Merge branch 'main' into patch-1

This commit is contained in:
Clément Grégoire
2021-04-24 07:17:07 +02:00
committed by GitHub
43 changed files with 591 additions and 95 deletions
+36 -13
View File
@@ -1,32 +1,55 @@
<!--
IMPORTANT:
This repository contains configuration for what users see when they click on the `Actions` tab and the setup page for Code Scanning.
It is not:
* A playground to try out scripts
* A place for you to create a workflow for your repository
-->
## Pre-requisites
- [ ] Prior to submitting a new workflow, please apply to join the GitHub Technology Partner Program: [partner.github.com/apply](https://partner.github.com/apply?partnershipType=Technology+Partner).
---
**Please note that at this time we are only accepting new starter workflows for Code Scanning. Updates to existing starter workflows are fine.**
### **Please note that at this time we are only accepting new starter workflows for Code Scanning. Updates to existing starter workflows are fine.**
---
In the workflow and properties files:
## Tasks
- [ ] The workflow filename of CI workflows should be the name of the language or platform, in lower case. Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").
**For _all_ workflows, the workflow:**
The workflow filename of publishing workflows should be the name of the language or platform, in lower case, followed by "-publish".
- [ ] Includes a matching `ci/properties/*.properties.json` file.
- [ ] Use sentence case for the names of workflows and steps, for example "Run tests".
- [ ] The name of CI workflows should only be the name of the language or platform: for example "Go" (not "Go CI" or "Go Build")
- [ ] Include comments in the workflow for any parts that are not obvious or could use clarification.
- [ ] CI workflows should run on `push` to `branches: [ $default-branch ]` and `pull_request` to `branches: [ $default-branch ]`.
- [ ] Should be contained in a `.yml` file with the language or platform as its filename, in lower, [_kebab-cased_](https://en.wikipedia.org/wiki/Kebab_case) format (for example, [`docker-image.yml`](https://github.com/actions/starter-workflows/blob/main/ci/docker-image.yml)). Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").
- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
**For _CI_ workflows, the workflow:**
- [ ] Should be preserved under [the `ci` directory](https://github.com/actions/starter-workflows/tree/main/ci).
- [ ] Should include a matching `ci/properties/*.properties.json` file (for example, [`ci/properties/docker-publish.properties.json`](https://github.com/actions/starter-workflows/blob/main/ci/properties/docker-publish.properties.json)).
- [ ] Should run on `push` to `branches: [ $default-branch ]` and `pull_request` to `branches: [ $default-branch ]`.
- [ ] Packaging workflows should run on `release` with `types: [ created ]`.
- [ ] Code Scanning workflows should run on `push` to `branches: [ $default-branch, $protected-branches ]` and `pull_request` to `branches: [ $default-branch ]`. We also recommend a `schedule` trigger of `cron: $cron-weekly`.
- [ ] Publishing workflows should have a filename that is the name of the language or platform, in lower case, followed by "-publish" (for example, [`docker-publish.yml`](https://github.com/actions/starter-workflows/blob/main/ci/docker-publish.yml)).
Some general notes:
**For _Code Scanning_ workflows, the workflow:**
- [ ] This workflow must only use actions that are produced by GitHub, [in the `actions` organization](https://github.com/actions), **or**
- [ ] This workflow must only use actions that are produced by the language or ecosystem that the workflow supports. These actions must be [published to the GitHub Marketplace](https://github.com/marketplace?type=actions). We recommend that these actions be referenced using the full 40 character hash of the action's commit instead of a tag. Additionally, workflows must include the following comment at the top of the workflow file:
- [ ] Should be preserved under [the `code-scanning` directory](https://github.com/actions/starter-workflows/tree/main/ci).
- [ ] Should include a matching `code-scanning/properties/*.properties.json` file (for example, [`code-scanning/properties/codeql.properties.json`](https://github.com/actions/starter-workflows/blob/main/code-scanning/properties/codeql.properties.json)), with properties set as follows:
- [ ] `name`: Name of the Code Scanning integration.
- [ ] `organization`: Name of the organization producing the Code Scanning integration.
- [ ] `description`: Short description of the Code Scanning integration.
- [ ] `categories`: Array of languages supported by the Code Scanning integration.
- [ ] `iconName`: Name of the SVG logo representing the Code Scanning integration. This SVG logo must be present in [the `icons` directory](https://github.com/actions/starter-workflows/tree/main/icons).
- [ ] Should run on `push` to `branches: [ $default-branch, $protected-branches ]` and `pull_request` to `branches: [ $default-branch ]`. We also recommend a `schedule` trigger of `cron: $cron-weekly` (for example, [`codeql.yml`](https://github.com/actions/starter-workflows/blob/c59b62dee0eae1f9f368b7011cf05c2fc42cf084/code-scanning/codeql.yml#L14-L21)).
**Some general notes:**
- [ ] This workflow must _only_ use actions that are produced by GitHub, [in the `actions` organization](https://github.com/actions), **or**
- [ ] This workflow must _only_ use actions that are produced by the language or ecosystem that the workflow supports. These actions must be [published to the GitHub Marketplace](https://github.com/marketplace?type=actions). We require that these actions be referenced using the full 40 character hash of the action's commit instead of a tag. Additionally, workflows must include the following comment at the top of the workflow file:
```
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
+1 -1
View File
@@ -14,7 +14,7 @@ jobs:
git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*
git config user.email "cschleiden@github.com"
git config user.name "GitHub Actions"
- uses: actions/setup-node@v1
- uses: actions/setup-node@v2
with:
node-version: '12'
- name: Check starter workflows for GHES compat
+1 -1
View File
@@ -10,7 +10,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
- uses: actions/setup-node@v2
with:
node-version: "12"
+1 -1
View File
@@ -19,6 +19,6 @@ Before merging a new workflow, the following requirements need to be met:
- There are many programming languages and tools out there. Right now we don't have a page that allows for a really large number of workflows, so we do have to be a little choosy about what we accept. Less popular tools or languages might not be accepted.
- Automation and CI workflows should not send data to any 3rd party service except for the purposes of installing dependencies.
- Automation and CI workflows cannot be dependent on a paid service or product.
- We recommend that Actions outside of the `actions` organization be pinned to a specific SHA.
- We require that Actions outside of the `actions` organization be pinned to a specific SHA.
Thank you
+119
View File
@@ -0,0 +1,119 @@
# This workflow will build and push a new container image to Alibaba Cloud Container Registry (ACR),
# and then will deploy it to Alibaba Cloud Container Service for Kubernetes (ACK), when a release is created.
#
# To use this workflow, you will need to complete the following set-up steps:
#
# 1. Create an ACR repository to store your container images.
# You can use ACR EE instance for more security and better performance.
# For instructions see https://www.alibabacloud.com/help/doc-detail/142168.htm
#
# 2. Create an ACK cluster to run your containerized application.
# You can use ACK Pro cluster for more security and better performance.
# For instructions see https://www.alibabacloud.com/help/doc-detail/95108.htm
#
# 3. Store your AccessKey pair in GitHub Actions secrets named `ACCESS_KEY_ID` and `ACCESS_KEY_SECRET`.
# For instructions on setting up secrets see: https://developer.github.com/actions/managing-workflows/storing-secrets/
#
# 4. Change the values for the REGION_ID, REGISTRY, NAMESPACE, IMAGE, ACK_CLUSTER_ID, and ACK_DEPLOYMENT_NAME.
#
name: Build and Deploy to ACK
on:
release:
types: [created]
# Environment variables available to all jobs and steps in this workflow.
env:
REGION_ID: cn-hangzhou
REGISTRY: registry.cn-hangzhou.aliyuncs.com
NAMESPACE: namespace
IMAGE: repo
TAG: ${{ github.sha }}
ACK_CLUSTER_ID: clusterID
ACK_DEPLOYMENT_NAME: nginx-deployment
ACR_EE_REGISTRY: myregistry.cn-hangzhou.cr.aliyuncs.com
ACR_EE_INSTANCE_ID: instanceID
ACR_EE_NAMESPACE: namespace
ACR_EE_IMAGE: repo
ACR_EE_TAG: ${{ github.sha }}
jobs:
build:
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v2
# 1.1 Login to ACR
- name: Login to ACR with the AccessKey pair
uses: aliyun/acr-login@v1
with:
region-id: "${{ env.REGION_ID }}"
access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
# 1.2 Buid and push image to ACR
- name: Build and push image to ACR
run: |
docker build --tag "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" .
docker push "$REGISTRY/$NAMESPACE/$IMAGE:$TAG"
# 1.3 Scan image in ACR
- name: Scan image in ACR
uses: aliyun/acr-scan@v1
with:
region-id: "${{ env.REGION_ID }}"
access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
repository: "${{ env.NAMESPACE }}/${{ env.IMAGE }}"
tag: "${{ env.TAG }}"
# 2.1 (Optional) Login to ACR EE
- uses: actions/checkout@v2
- name: Login to ACR EE with the AccessKey pair
uses: aliyun/acr-login@v1
with:
login-server: "https://${{ env.ACR_EE_REGISTRY }}"
region-id: "${{ env.REGION_ID }}"
access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
instance-id: "${{ env.ACR_EE_INSTANCE_ID }}"
# 2.2 (Optional) Build and push image ACR EE
- name: Build and push image to ACR EE
run: |
docker build -t "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" .
docker push "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG"
# 2.3 (Optional) Scan image in ACR EE
- name: Scan image in ACR EE
uses: aliyun/acr-scan@v1
with:
region-id: "${{ env.REGION_ID }}"
access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
instance-id: "${{ env.ACR_EE_INSTANCE_ID }}"
repository: "${{ env.ACR_EE_NAMESPACE}}/${{ env.ACR_EE_IMAGE }}"
tag: "${{ env.ACR_EE_TAG }}"
# 3.1 Set ACK context
- name: Set K8s context
uses: aliyun/ack-set-context@v1
with:
access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
cluster-id: "${{ env.ACK_CLUSTER_ID }}"
# 3.2 Deploy the image to the ACK cluster
- name: Set up Kustomize
run: |-
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash /dev/stdin 3.8.6
- name: Deploy
run: |-
./kustomize edit set image REGISTRY/NAMESPACE/IMAGE:TAG=$REGISTRY/$NAMESPACE/$IMAGE:$TAG
./kustomize build . | kubectl apply -f -
kubectl rollout status deployment/$ACK_DEPLOYMENT_NAME
kubectl get services -o wide
+5 -3
View File
@@ -13,10 +13,12 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: set up JDK 1.8
uses: actions/setup-java@v1
- name: set up JDK 11
uses: actions/setup-java@v2
with:
java-version: 1.8
java-version: '11'
distribution: 'adopt'
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Build with Gradle
+4 -3
View File
@@ -16,9 +16,10 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: 1.8
java-version: '11'
distribution: 'adopt'
- name: Build with Ant
run: ant -noinput -buildfile build.xml
+2 -1
View File
@@ -33,6 +33,7 @@ jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
@@ -77,4 +78,4 @@ jobs:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: sample-app-service
cluster: default
wait-for-service-stability: true
wait-for-service-stability: true
+2 -1
View File
@@ -28,10 +28,11 @@ jobs:
build-and-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v2
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v1
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODE_VERSION }}
- name: npm install, build, and test
+10 -9
View File
@@ -1,3 +1,8 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Dart
on:
@@ -10,18 +15,14 @@ jobs:
build:
runs-on: ubuntu-latest
# Note that this workflow uses the latest stable version of the Dart SDK.
# Docker images for other release channels - like dev and beta - are also
# available. See https://hub.docker.com/r/google/dart/ for the available
# images.
container:
image: google/dart:latest
steps:
- uses: actions/checkout@v2
- name: Print Dart SDK version
run: dart --version
# Note: This workflow uses the latest stable version of the Dart SDK.
# You can specify other versions if desired, see documentation here:
# https://github.com/dart-lang/setup-dart/blob/main/README.md
# - uses: dart-lang/setup-dart@v1
- uses: dart-lang/setup-dart@9a04e6d73cca37bd455e0608d7e5092f881fd603
- name: Install dependencies
run: dart pub get
+1 -1
View File
@@ -71,7 +71,7 @@ jobs:
- name: Install .NET Core
uses: actions/setup-dotnet@v1
with:
dotnet-version: 3.1.101
dotnet-version: 5.0.x
# Add MSBuild to the PATH: https://github.com/microsoft/setup-msbuild
- name: Setup MSBuild.exe
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
- name: Setup .NET
uses: actions/setup-dotnet@v1
with:
dotnet-version: 3.1.301
dotnet-version: 5.0.x
- name: Restore dependencies
run: dotnet restore
- name: Build
+1 -1
View File
@@ -15,7 +15,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up Elixir
uses: actions/setup-elixir@v1
uses: erlef/setup-elixir@885971a72ed1f9240973bd92ab57af8c1aa68f24
with:
elixir-version: '1.10.3' # Define the elixir version [required]
otp-version: '22.3' # Define the OTP version [required]
+1
View File
@@ -27,6 +27,7 @@ jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
+5 -4
View File
@@ -1,5 +1,5 @@
# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
# For more information see: https://github.com/actions/setup-java#publishing-using-gradle
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
name: Gradle Package
@@ -14,10 +14,11 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: 1.8
java-version: '11'
distribution: 'adopt'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
+4 -3
View File
@@ -16,10 +16,11 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: 1.8
java-version: '11'
distribution: 'adopt'
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Build with Gradle
+1
View File
@@ -28,6 +28,7 @@ jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
+1 -1
View File
@@ -17,4 +17,4 @@ jobs:
run: |
docker run \
-v ${{ github.workspace }}:/srv/jekyll -v ${{ github.workspace }}/_site:/srv/jekyll/_site \
jekyll/builder:latest /bin/bash -c "chmod 777 /srv/jekyll && jekyll build --future"
jekyll/builder:latest /bin/bash -c "chmod -R 777 /srv/jekyll && jekyll build --future"
+6 -5
View File
@@ -1,5 +1,5 @@
# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created
# For more information see: https://github.com/actions/setup-java#apache-maven-with-a-settings-path
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path
name: Maven Package
@@ -14,10 +14,11 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: 1.8
java-version: '11'
distribution: 'adopt'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
@@ -27,4 +28,4 @@ jobs:
- name: Publish to GitHub Packages Apache Maven
run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml
env:
GITHUB_TOKEN: ${{ github.token }}
GITHUB_TOKEN: ${{ github.token }}
+4 -3
View File
@@ -16,9 +16,10 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: 1.8
java-version: '11'
distribution: 'adopt'
- name: Build with Maven
run: mvn -B package --file pom.xml
+1 -1
View File
@@ -22,7 +22,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
uses: actions/setup-node@v2
with:
node-version: ${{ matrix.node-version }}
- run: npm ci
+3 -3
View File
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
- uses: actions/setup-node@v2
with:
node-version: 12
- run: npm ci
@@ -23,7 +23,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
- uses: actions/setup-node@v2
with:
node-version: 12
registry-url: https://registry.npmjs.org/
@@ -37,7 +37,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
- uses: actions/setup-node@v2
with:
node-version: 12
registry-url: $registry-url(npm)
+56 -30
View File
@@ -27,6 +27,7 @@
# For a more sophisticated example, see https://github.com/redhat-actions/spring-petclinic/blob/main/.github/workflows/petclinic-sample.yaml
# Also see our GitHub organization, https://github.com/redhat-actions/
# ▶️ See a video of how to set up this workflow at https://www.youtube.com/watch?v=6hgBO-1pKho
name: OpenShift
@@ -63,9 +64,45 @@ on:
jobs:
openshift-ci-cd:
name: Build and deploy to OpenShift
runs-on: ubuntu-20.04
runs-on: ubuntu-18.04
environment: production
outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
steps:
- name: Check if secrets exists
uses: actions/github-script@v3
with:
script: |
const secrets = {
REGISTRY_PASSWORD: `${{ secrets.REGISTRY_PASSWORD }}`,
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
};
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
if (value.length === 0) {
core.warning(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`✅ All the required secrets are set`);
}
- uses: actions/checkout@v2
- name: Determine app name
@@ -80,12 +117,13 @@ jobs:
# https://github.com/redhat-actions/buildah-build#readme
- name: Build from Dockerfile
uses: redhat-actions/buildah-build@v1
id: image-build
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.APP_NAME }}
tag: ${{ env.TAG }}
tags: ${{ env.TAG }}
# If you don't have a dockerfile, see:
# https://github.com/redhat-actions/buildah-build#building-from-scratch
# https://github.com/redhat-actions/buildah-build#scratch-build-inputs
# Otherwise, point this to your Dockerfile relative to the repository root.
dockerfiles: |
./Dockerfile
@@ -93,10 +131,10 @@ jobs:
# https://github.com/redhat-actions/push-to-registry#readme
- name: Push to registry
id: push-to-registry
uses: redhat-actions/push-to-registry@v1
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ env.APP_NAME }}
tag: ${{ env.TAG }}
image: ${{ steps.image-build.outputs.image }}
tags: ${{ steps.image-build.outputs.tags }}
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
@@ -117,30 +155,15 @@ jobs:
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
# This step should create a deployment, service, and route to run your app and expose it to the internet.
# Feel free to replace this with 'oc apply', 'helm install', or however you like to deploy your app.
# https://github.com/redhat-actions/oc-new-app#readme
- name: Create and expose app
run: |
export IMAGE="${{ steps.push-to-registry.outputs.registry-path }}"
export PORT=${{ env.APP_PORT }}
export SELECTOR="app=${{ env.APP_NAME }}"
echo "SELECTOR=$SELECTOR" >> $GITHUB_ENV
set -x
# Take down any old deployment
oc delete all --selector="$SELECTOR"
oc new-app --name $APP_NAME --docker-image="$IMAGE"
# Make sure the app port is exposed
oc patch svc $APP_NAME -p "{ \"spec\": { \"ports\": [{ \"name\": \"$PORT-tcp\", \"port\": $PORT }] } }"
oc expose service $APP_NAME --port=$PORT
oc get all --selector="$SELECTOR"
set +x
export ROUTE="$(oc get route $APP_NAME -o jsonpath='{.spec.host}')"
echo "$APP_NAME is exposed at $ROUTE"
echo "ROUTE=$ROUTE" >> $GITHUB_ENV
id: deploy-and-expose
uses: redhat-actions/oc-new-app@v1
with:
app_name: ${{ env.APP_NAME }}
image: ${{ steps.push-to-registry.outputs.registry-path }}
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
port: ${{ env.APP_PORT }}
- name: View application route
run: |
@@ -150,3 +173,6 @@ jobs:
echo "==================================================================================="
echo
echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\""
env:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+2 -3
View File
@@ -15,7 +15,7 @@ jobs:
- uses: actions/checkout@v2
- name: Validate composer.json and composer.lock
run: composer validate
run: composer validate --strict
- name: Cache Composer packages
id: composer-cache
@@ -27,8 +27,7 @@ jobs:
${{ runner.os }}-php-
- name: Install dependencies
if: steps.composer-cache.outputs.cache-hit != 'true'
run: composer install --prefer-dist --no-progress --no-suggest
run: composer install --prefer-dist --no-progress
# Add a test script to composer.json, for instance: "test": "vendor/bin/phpunit"
# Docs: https://getcomposer.org/doc/articles/scripts.md
@@ -0,0 +1,7 @@
{
"name": "Deploy to Alibaba Cloud ACK",
"description": "Deploy a container to Alibaba Cloud Container Service for Kubernetes (ACK).",
"creator": "Alibaba Cloud",
"iconName": "alibabacloud",
"categories": null
}
+1 -1
View File
@@ -1,4 +1,4 @@
# This workflows will upload a Python Package using Twine when a release is created
# This workflow will upload a Python Package using Twine when a release is created
# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
name: Upload Python Package
+4 -3
View File
@@ -13,9 +13,10 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up JDK 1.8
uses: actions/setup-java@v1
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: 1.8
java-version: '11'
distribution: 'adopt'
- name: Run tests
run: sbt test
+1
View File
@@ -30,6 +30,7 @@ jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
+1
View File
@@ -54,6 +54,7 @@ jobs:
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
environment: production
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
+1 -2
View File
@@ -1,4 +1,3 @@
# Code Scanning Workflows
GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. Before you can configure code scanning for a repository, you must enable code scanning by adding a GitHub Actions workflow to the repository. For more information, see [Enabling Code Scanning for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository).
GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. Before you can configure code scanning for a repository, you must enable code scanning by adding a GitHub Actions workflow to the repository. For more information, see [Setting up code scanning for a repository](https://docs.github.com/en/code-security/secure-coding/setting-up-code-scanning-for-a-repository).
+37
View File
@@ -0,0 +1,37 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Kubesec
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
lint:
name: Kubesec
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run kubesec scanner
uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14
with:
input: file.yaml # specify configuration file to scan here
format: template
template: template/sarif.tpl
output: kubesec-results.sarif
exit-code: "0"
- name: Upload Kubesec scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: kubesec-results.sarif
+62
View File
@@ -0,0 +1,62 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# This workflow starts your API and fuzzes it with ForAllSecure Mayhem for API
# to find reliability, performance and security issues before they reach
# production.
#
# To use this workflow, you will need to:
#
# 1. Create a Mayhem for API account at
# https://mayhem4api.forallsecure.com/signup (30-day free trial)
#
# 2. Create a service account token `mapi organization service-account create
# <org-name> <service-account-name>`
#
# 3. Add the service account token as a secret in GitHub called "MAPI_TOKEN"
#
# 4. Update the "Start your API" step to run your API in the background before
# starting the Mayhem for API scan, and update the `api-url` & `api-spec`
# field.
#
# If you have any questions, please contact us at mayhem4api@forallsecure.com
name: "Mayhem for API"
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
jobs:
mayhem-for-api:
name: Mayhem for API
# Mayhem for API runs on linux, mac and windows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# Run your API in the background. Ideally, the API would run in debug
# mode & send stacktraces back on "500 Internal Server Error" responses
# (don't do this in production though!)
- name: Start your API
run: ./run_your_api.sh & # <- ✏️ update this
- name: Mayhem for API
uses: ForAllSecure/mapi-action@193b709971cc377675e33284aecbf9229853e010
continue-on-error: true
with:
mapi-token: ${{ secrets.MAPI_TOKEN }}
api-url: http://localhost:8080 # <- ✏️ update this
api-spec: http://localhost:8080/openapi.json # <- ✏️ update this
duration: 60
sarif-report: mapi.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: mapi.sarif
@@ -0,0 +1,7 @@
{
"name": "Kubesec",
"creator": "Controlplane",
"description": "Security risk analysis for Kubernetes resources. Submit pod-types (such as deployment, cronjob) to receive an itemised security risk score.",
"iconName": "kubesec",
"categories": ["Code Scanning"]
}
@@ -0,0 +1,7 @@
{
"name": "Mayhem for API",
"creator": "ForAllSecure",
"description": "Automatically test your REST APIs with your OpenAPI specs and Postman collections.",
"iconName": "mayhem-for-api",
"categories": ["Code Scanning", "C#", "Go", "Java", "Scala", "JavaScript", "TypeScript", "Ruby", "PHP", "Swift", "Kotlin" , "Python", "Rust", "Objective C"]
}
@@ -0,0 +1,7 @@
{
"name": "Synopsys Intelligent Security Scan Action",
"creator": "Synopsys",
"description": "The Synopsys Intelligent Security Scan Action helps selectively perform SAST and SCA scans, triggered during a variety of GitHub Platform events",
"iconName": "synopsys-io",
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "Ruby", "PHP", "Swift", "Kotlin" , "Python", "VB.NET", "Objective C"]
}
@@ -0,0 +1,7 @@
{
"name": "tfsec",
"creator": "tfsec",
"description": "A static analysis security scanner for your Terraform code. Discover problems with your infrastructure before hackers do.",
"iconName": "tfsec",
"categories": ["Code Scanning", "HCL"]
}
+73
View File
@@ -0,0 +1,73 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Synopsys Intelligent Security Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Synopsys Intelligent Security Scan
id: prescription
uses: synopsys-sig/intelligent-security-scan@48eedfcd42bc342a294dc495ac452797b2d9ff08
with:
ioServerUrl: ${{secrets.IO_SERVER_URL}}
ioServerToken: ${{secrets.IO_SERVER_TOKEN}}
workflowServerUrl: ${{secrets.WORKFLOW_SERVER_URL}}
additionalWorkflowArgs: --polaris.url=${{secrets.POLARIS_SERVER_URL}} --polaris.token=${{secrets.POLARIS_ACCESS_TOKEN}}
stage: "IO"
# Please note that the ID in previous step was set to prescription
# in order for this logic to work also make sure that POLARIS_ACCESS_TOKEN
# is defined in settings
- name: Static Analysis with Polaris
if: ${{steps.prescription.outputs.sastScan == 'true' }}
run: |
export POLARIS_SERVER_URL=${{ secrets.POLARIS_SERVER_URL}}
export POLARIS_ACCESS_TOKEN=${{ secrets.POLARIS_ACCESS_TOKEN}}
wget -q ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
unzip -j polaris_cli-linux64.zip -d /tmp
/tmp/polaris analyze -w
# Please note that the ID in previous step was set to prescription
# in order for this logic to work
- name: Software Composition Analysis with Black Duck
if: ${{steps.prescription.outputs.scaScan == 'true' }}
uses: blackducksoftware/github-action@9ea442b34409737f64743781e9adc71fd8e17d38
with:
args: '--blackduck.url="${{ secrets.BLACKDUCK_URL}}" --blackduck.api.token="${{ secrets.BLACKDUCK_TOKEN}}" --detect.tools="SIGNATURE_SCAN,DETECTOR"'
- name: Synopsys Intelligent Security Scan
if: ${{ steps.prescription.outputs.sastScan == 'true' || steps.prescription.outputs.scaScan == 'true' }}
uses: synopsys-sig/intelligent-security-scan@48eedfcd42bc342a294dc495ac452797b2d9ff08
with:
ioServerUrl: ${{secrets.IO_SERVER_URL}}
ioServerToken: ${{secrets.IO_SERVER_TOKEN}}
workflowServerUrl: ${{secrets.WORKFLOW_SERVER_URL}}
additionalWorkflowArgs: --IS_SAST_ENABLED=${{steps.prescription.outputs.sastScan}} --IS_SCA_ENABLED=${{steps.prescription.outputs.scaScan}}
--polaris.project.name={{PROJECT_NAME}} --polaris.url=${{secrets.POLARIS_SERVER_URL}} --polaris.token=${{secrets.POLARIS_ACCESS_TOKEN}}
--blackduck.project.name={{PROJECT_NAME}}:{{PROJECT_VERSION}} --blackduck.url=${{secrets.BLACKDUCK_URL}} --blackduck.api.token=${{secrets.BLACKDUCK_TOKEN}}
stage: "WORKFLOW"
- name: Upload SARIF file
if: ${{steps.prescription.outputs.sastScan == 'true' }}
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: workflowengine-results.sarif.json
+35
View File
@@ -0,0 +1,35 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: tfsec
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
tfsec:
name: Run tfsec sarif report
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v2
- name: Run tfsec
uses: tfsec/tfsec-sarif-action@2ec44316ed27c50d48c931c3c628adc4c8bb1d2b
with:
sarif_file: tfsec.sarif
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: tfsec.sarif
+1
View File
@@ -0,0 +1 @@
<svg id="图层_1" data-name="图层 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 113.39 113.39"><defs><style>.cls-1{fill:#fff;}.cls-2{fill:#ff6a00;}</style></defs><title>AlibabacloudLogoGithub</title><circle class="cls-1" cx="56.69" cy="56.69" r="56.69"/><rect class="cls-2" x="45.85" y="54.14" width="21.69" height="4.89"/><path class="cls-2" d="M78.4,36.4H64.05l3.47,4.9L78,44.5a4.54,4.54,0,0,1,3.16,4.35h0V64.53h0A4.52,4.52,0,0,1,78,68.88L67.52,72.09,64.05,77H78.4A10.84,10.84,0,0,0,89.24,66.15V47.24A10.84,10.84,0,0,0,78.4,36.4Z"/><path class="cls-2" d="M35,36.4H49.33l-3.46,4.9L35.41,44.5a4.52,4.52,0,0,0-3.16,4.35h0V64.53h0a4.51,4.51,0,0,0,3.16,4.34l10.46,3.21L49.33,77H35A10.84,10.84,0,0,1,24.14,66.15V47.24A10.84,10.84,0,0,1,35,36.4Z"/></svg>

After

Width:  |  Height:  |  Size: 757 B

+16
View File
@@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="102.6mm" height="105.4mm" version="1.1" viewBox="0 0 102.6 105.4" xmlns="http://www.w3.org/2000/svg" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:osb="http://www.openswatchbook.org/uri/2009/osb" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<metadata>
<rdf:RDF>
<cc:Work rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/>
<dc:title/>
</cc:Work>
</rdf:RDF>
</metadata>
<g transform="translate(-50.967 -30.906)">
<path d="m101.74 41.445c11.826 0.01564 23.073 3.1361 37.019 10.269l5.6861 2.9077-0.24238 8.4066c-0.2839 9.8679-1.2803 16.025-3.8329 23.68-5.6462 16.933-17.273 30.457-33.388 38.837-2.2805 1.1858-4.5913 2.1529-5.1352 2.1481-1.2751-0.0104-8.1186-3.6468-12.544-6.6638-4.7195-3.2176-13.441-12.032-16.759-16.938-6.9486-10.274-10.793-21.477-12.039-35.085-0.58097-6.3429-0.60007-12.393-0.043-13.858 0.57794-1.52 12.422-7.3891 19.882-9.853 9.2004-3.0383 13.768-3.8609 21.396-3.8504z" fill="#fff" style="paint-order:normal"/>
<path d="m100.51 35.615c-0.56302 0.0073-1.0474 0.02883-1.4114 0.06599-12.365 1.2633-22.017 4.0644-33.066 9.5944-7.3296 3.6685-10.788 5.9223-11.12 7.247-0.53129 2.1169 0.15376 19.668 0.936 23.987 1.0599 5.8523 3.3498 13.599 5.4517 18.44 6.8196 15.707 19.767 29.222 34.938 36.472 2.3016 1.0998 4.7802 2.0006 5.5083 2.0026 1.7407 6e-3 7.0294-2.3296 11.786-5.2026 18.332-11.073 30.627-28.781 34.724-50.014 1.2562-6.5098 1.9551-16.009 1.5851-21.536-0.37868-5.6568-0.36327-5.6383-8.42-9.8072-12.032-6.2257-23.37-9.795-34.819-10.96-2.0024-0.20375-4.4024-0.31132-6.0915-0.28955zm1.2363 5.8302c11.826 0.01564 23.073 3.1361 37.019 10.269l5.6861 2.9077-0.24238 8.4066c-0.2839 9.8679-1.2803 16.025-3.8329 23.68-5.6462 16.933-17.273 30.457-33.388 38.837-2.2805 1.1858-4.5913 2.1529-5.1352 2.1481-1.2751-0.0104-8.1186-3.6468-12.544-6.6638-4.7195-3.2176-13.441-12.032-16.759-16.938-6.9486-10.274-10.793-21.477-12.039-35.085-0.58097-6.3429-0.60007-12.393-0.043-13.858 0.57794-1.52 12.422-7.3891 19.882-9.853 9.2004-3.0383 13.768-3.8609 21.396-3.8504zm-0.57371 7.9541c-0.55416-0.0078-1.1056-0.0052-1.6539 0.0052-3.9868 0.08339-7.8101 0.6874-11.384 1.8235-2.1838 0.6942-4.093 1.0503-5.7049 1.072-0.54764-0.25801-1.1455-0.39178-1.7508-0.39192-2.27 2.09e-4 -4.1102 1.8403-4.1104 4.1103 2.08e-4 2.27 1.8403 4.1102 4.1104 4.1104 2.2595-1.57e-4 4.1058-2.2285 4.1208-4.488 0.54593-0.26458 0.90692-0.5515 2.7666-1.155 4.9354-1.6017 7.9009-1.9399 14.743-1.6794 4.9325 0.18764 7.5084 0.51548 10.691 1.3576 5.6895 1.5055 13.346 4.6278 16.664 6.7958 0.97297 0.63588 0.89747 0.71234-3.2134 3.2444l-4.21 2.5925-3.406-1.7104c-11.357-5.7039-20.995-5.854-32.201-0.501l-4.5278 2.1629-5.5554-3.309c-3.3518-1.996-5.9337-3.2548-6.5076-3.173-0.93092 0.13265-0.95078 0.28788-0.91177 7.1972 0.04274 7.5677 0.95506 12.725 3.3993 19.216 3.0717 8.0032 6.6136 12.89 12.338 19.477 1.9155 1.937 2.771 3.0306 3.2418 3.7339-5e-3 0.0771 0.0081 0.36776 0.0081 0.44517 2.1e-4 2.27 1.8403 4.1102 4.1103 4.1104 2.27-2e-4 4.1102-1.8404 4.1104-4.1104 5.3e-4 -2.2705-1.8398-4.1115-4.1104-4.1117-0.69123 2.6e-4 -1.4768 0.29931-2.0827 0.63217-0.69092-0.34948-1.3424-0.88458-3.2734-2.8907-9.0198-9.3708-14.148-21.315-14.782-34.433l-0.26262-5.4329 4.478 2.7057 4.4794 2.7043v3.4612c0 12.963 6.834 24.651 17.822 30.48l2.0363 1.0815v6.4726c0 6.6073 0.12874 6.5878 0.55216 6.6962 0.45085 0.11547 1.1882 0.32293 3.0963-0.6505 7.4839-3.818 17.047-12.316 21.82-19.389 1.2192-1.8068 3.0501-4.9424 4.0686-6.9682 2.1109-4.3687 3.4196-9.9926 5.4463-14.06 1.3176-0.72105 2.1371-2.1033 2.1373-3.6053-2e-4 -2.27-1.8403-4.1101-4.1104-4.1103-2.2705-5.3e-4 -4.1115 1.8398-4.1117 4.1103 5.3e-4 1.2443 0.56453 2.4213 1.534 3.2013l0.82364 0.57991-1.0667 3.6942c-2.5118 8.6991-6.8719 16.088-14.24 23.374-4.4674 4.4175-9.863 8.6484-12.149 9.5257-0.62639 0.24028-0.71109-0.28259-0.71109-4.3824v-4.6558l2.5871-1.3778c3.5912-1.9141 7.9924-5.6745 10.463-8.9399 4.2408-5.6049 6.5049-12.109 7.0504-20.251l0.30706-4.6019 5.3521-3.3265c3.5898-2.2312 5.3958-3.6183 5.484-4.2127 0.1608-1.0829-1.5738-2.2923-7.6793-5.3561-8.8544-4.4433-17.812-6.7755-26.125-6.8982zm1.1892 14.349c2.1491 0.02971 4.2905 0.32012 6.4457 0.86733 2.8862 0.73095 5.923 1.3927 8.7756 3.204l3.4787 1.6808-0.30572 4.2774c-0.68768 9.6499-3.1519 15.457-9.0301 21.284-2.357 2.3367-4.8301 4.3078-6.5103 5.1864-1.4903 0.77936-2.8839 1.4168-3.0963 1.4168-0.21241 0-1.1768-0.42298-2.144-0.94006-10.096-5.3968-16.439-16.481-16.012-27.979l0.13057-3.5178 3.7764-1.872c5.0023-2.4796 9.7634-3.6732 14.491-3.608zm0.0497 6.8174c-2.4724 2.9e-5 -4.4766 2.0043-4.4767 4.4767 2.7e-4 1.8948 1.1934 3.5842 2.9791 4.2181l-2.4161 10.652 7.7359-0.07662-1.9824-10.712c1.6049-0.72345 2.6368-2.3203 2.637-4.0807-3e-5 -2.4724-2.0043-4.4766-4.4767-4.4767z" stroke="#fff" stroke-width=".441" style="paint-order:normal"/>
</g>
</svg>

After

Width:  |  Height:  |  Size: 4.8 KiB

+19
View File
@@ -0,0 +1,19 @@
<svg width="75" height="76" viewBox="0 0 75 76" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M37.2411 0.878906C16.7411 0.878906 0.121094 17.4989 0.121094 37.9989C0.121094 58.4989 16.7411 75.1189 37.2411 75.1189C57.7411 75.1189 74.3611 58.4989 74.3611 37.9989C74.3611 17.4989 57.7411 0.878906 37.2411 0.878906ZM10.8911 52.7989H8.94109L19.7111 23.9889H21.6611L10.8911 52.7989ZM41.5211 52.7989H36.0711L25.3011 23.8489H30.7511L37.3711 41.7589L43.9911 23.9789H45.9411L38.4111 44.3589L41.5211 52.7989ZM60.9911 52.7989L50.2211 23.8489H55.6711L66.4411 52.7889H60.9911V52.7989Z" fill="url(#paint0_linear)"/>
<path d="M50.2227 23.8477L60.9927 52.7977H66.4427L55.6727 23.8477H50.2227Z" fill="white"/>
<path d="M8.94141 52.8005H10.8914L21.6614 23.9805H19.7114L8.94141 52.8005Z" fill="white"/>
<path d="M30.7508 23.8477H25.3008L36.0708 52.7977H41.5208L38.4108 44.3577L37.3708 41.7677L30.7508 23.8477Z" fill="white"/>
<path d="M43.9911 23.9805L37.3711 41.7705L38.4111 44.3605L45.9311 23.9805H43.9911Z" fill="white"/>
<defs>
<linearGradient id="paint0_linear" x1="-67.5437" y1="-66.7809" x2="59.5353" y2="60.2982" gradientUnits="userSpaceOnUse">
<stop stop-color="#4029B7"/>
<stop offset="0.1093" stop-color="#4C2AAF"/>
<stop offset="0.3056" stop-color="#6B2E9B"/>
<stop offset="0.5643" stop-color="#9D3379"/>
<stop offset="0.6993" stop-color="#BA3666"/>
<stop offset="0.7816" stop-color="#D13957"/>
<stop offset="0.9026" stop-color="#EE3C44"/>
<stop offset="0.9719" stop-color="#F93D3D"/>
</linearGradient>
</defs>
</svg>

After

Width:  |  Height:  |  Size: 1.5 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 55 KiB

+36
View File
@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
viewBox="0 0 120 120"
height="180"
width="180"
xml:space="preserve"
id="svg2"
version="1.1"><metadata
id="metadata8"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
id="defs6" /><g
transform="matrix(1.3,0,0,-1.3,0,117.3)"
id="g10"><g
transform="scale(0.1)"
id="g12"><path
id="path16"
style="fill: #7247cf; fill-rule: evenodd; stroke: none; fill-opacity: 1"
d="M 28.7 626.7 C 138 678.6 234.1 712.5 325.2 729.1 c 24.3 4.4 48.3 7.6 72.2 9.6 v -0.4 v -71.9 v -0.2 v -41.9 v -41.9 c 15.8 12.8 36 20.5 58 20.5 c 22 0 42.1 -7.7 58 -20.5 v 41.9 v 41.8 v 0.3 v 71.8 v 0.5 c 23.9 -2 47.9 -5.2 72.2 -9.7 c 92.1 -16.9 187.9 -51.2 296.4 -102.4 c 4.5 37.7 6.7 75.4 6.7 112.8 c -111.3 52.9 -209.1 88.4 -303.1 105.6 c -24.2 4.4 -48.2 7.7 -72.2 9.7 c -38.6 3.2 -77 3.2 -115.9 0 c -23.8 -2 -47.8 -5.2 -72.2 -9.6 C 232.2 828.1 134.2 793.2 22.1 739.5 c 0 -37.7 2.2 -75.4 6.6 -112.8" /><path
id="path18"
style="fill: #7247cf; fill-rule: evenodd; stroke: none; fill-opacity: 1"
d="M 140.8 288.7 l -0.1 1.2 c 0 -0.4 0.1 -0.8 0.1 -1.2 z m 518.8 42.2 c -21.7 -34.1 -46.4 -66.4 -74.1 -96.3 c -22.1 -23.9 -46.2 -46.3 -72.2 -67 c -18.4 -14.7 -37.7 -28.5 -58 -41.5 c -20.3 12.9 -39.6 26.7 -57.9 41.3 c -26 20.7 -50 43 -72.2 66.7 c -28.1 30.1 -53 62.6 -74.8 97 c 25.6 8 50.4 14.6 74.8 19.8 v 116.7 c -41 -8.2 -83.1 -20.2 -127.3 -36 c -16 -5.7 -32.2 -12 -48.8 -18.7 c -8.8 -3.6 -17.6 -7.2 -26.5 -11.1 L 91.4 388.2 L 95.9 376.4 c 13.1 -29.9 28 -59.2 44.9 -87.7 c 25.8 -43.6 56 -85.2 90.9 -124 l 0.4 -0.6 c 5 -5.5 10 -11 15.2 -16.4 c 24 -25.1 50 -48.8 78 -71.1 c 22.7 -18 46.7 -35.1 72.2 -51 c 18.6 -11.7 37.9 -22.7 58 -33.2 c 20.1 10.5 39.4 21.5 58 33.2 c 25.5 16 49.5 33.1 72.2 51.1 c 27.6 22 53.1 45.4 76.7 70 c 5.1 5.3 10.1 10.7 15 16.1 c 35.5 39.3 66.3 81.5 92.4 125.7 c 16.8 28.5 31.8 57.8 44.9 87.7 l 4.5 11.8 l -5.9 2.5 l -0.4 0.2 l -0.4 0.2 l -0.4 0.2 l -0.4 0.2 c -7.9 3.5 -15.7 6.9 -23.5 10.2 c -8.9 3.8 -17.7 7.5 -26.4 11 c -16.7 6.7 -33 13 -49.1 18.7 c -3.6 1.3 -7.2 2.6 -10.8 3.8 v 75.9 c 11.8 -3.8 23.6 -7.9 35.6 -12.2 c 34.6 -12.4 70.3 -27 107.4 -43.6 c 11.1 34.1 20 68.8 26.8 103.7 c -37.8 17.6 -74 33.1 -109.1 46.5 c -20.6 7.9 -40.8 15 -60.7 21.5 c -39.7 12.8 -78.1 22.7 -115.9 29.7 V 540.7 V 467.3 V 350.5 c 24.2 -5.2 48.8 -11.7 74.1 -19.7 z m 110.1 -41.1 l 0 -0.1 l 0 -0.1 v -0.1 l 0 -0.1 l 0 -0.1 v -0.1 l 0 -0.1 l 0 -0.1 l 0 -0.1 l 0 -0.1 v 0 v -0.1 l 0 -0.1 l 0 -0.1 v -0.1 l 0 -0.1 l 0 -0.1 z m 0 -0.5 v 0 l 0 -0.1 z m -33.1 14.2 c 4.7 -1.9 9.5 -3.8 14.3 -5.7 z M 159.6 297.9 c 4.9 2 9.7 4 14.6 5.9 l -14.6 -5.9" /><path
id="path20"
style="fill: #7247cf; fill-rule: evenodd; stroke: none; fill-opacity: 1"
d="M 65.6 456 c 37.2 16.7 73 31.2 107.5 43.6 c 53 18.9 103.3 32.7 152.1 41.6 v 115.9 C 268.8 646.8 210.5 629.9 148.3 606.2 C 113.2 592.9 76.9 577.4 39 559.7 C 45.8 524.6 54.6 489.9 65.6 456" /><path
id="path22"
style="fill: #7247cf; fill-rule: evenodd; stroke: none; fill-opacity: 1"
d="M 518.9 510.7 c 0 35.1 -28.5 63.6 -63.6 63.6 c -35.1 0 -63.6 -28.5 -63.6 -63.6 c 0 -26.5 16.2 -49.2 39.3 -58.8 L 410.8 275.3 h 89.1 l -20.2 176.6 c 23.1 9.6 39.3 32.3 39.3 58.8" /><path
id="path24"
style="fill: #7247cf; fill-rule: evenodd; stroke: none; fill-opacity: 1"
d="M 65.6 456 c 37.2 16.7 73 31.2 107.5 43.6 c 53 18.9 103.3 32.7 152.1 41.6 v 115.9 C 268.8 646.8 210.5 629.9 148.3 606.2 C 113.2 592.9 76.9 577.4 39 559.7 C 45.8 524.6 54.6 489.9 65.6 456" /></g></g></svg>

After

Width:  |  Height:  |  Size: 3.9 KiB