Merge branch 'main' into arjundashrath-patch-1

This commit is contained in:
Nick Fyson
2022-02-27 14:36:48 +00:00
committed by GitHub
21 changed files with 89 additions and 63 deletions
-38
View File
@@ -1,38 +0,0 @@
# This workflow will trigger Datadog Synthetic tests within your Datadog organisation
# For more information on running Synthetic tests within your GitHub workflows see: https://docs.datadoghq.com/synthetics/cicd_integrations/github_actions/
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# To get started:
# 1. Add your Datadog API (DD_API_KEY) and Application Key (DD_APP_KEY) as secrets to your GitHub repository. For more information, see: https://docs.datadoghq.com/account_management/api-app-keys/.
# 2. Start using the action within your workflow
name: Run Datadog Synthetic tests
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# Run Synthetic tests within your GitHub workflow.
# For additional configuration options visit the action within the marketplace: https://github.com/marketplace/actions/datadog-synthetics-ci
- name: Run Datadog Synthetic tests
uses: DataDog/synthetics-ci-github-action@2b56dc0cca9daa14ab69c0d1d6844296de8f941e
with:
api_key: ${{secrets.DD_API_KEY}}
app_key: ${{secrets.DD_APP_KEY}}
test_search_query: 'tag:e2e-tests' #Modify this tag to suit your tagging strategy
+2 -2
View File
@@ -30,14 +30,14 @@ jobs:
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Build with Gradle
uses: gradle/gradle-build-action@bc3340afc5e3cc44f2321809ac090d731c13c514
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
with:
arguments: build
# The USERNAME and TOKEN need to correspond to the credentials environment variables used in
# the publishing section of your build.gradle
- name: Publish to GitHub Packages
uses: gradle/gradle-build-action@bc3340afc5e3cc44f2321809ac090d731c13c514
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
with:
arguments: publish
env:
+1 -1
View File
@@ -26,6 +26,6 @@ jobs:
java-version: '11'
distribution: 'temurin'
- name: Build with Gradle
uses: gradle/gradle-build-action@bc3340afc5e3cc44f2321809ac090d731c13c514
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
with:
arguments: build
+5 -1
View File
@@ -1,6 +1,10 @@
name: MSBuild
on: [push]
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
env:
# Path to the solution file relative to the root of the project.
@@ -1,6 +0,0 @@
{
"name": "Datadog Synthetics",
"description": "Run Datadog Synthetic tests within your GitHub Actions workflow",
"iconName": "datadog",
"categories": ["Continuous integration", "JavaScript", "TypeScript", "Testing"]
}
+7 -1
View File
@@ -20,8 +20,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
Anchore-Build-Scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- name: Checkout the code
@@ -36,4 +42,4 @@ jobs:
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
sarif_file: results.sarif
+6 -1
View File
@@ -42,8 +42,13 @@ on:
workflow_dispatch:
permissions:
contents: read
jobs:
Trigger APIsec scan:
permissions:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
@@ -61,4 +66,4 @@ jobs:
- name: Import results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ./apisec-results.sarif
sarif_file: ./apisec-results.sarif
+8
View File
@@ -17,10 +17,18 @@ on:
- cron: $cron-weekly
# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
permissions:
contents: read
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
permissions:
contents: read # for actions/checkout to fetch code
issues: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to github issues
pull-requests: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to PR
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
+6
View File
@@ -33,8 +33,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
rest-api-static-security-testing:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for 42Crunch/api-security-audit-action to upload results to Github Code Scanning
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+7 -1
View File
@@ -13,8 +13,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
mobile-security:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
@@ -33,4 +39,4 @@ jobs:
- name: Upload mobsfscan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
sarif_file: results.sarif
+6
View File
@@ -17,8 +17,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
njsscan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
name: njsscan code scanning
steps:
+3 -3
View File
@@ -9,7 +9,7 @@ on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
@@ -23,13 +23,13 @@ jobs:
with:
java-version: '11'
distribution: 'temurin'
cache: maven
- name: Run PMD
id: pmd
uses: pmd/pmd-github-action@6d98898be0d59f46ec37dafcea33d8f8f55acfd1
uses: pmd/pmd-github-action@967a81f8b657c87f7c3e96b62301cb1a48efef29
with:
rulesets: 'rulesets/java/quickstart.xml'
sourcePath: 'src/main/java'
analyzeModifiedFilesOnly: false
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
+6
View File
@@ -21,8 +21,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
prisma_cloud_iac_scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
name: Run Prisma Cloud IaC Scan to check
steps:
@@ -3,7 +3,6 @@
"creator": "Detekt",
"description": "Static code analysis for Kotlin",
"iconName": "detekt",
"categories": ["Code Scanning", "Kotlin"]
"categories": ["Code Scanning", "Kotlin"],
"enterprise": false
}
+1 -1
View File
@@ -27,7 +27,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@c8416b0b2bf627c349ca92fc8e3de51a64b005cf # v1.0.2
uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1 # v1.0.4
with:
results_file: results.sarif
results_format: sarif
+6
View File
@@ -19,8 +19,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
semgrep:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Scan
runs-on: ubuntu-latest
steps:
+6
View File
@@ -37,8 +37,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
stackhawk:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info
name: StackHawk
runs-on: ubuntu-20.04
steps:
+8 -1
View File
@@ -13,10 +13,17 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
build:
permissions:
checks: write # for sysdiglabs/scan-action to publish the checks
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
@@ -51,4 +58,4 @@ jobs:
#Upload SARIF file
if: always()
with:
sarif_file: ${{ steps.scan.outputs.sarifReport }}
sarif_file: ${{ steps.scan.outputs.sarifReport }}
+6
View File
@@ -17,10 +17,16 @@ on:
- cron: $cron-weekly
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
permissions:
contents: read
jobs:
# This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter
build-and-pipeline-scan:
# The type of runner that the job will run on
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
-4
View File
@@ -1,4 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" width="128" height="128">
<path d="M118.64,63.09l5.15,50.2-63.08,7.59-1.37-9.78-3.81.55c.33,5.45-.94,10.63-3.35,13.11-2.82,2.89-6.92,3.64-11.24,3-2.9-.39-5.06-2.49-6.66-5.06,6,4.22,13.39,2.27,15.92-1.26a12.65,12.65,0,0,0,2.38-9.42l-35.42,5.14L4.21,12.18,109.27,0l6.16,63.7Z" fill="#632ca6"/>
<path d="M63.55,74.32a55.2,55.2,0,0,1-10-8.32c-.31-.23-.26-1.25-.26-1.25A55.81,55.81,0,0,0,68.94,73.1a12.74,12.74,0,0,0,9.81-.83,25,25,0,0,0,7.53-6.64l.34.59a14.93,14.93,0,0,1-1.29,3.06,8,8,0,0,0,2.24.81l6-.93a18.12,18.12,0,0,0,2-14.31c-.93-3-5.79-9.1-6.14-9.43-1.22-1.17.21-5.7-2.21-10.65C84.65,29.54,78,24.09,75.09,21.72c.85.62,6.1,2.74,8.55,5.69.23-.3.32-1.89.53-2.29-2.1-2.76-2.26-7.66-2.26-9A14.87,14.87,0,0,0,80.69,11a8.16,8.16,0,0,1,2.65,4.53,18.51,18.51,0,0,0,3.82,8.34c3.43,4.26,6.52,6.45,8.08,4.88,1.88-1.9-1.89-10.37-6.71-15.1-5.62-5.52-7.09-4.81-10.39-3.63-2.63.94-4,8.4-10.91,8.26-1.16-.14-4.15-.21-5.64-.2C62.36,17,63,16.21,63,16.21a35.61,35.61,0,0,0-4.25,2.09l-.15-.22A12,12,0,0,1,60,15.8a40.56,40.56,0,0,0-3.51,2.43,5.25,5.25,0,0,1,1.45-2.71s-2.32.41-5.28,3.67A36,36,0,0,0,45.8,21.9c-4.35-.95-6.41-2.49-8.37-5.31-1.49-2.15-4.15-2.48-6.85-1.37-4,1.64-9,3.87-9,3.87s1.63-.06,3.33,0a44.68,44.68,0,0,0-4.56,2.09s1.09,0,2.44,0A22.93,22.93,0,0,1,20.5,22.9a33,33,0,0,0-3.85,3.33,22.56,22.56,0,0,1,2.74-1c-.9,2.07-2.7,3.6-2.37,6.14.32,2.33,3.17,7.11,6.85,10,.32.26,5.34,4.91,9.13,3s5.29-3.6,5.91-6.21c.73-3,.32-5.26-1.25-11.75-.52-2.14-1.86-6.56-2.51-8.67l.15-.11A106.06,106.06,0,0,1,41,31.8C43,39,42.36,42.68,41.44,44c-2.75,4-9.8,4.58-13,2.34-.49,7.78,1.24,11.2,1.83,12.92-.29,2,1,5.67,1,5.67A7,7,0,0,1,32,62.4a16.53,16.53,0,0,0,1.14,4.31A8.19,8.19,0,0,1,33.52,64a19.56,19.56,0,0,0,1.71,2.14A11.6,11.6,0,0,0,37,69.8,9.87,9.87,0,0,1,37,67.5c2.94,2.82,3.45,7,3.74,10.12C41.52,86.33,27,93.25,24.13,98.71c-2.14,3.23-3.42,8.33.2,11.35,8.76,7.27,5.4,9.27,9.78,12.47,6,4.38,13.54,2.42,16.1-1.15,3.56-5,2.65-9.65,1.32-14-1-3.43-3.84-9.12-7.32-11.33a15.26,15.26,0,0,0-10-2.37l.27-.31c4.22-.84,8.62-.38,11.81,1.68,3.62,2.32,6.93,6.31,8.66,12.43,2-.28,2.24-.41,4-.66l-4-31.5ZM83.85,35c3.73,1.73,3.24,5,3.34,7a5.25,5.25,0,0,1,0,1.19,5,5,0,0,0-2.62-.43,9.49,9.49,0,0,0-1.1.12,7.78,7.78,0,0,1-3-3.71l-.17-.39-.07-.17,0-.08c-.42-1.31-.14-1.57,0-2s.85-.76-.15-1.1a1.8,1.8,0,0,0-.31-.07C80.47,34.54,82.44,34.34,83.85,35Zm-4.6,21.63c.72-.57,4-1.62,7.09-2,1.6-.19,3.88-.29,4.37,0,1,.53,1,2.18.31,3.72-1,2.22-2.33,4.67-3.88,4.87-2.52.34-4.91-1-7.63-3.06A2.23,2.23,0,0,1,79.25,56.62ZM55.34,39.75c4-2.73,9.16-1.65,8.3-.83-1.65,1.56.54,1.1.78,4a5,5,0,0,1-1.12,4A25.49,25.49,0,0,0,58.7,48a26,26,0,0,0-2.85,1.13,7.32,7.32,0,0,1-.73-.55A5.53,5.53,0,0,1,55.34,39.75Zm60.11,27.82-32.51,5.9a16,16,0,0,1-3.75,3.33,11.75,11.75,0,0,1-9.29.85,20,20,0,0,1-3.71-1.19l-7.95,1.1,4.83,40.2,55.7-10ZM65.88,113.92l-.46-4.37,9.09-13.88,10.33,3,8.88-14.84,10.65,7,8.1-17,2.87,30.91Z" fill="#fff"/>
</svg>

Before

Width:  |  Height:  |  Size: 2.8 KiB

+3
View File
@@ -21,6 +21,8 @@ interface WorkflowProperties {
categories: string[] | null;
creator?: string;
enterprise?: boolean;
}
interface WorkflowsCheckResult {
@@ -59,6 +61,7 @@ async function checkWorkflows(
const enabled =
!isPartnerWorkflow &&
workflowProperties.enterprise !== false &&
(await checkWorkflow(workflowFilePath, enabledActions));
const workflowDesc: WorkflowDesc = {