prescription.outputs.sastScan == 'true' || steps.prescription.outputs.scaScan == 'true' }}
uses: synopsys-sig/intelligent-security-scan@48eedfcd42bc342a294dc495ac452797b2d9ff08
with:
ioServerUrl: ${{secrets.IO_SERVER_URL}}
ioServerToken: ${{secrets.IO_SERVER_TOKEN}}
workflowServerUrl: ${{secrets.WORKFLOW_SERVER_URL}}
additionalWorkflowArgs: --IS_SAST_ENABLED=${{steps.prescription.outputs.sastScan}} --IS_SCA_ENABLED=${{steps.prescription.outputs.scaScan}}
--polaris.project.name={{PROJECT_NAME}} --polaris.url=${{secrets.POLARIS_SERVER_URL}} --polaris.token=${{secrets.POLARIS_ACCESS_TOKEN}}
--blackduck.project.name={{PROJECT_NAME}}:{{PROJECT_VERSION}} --blackduck.url=${{secrets.BLACKDUCK_URL}} --blackduck.api.token=${{secrets.BLACKDUCK_TOKEN}}
stage: "WORKFLOW"
- name: Upload SARIF file
if: ${{steps.prescription.outputs.sastScan == 'true' }}
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: workflowengine-results.sarif.json
+16
View File
@@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="102.6mm" height="105.4mm" version="1.1" viewBox="0 0 102.6 105.4" xmlns="http://www.w3.org/2000/svg" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:osb="http://www.openswatchbook.org/uri/2009/osb" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<metadata>
<rdf:RDF>
<cc:Work rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/>
<dc:title/>
</cc:Work>
</rdf:RDF>
</metadata>
<g transform="translate(-50.967 -30.906)">
<path d="m101.74 41.445c11.826 0.01564 23.073 3.1361 37.019 10.269l5.6861 2.9077-0.24238 8.4066c-0.2839 9.8679-1.2803 16.025-3.8329 23.68-5.6462 16.933-17.273 30.457-33.388 38.837-2.2805 1.1858-4.5913 2.1529-5.1352 2.1481-1.2751-0.0104-8.1186-3.6468-12.544-6.6638-4.7195-3.2176-13.441-12.032-16.759-16.938-6.9486-10.274-10.793-21.477-12.039-35.085-0.58097-6.3429-0.60007-12.393-0.043-13.858 0.57794-1.52 12.422-7.3891 19.882-9.853 9.2004-3.0383 13.768-3.8609 21.396-3.8504z" fill="#fff" style="paint-order:normal"/>
<path d="m100.51 35.615c-0.56302 0.0073-1.0474 0.02883-1.4114 0.06599-12.365 1.2633-22.017 4.0644-33.066 9.5944-7.3296 3.6685-10.788 5.9223-11.12 7.247-0.53129 2.1169 0.15376 19.668 0.936 23.987 1.0599 5.8523 3.3498 13.599 5.4517 18.44 6.8196 15.707 19.767 29.222 34.938 36.472 2.3016 1.0998 4.7802 2.0006 5.5083 2.0026 1.7407 6e-3 7.0294-2.3296 11.786-5.2026 18.332-11.073 30.627-28.781 34.724-50.014 1.2562-6.5098 1.9551-16.009 1.5851-21.536-0.37868-5.6568-0.36327-5.6383-8.42-9.8072-12.032-6.2257-23.37-9.795-34.819-10.96-2.0024-0.20375-4.4024-0.31132-6.0915-0.28955zm1.2363 5.8302c11.826 0.01564 23.073 3.1361 37.019 10.269l5.6861 2.9077-0.24238 8.4066c-0.2839 9.8679-1.2803 16.025-3.8329 23.68-5.6462 16.933-17.273 30.457-33.388 38.837-2.2805 1.1858-4.5913 2.1529-5.1352 2.1481-1.2751-0.0104-8.1186-3.6468-12.544-6.6638-4.7195-3.2176-13.441-12.032-16.759-16.938-6.9486-10.274-10.793-21.477-12.039-35.085-0.58097-6.3429-0.60007-12.393-0.043-13.858 0.57794-1.52 12.422-7.3891 19.882-9.853 9.2004-3.0383 13.768-3.8609 21.396-3.8504zm-0.57371 7.9541c-0.55416-0.0078-1.1056-0.0052-1.6539 0.0052-3.9868 0.08339-7.8101 0.6874-11.384 1.8235-2.1838 0.6942-4.093 1.0503-5.7049 1.072-0.54764-0.25801-1.1455-0.39178-1.7508-0.39192-2.27 2.09e-4 -4.1102 1.8403-4.1104 4.1103 2.08e-4 2.27 1.8403 4.1102 4.1104 4.1104 2.2595-1.57e-4 4.1058-2.2285 4.1208-4.488 0.54593-0.26458 0.90692-0.5515 2.7666-1.155 4.9354-1.6017 7.9009-1.9399 14.743-1.6794 4.9325 0.18764 7.5084 0.51548 10.691 1.3576 5.6895 1.5055 13.346 4.6278 16.664 6.7958 0.97297 0.63588 0.89747 0.71234-3.2134 3.2444l-4.21 2.5925-3.406-1.7104c-11.357-5.7039-20.995-5.854-32.201-0.501l-4.5278 2.1629-5.5554-3.309c-3.3518-1.996-5.9337-3.2548-6.5076-3.173-0.93092 0.13265-0.95078 0.28788-0.91177 7.1972 0.04274 7.5677 0.95506 12.725 3.3993 19.216 3.0717 8.0032 6.6136 12.89 12.338 19.477 1.9155 1.937 2.771 3.0306 3.2418 3.7339-5e-3 0.0771 0.0081 0.36776 0.0081 0.44517 2.1e-4 2.27 1.8403 4.1102 4.1103 4.1104 2.27-2e-4 4.1102-1.8404 4.1104-4.1104 5.3e-4 -2.2705-1.8398-4.1115-4.1104-4.1117-0.69123 2.6e-4 -1.4768 0.29931-2.0827 0.63217-0.69092-0.34948-1.3424-0.88458-3.2734-2.8907-9.0198-9.3708-14.148-21.315-14.782-34.433l-0.26262-5.4329 4.478 2.7057 4.4794 2.7043v3.4612c0 12.963 6.834 24.651 17.822 30.48l2.0363 1.0815v6.4726c0 6.6073 0.12874 6.5878 0.55216 6.6962 0.45085 0.11547 1.1882 0.32293 3.0963-0.6505 7.4839-3.818 17.047-12.316 21.82-19.389 1.2192-1.8068 3.0501-4.9424 4.0686-6.9682 2.1109-4.3687 3.4196-9.9926 5.4463-14.06 1.3176-0.72105 2.1371-2.1033 2.1373-3.6053-2e-4 -2.27-1.8403-4.1101-4.1104-4.1103-2.2705-5.3e-4 -4.1115 1.8398-4.1117 4.1103 5.3e-4 1.2443 0.56453 2.4213 1.534 3.2013l0.82364 0.57991-1.0667 3.6942c-2.5118 8.6991-6.8719 16.088-14.24 23.374-4.4674 4.4175-9.863 8.6484-12.149 9.5257-0.62639 0.24028-0.71109-0.28259-0.71109-4.3824v-4.6558l2.5871-1.3778c3.5912-1.9141 7.9924-5.6745 10.463-8.9399 4.2408-5.6049 6.5049-12.109 7.0504-20.251l0.30706-4.6019 5.3521-3.3265c3.5898-2.2312 5.3958-3.6183 5.484-4.2127 0.1608-1.0829-1.5738-2.2923-7.6793-5.3561-8.8544-4.4433-17.812-6.7755-26.125-6.8982zm1.1892 14.349c2.1491 0.02971 4.2905 0.32012 6.4457 0.86733 2.8862 0.73095 5.923 1.3927 8.7756 3.204l3.4787 1.6808-0.30572 4.2774c-0.68768 9.6499-3.1519 15.457-9.0301 21.284-2.357 2.3367-4.8301 4.3078-6.5103 5.1864-1.4903 0.77936-2.8839 1.4168-3.0963 1.4168-0.21241 0-1.1768-0.42298-2.144-0.94006-10.096-5.3968-16.439-16.481-16.012-27.979l0.13057-3.5178 3.7764-1.872c5.0023-2.4796 9.7634-3.6732 14.491-3.608zm0.0497 6.8174c-2.4724 2.9e-5 -4.4766 2.0043-4.4767 4.4767 2.7e-4 1.8948 1.1934 3.5842 2.9791 4.2181l-2.4161 10.652 7.7359-0.07662-1.9824-10.712c1.6049-0.72345 2.6368-2.3203 2.637-4.0807-3e-5 -2.4724-2.0043-4.4766-4.4767-4.4767z" stroke="#fff" stroke-width=".441" style="paint-order:normal"/>
</g>
</svg>

After

Width:  |  Height:  |  Size: 4.8 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 55 KiB