From 3e8902ca5688bff9a7736fff0197c2bd208b4a5f Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Thu, 5 May 2022 15:55:43 +0530 Subject: [PATCH 01/55] Add dependabot --- .github/dependabot.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..62283f9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,16 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" From 746c698c90f01168f2f0bdfda89de9b7b9676cd8 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Fri, 10 Dec 2021 20:21:44 -0500 Subject: [PATCH 02/55] chore: upgrade package-lock.json to v2 --- script/sync-ghes/package-lock.json | 160 +++++++++++++++++++++- script/validate-data/package-lock.json | 177 ++++++++++++++++++++++++- 2 files changed, 334 insertions(+), 3 deletions(-) diff --git a/script/sync-ghes/package-lock.json b/script/sync-ghes/package-lock.json index ebcd318..768bbda 100644 --- a/script/sync-ghes/package-lock.json +++ b/script/sync-ghes/package-lock.json @@ -1,8 +1,166 @@ { "name": "sync-ghes-actions", "version": "1.0.0", - "lockfileVersion": 1, + "lockfileVersion": 2, "requires": true, + "packages": { + "": { + "name": "sync-ghes-actions", + "version": "1.0.0", + "license": "MIT", + "dependencies": { + "js-yaml": "^3.13.1" + }, + "devDependencies": { + "@types/js-yaml": "^3.12.4", + "@types/node": "^14.0.1", + "ts-node": "^8.10.1", + "typescript": "^3.9.2" + } + }, + "node_modules/@types/js-yaml": { + "version": "3.12.4", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.4.tgz", + "integrity": "sha512-fYMgzN+9e28R81weVN49inn/u798ruU91En1ZnGvSZzCRc5jXx9B2EDhlRaWmcO1RIxFHL8AajRXzxDuJu93+A==", + "dev": true + }, + "node_modules/@types/node": { + "version": "14.0.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-14.0.1.tgz", + "integrity": "sha512-FAYBGwC+W6F9+huFIDtn43cpy7+SzG+atzRiTfdp3inUKL2hXnd4rG8hylJLIh4+hqrQy1P17kvJByE/z825hA==", + "dev": true + }, + "node_modules/arg": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==", + "dev": true + }, + "node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/buffer-from": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", + "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==", + "dev": true + }, + "node_modules/diff": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", + "dev": true, + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/js-yaml": { + "version": "3.13.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz", + "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", + "dev": true + }, + "node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/source-map-support": { + "version": "0.5.19", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.19.tgz", + "integrity": "sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw==", + "dev": true, + "dependencies": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + } + }, + "node_modules/sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=" + }, + "node_modules/ts-node": { + "version": "8.10.1", + "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-8.10.1.tgz", + "integrity": "sha512-bdNz1L4ekHiJul6SHtZWs1ujEKERJnHs4HxN7rjTyyVOFf3HaJ6sLqe6aPG62XTzAB/63pKRh5jTSWL0D7bsvw==", + "dev": true, + "dependencies": { + "arg": "^4.1.0", + "diff": "^4.0.1", + "make-error": "^1.1.1", + "source-map-support": "^0.5.17", + "yn": "3.1.1" + }, + "bin": { + "ts-node": "dist/bin.js", + "ts-node-script": "dist/bin-script.js", + "ts-node-transpile-only": "dist/bin-transpile.js", + "ts-script": "dist/bin-script-deprecated.js" + }, + "engines": { + "node": ">=6.0.0" + }, + "peerDependencies": { + "typescript": ">=2.7" + } + }, + "node_modules/typescript": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.2.tgz", + "integrity": "sha512-q2ktq4n/uLuNNShyayit+DTobV2ApPEo/6so68JaD5ojvc/6GClBipedB9zNWYxRSAlZXAe405Rlijzl6qDiSw==", + "dev": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=4.2.0" + } + }, + "node_modules/yn": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", + "dev": true, + "engines": { + "node": ">=6" + } + } + }, "dependencies": { "@types/js-yaml": { "version": "3.12.4", diff --git a/script/validate-data/package-lock.json b/script/validate-data/package-lock.json index 8839d6a..e660b6a 100644 --- a/script/validate-data/package-lock.json +++ b/script/validate-data/package-lock.json @@ -1,8 +1,181 @@ { - "name": "sync-ghes-actions", + "name": "validate-data", "version": "1.0.0", - "lockfileVersion": 1, + "lockfileVersion": 2, "requires": true, + "packages": { + "": { + "name": "validate-data", + "version": "1.0.0", + "license": "MIT", + "dependencies": { + "@actions/core": "^1.2.6", + "js-yaml": "^3.13.1", + "jsonschema": "^1.2.6" + }, + "devDependencies": { + "@types/js-yaml": "^3.12.4", + "@types/node": "^14.0.1", + "ts-node": "^8.10.1", + "typescript": "^3.9.2" + } + }, + "node_modules/@actions/core": { + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz", + "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA==" + }, + "node_modules/@types/js-yaml": { + "version": "3.12.4", + "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.4.tgz", + "integrity": "sha512-fYMgzN+9e28R81weVN49inn/u798ruU91En1ZnGvSZzCRc5jXx9B2EDhlRaWmcO1RIxFHL8AajRXzxDuJu93+A==", + "dev": true + }, + "node_modules/@types/node": { + "version": "14.0.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-14.0.1.tgz", + "integrity": "sha512-FAYBGwC+W6F9+huFIDtn43cpy7+SzG+atzRiTfdp3inUKL2hXnd4rG8hylJLIh4+hqrQy1P17kvJByE/z825hA==", + "dev": true + }, + "node_modules/arg": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==", + "dev": true + }, + "node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/buffer-from": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", + "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==", + "dev": true + }, + "node_modules/diff": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", + "dev": true, + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/js-yaml": { + "version": "3.13.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz", + "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/jsonschema": { + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/jsonschema/-/jsonschema-1.2.6.tgz", + "integrity": "sha512-SqhURKZG07JyKKeo/ir24QnS4/BV7a6gQy93bUSe4lUdNp0QNpIz2c9elWJQ9dpc5cQYY6cvCzgRwy0MQCLyqA==", + "engines": { + "node": "*" + } + }, + "node_modules/make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", + "dev": true + }, + "node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/source-map-support": { + "version": "0.5.19", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.19.tgz", + "integrity": "sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw==", + "dev": true, + "dependencies": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + } + }, + "node_modules/sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=" + }, + "node_modules/ts-node": { + "version": "8.10.1", + "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-8.10.1.tgz", + "integrity": "sha512-bdNz1L4ekHiJul6SHtZWs1ujEKERJnHs4HxN7rjTyyVOFf3HaJ6sLqe6aPG62XTzAB/63pKRh5jTSWL0D7bsvw==", + "dev": true, + "dependencies": { + "arg": "^4.1.0", + "diff": "^4.0.1", + "make-error": "^1.1.1", + "source-map-support": "^0.5.17", + "yn": "3.1.1" + }, + "bin": { + "ts-node": "dist/bin.js", + "ts-node-script": "dist/bin-script.js", + "ts-node-transpile-only": "dist/bin-transpile.js", + "ts-script": "dist/bin-script-deprecated.js" + }, + "engines": { + "node": ">=6.0.0" + }, + "peerDependencies": { + "typescript": ">=2.7" + } + }, + "node_modules/typescript": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.2.tgz", + "integrity": "sha512-q2ktq4n/uLuNNShyayit+DTobV2ApPEo/6so68JaD5ojvc/6GClBipedB9zNWYxRSAlZXAe405Rlijzl6qDiSw==", + "dev": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=4.2.0" + } + }, + "node_modules/yn": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", + "dev": true, + "engines": { + "node": ">=6" + } + } + }, "dependencies": { "@actions/core": { "version": "1.2.6", From f13e67688e4d309342ada48c6c463d0c17e17d5c Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Sun, 16 Jan 2022 17:36:35 -0500 Subject: [PATCH 03/55] ci: use Node 16 with caching for internal actions --- .github/workflows/sync-ghes.yaml | 4 +++- .github/workflows/validate-data.yaml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sync-ghes.yaml b/.github/workflows/sync-ghes.yaml index fb9c623..aba7780 100644 --- a/.github/workflows/sync-ghes.yaml +++ b/.github/workflows/sync-ghes.yaml @@ -18,7 +18,9 @@ jobs: git config user.name "GitHub Actions" - uses: actions/setup-node@v3 with: - node-version: '12' + node-version: '16' + cache: 'npm' + cache-dependency-path: script/sync-ghes/package-lock.json - name: Check starter workflows for GHES compat run: | npm ci diff --git a/.github/workflows/validate-data.yaml b/.github/workflows/validate-data.yaml index d2ac9a5..7f8701d 100644 --- a/.github/workflows/validate-data.yaml +++ b/.github/workflows/validate-data.yaml @@ -14,7 +14,9 @@ jobs: - uses: actions/setup-node@v3 with: - node-version: "12" + node-version: '16' + cache: 'npm' + cache-dependency-path: script/validate-data/package-lock.json - name: Validate workflows run: | From 4235f787e51ef913ae2ae78052c2d771b01f515f Mon Sep 17 00:00:00 2001 From: James Moore Date: Tue, 28 Jun 2022 08:00:44 +0100 Subject: [PATCH 04/55] fix cosign command line args --- ci/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml index 71aff41..e88539d 100644 --- a/ci/docker-publish.yml +++ b/ci/docker-publish.yml @@ -90,4 +90,4 @@ jobs: COSIGN_EXPERIMENTAL: "true" # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. - run: cosign sign ${{ steps.meta.outputs.tags }}@${{ steps.build-and-push.outputs.digest }} + run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} From 948fdf226a354119fd08717925bc56caaf64c165 Mon Sep 17 00:00:00 2001 From: Federico Builes Date: Tue, 28 Jun 2022 17:20:56 +0200 Subject: [PATCH 05/55] Update the sample version of the Dependency Review action. --- code-scanning/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/dependency-review.yml b/code-scanning/dependency-review.yml index 8966511..fe461b4 100644 --- a/code-scanning/dependency-review.yml +++ b/code-scanning/dependency-review.yml @@ -17,4 +17,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@v3 - name: 'Dependency Review' - uses: actions/dependency-review-action@v1 + uses: actions/dependency-review-action@v2 From 313d29fe98742126d16aed69a2e4e534180470d8 Mon Sep 17 00:00:00 2001 From: Andreas Nesheim Date: Tue, 5 Jul 2022 09:53:27 +0200 Subject: [PATCH 06/55] Update dotnet.yml --- ci/dotnet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/dotnet.yml b/ci/dotnet.yml index 5974d4a..a8eccab 100644 --- a/ci/dotnet.yml +++ b/ci/dotnet.yml @@ -16,7 +16,7 @@ jobs: - name: Setup .NET uses: actions/setup-dotnet@v2 with: - dotnet-version: 5.0.x + dotnet-version: 6.0.x - name: Restore dependencies run: dotnet restore - name: Build From b8cd0487750ed06b0ca6a9e878f561ddaa3d6ab0 Mon Sep 17 00:00:00 2001 From: Andreas Nesheim Date: Tue, 5 Jul 2022 09:57:44 +0200 Subject: [PATCH 07/55] Update dotnet-desktop.yml --- ci/dotnet-desktop.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/dotnet-desktop.yml b/ci/dotnet-desktop.yml index 00a78c7..bd2cb2e 100644 --- a/ci/dotnet-desktop.yml +++ b/ci/dotnet-desktop.yml @@ -71,7 +71,7 @@ jobs: - name: Install .NET Core uses: actions/setup-dotnet@v2 with: - dotnet-version: 5.0.x + dotnet-version: 6.0.x # Add MSBuild to the PATH: https://github.com/microsoft/setup-msbuild - name: Setup MSBuild.exe From 4d31a0b2a19136fed4d8f8beb6745c43c9530d66 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 00:47:52 +0000 Subject: [PATCH 08/55] update --- ci/go-ossf-slsa3-publish.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/ci/go-ossf-slsa3-publish.yml b/ci/go-ossf-slsa3-publish.yml index 3f1b732..a738875 100644 --- a/ci/go-ossf-slsa3-publish.yml +++ b/ci/go-ossf-slsa3-publish.yml @@ -20,16 +20,19 @@ on: permissions: read-all jobs: + # ======================================================================================================================================== + # Prerequesite: Create a .slsa-goreleaser.yml in the root directory of your project. + # See format in https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md#configuration-file + #========================================================================================================================================= build: permissions: id-token: write # To sign. contents: write # To upload release assets. actions: read # To read workflow path. - # If you need more configuration options, such as ldflag examples, - # visit https://github.com/slsa-framework/slsa-github-generator#golang-projects. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.1.1 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.2.0 with: - # By default, the config file is .slsa-goreleaser.yml in the root directory. - # The format of the config file is described in - # https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md#configuration-file. go-version: 1.17 + # ============================================================================================================= + # Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects + # ============================================================================================================= + From 157a5156d853fdfdef304b631876bf6b92526ed8 Mon Sep 17 00:00:00 2001 From: omerzi Date: Tue, 26 Jul 2022 10:54:41 +0300 Subject: [PATCH 09/55] Adding JFrog Frogbot to GitHub starter workflows --- code-scanning/frogbot-fix.yml | 56 +++++++++ code-scanning/frogbot-scan-pr.yml | 112 ++++++++++++++++++ .../properties/frogbot-fix.properties.json | 15 +++ .../frogbot-scan-pr.properties.json | 15 +++ icons/frogbot.svg | 80 +++++++++++++ 5 files changed, 278 insertions(+) create mode 100644 code-scanning/frogbot-fix.yml create mode 100644 code-scanning/frogbot-scan-pr.yml create mode 100644 code-scanning/properties/frogbot-fix.properties.json create mode 100644 code-scanning/properties/frogbot-scan-pr.properties.json create mode 100644 icons/frogbot.svg diff --git a/code-scanning/frogbot-fix.yml b/code-scanning/frogbot-fix.yml new file mode 100644 index 0000000..278e8fa --- /dev/null +++ b/code-scanning/frogbot-fix.yml @@ -0,0 +1,56 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot + +name: "Frogbot Fix" +on: + push: + branches: + # The scanning and creation of pull requests with fixes are triggered by pushing code to one of the these branches. + # You can edit the list of branches you wish to open fix pull requests on. + - "main" + - "master" +permissions: + contents: write + pull-requests: write +jobs: + create-fix-pull-requests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + # Install prerequisites - uncomment the relevant one + + # - uses: actions/setup-go@v3 + # with: + # go-version: 1.17.x + + # - uses: actions/setup-java@v3 + # with: + # java-version: "11" + # distribution: "temurin" + + # - uses: actions/setup-node@v3 + # with: + # node-version: "16.x" + + + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) + JF_URL: ${{ secrets.FROGBOT_URL }} + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} + + # [Mandatory] + # The GitHub token automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # [Mandatory if using npm] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "npm i" \ No newline at end of file diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml new file mode 100644 index 0000000..54304d3 --- /dev/null +++ b/code-scanning/frogbot-scan-pr.yml @@ -0,0 +1,112 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: "Frogbot Scan" +on: + pull_request_target: + types: [ opened, synchronize ] +permissions: + pull-requests: write +jobs: + scan-pull-request: + runs-on: ubuntu-latest + # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the + # "frogbot" GitHub environment can approve the pull request to be scanned. + environment: frogbot + steps: + - uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.sha }} + + # Install prerequisites - uncomment the relevant ones + + # - uses: actions/setup-go@v3 + # with: + # go-version: 1.17.x + + # - uses: actions/setup-java@v3 + # with: + # java-version: "11" + # distribution: "temurin" + + # - uses: actions/setup-node@v3 + # with: + # node-version: "16.x" + + # - uses: gradle/gradle-build-action@v2 + + # - uses: actions/setup-dotnet@v2 + # with: + # dotnet-version: "3.1.x" + + # - uses: nuget/setup-nuget@v1 + # with: + # nuget-version: "5.x" + + # - uses: actions/setup-python@v3 + # with: + # python-version: "3.x" + + # - run: pipx install pipenv + + - uses: jfrog/frogbot@v2 + env: + # [Mandatory] + # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) + JF_URL: ${{ secrets.JF_URL }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog username with 'read' permissions for Xray. Must be provided with JF_PASSWORD + JF_USER: ${{ secrets.JF_USER }} + + # [Mandatory if JF_ACCESS_TOKEN is not provided] + # JFrog password. Must be provided with JF_USER + JF_PASSWORD: ${{ secrets.JF_PASSWORD }} + + # [Mandatory] + # The GitHub token automatically generated for the job + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Uncomment the below options if you'd like to use them. + + # [Mandatory when using npm] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "npm i" + + # [Mandatory when using .NET] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "dotnet restore" + + # [Optional when using Nuget] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "nuget restore" + + # [Optional when using Pip] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "pip install" + + # [Optional when using Pipenv] + # The command that installs the dependencies + # JF_INSTALL_DEPS_CMD: "pipenv install" + + # [Optional, default: https://api.github.com] + # API endpoint to GitHub + # JF_GIT_API_ENDPOINT: https://github.example.com + + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} + + # [Optional, default: "."] + # Relative path to the project in the git repository + # JF_WORKING_DIR: path/to/working/dir + + # [Optional] + # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches + # JF_WATCHES: ,... + + # [Optional] + # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects + # JF_PROJECT: \ No newline at end of file diff --git a/code-scanning/properties/frogbot-fix.properties.json b/code-scanning/properties/frogbot-fix.properties.json new file mode 100644 index 0000000..5d04487 --- /dev/null +++ b/code-scanning/properties/frogbot-fix.properties.json @@ -0,0 +1,15 @@ +{ + "name": "Frogbot Scan and Fix", + "description": "Automatically creates pull requests with fixes for vulnerable project dependencies. Uses JFrog Xray to scan the project. Included as part of JFrog's free subscription.", + "iconName": "frogbot", + "categories": [ + "Code Scanning", + "Go Module", + "Maven POM", + "NPM Config", + "Gradle", + "C#", + "Python" + ], + "organization": "JFrog" +} \ No newline at end of file diff --git a/code-scanning/properties/frogbot-scan-pr.properties.json b/code-scanning/properties/frogbot-scan-pr.properties.json new file mode 100644 index 0000000..e0a93c8 --- /dev/null +++ b/code-scanning/properties/frogbot-scan-pr.properties.json @@ -0,0 +1,15 @@ +{ + "name": "Frogbot Scan Pull Requests", + "description": "Automatically scans new pull requests for security vulnerabilities. Uses JFrog Xray to scan the project. Included as part of JFrog's free subscription.", + "iconName": "frogbot", + "categories": [ + "Code Scanning", + "Go Module", + "Maven POM", + "NPM Config", + "Gradle", + "C#", + "Python" + ], + "owner": "JFrog" +} \ No newline at end of file diff --git a/icons/frogbot.svg b/icons/frogbot.svg new file mode 100644 index 0000000..21100d9 --- /dev/null +++ b/icons/frogbot.svg @@ -0,0 +1,80 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 8d20e653093dd0b3a96d85d7eb4acfdf17538708 Mon Sep 17 00:00:00 2001 From: omerzi Date: Tue, 26 Jul 2022 10:56:16 +0300 Subject: [PATCH 10/55] Adding JFrog Frogbot to GitHub starter workflows --- code-scanning/properties/frogbot-scan-pr.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/properties/frogbot-scan-pr.properties.json b/code-scanning/properties/frogbot-scan-pr.properties.json index e0a93c8..8f9626c 100644 --- a/code-scanning/properties/frogbot-scan-pr.properties.json +++ b/code-scanning/properties/frogbot-scan-pr.properties.json @@ -11,5 +11,5 @@ "C#", "Python" ], - "owner": "JFrog" + "organization": "JFrog" } \ No newline at end of file From 3f209e2e12fe65ca78260e8b76979987a7d04d8e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Jul 2022 11:07:22 +0000 Subject: [PATCH 11/55] Bump pozil/auto-assign-issue from 1.4.0 to 1.8.0 Bumps [pozil/auto-assign-issue](https://github.com/pozil/auto-assign-issue) from 1.4.0 to 1.8.0. - [Release notes](https://github.com/pozil/auto-assign-issue/releases) - [Commits](https://github.com/pozil/auto-assign-issue/compare/v1.4.0...v1.8.0) --- updated-dependencies: - dependency-name: pozil/auto-assign-issue dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-assign-issues.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-assign-issues.yml b/.github/workflows/auto-assign-issues.yml index b8406e9..a30a190 100644 --- a/.github/workflows/auto-assign-issues.yml +++ b/.github/workflows/auto-assign-issues.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Auto-assign issue' - uses: pozil/auto-assign-issue@v1.4.0 + uses: pozil/auto-assign-issue@v1.8.0 with: assignees: phantsure,tiwarishub,anuragc617,vsvipul,bishal-pdmsft numOfAssignee: 1 From d21062f26a40d2ecdff191dab5d946422d103194 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Jul 2022 12:06:19 +0000 Subject: [PATCH 12/55] Bump peter-evans/close-issue from 1 to 2 Bumps [peter-evans/close-issue](https://github.com/peter-evans/close-issue) from 1 to 2. - [Release notes](https://github.com/peter-evans/close-issue/releases) - [Commits](https://github.com/peter-evans/close-issue/compare/v1...v2) --- updated-dependencies: - dependency-name: peter-evans/close-issue dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/label-feature.yml | 2 +- .github/workflows/label-support.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/label-feature.yml b/.github/workflows/label-feature.yml index d13cf87..122caac 100644 --- a/.github/workflows/label-feature.yml +++ b/.github/workflows/label-feature.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Close Issue - uses: peter-evans/close-issue@v1 + uses: peter-evans/close-issue@v2 if: contains(github.event.issue.labels.*.name, 'feature') with: comment: | diff --git a/.github/workflows/label-support.yml b/.github/workflows/label-support.yml index ea0f240..e762afc 100644 --- a/.github/workflows/label-support.yml +++ b/.github/workflows/label-support.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Close Issue - uses: peter-evans/close-issue@v1 + uses: peter-evans/close-issue@v2 if: contains(github.event.issue.labels.*.name, 'support') with: comment: | From 4a8f18e34dd13d2b6ee4d8da2ba72629eafe1609 Mon Sep 17 00:00:00 2001 From: Jess Bees Date: Wed, 27 Jul 2022 09:15:54 -0400 Subject: [PATCH 13/55] Add starter workflows for Pages builds and deployments (#1645) * commit dummy workflow * Update nextjs.yml * renaming * actually do a node build * add jekyll build & deploy * add permissions * update jekyll to use composite upload action * update next to use composite upload action * update icon yml * change nexjs icon * Cleanup further the Jekyll template * add gatsby starter workflow * fix composite error * fix updated actions * Add Hugo * Apply suggestions from code review * Inital commit for nuxtjs starter workflow * Cleanup all templates * Add baseUrl through an action * Use `base_url` output for Hugo configuration * Create static.yml * Create static.properties.json * clarify path * alternative jekyll icon with only tube * use alternate jekyll icon * use original xvg with proper viewBox parameters * Add paper-spa/configure-pages to starter workflows Replaces paper-spa/setup-pages where appropriate. * use setup-ruby action instead of our container * Add starter workflow for GitHub Pages's legacy Jekyll build Named `jekyll-gh-pages` so that it connotes the familiar "hands off" build process of the Jekyll build as performed by github pages workers, without sounding deprecated by using the words "legacy" or "classic". * Use the static_site_generator input so we can modify the correct config * Update gatsby.yml * Update wording on the 'legacy' jekyll workflow * Fix filename: this should have a json extension * Fix filename: this should have a .properties.json extension * Update nextjs.properties.json * Update static.properties.json * Fix typo in name of Gatsby * Remove pull_request triggers * Update to latest versions of core Actions * Remove '--if-present' flag from 'npm run build' commands to prevent silent failure * Perform static HTML export for Next.js * Add '--no-install' flag to 'npx' usage * Update Nuxt starter workflow to run 'generate' * Default to using npm if not using yarn * Reword 'nuxt generate' step name * Update pages/gatsby.yml * Update description of Jekyll starter workflow * Add configure-pages step to static workflow * Add configuration step to enable Pages * Pages: Set `PREFIX_PATHS` env var for Gatsby build * Update Next.js starter workflow to cache builds See https://nextjs.org/docs/advanced-features/ci-build-caching#github-actions * Update NuxtJS starter workflow to cache builds Basically modeled after the Gatsby starter workflow * Call out node ssg getting started + setup * Update nuxt documentation * Retarget actions referencing `paper-spa` to `actions` Also point to newly published `v1` tags rather than `main` or `v0`. Co-authored-by: yimysty Co-authored-by: Tommy Byrd Co-authored-by: Yoann Chaudet Co-authored-by: Timothy Co-authored-by: Smitha Borkar <12040799+smithaborkar@users.noreply.github.com> Co-authored-by: James M. Greene --- icons/gatsby.svg | 7 ++ icons/hugo.svg | 9 ++ icons/jekyll-tube.svg | 1 + icons/nextjs.svg | 3 + icons/nuxtjs.svg | 4 + pages/gatsby.yml | 96 +++++++++++++++++++ pages/hugo.yml | 66 +++++++++++++ pages/jekyll-gh-pages.yml | 50 ++++++++++ pages/jekyll.yml | 53 ++++++++++ pages/nextjs.yml | 95 ++++++++++++++++++ pages/nuxtjs.yml | 90 +++++++++++++++++ pages/properties/gatsby.properties.json | 7 ++ pages/properties/hugo.properties.json | 7 ++ .../jekyll-gh-pages.properties.json | 7 ++ pages/properties/jekyll.properties.json | 7 ++ pages/properties/nextjs.properties.json | 7 ++ pages/properties/nuxtjs.properties.json | 7 ++ pages/properties/static.properties.json | 7 ++ pages/static.yml | 42 ++++++++ 19 files changed, 565 insertions(+) create mode 100644 icons/gatsby.svg create mode 100644 icons/hugo.svg create mode 100644 icons/jekyll-tube.svg create mode 100644 icons/nextjs.svg create mode 100644 icons/nuxtjs.svg create mode 100644 pages/gatsby.yml create mode 100644 pages/hugo.yml create mode 100644 pages/jekyll-gh-pages.yml create mode 100644 pages/jekyll.yml create mode 100644 pages/nextjs.yml create mode 100644 pages/nuxtjs.yml create mode 100644 pages/properties/gatsby.properties.json create mode 100644 pages/properties/hugo.properties.json create mode 100644 pages/properties/jekyll-gh-pages.properties.json create mode 100644 pages/properties/jekyll.properties.json create mode 100644 pages/properties/nextjs.properties.json create mode 100644 pages/properties/nuxtjs.properties.json create mode 100644 pages/properties/static.properties.json create mode 100644 pages/static.yml diff --git a/icons/gatsby.svg b/icons/gatsby.svg new file mode 100644 index 0000000..5578b06 --- /dev/null +++ b/icons/gatsby.svg @@ -0,0 +1,7 @@ + + + Gatsby + + + + diff --git a/icons/hugo.svg b/icons/hugo.svg new file mode 100644 index 0000000..ea72a6f --- /dev/null +++ b/icons/hugo.svg @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/icons/jekyll-tube.svg b/icons/jekyll-tube.svg new file mode 100644 index 0000000..89dd55d --- /dev/null +++ b/icons/jekyll-tube.svg @@ -0,0 +1 @@ + diff --git a/icons/nextjs.svg b/icons/nextjs.svg new file mode 100644 index 0000000..c45d6e6 --- /dev/null +++ b/icons/nextjs.svg @@ -0,0 +1,3 @@ + + + diff --git a/icons/nuxtjs.svg b/icons/nuxtjs.svg new file mode 100644 index 0000000..bebded3 --- /dev/null +++ b/icons/nuxtjs.svg @@ -0,0 +1,4 @@ + + + + diff --git a/pages/gatsby.yml b/pages/gatsby.yml new file mode 100644 index 0000000..9cdf3fc --- /dev/null +++ b/pages/gatsby.yml @@ -0,0 +1,96 @@ +# Sample workflow for building and deploying a Gatsby site to GitHub Pages +# +# To get started with Gatsby see: https://www.gatsbyjs.com/docs/quick-start/ +# +name: Deploy Gatsby site to Pages + +on: + # Runs on pushes targeting the default branch + push: + branches: [$default-branch] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow one concurrent deployment +concurrency: + group: "pages" + cancel-in-progress: true + +# Default to bash +defaults: + run: + shell: bash + +jobs: + # Build job + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Detect package manager + id: detect-package-manager + run: | + if [ -f "${{ github.workspace }}/yarn.lock" ]; then + echo "::set-output name=manager::yarn" + echo "::set-output name=command::install" + exit 0 + elif [ -f "${{ github.workspace }}/package.json" ]; then + echo "::set-output name=manager::npm" + echo "::set-output name=command::ci" + exit 0 + else + echo "Unable to determine packager manager" + exit 1 + fi + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: "16" + cache: ${{ steps.detect-package-manager.outputs.manager }} + - name: Setup Pages + id: pages + uses: actions/configure-pages@v1 + with: + # Automatically inject pathPrefix in your Gatsby configuration file. + # + # You may remove this line if you want to manage the configuration yourself. + static_site_generator: gatsby + - name: Restore cache + uses: actions/cache@v3 + with: + path: | + public + .cache + key: ${{ runner.os }}-gatsby-build-${{ hashFiles('public') }} + restore-keys: | + ${{ runner.os }}-gatsby-build- + - name: Install dependencies + run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }} + - name: Build with Gatsby + env: + PREFIX_PATHS: 'true' + run: ${{ steps.detect-package-manager.outputs.manager }} run build + - name: Upload artifact + uses: actions/upload-pages-artifact@v1 + with: + path: ./public + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v1 diff --git a/pages/hugo.yml b/pages/hugo.yml new file mode 100644 index 0000000..07b2b85 --- /dev/null +++ b/pages/hugo.yml @@ -0,0 +1,66 @@ +# Sample workflow for building and deploying a Hugo site to GitHub Pages +name: Deploy Hugo site to Pages + +on: + # Runs on pushes targeting the default branch + push: + branches: [$default-branch] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow one concurrent deployment +concurrency: + group: "pages" + cancel-in-progress: true + +# Default to bash +defaults: + run: + shell: bash + +jobs: + # Build job + build: + runs-on: ubuntu-latest + env: + HUGO_VERSION: 0.99.0 + steps: + - name: Install Hugo CLI + run: | + wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_Linux-64bit.deb \ + && sudo dpkg -i ${{ runner.temp }}/hugo.deb + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: recursive + - name: Setup Pages + id: pages + uses: actions/configure-pages@v1 + - name: Build with Hugo + run: | + hugo \ + --minify \ + --baseURL ${{ steps.pages.outputs.base_url }} + - name: Upload artifact + uses: actions/upload-pages-artifact@v1 + with: + path: ./public + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v1 diff --git a/pages/jekyll-gh-pages.yml b/pages/jekyll-gh-pages.yml new file mode 100644 index 0000000..7ee1e97 --- /dev/null +++ b/pages/jekyll-gh-pages.yml @@ -0,0 +1,50 @@ +# Sample workflow for building and deploying a Jekyll site to GitHub Pages +name: Deploy Jekyll with GitHub Pages dependencies preinstalled + +on: + # Runs on pushes targeting the default branch + push: + branches: [$default-branch] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow one concurrent deployment +concurrency: + group: "pages" + cancel-in-progress: true + +jobs: + # Build job + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Pages + uses: actions/configure-pages@v1 + - name: Build with Jekyll + uses: actions/jekyll-build-pages@v1 + with: + source: ./ + destination: ./_site + - name: Upload artifact + uses: actions/upload-pages-artifact@v1 + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v1 diff --git a/pages/jekyll.yml b/pages/jekyll.yml new file mode 100644 index 0000000..05c8761 --- /dev/null +++ b/pages/jekyll.yml @@ -0,0 +1,53 @@ +# Sample workflow for building and deploying a Jekyll site to GitHub Pages +name: Deploy Jekyll site to Pages + +on: + # Runs on pushes targeting the default branch + push: + branches: [$default-branch] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow one concurrent deployment +concurrency: + group: "pages" + cancel-in-progress: true + +jobs: + # Build job + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: '3.0' # Not needed with a .ruby-version file + bundler-cache: true # runs 'bundle install' and caches installed gems automatically + cache-version: 0 # Increment this number if you need to re-download cached gems + - name: Setup Pages + id: pages + uses: actions/configure-pages@v1 + - run: bundle exec jekyll build --baseurl ${{ steps.pages.outputs.base_path }} # defaults output to '/_site' + - name: Upload artifact + uses: actions/upload-pages-artifact@v1 # This will automatically upload an artifact from the '/_site' directory + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v1 diff --git a/pages/nextjs.yml b/pages/nextjs.yml new file mode 100644 index 0000000..79a1cc8 --- /dev/null +++ b/pages/nextjs.yml @@ -0,0 +1,95 @@ +# Sample workflow for building and deploying a Next.js site to GitHub Pages +# +# To get started with Next.js see: https://nextjs.org/docs/getting-started +# +name: Deploy Next.js site to Pages + +on: + # Runs on pushes targeting the default branch + push: + branches: [$default-branch] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow one concurrent deployment +concurrency: + group: "pages" + cancel-in-progress: true + +jobs: + # Build job + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Detect package manager + id: detect-package-manager + run: | + if [ -f "${{ github.workspace }}/yarn.lock" ]; then + echo "::set-output name=manager::yarn" + echo "::set-output name=command::install" + echo "::set-output name=runner::yarn" + exit 0 + elif [ -f "${{ github.workspace }}/package.json" ]; then + echo "::set-output name=manager::npm" + echo "::set-output name=command::ci" + echo "::set-output name=runner::npx --no-install" + exit 0 + else + echo "Unable to determine packager manager" + exit 1 + fi + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: "16" + cache: ${{ steps.detect-package-manager.outputs.manager }} + - name: Setup Pages + id: pages + uses: actions/configure-pages@v1 + with: + # Automatically inject basePath in your Next.js configuration file and disable + # server side image optimization (https://nextjs.org/docs/api-reference/next/image#unoptimized). + # + # You may remove this line if you want to manage the configuration yourself. + static_site_generator: next + - name: Restore cache + uses: actions/cache@v3 + with: + path: | + .next/cache + # Generate a new cache whenever packages or source files change. + key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }} + # If source files changed but packages didn't, rebuild from a prior cache. + restore-keys: | + ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}- + - name: Install dependencies + run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }} + - name: Build with Next.js + run: ${{ steps.detect-package-manager.outputs.runner }} next build + - name: Static HTML export with Next.js + run: ${{ steps.detect-package-manager.outputs.runner }} next export + - name: Upload artifact + uses: actions/upload-pages-artifact@v1 + with: + path: ./out + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v1 diff --git a/pages/nuxtjs.yml b/pages/nuxtjs.yml new file mode 100644 index 0000000..87c1201 --- /dev/null +++ b/pages/nuxtjs.yml @@ -0,0 +1,90 @@ +# Sample workflow for building and deploying a Nuxt site to GitHub Pages +# +# To get started with Nuxt see: https://nuxtjs.org/docs/get-started/installation +# +name: Deploy Nuxt site to Pages + +on: + # Runs on pushes targeting the default branch + push: + branches: [$default-branch] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow one concurrent deployment +concurrency: + group: "pages" + cancel-in-progress: true + +jobs: + # Build job + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Detect package manager + id: detect-package-manager + run: | + if [ -f "${{ github.workspace }}/yarn.lock" ]; then + echo "::set-output name=manager::yarn" + echo "::set-output name=command::install" + exit 0 + elif [ -f "${{ github.workspace }}/package.json" ]; then + echo "::set-output name=manager::npm" + echo "::set-output name=command::ci" + exit 0 + else + echo "Unable to determine packager manager" + exit 1 + fi + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version: "16" + cache: ${{ steps.detect-package-manager.outputs.manager }} + - name: Setup Pages + id: pages + uses: actions/configure-pages@v1 + with: + # Automatically inject router.base in your Nuxt configuration file and set + # target to static (https://nuxtjs.org/docs/configuration-glossary/configuration-target/). + # + # You may remove this line if you want to manage the configuration yourself. + static_site_generator: nuxt + - name: Restore cache + uses: actions/cache@v3 + with: + path: | + dist + .nuxt + key: ${{ runner.os }}-nuxt-build-${{ hashFiles('dist') }} + restore-keys: | + ${{ runner.os }}-nuxt-build- + - name: Install dependencies + run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }} + - name: Static HTML export with Nuxt + run: ${{ steps.detect-package-manager.outputs.manager }} run generate + - name: Upload artifact + uses: actions/upload-pages-artifact@v1 + with: + path: ./dist + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v1 diff --git a/pages/properties/gatsby.properties.json b/pages/properties/gatsby.properties.json new file mode 100644 index 0000000..7d82424 --- /dev/null +++ b/pages/properties/gatsby.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Gatsby", + "creator": "GitHub Actions", + "description": "Package a Gatsby site.", + "iconName": "gatsby", + "categories": ["Pages"] +} \ No newline at end of file diff --git a/pages/properties/hugo.properties.json b/pages/properties/hugo.properties.json new file mode 100644 index 0000000..1fa902c --- /dev/null +++ b/pages/properties/hugo.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Hugo", + "creator": "GitHub Actions", + "description": "Package a Hugo site.", + "iconName": "hugo", + "categories": ["Pages"] +} \ No newline at end of file diff --git a/pages/properties/jekyll-gh-pages.properties.json b/pages/properties/jekyll-gh-pages.properties.json new file mode 100644 index 0000000..6f278c8 --- /dev/null +++ b/pages/properties/jekyll-gh-pages.properties.json @@ -0,0 +1,7 @@ +{ + "name": "GitHub Pages Jekyll", + "creator": "GitHub Actions", + "description": "Package a Jekyll site with GitHub Pages dependencies preinstalled.", + "iconName": "jekyll-tube", + "categories": ["Pages"] +} diff --git a/pages/properties/jekyll.properties.json b/pages/properties/jekyll.properties.json new file mode 100644 index 0000000..a6c9d5c --- /dev/null +++ b/pages/properties/jekyll.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Jekyll", + "creator": "GitHub Actions", + "description": "Package a Jekyll site.", + "iconName": "jekyll-tube", + "categories": ["Pages"] +} diff --git a/pages/properties/nextjs.properties.json b/pages/properties/nextjs.properties.json new file mode 100644 index 0000000..0b9d3b4 --- /dev/null +++ b/pages/properties/nextjs.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Next.js", + "creator": "GitHub Actions", + "description": "Package a Next.js site.", + "iconName": "nextjs", + "categories": ["Pages"] +} diff --git a/pages/properties/nuxtjs.properties.json b/pages/properties/nuxtjs.properties.json new file mode 100644 index 0000000..b799074 --- /dev/null +++ b/pages/properties/nuxtjs.properties.json @@ -0,0 +1,7 @@ +{ + "name": "NuxtJS", + "creator": "GitHub Actions", + "description": "Package a NuxtJS site.", + "iconName": "nuxtjs", + "categories": ["Pages"] +} \ No newline at end of file diff --git a/pages/properties/static.properties.json b/pages/properties/static.properties.json new file mode 100644 index 0000000..5b727a8 --- /dev/null +++ b/pages/properties/static.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Static HTML", + "creator": "GitHub Actions", + "description": "Deploy static files in a repository without a build.", + "iconName": "html", + "categories": ["Pages"] +} diff --git a/pages/static.yml b/pages/static.yml new file mode 100644 index 0000000..bd753e9 --- /dev/null +++ b/pages/static.yml @@ -0,0 +1,42 @@ +# Simple workflow for deploying static content to GitHub Pages +name: Deploy static content to Pages + +on: + # Runs on pushes targeting the default branch + push: + branches: [$default-branch] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow one concurrent deployment +concurrency: + group: "pages" + cancel-in-progress: true + +jobs: + # Single deploy job since we're just deploying + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup Pages + uses: actions/configure-pages@v1 + - name: Upload artifact + uses: actions/upload-pages-artifact@v1 + with: + # Upload entire repository + path: '.' + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@main From e262f54fe94550c841313843fbad17fb37e0cd2a Mon Sep 17 00:00:00 2001 From: Yoann Chaudet Date: Thu, 28 Jul 2022 18:39:43 -0700 Subject: [PATCH 14/55] Address feedback --- pages/properties/gatsby.properties.json | 3 +-- pages/properties/hugo.properties.json | 3 +-- pages/properties/jekyll-gh-pages.properties.json | 3 +-- pages/properties/jekyll.properties.json | 3 +-- pages/properties/nextjs.properties.json | 3 +-- pages/properties/nuxtjs.properties.json | 3 +-- pages/properties/static.properties.json | 1 - 7 files changed, 6 insertions(+), 13 deletions(-) diff --git a/pages/properties/gatsby.properties.json b/pages/properties/gatsby.properties.json index 7d82424..df260f8 100644 --- a/pages/properties/gatsby.properties.json +++ b/pages/properties/gatsby.properties.json @@ -1,7 +1,6 @@ { "name": "Gatsby", - "creator": "GitHub Actions", "description": "Package a Gatsby site.", "iconName": "gatsby", - "categories": ["Pages"] + "categories": ["Pages", "Gatsby"] } \ No newline at end of file diff --git a/pages/properties/hugo.properties.json b/pages/properties/hugo.properties.json index 1fa902c..b6f6dc7 100644 --- a/pages/properties/hugo.properties.json +++ b/pages/properties/hugo.properties.json @@ -1,7 +1,6 @@ { "name": "Hugo", - "creator": "GitHub Actions", "description": "Package a Hugo site.", "iconName": "hugo", - "categories": ["Pages"] + "categories": ["Pages", "Hugo"] } \ No newline at end of file diff --git a/pages/properties/jekyll-gh-pages.properties.json b/pages/properties/jekyll-gh-pages.properties.json index 6f278c8..3e38602 100644 --- a/pages/properties/jekyll-gh-pages.properties.json +++ b/pages/properties/jekyll-gh-pages.properties.json @@ -1,7 +1,6 @@ { "name": "GitHub Pages Jekyll", - "creator": "GitHub Actions", "description": "Package a Jekyll site with GitHub Pages dependencies preinstalled.", "iconName": "jekyll-tube", - "categories": ["Pages"] + "categories": ["Pages", "Jekyll"] } diff --git a/pages/properties/jekyll.properties.json b/pages/properties/jekyll.properties.json index a6c9d5c..8b4c1d2 100644 --- a/pages/properties/jekyll.properties.json +++ b/pages/properties/jekyll.properties.json @@ -1,7 +1,6 @@ { "name": "Jekyll", - "creator": "GitHub Actions", "description": "Package a Jekyll site.", "iconName": "jekyll-tube", - "categories": ["Pages"] + "categories": ["Pages", "Jekyll"] } diff --git a/pages/properties/nextjs.properties.json b/pages/properties/nextjs.properties.json index 0b9d3b4..4209908 100644 --- a/pages/properties/nextjs.properties.json +++ b/pages/properties/nextjs.properties.json @@ -1,7 +1,6 @@ { "name": "Next.js", - "creator": "GitHub Actions", "description": "Package a Next.js site.", "iconName": "nextjs", - "categories": ["Pages"] + "categories": ["Pages", "Next"] } diff --git a/pages/properties/nuxtjs.properties.json b/pages/properties/nuxtjs.properties.json index b799074..d79909e 100644 --- a/pages/properties/nuxtjs.properties.json +++ b/pages/properties/nuxtjs.properties.json @@ -1,7 +1,6 @@ { "name": "NuxtJS", - "creator": "GitHub Actions", "description": "Package a NuxtJS site.", "iconName": "nuxtjs", - "categories": ["Pages"] + "categories": ["Pages", "Nuxt"] } \ No newline at end of file diff --git a/pages/properties/static.properties.json b/pages/properties/static.properties.json index 5b727a8..7181b6e 100644 --- a/pages/properties/static.properties.json +++ b/pages/properties/static.properties.json @@ -1,6 +1,5 @@ { "name": "Static HTML", - "creator": "GitHub Actions", "description": "Deploy static files in a repository without a build.", "iconName": "html", "categories": ["Pages"] From 095efcc4ae6d78a141a5925360fec19a10d5fa45 Mon Sep 17 00:00:00 2001 From: Yoann Chaudet Date: Mon, 1 Aug 2022 06:34:01 -0700 Subject: [PATCH 15/55] more metadata --- pages/properties/static.properties.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/properties/static.properties.json b/pages/properties/static.properties.json index 7181b6e..372579c 100644 --- a/pages/properties/static.properties.json +++ b/pages/properties/static.properties.json @@ -2,5 +2,5 @@ "name": "Static HTML", "description": "Deploy static files in a repository without a build.", "iconName": "html", - "categories": ["Pages"] + "categories": ["Pages", "HTML", "JavaScript", "CSS"] } From e35bb09c200dd3bc2dccb7cf1e4f1aa5fce0a9a4 Mon Sep 17 00:00:00 2001 From: omerzi Date: Sun, 7 Aug 2022 09:32:25 +0300 Subject: [PATCH 16/55] Code review changes --- code-scanning/frogbot-fix.yml | 5 ++- code-scanning/frogbot-scan-pr.yml | 58 ++++++------------------------- 2 files changed, 14 insertions(+), 49 deletions(-) diff --git a/code-scanning/frogbot-fix.yml b/code-scanning/frogbot-fix.yml index 278e8fa..b51c269 100644 --- a/code-scanning/frogbot-fix.yml +++ b/code-scanning/frogbot-fix.yml @@ -2,6 +2,9 @@ # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. +# Frogbot Scan and Fix does the following: +# Automatically creates pull requests with fixes for vulnerable project dependencies. +# Uses JFrog Xray to scan the project. # Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot name: "Frogbot Fix" @@ -37,7 +40,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@v2 + - uses: jfrog/frogbot@2291fc454e8aeea77386cfcb85a1ae36765bb1f4 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index 54304d3..325cc24 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -2,6 +2,10 @@ # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. +# Frogbot Scan Pull Requests does the following: +# Automatically scans new pull requests for security vulnerabilities. +# Uses JFrog Xray to scan the project. +# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot name: "Frogbot Scan" on: @@ -35,23 +39,9 @@ jobs: # with: # node-version: "16.x" - # - uses: gradle/gradle-build-action@v2 + # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - # - uses: actions/setup-dotnet@v2 - # with: - # dotnet-version: "3.1.x" - - # - uses: nuget/setup-nuget@v1 - # with: - # nuget-version: "5.x" - - # - uses: actions/setup-python@v3 - # with: - # python-version: "3.x" - - # - run: pipx install pipenv - - - uses: jfrog/frogbot@v2 + - uses: jfrog/frogbot@2291fc454e8aeea77386cfcb85a1ae36765bb1f4 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) @@ -69,7 +59,9 @@ jobs: # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Uncomment the below options if you'd like to use them. + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} # [Mandatory when using npm] # The command that installs the dependencies @@ -79,34 +71,4 @@ jobs: # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "dotnet restore" - # [Optional when using Nuget] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "nuget restore" - - # [Optional when using Pip] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "pip install" - - # [Optional when using Pipenv] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "pipenv install" - - # [Optional, default: https://api.github.com] - # API endpoint to GitHub - # JF_GIT_API_ENDPOINT: https://github.example.com - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - # [Optional, default: "."] - # Relative path to the project in the git repository - # JF_WORKING_DIR: path/to/working/dir - - # [Optional] - # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches - # JF_WATCHES: ,... - - # [Optional] - # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects - # JF_PROJECT: \ No newline at end of file + # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request \ No newline at end of file From 552d98b770dc070aabb54827ef43ef6a8234969f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Aug 2022 13:23:06 +0000 Subject: [PATCH 17/55] Bump pozil/auto-assign-issue from 1.8.0 to 1.9.0 Bumps [pozil/auto-assign-issue](https://github.com/pozil/auto-assign-issue) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/pozil/auto-assign-issue/releases) - [Commits](https://github.com/pozil/auto-assign-issue/compare/v1.8.0...v1.9.0) --- updated-dependencies: - dependency-name: pozil/auto-assign-issue dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-assign-issues.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-assign-issues.yml b/.github/workflows/auto-assign-issues.yml index a30a190..ec278a6 100644 --- a/.github/workflows/auto-assign-issues.yml +++ b/.github/workflows/auto-assign-issues.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Auto-assign issue' - uses: pozil/auto-assign-issue@v1.8.0 + uses: pozil/auto-assign-issue@v1.9.0 with: assignees: phantsure,tiwarishub,anuragc617,vsvipul,bishal-pdmsft numOfAssignee: 1 From aa797da6b2edcd9760ce0321c2e7b7f872d08c06 Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Wed, 10 Aug 2022 18:19:19 +0530 Subject: [PATCH 18/55] Fix PR assign --- .github/workflows/auto-assign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml index 4dcc612..d7161b1 100644 --- a/.github/workflows/auto-assign.yml +++ b/.github/workflows/auto-assign.yml @@ -1,6 +1,6 @@ name: 'Auto Assign' on: - pull_request: + pull_request_target: types: [opened, ready_for_review] jobs: From 9bdc3e7253235498a505f21e37662dcfa54de969 Mon Sep 17 00:00:00 2001 From: Kenichi Kamiya Date: Thu, 11 Aug 2022 03:05:57 +0900 Subject: [PATCH 19/55] Refer actions/deploy-pages stable tag in pages/static --- pages/static.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/static.yml b/pages/static.yml index bd753e9..350b2c8 100644 --- a/pages/static.yml +++ b/pages/static.yml @@ -39,4 +39,4 @@ jobs: path: '.' - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@main + uses: actions/deploy-pages@v1 From 67805723f0bf3c53f17eaaea77e9cfd44d6a2417 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 00:59:05 +0000 Subject: [PATCH 20/55] update --- ci/generic-generator-ossf-slsa3-publish.yml | 63 +++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 ci/generic-generator-ossf-slsa3-publish.yml diff --git a/ci/generic-generator-ossf-slsa3-publish.yml b/ci/generic-generator-ossf-slsa3-publish.yml new file mode 100644 index 0000000..f843fd1 --- /dev/null +++ b/ci/generic-generator-ossf-slsa3-publish.yml @@ -0,0 +1,63 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow lets you compile your Go project using a SLSA3 compliant builder. +# This workflow will generate a so-called "provenance" file describing the steps +# that were performed to generate the final binary. +# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# https://github.com/slsa-framework/slsa-github-generator. +# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. +# For more information about SLSA and how it improves the supply-chain, visit slsa.dev. + +name: SLSA generic generator +on: + workflow_dispatch: + release: + types: [created] + +permissions: read-all + +jobs: + build: + outputs: + digests: ${{ steps.hash.outputs.digests }} + + steps: + # ======================================================== + # + # Step 1: Build your artifacts. + # + # ======================================================== + - name: Build artifacts + run: | + # These are some amazing artifacts. + echo "artifact1" > artifact1 + echo "artifact2" > artifact2 + + # ======================================================== + # + # Step 2: Add a step to generate the provenance subjects + # as shown below. Update the sha256 sum arguments + # to include all binaries that you generate + # provenance for. + # + # ======================================================== + - name: Generate subject + id: hash + run: | + set -euo pipefail + + echo "::set-output name=digests::$(sha256sum artifact1 artifact2 | base64 -w0)" + + provenance: + needs: [build] + permissions: + actions: read + id-token: write + contents: read + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0 + with: + base64-subjects: "${{ needs.build.outputs.digests }}" + upload-assets: true # Optional: Upload to a new release \ No newline at end of file From 0f26631ba6e9900520c570d1153140b812a9e870 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 01:04:52 +0000 Subject: [PATCH 21/55] update --- ...h.yml => generator-generic-ossf-slsa3-publish.yml} | 0 ...nerator-generic-ossf-slsa3-publish.properties.json | 7 +++++++ icons/generator-generic-ossf-slsa3-publish.svg | 11 +++++++++++ 3 files changed, 18 insertions(+) rename ci/{generic-generator-ossf-slsa3-publish.yml => generator-generic-ossf-slsa3-publish.yml} (100%) create mode 100644 ci/properties/generator-generic-ossf-slsa3-publish.properties.json create mode 100644 icons/generator-generic-ossf-slsa3-publish.svg diff --git a/ci/generic-generator-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml similarity index 100% rename from ci/generic-generator-ossf-slsa3-publish.yml rename to ci/generator-generic-ossf-slsa3-publish.yml diff --git a/ci/properties/generator-generic-ossf-slsa3-publish.properties.json b/ci/properties/generator-generic-ossf-slsa3-publish.properties.json new file mode 100644 index 0000000..2861c3f --- /dev/null +++ b/ci/properties/generator-generic-ossf-slsa3-publish.properties.json @@ -0,0 +1,7 @@ +{ + "name": "SLSA Generic generator", + "creator": "Open Source Security Foundation (OpenSSF)", + "description": "Generate SLSA3 provenance for your existing release workflows", + "iconName": "go-ossf-slsa3-publish", + "categories": ["Continuous integration"] +} diff --git a/icons/generator-generic-ossf-slsa3-publish.svg b/icons/generator-generic-ossf-slsa3-publish.svg new file mode 100644 index 0000000..ea77468 --- /dev/null +++ b/icons/generator-generic-ossf-slsa3-publish.svg @@ -0,0 +1,11 @@ + + + + + + + + + + + From c81201dd621f7167106925fcbb2db17b6381d430 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 01:06:11 +0000 Subject: [PATCH 22/55] update --- ci/generator-generic-ossf-slsa3-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index f843fd1..e37a3f3 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -60,4 +60,4 @@ jobs: uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0 with: base64-subjects: "${{ needs.build.outputs.digests }}" - upload-assets: true # Optional: Upload to a new release \ No newline at end of file + upload-assets: true # Optional: Upload to a new release From 19e6b35e8432c1d2915cbc9d86b12e4fcb0d1838 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 01:14:33 +0000 Subject: [PATCH 23/55] update --- ci/generator-generic-ossf-slsa3-publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index e37a3f3..eae7431 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -21,6 +21,7 @@ permissions: read-all jobs: build: + runs-on: ubuntu-latest outputs: digests: ${{ steps.hash.outputs.digests }} From 026c540730dd5bafad6c468af4cb2176bd0327cb Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 01:21:35 +0000 Subject: [PATCH 24/55] update --- ci/generator-generic-ossf-slsa3-publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index eae7431..54c110e 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -55,9 +55,9 @@ jobs: provenance: needs: [build] permissions: - actions: read - id-token: write - contents: read + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0 with: base64-subjects: "${{ needs.build.outputs.digests }}" From 30f1eecad156ad2196177709d0d2fe8f20eb8e78 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 15:55:40 +0000 Subject: [PATCH 25/55] update --- ci/generator-generic-ossf-slsa3-publish.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index 54c110e..feadcf2 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -3,10 +3,10 @@ # separate terms of service, privacy policy, and support # documentation. -# This workflow lets you compile your Go project using a SLSA3 compliant builder. -# This workflow will generate a so-called "provenance" file describing the steps +# This workflow lets you compile your Go project using a SLSA3 compliant builder +# This workflow will generate a so-called "provenance" file describing the steps # that were performed to generate the final binary. -# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# The project is an initiative of the OpenSSF (openssf.org) and is developed at # https://github.com/slsa-framework/slsa-github-generator. # The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. # For more information about SLSA and how it improves the supply-chain, visit slsa.dev. @@ -26,11 +26,13 @@ jobs: digests: ${{ steps.hash.outputs.digests }} steps: + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + # ======================================================== # # Step 1: Build your artifacts. # - # ======================================================== + # ======================================================== - name: Build artifacts run: | # These are some amazing artifacts. From aec987bfb55cb1003ba043fdd1a67426eba751e3 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Mon, 1 Aug 2022 15:00:08 +0000 Subject: [PATCH 26/55] comments --- ci/generator-generic-ossf-slsa3-publish.yml | 12 +++++++----- ...erator-generic-ossf-slsa3-publish.properties.json | 4 ++-- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index feadcf2..c8a3544 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -3,9 +3,8 @@ # separate terms of service, privacy policy, and support # documentation. -# This workflow lets you compile your Go project using a SLSA3 compliant builder -# This workflow will generate a so-called "provenance" file describing the steps -# that were performed to generate the final binary. +# This workflow lets you generate SLSA provenance file for your project. +# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements # The project is an initiative of the OpenSSF (openssf.org) and is developed at # https://github.com/slsa-framework/slsa-github-generator. # The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. @@ -26,7 +25,7 @@ jobs: digests: ${{ steps.hash.outputs.digests }} steps: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + uses: actions/checkout@v3 # ======================================================== # @@ -52,7 +51,10 @@ jobs: run: | set -euo pipefail - echo "::set-output name=digests::$(sha256sum artifact1 artifact2 | base64 -w0)" + # List the artifacts the provenance will refer to. + files=$(ls artifact*) + # Generate the subjects (base64 encoded). + echo "::set-output name=digests::$(sha256sum $files | base64 -w0)" provenance: needs: [build] diff --git a/ci/properties/generator-generic-ossf-slsa3-publish.properties.json b/ci/properties/generator-generic-ossf-slsa3-publish.properties.json index 2861c3f..32cf63d 100644 --- a/ci/properties/generator-generic-ossf-slsa3-publish.properties.json +++ b/ci/properties/generator-generic-ossf-slsa3-publish.properties.json @@ -2,6 +2,6 @@ "name": "SLSA Generic generator", "creator": "Open Source Security Foundation (OpenSSF)", "description": "Generate SLSA3 provenance for your existing release workflows", - "iconName": "go-ossf-slsa3-publish", - "categories": ["Continuous integration"] + "iconName": "generator-generic-ossf-slsa3-publish", + "categories": ["Continuous integration", "Go", "Elixir", "Erlang", "PHP", "Haskell", "Rust", "Java", "Scala", "Gradle", "Maven", "Python", "C", "C++", "TypeScript", "JavaScript", "npm", "Ruby", "HTML", "Composer", "Makefile", "Ada"] } From 6f7030b18ad1da672b55b9ca4f6ec1abed29f7ed Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Thu, 11 Aug 2022 13:32:01 +0000 Subject: [PATCH 27/55] update --- ci/generator-generic-ossf-slsa3-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index c8a3544..a249449 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -25,7 +25,7 @@ jobs: digests: ${{ steps.hash.outputs.digests }} steps: - uses: actions/checkout@v3 + - uses: actions/checkout@v3 # ======================================================== # From b206471e4d771114db07fd56357db8f2ae20a8d2 Mon Sep 17 00:00:00 2001 From: Dylan Rinker Date: Tue, 16 Aug 2022 09:24:41 -0400 Subject: [PATCH 28/55] Update clj-holes.yml - Fixed a typo in the upload-sarif@v1 action - Commented out the rules-repository. The template will now default to rules in git://clj-holmes/clj-holmes-rules#main, but the format is preserved. --- code-scanning/clj-holmes.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/clj-holmes.yml b/code-scanning/clj-holmes.yml index 4150cbb..3cfde14 100644 --- a/code-scanning/clj-holmes.yml +++ b/code-scanning/clj-holmes.yml @@ -31,7 +31,7 @@ jobs: - name: Scan code uses: clj-holmes/clj-holmes-action@200d2d03900917d7eb3c24fc691ab83579a87fcb with: - rules-repository: 'git://org/private-rules-repo#main' + # rules-repository: 'git://org/private-rules-repo#main' output-type: 'sarif' output-file: 'clj-holmes-results.sarif' fail-on-result: 'false' @@ -40,4 +40,4 @@ jobs: uses: github/codeql-action/upload-sarif@v1 with: sarif_file: ${{github.workspace}}/clj-holmes-results.sarif - ait-for-processing: true \ No newline at end of file + wait-for-processing: true From 65d796c94f140568865b90066331e52031cd8a8d Mon Sep 17 00:00:00 2001 From: Keith Zantow Date: Tue, 16 Aug 2022 12:47:02 -0400 Subject: [PATCH 29/55] Add Anchore Syft SBOM scan workflow --- code-scanning/anchore-syft.yml | 38 +++++++++++++++++++ .../properties/anchore-syft.properties.json | 7 ++++ 2 files changed, 45 insertions(+) create mode 100644 code-scanning/anchore-syft.yml create mode 100644 code-scanning/properties/anchore-syft.properties.json diff --git a/code-scanning/anchore-syft.yml b/code-scanning/anchore-syft.yml new file mode 100644 index 0000000..8180622 --- /dev/null +++ b/code-scanning/anchore-syft.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow checks out code, builds an image, performs a container image +# scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency +# submission API. + +# For more information on the Anchore sbom-action usage +# and parameters, see https://github.com/anchore/sbom-action. For more +# information about the Anchore SBOM tool, Syft, see +# https://github.com/anchore/syft +name: Anchore Syft SBOM scan + +on: + push: + branches: [ $default-branch, $protected-branches ] + +permissions: + contents: write + +jobs: + Anchore-Build-Scan: + permissions: + contents: write # required to upload to the Dependency submission API + runs-on: ubuntu-latest + steps: + - name: Checkout the code + uses: actions/checkout@v3 + - name: Build the Docker image + run: docker build . --file Dockerfile --tag localbuild/testimage:latest + - name: Scan the image and upload dependency results + uses: anchore/sbom-action@bb716408e75840bbb01e839347cd213767269d4a + with: + image: "localbuild/testimage:latest" + artifact-name: image.spdx.json + dependency-snapshot: true diff --git a/code-scanning/properties/anchore-syft.properties.json b/code-scanning/properties/anchore-syft.properties.json new file mode 100644 index 0000000..815f8b2 --- /dev/null +++ b/code-scanning/properties/anchore-syft.properties.json @@ -0,0 +1,7 @@ +{ + "name": "Anchore Syft SBOM Scan", + "organization": "Anchore", + "description": "Produce Software Bills of Materials based on Anchore's open source Syft tool.", + "iconName": "anchore", + "categories": ["Code Scanning", "dockerfile", "dependency-management"] +} From a82c7d200aac56c398fd9b679da120d310965861 Mon Sep 17 00:00:00 2001 From: omerzi Date: Sun, 7 Aug 2022 09:32:25 +0300 Subject: [PATCH 30/55] Code review changes --- ...ogbot-fix.yml => frogbot-scan-and-fix.yml} | 7 ++- code-scanning/frogbot-scan-pr.yml | 60 ++++--------------- ...n => frogbot-scan-and-fix.properties.json} | 0 .../frogbot-scan-pr.properties.json | 2 +- 4 files changed, 17 insertions(+), 52 deletions(-) rename code-scanning/{frogbot-fix.yml => frogbot-scan-and-fix.yml} (86%) rename code-scanning/properties/{frogbot-fix.properties.json => frogbot-scan-and-fix.properties.json} (100%) diff --git a/code-scanning/frogbot-fix.yml b/code-scanning/frogbot-scan-and-fix.yml similarity index 86% rename from code-scanning/frogbot-fix.yml rename to code-scanning/frogbot-scan-and-fix.yml index 278e8fa..c9ce731 100644 --- a/code-scanning/frogbot-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -2,9 +2,12 @@ # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. +# Frogbot Scan and Fix does the following: +# Automatically creates pull requests with fixes for vulnerable project dependencies. +# Uses JFrog Xray to scan the project. # Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot -name: "Frogbot Fix" +name: "Frogbot Scan and Fix" on: push: branches: @@ -37,7 +40,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@v2 + - uses: jfrog/frogbot@2291fc454e8aeea77386cfcb85a1ae36765bb1f4 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index 54304d3..a72ae4c 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -2,8 +2,12 @@ # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. +# Frogbot Scan Pull Request does the following: +# Automatically scans new pull requests for security vulnerabilities. +# Uses JFrog Xray to scan the project. +# Read more about Frogbot here - https://github.com/jfrog/frogbot#frogbot -name: "Frogbot Scan" +name: "Frogbot Scan Pull Request" on: pull_request_target: types: [ opened, synchronize ] @@ -35,23 +39,9 @@ jobs: # with: # node-version: "16.x" - # - uses: gradle/gradle-build-action@v2 + # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - # - uses: actions/setup-dotnet@v2 - # with: - # dotnet-version: "3.1.x" - - # - uses: nuget/setup-nuget@v1 - # with: - # nuget-version: "5.x" - - # - uses: actions/setup-python@v3 - # with: - # python-version: "3.x" - - # - run: pipx install pipenv - - - uses: jfrog/frogbot@v2 + - uses: jfrog/frogbot@2291fc454e8aeea77386cfcb85a1ae36765bb1f4 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) @@ -69,7 +59,9 @@ jobs: # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Uncomment the below options if you'd like to use them. + # [Mandatory if JF_USER and JF_PASSWORD are not provided] + # JFrog access token with 'read' permissions on Xray service + # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} # [Mandatory when using npm] # The command that installs the dependencies @@ -79,34 +71,4 @@ jobs: # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "dotnet restore" - # [Optional when using Nuget] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "nuget restore" - - # [Optional when using Pip] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "pip install" - - # [Optional when using Pipenv] - # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "pipenv install" - - # [Optional, default: https://api.github.com] - # API endpoint to GitHub - # JF_GIT_API_ENDPOINT: https://github.example.com - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - # JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }} - - # [Optional, default: "."] - # Relative path to the project in the git repository - # JF_WORKING_DIR: path/to/working/dir - - # [Optional] - # Xray Watches. Learn more about them here: https://www.jfrog.com/confluence/display/JFROG/Configuring+Xray+Watches - # JF_WATCHES: ,... - - # [Optional] - # JFrog project. Learn more about it here: https://www.jfrog.com/confluence/display/JFROG/Projects - # JF_PROJECT: \ No newline at end of file + # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request \ No newline at end of file diff --git a/code-scanning/properties/frogbot-fix.properties.json b/code-scanning/properties/frogbot-scan-and-fix.properties.json similarity index 100% rename from code-scanning/properties/frogbot-fix.properties.json rename to code-scanning/properties/frogbot-scan-and-fix.properties.json diff --git a/code-scanning/properties/frogbot-scan-pr.properties.json b/code-scanning/properties/frogbot-scan-pr.properties.json index 8f9626c..b74f3e6 100644 --- a/code-scanning/properties/frogbot-scan-pr.properties.json +++ b/code-scanning/properties/frogbot-scan-pr.properties.json @@ -1,5 +1,5 @@ { - "name": "Frogbot Scan Pull Requests", + "name": "Frogbot Scan Pull Request", "description": "Automatically scans new pull requests for security vulnerabilities. Uses JFrog Xray to scan the project. Included as part of JFrog's free subscription.", "iconName": "frogbot", "categories": [ From dc77db1892c77df0137f5391f7fa318d7b26b283 Mon Sep 17 00:00:00 2001 From: Sampark Sharma Date: Thu, 18 Aug 2022 12:49:49 +0530 Subject: [PATCH 31/55] Update CODEOWNERS to have pages team --- CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/CODEOWNERS b/CODEOWNERS index 91153de..0a7c0a5 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,3 +1,4 @@ * @actions/starter-workflows /code-scanning/ @actions/advanced-security-code-scanning @actions/starter-workflows +/pages/ @actions/pages @actions/starter-workflows From 4a6ec1eed26d248486e437ab7f525efbd3cba6a1 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Fri, 19 Aug 2022 09:45:08 -0500 Subject: [PATCH 32/55] Update Pages starter workflows to use actions/configure-pages@v2 --- pages/gatsby.yml | 2 +- pages/hugo.yml | 2 +- pages/jekyll-gh-pages.yml | 2 +- pages/jekyll.yml | 4 ++-- pages/nextjs.yml | 2 +- pages/nuxtjs.yml | 2 +- pages/static.yml | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pages/gatsby.yml b/pages/gatsby.yml index 9cdf3fc..4f2857d 100644 --- a/pages/gatsby.yml +++ b/pages/gatsby.yml @@ -57,7 +57,7 @@ jobs: cache: ${{ steps.detect-package-manager.outputs.manager }} - name: Setup Pages id: pages - uses: actions/configure-pages@v1 + uses: actions/configure-pages@v2 with: # Automatically inject pathPrefix in your Gatsby configuration file. # diff --git a/pages/hugo.yml b/pages/hugo.yml index 07b2b85..1978835 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -42,7 +42,7 @@ jobs: submodules: recursive - name: Setup Pages id: pages - uses: actions/configure-pages@v1 + uses: actions/configure-pages@v2 - name: Build with Hugo run: | hugo \ diff --git a/pages/jekyll-gh-pages.yml b/pages/jekyll-gh-pages.yml index 7ee1e97..8c7a207 100644 --- a/pages/jekyll-gh-pages.yml +++ b/pages/jekyll-gh-pages.yml @@ -28,7 +28,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Setup Pages - uses: actions/configure-pages@v1 + uses: actions/configure-pages@v2 - name: Build with Jekyll uses: actions/jekyll-build-pages@v1 with: diff --git a/pages/jekyll.yml b/pages/jekyll.yml index 05c8761..adc80a7 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -35,8 +35,8 @@ jobs: cache-version: 0 # Increment this number if you need to re-download cached gems - name: Setup Pages id: pages - uses: actions/configure-pages@v1 - - run: bundle exec jekyll build --baseurl ${{ steps.pages.outputs.base_path }} # defaults output to '/_site' + uses: actions/configure-pages@v2 + - run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}" # defaults output to '/_site' - name: Upload artifact uses: actions/upload-pages-artifact@v1 # This will automatically upload an artifact from the '/_site' directory diff --git a/pages/nextjs.yml b/pages/nextjs.yml index 79a1cc8..2993770 100644 --- a/pages/nextjs.yml +++ b/pages/nextjs.yml @@ -54,7 +54,7 @@ jobs: cache: ${{ steps.detect-package-manager.outputs.manager }} - name: Setup Pages id: pages - uses: actions/configure-pages@v1 + uses: actions/configure-pages@v2 with: # Automatically inject basePath in your Next.js configuration file and disable # server side image optimization (https://nextjs.org/docs/api-reference/next/image#unoptimized). diff --git a/pages/nuxtjs.yml b/pages/nuxtjs.yml index 87c1201..4f5a4fd 100644 --- a/pages/nuxtjs.yml +++ b/pages/nuxtjs.yml @@ -52,7 +52,7 @@ jobs: cache: ${{ steps.detect-package-manager.outputs.manager }} - name: Setup Pages id: pages - uses: actions/configure-pages@v1 + uses: actions/configure-pages@v2 with: # Automatically inject router.base in your Nuxt configuration file and set # target to static (https://nuxtjs.org/docs/configuration-glossary/configuration-target/). diff --git a/pages/static.yml b/pages/static.yml index 350b2c8..9e0e871 100644 --- a/pages/static.yml +++ b/pages/static.yml @@ -31,7 +31,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Setup Pages - uses: actions/configure-pages@v1 + uses: actions/configure-pages@v2 - name: Upload artifact uses: actions/upload-pages-artifact@v1 with: From a935168dbb30ef14da46efd208b4198a13477a6f Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Fri, 19 Aug 2022 10:15:25 -0500 Subject: [PATCH 33/55] Add a trailing slash back into the Hugo starter workflow for maximum backward compatibility with themes --- pages/hugo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index 1978835..51164f1 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -47,7 +47,7 @@ jobs: run: | hugo \ --minify \ - --baseURL ${{ steps.pages.outputs.base_url }} + --baseURL ${{ steps.pages.outputs.base_url }}/ - name: Upload artifact uses: actions/upload-pages-artifact@v1 with: From 8e45e8f5fbfb87a387e3a04d415d3249406f56f0 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Fri, 19 Aug 2022 10:17:23 -0500 Subject: [PATCH 34/55] Remove unused step ID from a few Pages workflows --- pages/nextjs.yml | 1 - pages/nuxtjs.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/pages/nextjs.yml b/pages/nextjs.yml index 2993770..5c2bf67 100644 --- a/pages/nextjs.yml +++ b/pages/nextjs.yml @@ -53,7 +53,6 @@ jobs: node-version: "16" cache: ${{ steps.detect-package-manager.outputs.manager }} - name: Setup Pages - id: pages uses: actions/configure-pages@v2 with: # Automatically inject basePath in your Next.js configuration file and disable diff --git a/pages/nuxtjs.yml b/pages/nuxtjs.yml index 4f5a4fd..4178f18 100644 --- a/pages/nuxtjs.yml +++ b/pages/nuxtjs.yml @@ -51,7 +51,6 @@ jobs: node-version: "16" cache: ${{ steps.detect-package-manager.outputs.manager }} - name: Setup Pages - id: pages uses: actions/configure-pages@v2 with: # Automatically inject router.base in your Nuxt configuration file and set From c7c674d47ef76ecbbd6d0c3a12934d31b2094be3 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Fri, 19 Aug 2022 11:28:44 -0500 Subject: [PATCH 35/55] Pages: Explicitly set Hugo environment as production --- pages/hugo.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/pages/hugo.yml b/pages/hugo.yml index 07b2b85..ea705f3 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -46,6 +46,7 @@ jobs: - name: Build with Hugo run: | hugo \ + --environment production --minify \ --baseURL ${{ steps.pages.outputs.base_url }} - name: Upload artifact From 6d0b6c7b277795626387ee24bdf45a62804c39f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 13:27:01 +0000 Subject: [PATCH 36/55] Bump pozil/auto-assign-issue from 1.9.0 to 1.10.0 Bumps [pozil/auto-assign-issue](https://github.com/pozil/auto-assign-issue) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/pozil/auto-assign-issue/releases) - [Commits](https://github.com/pozil/auto-assign-issue/compare/v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: pozil/auto-assign-issue dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-assign-issues.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-assign-issues.yml b/.github/workflows/auto-assign-issues.yml index ec278a6..0cb9345 100644 --- a/.github/workflows/auto-assign-issues.yml +++ b/.github/workflows/auto-assign-issues.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Auto-assign issue' - uses: pozil/auto-assign-issue@v1.9.0 + uses: pozil/auto-assign-issue@v1.10.0 with: assignees: phantsure,tiwarishub,anuragc617,vsvipul,bishal-pdmsft numOfAssignee: 1 From 467b0208ed901696ef31d79fe72a8e92a4b205da Mon Sep 17 00:00:00 2001 From: Milan Aryal <9361180+MilanAryal@users.noreply.github.com> Date: Mon, 22 Aug 2022 21:30:03 +0545 Subject: [PATCH 37/55] Pages: Set Jekyll environment as production --- pages/jekyll.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pages/jekyll.yml b/pages/jekyll.yml index 05c8761..36e29c3 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -37,6 +37,8 @@ jobs: id: pages uses: actions/configure-pages@v1 - run: bundle exec jekyll build --baseurl ${{ steps.pages.outputs.base_path }} # defaults output to '/_site' + env: + JEKYLL_ENV: production - name: Upload artifact uses: actions/upload-pages-artifact@v1 # This will automatically upload an artifact from the '/_site' directory From 5ab15a73492cdce9e2d0ec3a7a77106325270e92 Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Mon, 22 Aug 2022 12:13:18 -0700 Subject: [PATCH 38/55] Update scorecards.yml --- code-scanning/scorecards.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/code-scanning/scorecards.yml b/code-scanning/scorecards.yml index 539794d..e4f1d0f 100644 --- a/code-scanning/scorecards.yml +++ b/code-scanning/scorecards.yml @@ -25,12 +25,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e # v1.1.1 + uses: ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e # tag=v1.1.1 with: results_file: results.sarif results_format: sarif @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0 with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 + uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26 with: sarif_file: results.sarif From 0d3c129311ae22b406e99c27395a9a450b04076d Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Mon, 22 Aug 2022 14:37:34 -0500 Subject: [PATCH 39/55] Add missing backslash for multi-line continuation Co-authored-by: Yoann Chaudet --- pages/hugo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index ea705f3..5ab13b0 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -46,7 +46,7 @@ jobs: - name: Build with Hugo run: | hugo \ - --environment production + --environment production \ --minify \ --baseURL ${{ steps.pages.outputs.base_url }} - name: Upload artifact From 709400e808d401c345db341aa93fa473f91c8f85 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Mon, 22 Aug 2022 16:13:12 -0500 Subject: [PATCH 40/55] Set HUGO_ENV* env vars instead of CLI flag Reverts https://github.com/actions/starter-workflows/pull/1689 Fixes https://github.com/actions/starter-workflows/issues/1683 --- pages/hugo.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index 5ab13b0..da2f462 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -44,9 +44,12 @@ jobs: id: pages uses: actions/configure-pages@v1 - name: Build with Hugo + env: + # For maximum backward compatibility with Hugo modules + HUGO_ENVIRONMENT: production + HUGO_ENV: production run: | hugo \ - --environment production \ --minify \ --baseURL ${{ steps.pages.outputs.base_url }} - name: Upload artifact From bff759f503d37945684e33890eb21e671ab9f815 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Mon, 22 Aug 2022 16:39:05 -0500 Subject: [PATCH 41/55] Clarify './_site' directory usage --- pages/jekyll.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pages/jekyll.yml b/pages/jekyll.yml index adc80a7..5c7b90c 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -36,9 +36,12 @@ jobs: - name: Setup Pages id: pages uses: actions/configure-pages@v2 - - run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}" # defaults output to '/_site' + - name: Build with Jekyll + # Outputs to the './_site' directory by default + run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}" - name: Upload artifact - uses: actions/upload-pages-artifact@v1 # This will automatically upload an artifact from the '/_site' directory + # Automatically uploads an artifact from the './_site' directory by default + uses: actions/upload-pages-artifact@v1 # Deployment job deploy: From 27a76bc269764e7bffc4b0f694969e96dc3c8358 Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Tue, 23 Aug 2022 11:17:35 +0300 Subject: [PATCH 42/55] Update frogbot-scan-pr.yml --- code-scanning/frogbot-scan-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index 5ef3b1c..b732a55 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -42,7 +42,7 @@ jobs: # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - - uses: jfrog/frogbot@c8dfceda50ee19fee0cc19992c4a4aaffc95f4c6 + - uses: jfrog/frogbot@9678b9ea5bb1da478518345a454abaf1e7ecc637 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) @@ -72,4 +72,4 @@ jobs: # The command that installs the dependencies # JF_INSTALL_DEPS_CMD: "dotnet restore" - # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request \ No newline at end of file + # The full template list with full optional environment variables can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request From f4c529ed9fdaf315db0e6b0fa7c2585b9ebc26e0 Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Tue, 23 Aug 2022 11:17:52 +0300 Subject: [PATCH 43/55] Update frogbot-scan-and-fix.yml --- code-scanning/frogbot-scan-and-fix.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml index c9ce731..e48a301 100644 --- a/code-scanning/frogbot-scan-and-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -40,7 +40,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@2291fc454e8aeea77386cfcb85a1ae36765bb1f4 + - uses: jfrog/frogbot@9678b9ea5bb1da478518345a454abaf1e7ecc637 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) @@ -56,4 +56,4 @@ jobs: # [Mandatory if using npm] # The command that installs the dependencies - # JF_INSTALL_DEPS_CMD: "npm i" \ No newline at end of file + # JF_INSTALL_DEPS_CMD: "npm i" From 77485a55d02fe7bc782d6b07e192b53c1f9b7345 Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Tue, 23 Aug 2022 16:56:22 +0300 Subject: [PATCH 44/55] Update frogbot-scan-and-fix.yml --- code-scanning/frogbot-scan-and-fix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml index e48a301..56725f5 100644 --- a/code-scanning/frogbot-scan-and-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -40,7 +40,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@9678b9ea5bb1da478518345a454abaf1e7ecc637 + - uses: jfrog/frogbot@de3d42bf3a454ddf156632ae520a5ead49048416 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) From 5fd9f566895bae9243a07fe73bd9c8cb53d9fc15 Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Tue, 23 Aug 2022 16:56:36 +0300 Subject: [PATCH 45/55] Update frogbot-scan-pr.yml --- code-scanning/frogbot-scan-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index b732a55..bdc71b4 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -42,7 +42,7 @@ jobs: # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - - uses: jfrog/frogbot@9678b9ea5bb1da478518345a454abaf1e7ecc637 + - uses: jfrog/frogbot@de3d42bf3a454ddf156632ae520a5ead49048416 env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) From cdcdda3a89148c23d9fc83a0a63ca7c8c65d083a Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Wed, 24 Aug 2022 15:41:50 +0300 Subject: [PATCH 46/55] Update frogbot-scan-and-fix.properties.json --- code-scanning/properties/frogbot-scan-and-fix.properties.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/properties/frogbot-scan-and-fix.properties.json b/code-scanning/properties/frogbot-scan-and-fix.properties.json index 5d04487..a072c5a 100644 --- a/code-scanning/properties/frogbot-scan-and-fix.properties.json +++ b/code-scanning/properties/frogbot-scan-and-fix.properties.json @@ -11,5 +11,5 @@ "C#", "Python" ], - "organization": "JFrog" -} \ No newline at end of file + "creator": "JFrog" +} From bb6277cf2af38fd4bff0b737f2cbdb3f59e7279b Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Wed, 24 Aug 2022 15:42:10 +0300 Subject: [PATCH 47/55] Update frogbot-scan-pr.properties.json --- code-scanning/properties/frogbot-scan-pr.properties.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code-scanning/properties/frogbot-scan-pr.properties.json b/code-scanning/properties/frogbot-scan-pr.properties.json index b74f3e6..257f9d6 100644 --- a/code-scanning/properties/frogbot-scan-pr.properties.json +++ b/code-scanning/properties/frogbot-scan-pr.properties.json @@ -11,5 +11,5 @@ "C#", "Python" ], - "organization": "JFrog" -} \ No newline at end of file + "creator": "JFrog" +} From 5b0989e0424bb00942ebe8290af0c7d9f575317e Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Thu, 25 Aug 2022 10:24:32 -0500 Subject: [PATCH 48/55] Pages: Bring use of `ruby/setup-ruby` into compliance --- pages/jekyll.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pages/jekyll.yml b/pages/jekyll.yml index 36e29c3..c3f7781 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -1,3 +1,8 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + # Sample workflow for building and deploying a Jekyll site to GitHub Pages name: Deploy Jekyll site to Pages @@ -28,7 +33,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa with: ruby-version: '3.0' # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically From 0d82602f17f0f783f926e660e9c567a96e3a8a69 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Thu, 25 Aug 2022 22:46:15 -0500 Subject: [PATCH 49/55] Add optional quotes to Hugo CLI baseURL --- pages/hugo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index 0461b71..fb8c924 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -51,7 +51,7 @@ jobs: run: | hugo \ --minify \ - --baseURL ${{ steps.pages.outputs.base_url }}/ + --baseURL "${{ steps.pages.outputs.base_url }}/" - name: Upload artifact uses: actions/upload-pages-artifact@v1 with: From 9d734850ef2e1ed5d071ec980059f3a51aa46fcc Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Thu, 25 Aug 2022 23:42:31 -0500 Subject: [PATCH 50/55] Update all usages of ruby/setup-ruby to latest --- ci/ruby.yml | 2 +- ci/rubyonrails.yml | 4 ++-- code-scanning/brakeman.yml | 2 +- code-scanning/puppet-lint.yml | 2 +- code-scanning/rubocop.yml | 2 +- pages/jekyll.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ci/ruby.yml b/ci/ruby.yml index 81ea363..6340760 100644 --- a/ci/ruby.yml +++ b/ci/ruby.yml @@ -30,7 +30,7 @@ jobs: # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby, # change this to (see https://github.com/ruby/setup-ruby#versioning): # uses: ruby/setup-ruby@v1 - uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124 + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: ruby-version: ${{ matrix.ruby-version }} bundler-cache: true # runs 'bundle install' and caches installed gems automatically diff --git a/ci/rubyonrails.yml b/ci/rubyonrails.yml index 2ad891f..958a104 100644 --- a/ci/rubyonrails.yml +++ b/ci/rubyonrails.yml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@v3 # Add or replace dependency steps here - name: Install Ruby and gems - uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92 + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: bundler-cache: true # Add or replace database setup steps here @@ -46,7 +46,7 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - name: Install Ruby and gems - uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92 + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: bundler-cache: true # Add or replace any other lints here diff --git a/code-scanning/brakeman.yml b/code-scanning/brakeman.yml index 155208f..b04cabf 100644 --- a/code-scanning/brakeman.yml +++ b/code-scanning/brakeman.yml @@ -34,7 +34,7 @@ jobs: # Customize the ruby version depending on your needs - name: Setup Ruby - uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: ruby-version: '2.7' diff --git a/code-scanning/puppet-lint.yml b/code-scanning/puppet-lint.yml index 801b90b..d41b65b 100644 --- a/code-scanning/puppet-lint.yml +++ b/code-scanning/puppet-lint.yml @@ -35,7 +35,7 @@ jobs: uses: actions/checkout@v3 - name: Setup Ruby - uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: ruby-version: 2.7 bundler-cache: true diff --git a/code-scanning/rubocop.yml b/code-scanning/rubocop.yml index ed458b2..8018ca1 100644 --- a/code-scanning/rubocop.yml +++ b/code-scanning/rubocop.yml @@ -28,7 +28,7 @@ jobs: # If running on a self-hosted runner, check it meets the requirements # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners - name: Set up Ruby - uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: ruby-version: 2.6 diff --git a/pages/jekyll.yml b/pages/jekyll.yml index 37ee818..d039d12 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -33,7 +33,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Setup Ruby - uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: ruby-version: '3.0' # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically From 2f880ea2a2c40752e91d1e0c645d3e997fef9397 Mon Sep 17 00:00:00 2001 From: omerzi Date: Sun, 28 Aug 2022 16:07:58 +0300 Subject: [PATCH 51/55] Update Frogbot permissions and Tag --- code-scanning/frogbot-scan-and-fix.yml | 3 ++- code-scanning/frogbot-scan-pr.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml index 56725f5..a4b1c89 100644 --- a/code-scanning/frogbot-scan-and-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -18,6 +18,7 @@ on: permissions: contents: write pull-requests: write + security-events: write jobs: create-fix-pull-requests: runs-on: ubuntu-latest @@ -40,7 +41,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@de3d42bf3a454ddf156632ae520a5ead49048416 + - uses: jfrog/frogbot@34759934930c177bdefba6ca3a417589d4db6cab env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index bdc71b4..ec19d61 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -42,7 +42,7 @@ jobs: # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - - uses: jfrog/frogbot@de3d42bf3a454ddf156632ae520a5ead49048416 + - uses: jfrog/frogbot@34759934930c177bdefba6ca3a417589d4db6cab env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) From d13b97ea2931d2fcd9a5472cdd6dc838845a0f8a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Aug 2022 13:44:15 +0000 Subject: [PATCH 52/55] Bump kentaro-m/auto-assign-action from 1.2.1 to 1.2.2 Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/kentaro-m/auto-assign-action/releases) - [Commits](https://github.com/kentaro-m/auto-assign-action/compare/v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: kentaro-m/auto-assign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-assign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml index d7161b1..b0789b3 100644 --- a/.github/workflows/auto-assign.yml +++ b/.github/workflows/auto-assign.yml @@ -7,4 +7,4 @@ jobs: add-reviews: runs-on: ubuntu-latest steps: - - uses: kentaro-m/auto-assign-action@v1.2.1 + - uses: kentaro-m/auto-assign-action@v1.2.2 From a4af1b700b74cf840fba5cbc9502a1a3eb6a43c1 Mon Sep 17 00:00:00 2001 From: Austen Stone Date: Tue, 30 Aug 2022 10:13:31 -0400 Subject: [PATCH 53/55] branches --- .github/workflows/sync-ghes.yaml | 3 +-- code-scanning/frogbot-scan-and-fix.yml | 6 +----- deployments/alibabacloud.yml | 3 +-- deployments/aws.yml | 3 +-- deployments/azure-container-webapp.yml | 3 +-- deployments/azure-kubernetes-service-helm.yml | 3 +-- deployments/azure-kubernetes-service-kompose.yml | 3 +-- deployments/azure-kubernetes-service-kustomize.yml | 3 +-- deployments/azure-kubernetes-service.yml | 3 +-- deployments/azure-staticwebapp.yml | 6 ++---- deployments/azure-webapps-dotnet-core.yml | 3 +-- deployments/azure-webapps-java-jar.yml | 3 +-- deployments/azure-webapps-node.yml | 3 +-- deployments/azure-webapps-php.yml | 3 +-- deployments/azure-webapps-python.yml | 3 +-- deployments/google-cloudrun-docker.yml | 3 +-- deployments/google-cloudrun-source.yml | 3 +-- deployments/google.yml | 3 +-- deployments/ibm.yml | 3 +-- deployments/tencent.yml | 3 +-- deployments/terraform.yml | 3 +-- 21 files changed, 22 insertions(+), 47 deletions(-) diff --git a/.github/workflows/sync-ghes.yaml b/.github/workflows/sync-ghes.yaml index aba7780..c8b83c9 100644 --- a/.github/workflows/sync-ghes.yaml +++ b/.github/workflows/sync-ghes.yaml @@ -2,8 +2,7 @@ name: Sync workflows for GHES on: push: - branches: - - main + branches: [ $default-branch ] jobs: sync: diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml index 56725f5..4829c8f 100644 --- a/code-scanning/frogbot-scan-and-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -10,11 +10,7 @@ name: "Frogbot Scan and Fix" on: push: - branches: - # The scanning and creation of pull requests with fixes are triggered by pushing code to one of the these branches. - # You can edit the list of branches you wish to open fix pull requests on. - - "main" - - "master" + branches: [ $default-branch ] permissions: contents: write pull-requests: write diff --git a/deployments/alibabacloud.yml b/deployments/alibabacloud.yml index d7c27d9..9853b75 100644 --- a/deployments/alibabacloud.yml +++ b/deployments/alibabacloud.yml @@ -21,8 +21,7 @@ name: Build and Deploy to ACK on: push: - branches: - - $default-branch + branches: [ $default-branch ] # Environment variables available to all jobs and steps in this workflow. env: diff --git a/deployments/aws.yml b/deployments/aws.yml index 47253bf..9585844 100644 --- a/deployments/aws.yml +++ b/deployments/aws.yml @@ -28,8 +28,7 @@ name: Deploy to Amazon ECS on: push: - branches: - - $default-branch + branches: [ $default-branch ] env: AWS_REGION: MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1 diff --git a/deployments/azure-container-webapp.yml b/deployments/azure-container-webapp.yml index 8b69065..cc2e1dd 100644 --- a/deployments/azure-container-webapp.yml +++ b/deployments/azure-container-webapp.yml @@ -31,8 +31,7 @@ env: on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: permissions: diff --git a/deployments/azure-kubernetes-service-helm.yml b/deployments/azure-kubernetes-service-helm.yml index a6a2f4e..83a9163 100644 --- a/deployments/azure-kubernetes-service-helm.yml +++ b/deployments/azure-kubernetes-service-helm.yml @@ -34,8 +34,7 @@ name: Build and deploy an app to AKS with Helm on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-kubernetes-service-kompose.yml b/deployments/azure-kubernetes-service-kompose.yml index 60fe536..0e76365 100644 --- a/deployments/azure-kubernetes-service-kompose.yml +++ b/deployments/azure-kubernetes-service-kompose.yml @@ -33,8 +33,7 @@ name: Build and deploy an app to AKS with Kompose on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-kubernetes-service-kustomize.yml b/deployments/azure-kubernetes-service-kustomize.yml index d46cadb..1a89f3c 100644 --- a/deployments/azure-kubernetes-service-kustomize.yml +++ b/deployments/azure-kubernetes-service-kustomize.yml @@ -33,8 +33,7 @@ name: Build and deploy an app to AKS with Kustomize on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-kubernetes-service.yml b/deployments/azure-kubernetes-service.yml index d04a2ac..3e49419 100644 --- a/deployments/azure-kubernetes-service.yml +++ b/deployments/azure-kubernetes-service.yml @@ -29,8 +29,7 @@ name: Build and deploy an app to AKS on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-staticwebapp.yml b/deployments/azure-staticwebapp.yml index a40ecc2..8fe07ce 100644 --- a/deployments/azure-staticwebapp.yml +++ b/deployments/azure-staticwebapp.yml @@ -14,12 +14,10 @@ name: Deploy web app to Azure Static Web Apps on: push: - branches: - - $default-branch + branches: [ $default-branch ] pull_request: types: [opened, synchronize, reopened, closed] - branches: - - $default-branch + branches: [ $default-branch ] # Environment variables available to all jobs and steps in this workflow env: diff --git a/deployments/azure-webapps-dotnet-core.yml b/deployments/azure-webapps-dotnet-core.yml index 0b59686..9b21895 100644 --- a/deployments/azure-webapps-dotnet-core.yml +++ b/deployments/azure-webapps-dotnet-core.yml @@ -26,8 +26,7 @@ env: on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: permissions: diff --git a/deployments/azure-webapps-java-jar.yml b/deployments/azure-webapps-java-jar.yml index 6e3df8d..60fa68c 100644 --- a/deployments/azure-webapps-java-jar.yml +++ b/deployments/azure-webapps-java-jar.yml @@ -26,8 +26,7 @@ env: on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: permissions: diff --git a/deployments/azure-webapps-node.yml b/deployments/azure-webapps-node.yml index 1480c92..98e72c2 100644 --- a/deployments/azure-webapps-node.yml +++ b/deployments/azure-webapps-node.yml @@ -19,8 +19,7 @@ on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-webapps-php.yml b/deployments/azure-webapps-php.yml index 98e8dc7..4d08dbd 100644 --- a/deployments/azure-webapps-php.yml +++ b/deployments/azure-webapps-php.yml @@ -21,8 +21,7 @@ name: Build and deploy PHP app to Azure Web App on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-webapps-python.yml b/deployments/azure-webapps-python.yml index 50f4823..d7aa802 100644 --- a/deployments/azure-webapps-python.yml +++ b/deployments/azure-webapps-python.yml @@ -25,8 +25,7 @@ env: on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: permissions: diff --git a/deployments/google-cloudrun-docker.yml b/deployments/google-cloudrun-docker.yml index b8d0511..bd748f8 100644 --- a/deployments/google-cloudrun-docker.yml +++ b/deployments/google-cloudrun-docker.yml @@ -46,8 +46,7 @@ name: Build and Deploy to Cloud Run on: push: - branches: - - $default-branch + branches: [ $default-branch ] env: PROJECT_ID: YOUR_PROJECT_ID # TODO: update Google Cloud project id diff --git a/deployments/google-cloudrun-source.yml b/deployments/google-cloudrun-source.yml index 2916b45..e6fcb52 100644 --- a/deployments/google-cloudrun-source.yml +++ b/deployments/google-cloudrun-source.yml @@ -48,8 +48,7 @@ name: Deploy to Cloud Run from Source on: push: - branches: - - $default-branch + branches: [ $default-branch ] env: PROJECT_ID: YOUR_PROJECT_ID # TODO: update Google Cloud project id diff --git a/deployments/google.yml b/deployments/google.yml index 6150672..846452a 100644 --- a/deployments/google.yml +++ b/deployments/google.yml @@ -14,8 +14,7 @@ name: Build and Deploy to GKE on: push: - branches: - - $default-branch + branches: [ $default-branch ] env: PROJECT_ID: ${{ secrets.GKE_PROJECT }} diff --git a/deployments/ibm.yml b/deployments/ibm.yml index cb3080f..53a58c5 100644 --- a/deployments/ibm.yml +++ b/deployments/ibm.yml @@ -10,8 +10,7 @@ name: Build and Deploy to IKS on: push: - branches: - - $default-branch + branches: [ $default-branch ] # Environment variables available to all jobs and steps in this workflow env: diff --git a/deployments/tencent.yml b/deployments/tencent.yml index 4e9e9f6..ba65fe5 100644 --- a/deployments/tencent.yml +++ b/deployments/tencent.yml @@ -17,8 +17,7 @@ name: Tencent Kubernetes Engine on: push: - branches: - - $default-branch + branches: [ $default-branch ] # Environment variables available to all jobs and steps in this workflow env: diff --git a/deployments/terraform.yml b/deployments/terraform.yml index 53efe48..c06f685 100644 --- a/deployments/terraform.yml +++ b/deployments/terraform.yml @@ -46,8 +46,7 @@ name: 'Terraform' on: push: - branches: - - $default-branch + branches: [ $default-branch ] pull_request: permissions: From b12833e6712790ba428240bfa1ee3a65d331e630 Mon Sep 17 00:00:00 2001 From: Christian Oliff Date: Tue, 30 Aug 2022 22:13:30 +0900 Subject: [PATCH 54/55] use latest version of Hugo --- pages/hugo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index fb8c924..3ddbb80 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -30,7 +30,7 @@ jobs: build: runs-on: ubuntu-latest env: - HUGO_VERSION: 0.99.0 + HUGO_VERSION: 0.102.1 steps: - name: Install Hugo CLI run: | From 4b48da22521e5e07c463fd96d7d4890f718ad4b7 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Fri, 2 Sep 2022 17:32:30 -0500 Subject: [PATCH 55/55] Update Hugo to truly latest --- pages/hugo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index 3ddbb80..f273fb2 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -30,7 +30,7 @@ jobs: build: runs-on: ubuntu-latest env: - HUGO_VERSION: 0.102.1 + HUGO_VERSION: 0.102.3 steps: - name: Install Hugo CLI run: |