From 157a5156d853fdfdef304b631876bf6b92526ed8 Mon Sep 17 00:00:00 2001 From: omerzi Date: Tue, 26 Jul 2022 10:54:41 +0300 Subject: [PATCH 01/15] Adding JFrog Frogbot to GitHub starter workflows --- code-scanning/frogbot-fix.yml | 56 +++++++++ code-scanning/frogbot-scan-pr.yml | 112 ++++++++++++++++++ .../properties/frogbot-fix.properties.json | 15 +++ .../frogbot-scan-pr.properties.json | 15 +++ icons/frogbot.svg | 80 +++++++++++++ 5 files changed, 278 insertions(+) create mode 100644 code-scanning/frogbot-fix.yml create mode 100644 code-scanning/frogbot-scan-pr.yml create mode 100644 code-scanning/properties/frogbot-fix.properties.json create mode 100644 code-scanning/properties/frogbot-scan-pr.properties.json create mode 100644 icons/frogbot.svg diff --git a/code-scanning/frogbot-fix.yml b/code-scanning/frogbot-fix.yml new file mode 100644 index 0000000..278e8fa --- /dev/null +++ b/code-scanning/frogbot-fix.yml @@ -0,0 +1,56 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot + +name: "Frogbot Fix" +on: + push: + branches: + # The scanning and creation of pull requests with fixes are triggered by pushing code to one of the these branches. + # You can edit the list of branches you wish to open fix pull requests on. + - "main" + - "master" +permissions: + contents: write + pull-requests: write +jobs: + create-fix-pull-requests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + # Install prerequisites - uncomment the relevant one + + # - uses: actions/setup-go@v3 + # with: + # go-version: 1.17.x + + # - uses: actions/setup-java@v3 + # with: + # java-version: "11" + # distribution: "temurin" + + # - uses: actions/setup-node@v3 + # with: + # node-version: "16.x" + + + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) + JF_URL: ${{ secrets.FROGBOT_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} + + # [Mandatory] + # The GitHub token automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Mandatory if using npm] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "npm i" \ No newline at end of file diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml new file mode 100644 index 0000000..54304d3 --- /dev/null +++ b/code-scanning/frogbot-scan-pr.yml @@ -0,0 +1,112 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: "Frogbot Scan" +on: + pull_request_target: + types: [ opened, synchronize ] +permissions: + pull-requests: write +jobs: + scan-pull-request: + runs-on: ubuntu-latest + # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the + # "frogbot" GitHub environment can approve the pull request to be scanned. + environment: frogbot + steps: + - uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.sha }} + + # Install prerequisites - uncomment the relevant ones + + # - uses: actions/setup-go@v3 + # with: + # go-version: 1.17.x + + # - uses: actions/setup-java@v3 + # with: + # java-version: "11" + # distribution: "temurin" + + # - uses: actions/setup-node@v3 + # with: + # node-version: "16.x" + + # - uses: gradle/gradle-build-action@v2 + + # - uses: actions/setup-dotnet@v2 + # with: + # dotnet-version: "3.1.x" + + # - uses: nuget/setup-nuget@v1 + # with: + # nuget-version: "5.x" + + # - uses: actions/setup-python@v3 + # with: + # python-version: "3.x" + + # - run: pipx install pipenv + + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) + JF_URL: ${{ secrets.JF_URL }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Uncomment the below options if you'd like to use them. + + # [Mandatory when using npm] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "npm i" + + # [Mandatory when using .NET] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "dotnet restore" + + # [Optional when using Nuget] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "nuget restore" + + # [Optional when using Pip] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "pip install" + + # [Optional when using Pipenv] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "pipenv install" + + # [Optional, default: https://api.github.com] + # API endpoint to GitHub + # JF_GIT_API_ENDPOINT: https://github.example.com + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # [Optional, default: "."] + # Relative path to the project in the git repository + # JF_WORKING_DIR: path/to/working/dir + + # [Optional] + # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches + # JF_WATCHES: ,... + + # [Optional] + # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects + # JF_PROJECT: \ No newline at end of file diff --git a/code-scanning/properties/frogbot-fix.properties.json b/code-scanning/properties/frogbot-fix.properties.json new file mode 100644 index 0000000..5d04487 --- /dev/null +++ b/code-scanning/properties/frogbot-fix.properties.json @@ -0,0 +1,15 @@ +{ + "name": "Frogbot Scan and Fix", + "description": "Automatically creates pull requests with fixes for vulnerable project dependencies. Uses JFrog Xray to scan the project. Included as part of JFrog's free subscription.", + "iconName": "frogbot", + "categories": [ + "Code Scanning", + "Go Module", + "Maven POM", + "NPM Config", + "Gradle", + "C#", + "Python" + ], + "organization": "JFrog" +} \ No newline at end of file diff --git a/code-scanning/properties/frogbot-scan-pr.properties.json b/code-scanning/properties/frogbot-scan-pr.properties.json new file mode 100644 index 0000000..e0a93c8 --- /dev/null +++ b/code-scanning/properties/frogbot-scan-pr.properties.json @@ -0,0 +1,15 @@ +{ + "name": "Frogbot Scan Pull Requests", + "description": "Automatically scans new pull requests for security vulnerabilities. Uses JFrog Xray to scan the project. Included as part of JFrog's free subscription.", + "iconName": "frogbot", + "categories": [ + "Code Scanning", + "Go Module", + "Maven POM", + "NPM Config", + "Gradle", + "C#", + "Python" + ], + "owner": "JFrog" +} \ No newline at end of file diff --git a/icons/frogbot.svg b/icons/frogbot.svg new file mode 100644 index 0000000..21100d9 --- /dev/null +++ b/icons/frogbot.svg @@ -0,0 +1,80 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 8d20e653093dd0b3a96d85d7eb4acfdf17538708 Mon Sep 17 00:00:00 2001 From: omerzi Date: Tue, 26 Jul 2022 10:56:16 +0300 Subject: [PATCH 02/15] Adding JFrog Frogbot to GitHub starter workflows --- code-scanning/properties/frogbot-scan-pr.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/frogbot-scan-pr.properties.json b/code-scanning/properties/frogbot-scan-pr.properties.json index e0a93c8..8f9626c 100644 --- a/code-scanning/properties/frogbot-scan-pr.properties.json +++ b/code-scanning/properties/frogbot-scan-pr.properties.json @@ -11,5 +11,5 @@ "C#", "Python" ], - "owner": "JFrog" + "organization": "JFrog" } \ No newline at end of file From e35bb09c200dd3bc2dccb7cf1e4f1aa5fce0a9a4 Mon Sep 17 00:00:00 2001 From: omerzi Date: Sun, 7 Aug 2022 09:32:25 +0300 Subject: [PATCH 03/15] Code review changes --- code-scanning/frogbot-fix.yml | 5 ++- code-scanning/frogbot-scan-pr.yml | 58 ++++++------------------------- 2 files changed, 14 insertions(+), 49 deletions(-) diff --git a/code-scanning/frogbot-fix.yml b/code-scanning/frogbot-fix.yml index 278e8fa..b51c269 100644 --- a/code-scanning/frogbot-fix.yml +++ b/code-scanning/frogbot-fix.yml @@ -2,6 +2,9 @@ # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. +# Frogbot Scan and Fix does the following: +# Automatically creates pull requests with fixes for vulnerable project dependencies. +# Uses JFrog Xray to scan the project. # Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot name: "Frogbot Fix" @@ -37,7 +40,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@v2 + - uses: jfrog/frogbot@2291fc454e8aeea77386cfcb85a1ae36765bb1f4 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index 54304d3..325cc24 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -2,6 +2,10 @@ # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. +# Frogbot Scan Pull Requests does the following: +# Automatically scans new pull requests for security vulnerabilities. +# Uses JFrog Xray to scan the project. +# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot name: "Frogbot Scan" on: @@ -35,23 +39,9 @@ jobs: # with: # node-version: "16.x" - # - uses: gradle/gradle-build-action@v2 + # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - # - uses: actions/setup-dotnet@v2 - # with: - # dotnet-version: "3.1.x" - - # - uses: nuget/setup-nuget@v1 - # with: - # nuget-version: "5.x" - - # - uses: actions/setup-python@v3 - # with: - # python-version: "3.x" - - # - run: pipx install pipenv - - - uses: jfrog/frogbot@v2 + - uses: jfrog/frogbot@2291fc454e8aeea77386cfcb85a1ae36765bb1f4 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) @@ -69,7 +59,9 @@ jobs: # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Uncomment the below options if you'd like to use them. + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} # [Mandatory when using npm] # The command that installs the dependencies @@ -79,34 +71,4 @@ jobs: # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "dotnet restore" - # [Optional when using Nuget] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "nuget restore" - - # [Optional when using Pip] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "pip install" - - # [Optional when using Pipenv] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "pipenv install" - - # [Optional, default: https://api.github.com] - # API endpoint to GitHub - # JF_GIT_API_ENDPOINT: https://github.example.com - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - # [Optional, default: "."] - # Relative path to the project in the git repository - # JF_WORKING_DIR: path/to/working/dir - - # [Optional] - # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches - # JF_WATCHES: ,... - - # [Optional] - # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects - # JF_PROJECT: \ No newline at end of file + # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request \ No newline at end of file From a82c7d200aac56c398fd9b679da120d310965861 Mon Sep 17 00:00:00 2001 From: omerzi Date: Sun, 7 Aug 2022 09:32:25 +0300 Subject: [PATCH 04/15] Code review changes --- ...ogbot-fix.yml => frogbot-scan-and-fix.yml} | 7 ++- code-scanning/frogbot-scan-pr.yml | 60 ++++--------------- ...n => frogbot-scan-and-fix.properties.json} | 0 .../frogbot-scan-pr.properties.json | 2 +- 4 files changed, 17 insertions(+), 52 deletions(-) rename code-scanning/{frogbot-fix.yml => frogbot-scan-and-fix.yml} (86%) rename code-scanning/properties/{frogbot-fix.properties.json => frogbot-scan-and-fix.properties.json} (100%) diff --git a/code-scanning/frogbot-fix.yml b/code-scanning/frogbot-scan-and-fix.yml similarity index 86% rename from code-scanning/frogbot-fix.yml rename to code-scanning/frogbot-scan-and-fix.yml index 278e8fa..c9ce731 100644 --- a/code-scanning/frogbot-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -2,9 +2,12 @@ # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. +# Frogbot Scan and Fix does the following: +# Automatically creates pull requests with fixes for vulnerable project dependencies. +# Uses JFrog Xray to scan the project. # Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot -name: "Frogbot Fix" +name: "Frogbot Scan and Fix" on: push: branches: @@ -37,7 +40,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@v2 + - uses: jfrog/frogbot@2291fc454e8aeea77386cfcb85a1ae36765bb1f4 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index 54304d3..a72ae4c 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -2,8 +2,12 @@ # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. +# Frogbot Scan Pull Request does the following: +# Automatically scans new pull requests for security vulnerabilities. +# Uses JFrog Xray to scan the project. +# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot -name: "Frogbot Scan" +name: "Frogbot Scan Pull Request" on: pull_request_target: types: [ opened, synchronize ] @@ -35,23 +39,9 @@ jobs: # with: # node-version: "16.x" - # - uses: gradle/gradle-build-action@v2 + # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - # - uses: actions/setup-dotnet@v2 - # with: - # dotnet-version: "3.1.x" - - # - uses: nuget/setup-nuget@v1 - # with: - # nuget-version: "5.x" - - # - uses: actions/setup-python@v3 - # with: - # python-version: "3.x" - - # - run: pipx install pipenv - - - uses: jfrog/frogbot@v2 + - uses: jfrog/frogbot@2291fc454e8aeea77386cfcb85a1ae36765bb1f4 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) @@ -69,7 +59,9 @@ jobs: # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Uncomment the below options if you'd like to use them. + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} # [Mandatory when using npm] # The command that installs the dependencies @@ -79,34 +71,4 @@ jobs: # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "dotnet restore" - # [Optional when using Nuget] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "nuget restore" - - # [Optional when using Pip] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "pip install" - - # [Optional when using Pipenv] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "pipenv install" - - # [Optional, default: https://api.github.com] - # API endpoint to GitHub - # JF_GIT_API_ENDPOINT: https://github.example.com - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - # [Optional, default: "."] - # Relative path to the project in the git repository - # JF_WORKING_DIR: path/to/working/dir - - # [Optional] - # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches - # JF_WATCHES: ,... - - # [Optional] - # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects - # JF_PROJECT: \ No newline at end of file + # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request \ No newline at end of file diff --git a/code-scanning/properties/frogbot-fix.properties.json b/code-scanning/properties/frogbot-scan-and-fix.properties.json similarity index 100% rename from code-scanning/properties/frogbot-fix.properties.json rename to code-scanning/properties/frogbot-scan-and-fix.properties.json diff --git a/code-scanning/properties/frogbot-scan-pr.properties.json b/code-scanning/properties/frogbot-scan-pr.properties.json index 8f9626c..b74f3e6 100644 --- a/code-scanning/properties/frogbot-scan-pr.properties.json +++ b/code-scanning/properties/frogbot-scan-pr.properties.json @@ -1,5 +1,5 @@ { - "name": "Frogbot Scan Pull Requests", + "name": "Frogbot Scan Pull Request", "description": "Automatically scans new pull requests for security vulnerabilities. Uses JFrog Xray to scan the project. Included as part of JFrog's free subscription.", "iconName": "frogbot", "categories": [ From c7c674d47ef76ecbbd6d0c3a12934d31b2094be3 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Fri, 19 Aug 2022 11:28:44 -0500 Subject: [PATCH 05/15] Pages: Explicitly set Hugo environment as production --- pages/hugo.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/pages/hugo.yml b/pages/hugo.yml index 07b2b85..ea705f3 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -46,6 +46,7 @@ jobs: - name: Build with Hugo run: | hugo \ + --environment production --minify \ --baseURL ${{ steps.pages.outputs.base_url }} - name: Upload artifact From 6d0b6c7b277795626387ee24bdf45a62804c39f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 13:27:01 +0000 Subject: [PATCH 06/15] Bump pozil/auto-assign-issue from 1.9.0 to 1.10.0 Bumps [pozil/auto-assign-issue](https://github.com/pozil/auto-assign-issue) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/pozil/auto-assign-issue/releases) - [Commits](https://github.com/pozil/auto-assign-issue/compare/v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: pozil/auto-assign-issue dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-assign-issues.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-assign-issues.yml b/.github/workflows/auto-assign-issues.yml index ec278a6..0cb9345 100644 --- a/.github/workflows/auto-assign-issues.yml +++ b/.github/workflows/auto-assign-issues.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Auto-assign issue' - uses: pozil/auto-assign-issue@v1.9.0 + uses: pozil/auto-assign-issue@v1.10.0 with: assignees: phantsure,tiwarishub,anuragc617,vsvipul,bishal-pdmsft numOfAssignee: 1 From 467b0208ed901696ef31d79fe72a8e92a4b205da Mon Sep 17 00:00:00 2001 From: Milan Aryal <9361180+MilanAryal@users.noreply.github.com> Date: Mon, 22 Aug 2022 21:30:03 +0545 Subject: [PATCH 07/15] Pages: Set Jekyll environment as production --- pages/jekyll.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pages/jekyll.yml b/pages/jekyll.yml index 05c8761..36e29c3 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -37,6 +37,8 @@ jobs: id: pages uses: actions/configure-pages@v1 - run: bundle exec jekyll build --baseurl ${{ steps.pages.outputs.base_path }} # defaults output to '/_site' + env: + JEKYLL_ENV: production - name: Upload artifact uses: actions/upload-pages-artifact@v1 # This will automatically upload an artifact from the '/_site' directory From 0d3c129311ae22b406e99c27395a9a450b04076d Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Mon, 22 Aug 2022 14:37:34 -0500 Subject: [PATCH 08/15] Add missing backslash for multi-line continuation Co-authored-by: Yoann Chaudet --- pages/hugo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index ea705f3..5ab13b0 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -46,7 +46,7 @@ jobs: - name: Build with Hugo run: | hugo \ - --environment production + --environment production \ --minify \ --baseURL ${{ steps.pages.outputs.base_url }} - name: Upload artifact From 709400e808d401c345db341aa93fa473f91c8f85 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Mon, 22 Aug 2022 16:13:12 -0500 Subject: [PATCH 09/15] Set HUGO_ENV* env vars instead of CLI flag Reverts https://github.com/actions/starter-workflows/pull/1689 Fixes https://github.com/actions/starter-workflows/issues/1683 --- pages/hugo.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index 5ab13b0..da2f462 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -44,9 +44,12 @@ jobs: id: pages uses: actions/configure-pages@v1 - name: Build with Hugo + env: + # For maximum backward compatibility with Hugo modules + HUGO_ENVIRONMENT: production + HUGO_ENV: production run: | hugo \ - --environment production \ --minify \ --baseURL ${{ steps.pages.outputs.base_url }} - name: Upload artifact From 27a76bc269764e7bffc4b0f694969e96dc3c8358 Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Tue, 23 Aug 2022 11:17:35 +0300 Subject: [PATCH 10/15] Update frogbot-scan-pr.yml --- code-scanning/frogbot-scan-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index 5ef3b1c..b732a55 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -42,7 +42,7 @@ jobs: # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - - uses: jfrog/frogbot@c8dfceda50ee19fee0cc19992c4a4aaffc95f4c6 + - uses: jfrog/frogbot@9678b9ea5bb1da478518345a454abaf1e7ecc637 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) @@ -72,4 +72,4 @@ jobs: # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "dotnet restore" - # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request \ No newline at end of file + # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request From f4c529ed9fdaf315db0e6b0fa7c2585b9ebc26e0 Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Tue, 23 Aug 2022 11:17:52 +0300 Subject: [PATCH 11/15] Update frogbot-scan-and-fix.yml --- code-scanning/frogbot-scan-and-fix.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml index c9ce731..e48a301 100644 --- a/code-scanning/frogbot-scan-and-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -40,7 +40,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@2291fc454e8aeea77386cfcb85a1ae36765bb1f4 + - uses: jfrog/frogbot@9678b9ea5bb1da478518345a454abaf1e7ecc637 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) @@ -56,4 +56,4 @@ jobs: # [Mandatory if using npm] # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "npm i" \ No newline at end of file + # JF_INSTALL_DEPS_CMD: "npm i" From 77485a55d02fe7bc782d6b07e192b53c1f9b7345 Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Tue, 23 Aug 2022 16:56:22 +0300 Subject: [PATCH 12/15] Update frogbot-scan-and-fix.yml --- code-scanning/frogbot-scan-and-fix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml index e48a301..56725f5 100644 --- a/code-scanning/frogbot-scan-and-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -40,7 +40,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@9678b9ea5bb1da478518345a454abaf1e7ecc637 + - uses: jfrog/frogbot@de3d42bf3a454ddf156632ae520a5ead49048416 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) From 5fd9f566895bae9243a07fe73bd9c8cb53d9fc15 Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Tue, 23 Aug 2022 16:56:36 +0300 Subject: [PATCH 13/15] Update frogbot-scan-pr.yml --- code-scanning/frogbot-scan-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index b732a55..bdc71b4 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -42,7 +42,7 @@ jobs: # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - - uses: jfrog/frogbot@9678b9ea5bb1da478518345a454abaf1e7ecc637 + - uses: jfrog/frogbot@de3d42bf3a454ddf156632ae520a5ead49048416 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) From cdcdda3a89148c23d9fc83a0a63ca7c8c65d083a Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Wed, 24 Aug 2022 15:41:50 +0300 Subject: [PATCH 14/15] Update frogbot-scan-and-fix.properties.json --- code-scanning/properties/frogbot-scan-and-fix.properties.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/properties/frogbot-scan-and-fix.properties.json b/code-scanning/properties/frogbot-scan-and-fix.properties.json index 5d04487..a072c5a 100644 --- a/code-scanning/properties/frogbot-scan-and-fix.properties.json +++ b/code-scanning/properties/frogbot-scan-and-fix.properties.json @@ -11,5 +11,5 @@ "C#", "Python" ], - "organization": "JFrog" -} \ No newline at end of file + "creator": "JFrog" +} From bb6277cf2af38fd4bff0b737f2cbdb3f59e7279b Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Wed, 24 Aug 2022 15:42:10 +0300 Subject: [PATCH 15/15] Update frogbot-scan-pr.properties.json --- code-scanning/properties/frogbot-scan-pr.properties.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/properties/frogbot-scan-pr.properties.json b/code-scanning/properties/frogbot-scan-pr.properties.json index b74f3e6..257f9d6 100644 --- a/code-scanning/properties/frogbot-scan-pr.properties.json +++ b/code-scanning/properties/frogbot-scan-pr.properties.json @@ -11,5 +11,5 @@ "C#", "Python" ], - "organization": "JFrog" -} \ No newline at end of file + "creator": "JFrog" +}