Merge branch 'main' into patch-1
@@ -0,0 +1,17 @@
|
||||
# Set to true to add reviewers to pull requests
|
||||
addReviewers: true
|
||||
|
||||
# Set to true to add assignees to pull requests
|
||||
addAssignees: false
|
||||
|
||||
# A list of reviewers to be added to pull requests (GitHub user name)
|
||||
reviewers:
|
||||
- phantsure
|
||||
- anuragc617
|
||||
- tiwarishub
|
||||
- vsvipul
|
||||
- bishal-pdmsft
|
||||
|
||||
# A number of reviewers added to the pull request
|
||||
# Set 0 to add all the reviewers (default: 0)
|
||||
numberOfReviewers: 1
|
||||
@@ -0,0 +1,15 @@
|
||||
name: Issue assignment
|
||||
|
||||
on:
|
||||
issues:
|
||||
types: [opened]
|
||||
|
||||
jobs:
|
||||
auto-assign:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 'Auto-assign issue'
|
||||
uses: pozil/auto-assign-issue@v1.4.0
|
||||
with:
|
||||
assignees: phantsure,tiwarishub,anuragc617,vsvipul,bishal-pdmsft
|
||||
numOfAssignee: 1
|
||||
@@ -0,0 +1,10 @@
|
||||
name: 'Auto Assign'
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened, ready_for_review]
|
||||
|
||||
jobs:
|
||||
add-reviews:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: kentaro-m/auto-assign-action@v1.2.1
|
||||
@@ -1,3 +1,3 @@
|
||||
* @actions/starter-workflows
|
||||
|
||||
/code-scanning/ @actions/advanced-security-code-scanning
|
||||
/code-scanning/ @actions/advanced-security-code-scanning @actions/starter-workflows
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
name: Greetings
|
||||
|
||||
on: [pull_request, issues]
|
||||
on: [pull_request_target, issues]
|
||||
|
||||
jobs:
|
||||
greeting:
|
||||
|
||||
@@ -41,9 +41,9 @@ jobs:
|
||||
# https://github.com/sigstore/cosign-installer
|
||||
- name: Install cosign
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
|
||||
uses: sigstore/cosign-installer@d6a3abf1bdea83574e28d40543793018b6035605
|
||||
with:
|
||||
cosign-release: 'v1.4.0'
|
||||
cosign-release: 'v1.7.1'
|
||||
|
||||
|
||||
# Workaround: https://github.com/docker/build-push-action/issues/461
|
||||
@@ -72,7 +72,7 @@ jobs:
|
||||
# https://github.com/docker/build-push-action
|
||||
- name: Build and push Docker image
|
||||
id: build-and-push
|
||||
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
|
||||
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
|
||||
with:
|
||||
context: .
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
@@ -90,4 +90,4 @@ jobs:
|
||||
COSIGN_EXPERIMENTAL: "true"
|
||||
# This step uses the identity token to provision an ephemeral certificate
|
||||
# against the sigstore community Fulcio instance.
|
||||
run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
|
||||
run: cosign sign ${{ steps.meta.outputs.tags }}@${{ steps.build-and-push.outputs.digest }}
|
||||
|
||||
@@ -105,7 +105,7 @@ jobs:
|
||||
|
||||
# Remove the pfx
|
||||
- name: Remove the pfx
|
||||
run: Remove-Item -path $env:Wap_Project_Directory\$env:Signing_Certificate
|
||||
run: Remove-Item -path $env:Wap_Project_Directory\GitHubActionsWorkflow.pfx
|
||||
|
||||
# Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact
|
||||
- name: Upload build artifacts
|
||||
|
||||
@@ -6,6 +6,9 @@ on:
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
|
||||
build:
|
||||
|
||||
@@ -16,7 +16,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
|
||||
- name: Build
|
||||
run: go build -v ./...
|
||||
|
||||
@@ -13,6 +13,9 @@ on:
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ jobs:
|
||||
platform: ${{ 'iOS Simulator' }}
|
||||
run: |
|
||||
# xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
|
||||
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`
|
||||
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}' | sed -e "s/ Simulator$//"`
|
||||
if [ $scheme = default ]; then scheme=$(cat default); fi
|
||||
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
|
||||
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
|
||||
@@ -37,7 +37,7 @@ jobs:
|
||||
platform: ${{ 'iOS Simulator' }}
|
||||
run: |
|
||||
# xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
|
||||
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`
|
||||
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}' | sed -e "s/ Simulator$//"`
|
||||
if [ $scheme = default ]; then scheme=$(cat default); fi
|
||||
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
|
||||
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
|
||||
|
||||
@@ -15,6 +15,9 @@ env:
|
||||
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
|
||||
BUILD_CONFIGURATION: Release
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: windows-latest
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"name": "Ruby on Rails continuous integration",
|
||||
"name": "Ruby on Rails",
|
||||
"description": "Build, lint, and test a Rails application",
|
||||
"iconName": "rails",
|
||||
"categories": ["Continuous integration", "Ruby", "Rails"]
|
||||
|
||||
@@ -12,6 +12,9 @@ on:
|
||||
release:
|
||||
types: [published]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ jobs:
|
||||
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
|
||||
# change this to (see https://github.com/ruby/setup-ruby#versioning):
|
||||
# uses: ruby/setup-ruby@v1
|
||||
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
|
||||
uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124
|
||||
with:
|
||||
ruby-version: ${{ matrix.ruby-version }}
|
||||
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
||||
|
||||
@@ -40,6 +40,6 @@ jobs:
|
||||
image: "localbuild/testimage:latest"
|
||||
acs-report-enable: true
|
||||
- name: Upload Anchore Scan Report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
||||
@@ -64,6 +64,6 @@ jobs:
|
||||
# The name of the sarif format result file The file is written only if this property is provided.
|
||||
sarif-result-file: "apisec-results.sarif"
|
||||
- name: Import results
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: ./apisec-results.sarif
|
||||
|
||||
@@ -52,6 +52,6 @@ jobs:
|
||||
|
||||
# Upload the SARIF file generated in the previous step
|
||||
- name: Upload SARIF
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: output.sarif.json
|
||||
|
||||
@@ -49,6 +49,6 @@ jobs:
|
||||
params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory
|
||||
# Upload the Report for CodeQL/Security Alerts
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: cx.sarif
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# clj-watson scans dependencies in a clojure deps.edn
|
||||
# seeking for vulnerable direct/transitive dependencies and
|
||||
# build a report with all the information needed to help you
|
||||
# understand how the vulnerability manifest in your software.
|
||||
# More details at https://github.com/clj-holmes/clj-watson
|
||||
|
||||
name: clj-watson
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
clj-holmes:
|
||||
name: Run clj-watson scanning
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Dependency scan
|
||||
uses: clj-holmes/clj-watson-action@39b8ed306f2c125860cf6e69b6939363689f998c
|
||||
with:
|
||||
clj-watson-sha: "65d928c"
|
||||
clj-watson-tag: "v4.0.1"
|
||||
database-strategy: github-advisory
|
||||
aliases: clojure-lsp,test
|
||||
deps-edn-path: deps.edn
|
||||
suggest-fix: true
|
||||
output-type: sarif
|
||||
output-file: clj-watson-results.sarif
|
||||
fail-on-result: false
|
||||
|
||||
- name: Upload analysis results to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: ${{github.workspace}}/clj-watson-results.sarif
|
||||
wait-for-processing: true
|
||||
@@ -50,7 +50,7 @@ jobs:
|
||||
cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS
|
||||
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
# Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always()
|
||||
# is needed to ensure the SARIF file is uploaded
|
||||
if: always()
|
||||
|
||||
@@ -55,6 +55,6 @@ jobs:
|
||||
|
||||
# Upload the SARIF file generated in the previous step
|
||||
- name: Upload SARIF results file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
||||
@@ -34,7 +34,7 @@ jobs:
|
||||
matrix:
|
||||
language: [ $detected-codeql-languages ]
|
||||
# CodeQL supports [ $supported-codeql-languages ]
|
||||
# Learn more about CodeQL language support at https://git.io/codeql-language-support
|
||||
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
@@ -42,29 +42,31 @@ jobs:
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v1
|
||||
uses: github/codeql-action/init@v2
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||
# By default, queries listed here will override any specified in a config file.
|
||||
# Prefix the list here with "+" to use these queries and those in the config file.
|
||||
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
||||
|
||||
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
|
||||
# queries: security-extended,security-and-quality
|
||||
|
||||
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||
# If this step fails, then you should remove it and run the build manually (see below)
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@v1
|
||||
uses: github/codeql-action/autobuild@v2
|
||||
|
||||
# ℹ️ Command-line programs to run using the OS shell.
|
||||
# 📚 https://git.io/JvXDl
|
||||
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
|
||||
|
||||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
||||
# and modify them (or add more) to build your code if your project
|
||||
# uses a compiled language
|
||||
# If the Autobuild fails above, remove it and uncomment the following three lines.
|
||||
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
|
||||
|
||||
#- run: |
|
||||
# make bootstrap
|
||||
# make release
|
||||
# - run: |
|
||||
# echo "Run, Build Application using script"
|
||||
# ./location_of_script_within_repo/buildscript.sh
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v1
|
||||
uses: github/codeql-action/analyze@v2
|
||||
|
||||
@@ -17,8 +17,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
CodeScan:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
@@ -37,6 +43,6 @@ jobs:
|
||||
organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
|
||||
projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: codescan.sarif
|
||||
|
||||
@@ -0,0 +1,20 @@
|
||||
# Dependency Review Action
|
||||
#
|
||||
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
|
||||
#
|
||||
# Source repository: https://github.com/actions/dependency-review-action
|
||||
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
|
||||
name: 'Dependency Review'
|
||||
on: [pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@v3
|
||||
- name: 'Dependency Review'
|
||||
uses: actions/dependency-review-action@v1
|
||||
@@ -111,7 +111,7 @@ jobs:
|
||||
)" > ${{ github.workspace }}/detekt.sarif.json
|
||||
|
||||
# Uploads results to GitHub repository using the upload-sarif action
|
||||
- uses: github/codeql-action/upload-sarif@v1
|
||||
- uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: ${{ github.workspace }}/detekt.sarif.json
|
||||
|
||||
@@ -29,6 +29,6 @@ jobs:
|
||||
uses: microsoft/DevSkim-Action@v1
|
||||
|
||||
- name: Upload DevSkim scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: devskim-results.sarif
|
||||
|
||||
@@ -0,0 +1,49 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# ESLint is a tool for identifying and reporting on patterns
|
||||
# found in ECMAScript/JavaScript code.
|
||||
# More details at https://github.com/eslint/eslint
|
||||
# and https://eslint.org
|
||||
|
||||
name: ESLint
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
eslint:
|
||||
name: Run eslint scanning
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install ESLint
|
||||
run: |
|
||||
npm install eslint@8.10.0
|
||||
npm install @microsoft/eslint-formatter-sarif@2.1.7
|
||||
|
||||
- name: Run ESLint
|
||||
run: npx eslint .
|
||||
--config .eslintrc.js
|
||||
--ext .js,.jsx,.ts,.tsx
|
||||
--format @microsoft/eslint-formatter-sarif
|
||||
--output-file eslint-results.sarif
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload analysis results to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: eslint-results.sarif
|
||||
wait-for-processing: true
|
||||
@@ -33,6 +33,6 @@ jobs:
|
||||
output: 'flawfinder_results.sarif'
|
||||
|
||||
- name: Upload analysis results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: ${{github.workspace}}/flawfinder_results.sarif
|
||||
@@ -93,6 +93,6 @@ jobs:
|
||||
|
||||
# Import Fortify on Demand results to GitHub Security Code Scanning
|
||||
- name: Import Results
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: ./gh-fortify-sast.sarif
|
||||
|
||||
@@ -0,0 +1,47 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# hadoint is a Dockerfile linter written in Haskell
|
||||
# that helps you build best practice Docker images.
|
||||
# More details at https://github.com/hadolint/hadolint
|
||||
|
||||
name: Hadolint
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
hadolint:
|
||||
name: Run hadolint scanning
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Run hadolint
|
||||
uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
|
||||
with:
|
||||
dockerfile: ./Dockerfile
|
||||
format: sarif
|
||||
output-file: hadolint-results.sarif
|
||||
no-fail: true
|
||||
|
||||
- name: Upload analysis results to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: hadolint-results.sarif
|
||||
wait-for-processing: true
|
||||
@@ -36,6 +36,6 @@ jobs:
|
||||
exit-code: "0"
|
||||
|
||||
- name: Upload Kubesec scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: kubesec-results.sarif
|
||||
@@ -61,6 +61,6 @@ jobs:
|
||||
sarif-report: mapi.sarif
|
||||
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: mapi.sarif
|
||||
|
||||
@@ -37,6 +37,6 @@ jobs:
|
||||
args: . --sarif --output results.sarif || true
|
||||
|
||||
- name: Upload mobsfscan report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
||||
@@ -53,7 +53,7 @@ jobs:
|
||||
|
||||
# Upload SARIF file to GitHub Code Scanning Alerts
|
||||
- name: Upload SARIF to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: ${{ steps.run-analysis.outputs.sarif }}
|
||||
|
||||
|
||||
@@ -0,0 +1,175 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# Run a Nexploit Scan
|
||||
# This action runs a new security scan in Nexploit, or reruns an existing one.
|
||||
# Build Secure Apps & APIs. Fast.
|
||||
# [NeuraLegion](https://www.neuralegion.com) is a powerful dynamic application & API security testing (DAST) platform that security teams trust and developers love.
|
||||
# Automatically Tests Every Aspect of Your Apps & APIs
|
||||
# Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports
|
||||
# Seamlessly integrates with the Tools and Workflows You Already Use
|
||||
#
|
||||
# NeuraLegion works with your existing CI/CD pipelines – trigger scans on every commit, pull request or build with unit testing.
|
||||
# Spin-Up, Configure and Control Scans with Code
|
||||
# One file. One command. One scan. No UI needed.
|
||||
#
|
||||
# Super-Fast Scans
|
||||
#
|
||||
# Interacts with applications and APIs, instead of just crawling them and guessing.
|
||||
# Scans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.
|
||||
#
|
||||
# No False Positives
|
||||
#
|
||||
# Stop chasing ghosts and wasting time. NeuraLegion doesn’t return false positives, so you can focus on releasing code.
|
||||
#
|
||||
# Comprehensive Security Testing
|
||||
#
|
||||
# NeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE -- as well as uncommon vulnerabilities, such as business logic vulnerabilities.
|
||||
#
|
||||
# More information is available on NeuraLegion’s:
|
||||
# * [Website](https://www.neuralegion.com/)
|
||||
# * [Knowledge base](https://docs.neuralegion.com/docs/quickstart)
|
||||
# * [YouTube channel](https://www.youtube.com/channel/UCoIC0T1pmozq3eKLsUR2uUw)
|
||||
# * [GitHub Actions](https://github.com/marketplace?query=neuralegion+)
|
||||
#
|
||||
# Inputs
|
||||
#
|
||||
# `name`
|
||||
#
|
||||
# **Required**. Scan name.
|
||||
#
|
||||
# _Example:_ `name: GitHub scan ${{ github.sha }}`
|
||||
#
|
||||
# `api_token`
|
||||
#
|
||||
# **Required**. Your Nexploit API authorization token (key). You can generate it in the **Organization** section on [nexploit.app](https://nexploit.app/login). Find more information [here](https://kb.neuralegion.com/#/guide/np-web-ui/advanced-set-up/managing-org?id=managing-organization-apicli-authentication-tokens).
|
||||
#
|
||||
# _Example:_ `api_token: ${{ secrets.NEXPLOIT_TOKEN }}`
|
||||
#
|
||||
# `restart_scan`
|
||||
#
|
||||
# **Required** when restarting an existing scan by its ID. You can get the scan ID in the Scans section on [nexploit.app](https://nexploit.app/login).<br> Please make sure to only use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements.
|
||||
#
|
||||
# _Example:_ `restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ)`
|
||||
#
|
||||
# `discovery_types`
|
||||
#
|
||||
# **Required**. Array of discovery types. The following types are available:
|
||||
# * `archive` - uses an uploaded HAR-file for a scan
|
||||
# * `crawler` - uses a crawler to define the attack surface for a scan
|
||||
# * `oas` - uses an uploaded OpenAPI schema for a scan <br>
|
||||
# If no discovery type is specified, `crawler` is applied by default.
|
||||
#
|
||||
# _Example:_
|
||||
#
|
||||
# ```yml
|
||||
# discovery_types: |
|
||||
# [ "crawler", "archive" ]
|
||||
# ```
|
||||
#
|
||||
# `file_id`
|
||||
#
|
||||
# **Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [nexploit.app](https://nexploit.app/login).
|
||||
#
|
||||
# _Example:_
|
||||
#
|
||||
# ```
|
||||
# FILE_ID=$(nexploit-cli archive:upload \
|
||||
# --token ${{ secrets.NEXPLOIT_TOKEN }} \
|
||||
# --discard true \
|
||||
# ./example.har)
|
||||
# ```
|
||||
#
|
||||
# `crawler_urls`
|
||||
#
|
||||
# **Required** if the discovery type is set to `crawler`. Target URLs to be used by the crawler to define the attack surface.
|
||||
#
|
||||
# _Example:_
|
||||
#
|
||||
# ```
|
||||
# crawler_urls: |
|
||||
# [ "http://vulnerable-bank.com" ]
|
||||
# ```
|
||||
#
|
||||
# `hosts_filter`
|
||||
#
|
||||
# **Required** when the the discovery type is set to `archive`. Allows selecting specific hosts for a scan.
|
||||
#
|
||||
# Outputs
|
||||
#
|
||||
# `url`
|
||||
#
|
||||
# Url of the resulting scan
|
||||
#
|
||||
# `id`
|
||||
#
|
||||
# ID of the created scan. This ID could then be used to restart the scan, or for the following GitHub actions:
|
||||
# * [Nexploit Wait for Issues](https://github.com/marketplace/actions/nexploit-wait-for-issues)
|
||||
# * [Nexploit Stop Scan](https://github.com/marketplace/actions/nexploit-stop-scan)
|
||||
#
|
||||
# Example usage
|
||||
#
|
||||
# Start a new scan with parameters
|
||||
#
|
||||
# ```yml
|
||||
# steps:
|
||||
# - name: Start Nexploit Scan
|
||||
# id: start
|
||||
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
|
||||
# with:
|
||||
# api_token: ${{ secrets.NEXPLOIT_TOKEN }}
|
||||
# name: GitHub scan ${{ github.sha }}
|
||||
# discovery_types: |
|
||||
# [ "crawler", "archive" ]
|
||||
# crawler_urls: |
|
||||
# [ "http://vulnerable-bank.com" ]
|
||||
# file_id: LiYknMYSdbSZbqgMaC9Sj
|
||||
# hosts_filter: |
|
||||
# [ ]
|
||||
# - name: Get the output scan url
|
||||
# run: echo "The scan was started on ${{ steps.start.outputs.url }}"
|
||||
# ```
|
||||
#
|
||||
# Restart an existing scan
|
||||
#
|
||||
# ```yml
|
||||
# steps:
|
||||
# - name: Start Nexploit Scan
|
||||
# id: start
|
||||
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
|
||||
# with:
|
||||
# api_token: ${{ secrets.NEXPLOIT_TOKEN }}
|
||||
# name: GitHub scan ${{ github.sha }}
|
||||
# restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ
|
||||
# - name: Get the output scan url
|
||||
# run: echo "The scan was started on ${{ steps.start.outputs.url }}"
|
||||
|
||||
|
||||
name: "NeuraLegion"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
neuralegion_scan:
|
||||
runs-on: ubuntu-18.04
|
||||
name: A job to run a Nexploit scan
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Start Nexploit Scan 🏁
|
||||
id: start
|
||||
uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
|
||||
with:
|
||||
api_token: ${{ secrets.NEURALEGION_TOKEN }}
|
||||
name: GitHub scan ${{ github.sha }}
|
||||
discovery_types: |
|
||||
[ "crawler" ]
|
||||
crawler_urls: |
|
||||
[ "https://brokencrystals.com" ] # ✏️ Update this to the url you wish to scan
|
||||
@@ -36,6 +36,6 @@ jobs:
|
||||
with:
|
||||
args: '. --sarif --output results.sarif || true'
|
||||
- name: Upload njsscan report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
||||
@@ -47,6 +47,6 @@ jobs:
|
||||
group_id: {{ groupId }} # Update this to your desired Platform group ID
|
||||
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: NowSecure.sarif
|
||||
|
||||
@@ -17,10 +17,16 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
OSSAR-Scan:
|
||||
# OSSAR runs on windows-latest.
|
||||
# ubuntu-latest and macos-latest support coming soon
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: windows-latest
|
||||
|
||||
steps:
|
||||
@@ -44,6 +50,6 @@ jobs:
|
||||
|
||||
# Upload results to the Security tab
|
||||
- name: Upload OSSAR results
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: ${{ steps.ossar.outputs.sarifFile }}
|
||||
|
||||
@@ -13,8 +13,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
pmd-code-scan:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
@@ -31,6 +37,6 @@ jobs:
|
||||
sourcePath: 'src/main/java'
|
||||
analyzeModifiedFilesOnly: false
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: pmd-report.sarif
|
||||
|
||||
@@ -17,8 +17,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
name: PSScriptAnalyzer
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
@@ -37,6 +43,6 @@ jobs:
|
||||
|
||||
# Upload the SARIF file generated in the previous step
|
||||
- name: Upload SARIF results file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
||||
@@ -48,7 +48,7 @@ jobs:
|
||||
# The service need to know the type of IaC being scanned
|
||||
template_type: 'CFT'
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
# Results are generated only on a success or failure
|
||||
# this is required since GitHub by default won't run the next step
|
||||
# when the previous one has failed.
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"name": "clj-watson",
|
||||
"description": "Scan Clojure/Clojurescript projects for vulnerable direct/transitive dependencies.",
|
||||
"iconName": "clj-watson",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Clojure"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
{
|
||||
"name": "Dependency Review",
|
||||
"description": "Scans Pull Requests on each push for the introduction and/or resolution of vulnerable dependencies to the repository",
|
||||
"iconName": "octicon mark-github",
|
||||
"categories": [
|
||||
"Dependency review",
|
||||
"Dependency graph",
|
||||
"Go",
|
||||
"Java",
|
||||
"JavaScript",
|
||||
"TypeScript",
|
||||
"Python",
|
||||
"Ruby",
|
||||
"Actions",
|
||||
"PHP"]
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"name": "ESLint",
|
||||
"description": "A tool for identifying and reporting the problems found in ECMAScript/JavaScript code.",
|
||||
"iconName": "eslint",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"JavaScript",
|
||||
"EcmaScript",
|
||||
"TypeScript"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Haskell Dockerfile Linter",
|
||||
"description": "A smarter Dockerfile linter that helps you build best practice Docker images.",
|
||||
"iconName": "hadolint",
|
||||
"categories": ["Code Scanning", "Dockerfile"]
|
||||
}
|
||||
@@ -0,0 +1,24 @@
|
||||
{
|
||||
"name": "NeuraLegion",
|
||||
"creator": "NeuraLegion",
|
||||
"description": "Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports",
|
||||
"iconName": "neuralegion",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"C",
|
||||
"C#",
|
||||
"C++",
|
||||
"Go",
|
||||
"Java",
|
||||
"JavaScript",
|
||||
"Kotlin",
|
||||
"Objective C",
|
||||
"PHP",
|
||||
"Python",
|
||||
"Ruby",
|
||||
"Rust",
|
||||
"Scala",
|
||||
"Swift",
|
||||
"TypeScript"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
{
|
||||
"name": "rust-clippy",
|
||||
"description": "A collection of lints to catch common mistakes and improve your Rust code.",
|
||||
"iconName": "rust",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"rust"
|
||||
]
|
||||
}
|
||||
@@ -1,7 +0,0 @@
|
||||
{
|
||||
"name": "Scan",
|
||||
"creator": "ShiftLeft",
|
||||
"description": "Scan is a free open-source security tool for modern DevOps teams from ShiftLeft.",
|
||||
"iconName": "shiftleft",
|
||||
"categories": ["Code Scanning"]
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"name": "Sobelow",
|
||||
"creator": "nccgroup",
|
||||
"description": "Sobelow is a security-focused static analysis tool for the Phoenix framework.",
|
||||
"iconName": "sobelow",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Elixir"
|
||||
]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "SonarCloud",
|
||||
"creator": "Sonar",
|
||||
"description": "Static analysis of code for vulnerability detection, covering 26+ languages. Start cleaning your code in minutes!",
|
||||
"iconName": "sonarcloud",
|
||||
"categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"]
|
||||
}
|
||||
@@ -47,6 +47,6 @@ jobs:
|
||||
"
|
||||
|
||||
- name: Upload Sarif output
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: rubocop.sarif
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# rust-clippy is a tool that runs a bunch of lints to catch common
|
||||
# mistakes in your Rust code and help improve your Rust code.
|
||||
# More details at https://github.com/rust-lang/rust-clippy
|
||||
# and https://rust-lang.github.io/rust-clippy/
|
||||
|
||||
name: rust-clippy analyze
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
rust-clippy-analyze:
|
||||
name: Run rust-clippy analyzing
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Install Rust toolchain
|
||||
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: stable
|
||||
components: clippy
|
||||
override: true
|
||||
|
||||
- name: Install required cargo
|
||||
run: cargo install clippy-sarif sarif-fmt
|
||||
|
||||
- name: Run rust-clippy
|
||||
run:
|
||||
cargo clippy
|
||||
--all-features
|
||||
--message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload analysis results to GitHub
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: rust-clippy-results.sarif
|
||||
wait-for-processing: true
|
||||
@@ -38,4 +38,4 @@ jobs:
|
||||
uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687
|
||||
|
||||
- name: Upload sarif
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
|
||||
@@ -42,7 +42,7 @@ jobs:
|
||||
|
||||
# Upload SARIF file generated in previous step
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: semgrep.sarif
|
||||
if: always()
|
||||
|
||||
@@ -1,47 +0,0 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow integrates Scan with GitHub's code scanning feature
|
||||
# Scan is a free open-source security tool for modern DevOps teams from ShiftLeft
|
||||
# Visit https://slscan.io/en/latest/integrations/code-scan for help
|
||||
name: SL Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
Scan-Build:
|
||||
# Scan runs on ubuntu, mac and windows
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
# Instructions
|
||||
# 1. Setup JDK, Node.js, Python etc depending on your project type
|
||||
# 2. Compile or build the project before invoking scan
|
||||
# Example: mvn compile, or npm install or pip install goes here
|
||||
# 3. Invoke Scan with the github token. Leave the workspace empty to use relative url
|
||||
|
||||
- name: Perform Scan
|
||||
uses: ShiftLeftSecurity/scan-action@39af9e54bc599c8077e710291d790175c9231f64
|
||||
env:
|
||||
WORKSPACE: ""
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
SCAN_AUTO_BUILD: true
|
||||
with:
|
||||
output: reports
|
||||
# Scan auto-detects the languages in your project. To override uncomment the below variable and set the type
|
||||
# type: credscan,java
|
||||
# type: python
|
||||
|
||||
- name: Upload report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: reports
|
||||
@@ -22,8 +22,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
snyk:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
@@ -43,6 +49,6 @@ jobs:
|
||||
image: your/image-to-test
|
||||
args: --file=Dockerfile
|
||||
- name: Upload result to GitHub Code Scanning
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: snyk.sarif
|
||||
|
||||
@@ -21,8 +21,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
snyk:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
@@ -42,6 +48,6 @@ jobs:
|
||||
# or `main.tf` for a Terraform configuration file
|
||||
file: your-file-to-test.yaml
|
||||
- name: Upload result to GitHub Code Scanning
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: snyk.sarif
|
||||
|
||||
@@ -0,0 +1,40 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
#
|
||||
# Sobelow is a security-focused static analysis tool for the Phoenix framework. https://sobelow.io/
|
||||
#
|
||||
# To use this workflow, you must have GitHub Advanced Security (GHAS) enabled for your repository.
|
||||
#
|
||||
# Instructions:
|
||||
# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
|
||||
# and review the "Security" tab once the action has run.
|
||||
name: Sobelow
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
security-scan:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- id: run-action
|
||||
uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912
|
||||
- name: Upload report
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -0,0 +1,68 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow helps you trigger a SonarCloud analysis of your code and populates
|
||||
# GitHub Code Scanning alerts with the vulnerabilities found.
|
||||
# Free for open source project.
|
||||
|
||||
# 1. Login to SonarCloud.io using your GitHub account
|
||||
|
||||
# 2. Import your project on SonarCloud
|
||||
# * Add your GitHub organization first, then add your repository as a new project.
|
||||
# * Please note that many languages are eligible for automatic analysis,
|
||||
# which means that the analysis will start automatically without the need to set up GitHub Actions.
|
||||
# * This behavior can be changed in Administration > Analysis Method.
|
||||
#
|
||||
# 3. Follow the SonarCloud in-product tutorial
|
||||
# * a. Copy/paste the Project Key and the Organization Key into the args parameter below
|
||||
# (You'll find this information in SonarCloud. Click on "Information" at the bottom left)
|
||||
#
|
||||
# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN
|
||||
# (On SonarCloud, click on your avatar on top-right > My account > Security
|
||||
# or go directly to https://sonarcloud.io/account/security/)
|
||||
|
||||
# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/)
|
||||
# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9)
|
||||
|
||||
name: SonarCloud analysis
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
pull-requests: read # allows SonarCloud to decorate PRs with analysis results
|
||||
|
||||
jobs:
|
||||
Analysis:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Analyze with SonarCloud
|
||||
|
||||
# You can pin the exact commit or the version.
|
||||
# uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
|
||||
uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
|
||||
with:
|
||||
# Additional arguments for the sonarcloud scanner
|
||||
args:
|
||||
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
|
||||
# mandatory
|
||||
-Dsonar.projectKey=
|
||||
-Dsonar.organization=
|
||||
# Comma-separated paths to directories containing main source files.
|
||||
#-Dsonar.sources= # optional, default is project base directory
|
||||
# When you need the analysis to take place in a directory other than the one from which it was launched
|
||||
#-Dsonar.projectBaseDir= # optional, default is .
|
||||
# Comma-separated paths to directories containing test source files.
|
||||
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
|
||||
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
|
||||
#-Dsonar.verbose= # optional, default is false
|
||||
@@ -71,7 +71,7 @@ jobs:
|
||||
|
||||
- name: Upload SARIF file
|
||||
if: ${{steps.prescription.outputs.sastScan == 'true' }}
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: workflowengine-results.sarif.json
|
||||
|
||||
@@ -54,7 +54,7 @@ jobs:
|
||||
# Sysdig inline scanner requires privileged rights
|
||||
run-as-user: root
|
||||
|
||||
- uses: github/codeql-action/upload-sarif@v1
|
||||
- uses: github/codeql-action/upload-sarif@v2
|
||||
#Upload SARIF file
|
||||
if: always()
|
||||
with:
|
||||
|
||||
@@ -32,7 +32,7 @@ jobs:
|
||||
sarif_file: tfsec.sarif
|
||||
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: tfsec.sarif
|
||||
|
||||
@@ -42,6 +42,6 @@ jobs:
|
||||
severity: 'CRITICAL,HIGH'
|
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
|
||||
@@ -52,7 +52,7 @@ jobs:
|
||||
uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be
|
||||
with:
|
||||
pipeline-results-json: results.json
|
||||
- uses: github/codeql-action/upload-sarif@v1
|
||||
- uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: veracode-results.sarif
|
||||
|
||||
@@ -42,9 +42,15 @@ on:
|
||||
- cron: $cron-weekly
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
xanitizer-security-analysis:
|
||||
# Xanitizer runs on ubuntu-latest and windows-latest.
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
@@ -88,6 +94,6 @@ jobs:
|
||||
*-Findings-List.sarif
|
||||
|
||||
# Uploads the findings into the GitHub code scanning alert section using the upload-sarif action
|
||||
- uses: github/codeql-action/upload-sarif@v1
|
||||
- uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: Xanitizer-Findings-List.sarif
|
||||
|
||||
@@ -40,6 +40,9 @@ env:
|
||||
ACR_EE_IMAGE: repo
|
||||
ACR_EE_TAG: ${{ github.sha }}
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
@@ -41,6 +41,9 @@ env:
|
||||
CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the
|
||||
# containerDefinitions section of your task definition
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
name: Deploy
|
||||
|
||||
@@ -35,6 +35,9 @@ on:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -63,6 +66,8 @@ jobs:
|
||||
file: ./Dockerfile
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -9,17 +9,17 @@
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set the following secrets in your repository (instructions for getting these
|
||||
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
|
||||
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux)):
|
||||
# - AZURE_CLIENT_ID
|
||||
# - AZURE_TENANT_ID
|
||||
# - AZURE_SUBSCRIPTION_ID
|
||||
#
|
||||
# 2. Set the following environment variables (or replace the values below):
|
||||
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - RESOURCE_GROUP (where your cluster is deployed)
|
||||
# - CLUSTER_NAME (name of your AKS cluster)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
|
||||
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
|
||||
#
|
||||
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Helm.
|
||||
# Set your helmChart, overrideFiles, overrides, and helm-version to suit your configuration.
|
||||
@@ -48,12 +48,10 @@ env:
|
||||
CHART_OVERRIDE_PATH: "your-chart-override-path"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
buildImage:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
@@ -72,6 +70,20 @@ jobs:
|
||||
run: |
|
||||
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
|
||||
|
||||
createSecret:
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
@@ -85,7 +97,9 @@ jobs:
|
||||
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
|
||||
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
|
||||
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
|
||||
echo "::add-mask::${ACR_USERNAME}"
|
||||
echo "::set-output name=username::${ACR_USERNAME}"
|
||||
echo "::add-mask::${ACR_PASSWORD}"
|
||||
echo "::set-output name=password::${ACR_PASSWORD}"
|
||||
id: get-acr-creds
|
||||
|
||||
@@ -96,7 +110,30 @@ jobs:
|
||||
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
|
||||
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
|
||||
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
needs: [buildImage, createSecret]
|
||||
steps:
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
with:
|
||||
resource-group: ${{ env.RESOURCE_GROUP }}
|
||||
cluster-name: ${{ env.CLUSTER_NAME }}
|
||||
|
||||
# Runs Helm to create manifest files
|
||||
- name: Bake deployment
|
||||
@@ -112,11 +149,11 @@ jobs:
|
||||
|
||||
# Deploys application based on manifest files from previous step
|
||||
- name: Deploy application
|
||||
uses: Azure/k8s-deploy@v3.0
|
||||
uses: Azure/k8s-deploy@v3.1
|
||||
with:
|
||||
action: deploy
|
||||
manifests: ${{ steps.bake.outputs.manifestsBundle }}
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
@@ -9,17 +9,17 @@
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set the following secrets in your repository (instructions for getting these
|
||||
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
|
||||
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
|
||||
# - AZURE_CLIENT_ID
|
||||
# - AZURE_TENANT_ID
|
||||
# - AZURE_SUBSCRIPTION_ID
|
||||
#
|
||||
# 2. Set the following environment variables (or replace the values below):
|
||||
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - RESOURCE_GROUP (where your cluster is deployed)
|
||||
# - CLUSTER_NAME (name of your AKS cluster)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
|
||||
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
|
||||
#
|
||||
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Kompose.
|
||||
# Set your dockerComposeFile and kompose-version to suit your configuration.
|
||||
@@ -40,12 +40,10 @@ env:
|
||||
DOCKER_COMPOSE_FILE_PATH: "your-docker-compose-file-path"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
buildImage:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
@@ -63,7 +61,21 @@ jobs:
|
||||
- name: Build and push image to ACR
|
||||
run: |
|
||||
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
|
||||
|
||||
|
||||
createSecret:
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
@@ -77,7 +89,9 @@ jobs:
|
||||
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
|
||||
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
|
||||
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
|
||||
echo "::add-mask::${ACR_USERNAME}"
|
||||
echo "::set-output name=username::${ACR_USERNAME}"
|
||||
echo "::add-mask::${ACR_PASSWORD}"
|
||||
echo "::set-output name=password::${ACR_PASSWORD}"
|
||||
id: get-acr-creds
|
||||
|
||||
@@ -88,7 +102,33 @@ jobs:
|
||||
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
|
||||
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
|
||||
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
needs: [buildImage, createSecret]
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
with:
|
||||
resource-group: ${{ env.RESOURCE_GROUP }}
|
||||
cluster-name: ${{ env.CLUSTER_NAME }}
|
||||
|
||||
# Runs Kompose to create manifest files
|
||||
- name: Bake deployment
|
||||
@@ -101,11 +141,11 @@ jobs:
|
||||
|
||||
# Deploys application based on manifest files from previous step
|
||||
- name: Deploy application
|
||||
uses: Azure/k8s-deploy@v3.0
|
||||
uses: Azure/k8s-deploy@v3.1
|
||||
with:
|
||||
action: deploy
|
||||
manifests: ${{ steps.bake.outputs.manifestsBundle }}
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
@@ -9,17 +9,17 @@
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set the following secrets in your repository (instructions for getting these
|
||||
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
|
||||
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
|
||||
# - AZURE_CLIENT_ID
|
||||
# - AZURE_TENANT_ID
|
||||
# - AZURE_SUBSCRIPTION_ID
|
||||
#
|
||||
# 2. Set the following environment variables (or replace the values below):
|
||||
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - RESOURCE_GROUP (where your cluster is deployed)
|
||||
# - CLUSTER_NAME (name of your AKS cluster)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
|
||||
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
|
||||
#
|
||||
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Kustomize.
|
||||
# Set your kustomizationPath and kubectl-version to suit your configuration.
|
||||
@@ -46,12 +46,10 @@ env:
|
||||
KUSTOMIZE_PATH: "your-kustomize-path"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
buildImage:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
@@ -69,6 +67,23 @@ jobs:
|
||||
- name: Build and push image to ACR
|
||||
run: |
|
||||
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
|
||||
|
||||
createSecret:
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
@@ -83,7 +98,9 @@ jobs:
|
||||
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
|
||||
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
|
||||
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
|
||||
echo "::add-mask::${ACR_USERNAME}"
|
||||
echo "::set-output name=username::${ACR_USERNAME}"
|
||||
echo "::add-mask::${ACR_PASSWORD}"
|
||||
echo "::set-output name=password::${ACR_PASSWORD}"
|
||||
id: get-acr-creds
|
||||
|
||||
@@ -94,7 +111,33 @@ jobs:
|
||||
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
|
||||
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
|
||||
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
needs: [buildImage, createSecret]
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
with:
|
||||
resource-group: ${{ env.RESOURCE_GROUP }}
|
||||
cluster-name: ${{ env.CLUSTER_NAME }}
|
||||
|
||||
# Runs Kustomize to create manifest files
|
||||
- name: Bake deployment
|
||||
@@ -107,11 +150,11 @@ jobs:
|
||||
|
||||
# Deploys application based on manifest files from previous step
|
||||
- name: Deploy application
|
||||
uses: Azure/k8s-deploy@v3.0
|
||||
uses: Azure/k8s-deploy@v3.1
|
||||
with:
|
||||
action: deploy
|
||||
manifests: ${{ steps.bake.outputs.manifestsBundle }}
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
@@ -8,8 +8,7 @@
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set the following secrets in your repository (instructions for getting these
|
||||
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
|
||||
# 1. Set the following secrets in your repository (instructions for getting these can be found at https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
|
||||
# - AZURE_CLIENT_ID
|
||||
# - AZURE_TENANT_ID
|
||||
# - AZURE_SUBSCRIPTION_ID
|
||||
@@ -19,7 +18,7 @@
|
||||
# - RESOURCE_GROUP (where your cluster is deployed)
|
||||
# - CLUSTER_NAME (name of your AKS cluster)
|
||||
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
|
||||
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
|
||||
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
|
||||
# - DEPLOYMENT_MANIFEST_PATH (path to the manifest yaml for your deployment)
|
||||
#
|
||||
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
|
||||
@@ -43,12 +42,10 @@ env:
|
||||
DEPLOYMENT_MANIFEST_PATH: 'your-deployment-manifest-path'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
buildImage:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
@@ -67,6 +64,20 @@ jobs:
|
||||
run: |
|
||||
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
|
||||
|
||||
createSecret:
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
@@ -80,7 +91,9 @@ jobs:
|
||||
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
|
||||
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
|
||||
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
|
||||
echo "::add-mask::${ACR_USERNAME}"
|
||||
echo "::set-output name=username::${ACR_USERNAME}"
|
||||
echo "::add-mask::${ACR_PASSWORD}"
|
||||
echo "::set-output name=password::${ACR_PASSWORD}"
|
||||
id: get-acr-creds
|
||||
|
||||
@@ -93,13 +106,39 @@ jobs:
|
||||
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
|
||||
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
needs: [buildImage, createSecret]
|
||||
steps:
|
||||
# Checks out the repository this file is in
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
# Logs in with your Azure credentials
|
||||
- name: Azure login
|
||||
uses: azure/login@v1.4.3
|
||||
with:
|
||||
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
||||
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
||||
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
||||
|
||||
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
|
||||
- name: Get K8s context
|
||||
uses: azure/aks-set-context@v2.0
|
||||
with:
|
||||
resource-group: ${{ env.RESOURCE_GROUP }}
|
||||
cluster-name: ${{ env.CLUSTER_NAME }}
|
||||
|
||||
# Deploys application based on given manifest file
|
||||
- name: Deploys application
|
||||
uses: Azure/k8s-deploy@v3.0
|
||||
uses: Azure/k8s-deploy@v3.1
|
||||
with:
|
||||
action: deploy
|
||||
manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
${{ env.IMAGE_PULL_SECRET_NAME }}
|
||||
@@ -30,6 +30,9 @@ on:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -63,6 +66,8 @@ jobs:
|
||||
path: ${{env.DOTNET_ROOT}}/myapp
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -22,6 +22,7 @@ name: Build and deploy JAR app to Azure Web App
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
|
||||
JAVA_VERSION: '11' # set this to the Java version to use
|
||||
DISTRIBUTION: zulu # set this to the Java distribution
|
||||
|
||||
on:
|
||||
push:
|
||||
@@ -29,6 +30,9 @@ on:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -40,6 +44,7 @@ jobs:
|
||||
uses: actions/setup-java@v3.0.0
|
||||
with:
|
||||
java-version: ${{ env.JAVA_VERSION }}
|
||||
distribution: ${{ env.DISTRIBUTION }}
|
||||
cache: 'maven'
|
||||
|
||||
- name: Build with Maven
|
||||
@@ -52,6 +57,8 @@ jobs:
|
||||
path: '${{ github.workspace }}/target/*.jar'
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -28,6 +28,9 @@ env:
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
NODE_VERSION: '14.x' # set this to the node version to use
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -53,6 +56,8 @@ jobs:
|
||||
path: .
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -30,6 +30,9 @@ env:
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
PHP_VERSION: '8.x' # set this to the PHP version to use
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -74,6 +77,8 @@ jobs:
|
||||
path: .
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -29,6 +29,9 @@ on:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
@@ -61,6 +64,8 @@ jobs:
|
||||
!venv/
|
||||
|
||||
deploy:
|
||||
permissions:
|
||||
contents: none
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
|
||||
@@ -27,6 +27,9 @@ env:
|
||||
TKE_CLUSTER_ID: cls-mywebapp
|
||||
DEPLOYMENT_NAME: tke-test
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
setup-build-publish-deploy:
|
||||
name: Setup, Build, Publish, and Deploy
|
||||
|
||||
@@ -50,6 +50,9 @@ on:
|
||||
- $default-branch
|
||||
pull_request:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
terraform:
|
||||
name: 'Terraform'
|
||||
@@ -82,10 +85,10 @@ jobs:
|
||||
|
||||
# Generates an execution plan for Terraform
|
||||
- name: Terraform Plan
|
||||
run: terraform plan
|
||||
run: terraform plan -input=false
|
||||
|
||||
# On push to $default-branch, build or change infrastructure according to Terraform configuration files
|
||||
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
|
||||
- name: Terraform Apply
|
||||
if: github.ref == 'refs/heads/$default-branch' && github.event_name == 'push'
|
||||
run: terraform apply -auto-approve
|
||||
run: terraform apply -auto-approve -input=false
|
||||
|
||||
|
After Width: | Height: | Size: 107 KiB |
|
After Width: | Height: | Size: 80 KiB |
@@ -0,0 +1,131 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="200px" height="200px" viewBox="0 0 200 200" enable-background="new 0 0 200 200" xml:space="preserve"> <image id="image0" width="200" height="200" x="0" y="0"
|
||||
href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAABGdBTUEAALGPC/xhBQAAACBjSFJN
|
||||
AAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAb
|
||||
TklEQVR42u2deXCc9XnHv7urPXWuVoet05Zt+cIYGx8ydmxhQRIwqZM0B24g6aQw02bSHHSSEmJi
|
||||
UWjiDk2a0FAmLYGZAAkQCoZMXUMBHxhjC2THtiwfkixZ97XSHtJq77d/vLurlbTHu7vvtbvPZ2ZH
|
||||
r959j+f97e/7Ps/vBgiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiC
|
||||
IAiCIAiCIAiCEAmF1AYQhFjo86sOzN83Y+9/LNY5JJAA+vyqA4b8qmYAMA+epnTJIEwVDUy8Yxz2
|
||||
/uZIYqGMgMgJSCJJf8JfelyI9Jvzlgnmu694rksOxEvAaG8VIj3g4jkiEf678yKQaIbI+S3M9e0i
|
||||
52cgopOsOIIEf3elnI2UA5nwDNkGH79ZMCJKWSCRagb4NlYIonmPHZvLsaS6QGrzCIkJ5o+UBaLW
|
||||
FDQGtxW+iYjHmCoamBxNwS6pHzpIJFFrNX40bqtEQUEBKsq0cY8n5Anf+Sx1gWhnBfLppk3QK/sj
|
||||
HldYsuaYwGnDmUjeo7pcAYPBAAAoKiqS1D59ftUBuXpeuROeH1PFVNHA5PB1sbJCK1QqFXbt2oV3
|
||||
3nkHfvUySRKIy0NH2l9VVTXnfy164UINAFZQfNRmJZrpYx1PlQfikJJAwkOPuro6AIBSqURTUxMu
|
||||
XOrHiNk753hTRQMjZdVptFCprtIX8h4hW00mDJpTu0cidfCJEi4eh70/dB+Py3bM67YdF+q+2UZK
|
||||
b6HwH+nuphULvn/32Dm4fXkRz5XiDRjpjcw4r2HPnj0Lju3t7UVbh4uzzXIMibLRyyTaOBgPQat5
|
||||
Fy9eHPNBkk0AU0UDM//D5bxI+5cuXRrxeJ1Ox8kerveXArnaJSR8Rye8lEF8jisAFnqQojwfbiR5
|
||||
Tb7i9Xhv0Wgi1mg0vNonFUE7s9Gb8AEvAomWmcrLy4FLrYCqeMF3QTc4Y+9/LEdTsCtY+8B33B4v
|
||||
I0ersYrkQVYsX37nimXLPtt6sfchL9ILU0UD43HZjnnctmOZ3n3GPHhawVeoxUsZRO3vwZ133hnx
|
||||
mAsXLqB/TC9FOnEiUtkpyOH3Oub8v+PWUkahUCicLhc+vmiV2vSUyAaPwodIBC2DAGxtkJzxern7
|
||||
Ap/PpwAAnVYLOK9JbXpKpEuImAoz9v7HUn0RJC0Qrgms18vXewDA4OAg52OHhodD25WVlVKbnjLZ
|
||||
IJJU4cWDMEz0dLbb7VI/Y0wutA+jq6sLfr8/7rG9g9OhZ62probSPym1+SkTrIWTU1cgOcGLQNxu
|
||||
d9Tv2trapH7G2AmgNuJqjx8trVfjisSvNMJqZcseOTk5WL7EKLX5vCGnrkByQlAPYjabodDVJ3y9
|
||||
Qt1oyjYVaEegUzs4Hz9hy8GRo104fvw4Ojs7MT4+HvE4i8US2i4rLU3ZTjlBIddCeBGIyrAqtM0w
|
||||
DKxWKzo6OnC+PX5fjYYNJuzeXg3Gw2bI8iIbtm/fjuoyZ9L21FX6sGPHDqxYylYvK/2TaNpRg41r
|
||||
8+OeO+2twLUbDFrORw6frA51aFuhUKCkKLMqgzIt3EpV9LzVYvX09OD06dP43/c78eEno+joBZzu
|
||||
+JnHZrNBp9Nh5XL2bTxkVoNhGNx0001J2eGdvoxVq1jBzrjZCoLV9eXQarWw2WwpP6fNoYbTNdsF
|
||||
pdQoeEWg6GRKuMXHMAXeft32Lg8mphOv0r18+TKA2d60SpUe09PTUCgUMOVNJHy96urq0LYtUEEQ
|
||||
rHG6cuUKL8/a0dkZ2i42Zk45JJxMCLdSbQMxD55WSP76YzTL4fF4oNPpoHCzGS8Y54dndq6En2Ox
|
||||
WKBFL3JycuByuZCTu5oXmy0zpXAFvIhSqUR16YzEqSgM6SwSvmyXXCAAMDY2BgBYv349AMDuYHvA
|
||||
LFq0KOooxUgoGGeoYdLhcMDty8PNN98MABgdTb3gH8759oFQ7V1tTQ3KCiySpqFQpFuZJEdTsIsP
|
||||
cXhctmOATARimVIBACoqKgAANvsUAPbtvKhUw/k6hflqKBRsuaenpwd+9xhKAzVN1sA9+MLly0PL
|
||||
xx8DYAvrK+vrYdBkpidJpzIJX7Z63DISyMDAAKampnD16lUAwFRY4+KiRYs4Xyc3b3bsyfDwMJSa
|
||||
UnR1dcFut2NgYIB3uxntCljDCv7FBWkbkcQlHcItPm0MduiUhUA8/nycODOErn7WHKdXHwpfysvL
|
||||
OV9Hp2HTx+FwwMmwZZGrPX580DIMn6JIENt7+mfFXFNdjQKDR4okFAW5Tl7B9xj+8BGaSVfiC/1G
|
||||
ydcMY+PGjRgYGEBnHzczS4xKrKkvR0tLS0ggYlBdOoMltbWh/8+0tMCtXCLa/cVGTj2B+R5BOP/Z
|
||||
ZCsQvlExFnzpC7vR2NiIdevWYcmSJXC5XBgaGsLFixfxzDPP4MLV5MsQG1YZkBcI8TKhO3ws5CQQ
|
||||
PvMhr3PzJmqYQevE/fvuxs6dO7Fq1SpUVlbCbDaju7sbL730Ev7w+if8plwY1WVOvPDCCzEbH/1+
|
||||
P9544w088cQT6BvlNtw2HN/0ZezauTNUSfDBJ/zWmskJucxZzPdLWnSBMD4H7tnThN0712Pv3r0x
|
||||
55uy2Wz48MMP8e7Rs/jDK4fg9qY+2PGWm6rxxGMPYevWraGMG9dmhsFzz/8BP9r/OPwJlluKCxgY
|
||||
tB7YHUpYp3mbUUmWSOlFcjQFu/iuWbOOtzdGmg1GUIF87+/2YP/+/Qlf+3e/+x0e+tEzKT2wFr1o
|
||||
b29HYWFhUuf39vZi27ZtobmxiIVIJRKhyx3hCFaLtchox0MPPZTUuV/72tewZX1qXTgOHz6ctDgA
|
||||
oKamBocPHxYqeYgUEEscgEAC+YvPrMapU6cWTMbGFZVKhUOHDuGB+xNvwC3K9+PIm/8eapVPhfXr
|
||||
1+PwG7+CVhN/MFU2InYrO9/VucHW8lgk3bwcTcVb1hvx6quvQqvVJnjFeYapVLjjjjtw5dIpXO0a
|
||||
53zeb379KBobG1O6dziVlZW4fKUTV64lO4FRZuP3uXrEmMnRVNHA8DnvLgBYRs8tjXcM7x6kubmZ
|
||||
1+s9/PDDnI9VK+246667+H4krKnn3lhJ8I8QDZRcy0+8CiTf4MGWLVviHtfV1YW77roLu3fvxvPP
|
||||
Px9zTHt9fT1MHAclrV2zBkpl/EeyWCy49957sXXrVjz22GNwOGKPPFy7di2fyZRRCDn/sFD3SKRy
|
||||
gVeBbGtoiHvMz372M6xduxZHjhzB0aNH8c1vfhNPPvlkzHO4iA7glpEPHz6M+vp6vPLKK2hpaUFz
|
||||
czPq6upw/fr1mNfV5kzzmVQZhVBdUIRYBiK8GwkXeBVIcIb3aDidTuzfvz80liLIW2+9FfO88G4c
|
||||
sSgrK4t7zKOPPhrqXh9kZGQEx49HD6PLysqwfm0V8jXD8S6flQjhRfiuygWSa+DkVSB5eXlJnRev
|
||||
EY9rbZhareZ0XKJoNBpoNBps3rxZkOtnAny/6YUQXTKt/7wJpK7SFzej63Q67Ny5c8H++vrYM59w
|
||||
bQV3OuNP9HDPPfdE3L9iRfQpSB0OB3Jzc6HT6ZCnjz7FEcEPcurnl1Q17/wHyNW5sPGWVdBrgaam
|
||||
ppjn7tmzByqVCqOjozAajWhsbMRPfvITlJSURD3nzT+9gz9fuBrXrurKEtyzJ/b9b7vtNphMJgwN
|
||||
DUGr1WLz5s34wQ9+gL1790Yt4F+6dAlnzpwBAEw7XLDY0m3qavFIpcpXn191QIjBWQ57f7PN3H57
|
||||
Mucm1VVgvkA2rMnD4sWLUVRUhKeeeorv58Pnv/Q3OPlRe9zjli0x4syH/Ld+v/766zh06BAAdqRi
|
||||
e1fmjvlIlWS7nwhR5kjFniC8hFjBceB9fX18Px8AhEYaxqOj4zqnMCtRwkcjClXOyXaEEEeiNVaR
|
||||
4EUgwfVBDAYDnn76aV4f8sUXX8TYhI/bw6iNePDBBxOasT0ely9fRmtra+h/LnP4ZjMFpjVHEzle
|
||||
yBV9uXQliUdSZZD5aq+rLYJSqYRSqcTAwABGR0exadOmlB+wra0N937j0YTO6eyewOR4V9T1ShKh
|
||||
p6cHjz/++JyGzJGREUzYZDNeSHaocrRLuNYWCdF9JIh58LTC73Ol3D+IFw8SnNA5yAcffICjRxN6
|
||||
kSzA6XRi3759C/Yz5mvIG78S+jBTC9smfvviCRw5ciSl+9vtdhw8eHDBfi9TwEeSZT1Cjm/nsxs+
|
||||
L6N6BgcHUVw8u8yaUqnEc889h+XLlyc1+RvDMLjvvvswNMG2q9wz48Q2QxVKcgxQLFrYaDjpm8GA
|
||||
x473p7rRVsjOgrLv/u/iwtl3k7q/1+tFc3NzxC4oZrMZAPepiLIRU0UDEy+TCtVFhY9yRzi8hFiT
|
||||
FjtKivVzFstRKBS4cOEC1Go1ampqOPWRAthJ5L730CM48v4VmJw2fEtZjO25NchVaqCIUummV6pR
|
||||
lpOLrYYqbPQr0eWaxJS2ACdOfITaalNC95+cnMTTTz+Nnp6eOfsZhkFnZyeGzPzOr5WpRAuzhKrK
|
||||
DeKw9zfzEVoF4aWaN8idO5dErOXx+Xx45JFHYvaVGhoawsGDB/HSay2hfZUT3ThQ3piwfb+dOIsz
|
||||
+bPzBBfpx/Dyyy/HLBe53W789Kc/RWdnZ0Qxtba2YsRC4VUizPciQlXlRrsfH/AqkGVVfqxcuTLi
|
||||
OU6nE7W1tWhqasLq1atRWVmJyclJdHd34/e//z1e/OOZiOf9QrUYecrEQpr9w+9h1LR87k6vGV/c
|
||||
24impiasX78+NKvJjRs3cPLkSZw6dSqql7lx4wYudVILeqLMz7BCtpALNfyXV4HA78CS2kUoN+Wg
|
||||
uLg4YhcRr9eLqakptLVfh20m/nodtW4nvq+vg0HJrf3h3anreFXLPQwqzPWipKQExgIGeXl5UCqV
|
||||
8Hq9sNlssE/7YZtyY3TcCQXH+xPiI+QsK/wKJAy/bwar6gyora2FWq2G1+vF2NgY+vr6MG5PbLz5
|
||||
7mk77i2Kv17INZcZ/6qcEiKdCJki9BREggmEV6ZH8GNDPWo1RVEPYcDg4HQHujWpDfUl0guhZ1ZJ
|
||||
D4EEuH3ahi8WroFWMRtC+cHg7MwQXrG0wVqyMoWrE+mGGNMOpdXsZkdzC3BqphO7Vy5GeVExfEqg
|
||||
bagH5wZ8AIkjq+C7vSMaSbWk861cv3sMcHVwOtal1mFE78WoUQlzoRIOdWLOrLrMiZpyF/I1w/A5
|
||||
+FmSjRAXMac+Fc2DmPImkJ+fD61WC61Wi9zcXOj1euh0OgDsYCWbzYaTH48IZsPyagb19esW7Pd4
|
||||
PLBYLJicnITD4YDFYoFtWoEcXYVYyUMkgJjzAosikHX1OlRXb436vdvtDlWtCsnYpB/aGzeg1Wqh
|
||||
0+mg1+uhVquhVqtRWloaWo0qHJfLhTOtnZiaoe4lckCs0CqIKAK5eM0Ju70dTqcTLpcLLpeLXclW
|
||||
V5/U9cInpWPHq3Or2rVOqWDtdANwA7DP+S7H142ioiIYDAYYjcbQtlqtDizmQwKRGinmAk679UHY
|
||||
MGmusKxWKy5evAibK/YEb4zzGkwmE8ZtBihVehDpg1QTZad0U75EUpxrxq233gq/34+333474nLN
|
||||
3unLuO2222KOXT937lyoB3AkPtNYB5WKrSLu6OhARy8/iUgIi5TrkUgikBxYsWjxYpQUKWA0GkO9
|
||||
gGdmZtDSehXTrtw5x5cUOrFp49pQXymGYWC1WuFyuVBQUBA6n2EYDA0NoW/IAbNloWn1tQqUlZUh
|
||||
Pz8fCoUCDMNgamoKk5OTsEypMDIyAo8/fvcXQlyird0hBqIKpLLEgeXLlyM3d64AxsfH0draCl9O
|
||||
5InnGrdVhubGslqtOH7yz6EaJr9vButXGxeM+zh//jwGxqPPp7Wsyo/6+voF/cU8Hg/Onz+PUWvy
|
||||
SycQ/CH1cm8p35yrSHJ1LuzaPrc/1fj4OK5duwbLTGnMc+9ump2z6uiJ85jxLMz4uTmD2LFjRyiE
|
||||
8nq9eOd4d8zr+n0zWGzyYOnSpXMGfAHAxYsXk1qKjeAPqcUBiLgMdPhkB06nEydPnkTL+cm44gg/
|
||||
d2RkJKI4AGDaW4HLV2cF4fHEn5pHqdJjxFKA0+fMOPHBqTnVzEZjagv4EKkhdnVuNFJWaIFpzVGu
|
||||
A+81Sjv8fj+8SCx8KczzwaDXY2DIDGVO9DIC43egcpERUCgwNDgIRlWcwF0C+CZQXFyM8fFxKNUl
|
||||
iZ9P8IKU5Y5wUhaI0KPEiOxDDqFVENFCLILggpzEAfAgEDmsl01kBnIpd4TDm1rlNCM3kX5I2RgY
|
||||
CwqxCFkgR3EAJBBCBsit3BEObwKR80MS8kWO5Y5weJ8mUKjJiInMwzx4WiGHto5YUIhFSILcPUcQ
|
||||
3sMiqs0iuJAuIbkgRpJIiFikizgACrEIkUkncQACCSTdEoEQh3Qpd4QjmAdJx8QghIWPNQPFRrDV
|
||||
YILVd1TtSwD8rRkoNlQGIQQnnUNuwQ2nGq3sJp3FAYjgQdI9gYjkyYRyqGiZlzxJ9pEJL0cqgxCC
|
||||
kAniAEQUiHW8vVHqhyXEIRNCqyCiq5xCrcxGriMDk4VCLIJXMkkcgAQeBCAvkqlkSrkjHEk8iHnw
|
||||
tCIdux0Q0cmkckc4ki3i6XHbjlE3lMwgEz1HEMnKIJkWq2Yrmeo5ggjWWZELQZGQJ0lfbOb226W2
|
||||
QUgkFQhAvX7TmUwOrYLI5gGpZiu9yAZxADJqB8mWBM8EMr3cEY5sBAKwIsmmxE9XsqmKPqW39tbv
|
||||
nxYkLLJ1n8Roy2vSpAgRFdOaBhjX3cvb9c78W4Pso4akPYhQ4gCAgqU7oC+vkCZFiIgoDCpexQEI
|
||||
m4d4e+5ET8iv2rhrzZf/45gYxk31ncFk+7twWcZETxhilhxdLpbs/WfBrn/m3MNKHDsmS7Ek7EEK
|
||||
qjY2imVcXvVWVH/mx9AVLxI1UYi5GJbcIuj1t2446E/9KsKQcDuIWN4jHE1+MWw9rWLflghQseWr
|
||||
UGoLBL+Pvf+s7CayTsyDNDdLUuulK1uDW7/wbfi8M1LcPqtZunk3VPlVUpshGZw9SGXDAwfWlH7l
|
||||
qFSGulTFqLmlCWO9rWBcTqnMyCpMN98BQ/3nRLlXQTUbusvNi3AupMumxsE5iQsvPwiDPnvfamJQ
|
||||
WHcTSjc/IPp95Vb1yylkko04AEBnxM1//Ro8jFVqSzIXFSOJOACZ5TVwCLEqGx44EHR/fLC02IMi
|
||||
nR8W59xb31zpQ5URMOr9sM344WPmardE74Ja4YXLzw5hKb3p80AO4DT3AH7ZVoKkJeVbvwptUbWk
|
||||
Nsgl1IrrzvhSdJHGiSe+mg9TPiuMoQkv3myxYdrpx+e25KO+Qhs69mzXDJ58e9a0f/q8AisC3//4
|
||||
ZTuuT6gBAPs2uaGyd6D5n/5L6nTMGKo2fRq6ZXdLbQb6P3q2eeD0s5KPGYo5opBPd3fbKkNIHACw
|
||||
uDgHf/vZ4ojHblymxy/2eTE06cG6Wh3UqlmxrK3RQc1M4h//sgR6jQ7ArTDqvfj2d34IVe5qqdMz
|
||||
rfn7Bxrx9fu/iKEJD462TeNPbbrQd6tNNug1StgcPnRaC0P7lxZ78Kl6YMbF4I/nNFI/Au/E9CDJ
|
||||
CmTHkmmoVQqYp7y4MMLWnz/5FRWqStQpG+xnAIYBVPNKTwMDQ/jGg/thnU79HtnIhnWV+M9fPzpn
|
||||
31stNtgcfty5IQ/lhbPv0iNn7Riz+nBLnQ5ra3RQBnKR18fgN29PgGGAhpUGLC1X49WTNpzoNiRl
|
||||
kxwK7FENSEYc25cz+NYdOiiVcy/rdPuh0wjfhNLb148XXn4X779/AjZH5r3NhGLntpX4h+/uQ8Vi
|
||||
/nsseH0M/u/8FN5p82N4SpvQuXIIsyIKpLLhgQNV2x5oTvRi39ntx7ZVyb0t+MTv9+O1/34Tv3z6
|
||||
VXiYwtQvmKEY9SN46pf/glWr6kW538//x4FPbiT2opTai/A6q8mhPytxts8l5fPMUnQ37vj6Mlz5
|
||||
+G1BLu+wT0j9hAAAt9MBjzvxHgbGslrc/uVf4L0+Fd4T6Tdj5DX8iBO8hlgEwTdSe5D0kzRBiAgJ
|
||||
hCBiQAIhiBjE7GrCZxcTgkiU/o+ebZa6y4kgDYUEwQdSF9ABCrEIIiYkEIKIQUyB9H/0bLPUBhLZ
|
||||
ia3v7DGpbQDiCETqfjBE9mLrTwOBEES2QwIhiBiQQAgiBpym/aEGQ0JsLr/2LVmsXEUehCBiQAIh
|
||||
iBiQQAgiBpz6ulCfLEJM5NAHKwh5EIKIAQmEIGJAAiGIGHASyJnCIwkvtEMQySC3vJZ+yx8QGY2c
|
||||
CugAhVgEERMSCEHEgARCEDFIKN6jcgghJHIrfwDkQQgiJiQQgohBQgLp13bSGHVCEGyqiWNS2xCJ
|
||||
hAQycPC+ZqkNJjIT28nXj0ltQyQoxCKIGJBACFngt/WdB1CABGtWhYbLClN6AEYABgAG6/UTfyys
|
||||
2/llqQ0nMgvLcLsOwE4AfgBOALbAZxrAJACHFHZFE4gSQDWASrDiCKnaPnLNU1i3UwpbiQxmZqJv
|
||||
KrCpROBlDCB8VVELgEEA/QDcYtkVSSAGABvACoMghMfe087hqKLAZxWASwBuiGFaUCAKALUAKjDP
|
||||
Y8zHbe74BMBfiWEckR3YBy8eS+BwJYCbANSA9SjdYMMyQQgKZFHgpnGZNncPCWUMkZ2MXjtxLsFT
|
||||
FAAKAx8PgF6hbAvWYnFe3Nwx0TvF9ViC4MJ45wfDKZyuF9K2oEASX2ibIOSBU8iLB4c3TgHwAtAA
|
||||
0CJOXbRerew3VGzYLnXKEOnP4IknH7UNXU7Gg9jBFtRvABCsl3n4+N9JsLHcCNiCujbaSRO9rb1F
|
||||
JRWTGtOKLUIZRmQ+wx/+6oe9n7zaluBpDICrAM4BMENAcQCRJ692ga1r9mHWoyxg7NrxzsLi8nFt
|
||||
ycqtQhpIZCb2ng/f7nzv54cTOGUaQA+AC2Bf4qLApVk/F6xHyQVbmC8AkBc8t6j6lqrcyk2fEstg
|
||||
Is3x2Cddlr4r49dP94CJWDvLgH1JB1vSHWCjG7sU5ibb70UJVihGAGUASlK4FpHdMGBFMBL4WMBG
|
||||
L7KAr0ytBJAPoBSACayHEbT6jUhbXGC9gRnAOFgvIRtBzEfIt74KrIcpBiuWIrAiIrKHKQBWsOUH
|
||||
STsdJovYYZECbOt9sPCvAaAO/NUEvssJ7FMHtlVh/xPi4wPbWu0JbHsD2+7Atjts2wPWQ7gC22k/
|
||||
yUc6lRsUYEWkD3yC4tIFPmrMik4jtbEyJ5jBnYFtL9g3ezCzz4T9n/aZPBXSSSCJEvRU6rC/WrDl
|
||||
pXBPFRRe8C/m/S+nNHKBzbDB7t5esG/1YEb2B47xYvbt7g373gkRu4pnAnL68eVOMNwD5oppPlpu
|
||||
l4Mryn4PZnunhouBIAiCIAiCIAiCIAiCIAiCIAiCIAiCEIP/B2yiz7QEureJAAAAJXRFWHRkYXRl
|
||||
OmNyZWF0ZQAyMDIyLTA0LTI3VDAzOjQyOjQwKzAzOjAwfXikRwAAACV0RVh0ZGF0ZTptb2RpZnkA
|
||||
MjAyMi0wNC0yN1QwMzo0Mjo0MCswMzowMAwlHPsAAAAASUVORK5CYII=" />
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 10 KiB |
@@ -0,0 +1,57 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Layer_1" data-name="Layer 1" viewBox="0 0 32 32">
|
||||
<defs>
|
||||
<style>.cls-1{fill:none;}.cls-2{fill:#00a8b7;}.cls-3{clip-path:url(#clip-path);}.cls-4{fill:#fff;}.cls-5{fill:#ee4036;}</style>
|
||||
<clipPath id="clip-path">
|
||||
<rect class="cls-1" x="2.69" y="1" width="26.62" height="30" />
|
||||
</clipPath>
|
||||
</defs>
|
||||
<title>NeuraLegion Logo</title>
|
||||
<rect class="cls-2" x="10.08" y="1.86" width="0.47" height="11.32" transform="translate(-2.29 9.54) rotate(-45.22)" />
|
||||
<rect class="cls-2" x="10.22" y="1.74" width="0.47" height="18.7" transform="translate(-4.05 6.41) rotate(-28.8)" />
|
||||
<rect class="cls-2" x="9.82" y="2.43" width="0.47" height="26.34" transform="translate(-4.99 4.72) rotate(-21.33)" />
|
||||
<rect class="cls-2" x="6.07" y="2.68" width="8.37" height="0.47" />
|
||||
<rect class="cls-2" x="5.95" y="11.82" width="8.37" height="0.47" />
|
||||
<rect class="cls-2" x="5.95" y="20.17" width="8.37" height="0.47" />
|
||||
<polygon class="cls-2" points="14.16 20.35 5.79 12.62 6.11 12.28 14.48 20.01 14.16 20.35" />
|
||||
<rect class="cls-2" x="9.9" y="19.68" width="0.47" height="11.39" transform="translate(-15.38 15.6) rotate(-47.27)" />
|
||||
<rect class="cls-2" x="4.91" y="7.41" width="11.06" height="0.47" transform="translate(-2.43 9.01) rotate(-42.26)" />
|
||||
<rect class="cls-2" x="5.02" y="16.06" width="11" height="0.47" transform="translate(-8.09 10.82) rotate(-40.75)" />
|
||||
<rect class="cls-2" x="1.74" y="11.57" width="17.39" height="0.47" transform="translate(-5.2 13.79) rotate(-55.76)" />
|
||||
<rect class="cls-2" x="16.03" y="7.3" width="11.32" height="0.47" transform="translate(0.99 17.47) rotate(-44.79)" />
|
||||
<rect class="cls-2" x="12.32" y="10.79" width="18.53" height="0.47" transform="translate(1.53 24.64) rotate(-61.23)" />
|
||||
<rect class="cls-2" x="8.78" y="15.38" width="26.34" height="0.47" transform="translate(-0.58 30.37) rotate(-68.65)" />
|
||||
<rect class="cls-2" x="17.56" y="2.7" width="8.37" height="0.47" />
|
||||
<rect class="cls-2" x="17.68" y="11.83" width="8.37" height="0.47" />
|
||||
<rect class="cls-2" x="17.68" y="20.18" width="8.37" height="0.47" />
|
||||
<rect class="cls-2" x="16.17" y="16.09" width="11.39" height="0.47" transform="translate(-5.27 19.2) rotate(-42.8)" />
|
||||
<polygon class="cls-2" points="17.84 29.43 17.52 29.09 25.89 21.36 26.2 21.7 17.84 29.43" />
|
||||
<rect class="cls-2" x="21.32" y="2.13" width="0.47" height="11.06" transform="translate(1.39 18.47) rotate(-47.75)" />
|
||||
<rect class="cls-2" x="21.25" y="10.81" width="0.47" height="11" transform="translate(-4.9 21.93) rotate(-49.23)" />
|
||||
<rect class="cls-2" x="21.15" y="2.79" width="0.47" height="17.81" transform="translate(-2.86 14.26) rotate(-34.73)" />
|
||||
<rect class="cls-2" x="4.37" y="2.82" width="0.47" height="16.94" />
|
||||
<rect class="cls-2" x="27.16" y="2.82" width="0.47" height="16.94" />
|
||||
<g class="cls-3">
|
||||
<path class="cls-4" d="M17.69,2.92A1.69,1.69,0,1,1,16,1.22a1.69,1.69,0,0,1,1.69,1.7" />
|
||||
<path class="cls-4" d="M17.69,11.66A1.69,1.69,0,1,1,16,10a1.68,1.68,0,0,1,1.69,1.69h0" />
|
||||
<path class="cls-4" d="M17.69,20.4A1.69,1.69,0,1,1,16,18.71h0a1.69,1.69,0,0,1,1.69,1.69" />
|
||||
<path class="cls-4" d="M17.69,29.08A1.69,1.69,0,1,1,16,27.39h0a1.69,1.69,0,0,1,1.69,1.69" />
|
||||
<path class="cls-5" d="M16,1.48a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,1.48m0,3.37a1.92,1.92,0,1,1,1.94-1.93A1.92,1.92,0,0,1,16,4.85h0" />
|
||||
<path class="cls-5" d="M16,10.21a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,10.21m0,3.37a1.92,1.92,0,1,1,1.94-1.92A1.92,1.92,0,0,1,16,13.58h0" />
|
||||
<path class="cls-5" d="M16,19a1.46,1.46,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,19m0,3.37a1.92,1.92,0,1,1,1.94-1.92A1.92,1.92,0,0,1,16,22.32h0" />
|
||||
<path class="cls-5" d="M16,27.63a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,27.63M16,31a1.92,1.92,0,0,1,0-3.84A1.92,1.92,0,0,1,16,31h0" />
|
||||
<path class="cls-4" d="M6.29,2.92A1.7,1.7,0,1,1,4.6,1.22a1.69,1.69,0,0,1,1.69,1.7" />
|
||||
<path class="cls-5" d="M4.61,1.48A1.45,1.45,0,1,0,6.06,2.93,1.46,1.46,0,0,0,4.61,1.48m0,3.37A1.92,1.92,0,1,1,6.53,2.93,1.92,1.92,0,0,1,4.61,4.85" />
|
||||
<path class="cls-4" d="M6.29,11.66A1.7,1.7,0,1,1,4.6,10a1.69,1.69,0,0,1,1.69,1.69h0" />
|
||||
<path class="cls-5" d="M4.61,10.21a1.45,1.45,0,1,0,1.45,1.45,1.46,1.46,0,0,0-1.45-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.93,1.93,0,0,1-1.92,1.92" />
|
||||
<path class="cls-4" d="M6.29,20.4A1.7,1.7,0,1,1,4.6,18.71h0A1.69,1.69,0,0,1,6.29,20.4" />
|
||||
<path class="cls-5" d="M4.61,19A1.46,1.46,0,1,0,6.06,20.4,1.46,1.46,0,0,0,4.61,19m0,3.37A1.92,1.92,0,1,1,6.53,20.4h0a1.93,1.93,0,0,1-1.92,1.92" />
|
||||
<path class="cls-4" d="M25.71,2.93A1.7,1.7,0,1,0,27.4,1.24a1.7,1.7,0,0,0-1.69,1.69" />
|
||||
<path class="cls-5" d="M27.39,1.48a1.45,1.45,0,1,0,1.46,1.45,1.45,1.45,0,0,0-1.46-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.92" />
|
||||
<path class="cls-4" d="M25.71,11.67A1.7,1.7,0,1,0,27.4,10h0a1.69,1.69,0,0,0-1.69,1.69" />
|
||||
<path class="cls-5" d="M27.39,10.22a1.46,1.46,0,1,0,1.46,1.45,1.45,1.45,0,0,0-1.46-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.92" />
|
||||
<path class="cls-4" d="M25.71,20.42a1.7,1.7,0,1,0,1.69-1.7,1.69,1.69,0,0,0-1.69,1.7" />
|
||||
<path class="cls-5" d="M27.39,19a1.45,1.45,0,1,0,1.46,1.45A1.45,1.45,0,0,0,27.39,19m0,3.36a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.91" />
|
||||
</g>
|
||||
</svg>
|
||||
|
||||
|
After Width: | Height: | Size: 5.3 KiB |
@@ -1,6 +0,0 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="48" height="56" viewBox="0 0 12 14">
|
||||
<g fill="none" transform="translate(.273)">
|
||||
<path fill="#3ECF8E" d="M6.58331113,6.33077948 L11.6238175,2.4479014 L11.6238175,2.4479014 L11.2060959,7.99085054 C11.2211336,8.91495832 10.9483693,9.82047503 10.4263491,10.5794359 L6.58331113,7.62507217 C6.38528073,7.46998821 6.26938579,7.23107476 6.26938579,6.97792583 C6.26938579,6.7247769 6.38528073,6.48586344 6.58331113,6.33077948 Z"/>
|
||||
<path fill="#272E41" d="M3.01875417,7.62507217 C2.82072377,7.46998821 2.70482883,7.23107476 2.70482883,6.97792583 C2.70482883,6.7247769 2.82072377,6.48586344 3.01875417,6.33077948 L10.2592605,0.73155674 C8.8076625,0.269755812 7.29739607,0.0233334477 5.77571619,-6.66133815e-14 C4.20929977,0.0333974525 2.65444039,0.2794543 1.15293138,0.73155674 C0.419515934,0.961133276 -0.057529416,1.67476042 0.00558960995,2.4479014 L0.423311129,7.99085054 C0.428880749,11.4516767 3.90432379,13.2242949 5.27445037,13.8714413 C5.61344719,14.0121506 5.99368139,14.0121506 6.33267822,13.8714413 C7.29277353,13.4733716 8.17818289,12.9118747 8.95039974,12.2113702 L3.01875417,7.62507217 Z"/>
|
||||
</g>
|
||||
</svg>
|
||||
|
Before Width: | Height: | Size: 1.2 KiB |
@@ -0,0 +1,20 @@
|
||||
<?xml version="1.0" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
|
||||
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
|
||||
<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
|
||||
width="500.000000pt" height="500.000000pt" viewBox="0 0 500.000000 500.000000"
|
||||
preserveAspectRatio="xMidYMid meet">
|
||||
|
||||
<g transform="translate(0.000000,500.000000) scale(0.100000,-0.100000)"
|
||||
fill="#000000" stroke="none">
|
||||
<path d="M430 4255 c0 -3 250 -438 555 -967 305 -528 555 -963 555 -965 0 -1
|
||||
-180 -3 -400 -3 l-400 0 0 -75 0 -75 447 -2 446 -3 431 -747 c237 -411 433
|
||||
-748 436 -747 3 0 199 336 435 747 l431 747 447 3 447 2 0 75 0 75 -400 0
|
||||
c-220 0 -400 2 -400 4 0 2 248 433 551 957 303 525 553 960 556 967 4 9 -413
|
||||
12 -2066 12 -1139 0 -2071 -2 -2071 -5z m3833 -223 c-21 -38 -252 -438 -513
|
||||
-890 l-475 -822 -775 0 -776 0 -494 857 c-272 471 -503 871 -513 890 l-17 33
|
||||
1801 0 1801 0 -39 -68z m-1087 -1878 c-10 -25 -658 -1147 -670 -1161 -8 -8
|
||||
-98 140 -343 565 -182 318 -335 585 -338 595 -7 16 29 17 675 17 629 0 682 -1
|
||||
676 -16z"/>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.0 KiB |
@@ -0,0 +1,20 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Generator: Adobe Illustrator 23.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
|
||||
<svg version="1.1" id="Calque_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve">
|
||||
<style type="text/css">
|
||||
.st0{fill:#F3702A;}
|
||||
</style>
|
||||
<title>SonarCloud icon</title>
|
||||
<g id="Illustration_6">
|
||||
<path class="st0" d="M427.5,237.9c-14.5-17.7-33.9-30.7-55.8-37.5c0-0.4,0-0.9,0-1.4c0.6-64.3-51-116.9-115.3-117.5
|
||||
s-116.9,51-117.5,115.3c0,0.7,0,1.4,0,2.2c0,0.5,0,1.1,0,1.6C77.6,220,43.6,285.4,63,346.7s84.8,95.3,146.1,75.9
|
||||
c17.6-5.5,33.6-15.2,46.7-28.1c45.8,45.1,119.4,44.6,164.6-1.1C462.1,351,465.2,284,427.5,237.9L427.5,237.9z M337.5,398.8
|
||||
c-48.1,0-87.1-39-87.1-87.1c0.2-8.1-6.2-14.8-14.3-15s-14.8,6.2-15,14.3c0,0.3,0,0.5,0,0.8c0,21,5.7,41.6,16.4,59.6
|
||||
c-32.9,35-88,36.6-123,3.7s-36.6-88-3.7-123c23.9-25.4,60.6-34,93.3-22l0.3,0.1c3.3,1.1,8.1,3.3,9.5,4.6c5.9,5.5,15.2,5.2,20.7-0.8
|
||||
c5.5-5.9,5.2-15.2-0.8-20.7c-0.3-0.3-0.6-0.5-0.9-0.7c-6.4-5.5-16.5-9.2-19-10c-12.8-4.7-26.4-7.1-40.1-7.1c-1.9,0-3.8,0-5.6,0.1
|
||||
c2-48.1,42.6-85.4,90.7-83.3s85.4,42.6,83.3,90.7c-1.1,26.9-14.6,51.7-36.5,67.3c-6.7,4.6-8.3,13.7-3.7,20.4s13.7,8.3,20.4,3.7
|
||||
c0.1-0.1,0.2-0.2,0.4-0.3c21.8-15.6,37.6-38.2,44.7-64c45.1,16.6,68.2,66.7,51.6,111.8C406.5,376,373.9,398.7,337.5,398.8
|
||||
L337.5,398.8z"/>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.4 KiB |
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env npx ts-node
|
||||
import { promises as fs } from "fs";
|
||||
import { safeLoad } from "js-yaml";
|
||||
import { basename, extname, join } from "path";
|
||||
import { basename, extname, join, dirname } from "path";
|
||||
import { Validator as validator } from "jsonschema";
|
||||
import { endGroup, error, info, setFailed, startGroup } from '@actions/core';
|
||||
|
||||
@@ -14,6 +14,7 @@ interface WorkflowWithErrors {
|
||||
interface WorkflowProperties {
|
||||
name: string;
|
||||
description: string;
|
||||
creator: string;
|
||||
iconName: string;
|
||||
categories: string[];
|
||||
}
|
||||
@@ -40,7 +41,7 @@ const propertiesSchema = {
|
||||
}
|
||||
}
|
||||
|
||||
async function checkWorkflows(folders: string[], allowed_categories: string[]): Promise<WorkflowWithErrors[]> {
|
||||
async function checkWorkflows(folders: string[], allowed_categories: object[]): Promise<WorkflowWithErrors[]> {
|
||||
const result: WorkflowWithErrors[] = []
|
||||
const workflow_template_names = new Set()
|
||||
for (const folder of folders) {
|
||||
@@ -69,7 +70,7 @@ async function checkWorkflows(folders: string[], allowed_categories: string[]):
|
||||
return result;
|
||||
}
|
||||
|
||||
async function checkWorkflow(workflowPath: string, propertiesPath: string, allowed_categories: string[]): Promise<WorkflowWithErrors> {
|
||||
async function checkWorkflow(workflowPath: string, propertiesPath: string, allowed_categories: object[]): Promise<WorkflowWithErrors> {
|
||||
let workflowErrors: WorkflowWithErrors = {
|
||||
id: workflowPath,
|
||||
name: null,
|
||||
@@ -104,9 +105,19 @@ async function checkWorkflow(workflowPath: string, propertiesPath: string, allow
|
||||
}
|
||||
|
||||
}
|
||||
if (!workflowPath.endsWith("blank.yml") && (!properties.categories ||
|
||||
!properties.categories.some(category => allowed_categories.some(ac => ac.toLowerCase() == category.toLowerCase())))) {
|
||||
workflowErrors.errors.push(`Workflow does not contain at least one allowed category - ${allowed_categories}`)
|
||||
var path = dirname(workflowPath)
|
||||
var folder_categories = allowed_categories.find( category => category["path"] == path)["categories"]
|
||||
if (!workflowPath.endsWith("blank.yml")) {
|
||||
if(!properties.categories || properties.categories.length == 0) {
|
||||
workflowErrors.errors.push(`Workflow categories cannot be null or empty`)
|
||||
}
|
||||
else if(!folder_categories.some(category => properties.categories[0].toLowerCase() == category.toLowerCase())) {
|
||||
workflowErrors.errors.push(`The first category in properties.json categories for workflow in ${basename(path)} folder must be one of "${folder_categories}. Either move the workflow to an appropriate directory or change the category."`)
|
||||
}
|
||||
}
|
||||
|
||||
if(basename(path).toLowerCase() == 'deployments' && !properties.creator) {
|
||||
workflowErrors.errors.push(`The "creator" in properties.json must be present.`)
|
||||
}
|
||||
} catch (e) {
|
||||
workflowErrors.errors.push(e.toString())
|
||||
|
||||
@@ -5,10 +5,22 @@
|
||||
"../../deployments",
|
||||
"../../code-scanning"
|
||||
],
|
||||
"allowed_categories" : [
|
||||
"Continuous integration",
|
||||
"Deployment",
|
||||
"Code Scanning",
|
||||
"Automation"
|
||||
"allowed_categories": [
|
||||
{
|
||||
"path": "../../ci",
|
||||
"categories": ["Continuous integration"]
|
||||
},
|
||||
{
|
||||
"path": "../../automation",
|
||||
"categories": ["Automation"]
|
||||
},
|
||||
{
|
||||
"path": "../../deployments",
|
||||
"categories": ["Deployment"]
|
||||
},
|
||||
{
|
||||
"path": "../../code-scanning",
|
||||
"categories": ["Code Scanning", "Dependency review"]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||