Merge branch 'main' into main
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
name: 'Auto Assign'
|
||||
on:
|
||||
pull_request:
|
||||
pull_request_target:
|
||||
types: [opened, ready_for_review]
|
||||
|
||||
jobs:
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
* @actions/starter-workflows
|
||||
|
||||
/code-scanning/ @actions/advanced-security-code-scanning @actions/starter-workflows
|
||||
/pages/ @actions/pages @actions/starter-workflows
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow checks out code, builds an image, performs a container image
|
||||
# scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency
|
||||
# submission API.
|
||||
|
||||
# For more information on the Anchore sbom-action usage
|
||||
# and parameters, see https://github.com/anchore/sbom-action. For more
|
||||
# information about the Anchore SBOM tool, Syft, see
|
||||
# https://github.com/anchore/syft
|
||||
name: Anchore Syft SBOM scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
Anchore-Build-Scan:
|
||||
permissions:
|
||||
contents: write # required to upload to the Dependency submission API
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout the code
|
||||
uses: actions/checkout@v3
|
||||
- name: Build the Docker image
|
||||
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
|
||||
- name: Scan the image and upload dependency results
|
||||
uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a
|
||||
with:
|
||||
image: "localbuild/testimage:latest"
|
||||
artifact-name: image.spdx.json
|
||||
dependency-snapshot: true
|
||||
@@ -31,7 +31,7 @@ jobs:
|
||||
- name: Scan code
|
||||
uses: clj-holmes/clj-holmes-action@200d2d03900917d7eb3c24fc691ab83579a87fcb
|
||||
with:
|
||||
rules-repository: 'git://org/private-rules-repo#main'
|
||||
# rules-repository: 'git://org/private-rules-repo#main'
|
||||
output-type: 'sarif'
|
||||
output-file: 'clj-holmes-results.sarif'
|
||||
fail-on-result: 'false'
|
||||
@@ -40,4 +40,4 @@ jobs:
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: ${{github.workspace}}/clj-holmes-results.sarif
|
||||
ait-for-processing: true
|
||||
wait-for-processing: true
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Anchore Syft SBOM Scan",
|
||||
"organization": "Anchore",
|
||||
"description": "Produce Software Bills of Materials based on Anchore's open source Syft tool.",
|
||||
"iconName": "anchore",
|
||||
"categories": ["Code Scanning", "dockerfile", "dependency-management"]
|
||||
}
|
||||
@@ -44,6 +44,10 @@ jobs:
|
||||
id: pages
|
||||
uses: actions/configure-pages@v1
|
||||
- name: Build with Hugo
|
||||
env:
|
||||
# For maximum backward compatibility with Hugo modules
|
||||
HUGO_ENVIRONMENT: production
|
||||
HUGO_ENV: production
|
||||
run: |
|
||||
hugo \
|
||||
--minify \
|
||||
|
||||
+1
-1
@@ -39,4 +39,4 @@ jobs:
|
||||
path: '.'
|
||||
- name: Deploy to GitHub Pages
|
||||
id: deployment
|
||||
uses: actions/deploy-pages@main
|
||||
uses: actions/deploy-pages@v1
|
||||
|
||||
Reference in New Issue
Block a user