From aa797da6b2edcd9760ce0321c2e7b7f872d08c06 Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Wed, 10 Aug 2022 18:19:19 +0530 Subject: [PATCH 1/8] Fix PR assign --- .github/workflows/auto-assign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml index 4dcc612..d7161b1 100644 --- a/.github/workflows/auto-assign.yml +++ b/.github/workflows/auto-assign.yml @@ -1,6 +1,6 @@ name: 'Auto Assign' on: - pull_request: + pull_request_target: types: [opened, ready_for_review] jobs: From 9bdc3e7253235498a505f21e37662dcfa54de969 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 11 Aug 2022 03:05:57 +0900 Subject: [PATCH 2/8] Refer actions/deploy-pages stable tag in pages/static --- pages/static.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/static.yml b/pages/static.yml index bd753e9..350b2c8 100644 --- a/pages/static.yml +++ b/pages/static.yml @@ -39,4 +39,4 @@ jobs: path: '.' - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@main + uses: actions/deploy-pages@v1 From b206471e4d771114db07fd56357db8f2ae20a8d2 Mon Sep 17 00:00:00 2001 From: Dylan Rinker Date: Tue, 16 Aug 2022 09:24:41 -0400 Subject: [PATCH 3/8] Update clj-holes.yml - Fixed a typo in the upload-sarif@v1 action - Commented out the rules-repository. The template will now default to rules in git://clj-holmes/clj-holmes-rules#main, but the format is preserved. --- code-scanning/clj-holmes.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/clj-holmes.yml b/code-scanning/clj-holmes.yml index 4150cbb..3cfde14 100644 --- a/code-scanning/clj-holmes.yml +++ b/code-scanning/clj-holmes.yml @@ -31,7 +31,7 @@ jobs: - name: Scan code uses: clj-holmes/clj-holmes-action@200d2d03900917d7eb3c24fc691ab83579a87fcb with: - rules-repository: 'git://org/private-rules-repo#main' + # rules-repository: 'git://org/private-rules-repo#main' output-type: 'sarif' output-file: 'clj-holmes-results.sarif' fail-on-result: 'false' @@ -40,4 +40,4 @@ jobs: uses: github/codeql-action/upload-sarif@v1 with: sarif_file: ${{github.workspace}}/clj-holmes-results.sarif - ait-for-processing: true \ No newline at end of file + wait-for-processing: true From 65d796c94f140568865b90066331e52031cd8a8d Mon Sep 17 00:00:00 2001 From: Keith Zantow Date: Tue, 16 Aug 2022 12:47:02 -0400 Subject: [PATCH 4/8] Add Anchore Syft SBOM scan workflow --- code-scanning/anchore-syft.yml | 38 +++++++++++++++++++ .../properties/anchore-syft.properties.json | 7 ++++ 2 files changed, 45 insertions(+) create mode 100644 code-scanning/anchore-syft.yml create mode 100644 code-scanning/properties/anchore-syft.properties.json diff --git a/code-scanning/anchore-syft.yml b/code-scanning/anchore-syft.yml new file mode 100644 index 0000000..8180622 --- /dev/null +++ b/code-scanning/anchore-syft.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow checks out code, builds an image, performs a container image +# scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency +# submission API. + +# For more information on the Anchore sbom-action usage +# and parameters, see https://github.com/anchore/sbom-action. For more +# information about the Anchore SBOM tool, Syft, see +# https://github.com/anchore/syft +name: Anchore Syft SBOM scan + +on: + push: + branches: [ $default-branch, $protected-branches ] + +permissions: + contents: write + +jobs: + Anchore-Build-Scan: + permissions: + contents: write # required to upload to the Dependency submission API + runs-on: ubuntu-latest + steps: + - name: Checkout the code + uses: actions/checkout@v3 + - name: Build the Docker image + run: docker build . --file Dockerfile --tag localbuild/testimage:latest + - name: Scan the image and upload dependency results + uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a + with: + image: "localbuild/testimage:latest" + artifact-name: image.spdx.json + dependency-snapshot: true diff --git a/code-scanning/properties/anchore-syft.properties.json b/code-scanning/properties/anchore-syft.properties.json new file mode 100644 index 0000000..815f8b2 --- /dev/null +++ b/code-scanning/properties/anchore-syft.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Anchore Syft SBOM Scan", + "organization": "Anchore", + "description": "Produce Software Bills of Materials based on Anchore's open source Syft tool.", + "iconName": "anchore", + "categories": ["Code Scanning", "dockerfile", "dependency-management"] +} From dc77db1892c77df0137f5391f7fa318d7b26b283 Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Thu, 18 Aug 2022 12:49:49 +0530 Subject: [PATCH 5/8] Update CODEOWNERS to have pages team --- CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/CODEOWNERS b/CODEOWNERS index 91153de..0a7c0a5 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,3 +1,4 @@ * @actions/starter-workflows /code-scanning/ @actions/advanced-security-code-scanning @actions/starter-workflows +/pages/ @actions/pages @actions/starter-workflows From c7c674d47ef76ecbbd6d0c3a12934d31b2094be3 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Fri, 19 Aug 2022 11:28:44 -0500 Subject: [PATCH 6/8] Pages: Explicitly set Hugo environment as production --- pages/hugo.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/pages/hugo.yml b/pages/hugo.yml index 07b2b85..ea705f3 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -46,6 +46,7 @@ jobs: - name: Build with Hugo run: | hugo \ + --environment production --minify \ --baseURL ${{ steps.pages.outputs.base_url }} - name: Upload artifact From 0d3c129311ae22b406e99c27395a9a450b04076d Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Mon, 22 Aug 2022 14:37:34 -0500 Subject: [PATCH 7/8] Add missing backslash for multi-line continuation Co-authored-by: Yoann Chaudet --- pages/hugo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index ea705f3..5ab13b0 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -46,7 +46,7 @@ jobs: - name: Build with Hugo run: | hugo \ - --environment production + --environment production \ --minify \ --baseURL ${{ steps.pages.outputs.base_url }} - name: Upload artifact From 709400e808d401c345db341aa93fa473f91c8f85 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Mon, 22 Aug 2022 16:13:12 -0500 Subject: [PATCH 8/8] Set HUGO_ENV* env vars instead of CLI flag Reverts https://github.com/actions/starter-workflows/pull/1689 Fixes https://github.com/actions/starter-workflows/issues/1683 --- pages/hugo.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index 5ab13b0..da2f462 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -44,9 +44,12 @@ jobs: id: pages uses: actions/configure-pages@v1 - name: Build with Hugo + env: + # For maximum backward compatibility with Hugo modules + HUGO_ENVIRONMENT: production + HUGO_ENV: production run: | hugo \ - --environment production \ --minify \ --baseURL ${{ steps.pages.outputs.base_url }} - name: Upload artifact