Merge branch 'main' into patch-1

This commit is contained in:
Mattias Cibien
2022-05-02 15:04:40 +02:00
committed by GitHub
40 changed files with 874 additions and 111 deletions
+1 -1
View File
@@ -1,3 +1,3 @@
* @actions/starter-workflows
/code-scanning/ @actions/advanced-security-code-scanning
/code-scanning/ @actions/advanced-security-code-scanning @actions/starter-workflows
+1 -1
View File
@@ -1,6 +1,6 @@
name: Greetings
on: [pull_request, issues]
on: [pull_request_target, issues]
jobs:
greeting:
+3 -3
View File
@@ -41,9 +41,9 @@ jobs:
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
uses: sigstore/cosign-installer@d6a3abf1bdea83574e28d40543793018b6035605
with:
cosign-release: 'v1.4.0'
cosign-release: 'v1.7.1'
# Workaround: https://github.com/docker/build-push-action/issues/461
@@ -72,7 +72,7 @@ jobs:
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.17
go-version: 1.18
- name: Build
run: go build -v ./...
+2 -2
View File
@@ -26,7 +26,7 @@ jobs:
platform: ${{ 'iOS Simulator' }}
run: |
# xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}' | sed -e "s/ Simulator$//"`
if [ $scheme = default ]; then scheme=$(cat default); fi
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
@@ -37,7 +37,7 @@ jobs:
platform: ${{ 'iOS Simulator' }}
run: |
# xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}' | sed -e "s/ Simulator$//"`
if [ $scheme = default ]; then scheme=$(cat default); fi
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
+1 -1
View File
@@ -1,5 +1,5 @@
{
"name": "Ruby on Rails continuous integration",
"name": "Ruby on Rails",
"description": "Build, lint, and test a Rails application",
"iconName": "rails",
"categories": ["Continuous integration", "Ruby", "Rails"]
+1 -1
View File
@@ -30,7 +30,7 @@ jobs:
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
# change this to (see https://github.com/ruby/setup-ruby#versioning):
# uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124
with:
ruby-version: ${{ matrix.ruby-version }}
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+53
View File
@@ -0,0 +1,53 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# clj-watson scans dependencies in a clojure deps.edn
# seeking for vulnerable direct/transitive dependencies and
# build a report with all the information needed to help you
# understand how the vulnerability manifest in your software.
# More details at https://github.com/clj-holmes/clj-watson
name: clj-watson
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
clj-holmes:
name: Run clj-watson scanning
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Dependency scan
uses: clj-holmes/clj-watson-action@39b8ed306f2c125860cf6e69b6939363689f998c
with:
clj-watson-sha: "65d928c"
clj-watson-tag: "v4.0.1"
database-strategy: github-advisory
aliases: clojure-lsp,test
deps-edn-path: deps.edn
suggest-fix: true
output-type: sarif
output-file: clj-watson-results.sarif
fail-on-result: false
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{github.workspace}}/clj-watson-results.sarif
wait-for-processing: true
+2 -2
View File
@@ -34,7 +34,7 @@ jobs:
matrix:
language: [ $detected-codeql-languages ]
# CodeQL supports [ $supported-codeql-languages ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
- name: Checkout repository
@@ -56,7 +56,7 @@ jobs:
uses: github/codeql-action/autobuild@v2
# ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
+20
View File
@@ -0,0 +1,20 @@
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v1
+49
View File
@@ -0,0 +1,49 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# ESLint is a tool for identifying and reporting on patterns
# found in ECMAScript/JavaScript code.
# More details at https://github.com/eslint/eslint
# and https://eslint.org
name: ESLint
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
eslint:
name: Run eslint scanning
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install ESLint
run: |
npm install eslint@8.10.0
npm install @microsoft/eslint-formatter-sarif@2.1.7
- name: Run ESLint
run: npx eslint .
--config .eslintrc.js
--ext .js,.jsx,.ts,.tsx
--format @microsoft/eslint-formatter-sarif
--output-file eslint-results.sarif
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: eslint-results.sarif
wait-for-processing: true
+175
View File
@@ -0,0 +1,175 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# Run a Nexploit Scan
# This action runs a new security scan in Nexploit, or reruns an existing one.
# Build Secure Apps & APIs. Fast.
# [NeuraLegion](https://www.neuralegion.com) is a powerful dynamic application & API security testing (DAST) platform that security teams trust and developers love.
# Automatically Tests Every Aspect of Your Apps & APIs
# Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports
# Seamlessly integrates with the Tools and Workflows You Already Use
#
# NeuraLegion works with your existing CI/CD pipelines trigger scans on every commit, pull request or build with unit testing.
# Spin-Up, Configure and Control Scans with Code
# One file. One command. One scan. No UI needed.
#
# Super-Fast Scans
#
# Interacts with applications and APIs, instead of just crawling them and guessing.
# Scans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.
#
# No False Positives
#
# Stop chasing ghosts and wasting time. NeuraLegion doesnt return false positives, so you can focus on releasing code.
#
# Comprehensive Security Testing
#
# NeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE -- as well as uncommon vulnerabilities, such as business logic vulnerabilities.
#
# More information is available on NeuraLegions:
# * [Website](https://www.neuralegion.com/)
# * [Knowledge base](https://docs.neuralegion.com/docs/quickstart)
# * [YouTube channel](https://www.youtube.com/channel/UCoIC0T1pmozq3eKLsUR2uUw)
# * [GitHub Actions](https://github.com/marketplace?query=neuralegion+)
#
# Inputs
#
# `name`
#
# **Required**. Scan name.
#
# _Example:_ `name: GitHub scan ${{ github.sha }}`
#
# `api_token`
#
# **Required**. Your Nexploit API authorization token (key). You can generate it in the **Organization** section on [nexploit.app](https://nexploit.app/login). Find more information [here](https://kb.neuralegion.com/#/guide/np-web-ui/advanced-set-up/managing-org?id=managing-organization-apicli-authentication-tokens).
#
# _Example:_ `api_token: ${{ secrets.NEXPLOIT_TOKEN }}`
#
# `restart_scan`
#
# **Required** when restarting an existing scan by its ID. You can get the scan ID in the Scans section on [nexploit.app](https://nexploit.app/login).<br> Please make sure to only use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements.
#
# _Example:_ `restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ)`
#
# `discovery_types`
#
# **Required**. Array of discovery types. The following types are available:
# * `archive` - uses an uploaded HAR-file for a scan
# * `crawler` - uses a crawler to define the attack surface for a scan
# * `oas` - uses an uploaded OpenAPI schema for a scan <br>
# If no discovery type is specified, `crawler` is applied by default.
#
# _Example:_
#
# ```yml
# discovery_types: |
# [ "crawler", "archive" ]
# ```
#
# `file_id`
#
# **Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [nexploit.app](https://nexploit.app/login).
#
# _Example:_
#
# ```
# FILE_ID=$(nexploit-cli archive:upload \
# --token ${{ secrets.NEXPLOIT_TOKEN }} \
# --discard true \
# ./example.har)
# ```
#
# `crawler_urls`
#
# **Required** if the discovery type is set to `crawler`. Target URLs to be used by the crawler to define the attack surface.
#
# _Example:_
#
# ```
# crawler_urls: |
# [ "http://vulnerable-bank.com" ]
# ```
#
# `hosts_filter`
#
# **Required** when the the discovery type is set to `archive`. Allows selecting specific hosts for a scan.
#
# Outputs
#
# `url`
#
# Url of the resulting scan
#
# `id`
#
# ID of the created scan. This ID could then be used to restart the scan, or for the following GitHub actions:
# * [Nexploit Wait for Issues](https://github.com/marketplace/actions/nexploit-wait-for-issues)
# * [Nexploit Stop Scan](https://github.com/marketplace/actions/nexploit-stop-scan)
#
# Example usage
#
# Start a new scan with parameters
#
# ```yml
# steps:
# - name: Start Nexploit Scan
# id: start
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
# with:
# api_token: ${{ secrets.NEXPLOIT_TOKEN }}
# name: GitHub scan ${{ github.sha }}
# discovery_types: |
# [ "crawler", "archive" ]
# crawler_urls: |
# [ "http://vulnerable-bank.com" ]
# file_id: LiYknMYSdbSZbqgMaC9Sj
# hosts_filter: |
# [ ]
# - name: Get the output scan url
# run: echo "The scan was started on ${{ steps.start.outputs.url }}"
# ```
#
# Restart an existing scan
#
# ```yml
# steps:
# - name: Start Nexploit Scan
# id: start
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
# with:
# api_token: ${{ secrets.NEXPLOIT_TOKEN }}
# name: GitHub scan ${{ github.sha }}
# restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ
# - name: Get the output scan url
# run: echo "The scan was started on ${{ steps.start.outputs.url }}"
name: "NeuraLegion"
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
neuralegion_scan:
runs-on: ubuntu-18.04
name: A job to run a Nexploit scan
steps:
- uses: actions/checkout@v2
- name: Start Nexploit Scan 🏁
id: start
uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
with:
api_token: ${{ secrets.NEURALEGION_TOKEN }}
name: GitHub scan ${{ github.sha }}
discovery_types: |
[ "crawler" ]
crawler_urls: |
[ "https://brokencrystals.com" ] # ✏️ Update this to the url you wish to scan
+6
View File
@@ -13,8 +13,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
pmd-code-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@@ -0,0 +1,9 @@
{
"name": "clj-watson",
"description": "Scan Clojure/Clojurescript projects for vulnerable direct/transitive dependencies.",
"iconName": "clj-watson",
"categories": [
"Code Scanning",
"Clojure"
]
}
@@ -0,0 +1,16 @@
{
"name": "Dependency Review",
"description": "Scans Pull Requests on each push for the introduction and/or resolution of vulnerable dependencies to the repository",
"iconName": "octicon mark-github",
"categories": [
"Dependency review",
"Dependency graph",
"Go",
"Java",
"JavaScript",
"TypeScript",
"Python",
"Ruby",
"Actions",
"PHP"]
}
@@ -0,0 +1,11 @@
{
"name": "ESLint",
"description": "A tool for identifying and reporting the problems found in ECMAScript/JavaScript code.",
"iconName": "eslint",
"categories": [
"Code Scanning",
"JavaScript",
"EcmaScript",
"TypeScript"
]
}
@@ -0,0 +1,24 @@
{
"name": "NeuraLegion",
"creator": "NeuraLegion",
"description": "Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports",
"iconName": "neuralegion",
"categories": [
"Code Scanning",
"C",
"C#",
"C++",
"Go",
"Java",
"JavaScript",
"Kotlin",
"Objective C",
"PHP",
"Python",
"Ruby",
"Rust",
"Scala",
"Swift",
"TypeScript"
]
}
@@ -0,0 +1,9 @@
{
"name": "rust-clippy",
"description": "A collection of lints to catch common mistakes and improve your Rust code.",
"iconName": "rust",
"categories": [
"Code Scanning",
"rust"
]
}
@@ -1,7 +0,0 @@
{
"name": "Scan",
"creator": "ShiftLeft",
"description": "Scan is a free open-source security tool for modern DevOps teams from ShiftLeft.",
"iconName": "shiftleft",
"categories": ["Code Scanning"]
}
@@ -0,0 +1,11 @@
{
"name": "Sobelow",
"creator": "nccgroup",
"description": "Sobelow is a security-focused static analysis tool for the Phoenix framework.",
"iconName": "sobelow",
"categories": [
"Code Scanning",
"Elixir"
]
}
@@ -0,0 +1,7 @@
{
"name": "SonarCloud",
"creator": "Sonar",
"description": "Static analysis of code for vulnerability detection, covering 26+ languages. Start cleaning your code in minutes!",
"iconName": "sonarcloud",
"categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"]
}
+54
View File
@@ -0,0 +1,54 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# rust-clippy is a tool that runs a bunch of lints to catch common
# mistakes in your Rust code and help improve your Rust code.
# More details at https://github.com/rust-lang/rust-clippy
# and https://rust-lang.github.io/rust-clippy/
name: rust-clippy analyze
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
rust-clippy-analyze:
name: Run rust-clippy analyzing
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Rust toolchain
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
with:
profile: minimal
toolchain: stable
components: clippy
override: true
- name: Install required cargo
run: cargo install clippy-sarif sarif-fmt
- name: Run rust-clippy
run:
cargo clippy
--all-features
--message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: rust-clippy-results.sarif
wait-for-processing: true
-47
View File
@@ -1,47 +0,0 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow integrates Scan with GitHub's code scanning feature
# Scan is a free open-source security tool for modern DevOps teams from ShiftLeft
# Visit https://slscan.io/en/latest/integrations/code-scan for help
name: SL Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
Scan-Build:
# Scan runs on ubuntu, mac and windows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# Instructions
# 1. Setup JDK, Node.js, Python etc depending on your project type
# 2. Compile or build the project before invoking scan
# Example: mvn compile, or npm install or pip install goes here
# 3. Invoke Scan with the github token. Leave the workspace empty to use relative url
- name: Perform Scan
uses: ShiftLeftSecurity/scan-action@39af9e54bc599c8077e710291d790175c9231f64
env:
WORKSPACE: ""
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SCAN_AUTO_BUILD: true
with:
output: reports
# Scan auto-detects the languages in your project. To override uncomment the below variable and set the type
# type: credscan,java
# type: python
- name: Upload report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: reports
+40
View File
@@ -0,0 +1,40 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# Sobelow is a security-focused static analysis tool for the Phoenix framework. https://sobelow.io/
#
# To use this workflow, you must have GitHub Advanced Security (GHAS) enabled for your repository.
#
# Instructions:
# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
# and review the "Security" tab once the action has run.
name: Sobelow
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: run-action
uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912
- name: Upload report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
+68
View File
@@ -0,0 +1,68 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow helps you trigger a SonarCloud analysis of your code and populates
# GitHub Code Scanning alerts with the vulnerabilities found.
# Free for open source project.
# 1. Login to SonarCloud.io using your GitHub account
# 2. Import your project on SonarCloud
# * Add your GitHub organization first, then add your repository as a new project.
# * Please note that many languages are eligible for automatic analysis,
# which means that the analysis will start automatically without the need to set up GitHub Actions.
# * This behavior can be changed in Administration > Analysis Method.
#
# 3. Follow the SonarCloud in-product tutorial
# * a. Copy/paste the Project Key and the Organization Key into the args parameter below
# (You'll find this information in SonarCloud. Click on "Information" at the bottom left)
#
# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN
# (On SonarCloud, click on your avatar on top-right > My account > Security
# or go directly to https://sonarcloud.io/account/security/)
# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/)
# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9)
name: SonarCloud analysis
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
workflow_dispatch:
permissions:
pull-requests: read # allows SonarCloud to decorate PRs with analysis results
jobs:
Analysis:
runs-on: ubuntu-latest
steps:
- name: Analyze with SonarCloud
# You can pin the exact commit or the version.
# uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
with:
# Additional arguments for the sonarcloud scanner
args:
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
# mandatory
-Dsonar.projectKey=
-Dsonar.organization=
# Comma-separated paths to directories containing main source files.
#-Dsonar.sources= # optional, default is project base directory
# When you need the analysis to take place in a directory other than the one from which it was launched
#-Dsonar.projectBaseDir= # optional, default is .
# Comma-separated paths to directories containing test source files.
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
#-Dsonar.verbose= # optional, default is false
+3
View File
@@ -40,6 +40,9 @@ env:
ACR_EE_IMAGE: repo
ACR_EE_TAG: ${{ github.sha }}
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
+3
View File
@@ -41,6 +41,9 @@ env:
CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the
# containerDefinitions section of your task definition
permissions:
contents: read
jobs:
deploy:
name: Deploy
+46 -9
View File
@@ -9,17 +9,17 @@
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux)):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
#
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Helm.
# Set your helmChart, overrideFiles, overrides, and helm-version to suit your configuration.
@@ -48,12 +48,10 @@ env:
CHART_OVERRIDE_PATH: "your-chart-override-path"
jobs:
build:
buildImage:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
@@ -72,6 +70,20 @@ jobs:
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
@@ -85,7 +97,9 @@ jobs:
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
@@ -96,7 +110,30 @@ jobs:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Runs Helm to create manifest files
- name: Bake deployment
@@ -112,11 +149,11 @@ jobs:
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.0
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
${{ env.IMAGE_PULL_SECRET_NAME }}
@@ -9,17 +9,17 @@
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
#
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Kompose.
# Set your dockerComposeFile and kompose-version to suit your configuration.
@@ -40,12 +40,10 @@ env:
DOCKER_COMPOSE_FILE_PATH: "your-docker-compose-file-path"
jobs:
build:
buildImage:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
@@ -63,7 +61,21 @@ jobs:
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
@@ -77,7 +89,9 @@ jobs:
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
@@ -88,7 +102,33 @@ jobs:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Runs Kompose to create manifest files
- name: Bake deployment
@@ -101,11 +141,11 @@ jobs:
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.0
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
${{ env.IMAGE_PULL_SECRET_NAME }}
@@ -9,17 +9,17 @@
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
#
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Kustomize.
# Set your kustomizationPath and kubectl-version to suit your configuration.
@@ -46,12 +46,10 @@ env:
KUSTOMIZE_PATH: "your-kustomize-path"
jobs:
build:
buildImage:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
@@ -69,6 +67,23 @@ jobs:
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
@@ -83,7 +98,9 @@ jobs:
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
@@ -94,7 +111,33 @@ jobs:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Runs Kustomize to create manifest files
- name: Bake deployment
@@ -107,11 +150,11 @@ jobs:
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.0
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
${{ env.IMAGE_PULL_SECRET_NAME }}
+47 -8
View File
@@ -8,8 +8,7 @@
#
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# 1. Set the following secrets in your repository (instructions for getting these can be found at https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
@@ -19,7 +18,7 @@
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
# - DEPLOYMENT_MANIFEST_PATH (path to the manifest yaml for your deployment)
#
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
@@ -43,12 +42,10 @@ env:
DEPLOYMENT_MANIFEST_PATH: 'your-deployment-manifest-path'
jobs:
build:
buildImage:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
@@ -67,6 +64,20 @@ jobs:
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
@@ -80,7 +91,9 @@ jobs:
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
@@ -93,13 +106,39 @@ jobs:
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Deploys application based on given manifest file
- name: Deploys application
uses: Azure/k8s-deploy@v3.0
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
${{ env.IMAGE_PULL_SECRET_NAME }}
+3
View File
@@ -27,6 +27,9 @@ env:
TKE_CLUSTER_ID: cls-mywebapp
DEPLOYMENT_NAME: tke-test
permissions:
contents: read
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
+5 -2
View File
@@ -50,6 +50,9 @@ on:
- $default-branch
pull_request:
permissions:
contents: read
jobs:
terraform:
name: 'Terraform'
@@ -82,10 +85,10 @@ jobs:
# Generates an execution plan for Terraform
- name: Terraform Plan
run: terraform plan
run: terraform plan -input=false
# On push to $default-branch, build or change infrastructure according to Terraform configuration files
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
- name: Terraform Apply
if: github.ref == 'refs/heads/$default-branch' && github.event_name == 'push'
run: terraform apply -auto-approve
run: terraform apply -auto-approve -input=false
File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 107 KiB

+1
View File
File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 80 KiB

+57
View File
@@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Layer_1" data-name="Layer 1" viewBox="0 0 32 32">
<defs>
<style>.cls-1{fill:none;}.cls-2{fill:#00a8b7;}.cls-3{clip-path:url(#clip-path);}.cls-4{fill:#fff;}.cls-5{fill:#ee4036;}</style>
<clipPath id="clip-path">
<rect class="cls-1" x="2.69" y="1" width="26.62" height="30" />
</clipPath>
</defs>
<title>NeuraLegion Logo</title>
<rect class="cls-2" x="10.08" y="1.86" width="0.47" height="11.32" transform="translate(-2.29 9.54) rotate(-45.22)" />
<rect class="cls-2" x="10.22" y="1.74" width="0.47" height="18.7" transform="translate(-4.05 6.41) rotate(-28.8)" />
<rect class="cls-2" x="9.82" y="2.43" width="0.47" height="26.34" transform="translate(-4.99 4.72) rotate(-21.33)" />
<rect class="cls-2" x="6.07" y="2.68" width="8.37" height="0.47" />
<rect class="cls-2" x="5.95" y="11.82" width="8.37" height="0.47" />
<rect class="cls-2" x="5.95" y="20.17" width="8.37" height="0.47" />
<polygon class="cls-2" points="14.16 20.35 5.79 12.62 6.11 12.28 14.48 20.01 14.16 20.35" />
<rect class="cls-2" x="9.9" y="19.68" width="0.47" height="11.39" transform="translate(-15.38 15.6) rotate(-47.27)" />
<rect class="cls-2" x="4.91" y="7.41" width="11.06" height="0.47" transform="translate(-2.43 9.01) rotate(-42.26)" />
<rect class="cls-2" x="5.02" y="16.06" width="11" height="0.47" transform="translate(-8.09 10.82) rotate(-40.75)" />
<rect class="cls-2" x="1.74" y="11.57" width="17.39" height="0.47" transform="translate(-5.2 13.79) rotate(-55.76)" />
<rect class="cls-2" x="16.03" y="7.3" width="11.32" height="0.47" transform="translate(0.99 17.47) rotate(-44.79)" />
<rect class="cls-2" x="12.32" y="10.79" width="18.53" height="0.47" transform="translate(1.53 24.64) rotate(-61.23)" />
<rect class="cls-2" x="8.78" y="15.38" width="26.34" height="0.47" transform="translate(-0.58 30.37) rotate(-68.65)" />
<rect class="cls-2" x="17.56" y="2.7" width="8.37" height="0.47" />
<rect class="cls-2" x="17.68" y="11.83" width="8.37" height="0.47" />
<rect class="cls-2" x="17.68" y="20.18" width="8.37" height="0.47" />
<rect class="cls-2" x="16.17" y="16.09" width="11.39" height="0.47" transform="translate(-5.27 19.2) rotate(-42.8)" />
<polygon class="cls-2" points="17.84 29.43 17.52 29.09 25.89 21.36 26.2 21.7 17.84 29.43" />
<rect class="cls-2" x="21.32" y="2.13" width="0.47" height="11.06" transform="translate(1.39 18.47) rotate(-47.75)" />
<rect class="cls-2" x="21.25" y="10.81" width="0.47" height="11" transform="translate(-4.9 21.93) rotate(-49.23)" />
<rect class="cls-2" x="21.15" y="2.79" width="0.47" height="17.81" transform="translate(-2.86 14.26) rotate(-34.73)" />
<rect class="cls-2" x="4.37" y="2.82" width="0.47" height="16.94" />
<rect class="cls-2" x="27.16" y="2.82" width="0.47" height="16.94" />
<g class="cls-3">
<path class="cls-4" d="M17.69,2.92A1.69,1.69,0,1,1,16,1.22a1.69,1.69,0,0,1,1.69,1.7" />
<path class="cls-4" d="M17.69,11.66A1.69,1.69,0,1,1,16,10a1.68,1.68,0,0,1,1.69,1.69h0" />
<path class="cls-4" d="M17.69,20.4A1.69,1.69,0,1,1,16,18.71h0a1.69,1.69,0,0,1,1.69,1.69" />
<path class="cls-4" d="M17.69,29.08A1.69,1.69,0,1,1,16,27.39h0a1.69,1.69,0,0,1,1.69,1.69" />
<path class="cls-5" d="M16,1.48a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,1.48m0,3.37a1.92,1.92,0,1,1,1.94-1.93A1.92,1.92,0,0,1,16,4.85h0" />
<path class="cls-5" d="M16,10.21a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,10.21m0,3.37a1.92,1.92,0,1,1,1.94-1.92A1.92,1.92,0,0,1,16,13.58h0" />
<path class="cls-5" d="M16,19a1.46,1.46,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,19m0,3.37a1.92,1.92,0,1,1,1.94-1.92A1.92,1.92,0,0,1,16,22.32h0" />
<path class="cls-5" d="M16,27.63a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,27.63M16,31a1.92,1.92,0,0,1,0-3.84A1.92,1.92,0,0,1,16,31h0" />
<path class="cls-4" d="M6.29,2.92A1.7,1.7,0,1,1,4.6,1.22a1.69,1.69,0,0,1,1.69,1.7" />
<path class="cls-5" d="M4.61,1.48A1.45,1.45,0,1,0,6.06,2.93,1.46,1.46,0,0,0,4.61,1.48m0,3.37A1.92,1.92,0,1,1,6.53,2.93,1.92,1.92,0,0,1,4.61,4.85" />
<path class="cls-4" d="M6.29,11.66A1.7,1.7,0,1,1,4.6,10a1.69,1.69,0,0,1,1.69,1.69h0" />
<path class="cls-5" d="M4.61,10.21a1.45,1.45,0,1,0,1.45,1.45,1.46,1.46,0,0,0-1.45-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.93,1.93,0,0,1-1.92,1.92" />
<path class="cls-4" d="M6.29,20.4A1.7,1.7,0,1,1,4.6,18.71h0A1.69,1.69,0,0,1,6.29,20.4" />
<path class="cls-5" d="M4.61,19A1.46,1.46,0,1,0,6.06,20.4,1.46,1.46,0,0,0,4.61,19m0,3.37A1.92,1.92,0,1,1,6.53,20.4h0a1.93,1.93,0,0,1-1.92,1.92" />
<path class="cls-4" d="M25.71,2.93A1.7,1.7,0,1,0,27.4,1.24a1.7,1.7,0,0,0-1.69,1.69" />
<path class="cls-5" d="M27.39,1.48a1.45,1.45,0,1,0,1.46,1.45,1.45,1.45,0,0,0-1.46-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.92" />
<path class="cls-4" d="M25.71,11.67A1.7,1.7,0,1,0,27.4,10h0a1.69,1.69,0,0,0-1.69,1.69" />
<path class="cls-5" d="M27.39,10.22a1.46,1.46,0,1,0,1.46,1.45,1.45,1.45,0,0,0-1.46-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.92" />
<path class="cls-4" d="M25.71,20.42a1.7,1.7,0,1,0,1.69-1.7,1.69,1.69,0,0,0-1.69,1.7" />
<path class="cls-5" d="M27.39,19a1.45,1.45,0,1,0,1.46,1.45A1.45,1.45,0,0,0,27.39,19m0,3.36a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.91" />
</g>
</svg>

After

Width:  |  Height:  |  Size: 5.3 KiB

-6
View File
@@ -1,6 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" width="48" height="56" viewBox="0 0 12 14">
<g fill="none" transform="translate(.273)">
<path fill="#3ECF8E" d="M6.58331113,6.33077948 L11.6238175,2.4479014 L11.6238175,2.4479014 L11.2060959,7.99085054 C11.2211336,8.91495832 10.9483693,9.82047503 10.4263491,10.5794359 L6.58331113,7.62507217 C6.38528073,7.46998821 6.26938579,7.23107476 6.26938579,6.97792583 C6.26938579,6.7247769 6.38528073,6.48586344 6.58331113,6.33077948 Z"/>
<path fill="#272E41" d="M3.01875417,7.62507217 C2.82072377,7.46998821 2.70482883,7.23107476 2.70482883,6.97792583 C2.70482883,6.7247769 2.82072377,6.48586344 3.01875417,6.33077948 L10.2592605,0.73155674 C8.8076625,0.269755812 7.29739607,0.0233334477 5.77571619,-6.66133815e-14 C4.20929977,0.0333974525 2.65444039,0.2794543 1.15293138,0.73155674 C0.419515934,0.961133276 -0.057529416,1.67476042 0.00558960995,2.4479014 L0.423311129,7.99085054 C0.428880749,11.4516767 3.90432379,13.2242949 5.27445037,13.8714413 C5.61344719,14.0121506 5.99368139,14.0121506 6.33267822,13.8714413 C7.29277353,13.4733716 8.17818289,12.9118747 8.95039974,12.2113702 L3.01875417,7.62507217 Z"/>
</g>
</svg>

Before

Width:  |  Height:  |  Size: 1.2 KiB

+20
View File
@@ -0,0 +1,20 @@
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
width="500.000000pt" height="500.000000pt" viewBox="0 0 500.000000 500.000000"
preserveAspectRatio="xMidYMid meet">
<g transform="translate(0.000000,500.000000) scale(0.100000,-0.100000)"
fill="#000000" stroke="none">
<path d="M430 4255 c0 -3 250 -438 555 -967 305 -528 555 -963 555 -965 0 -1
-180 -3 -400 -3 l-400 0 0 -75 0 -75 447 -2 446 -3 431 -747 c237 -411 433
-748 436 -747 3 0 199 336 435 747 l431 747 447 3 447 2 0 75 0 75 -400 0
c-220 0 -400 2 -400 4 0 2 248 433 551 957 303 525 553 960 556 967 4 9 -413
12 -2066 12 -1139 0 -2071 -2 -2071 -5z m3833 -223 c-21 -38 -252 -438 -513
-890 l-475 -822 -775 0 -776 0 -494 857 c-272 471 -503 871 -513 890 l-17 33
1801 0 1801 0 -39 -68z m-1087 -1878 c-10 -25 -658 -1147 -670 -1161 -8 -8
-98 140 -343 565 -182 318 -335 585 -338 595 -7 16 29 17 675 17 629 0 682 -1
676 -16z"/>
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.0 KiB

+20
View File
@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 23.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Calque_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve">
<style type="text/css">
.st0{fill:#F3702A;}
</style>
<title>SonarCloud icon</title>
<g id="Illustration_6">
<path class="st0" d="M427.5,237.9c-14.5-17.7-33.9-30.7-55.8-37.5c0-0.4,0-0.9,0-1.4c0.6-64.3-51-116.9-115.3-117.5
s-116.9,51-117.5,115.3c0,0.7,0,1.4,0,2.2c0,0.5,0,1.1,0,1.6C77.6,220,43.6,285.4,63,346.7s84.8,95.3,146.1,75.9
c17.6-5.5,33.6-15.2,46.7-28.1c45.8,45.1,119.4,44.6,164.6-1.1C462.1,351,465.2,284,427.5,237.9L427.5,237.9z M337.5,398.8
c-48.1,0-87.1-39-87.1-87.1c0.2-8.1-6.2-14.8-14.3-15s-14.8,6.2-15,14.3c0,0.3,0,0.5,0,0.8c0,21,5.7,41.6,16.4,59.6
c-32.9,35-88,36.6-123,3.7s-36.6-88-3.7-123c23.9-25.4,60.6-34,93.3-22l0.3,0.1c3.3,1.1,8.1,3.3,9.5,4.6c5.9,5.5,15.2,5.2,20.7-0.8
c5.5-5.9,5.2-15.2-0.8-20.7c-0.3-0.3-0.6-0.5-0.9-0.7c-6.4-5.5-16.5-9.2-19-10c-12.8-4.7-26.4-7.1-40.1-7.1c-1.9,0-3.8,0-5.6,0.1
c2-48.1,42.6-85.4,90.7-83.3s85.4,42.6,83.3,90.7c-1.1,26.9-14.6,51.7-36.5,67.3c-6.7,4.6-8.3,13.7-3.7,20.4s13.7,8.3,20.4,3.7
c0.1-0.1,0.2-0.2,0.4-0.3c21.8-15.6,37.6-38.2,44.7-64c45.1,16.6,68.2,66.7,51.6,111.8C406.5,376,373.9,398.7,337.5,398.8
L337.5,398.8z"/>
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.4 KiB

+2 -1
View File
@@ -9,6 +9,7 @@
"Continuous integration",
"Deployment",
"Code Scanning",
"Dependency review",
"Automation"
]
}
}