From 658980f080dea11eda60ca93a162b99239eebf8e Mon Sep 17 00:00:00 2001 From: Shaopeng Li Date: Mon, 27 Jun 2022 20:51:38 -0700 Subject: [PATCH 01/16] Add lintr starter workflow --- code-scanning/lintr.yml | 54 ++ .../properties/lintr.properties.json | 6 + icons/lintr.svg | 679 ++++++++++++++++++ 3 files changed, 739 insertions(+) create mode 100644 code-scanning/lintr.yml create mode 100644 code-scanning/properties/lintr.properties.json create mode 100644 icons/lintr.svg diff --git a/code-scanning/lintr.yml b/code-scanning/lintr.yml new file mode 100644 index 0000000..74a3b21 --- /dev/null +++ b/code-scanning/lintr.yml @@ -0,0 +1,54 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# lintr provides static code analysis for R. +# It checks for adherence to a given style, +# identifying syntax errors and possible semantic issues, +# then reports them to you so you can take action. +# More details at https://lintr.r-lib.org/ + +name: lintr + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ $default-branch ] + schedule: + - cron: $cron-weekly + +permissions: + contents: read + +jobs: + lintr: + name: Run lintr scanning + runs-on: ubuntu-latest + permissions: + contents: read # for checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup R + uses: r-lib/actions/setup-r@4e1feaf90520ec1215d1882fdddfe3411c08e492 + + - name: Setup lintr + uses: r-lib/actions/setup-r-dependencies@4e1feaf90520ec1215d1882fdddfe3411c08e492 + with: + extra-packages: lintr + + - name: Run lintr + run: lintr::sarif_output(lintr::lint_dir("."), "lintr-results.sarif") + shell: Rscript {0} + continue-on-error: true + + - name: Upload analysis results to GitHub + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: lintr-results.sarif + wait-for-processing: true diff --git a/code-scanning/properties/lintr.properties.json b/code-scanning/properties/lintr.properties.json new file mode 100644 index 0000000..07e9741 --- /dev/null +++ b/code-scanning/properties/lintr.properties.json @@ -0,0 +1,6 @@ +{ + "name": "lintr", + "description": "lintr provides static code analysis for R.", + "iconName": "lintr", + "categories": [ "Code Scanning", "R" ] +} \ No newline at end of file diff --git a/icons/lintr.svg b/icons/lintr.svg new file mode 100644 index 0000000..cdc40d8 --- /dev/null +++ b/icons/lintr.svg @@ -0,0 +1,679 @@ + + + + + + + + + + From 67805723f0bf3c53f17eaaea77e9cfd44d6a2417 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 00:59:05 +0000 Subject: [PATCH 02/16] update --- ci/generic-generator-ossf-slsa3-publish.yml | 63 +++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 ci/generic-generator-ossf-slsa3-publish.yml diff --git a/ci/generic-generator-ossf-slsa3-publish.yml b/ci/generic-generator-ossf-slsa3-publish.yml new file mode 100644 index 0000000..f843fd1 --- /dev/null +++ b/ci/generic-generator-ossf-slsa3-publish.yml @@ -0,0 +1,63 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow lets you compile your Go project using a SLSA3 compliant builder. +# This workflow will generate a so-called "provenance" file describing the steps +# that were performed to generate the final binary. +# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# https://github.com/slsa-framework/slsa-github-generator. +# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. +# For more information about SLSA and how it improves the supply-chain, visit slsa.dev. + +name: SLSA generic generator +on: + workflow_dispatch: + release: + types: [created] + +permissions: read-all + +jobs: + build: + outputs: + digests: ${{ steps.hash.outputs.digests }} + + steps: + # ======================================================== + # + # Step 1: Build your artifacts. + # + # ======================================================== + - name: Build artifacts + run: | + # These are some amazing artifacts. + echo "artifact1" > artifact1 + echo "artifact2" > artifact2 + + # ======================================================== + # + # Step 2: Add a step to generate the provenance subjects + # as shown below. Update the sha256 sum arguments + # to include all binaries that you generate + # provenance for. + # + # ======================================================== + - name: Generate subject + id: hash + run: | + set -euo pipefail + + echo "::set-output name=digests::$(sha256sum artifact1 artifact2 | base64 -w0)" + + provenance: + needs: [build] + permissions: + actions: read + id-token: write + contents: read + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0 + with: + base64-subjects: "${{ needs.build.outputs.digests }}" + upload-assets: true # Optional: Upload to a new release \ No newline at end of file From 0f26631ba6e9900520c570d1153140b812a9e870 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 01:04:52 +0000 Subject: [PATCH 03/16] update --- ...h.yml => generator-generic-ossf-slsa3-publish.yml} | 0 ...nerator-generic-ossf-slsa3-publish.properties.json | 7 +++++++ icons/generator-generic-ossf-slsa3-publish.svg | 11 +++++++++++ 3 files changed, 18 insertions(+) rename ci/{generic-generator-ossf-slsa3-publish.yml => generator-generic-ossf-slsa3-publish.yml} (100%) create mode 100644 ci/properties/generator-generic-ossf-slsa3-publish.properties.json create mode 100644 icons/generator-generic-ossf-slsa3-publish.svg diff --git a/ci/generic-generator-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml similarity index 100% rename from ci/generic-generator-ossf-slsa3-publish.yml rename to ci/generator-generic-ossf-slsa3-publish.yml diff --git a/ci/properties/generator-generic-ossf-slsa3-publish.properties.json b/ci/properties/generator-generic-ossf-slsa3-publish.properties.json new file mode 100644 index 0000000..2861c3f --- /dev/null +++ b/ci/properties/generator-generic-ossf-slsa3-publish.properties.json @@ -0,0 +1,7 @@ +{ + "name": "SLSA Generic generator", + "creator": "Open Source Security Foundation (OpenSSF)", + "description": "Generate SLSA3 provenance for your existing release workflows", + "iconName": "go-ossf-slsa3-publish", + "categories": ["Continuous integration"] +} diff --git a/icons/generator-generic-ossf-slsa3-publish.svg b/icons/generator-generic-ossf-slsa3-publish.svg new file mode 100644 index 0000000..ea77468 --- /dev/null +++ b/icons/generator-generic-ossf-slsa3-publish.svg @@ -0,0 +1,11 @@ + + + + + + + + + + + From c81201dd621f7167106925fcbb2db17b6381d430 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 01:06:11 +0000 Subject: [PATCH 04/16] update --- ci/generator-generic-ossf-slsa3-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index f843fd1..e37a3f3 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -60,4 +60,4 @@ jobs: uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0 with: base64-subjects: "${{ needs.build.outputs.digests }}" - upload-assets: true # Optional: Upload to a new release \ No newline at end of file + upload-assets: true # Optional: Upload to a new release From 19e6b35e8432c1d2915cbc9d86b12e4fcb0d1838 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 01:14:33 +0000 Subject: [PATCH 05/16] update --- ci/generator-generic-ossf-slsa3-publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index e37a3f3..eae7431 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -21,6 +21,7 @@ permissions: read-all jobs: build: + runs-on: ubuntu-latest outputs: digests: ${{ steps.hash.outputs.digests }} From 026c540730dd5bafad6c468af4cb2176bd0327cb Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 01:21:35 +0000 Subject: [PATCH 06/16] update --- ci/generator-generic-ossf-slsa3-publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index eae7431..54c110e 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -55,9 +55,9 @@ jobs: provenance: needs: [build] permissions: - actions: read - id-token: write - contents: read + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0 with: base64-subjects: "${{ needs.build.outputs.digests }}" From 30f1eecad156ad2196177709d0d2fe8f20eb8e78 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 19 Jul 2022 15:55:40 +0000 Subject: [PATCH 07/16] update --- ci/generator-generic-ossf-slsa3-publish.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index 54c110e..feadcf2 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -3,10 +3,10 @@ # separate terms of service, privacy policy, and support # documentation. -# This workflow lets you compile your Go project using a SLSA3 compliant builder. -# This workflow will generate a so-called "provenance" file describing the steps +# This workflow lets you compile your Go project using a SLSA3 compliant builder +# This workflow will generate a so-called "provenance" file describing the steps # that were performed to generate the final binary. -# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# The project is an initiative of the OpenSSF (openssf.org) and is developed at # https://github.com/slsa-framework/slsa-github-generator. # The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. # For more information about SLSA and how it improves the supply-chain, visit slsa.dev. @@ -26,11 +26,13 @@ jobs: digests: ${{ steps.hash.outputs.digests }} steps: + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + # ======================================================== # # Step 1: Build your artifacts. # - # ======================================================== + # ======================================================== - name: Build artifacts run: | # These are some amazing artifacts. From aec987bfb55cb1003ba043fdd1a67426eba751e3 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Mon, 1 Aug 2022 15:00:08 +0000 Subject: [PATCH 08/16] comments --- ci/generator-generic-ossf-slsa3-publish.yml | 12 +++++++----- ...erator-generic-ossf-slsa3-publish.properties.json | 4 ++-- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index feadcf2..c8a3544 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -3,9 +3,8 @@ # separate terms of service, privacy policy, and support # documentation. -# This workflow lets you compile your Go project using a SLSA3 compliant builder -# This workflow will generate a so-called "provenance" file describing the steps -# that were performed to generate the final binary. +# This workflow lets you generate SLSA provenance file for your project. +# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements # The project is an initiative of the OpenSSF (openssf.org) and is developed at # https://github.com/slsa-framework/slsa-github-generator. # The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. @@ -26,7 +25,7 @@ jobs: digests: ${{ steps.hash.outputs.digests }} steps: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + uses: actions/checkout@v3 # ======================================================== # @@ -52,7 +51,10 @@ jobs: run: | set -euo pipefail - echo "::set-output name=digests::$(sha256sum artifact1 artifact2 | base64 -w0)" + # List the artifacts the provenance will refer to. + files=$(ls artifact*) + # Generate the subjects (base64 encoded). + echo "::set-output name=digests::$(sha256sum $files | base64 -w0)" provenance: needs: [build] diff --git a/ci/properties/generator-generic-ossf-slsa3-publish.properties.json b/ci/properties/generator-generic-ossf-slsa3-publish.properties.json index 2861c3f..32cf63d 100644 --- a/ci/properties/generator-generic-ossf-slsa3-publish.properties.json +++ b/ci/properties/generator-generic-ossf-slsa3-publish.properties.json @@ -2,6 +2,6 @@ "name": "SLSA Generic generator", "creator": "Open Source Security Foundation (OpenSSF)", "description": "Generate SLSA3 provenance for your existing release workflows", - "iconName": "go-ossf-slsa3-publish", - "categories": ["Continuous integration"] + "iconName": "generator-generic-ossf-slsa3-publish", + "categories": ["Continuous integration", "Go", "Elixir", "Erlang", "PHP", "Haskell", "Rust", "Java", "Scala", "Gradle", "Maven", "Python", "C", "C++", "TypeScript", "JavaScript", "npm", "Ruby", "HTML", "Composer", "Makefile", "Ada"] } From 6f7030b18ad1da672b55b9ca4f6ec1abed29f7ed Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Thu, 11 Aug 2022 13:32:01 +0000 Subject: [PATCH 09/16] update --- ci/generator-generic-ossf-slsa3-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/generator-generic-ossf-slsa3-publish.yml b/ci/generator-generic-ossf-slsa3-publish.yml index c8a3544..a249449 100644 --- a/ci/generator-generic-ossf-slsa3-publish.yml +++ b/ci/generator-generic-ossf-slsa3-publish.yml @@ -25,7 +25,7 @@ jobs: digests: ${{ steps.hash.outputs.digests }} steps: - uses: actions/checkout@v3 + - uses: actions/checkout@v3 # ======================================================== # From 5ab15a73492cdce9e2d0ec3a7a77106325270e92 Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Mon, 22 Aug 2022 12:13:18 -0700 Subject: [PATCH 10/16] Update scorecards.yml --- code-scanning/scorecards.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/code-scanning/scorecards.yml b/code-scanning/scorecards.yml index 539794d..e4f1d0f 100644 --- a/code-scanning/scorecards.yml +++ b/code-scanning/scorecards.yml @@ -25,12 +25,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e # v1.1.1 + uses: ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e # tag=v1.1.1 with: results_file: results.sarif results_format: sarif @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0 with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 + uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26 with: sarif_file: results.sarif From 9d734850ef2e1ed5d071ec980059f3a51aa46fcc Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Thu, 25 Aug 2022 23:42:31 -0500 Subject: [PATCH 11/16] Update all usages of ruby/setup-ruby to latest --- ci/ruby.yml | 2 +- ci/rubyonrails.yml | 4 ++-- code-scanning/brakeman.yml | 2 +- code-scanning/puppet-lint.yml | 2 +- code-scanning/rubocop.yml | 2 +- pages/jekyll.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ci/ruby.yml b/ci/ruby.yml index 81ea363..6340760 100644 --- a/ci/ruby.yml +++ b/ci/ruby.yml @@ -30,7 +30,7 @@ jobs: # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby, # change this to (see https://github.com/ruby/setup-ruby#versioning): # uses: ruby/setup-ruby@v1 - uses: ruby/setup-ruby@2b019609e2b0f1ea1a2bc8ca11cb82ab46ada124 + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: ruby-version: ${{ matrix.ruby-version }} bundler-cache: true # runs 'bundle install' and caches installed gems automatically diff --git a/ci/rubyonrails.yml b/ci/rubyonrails.yml index 2ad891f..958a104 100644 --- a/ci/rubyonrails.yml +++ b/ci/rubyonrails.yml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@v3 # Add or replace dependency steps here - name: Install Ruby and gems - uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92 + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: bundler-cache: true # Add or replace database setup steps here @@ -46,7 +46,7 @@ jobs: - name: Checkout code uses: actions/checkout@v3 - name: Install Ruby and gems - uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92 + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: bundler-cache: true # Add or replace any other lints here diff --git a/code-scanning/brakeman.yml b/code-scanning/brakeman.yml index 155208f..b04cabf 100644 --- a/code-scanning/brakeman.yml +++ b/code-scanning/brakeman.yml @@ -34,7 +34,7 @@ jobs: # Customize the ruby version depending on your needs - name: Setup Ruby - uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: ruby-version: '2.7' diff --git a/code-scanning/puppet-lint.yml b/code-scanning/puppet-lint.yml index 801b90b..d41b65b 100644 --- a/code-scanning/puppet-lint.yml +++ b/code-scanning/puppet-lint.yml @@ -35,7 +35,7 @@ jobs: uses: actions/checkout@v3 - name: Setup Ruby - uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: ruby-version: 2.7 bundler-cache: true diff --git a/code-scanning/rubocop.yml b/code-scanning/rubocop.yml index ed458b2..8018ca1 100644 --- a/code-scanning/rubocop.yml +++ b/code-scanning/rubocop.yml @@ -28,7 +28,7 @@ jobs: # If running on a self-hosted runner, check it meets the requirements # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners - name: Set up Ruby - uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: ruby-version: 2.6 diff --git a/pages/jekyll.yml b/pages/jekyll.yml index 37ee818..d039d12 100644 --- a/pages/jekyll.yml +++ b/pages/jekyll.yml @@ -33,7 +33,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Setup Ruby - uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3 with: ruby-version: '3.0' # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically From 2f880ea2a2c40752e91d1e0c645d3e997fef9397 Mon Sep 17 00:00:00 2001 From: omerzi Date: Sun, 28 Aug 2022 16:07:58 +0300 Subject: [PATCH 12/16] Update Frogbot permissions and Tag --- code-scanning/frogbot-scan-and-fix.yml | 3 ++- code-scanning/frogbot-scan-pr.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml index 56725f5..a4b1c89 100644 --- a/code-scanning/frogbot-scan-and-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -18,6 +18,7 @@ on: permissions: contents: write pull-requests: write + security-events: write jobs: create-fix-pull-requests: runs-on: ubuntu-latest @@ -40,7 +41,7 @@ jobs: # node-version: "16.x" - - uses: jfrog/frogbot@de3d42bf3a454ddf156632ae520a5ead49048416 + - uses: jfrog/frogbot@34759934930c177bdefba6ca3a417589d4db6cab env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) diff --git a/code-scanning/frogbot-scan-pr.yml b/code-scanning/frogbot-scan-pr.yml index bdc71b4..ec19d61 100644 --- a/code-scanning/frogbot-scan-pr.yml +++ b/code-scanning/frogbot-scan-pr.yml @@ -42,7 +42,7 @@ jobs: # The full template list with the required GitHub Actions can be found at https://github.com/jfrog/frogbot/tree/master/templates/github-actions/scan-pull-request - - uses: jfrog/frogbot@de3d42bf3a454ddf156632ae520a5ead49048416 + - uses: jfrog/frogbot@34759934930c177bdefba6ca3a417589d4db6cab env: # [Mandatory] # JFrog platform URL (This functionality requires version 3.29.0 or above of Xray) From d13b97ea2931d2fcd9a5472cdd6dc838845a0f8a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Aug 2022 13:44:15 +0000 Subject: [PATCH 13/16] Bump kentaro-m/auto-assign-action from 1.2.1 to 1.2.2 Bumps [kentaro-m/auto-assign-action](https://github.com/kentaro-m/auto-assign-action) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/kentaro-m/auto-assign-action/releases) - [Commits](https://github.com/kentaro-m/auto-assign-action/compare/v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: kentaro-m/auto-assign-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-assign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml index d7161b1..b0789b3 100644 --- a/.github/workflows/auto-assign.yml +++ b/.github/workflows/auto-assign.yml @@ -7,4 +7,4 @@ jobs: add-reviews: runs-on: ubuntu-latest steps: - - uses: kentaro-m/auto-assign-action@v1.2.1 + - uses: kentaro-m/auto-assign-action@v1.2.2 From a4af1b700b74cf840fba5cbc9502a1a3eb6a43c1 Mon Sep 17 00:00:00 2001 From: Austen Stone Date: Tue, 30 Aug 2022 10:13:31 -0400 Subject: [PATCH 14/16] branches --- .github/workflows/sync-ghes.yaml | 3 +-- code-scanning/frogbot-scan-and-fix.yml | 6 +----- deployments/alibabacloud.yml | 3 +-- deployments/aws.yml | 3 +-- deployments/azure-container-webapp.yml | 3 +-- deployments/azure-kubernetes-service-helm.yml | 3 +-- deployments/azure-kubernetes-service-kompose.yml | 3 +-- deployments/azure-kubernetes-service-kustomize.yml | 3 +-- deployments/azure-kubernetes-service.yml | 3 +-- deployments/azure-staticwebapp.yml | 6 ++---- deployments/azure-webapps-dotnet-core.yml | 3 +-- deployments/azure-webapps-java-jar.yml | 3 +-- deployments/azure-webapps-node.yml | 3 +-- deployments/azure-webapps-php.yml | 3 +-- deployments/azure-webapps-python.yml | 3 +-- deployments/google-cloudrun-docker.yml | 3 +-- deployments/google-cloudrun-source.yml | 3 +-- deployments/google.yml | 3 +-- deployments/ibm.yml | 3 +-- deployments/tencent.yml | 3 +-- deployments/terraform.yml | 3 +-- 21 files changed, 22 insertions(+), 47 deletions(-) diff --git a/.github/workflows/sync-ghes.yaml b/.github/workflows/sync-ghes.yaml index aba7780..c8b83c9 100644 --- a/.github/workflows/sync-ghes.yaml +++ b/.github/workflows/sync-ghes.yaml @@ -2,8 +2,7 @@ name: Sync workflows for GHES on: push: - branches: - - main + branches: [ $default-branch ] jobs: sync: diff --git a/code-scanning/frogbot-scan-and-fix.yml b/code-scanning/frogbot-scan-and-fix.yml index 56725f5..4829c8f 100644 --- a/code-scanning/frogbot-scan-and-fix.yml +++ b/code-scanning/frogbot-scan-and-fix.yml @@ -10,11 +10,7 @@ name: "Frogbot Scan and Fix" on: push: - branches: - # The scanning and creation of pull requests with fixes are triggered by pushing code to one of the these branches. - # You can edit the list of branches you wish to open fix pull requests on. - - "main" - - "master" + branches: [ $default-branch ] permissions: contents: write pull-requests: write diff --git a/deployments/alibabacloud.yml b/deployments/alibabacloud.yml index d7c27d9..9853b75 100644 --- a/deployments/alibabacloud.yml +++ b/deployments/alibabacloud.yml @@ -21,8 +21,7 @@ name: Build and Deploy to ACK on: push: - branches: - - $default-branch + branches: [ $default-branch ] # Environment variables available to all jobs and steps in this workflow. env: diff --git a/deployments/aws.yml b/deployments/aws.yml index 47253bf..9585844 100644 --- a/deployments/aws.yml +++ b/deployments/aws.yml @@ -28,8 +28,7 @@ name: Deploy to Amazon ECS on: push: - branches: - - $default-branch + branches: [ $default-branch ] env: AWS_REGION: MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1 diff --git a/deployments/azure-container-webapp.yml b/deployments/azure-container-webapp.yml index 8b69065..cc2e1dd 100644 --- a/deployments/azure-container-webapp.yml +++ b/deployments/azure-container-webapp.yml @@ -31,8 +31,7 @@ env: on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: permissions: diff --git a/deployments/azure-kubernetes-service-helm.yml b/deployments/azure-kubernetes-service-helm.yml index a6a2f4e..83a9163 100644 --- a/deployments/azure-kubernetes-service-helm.yml +++ b/deployments/azure-kubernetes-service-helm.yml @@ -34,8 +34,7 @@ name: Build and deploy an app to AKS with Helm on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-kubernetes-service-kompose.yml b/deployments/azure-kubernetes-service-kompose.yml index 60fe536..0e76365 100644 --- a/deployments/azure-kubernetes-service-kompose.yml +++ b/deployments/azure-kubernetes-service-kompose.yml @@ -33,8 +33,7 @@ name: Build and deploy an app to AKS with Kompose on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-kubernetes-service-kustomize.yml b/deployments/azure-kubernetes-service-kustomize.yml index d46cadb..1a89f3c 100644 --- a/deployments/azure-kubernetes-service-kustomize.yml +++ b/deployments/azure-kubernetes-service-kustomize.yml @@ -33,8 +33,7 @@ name: Build and deploy an app to AKS with Kustomize on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-kubernetes-service.yml b/deployments/azure-kubernetes-service.yml index d04a2ac..3e49419 100644 --- a/deployments/azure-kubernetes-service.yml +++ b/deployments/azure-kubernetes-service.yml @@ -29,8 +29,7 @@ name: Build and deploy an app to AKS on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-staticwebapp.yml b/deployments/azure-staticwebapp.yml index a40ecc2..8fe07ce 100644 --- a/deployments/azure-staticwebapp.yml +++ b/deployments/azure-staticwebapp.yml @@ -14,12 +14,10 @@ name: Deploy web app to Azure Static Web Apps on: push: - branches: - - $default-branch + branches: [ $default-branch ] pull_request: types: [opened, synchronize, reopened, closed] - branches: - - $default-branch + branches: [ $default-branch ] # Environment variables available to all jobs and steps in this workflow env: diff --git a/deployments/azure-webapps-dotnet-core.yml b/deployments/azure-webapps-dotnet-core.yml index 0b59686..9b21895 100644 --- a/deployments/azure-webapps-dotnet-core.yml +++ b/deployments/azure-webapps-dotnet-core.yml @@ -26,8 +26,7 @@ env: on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: permissions: diff --git a/deployments/azure-webapps-java-jar.yml b/deployments/azure-webapps-java-jar.yml index 6e3df8d..60fa68c 100644 --- a/deployments/azure-webapps-java-jar.yml +++ b/deployments/azure-webapps-java-jar.yml @@ -26,8 +26,7 @@ env: on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: permissions: diff --git a/deployments/azure-webapps-node.yml b/deployments/azure-webapps-node.yml index 1480c92..98e72c2 100644 --- a/deployments/azure-webapps-node.yml +++ b/deployments/azure-webapps-node.yml @@ -19,8 +19,7 @@ on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-webapps-php.yml b/deployments/azure-webapps-php.yml index 98e8dc7..4d08dbd 100644 --- a/deployments/azure-webapps-php.yml +++ b/deployments/azure-webapps-php.yml @@ -21,8 +21,7 @@ name: Build and deploy PHP app to Azure Web App on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: env: diff --git a/deployments/azure-webapps-python.yml b/deployments/azure-webapps-python.yml index 50f4823..d7aa802 100644 --- a/deployments/azure-webapps-python.yml +++ b/deployments/azure-webapps-python.yml @@ -25,8 +25,7 @@ env: on: push: - branches: - - $default-branch + branches: [ $default-branch ] workflow_dispatch: permissions: diff --git a/deployments/google-cloudrun-docker.yml b/deployments/google-cloudrun-docker.yml index b8d0511..bd748f8 100644 --- a/deployments/google-cloudrun-docker.yml +++ b/deployments/google-cloudrun-docker.yml @@ -46,8 +46,7 @@ name: Build and Deploy to Cloud Run on: push: - branches: - - $default-branch + branches: [ $default-branch ] env: PROJECT_ID: YOUR_PROJECT_ID # TODO: update Google Cloud project id diff --git a/deployments/google-cloudrun-source.yml b/deployments/google-cloudrun-source.yml index 2916b45..e6fcb52 100644 --- a/deployments/google-cloudrun-source.yml +++ b/deployments/google-cloudrun-source.yml @@ -48,8 +48,7 @@ name: Deploy to Cloud Run from Source on: push: - branches: - - $default-branch + branches: [ $default-branch ] env: PROJECT_ID: YOUR_PROJECT_ID # TODO: update Google Cloud project id diff --git a/deployments/google.yml b/deployments/google.yml index 6150672..846452a 100644 --- a/deployments/google.yml +++ b/deployments/google.yml @@ -14,8 +14,7 @@ name: Build and Deploy to GKE on: push: - branches: - - $default-branch + branches: [ $default-branch ] env: PROJECT_ID: ${{ secrets.GKE_PROJECT }} diff --git a/deployments/ibm.yml b/deployments/ibm.yml index cb3080f..53a58c5 100644 --- a/deployments/ibm.yml +++ b/deployments/ibm.yml @@ -10,8 +10,7 @@ name: Build and Deploy to IKS on: push: - branches: - - $default-branch + branches: [ $default-branch ] # Environment variables available to all jobs and steps in this workflow env: diff --git a/deployments/tencent.yml b/deployments/tencent.yml index 4e9e9f6..ba65fe5 100644 --- a/deployments/tencent.yml +++ b/deployments/tencent.yml @@ -17,8 +17,7 @@ name: Tencent Kubernetes Engine on: push: - branches: - - $default-branch + branches: [ $default-branch ] # Environment variables available to all jobs and steps in this workflow env: diff --git a/deployments/terraform.yml b/deployments/terraform.yml index 53efe48..c06f685 100644 --- a/deployments/terraform.yml +++ b/deployments/terraform.yml @@ -46,8 +46,7 @@ name: 'Terraform' on: push: - branches: - - $default-branch + branches: [ $default-branch ] pull_request: permissions: From b12833e6712790ba428240bfa1ee3a65d331e630 Mon Sep 17 00:00:00 2001 From: Christian Oliff Date: Tue, 30 Aug 2022 22:13:30 +0900 Subject: [PATCH 15/16] use latest version of Hugo --- pages/hugo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index fb8c924..3ddbb80 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -30,7 +30,7 @@ jobs: build: runs-on: ubuntu-latest env: - HUGO_VERSION: 0.99.0 + HUGO_VERSION: 0.102.1 steps: - name: Install Hugo CLI run: | From 4b48da22521e5e07c463fd96d7d4890f718ad4b7 Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Fri, 2 Sep 2022 17:32:30 -0500 Subject: [PATCH 16/16] Update Hugo to truly latest --- pages/hugo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/hugo.yml b/pages/hugo.yml index 3ddbb80..f273fb2 100644 --- a/pages/hugo.yml +++ b/pages/hugo.yml @@ -30,7 +30,7 @@ jobs: build: runs-on: ubuntu-latest env: - HUGO_VERSION: 0.102.1 + HUGO_VERSION: 0.102.3 steps: - name: Install Hugo CLI run: |