Merge branch 'main' into patch-1
This commit is contained in:
+1
-1
@@ -1,3 +1,3 @@
|
||||
* @actions/starter-workflows
|
||||
|
||||
/code-scanning/ @actions/advanced-security-code-scanning
|
||||
/code-scanning/ @actions/advanced-security-code-scanning @actions/starter-workflows
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: Greetings
|
||||
|
||||
on: [pull_request, issues]
|
||||
on: [pull_request_target, issues]
|
||||
|
||||
jobs:
|
||||
greeting:
|
||||
|
||||
@@ -41,9 +41,9 @@ jobs:
|
||||
# https://github.com/sigstore/cosign-installer
|
||||
- name: Install cosign
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
|
||||
uses: sigstore/cosign-installer@d6a3abf1bdea83574e28d40543793018b6035605
|
||||
with:
|
||||
cosign-release: 'v1.4.0'
|
||||
cosign-release: 'v1.7.1'
|
||||
|
||||
|
||||
# Workaround: https://github.com/docker/build-push-action/issues/461
|
||||
@@ -72,7 +72,7 @@ jobs:
|
||||
# https://github.com/docker/build-push-action
|
||||
- name: Build and push Docker image
|
||||
id: build-and-push
|
||||
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
|
||||
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
|
||||
with:
|
||||
context: .
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
|
||||
@@ -16,7 +16,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
|
||||
- name: Build
|
||||
run: go build -v ./...
|
||||
|
||||
+2
-2
@@ -26,7 +26,7 @@ jobs:
|
||||
platform: ${{ 'iOS Simulator' }}
|
||||
run: |
|
||||
# xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
|
||||
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`
|
||||
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}' | sed -e "s/ Simulator$//"`
|
||||
if [ $scheme = default ]; then scheme=$(cat default); fi
|
||||
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
|
||||
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
|
||||
@@ -37,7 +37,7 @@ jobs:
|
||||
platform: ${{ 'iOS Simulator' }}
|
||||
run: |
|
||||
# xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
|
||||
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`
|
||||
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}' | sed -e "s/ Simulator$//"`
|
||||
if [ $scheme = default ]; then scheme=$(cat default); fi
|
||||
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
|
||||
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"name": "Ruby on Rails continuous integration",
|
||||
"name": "Ruby on Rails",
|
||||
"description": "Build, lint, and test a Rails application",
|
||||
"iconName": "rails",
|
||||
"categories": ["Continuous integration", "Ruby", "Rails"]
|
||||
|
||||
+1
-1
@@ -30,7 +30,7 @@ jobs:
|
||||
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
|
||||
# change this to (see https://github.com/ruby/setup-ruby#versioning):
|
||||
# uses: ruby/setup-ruby@v1
|
||||
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
|
||||
uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124
|
||||
with:
|
||||
ruby-version: ${{ matrix.ruby-version }}
|
||||
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# clj-watson scans dependencies in a clojure deps.edn
|
||||
# seeking for vulnerable direct/transitive dependencies and
|
||||
# build a report with all the information needed to help you
|
||||
# understand how the vulnerability manifest in your software.
|
||||
# More details at https://github.com/clj-holmes/clj-watson
|
||||
|
||||
name: clj-watson
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
clj-holmes:
|
||||
name: Run clj-watson scanning
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Dependency scan
|
||||
uses: clj-holmes/clj-watson-action@39b8ed306f2c125860cf6e69b6939363689f998c
|
||||
with:
|
||||
clj-watson-sha: "65d928c"
|
||||
clj-watson-tag: "v4.0.1"
|
||||
database-strategy: github-advisory
|
||||
aliases: clojure-lsp,test
|
||||
deps-edn-path: deps.edn
|
||||
suggest-fix: true
|
||||
output-type: sarif
|
||||
output-file: clj-watson-results.sarif
|
||||
fail-on-result: false
|
||||
|
||||
- name: Upload analysis results to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: ${{github.workspace}}/clj-watson-results.sarif
|
||||
wait-for-processing: true
|
||||
@@ -34,7 +34,7 @@ jobs:
|
||||
matrix:
|
||||
language: [ $detected-codeql-languages ]
|
||||
# CodeQL supports [ $supported-codeql-languages ]
|
||||
# Learn more about CodeQL language support at https://git.io/codeql-language-support
|
||||
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
@@ -56,7 +56,7 @@ jobs:
|
||||
uses: github/codeql-action/autobuild@v2
|
||||
|
||||
# ℹ️ Command-line programs to run using the OS shell.
|
||||
# 📚 https://git.io/JvXDl
|
||||
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
|
||||
|
||||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
||||
# and modify them (or add more) to build your code if your project
|
||||
|
||||
@@ -0,0 +1,20 @@
|
||||
# Dependency Review Action
|
||||
#
|
||||
# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
|
||||
#
|
||||
# Source repository: https://github.com/actions/dependency-review-action
|
||||
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
|
||||
name: 'Dependency Review'
|
||||
on: [pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@v3
|
||||
- name: 'Dependency Review'
|
||||
uses: actions/dependency-review-action@v1
|
||||
@@ -0,0 +1,49 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# ESLint is a tool for identifying and reporting on patterns
|
||||
# found in ECMAScript/JavaScript code.
|
||||
# More details at https://github.com/eslint/eslint
|
||||
# and https://eslint.org
|
||||
|
||||
name: ESLint
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
eslint:
|
||||
name: Run eslint scanning
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install ESLint
|
||||
run: |
|
||||
npm install eslint@8.10.0
|
||||
npm install @microsoft/eslint-formatter-sarif@2.1.7
|
||||
|
||||
- name: Run ESLint
|
||||
run: npx eslint .
|
||||
--config .eslintrc.js
|
||||
--ext .js,.jsx,.ts,.tsx
|
||||
--format @microsoft/eslint-formatter-sarif
|
||||
--output-file eslint-results.sarif
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload analysis results to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: eslint-results.sarif
|
||||
wait-for-processing: true
|
||||
@@ -0,0 +1,175 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# Run a Nexploit Scan
|
||||
# This action runs a new security scan in Nexploit, or reruns an existing one.
|
||||
# Build Secure Apps & APIs. Fast.
|
||||
# [NeuraLegion](https://www.neuralegion.com) is a powerful dynamic application & API security testing (DAST) platform that security teams trust and developers love.
|
||||
# Automatically Tests Every Aspect of Your Apps & APIs
|
||||
# Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports
|
||||
# Seamlessly integrates with the Tools and Workflows You Already Use
|
||||
#
|
||||
# NeuraLegion works with your existing CI/CD pipelines – trigger scans on every commit, pull request or build with unit testing.
|
||||
# Spin-Up, Configure and Control Scans with Code
|
||||
# One file. One command. One scan. No UI needed.
|
||||
#
|
||||
# Super-Fast Scans
|
||||
#
|
||||
# Interacts with applications and APIs, instead of just crawling them and guessing.
|
||||
# Scans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.
|
||||
#
|
||||
# No False Positives
|
||||
#
|
||||
# Stop chasing ghosts and wasting time. NeuraLegion doesn’t return false positives, so you can focus on releasing code.
|
||||
#
|
||||
# Comprehensive Security Testing
|
||||
#
|
||||
# NeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE -- as well as uncommon vulnerabilities, such as business logic vulnerabilities.
|
||||
#
|
||||
# More information is available on NeuraLegion’s:
|
||||
# * [Website](https://www.neuralegion.com/)
|
||||
# * [Knowledge base](https://docs.neuralegion.com/docs/quickstart)
|
||||
# * [YouTube channel](https://www.youtube.com/channel/UCoIC0T1pmozq3eKLsUR2uUw)
|
||||
# * [GitHub Actions](https://github.com/marketplace?query=neuralegion+)
|
||||
#
|
||||
# Inputs
|
||||
#
|
||||
# `name`
|
||||
#
|
||||
# **Required**. Scan name.
|
||||
#
|
||||
# _Example:_ `name: GitHub scan ${{ github.sha }}`
|
||||
#
|
||||
# `api_token`
|
||||
#
|
||||
# **Required**. Your Nexploit API authorization token (key). You can generate it in the **Organization** section on [nexploit.app](https://nexploit.app/login). Find more information [here](https://kb.neuralegion.com/#/guide/np-web-ui/advanced-set-up/managing-org?id=managing-organization-apicli-authentication-tokens).
|
||||
#
|
||||
# _Example:_ `api_token: ${{ secrets.NEXPLOIT_TOKEN }}`
|
||||
#
|
||||
# `restart_scan`
|
||||
#
|
||||
# **Required** when restarting an existing scan by its ID. You can get the scan ID in the Scans section on [nexploit.app](https://nexploit.app/login).<br> Please make sure to only use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements.
|
||||
#
|
||||
# _Example:_ `restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ)`
|
||||
#
|
||||
# `discovery_types`
|
||||
#
|
||||
# **Required**. Array of discovery types. The following types are available:
|
||||
# * `archive` - uses an uploaded HAR-file for a scan
|
||||
# * `crawler` - uses a crawler to define the attack surface for a scan
|
||||
# * `oas` - uses an uploaded OpenAPI schema for a scan <br>
|
||||
# If no discovery type is specified, `crawler` is applied by default.
|
||||
#
|
||||
# _Example:_
|
||||
#
|
||||
# ```yml
|
||||
# discovery_types: |
|
||||
# [ "crawler", "archive" ]
|
||||
# ```
|
||||
#
|
||||
# `file_id`
|
||||
#
|
||||
# **Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [nexploit.app](https://nexploit.app/login).
|
||||
#
|
||||
# _Example:_
|
||||
#
|
||||
# ```
|
||||
# FILE_ID=$(nexploit-cli archive:upload \
|
||||
# --token ${{ secrets.NEXPLOIT_TOKEN }} \
|
||||
# --discard true \
|
||||
# ./example.har)
|
||||
# ```
|
||||
#
|
||||
# `crawler_urls`
|
||||
#
|
||||
# **Required** if the discovery type is set to `crawler`. Target URLs to be used by the crawler to define the attack surface.
|
||||
#
|
||||
# _Example:_
|
||||
#
|
||||
# ```
|
||||
# crawler_urls: |
|
||||
# [ "http://vulnerable-bank.com" ]
|
||||
# ```
|
||||
#
|
||||
# `hosts_filter`
|
||||
#
|
||||
# **Required** when the the discovery type is set to `archive`. Allows selecting specific hosts for a scan.
|
||||
#
|
||||
# Outputs
|
||||
#
|
||||
# `url`
|
||||
#
|
||||
# Url of the resulting scan
|
||||
#
|
||||
# `id`
|
||||
#
|
||||
# ID of the created scan. This ID could then be used to restart the scan, or for the following GitHub actions:
|
||||
# * [Nexploit Wait for Issues](https://github.com/marketplace/actions/nexploit-wait-for-issues)
|
||||
# * [Nexploit Stop Scan](https://github.com/marketplace/actions/nexploit-stop-scan)
|
||||
#
|
||||
# Example usage
|
||||
#
|
||||
# Start a new scan with parameters
|
||||
#
|
||||
# ```yml
|
||||
# steps:
|
||||
# - name: Start Nexploit Scan
|
||||
# id: start
|
||||
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
|
||||
# with:
|
||||
# api_token: ${{ secrets.NEXPLOIT_TOKEN }}
|
||||
# name: GitHub scan ${{ github.sha }}
|
||||
# discovery_types: |
|
||||
# [ "crawler", "archive" ]
|
||||
# crawler_urls: |
|
||||
# [ "http://vulnerable-bank.com" ]
|
||||
# file_id: LiYknMYSdbSZbqgMaC9Sj
|
||||
# hosts_filter: |
|
||||
# [ ]
|
||||
# - name: Get the output scan url
|
||||
# run: echo "The scan was started on ${{ steps.start.outputs.url }}"
|
||||
# ```
|
||||
#
|
||||
# Restart an existing scan
|
||||
#
|
||||
# ```yml
|
||||
# steps:
|
||||
# - name: Start Nexploit Scan
|
||||
# id: start
|
||||
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
|
||||
# with:
|
||||
# api_token: ${{ secrets.NEXPLOIT_TOKEN }}
|
||||
# name: GitHub scan ${{ github.sha }}
|
||||
# restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ
|
||||
# - name: Get the output scan url
|
||||
# run: echo "The scan was started on ${{ steps.start.outputs.url }}"
|
||||
|
||||
|
||||
name: "NeuraLegion"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
neuralegion_scan:
|
||||
runs-on: ubuntu-18.04
|
||||
name: A job to run a Nexploit scan
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Start Nexploit Scan 🏁
|
||||
id: start
|
||||
uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
|
||||
with:
|
||||
api_token: ${{ secrets.NEURALEGION_TOKEN }}
|
||||
name: GitHub scan ${{ github.sha }}
|
||||
discovery_types: |
|
||||
[ "crawler" ]
|
||||
crawler_urls: |
|
||||
[ "https://brokencrystals.com" ] # ✏️ Update this to the url you wish to scan
|
||||
@@ -13,8 +13,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
pmd-code-scan:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"name": "clj-watson",
|
||||
"description": "Scan Clojure/Clojurescript projects for vulnerable direct/transitive dependencies.",
|
||||
"iconName": "clj-watson",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Clojure"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
{
|
||||
"name": "Dependency Review",
|
||||
"description": "Scans Pull Requests on each push for the introduction and/or resolution of vulnerable dependencies to the repository",
|
||||
"iconName": "octicon mark-github",
|
||||
"categories": [
|
||||
"Dependency review",
|
||||
"Dependency graph",
|
||||
"Go",
|
||||
"Java",
|
||||
"JavaScript",
|
||||
"TypeScript",
|
||||
"Python",
|
||||
"Ruby",
|
||||
"Actions",
|
||||
"PHP"]
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"name": "ESLint",
|
||||
"description": "A tool for identifying and reporting the problems found in ECMAScript/JavaScript code.",
|
||||
"iconName": "eslint",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"JavaScript",
|
||||
"EcmaScript",
|
||||
"TypeScript"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,24 @@
|
||||
{
|
||||
"name": "NeuraLegion",
|
||||
"creator": "NeuraLegion",
|
||||
"description": "Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports",
|
||||
"iconName": "neuralegion",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"C",
|
||||
"C#",
|
||||
"C++",
|
||||
"Go",
|
||||
"Java",
|
||||
"JavaScript",
|
||||
"Kotlin",
|
||||
"Objective C",
|
||||
"PHP",
|
||||
"Python",
|
||||
"Ruby",
|
||||
"Rust",
|
||||
"Scala",
|
||||
"Swift",
|
||||
"TypeScript"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"name": "rust-clippy",
|
||||
"description": "A collection of lints to catch common mistakes and improve your Rust code.",
|
||||
"iconName": "rust",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"rust"
|
||||
]
|
||||
}
|
||||
@@ -1,7 +0,0 @@
|
||||
{
|
||||
"name": "Scan",
|
||||
"creator": "ShiftLeft",
|
||||
"description": "Scan is a free open-source security tool for modern DevOps teams from ShiftLeft.",
|
||||
"iconName": "shiftleft",
|
||||
"categories": ["Code Scanning"]
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"name": "Sobelow",
|
||||
"creator": "nccgroup",
|
||||
"description": "Sobelow is a security-focused static analysis tool for the Phoenix framework.",
|
||||
"iconName": "sobelow",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Elixir"
|
||||
]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "SonarCloud",
|
||||
"creator": "Sonar",
|
||||
"description": "Static analysis of code for vulnerability detection, covering 26+ languages. Start cleaning your code in minutes!",
|
||||
"iconName": "sonarcloud",
|
||||
"categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"]
|
||||
}
|
||||
@@ -0,0 +1,54 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# rust-clippy is a tool that runs a bunch of lints to catch common
|
||||
# mistakes in your Rust code and help improve your Rust code.
|
||||
# More details at https://github.com/rust-lang/rust-clippy
|
||||
# and https://rust-lang.github.io/rust-clippy/
|
||||
|
||||
name: rust-clippy analyze
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
rust-clippy-analyze:
|
||||
name: Run rust-clippy analyzing
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Install Rust toolchain
|
||||
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: stable
|
||||
components: clippy
|
||||
override: true
|
||||
|
||||
- name: Install required cargo
|
||||
run: cargo install clippy-sarif sarif-fmt
|
||||
|
||||
- name: Run rust-clippy
|
||||
run:
|
||||
cargo clippy
|
||||
--all-features
|
||||
--message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload analysis results to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: rust-clippy-results.sarif
|
||||
wait-for-processing: true
|
||||
@@ -1,47 +0,0 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow integrates Scan with GitHub's code scanning feature
|
||||
# Scan is a free open-source security tool for modern DevOps teams from ShiftLeft
|
||||
# Visit https://slscan.io/en/latest/integrations/code-scan for help
|
||||
name: SL Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
Scan-Build:
|
||||
# Scan runs on ubuntu, mac and windows
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
# Instructions
|
||||
# 1. Setup JDK, Node.js, Python etc depending on your project type
|
||||
# 2. Compile or build the project before invoking scan
|
||||
# Example: mvn compile, or npm install or pip install goes here
|
||||
# 3. Invoke Scan with the github token. Leave the workspace empty to use relative url
|
||||
|
||||
- name: Perform Scan
|
||||
uses: ShiftLeftSecurity/scan-action@39af9e54bc599c8077e710291d790175c9231f64
|
||||
env:
|
||||
WORKSPACE: ""
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
SCAN_AUTO_BUILD: true
|
||||
with:
|
||||
output: reports
|
||||
# Scan auto-detects the languages in your project. To override uncomment the below variable and set the type
|
||||
# type: credscan,java
|
||||
# type: python
|
||||
|
||||
- name: Upload report
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: reports
|
||||
@@ -0,0 +1,40 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# Sobelow is a security-focused static analysis tool for the Phoenix framework. https://sobelow.io/
|
||||
#
|
||||
# To use this workflow, you must have GitHub Advanced Security (GHAS) enabled for your repository.
|
||||
#
|
||||
# Instructions:
|
||||
# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
|
||||
# and review the "Security" tab once the action has run.
|
||||
name: Sobelow
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
security-scan:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- id: run-action
|
||||
uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912
|
||||
- name: Upload report
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -0,0 +1,68 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow helps you trigger a SonarCloud analysis of your code and populates
|
||||
# GitHub Code Scanning alerts with the vulnerabilities found.
|
||||
# Free for open source project.
|
||||
|
||||
# 1. Login to SonarCloud.io using your GitHub account
|
||||
|
||||
# 2. Import your project on SonarCloud
|
||||
# * Add your GitHub organization first, then add your repository as a new project.
|
||||
# * Please note that many languages are eligible for automatic analysis,
|
||||
# which means that the analysis will start automatically without the need to set up GitHub Actions.
|
||||
# * This behavior can be changed in Administration > Analysis Method.
|
||||
#
|
||||
# 3. Follow the SonarCloud in-product tutorial
|
||||
# * a. Copy/paste the Project Key and the Organization Key into the args parameter below
|
||||
# (You'll find this information in SonarCloud. Click on "Information" at the bottom left)
|
||||
#
|
||||
# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN
|
||||
# (On SonarCloud, click on your avatar on top-right > My account > Security
|
||||
# or go directly to https://sonarcloud.io/account/security/)
|
||||
|
||||
# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/)
|
||||
# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9)
|
||||
|
||||
name: SonarCloud analysis
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
pull-requests: read # allows SonarCloud to decorate PRs with analysis results
|
||||
|
||||
jobs:
|
||||
Analysis:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Analyze with SonarCloud
|
||||
|
||||
# You can pin the exact commit or the version.
|
||||
# uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
|
||||
uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
|
||||
with:
|
||||
# Additional arguments for the sonarcloud scanner
|
||||
args:
|
||||
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
|
||||
# mandatory
|
||||
-Dsonar.projectKey=
|
||||
-Dsonar.organization=
|
||||
# Comma-separated paths to directories containing main source files.
|
||||
#-Dsonar.sources= # optional, default is project base directory
|
||||
# When you need the analysis to take place in a directory other than the one from which it was launched
|
||||
#-Dsonar.projectBaseDir= # optional, default is .
|
||||
# Comma-separated paths to directories containing test source files.
|
||||
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
|
||||
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
|
||||
#-Dsonar.verbose= # optional, default is false
|
||||
@@ -40,6 +40,9 @@ env:
|
||||
ACR_EE_IMAGE: repo
|
||||
ACR_EE_TAG: ${{ github.sha }}
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
@@ -41,6 +41,9 @@ env:
|
||||
CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the
|
||||
# containerDefinitions section of your task definition
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Deploy
|
||||
|
||||
@@ -9,17 +9,17 @@
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set the following secrets in your repository (instructions for getting these
|
||||
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
|
||||
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux)):
|
||||
# - AZURE_CLIENT_ID
|
||||
# - AZURE_TENANT_ID
|
||||
# - AZURE_SUBSCRIPTION_ID
|
||||
#
|
||||
# 2. Set the following environment variables (or replace the values below):
|
||||
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - RESOURCE_GROUP (where your cluster is deployed)
|
||||
# - CLUSTER_NAME (name of your AKS cluster)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
|
||||
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
|
||||
#
|
||||
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Helm.
|
||||
# Set your helmChart, overrideFiles, overrides, and helm-version to suit your configuration.
|
||||
@@ -48,12 +48,10 @@ env:
|
||||
CHART_OVERRIDE_PATH: "your-chart-override-path"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
buildImage:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
@@ -72,6 +70,20 @@ jobs:
|
||||
run: |
|
||||
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
|
||||
|
||||
createSecret:
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
@@ -85,7 +97,9 @@ jobs:
|
||||
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
|
||||
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
|
||||
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
|
||||
echo "::add-mask::${ACR_USERNAME}"
|
||||
echo "::set-output name=username::${ACR_USERNAME}"
|
||||
echo "::add-mask::${ACR_PASSWORD}"
|
||||
echo "::set-output name=password::${ACR_PASSWORD}"
|
||||
id: get-acr-creds
|
||||
|
||||
@@ -96,7 +110,30 @@ jobs:
|
||||
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
|
||||
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
|
||||
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
needs: [buildImage, createSecret]
|
||||
steps:
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
with:
|
||||
resource-group: ${{ env.RESOURCE_GROUP }}
|
||||
cluster-name: ${{ env.CLUSTER_NAME }}
|
||||
|
||||
# Runs Helm to create manifest files
|
||||
- name: Bake deployment
|
||||
@@ -112,11 +149,11 @@ jobs:
|
||||
|
||||
# Deploys application based on manifest files from previous step
|
||||
- name: Deploy application
|
||||
uses: Azure/k8s-deploy@v3.0
|
||||
uses: Azure/k8s-deploy@v3.1
|
||||
with:
|
||||
action: deploy
|
||||
manifests: ${{ steps.bake.outputs.manifestsBundle }}
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
@@ -9,17 +9,17 @@
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set the following secrets in your repository (instructions for getting these
|
||||
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
|
||||
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
|
||||
# - AZURE_CLIENT_ID
|
||||
# - AZURE_TENANT_ID
|
||||
# - AZURE_SUBSCRIPTION_ID
|
||||
#
|
||||
# 2. Set the following environment variables (or replace the values below):
|
||||
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - RESOURCE_GROUP (where your cluster is deployed)
|
||||
# - CLUSTER_NAME (name of your AKS cluster)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
|
||||
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
|
||||
#
|
||||
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Kompose.
|
||||
# Set your dockerComposeFile and kompose-version to suit your configuration.
|
||||
@@ -40,12 +40,10 @@ env:
|
||||
DOCKER_COMPOSE_FILE_PATH: "your-docker-compose-file-path"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
buildImage:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
@@ -63,7 +61,21 @@ jobs:
|
||||
- name: Build and push image to ACR
|
||||
run: |
|
||||
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
|
||||
|
||||
|
||||
createSecret:
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
@@ -77,7 +89,9 @@ jobs:
|
||||
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
|
||||
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
|
||||
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
|
||||
echo "::add-mask::${ACR_USERNAME}"
|
||||
echo "::set-output name=username::${ACR_USERNAME}"
|
||||
echo "::add-mask::${ACR_PASSWORD}"
|
||||
echo "::set-output name=password::${ACR_PASSWORD}"
|
||||
id: get-acr-creds
|
||||
|
||||
@@ -88,7 +102,33 @@ jobs:
|
||||
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
|
||||
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
|
||||
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
needs: [buildImage, createSecret]
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
with:
|
||||
resource-group: ${{ env.RESOURCE_GROUP }}
|
||||
cluster-name: ${{ env.CLUSTER_NAME }}
|
||||
|
||||
# Runs Kompose to create manifest files
|
||||
- name: Bake deployment
|
||||
@@ -101,11 +141,11 @@ jobs:
|
||||
|
||||
# Deploys application based on manifest files from previous step
|
||||
- name: Deploy application
|
||||
uses: Azure/k8s-deploy@v3.0
|
||||
uses: Azure/k8s-deploy@v3.1
|
||||
with:
|
||||
action: deploy
|
||||
manifests: ${{ steps.bake.outputs.manifestsBundle }}
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
@@ -9,17 +9,17 @@
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set the following secrets in your repository (instructions for getting these
|
||||
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
|
||||
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
|
||||
# - AZURE_CLIENT_ID
|
||||
# - AZURE_TENANT_ID
|
||||
# - AZURE_SUBSCRIPTION_ID
|
||||
#
|
||||
# 2. Set the following environment variables (or replace the values below):
|
||||
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - RESOURCE_GROUP (where your cluster is deployed)
|
||||
# - CLUSTER_NAME (name of your AKS cluster)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
|
||||
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
|
||||
#
|
||||
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Kustomize.
|
||||
# Set your kustomizationPath and kubectl-version to suit your configuration.
|
||||
@@ -46,12 +46,10 @@ env:
|
||||
KUSTOMIZE_PATH: "your-kustomize-path"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
buildImage:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
@@ -69,6 +67,23 @@ jobs:
|
||||
- name: Build and push image to ACR
|
||||
run: |
|
||||
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
|
||||
|
||||
createSecret:
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
@@ -83,7 +98,9 @@ jobs:
|
||||
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
|
||||
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
|
||||
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
|
||||
echo "::add-mask::${ACR_USERNAME}"
|
||||
echo "::set-output name=username::${ACR_USERNAME}"
|
||||
echo "::add-mask::${ACR_PASSWORD}"
|
||||
echo "::set-output name=password::${ACR_PASSWORD}"
|
||||
id: get-acr-creds
|
||||
|
||||
@@ -94,7 +111,33 @@ jobs:
|
||||
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
|
||||
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
|
||||
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
needs: [buildImage, createSecret]
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
with:
|
||||
resource-group: ${{ env.RESOURCE_GROUP }}
|
||||
cluster-name: ${{ env.CLUSTER_NAME }}
|
||||
|
||||
# Runs Kustomize to create manifest files
|
||||
- name: Bake deployment
|
||||
@@ -107,11 +150,11 @@ jobs:
|
||||
|
||||
# Deploys application based on manifest files from previous step
|
||||
- name: Deploy application
|
||||
uses: Azure/k8s-deploy@v3.0
|
||||
uses: Azure/k8s-deploy@v3.1
|
||||
with:
|
||||
action: deploy
|
||||
manifests: ${{ steps.bake.outputs.manifestsBundle }}
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
@@ -8,8 +8,7 @@
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set the following secrets in your repository (instructions for getting these
|
||||
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
|
||||
# 1. Set the following secrets in your repository (instructions for getting these can be found at https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
|
||||
# - AZURE_CLIENT_ID
|
||||
# - AZURE_TENANT_ID
|
||||
# - AZURE_SUBSCRIPTION_ID
|
||||
@@ -19,7 +18,7 @@
|
||||
# - RESOURCE_GROUP (where your cluster is deployed)
|
||||
# - CLUSTER_NAME (name of your AKS cluster)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
|
||||
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
|
||||
# - DEPLOYMENT_MANIFEST_PATH (path to the manifest yaml for your deployment)
|
||||
#
|
||||
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
|
||||
@@ -43,12 +42,10 @@ env:
|
||||
DEPLOYMENT_MANIFEST_PATH: 'your-deployment-manifest-path'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
buildImage:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
@@ -67,6 +64,20 @@ jobs:
|
||||
run: |
|
||||
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
|
||||
|
||||
createSecret:
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
@@ -80,7 +91,9 @@ jobs:
|
||||
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
|
||||
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
|
||||
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
|
||||
echo "::add-mask::${ACR_USERNAME}"
|
||||
echo "::set-output name=username::${ACR_USERNAME}"
|
||||
echo "::add-mask::${ACR_PASSWORD}"
|
||||
echo "::set-output name=password::${ACR_PASSWORD}"
|
||||
id: get-acr-creds
|
||||
|
||||
@@ -93,13 +106,39 @@ jobs:
|
||||
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
needs: [buildImage, createSecret]
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
with:
|
||||
resource-group: ${{ env.RESOURCE_GROUP }}
|
||||
cluster-name: ${{ env.CLUSTER_NAME }}
|
||||
|
||||
# Deploys application based on given manifest file
|
||||
- name: Deploys application
|
||||
uses: Azure/k8s-deploy@v3.0
|
||||
uses: Azure/k8s-deploy@v3.1
|
||||
with:
|
||||
action: deploy
|
||||
manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
@@ -27,6 +27,9 @@ env:
|
||||
TKE_CLUSTER_ID: cls-mywebapp
|
||||
DEPLOYMENT_NAME: tke-test
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
setup-build-publish-deploy:
|
||||
name: Setup, Build, Publish, and Deploy
|
||||
|
||||
@@ -50,6 +50,9 @@ on:
|
||||
- $default-branch
|
||||
pull_request:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
terraform:
|
||||
name: 'Terraform'
|
||||
@@ -82,10 +85,10 @@ jobs:
|
||||
|
||||
# Generates an execution plan for Terraform
|
||||
- name: Terraform Plan
|
||||
run: terraform plan
|
||||
run: terraform plan -input=false
|
||||
|
||||
# On push to $default-branch, build or change infrastructure according to Terraform configuration files
|
||||
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
|
||||
- name: Terraform Apply
|
||||
if: github.ref == 'refs/heads/$default-branch' && github.event_name == 'push'
|
||||
run: terraform apply -auto-approve
|
||||
run: terraform apply -auto-approve -input=false
|
||||
|
||||
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 107 KiB |
File diff suppressed because one or more lines are too long
|
After Width: | Height: | Size: 80 KiB |
@@ -0,0 +1,57 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Layer_1" data-name="Layer 1" viewBox="0 0 32 32">
|
||||
<defs>
|
||||
<style>.cls-1{fill:none;}.cls-2{fill:#00a8b7;}.cls-3{clip-path:url(#clip-path);}.cls-4{fill:#fff;}.cls-5{fill:#ee4036;}</style>
|
||||
<clipPath id="clip-path">
|
||||
<rect class="cls-1" x="2.69" y="1" width="26.62" height="30" />
|
||||
</clipPath>
|
||||
</defs>
|
||||
<title>NeuraLegion Logo</title>
|
||||
<rect class="cls-2" x="10.08" y="1.86" width="0.47" height="11.32" transform="translate(-2.29 9.54) rotate(-45.22)" />
|
||||
<rect class="cls-2" x="10.22" y="1.74" width="0.47" height="18.7" transform="translate(-4.05 6.41) rotate(-28.8)" />
|
||||
<rect class="cls-2" x="9.82" y="2.43" width="0.47" height="26.34" transform="translate(-4.99 4.72) rotate(-21.33)" />
|
||||
<rect class="cls-2" x="6.07" y="2.68" width="8.37" height="0.47" />
|
||||
<rect class="cls-2" x="5.95" y="11.82" width="8.37" height="0.47" />
|
||||
<rect class="cls-2" x="5.95" y="20.17" width="8.37" height="0.47" />
|
||||
<polygon class="cls-2" points="14.16 20.35 5.79 12.62 6.11 12.28 14.48 20.01 14.16 20.35" />
|
||||
<rect class="cls-2" x="9.9" y="19.68" width="0.47" height="11.39" transform="translate(-15.38 15.6) rotate(-47.27)" />
|
||||
<rect class="cls-2" x="4.91" y="7.41" width="11.06" height="0.47" transform="translate(-2.43 9.01) rotate(-42.26)" />
|
||||
<rect class="cls-2" x="5.02" y="16.06" width="11" height="0.47" transform="translate(-8.09 10.82) rotate(-40.75)" />
|
||||
<rect class="cls-2" x="1.74" y="11.57" width="17.39" height="0.47" transform="translate(-5.2 13.79) rotate(-55.76)" />
|
||||
<rect class="cls-2" x="16.03" y="7.3" width="11.32" height="0.47" transform="translate(0.99 17.47) rotate(-44.79)" />
|
||||
<rect class="cls-2" x="12.32" y="10.79" width="18.53" height="0.47" transform="translate(1.53 24.64) rotate(-61.23)" />
|
||||
<rect class="cls-2" x="8.78" y="15.38" width="26.34" height="0.47" transform="translate(-0.58 30.37) rotate(-68.65)" />
|
||||
<rect class="cls-2" x="17.56" y="2.7" width="8.37" height="0.47" />
|
||||
<rect class="cls-2" x="17.68" y="11.83" width="8.37" height="0.47" />
|
||||
<rect class="cls-2" x="17.68" y="20.18" width="8.37" height="0.47" />
|
||||
<rect class="cls-2" x="16.17" y="16.09" width="11.39" height="0.47" transform="translate(-5.27 19.2) rotate(-42.8)" />
|
||||
<polygon class="cls-2" points="17.84 29.43 17.52 29.09 25.89 21.36 26.2 21.7 17.84 29.43" />
|
||||
<rect class="cls-2" x="21.32" y="2.13" width="0.47" height="11.06" transform="translate(1.39 18.47) rotate(-47.75)" />
|
||||
<rect class="cls-2" x="21.25" y="10.81" width="0.47" height="11" transform="translate(-4.9 21.93) rotate(-49.23)" />
|
||||
<rect class="cls-2" x="21.15" y="2.79" width="0.47" height="17.81" transform="translate(-2.86 14.26) rotate(-34.73)" />
|
||||
<rect class="cls-2" x="4.37" y="2.82" width="0.47" height="16.94" />
|
||||
<rect class="cls-2" x="27.16" y="2.82" width="0.47" height="16.94" />
|
||||
<g class="cls-3">
|
||||
<path class="cls-4" d="M17.69,2.92A1.69,1.69,0,1,1,16,1.22a1.69,1.69,0,0,1,1.69,1.7" />
|
||||
<path class="cls-4" d="M17.69,11.66A1.69,1.69,0,1,1,16,10a1.68,1.68,0,0,1,1.69,1.69h0" />
|
||||
<path class="cls-4" d="M17.69,20.4A1.69,1.69,0,1,1,16,18.71h0a1.69,1.69,0,0,1,1.69,1.69" />
|
||||
<path class="cls-4" d="M17.69,29.08A1.69,1.69,0,1,1,16,27.39h0a1.69,1.69,0,0,1,1.69,1.69" />
|
||||
<path class="cls-5" d="M16,1.48a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,1.48m0,3.37a1.92,1.92,0,1,1,1.94-1.93A1.92,1.92,0,0,1,16,4.85h0" />
|
||||
<path class="cls-5" d="M16,10.21a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,10.21m0,3.37a1.92,1.92,0,1,1,1.94-1.92A1.92,1.92,0,0,1,16,13.58h0" />
|
||||
<path class="cls-5" d="M16,19a1.46,1.46,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,19m0,3.37a1.92,1.92,0,1,1,1.94-1.92A1.92,1.92,0,0,1,16,22.32h0" />
|
||||
<path class="cls-5" d="M16,27.63a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,27.63M16,31a1.92,1.92,0,0,1,0-3.84A1.92,1.92,0,0,1,16,31h0" />
|
||||
<path class="cls-4" d="M6.29,2.92A1.7,1.7,0,1,1,4.6,1.22a1.69,1.69,0,0,1,1.69,1.7" />
|
||||
<path class="cls-5" d="M4.61,1.48A1.45,1.45,0,1,0,6.06,2.93,1.46,1.46,0,0,0,4.61,1.48m0,3.37A1.92,1.92,0,1,1,6.53,2.93,1.92,1.92,0,0,1,4.61,4.85" />
|
||||
<path class="cls-4" d="M6.29,11.66A1.7,1.7,0,1,1,4.6,10a1.69,1.69,0,0,1,1.69,1.69h0" />
|
||||
<path class="cls-5" d="M4.61,10.21a1.45,1.45,0,1,0,1.45,1.45,1.46,1.46,0,0,0-1.45-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.93,1.93,0,0,1-1.92,1.92" />
|
||||
<path class="cls-4" d="M6.29,20.4A1.7,1.7,0,1,1,4.6,18.71h0A1.69,1.69,0,0,1,6.29,20.4" />
|
||||
<path class="cls-5" d="M4.61,19A1.46,1.46,0,1,0,6.06,20.4,1.46,1.46,0,0,0,4.61,19m0,3.37A1.92,1.92,0,1,1,6.53,20.4h0a1.93,1.93,0,0,1-1.92,1.92" />
|
||||
<path class="cls-4" d="M25.71,2.93A1.7,1.7,0,1,0,27.4,1.24a1.7,1.7,0,0,0-1.69,1.69" />
|
||||
<path class="cls-5" d="M27.39,1.48a1.45,1.45,0,1,0,1.46,1.45,1.45,1.45,0,0,0-1.46-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.92" />
|
||||
<path class="cls-4" d="M25.71,11.67A1.7,1.7,0,1,0,27.4,10h0a1.69,1.69,0,0,0-1.69,1.69" />
|
||||
<path class="cls-5" d="M27.39,10.22a1.46,1.46,0,1,0,1.46,1.45,1.45,1.45,0,0,0-1.46-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.92" />
|
||||
<path class="cls-4" d="M25.71,20.42a1.7,1.7,0,1,0,1.69-1.7,1.69,1.69,0,0,0-1.69,1.7" />
|
||||
<path class="cls-5" d="M27.39,19a1.45,1.45,0,1,0,1.46,1.45A1.45,1.45,0,0,0,27.39,19m0,3.36a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.91" />
|
||||
</g>
|
||||
</svg>
|
||||
|
||||
|
After Width: | Height: | Size: 5.3 KiB |
@@ -1,6 +0,0 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="48" height="56" viewBox="0 0 12 14">
|
||||
<g fill="none" transform="translate(.273)">
|
||||
<path fill="#3ECF8E" d="M6.58331113,6.33077948 L11.6238175,2.4479014 L11.6238175,2.4479014 L11.2060959,7.99085054 C11.2211336,8.91495832 10.9483693,9.82047503 10.4263491,10.5794359 L6.58331113,7.62507217 C6.38528073,7.46998821 6.26938579,7.23107476 6.26938579,6.97792583 C6.26938579,6.7247769 6.38528073,6.48586344 6.58331113,6.33077948 Z"/>
|
||||
<path fill="#272E41" d="M3.01875417,7.62507217 C2.82072377,7.46998821 2.70482883,7.23107476 2.70482883,6.97792583 C2.70482883,6.7247769 2.82072377,6.48586344 3.01875417,6.33077948 L10.2592605,0.73155674 C8.8076625,0.269755812 7.29739607,0.0233334477 5.77571619,-6.66133815e-14 C4.20929977,0.0333974525 2.65444039,0.2794543 1.15293138,0.73155674 C0.419515934,0.961133276 -0.057529416,1.67476042 0.00558960995,2.4479014 L0.423311129,7.99085054 C0.428880749,11.4516767 3.90432379,13.2242949 5.27445037,13.8714413 C5.61344719,14.0121506 5.99368139,14.0121506 6.33267822,13.8714413 C7.29277353,13.4733716 8.17818289,12.9118747 8.95039974,12.2113702 L3.01875417,7.62507217 Z"/>
|
||||
</g>
|
||||
</svg>
|
||||
|
Before Width: | Height: | Size: 1.2 KiB |
@@ -0,0 +1,20 @@
|
||||
<?xml version="1.0" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
|
||||
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
|
||||
<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
|
||||
width="500.000000pt" height="500.000000pt" viewBox="0 0 500.000000 500.000000"
|
||||
preserveAspectRatio="xMidYMid meet">
|
||||
|
||||
<g transform="translate(0.000000,500.000000) scale(0.100000,-0.100000)"
|
||||
fill="#000000" stroke="none">
|
||||
<path d="M430 4255 c0 -3 250 -438 555 -967 305 -528 555 -963 555 -965 0 -1
|
||||
-180 -3 -400 -3 l-400 0 0 -75 0 -75 447 -2 446 -3 431 -747 c237 -411 433
|
||||
-748 436 -747 3 0 199 336 435 747 l431 747 447 3 447 2 0 75 0 75 -400 0
|
||||
c-220 0 -400 2 -400 4 0 2 248 433 551 957 303 525 553 960 556 967 4 9 -413
|
||||
12 -2066 12 -1139 0 -2071 -2 -2071 -5z m3833 -223 c-21 -38 -252 -438 -513
|
||||
-890 l-475 -822 -775 0 -776 0 -494 857 c-272 471 -503 871 -513 890 l-17 33
|
||||
1801 0 1801 0 -39 -68z m-1087 -1878 c-10 -25 -658 -1147 -670 -1161 -8 -8
|
||||
-98 140 -343 565 -182 318 -335 585 -338 595 -7 16 29 17 675 17 629 0 682 -1
|
||||
676 -16z"/>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.0 KiB |
@@ -0,0 +1,20 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 23.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<svg version="1.1" id="Calque_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve">
|
||||
<style type="text/css">
|
||||
.st0{fill:#F3702A;}
|
||||
</style>
|
||||
<title>SonarCloud icon</title>
|
||||
<g id="Illustration_6">
|
||||
<path class="st0" d="M427.5,237.9c-14.5-17.7-33.9-30.7-55.8-37.5c0-0.4,0-0.9,0-1.4c0.6-64.3-51-116.9-115.3-117.5
|
||||
s-116.9,51-117.5,115.3c0,0.7,0,1.4,0,2.2c0,0.5,0,1.1,0,1.6C77.6,220,43.6,285.4,63,346.7s84.8,95.3,146.1,75.9
|
||||
c17.6-5.5,33.6-15.2,46.7-28.1c45.8,45.1,119.4,44.6,164.6-1.1C462.1,351,465.2,284,427.5,237.9L427.5,237.9z M337.5,398.8
|
||||
c-48.1,0-87.1-39-87.1-87.1c0.2-8.1-6.2-14.8-14.3-15s-14.8,6.2-15,14.3c0,0.3,0,0.5,0,0.8c0,21,5.7,41.6,16.4,59.6
|
||||
c-32.9,35-88,36.6-123,3.7s-36.6-88-3.7-123c23.9-25.4,60.6-34,93.3-22l0.3,0.1c3.3,1.1,8.1,3.3,9.5,4.6c5.9,5.5,15.2,5.2,20.7-0.8
|
||||
c5.5-5.9,5.2-15.2-0.8-20.7c-0.3-0.3-0.6-0.5-0.9-0.7c-6.4-5.5-16.5-9.2-19-10c-12.8-4.7-26.4-7.1-40.1-7.1c-1.9,0-3.8,0-5.6,0.1
|
||||
c2-48.1,42.6-85.4,90.7-83.3s85.4,42.6,83.3,90.7c-1.1,26.9-14.6,51.7-36.5,67.3c-6.7,4.6-8.3,13.7-3.7,20.4s13.7,8.3,20.4,3.7
|
||||
c0.1-0.1,0.2-0.2,0.4-0.3c21.8-15.6,37.6-38.2,44.7-64c45.1,16.6,68.2,66.7,51.6,111.8C406.5,376,373.9,398.7,337.5,398.8
|
||||
L337.5,398.8z"/>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.4 KiB |
@@ -9,6 +9,7 @@
|
||||
"Continuous integration",
|
||||
"Deployment",
|
||||
"Code Scanning",
|
||||
"Dependency review",
|
||||
"Automation"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user