Merge branch 'main' into patch-1

This commit is contained in:
Sampark Sharma
2022-05-23 14:35:39 +05:30
committed by GitHub
90 changed files with 1259 additions and 166 deletions
+17
View File
@@ -0,0 +1,17 @@
# Set to true to add reviewers to pull requests
addReviewers: true
# Set to true to add assignees to pull requests
addAssignees: false
# A list of reviewers to be added to pull requests (GitHub user name)
reviewers:
- phantsure
- anuragc617
- tiwarishub
- vsvipul
- bishal-pdmsft
# A number of reviewers added to the pull request
# Set 0 to add all the reviewers (default: 0)
numberOfReviewers: 1
+15
View File
@@ -0,0 +1,15 @@
name: Issue assignment
on:
issues:
types: [opened]
jobs:
auto-assign:
runs-on: ubuntu-latest
steps:
- name: 'Auto-assign issue'
uses: pozil/auto-assign-issue@v1.4.0
with:
assignees: phantsure,tiwarishub,anuragc617,vsvipul,bishal-pdmsft
numOfAssignee: 1
+10
View File
@@ -0,0 +1,10 @@
name: 'Auto Assign'
on:
pull_request:
types: [opened, ready_for_review]
jobs:
add-reviews:
runs-on: ubuntu-latest
steps:
- uses: kentaro-m/auto-assign-action@v1.2.1
+1 -1
View File
@@ -1,3 +1,3 @@
* @actions/starter-workflows
/code-scanning/ @actions/advanced-security-code-scanning
/code-scanning/ @actions/advanced-security-code-scanning @actions/starter-workflows
+1 -1
View File
@@ -1,6 +1,6 @@
name: Greetings
on: [pull_request, issues]
on: [pull_request_target, issues]
jobs:
greeting:
+4 -4
View File
@@ -41,9 +41,9 @@ jobs:
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
uses: sigstore/cosign-installer@d6a3abf1bdea83574e28d40543793018b6035605
with:
cosign-release: 'v1.4.0'
cosign-release: 'v1.7.1'
# Workaround: https://github.com/docker/build-push-action/issues/461
@@ -72,7 +72,7 @@ jobs:
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
@@ -90,4 +90,4 @@ jobs:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
run: cosign sign ${{ steps.meta.outputs.tags }}@${{ steps.build-and-push.outputs.digest }}
+1 -1
View File
@@ -105,7 +105,7 @@ jobs:
# Remove the pfx
- name: Remove the pfx
run: Remove-Item -path $env:Wap_Project_Directory\$env:Signing_Certificate
run: Remove-Item -path $env:Wap_Project_Directory\GitHubActionsWorkflow.pfx
# Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact
- name: Upload build artifacts
+3
View File
@@ -6,6 +6,9 @@ on:
pull_request:
branches: [ $default-branch ]
permissions:
contents: read
jobs:
build:
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.17
go-version: 1.18
- name: Build
run: go build -v ./...
+3
View File
@@ -13,6 +13,9 @@ on:
pull_request:
branches: [ $default-branch ]
permissions:
contents: read
jobs:
build:
+2 -2
View File
@@ -26,7 +26,7 @@ jobs:
platform: ${{ 'iOS Simulator' }}
run: |
# xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}' | sed -e "s/ Simulator$//"`
if [ $scheme = default ]; then scheme=$(cat default); fi
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
@@ -37,7 +37,7 @@ jobs:
platform: ${{ 'iOS Simulator' }}
run: |
# xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'`
device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}' | sed -e "s/ Simulator$//"`
if [ $scheme = default ]; then scheme=$(cat default); fi
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
+3
View File
@@ -15,6 +15,9 @@ env:
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Release
permissions:
contents: read
jobs:
build:
runs-on: windows-latest
+1 -1
View File
@@ -1,5 +1,5 @@
{
"name": "Ruby on Rails continuous integration",
"name": "Ruby on Rails",
"description": "Build, lint, and test a Rails application",
"iconName": "rails",
"categories": ["Continuous integration", "Ruby", "Rails"]
+3
View File
@@ -12,6 +12,9 @@ on:
release:
types: [published]
permissions:
contents: read
jobs:
deploy:
+1 -1
View File
@@ -30,7 +30,7 @@ jobs:
# To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
# change this to (see https://github.com/ruby/setup-ruby#versioning):
# uses: ruby/setup-ruby@v1
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124
with:
ruby-version: ${{ matrix.ruby-version }}
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+1 -1
View File
@@ -40,6 +40,6 @@ jobs:
image: "localbuild/testimage:latest"
acs-report-enable: true
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
+1 -1
View File
@@ -64,6 +64,6 @@ jobs:
# The name of the sarif format result file The file is written only if this property is provided.
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ./apisec-results.sarif
+1 -1
View File
@@ -52,6 +52,6 @@ jobs:
# Upload the SARIF file generated in the previous step
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: output.sarif.json
+1 -1
View File
@@ -49,6 +49,6 @@ jobs:
params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory
# Upload the Report for CodeQL/Security Alerts
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: cx.sarif
+53
View File
@@ -0,0 +1,53 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# clj-watson scans dependencies in a clojure deps.edn
# seeking for vulnerable direct/transitive dependencies and
# build a report with all the information needed to help you
# understand how the vulnerability manifest in your software.
# More details at https://github.com/clj-holmes/clj-watson
name: clj-watson
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
clj-holmes:
name: Run clj-watson scanning
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Dependency scan
uses: clj-holmes/clj-watson-action@39b8ed306f2c125860cf6e69b6939363689f998c
with:
clj-watson-sha: "65d928c"
clj-watson-tag: "v4.0.1"
database-strategy: github-advisory
aliases: clojure-lsp,test
deps-edn-path: deps.edn
suggest-fix: true
output-type: sarif
output-file: clj-watson-results.sarif
fail-on-result: false
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{github.workspace}}/clj-watson-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -50,7 +50,7 @@ jobs:
cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
# Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always()
# is needed to ensure the SARIF file is uploaded
if: always()
+1 -1
View File
@@ -55,6 +55,6 @@ jobs:
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
+14 -12
View File
@@ -34,7 +34,7 @@ jobs:
matrix:
language: [ $detected-codeql-languages ]
# CodeQL supports [ $supported-codeql-languages ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
- name: Checkout repository
@@ -42,29 +42,31 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
uses: github/codeql-action/autobuild@v2
# ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
#- run: |
# make bootstrap
# make release
# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v2
+7 -1
View File
@@ -17,8 +17,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
CodeScan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- name: Checkout repository
@@ -37,6 +43,6 @@ jobs:
organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: codescan.sarif
+20
View File
@@ -0,0 +1,20 @@
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency Review'
on: [pull_request]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v1
+1 -1
View File
@@ -111,7 +111,7 @@ jobs:
)" > ${{ github.workspace }}/detekt.sarif.json
# Uploads results to GitHub repository using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v1
- uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: ${{ github.workspace }}/detekt.sarif.json
+1 -1
View File
@@ -29,6 +29,6 @@ jobs:
uses: microsoft/DevSkim-Action@v1
- name: Upload DevSkim scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: devskim-results.sarif
+49
View File
@@ -0,0 +1,49 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# ESLint is a tool for identifying and reporting on patterns
# found in ECMAScript/JavaScript code.
# More details at https://github.com/eslint/eslint
# and https://eslint.org
name: ESLint
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
eslint:
name: Run eslint scanning
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install ESLint
run: |
npm install eslint@8.10.0
npm install @microsoft/eslint-formatter-sarif@2.1.7
- name: Run ESLint
run: npx eslint .
--config .eslintrc.js
--ext .js,.jsx,.ts,.tsx
--format @microsoft/eslint-formatter-sarif
--output-file eslint-results.sarif
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: eslint-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -33,6 +33,6 @@ jobs:
output: 'flawfinder_results.sarif'
- name: Upload analysis results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{github.workspace}}/flawfinder_results.sarif
+1 -1
View File
@@ -93,6 +93,6 @@ jobs:
# Import Fortify on Demand results to GitHub Security Code Scanning
- name: Import Results
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ./gh-fortify-sast.sarif
+47
View File
@@ -0,0 +1,47 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# hadoint is a Dockerfile linter written in Haskell
# that helps you build best practice Docker images.
# More details at https://github.com/hadolint/hadolint
name: Hadolint
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
hadolint:
name: Run hadolint scanning
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run hadolint
uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
with:
dockerfile: ./Dockerfile
format: sarif
output-file: hadolint-results.sarif
no-fail: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: hadolint-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -36,6 +36,6 @@ jobs:
exit-code: "0"
- name: Upload Kubesec scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: kubesec-results.sarif
+1 -1
View File
@@ -61,6 +61,6 @@ jobs:
sarif-report: mapi.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: mapi.sarif
+1 -1
View File
@@ -37,6 +37,6 @@ jobs:
args: . --sarif --output results.sarif || true
- name: Upload mobsfscan report
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
+1 -1
View File
@@ -53,7 +53,7 @@ jobs:
# Upload SARIF file to GitHub Code Scanning Alerts
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+175
View File
@@ -0,0 +1,175 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# Run a Nexploit Scan
# This action runs a new security scan in Nexploit, or reruns an existing one.
# Build Secure Apps & APIs. Fast.
# [NeuraLegion](https://www.neuralegion.com) is a powerful dynamic application & API security testing (DAST) platform that security teams trust and developers love.
# Automatically Tests Every Aspect of Your Apps & APIs
# Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports
# Seamlessly integrates with the Tools and Workflows You Already Use
#
# NeuraLegion works with your existing CI/CD pipelines trigger scans on every commit, pull request or build with unit testing.
# Spin-Up, Configure and Control Scans with Code
# One file. One command. One scan. No UI needed.
#
# Super-Fast Scans
#
# Interacts with applications and APIs, instead of just crawling them and guessing.
# Scans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.
#
# No False Positives
#
# Stop chasing ghosts and wasting time. NeuraLegion doesnt return false positives, so you can focus on releasing code.
#
# Comprehensive Security Testing
#
# NeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE -- as well as uncommon vulnerabilities, such as business logic vulnerabilities.
#
# More information is available on NeuraLegions:
# * [Website](https://www.neuralegion.com/)
# * [Knowledge base](https://docs.neuralegion.com/docs/quickstart)
# * [YouTube channel](https://www.youtube.com/channel/UCoIC0T1pmozq3eKLsUR2uUw)
# * [GitHub Actions](https://github.com/marketplace?query=neuralegion+)
#
# Inputs
#
# `name`
#
# **Required**. Scan name.
#
# _Example:_ `name: GitHub scan ${{ github.sha }}`
#
# `api_token`
#
# **Required**. Your Nexploit API authorization token (key). You can generate it in the **Organization** section on [nexploit.app](https://nexploit.app/login). Find more information [here](https://kb.neuralegion.com/#/guide/np-web-ui/advanced-set-up/managing-org?id=managing-organization-apicli-authentication-tokens).
#
# _Example:_ `api_token: ${{ secrets.NEXPLOIT_TOKEN }}`
#
# `restart_scan`
#
# **Required** when restarting an existing scan by its ID. You can get the scan ID in the Scans section on [nexploit.app](https://nexploit.app/login).<br> Please make sure to only use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements.
#
# _Example:_ `restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ)`
#
# `discovery_types`
#
# **Required**. Array of discovery types. The following types are available:
# * `archive` - uses an uploaded HAR-file for a scan
# * `crawler` - uses a crawler to define the attack surface for a scan
# * `oas` - uses an uploaded OpenAPI schema for a scan <br>
# If no discovery type is specified, `crawler` is applied by default.
#
# _Example:_
#
# ```yml
# discovery_types: |
# [ "crawler", "archive" ]
# ```
#
# `file_id`
#
# **Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [nexploit.app](https://nexploit.app/login).
#
# _Example:_
#
# ```
# FILE_ID=$(nexploit-cli archive:upload \
# --token ${{ secrets.NEXPLOIT_TOKEN }} \
# --discard true \
# ./example.har)
# ```
#
# `crawler_urls`
#
# **Required** if the discovery type is set to `crawler`. Target URLs to be used by the crawler to define the attack surface.
#
# _Example:_
#
# ```
# crawler_urls: |
# [ "http://vulnerable-bank.com" ]
# ```
#
# `hosts_filter`
#
# **Required** when the the discovery type is set to `archive`. Allows selecting specific hosts for a scan.
#
# Outputs
#
# `url`
#
# Url of the resulting scan
#
# `id`
#
# ID of the created scan. This ID could then be used to restart the scan, or for the following GitHub actions:
# * [Nexploit Wait for Issues](https://github.com/marketplace/actions/nexploit-wait-for-issues)
# * [Nexploit Stop Scan](https://github.com/marketplace/actions/nexploit-stop-scan)
#
# Example usage
#
# Start a new scan with parameters
#
# ```yml
# steps:
# - name: Start Nexploit Scan
# id: start
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
# with:
# api_token: ${{ secrets.NEXPLOIT_TOKEN }}
# name: GitHub scan ${{ github.sha }}
# discovery_types: |
# [ "crawler", "archive" ]
# crawler_urls: |
# [ "http://vulnerable-bank.com" ]
# file_id: LiYknMYSdbSZbqgMaC9Sj
# hosts_filter: |
# [ ]
# - name: Get the output scan url
# run: echo "The scan was started on ${{ steps.start.outputs.url }}"
# ```
#
# Restart an existing scan
#
# ```yml
# steps:
# - name: Start Nexploit Scan
# id: start
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
# with:
# api_token: ${{ secrets.NEXPLOIT_TOKEN }}
# name: GitHub scan ${{ github.sha }}
# restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ
# - name: Get the output scan url
# run: echo "The scan was started on ${{ steps.start.outputs.url }}"
name: "NeuraLegion"
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
neuralegion_scan:
runs-on: ubuntu-18.04
name: A job to run a Nexploit scan
steps:
- uses: actions/checkout@v2
- name: Start Nexploit Scan 🏁
id: start
uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
with:
api_token: ${{ secrets.NEURALEGION_TOKEN }}
name: GitHub scan ${{ github.sha }}
discovery_types: |
[ "crawler" ]
crawler_urls: |
[ "https://brokencrystals.com" ] # ✏️ Update this to the url you wish to scan
+1 -1
View File
@@ -36,6 +36,6 @@ jobs:
with:
args: '. --sarif --output results.sarif || true'
- name: Upload njsscan report
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
+1 -1
View File
@@ -47,6 +47,6 @@ jobs:
group_id: {{ groupId }} # Update this to your desired Platform group ID
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: NowSecure.sarif
+7 -1
View File
@@ -17,10 +17,16 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
OSSAR-Scan:
# OSSAR runs on windows-latest.
# ubuntu-latest and macos-latest support coming soon
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: windows-latest
steps:
@@ -44,6 +50,6 @@ jobs:
# Upload results to the Security tab
- name: Upload OSSAR results
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+7 -1
View File
@@ -13,8 +13,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
pmd-code-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@@ -31,6 +37,6 @@ jobs:
sourcePath: 'src/main/java'
analyzeModifiedFilesOnly: false
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: pmd-report.sarif
+7 -1
View File
@@ -17,8 +17,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
build:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: PSScriptAnalyzer
runs-on: ubuntu-latest
steps:
@@ -37,6 +43,6 @@ jobs:
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
+1 -1
View File
@@ -48,7 +48,7 @@ jobs:
# The service need to know the type of IaC being scanned
template_type: 'CFT'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
# Results are generated only on a success or failure
# this is required since GitHub by default won't run the next step
# when the previous one has failed.
@@ -0,0 +1,9 @@
{
"name": "clj-watson",
"description": "Scan Clojure/Clojurescript projects for vulnerable direct/transitive dependencies.",
"iconName": "clj-watson",
"categories": [
"Code Scanning",
"Clojure"
]
}
@@ -0,0 +1,16 @@
{
"name": "Dependency Review",
"description": "Scans Pull Requests on each push for the introduction and/or resolution of vulnerable dependencies to the repository",
"iconName": "octicon mark-github",
"categories": [
"Dependency review",
"Dependency graph",
"Go",
"Java",
"JavaScript",
"TypeScript",
"Python",
"Ruby",
"Actions",
"PHP"]
}
@@ -0,0 +1,11 @@
{
"name": "ESLint",
"description": "A tool for identifying and reporting the problems found in ECMAScript/JavaScript code.",
"iconName": "eslint",
"categories": [
"Code Scanning",
"JavaScript",
"EcmaScript",
"TypeScript"
]
}
@@ -0,0 +1,6 @@
{
"name": "Haskell Dockerfile Linter",
"description": "A smarter Dockerfile linter that helps you build best practice Docker images.",
"iconName": "hadolint",
"categories": ["Code Scanning", "Dockerfile"]
}
@@ -0,0 +1,24 @@
{
"name": "NeuraLegion",
"creator": "NeuraLegion",
"description": "Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports",
"iconName": "neuralegion",
"categories": [
"Code Scanning",
"C",
"C#",
"C++",
"Go",
"Java",
"JavaScript",
"Kotlin",
"Objective C",
"PHP",
"Python",
"Ruby",
"Rust",
"Scala",
"Swift",
"TypeScript"
]
}
@@ -0,0 +1,9 @@
{
"name": "rust-clippy",
"description": "A collection of lints to catch common mistakes and improve your Rust code.",
"iconName": "rust",
"categories": [
"Code Scanning",
"rust"
]
}
@@ -1,7 +0,0 @@
{
"name": "Scan",
"creator": "ShiftLeft",
"description": "Scan is a free open-source security tool for modern DevOps teams from ShiftLeft.",
"iconName": "shiftleft",
"categories": ["Code Scanning"]
}
@@ -0,0 +1,11 @@
{
"name": "Sobelow",
"creator": "nccgroup",
"description": "Sobelow is a security-focused static analysis tool for the Phoenix framework.",
"iconName": "sobelow",
"categories": [
"Code Scanning",
"Elixir"
]
}
@@ -0,0 +1,7 @@
{
"name": "SonarCloud",
"creator": "Sonar",
"description": "Static analysis of code for vulnerability detection, covering 26+ languages. Start cleaning your code in minutes!",
"iconName": "sonarcloud",
"categories": ["Code Scanning","abap","apex","c","cobol","cpp","cloudformation","csharp","css","flex","go","java","javascript","kotlin","objectivec","php","plsql","ruby","scala","swift","terraform","tsql","typescript","vb","vba","xml"]
}
+1 -1
View File
@@ -47,6 +47,6 @@ jobs:
"
- name: Upload Sarif output
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: rubocop.sarif
+54
View File
@@ -0,0 +1,54 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# rust-clippy is a tool that runs a bunch of lints to catch common
# mistakes in your Rust code and help improve your Rust code.
# More details at https://github.com/rust-lang/rust-clippy
# and https://rust-lang.github.io/rust-clippy/
name: rust-clippy analyze
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
rust-clippy-analyze:
name: Run rust-clippy analyzing
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Rust toolchain
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
with:
profile: minimal
toolchain: stable
components: clippy
override: true
- name: Install required cargo
run: cargo install clippy-sarif sarif-fmt
- name: Run rust-clippy
run:
cargo clippy
--all-features
--message-format=json | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: rust-clippy-results.sarif
wait-for-processing: true
+1 -1
View File
@@ -38,4 +38,4 @@ jobs:
uses: security-code-scan/security-code-scan-results-action@cdb3d5e639054395e45bf401cba8688fcaf7a687
- name: Upload sarif
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
+1 -1
View File
@@ -42,7 +42,7 @@ jobs:
# Upload SARIF file generated in previous step
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: semgrep.sarif
if: always()
-47
View File
@@ -1,47 +0,0 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow integrates Scan with GitHub's code scanning feature
# Scan is a free open-source security tool for modern DevOps teams from ShiftLeft
# Visit https://slscan.io/en/latest/integrations/code-scan for help
name: SL Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
Scan-Build:
# Scan runs on ubuntu, mac and windows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# Instructions
# 1. Setup JDK, Node.js, Python etc depending on your project type
# 2. Compile or build the project before invoking scan
# Example: mvn compile, or npm install or pip install goes here
# 3. Invoke Scan with the github token. Leave the workspace empty to use relative url
- name: Perform Scan
uses: ShiftLeftSecurity/scan-action@39af9e54bc599c8077e710291d790175c9231f64
env:
WORKSPACE: ""
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SCAN_AUTO_BUILD: true
with:
output: reports
# Scan auto-detects the languages in your project. To override uncomment the below variable and set the type
# type: credscan,java
# type: python
- name: Upload report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: reports
+7 -1
View File
@@ -22,8 +22,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
snyk:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@@ -43,6 +49,6 @@ jobs:
image: your/image-to-test
args: --file=Dockerfile
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif
+7 -1
View File
@@ -21,8 +21,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
snyk:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@@ -42,6 +48,6 @@ jobs:
# or `main.tf` for a Terraform configuration file
file: your-file-to-test.yaml
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif
+40
View File
@@ -0,0 +1,40 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# Sobelow is a security-focused static analysis tool for the Phoenix framework. https://sobelow.io/
#
# To use this workflow, you must have GitHub Advanced Security (GHAS) enabled for your repository.
#
# Instructions:
# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
# and review the "Security" tab once the action has run.
name: Sobelow
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: run-action
uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912
- name: Upload report
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
+68
View File
@@ -0,0 +1,68 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow helps you trigger a SonarCloud analysis of your code and populates
# GitHub Code Scanning alerts with the vulnerabilities found.
# Free for open source project.
# 1. Login to SonarCloud.io using your GitHub account
# 2. Import your project on SonarCloud
# * Add your GitHub organization first, then add your repository as a new project.
# * Please note that many languages are eligible for automatic analysis,
# which means that the analysis will start automatically without the need to set up GitHub Actions.
# * This behavior can be changed in Administration > Analysis Method.
#
# 3. Follow the SonarCloud in-product tutorial
# * a. Copy/paste the Project Key and the Organization Key into the args parameter below
# (You'll find this information in SonarCloud. Click on "Information" at the bottom left)
#
# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN
# (On SonarCloud, click on your avatar on top-right > My account > Security
# or go directly to https://sonarcloud.io/account/security/)
# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/)
# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9)
name: SonarCloud analysis
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
workflow_dispatch:
permissions:
pull-requests: read # allows SonarCloud to decorate PRs with analysis results
jobs:
Analysis:
runs-on: ubuntu-latest
steps:
- name: Analyze with SonarCloud
# You can pin the exact commit or the version.
# uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
with:
# Additional arguments for the sonarcloud scanner
args:
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
# mandatory
-Dsonar.projectKey=
-Dsonar.organization=
# Comma-separated paths to directories containing main source files.
#-Dsonar.sources= # optional, default is project base directory
# When you need the analysis to take place in a directory other than the one from which it was launched
#-Dsonar.projectBaseDir= # optional, default is .
# Comma-separated paths to directories containing test source files.
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
#-Dsonar.verbose= # optional, default is false
+1 -1
View File
@@ -71,7 +71,7 @@ jobs:
- name: Upload SARIF file
if: ${{steps.prescription.outputs.sastScan == 'true' }}
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: workflowengine-results.sarif.json
+1 -1
View File
@@ -54,7 +54,7 @@ jobs:
# Sysdig inline scanner requires privileged rights
run-as-user: root
- uses: github/codeql-action/upload-sarif@v1
- uses: github/codeql-action/upload-sarif@v2
#Upload SARIF file
if: always()
with:
+1 -1
View File
@@ -32,7 +32,7 @@ jobs:
sarif_file: tfsec.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: tfsec.sarif
+1 -1
View File
@@ -42,6 +42,6 @@ jobs:
severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
+1 -1
View File
@@ -52,7 +52,7 @@ jobs:
uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be
with:
pipeline-results-json: results.json
- uses: github/codeql-action/upload-sarif@v1
- uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: veracode-results.sarif
+7 -1
View File
@@ -42,9 +42,15 @@ on:
- cron: $cron-weekly
workflow_dispatch:
permissions:
contents: read
jobs:
xanitizer-security-analysis:
# Xanitizer runs on ubuntu-latest and windows-latest.
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
@@ -88,6 +94,6 @@ jobs:
*-Findings-List.sarif
# Uploads the findings into the GitHub code scanning alert section using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v1
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: Xanitizer-Findings-List.sarif
+3
View File
@@ -40,6 +40,9 @@ env:
ACR_EE_IMAGE: repo
ACR_EE_TAG: ${{ github.sha }}
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
+3
View File
@@ -41,6 +41,9 @@ env:
CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the
# containerDefinitions section of your task definition
permissions:
contents: read
jobs:
deploy:
name: Deploy
+5
View File
@@ -35,6 +35,9 @@ on:
- $default-branch
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -63,6 +66,8 @@ jobs:
file: ./Dockerfile
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
+46 -9
View File
@@ -9,17 +9,17 @@
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux)):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
#
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Helm.
# Set your helmChart, overrideFiles, overrides, and helm-version to suit your configuration.
@@ -48,12 +48,10 @@ env:
CHART_OVERRIDE_PATH: "your-chart-override-path"
jobs:
build:
buildImage:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
@@ -72,6 +70,20 @@ jobs:
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
@@ -85,7 +97,9 @@ jobs:
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
@@ -96,7 +110,30 @@ jobs:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Runs Helm to create manifest files
- name: Bake deployment
@@ -112,11 +149,11 @@ jobs:
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.0
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
${{ env.IMAGE_PULL_SECRET_NAME }}
@@ -9,17 +9,17 @@
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
#
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Kompose.
# Set your dockerComposeFile and kompose-version to suit your configuration.
@@ -40,12 +40,10 @@ env:
DOCKER_COMPOSE_FILE_PATH: "your-docker-compose-file-path"
jobs:
build:
buildImage:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
@@ -63,7 +61,21 @@ jobs:
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
@@ -77,7 +89,9 @@ jobs:
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
@@ -88,7 +102,33 @@ jobs:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Runs Kompose to create manifest files
- name: Bake deployment
@@ -101,11 +141,11 @@ jobs:
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.0
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
${{ env.IMAGE_PULL_SECRET_NAME }}
@@ -9,17 +9,17 @@
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
#
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Kustomize.
# Set your kustomizationPath and kubectl-version to suit your configuration.
@@ -46,12 +46,10 @@ env:
KUSTOMIZE_PATH: "your-kustomize-path"
jobs:
build:
buildImage:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
@@ -69,6 +67,23 @@ jobs:
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
@@ -83,7 +98,9 @@ jobs:
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
@@ -94,7 +111,33 @@ jobs:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Runs Kustomize to create manifest files
- name: Bake deployment
@@ -107,11 +150,11 @@ jobs:
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.0
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
${{ env.IMAGE_PULL_SECRET_NAME }}
+47 -8
View File
@@ -8,8 +8,7 @@
#
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# 1. Set the following secrets in your repository (instructions for getting these can be found at https://docs.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
@@ -19,7 +18,7 @@
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
# - IMAGE_PULL_SECRET_NAME (name of the ImagePullSecret that will be created to pull your ACR image)
# - DEPLOYMENT_MANIFEST_PATH (path to the manifest yaml for your deployment)
#
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
@@ -43,12 +42,10 @@ env:
DEPLOYMENT_MANIFEST_PATH: 'your-deployment-manifest-path'
jobs:
build:
buildImage:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
@@ -67,6 +64,20 @@ jobs:
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
createSecret:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
@@ -80,7 +91,9 @@ jobs:
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::add-mask::${ACR_USERNAME}"
echo "::set-output name=username::${ACR_USERNAME}"
echo "::add-mask::${ACR_PASSWORD}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
@@ -93,13 +106,39 @@ jobs:
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
deploy:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
needs: [buildImage, createSecret]
steps:
# Checks out the repository this file is in
- uses: actions/checkout@v3
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Deploys application based on given manifest file
- name: Deploys application
uses: Azure/k8s-deploy@v3.0
uses: Azure/k8s-deploy@v3.1
with:
action: deploy
manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
${{ env.IMAGE_PULL_SECRET_NAME }}
@@ -30,6 +30,9 @@ on:
- $default-branch
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -63,6 +66,8 @@ jobs:
path: ${{env.DOTNET_ROOT}}/myapp
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
+7
View File
@@ -22,6 +22,7 @@ name: Build and deploy JAR app to Azure Web App
env:
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
JAVA_VERSION: '11' # set this to the Java version to use
DISTRIBUTION: zulu # set this to the Java distribution
on:
push:
@@ -29,6 +30,9 @@ on:
- $default-branch
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -40,6 +44,7 @@ jobs:
uses: actions/setup-java@v3.0.0
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.DISTRIBUTION }}
cache: 'maven'
- name: Build with Maven
@@ -52,6 +57,8 @@ jobs:
path: '${{ github.workspace }}/target/*.jar'
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
+5
View File
@@ -28,6 +28,9 @@ env:
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '14.x' # set this to the node version to use
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -53,6 +56,8 @@ jobs:
path: .
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
+5
View File
@@ -30,6 +30,9 @@ env:
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
PHP_VERSION: '8.x' # set this to the PHP version to use
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -74,6 +77,8 @@ jobs:
path: .
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
+5
View File
@@ -29,6 +29,9 @@ on:
- $default-branch
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
@@ -61,6 +64,8 @@ jobs:
!venv/
deploy:
permissions:
contents: none
runs-on: ubuntu-latest
needs: build
environment:
+3
View File
@@ -27,6 +27,9 @@ env:
TKE_CLUSTER_ID: cls-mywebapp
DEPLOYMENT_NAME: tke-test
permissions:
contents: read
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
+5 -2
View File
@@ -50,6 +50,9 @@ on:
- $default-branch
pull_request:
permissions:
contents: read
jobs:
terraform:
name: 'Terraform'
@@ -82,10 +85,10 @@ jobs:
# Generates an execution plan for Terraform
- name: Terraform Plan
run: terraform plan
run: terraform plan -input=false
# On push to $default-branch, build or change infrastructure according to Terraform configuration files
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
- name: Terraform Apply
if: github.ref == 'refs/heads/$default-branch' && github.event_name == 'push'
run: terraform apply -auto-approve
run: terraform apply -auto-approve -input=false
File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 107 KiB

+1
View File
File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 80 KiB

+131
View File
@@ -0,0 +1,131 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="200px" height="200px" viewBox="0 0 200 200" enable-background="new 0 0 200 200" xml:space="preserve"> <image id="image0" width="200" height="200" x="0" y="0"
href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAABGdBTUEAALGPC/xhBQAAACBjSFJN
AAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAb
TklEQVR42u2deXCc9XnHv7urPXWuVoet05Zt+cIYGx8ydmxhQRIwqZM0B24g6aQw02bSHHSSEmJi
UWjiDk2a0FAmLYGZAAkQCoZMXUMBHxhjC2THtiwfkixZ97XSHtJq77d/vLurlbTHu7vvtbvPZ2ZH
r959j+f97e/7Ps/vBgiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiCIAiC
IAiCIAiCIAiCEAmF1AYQhFjo86sOzN83Y+9/LNY5JJAA+vyqA4b8qmYAMA+epnTJIEwVDUy8Yxz2
/uZIYqGMgMgJSCJJf8JfelyI9Jvzlgnmu694rksOxEvAaG8VIj3g4jkiEf678yKQaIbI+S3M9e0i
52cgopOsOIIEf3elnI2UA5nwDNkGH79ZMCJKWSCRagb4NlYIonmPHZvLsaS6QGrzCIkJ5o+UBaLW
FDQGtxW+iYjHmCoamBxNwS6pHzpIJFFrNX40bqtEQUEBKsq0cY8n5Anf+Sx1gWhnBfLppk3QK/sj
HldYsuaYwGnDmUjeo7pcAYPBAAAoKiqS1D59ftUBuXpeuROeH1PFVNHA5PB1sbJCK1QqFXbt2oV3
3nkHfvUySRKIy0NH2l9VVTXnfy164UINAFZQfNRmJZrpYx1PlQfikJJAwkOPuro6AIBSqURTUxMu
XOrHiNk753hTRQMjZdVptFCprtIX8h4hW00mDJpTu0cidfCJEi4eh70/dB+Py3bM67YdF+q+2UZK
b6HwH+nuphULvn/32Dm4fXkRz5XiDRjpjcw4r2HPnj0Lju3t7UVbh4uzzXIMibLRyyTaOBgPQat5
Fy9eHPNBkk0AU0UDM//D5bxI+5cuXRrxeJ1Ox8kerveXArnaJSR8Rye8lEF8jisAFnqQojwfbiR5
Tb7i9Xhv0Wgi1mg0vNonFUE7s9Gb8AEvAomWmcrLy4FLrYCqeMF3QTc4Y+9/LEdTsCtY+8B33B4v
I0ersYrkQVYsX37nimXLPtt6sfchL9ILU0UD43HZjnnctmOZ3n3GPHhawVeoxUsZRO3vwZ133hnx
mAsXLqB/TC9FOnEiUtkpyOH3Oub8v+PWUkahUCicLhc+vmiV2vSUyAaPwodIBC2DAGxtkJzxern7
Ap/PpwAAnVYLOK9JbXpKpEuImAoz9v7HUn0RJC0Qrgms18vXewDA4OAg52OHhodD25WVlVKbnjLZ
IJJU4cWDMEz0dLbb7VI/Y0wutA+jq6sLfr8/7rG9g9OhZ62probSPym1+SkTrIWTU1cgOcGLQNxu
d9Tv2trapH7G2AmgNuJqjx8trVfjisSvNMJqZcseOTk5WL7EKLX5vCGnrkByQlAPYjabodDVJ3y9
Qt1oyjYVaEegUzs4Hz9hy8GRo104fvw4Ojs7MT4+HvE4i8US2i4rLU3ZTjlBIddCeBGIyrAqtM0w
DKxWKzo6OnC+PX5fjYYNJuzeXg3Gw2bI8iIbtm/fjuoyZ9L21FX6sGPHDqxYylYvK/2TaNpRg41r
8+OeO+2twLUbDFrORw6frA51aFuhUKCkKLMqgzIt3EpV9LzVYvX09OD06dP43/c78eEno+joBZzu
+JnHZrNBp9Nh5XL2bTxkVoNhGNx0001J2eGdvoxVq1jBzrjZCoLV9eXQarWw2WwpP6fNoYbTNdsF
pdQoeEWg6GRKuMXHMAXeft32Lg8mphOv0r18+TKA2d60SpUe09PTUCgUMOVNJHy96urq0LYtUEEQ
rHG6cuUKL8/a0dkZ2i42Zk45JJxMCLdSbQMxD55WSP76YzTL4fF4oNPpoHCzGS8Y54dndq6En2Ox
WKBFL3JycuByuZCTu5oXmy0zpXAFvIhSqUR16YzEqSgM6SwSvmyXXCAAMDY2BgBYv349AMDuYHvA
LFq0KOooxUgoGGeoYdLhcMDty8PNN98MABgdTb3gH8759oFQ7V1tTQ3KCiySpqFQpFuZJEdTsIsP
cXhctmOATARimVIBACoqKgAANvsUAPbtvKhUw/k6hflqKBRsuaenpwd+9xhKAzVN1sA9+MLly0PL
xx8DYAvrK+vrYdBkpidJpzIJX7Z63DISyMDAAKampnD16lUAwFRY4+KiRYs4Xyc3b3bsyfDwMJSa
UnR1dcFut2NgYIB3uxntCljDCv7FBWkbkcQlHcItPm0MduiUhUA8/nycODOErn7WHKdXHwpfysvL
OV9Hp2HTx+FwwMmwZZGrPX580DIMn6JIENt7+mfFXFNdjQKDR4okFAW5Tl7B9xj+8BGaSVfiC/1G
ydcMY+PGjRgYGEBnHzczS4xKrKkvR0tLS0ggYlBdOoMltbWh/8+0tMCtXCLa/cVGTj2B+R5BOP/Z
ZCsQvlExFnzpC7vR2NiIdevWYcmSJXC5XBgaGsLFixfxzDPP4MLV5MsQG1YZkBcI8TKhO3ws5CQQ
PvMhr3PzJmqYQevE/fvuxs6dO7Fq1SpUVlbCbDaju7sbL730Ev7w+if8plwY1WVOvPDCCzEbH/1+
P9544w088cQT6BvlNtw2HN/0ZezauTNUSfDBJ/zWmskJucxZzPdLWnSBMD4H7tnThN0712Pv3r0x
55uy2Wz48MMP8e7Rs/jDK4fg9qY+2PGWm6rxxGMPYevWraGMG9dmhsFzz/8BP9r/OPwJlluKCxgY
tB7YHUpYp3mbUUmWSOlFcjQFu/iuWbOOtzdGmg1GUIF87+/2YP/+/Qlf+3e/+x0e+tEzKT2wFr1o
b29HYWFhUuf39vZi27ZtobmxiIVIJRKhyx3hCFaLtchox0MPPZTUuV/72tewZX1qXTgOHz6ctDgA
oKamBocPHxYqeYgUEEscgEAC+YvPrMapU6cWTMbGFZVKhUOHDuGB+xNvwC3K9+PIm/8eapVPhfXr
1+PwG7+CVhN/MFU2InYrO9/VucHW8lgk3bwcTcVb1hvx6quvQqvVJnjFeYapVLjjjjtw5dIpXO0a
53zeb379KBobG1O6dziVlZW4fKUTV64lO4FRZuP3uXrEmMnRVNHA8DnvLgBYRs8tjXcM7x6kubmZ
1+s9/PDDnI9VK+246667+H4krKnn3lhJ8I8QDZRcy0+8CiTf4MGWLVviHtfV1YW77roLu3fvxvPP
Px9zTHt9fT1MHAclrV2zBkpl/EeyWCy49957sXXrVjz22GNwOGKPPFy7di2fyZRRCDn/sFD3SKRy
gVeBbGtoiHvMz372M6xduxZHjhzB0aNH8c1vfhNPPvlkzHO4iA7glpEPHz6M+vp6vPLKK2hpaUFz
czPq6upw/fr1mNfV5kzzmVQZhVBdUIRYBiK8GwkXeBVIcIb3aDidTuzfvz80liLIW2+9FfO88G4c
sSgrK4t7zKOPPhrqXh9kZGQEx49HD6PLysqwfm0V8jXD8S6flQjhRfiuygWSa+DkVSB5eXlJnRev
EY9rbZhareZ0XKJoNBpoNBps3rxZkOtnAny/6YUQXTKt/7wJpK7SFzej63Q67Ny5c8H++vrYM59w
bQV3OuNP9HDPPfdE3L9iRfQpSB0OB3Jzc6HT6ZCnjz7FEcEPcurnl1Q17/wHyNW5sPGWVdBrgaam
ppjn7tmzByqVCqOjozAajWhsbMRPfvITlJSURD3nzT+9gz9fuBrXrurKEtyzJ/b9b7vtNphMJgwN
DUGr1WLz5s34wQ9+gL1790Yt4F+6dAlnzpwBAEw7XLDY0m3qavFIpcpXn191QIjBWQ57f7PN3H57
Mucm1VVgvkA2rMnD4sWLUVRUhKeeeorv58Pnv/Q3OPlRe9zjli0x4syH/Ld+v/766zh06BAAdqRi
e1fmjvlIlWS7nwhR5kjFniC8hFjBceB9fX18Px8AhEYaxqOj4zqnMCtRwkcjClXOyXaEEEeiNVaR
4EUgwfVBDAYDnn76aV4f8sUXX8TYhI/bw6iNePDBBxOasT0ely9fRmtra+h/LnP4ZjMFpjVHEzle
yBV9uXQliUdSZZD5aq+rLYJSqYRSqcTAwABGR0exadOmlB+wra0N937j0YTO6eyewOR4V9T1ShKh
p6cHjz/++JyGzJGREUzYZDNeSHaocrRLuNYWCdF9JIh58LTC73Ol3D+IFw8SnNA5yAcffICjRxN6
kSzA6XRi3759C/Yz5mvIG78S+jBTC9smfvviCRw5ciSl+9vtdhw8eHDBfi9TwEeSZT1Cjm/nsxs+
L6N6BgcHUVw8u8yaUqnEc889h+XLlyc1+RvDMLjvvvswNMG2q9wz48Q2QxVKcgxQLFrYaDjpm8GA
x473p7rRVsjOgrLv/u/iwtl3k7q/1+tFc3NzxC4oZrMZAPepiLIRU0UDEy+TCtVFhY9yRzi8hFiT
FjtKivVzFstRKBS4cOEC1Go1ampqOPWRAthJ5L730CM48v4VmJw2fEtZjO25NchVaqCIUummV6pR
lpOLrYYqbPQr0eWaxJS2ACdOfITaalNC95+cnMTTTz+Nnp6eOfsZhkFnZyeGzPzOr5WpRAuzhKrK
DeKw9zfzEVoF4aWaN8idO5dErOXx+Xx45JFHYvaVGhoawsGDB/HSay2hfZUT3ThQ3piwfb+dOIsz
+bPzBBfpx/Dyyy/HLBe53W789Kc/RWdnZ0Qxtba2YsRC4VUizPciQlXlRrsfH/AqkGVVfqxcuTLi
OU6nE7W1tWhqasLq1atRWVmJyclJdHd34/e//z1e/OOZiOf9QrUYecrEQpr9w+9h1LR87k6vGV/c
24impiasX78+NKvJjRs3cPLkSZw6dSqql7lx4wYudVILeqLMz7BCtpALNfyXV4HA78CS2kUoN+Wg
uLg4YhcRr9eLqakptLVfh20m/nodtW4nvq+vg0HJrf3h3anreFXLPQwqzPWipKQExgIGeXl5UCqV
8Hq9sNlssE/7YZtyY3TcCQXH+xPiI+QsK/wKJAy/bwar6gyora2FWq2G1+vF2NgY+vr6MG5PbLz5
7mk77i2Kv17INZcZ/6qcEiKdCJki9BREggmEV6ZH8GNDPWo1RVEPYcDg4HQHujWpDfUl0guhZ1ZJ
D4EEuH3ahi8WroFWMRtC+cHg7MwQXrG0wVqyMoWrE+mGGNMOpdXsZkdzC3BqphO7Vy5GeVExfEqg
bagH5wZ8AIkjq+C7vSMaSbWk861cv3sMcHVwOtal1mFE78WoUQlzoRIOdWLOrLrMiZpyF/I1w/A5
+FmSjRAXMac+Fc2DmPImkJ+fD61WC61Wi9zcXOj1euh0OgDsYCWbzYaTH48IZsPyagb19esW7Pd4
PLBYLJicnITD4YDFYoFtWoEcXYVYyUMkgJjzAosikHX1OlRXb436vdvtDlWtCsnYpB/aGzeg1Wqh
0+mg1+uhVquhVqtRWloaWo0qHJfLhTOtnZiaoe4lckCs0CqIKAK5eM0Ju70dTqcTLpcLLpeLXclW
V5/U9cInpWPHq3Or2rVOqWDtdANwA7DP+S7H142ioiIYDAYYjcbQtlqtDizmQwKRGinmAk679UHY
MGmusKxWKy5evAibK/YEb4zzGkwmE8ZtBihVehDpg1QTZad0U75EUpxrxq233gq/34+333474nLN
3unLuO2222KOXT937lyoB3AkPtNYB5WKrSLu6OhARy8/iUgIi5TrkUgikBxYsWjxYpQUKWA0GkO9
gGdmZtDSehXTrtw5x5cUOrFp49pQXymGYWC1WuFyuVBQUBA6n2EYDA0NoW/IAbNloWn1tQqUlZUh
Pz8fCoUCDMNgamoKk5OTsEypMDIyAo8/fvcXQlyird0hBqIKpLLEgeXLlyM3d64AxsfH0draCl9O
5InnGrdVhubGslqtOH7yz6EaJr9vButXGxeM+zh//jwGxqPPp7Wsyo/6+voF/cU8Hg/Onz+PUWvy
SycQ/CH1cm8p35yrSHJ1LuzaPrc/1fj4OK5duwbLTGnMc+9ump2z6uiJ85jxLMz4uTmD2LFjRyiE
8nq9eOd4d8zr+n0zWGzyYOnSpXMGfAHAxYsXk1qKjeAPqcUBiLgMdPhkB06nEydPnkTL+cm44gg/
d2RkJKI4AGDaW4HLV2cF4fHEn5pHqdJjxFKA0+fMOPHBqTnVzEZjagv4EKkhdnVuNFJWaIFpzVGu
A+81Sjv8fj+8SCx8KczzwaDXY2DIDGVO9DIC43egcpERUCgwNDgIRlWcwF0C+CZQXFyM8fFxKNUl
iZ9P8IKU5Y5wUhaI0KPEiOxDDqFVENFCLILggpzEAfAgEDmsl01kBnIpd4TDm1rlNCM3kX5I2RgY
CwqxCFkgR3EAJBBCBsit3BEObwKR80MS8kWO5Y5weJ8mUKjJiInMwzx4WiGHto5YUIhFSILcPUcQ
3sMiqs0iuJAuIbkgRpJIiFikizgACrEIkUkncQACCSTdEoEQh3Qpd4QjmAdJx8QghIWPNQPFRrDV
YILVd1TtSwD8rRkoNlQGIQQnnUNuwQ2nGq3sJp3FAYjgQdI9gYjkyYRyqGiZlzxJ9pEJL0cqgxCC
kAniAEQUiHW8vVHqhyXEIRNCqyCiq5xCrcxGriMDk4VCLIJXMkkcgAQeBCAvkqlkSrkjHEk8iHnw
tCIdux0Q0cmkckc4ki3i6XHbjlE3lMwgEz1HEMnKIJkWq2Yrmeo5ggjWWZELQZGQJ0lfbOb226W2
QUgkFQhAvX7TmUwOrYLI5gGpZiu9yAZxADJqB8mWBM8EMr3cEY5sBAKwIsmmxE9XsqmKPqW39tbv
nxYkLLJ1n8Roy2vSpAgRFdOaBhjX3cvb9c78W4Pso4akPYhQ4gCAgqU7oC+vkCZFiIgoDCpexQEI
m4d4e+5ET8iv2rhrzZf/45gYxk31ncFk+7twWcZETxhilhxdLpbs/WfBrn/m3MNKHDsmS7Ek7EEK
qjY2imVcXvVWVH/mx9AVLxI1UYi5GJbcIuj1t2446E/9KsKQcDuIWN4jHE1+MWw9rWLflghQseWr
UGoLBL+Pvf+s7CayTsyDNDdLUuulK1uDW7/wbfi8M1LcPqtZunk3VPlVUpshGZw9SGXDAwfWlH7l
qFSGulTFqLmlCWO9rWBcTqnMyCpMN98BQ/3nRLlXQTUbusvNi3AupMumxsE5iQsvPwiDPnvfamJQ
WHcTSjc/IPp95Vb1yylkko04AEBnxM1//Ro8jFVqSzIXFSOJOACZ5TVwCLEqGx44EHR/fLC02IMi
nR8W59xb31zpQ5URMOr9sM344WPmardE74Ja4YXLzw5hKb3p80AO4DT3AH7ZVoKkJeVbvwptUbWk
Nsgl1IrrzvhSdJHGiSe+mg9TPiuMoQkv3myxYdrpx+e25KO+Qhs69mzXDJ58e9a0f/q8AisC3//4
ZTuuT6gBAPs2uaGyd6D5n/5L6nTMGKo2fRq6ZXdLbQb6P3q2eeD0s5KPGYo5opBPd3fbKkNIHACw
uDgHf/vZ4ojHblymxy/2eTE06cG6Wh3UqlmxrK3RQc1M4h//sgR6jQ7ArTDqvfj2d34IVe5qqdMz
rfn7Bxrx9fu/iKEJD462TeNPbbrQd6tNNug1StgcPnRaC0P7lxZ78Kl6YMbF4I/nNFI/Au/E9CDJ
CmTHkmmoVQqYp7y4MMLWnz/5FRWqStQpG+xnAIYBVPNKTwMDQ/jGg/thnU79HtnIhnWV+M9fPzpn
31stNtgcfty5IQ/lhbPv0iNn7Riz+nBLnQ5ra3RQBnKR18fgN29PgGGAhpUGLC1X49WTNpzoNiRl
kxwK7FENSEYc25cz+NYdOiiVcy/rdPuh0wjfhNLb148XXn4X779/AjZH5r3NhGLntpX4h+/uQ8Vi
/nsseH0M/u/8FN5p82N4SpvQuXIIsyIKpLLhgQNV2x5oTvRi39ntx7ZVyb0t+MTv9+O1/34Tv3z6
VXiYwtQvmKEY9SN46pf/glWr6kW538//x4FPbiT2opTai/A6q8mhPytxts8l5fPMUnQ37vj6Mlz5
+G1BLu+wT0j9hAAAt9MBjzvxHgbGslrc/uVf4L0+Fd4T6Tdj5DX8iBO8hlgEwTdSe5D0kzRBiAgJ
hCBiQAIhiBjE7GrCZxcTgkiU/o+ebZa6y4kgDYUEwQdSF9ABCrEIIiYkEIKIQUyB9H/0bLPUBhLZ
ia3v7DGpbQDiCETqfjBE9mLrTwOBEES2QwIhiBiQQAgiBpym/aEGQ0JsLr/2LVmsXEUehCBiQAIh
iBiQQAgiBpz6ulCfLEJM5NAHKwh5EIKIAQmEIGJAAiGIGHASyJnCIwkvtEMQySC3vJZ+yx8QGY2c
CugAhVgEERMSCEHEgARCEDFIKN6jcgghJHIrfwDkQQgiJiQQgohBQgLp13bSGHVCEGyqiWNS2xCJ
hAQycPC+ZqkNJjIT28nXj0ltQyQoxCKIGJBACFngt/WdB1CABGtWhYbLClN6AEYABgAG6/UTfyys
2/llqQ0nMgvLcLsOwE4AfgBOALbAZxrAJACHFHZFE4gSQDWASrDiCKnaPnLNU1i3UwpbiQxmZqJv
KrCpROBlDCB8VVELgEEA/QDcYtkVSSAGABvACoMghMfe087hqKLAZxWASwBuiGFaUCAKALUAKjDP
Y8zHbe74BMBfiWEckR3YBy8eS+BwJYCbANSA9SjdYMMyQQgKZFHgpnGZNncPCWUMkZ2MXjtxLsFT
FAAKAx8PgF6hbAvWYnFe3Nwx0TvF9ViC4MJ45wfDKZyuF9K2oEASX2ibIOSBU8iLB4c3TgHwAtAA
0CJOXbRerew3VGzYLnXKEOnP4IknH7UNXU7Gg9jBFtRvABCsl3n4+N9JsLHcCNiCujbaSRO9rb1F
JRWTGtOKLUIZRmQ+wx/+6oe9n7zaluBpDICrAM4BMENAcQCRJ692ga1r9mHWoyxg7NrxzsLi8nFt
ycqtQhpIZCb2ng/f7nzv54cTOGUaQA+AC2Bf4qLApVk/F6xHyQVbmC8AkBc8t6j6lqrcyk2fEstg
Is3x2Cddlr4r49dP94CJWDvLgH1JB1vSHWCjG7sU5ibb70UJVihGAGUASlK4FpHdMGBFMBL4WMBG
L7KAr0ytBJAPoBSACayHEbT6jUhbXGC9gRnAOFgvIRtBzEfIt74KrIcpBiuWIrAiIrKHKQBWsOUH
STsdJovYYZECbOt9sPCvAaAO/NUEvssJ7FMHtlVh/xPi4wPbWu0JbHsD2+7Atjts2wPWQ7gC22k/
yUc6lRsUYEWkD3yC4tIFPmrMik4jtbEyJ5jBnYFtL9g3ezCzz4T9n/aZPBXSSSCJEvRU6rC/WrDl
pXBPFRRe8C/m/S+nNHKBzbDB7t5esG/1YEb2B47xYvbt7g373gkRu4pnAnL68eVOMNwD5oppPlpu
l4Mryn4PZnunhouBIAiCIAiCIAiCIAiCIAiCIAiCIAiCEIP/B2yiz7QEureJAAAAJXRFWHRkYXRl
OmNyZWF0ZQAyMDIyLTA0LTI3VDAzOjQyOjQwKzAzOjAwfXikRwAAACV0RVh0ZGF0ZTptb2RpZnkA
MjAyMi0wNC0yN1QwMzo0Mjo0MCswMzowMAwlHPsAAAAASUVORK5CYII=" />
</svg>

After

Width:  |  Height:  |  Size: 10 KiB

+57
View File
@@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="Layer_1" data-name="Layer 1" viewBox="0 0 32 32">
<defs>
<style>.cls-1{fill:none;}.cls-2{fill:#00a8b7;}.cls-3{clip-path:url(#clip-path);}.cls-4{fill:#fff;}.cls-5{fill:#ee4036;}</style>
<clipPath id="clip-path">
<rect class="cls-1" x="2.69" y="1" width="26.62" height="30" />
</clipPath>
</defs>
<title>NeuraLegion Logo</title>
<rect class="cls-2" x="10.08" y="1.86" width="0.47" height="11.32" transform="translate(-2.29 9.54) rotate(-45.22)" />
<rect class="cls-2" x="10.22" y="1.74" width="0.47" height="18.7" transform="translate(-4.05 6.41) rotate(-28.8)" />
<rect class="cls-2" x="9.82" y="2.43" width="0.47" height="26.34" transform="translate(-4.99 4.72) rotate(-21.33)" />
<rect class="cls-2" x="6.07" y="2.68" width="8.37" height="0.47" />
<rect class="cls-2" x="5.95" y="11.82" width="8.37" height="0.47" />
<rect class="cls-2" x="5.95" y="20.17" width="8.37" height="0.47" />
<polygon class="cls-2" points="14.16 20.35 5.79 12.62 6.11 12.28 14.48 20.01 14.16 20.35" />
<rect class="cls-2" x="9.9" y="19.68" width="0.47" height="11.39" transform="translate(-15.38 15.6) rotate(-47.27)" />
<rect class="cls-2" x="4.91" y="7.41" width="11.06" height="0.47" transform="translate(-2.43 9.01) rotate(-42.26)" />
<rect class="cls-2" x="5.02" y="16.06" width="11" height="0.47" transform="translate(-8.09 10.82) rotate(-40.75)" />
<rect class="cls-2" x="1.74" y="11.57" width="17.39" height="0.47" transform="translate(-5.2 13.79) rotate(-55.76)" />
<rect class="cls-2" x="16.03" y="7.3" width="11.32" height="0.47" transform="translate(0.99 17.47) rotate(-44.79)" />
<rect class="cls-2" x="12.32" y="10.79" width="18.53" height="0.47" transform="translate(1.53 24.64) rotate(-61.23)" />
<rect class="cls-2" x="8.78" y="15.38" width="26.34" height="0.47" transform="translate(-0.58 30.37) rotate(-68.65)" />
<rect class="cls-2" x="17.56" y="2.7" width="8.37" height="0.47" />
<rect class="cls-2" x="17.68" y="11.83" width="8.37" height="0.47" />
<rect class="cls-2" x="17.68" y="20.18" width="8.37" height="0.47" />
<rect class="cls-2" x="16.17" y="16.09" width="11.39" height="0.47" transform="translate(-5.27 19.2) rotate(-42.8)" />
<polygon class="cls-2" points="17.84 29.43 17.52 29.09 25.89 21.36 26.2 21.7 17.84 29.43" />
<rect class="cls-2" x="21.32" y="2.13" width="0.47" height="11.06" transform="translate(1.39 18.47) rotate(-47.75)" />
<rect class="cls-2" x="21.25" y="10.81" width="0.47" height="11" transform="translate(-4.9 21.93) rotate(-49.23)" />
<rect class="cls-2" x="21.15" y="2.79" width="0.47" height="17.81" transform="translate(-2.86 14.26) rotate(-34.73)" />
<rect class="cls-2" x="4.37" y="2.82" width="0.47" height="16.94" />
<rect class="cls-2" x="27.16" y="2.82" width="0.47" height="16.94" />
<g class="cls-3">
<path class="cls-4" d="M17.69,2.92A1.69,1.69,0,1,1,16,1.22a1.69,1.69,0,0,1,1.69,1.7" />
<path class="cls-4" d="M17.69,11.66A1.69,1.69,0,1,1,16,10a1.68,1.68,0,0,1,1.69,1.69h0" />
<path class="cls-4" d="M17.69,20.4A1.69,1.69,0,1,1,16,18.71h0a1.69,1.69,0,0,1,1.69,1.69" />
<path class="cls-4" d="M17.69,29.08A1.69,1.69,0,1,1,16,27.39h0a1.69,1.69,0,0,1,1.69,1.69" />
<path class="cls-5" d="M16,1.48a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,1.48m0,3.37a1.92,1.92,0,1,1,1.94-1.93A1.92,1.92,0,0,1,16,4.85h0" />
<path class="cls-5" d="M16,10.21a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,10.21m0,3.37a1.92,1.92,0,1,1,1.94-1.92A1.92,1.92,0,0,1,16,13.58h0" />
<path class="cls-5" d="M16,19a1.46,1.46,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,19m0,3.37a1.92,1.92,0,1,1,1.94-1.92A1.92,1.92,0,0,1,16,22.32h0" />
<path class="cls-5" d="M16,27.63a1.45,1.45,0,1,0,1.45,1.45A1.45,1.45,0,0,0,16,27.63M16,31a1.92,1.92,0,0,1,0-3.84A1.92,1.92,0,0,1,16,31h0" />
<path class="cls-4" d="M6.29,2.92A1.7,1.7,0,1,1,4.6,1.22a1.69,1.69,0,0,1,1.69,1.7" />
<path class="cls-5" d="M4.61,1.48A1.45,1.45,0,1,0,6.06,2.93,1.46,1.46,0,0,0,4.61,1.48m0,3.37A1.92,1.92,0,1,1,6.53,2.93,1.92,1.92,0,0,1,4.61,4.85" />
<path class="cls-4" d="M6.29,11.66A1.7,1.7,0,1,1,4.6,10a1.69,1.69,0,0,1,1.69,1.69h0" />
<path class="cls-5" d="M4.61,10.21a1.45,1.45,0,1,0,1.45,1.45,1.46,1.46,0,0,0-1.45-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.93,1.93,0,0,1-1.92,1.92" />
<path class="cls-4" d="M6.29,20.4A1.7,1.7,0,1,1,4.6,18.71h0A1.69,1.69,0,0,1,6.29,20.4" />
<path class="cls-5" d="M4.61,19A1.46,1.46,0,1,0,6.06,20.4,1.46,1.46,0,0,0,4.61,19m0,3.37A1.92,1.92,0,1,1,6.53,20.4h0a1.93,1.93,0,0,1-1.92,1.92" />
<path class="cls-4" d="M25.71,2.93A1.7,1.7,0,1,0,27.4,1.24a1.7,1.7,0,0,0-1.69,1.69" />
<path class="cls-5" d="M27.39,1.48a1.45,1.45,0,1,0,1.46,1.45,1.45,1.45,0,0,0-1.46-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.92" />
<path class="cls-4" d="M25.71,11.67A1.7,1.7,0,1,0,27.4,10h0a1.69,1.69,0,0,0-1.69,1.69" />
<path class="cls-5" d="M27.39,10.22a1.46,1.46,0,1,0,1.46,1.45,1.45,1.45,0,0,0-1.46-1.45m0,3.37a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.92" />
<path class="cls-4" d="M25.71,20.42a1.7,1.7,0,1,0,1.69-1.7,1.69,1.69,0,0,0-1.69,1.7" />
<path class="cls-5" d="M27.39,19a1.45,1.45,0,1,0,1.46,1.45A1.45,1.45,0,0,0,27.39,19m0,3.36a1.92,1.92,0,1,1,1.92-1.92h0a1.92,1.92,0,0,1-1.92,1.91" />
</g>
</svg>

After

Width:  |  Height:  |  Size: 5.3 KiB

-6
View File
@@ -1,6 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" width="48" height="56" viewBox="0 0 12 14">
<g fill="none" transform="translate(.273)">
<path fill="#3ECF8E" d="M6.58331113,6.33077948 L11.6238175,2.4479014 L11.6238175,2.4479014 L11.2060959,7.99085054 C11.2211336,8.91495832 10.9483693,9.82047503 10.4263491,10.5794359 L6.58331113,7.62507217 C6.38528073,7.46998821 6.26938579,7.23107476 6.26938579,6.97792583 C6.26938579,6.7247769 6.38528073,6.48586344 6.58331113,6.33077948 Z"/>
<path fill="#272E41" d="M3.01875417,7.62507217 C2.82072377,7.46998821 2.70482883,7.23107476 2.70482883,6.97792583 C2.70482883,6.7247769 2.82072377,6.48586344 3.01875417,6.33077948 L10.2592605,0.73155674 C8.8076625,0.269755812 7.29739607,0.0233334477 5.77571619,-6.66133815e-14 C4.20929977,0.0333974525 2.65444039,0.2794543 1.15293138,0.73155674 C0.419515934,0.961133276 -0.057529416,1.67476042 0.00558960995,2.4479014 L0.423311129,7.99085054 C0.428880749,11.4516767 3.90432379,13.2242949 5.27445037,13.8714413 C5.61344719,14.0121506 5.99368139,14.0121506 6.33267822,13.8714413 C7.29277353,13.4733716 8.17818289,12.9118747 8.95039974,12.2113702 L3.01875417,7.62507217 Z"/>
</g>
</svg>

Before

Width:  |  Height:  |  Size: 1.2 KiB

+20
View File
@@ -0,0 +1,20 @@
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
width="500.000000pt" height="500.000000pt" viewBox="0 0 500.000000 500.000000"
preserveAspectRatio="xMidYMid meet">
<g transform="translate(0.000000,500.000000) scale(0.100000,-0.100000)"
fill="#000000" stroke="none">
<path d="M430 4255 c0 -3 250 -438 555 -967 305 -528 555 -963 555 -965 0 -1
-180 -3 -400 -3 l-400 0 0 -75 0 -75 447 -2 446 -3 431 -747 c237 -411 433
-748 436 -747 3 0 199 336 435 747 l431 747 447 3 447 2 0 75 0 75 -400 0
c-220 0 -400 2 -400 4 0 2 248 433 551 957 303 525 553 960 556 967 4 9 -413
12 -2066 12 -1139 0 -2071 -2 -2071 -5z m3833 -223 c-21 -38 -252 -438 -513
-890 l-475 -822 -775 0 -776 0 -494 857 c-272 471 -503 871 -513 890 l-17 33
1801 0 1801 0 -39 -68z m-1087 -1878 c-10 -25 -658 -1147 -670 -1161 -8 -8
-98 140 -343 565 -182 318 -335 585 -338 595 -7 16 29 17 675 17 629 0 682 -1
676 -16z"/>
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.0 KiB

+20
View File
@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 23.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Calque_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve">
<style type="text/css">
.st0{fill:#F3702A;}
</style>
<title>SonarCloud icon</title>
<g id="Illustration_6">
<path class="st0" d="M427.5,237.9c-14.5-17.7-33.9-30.7-55.8-37.5c0-0.4,0-0.9,0-1.4c0.6-64.3-51-116.9-115.3-117.5
s-116.9,51-117.5,115.3c0,0.7,0,1.4,0,2.2c0,0.5,0,1.1,0,1.6C77.6,220,43.6,285.4,63,346.7s84.8,95.3,146.1,75.9
c17.6-5.5,33.6-15.2,46.7-28.1c45.8,45.1,119.4,44.6,164.6-1.1C462.1,351,465.2,284,427.5,237.9L427.5,237.9z M337.5,398.8
c-48.1,0-87.1-39-87.1-87.1c0.2-8.1-6.2-14.8-14.3-15s-14.8,6.2-15,14.3c0,0.3,0,0.5,0,0.8c0,21,5.7,41.6,16.4,59.6
c-32.9,35-88,36.6-123,3.7s-36.6-88-3.7-123c23.9-25.4,60.6-34,93.3-22l0.3,0.1c3.3,1.1,8.1,3.3,9.5,4.6c5.9,5.5,15.2,5.2,20.7-0.8
c5.5-5.9,5.2-15.2-0.8-20.7c-0.3-0.3-0.6-0.5-0.9-0.7c-6.4-5.5-16.5-9.2-19-10c-12.8-4.7-26.4-7.1-40.1-7.1c-1.9,0-3.8,0-5.6,0.1
c2-48.1,42.6-85.4,90.7-83.3s85.4,42.6,83.3,90.7c-1.1,26.9-14.6,51.7-36.5,67.3c-6.7,4.6-8.3,13.7-3.7,20.4s13.7,8.3,20.4,3.7
c0.1-0.1,0.2-0.2,0.4-0.3c21.8-15.6,37.6-38.2,44.7-64c45.1,16.6,68.2,66.7,51.6,111.8C406.5,376,373.9,398.7,337.5,398.8
L337.5,398.8z"/>
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.4 KiB

+17 -6
View File
@@ -1,7 +1,7 @@
#!/usr/bin/env npx ts-node
import { promises as fs } from "fs";
import { safeLoad } from "js-yaml";
import { basename, extname, join } from "path";
import { basename, extname, join, dirname } from "path";
import { Validator as validator } from "jsonschema";
import { endGroup, error, info, setFailed, startGroup } from '@actions/core';
@@ -14,6 +14,7 @@ interface WorkflowWithErrors {
interface WorkflowProperties {
name: string;
description: string;
creator: string;
iconName: string;
categories: string[];
}
@@ -40,7 +41,7 @@ const propertiesSchema = {
}
}
async function checkWorkflows(folders: string[], allowed_categories: string[]): Promise<WorkflowWithErrors[]> {
async function checkWorkflows(folders: string[], allowed_categories: object[]): Promise<WorkflowWithErrors[]> {
const result: WorkflowWithErrors[] = []
const workflow_template_names = new Set()
for (const folder of folders) {
@@ -69,7 +70,7 @@ async function checkWorkflows(folders: string[], allowed_categories: string[]):
return result;
}
async function checkWorkflow(workflowPath: string, propertiesPath: string, allowed_categories: string[]): Promise<WorkflowWithErrors> {
async function checkWorkflow(workflowPath: string, propertiesPath: string, allowed_categories: object[]): Promise<WorkflowWithErrors> {
let workflowErrors: WorkflowWithErrors = {
id: workflowPath,
name: null,
@@ -104,9 +105,19 @@ async function checkWorkflow(workflowPath: string, propertiesPath: string, allow
}
}
if (!workflowPath.endsWith("blank.yml") && (!properties.categories ||
!properties.categories.some(category => allowed_categories.some(ac => ac.toLowerCase() == category.toLowerCase())))) {
workflowErrors.errors.push(`Workflow does not contain at least one allowed category - ${allowed_categories}`)
var path = dirname(workflowPath)
var folder_categories = allowed_categories.find( category => category["path"] == path)["categories"]
if (!workflowPath.endsWith("blank.yml")) {
if(!properties.categories || properties.categories.length == 0) {
workflowErrors.errors.push(`Workflow categories cannot be null or empty`)
}
else if(!folder_categories.some(category => properties.categories[0].toLowerCase() == category.toLowerCase())) {
workflowErrors.errors.push(`The first category in properties.json categories for workflow in ${basename(path)} folder must be one of "${folder_categories}. Either move the workflow to an appropriate directory or change the category."`)
}
}
if(basename(path).toLowerCase() == 'deployments' && !properties.creator) {
workflowErrors.errors.push(`The "creator" in properties.json must be present.`)
}
} catch (e) {
workflowErrors.errors.push(e.toString())
+18 -6
View File
@@ -5,10 +5,22 @@
"../../deployments",
"../../code-scanning"
],
"allowed_categories" : [
"Continuous integration",
"Deployment",
"Code Scanning",
"Automation"
"allowed_categories": [
{
"path": "../../ci",
"categories": ["Continuous integration"]
},
{
"path": "../../automation",
"categories": ["Automation"]
},
{
"path": "../../deployments",
"categories": ["Deployment"]
},
{
"path": "../../code-scanning",
"categories": ["Code Scanning", "Dependency review"]
}
]
}
}