Commit Graph

1081 Commits

Author SHA1 Message Date
laurentsimon 0e50194de8 use hash 2022-01-04 18:26:32 +00:00
laurentsimon 794e910e12 add scorecards config 2022-01-04 18:26:32 +00:00
Ana Armas Romero f9d17c0062 Merge pull request #1332 from DhavalPatelPersistent/main
Update checkmarx.yml attributes : "uses","project","teams","scanners","params".
2021-12-30 04:17:00 -08:00
DhavalPatelPersistent 97020d0adc Update checkmarx.yml
Point to SHA instead for master
2021-12-30 16:39:28 +05:30
DhavalPatelPersistent 0b45ddae0d Update / Add "uses","project","teams","scanners","params" attributes. 2021-12-24 15:55:11 +05:30
Nick Fyson 5104ac4274 Merge pull request #1324 from adangel/update-pmd
Update pmd to v1.1.0
2021-12-20 15:16:34 +00:00
Andreas Dangel 615c63babc Update pmd to v1.1.0
Use pmd/pmd-github-action@6d98898be0 which is v1.1.0
Use temurin as java distribution
2021-12-20 11:50:23 +01:00
Anurag Chauhan 619bd129a7 Merge pull request #1314 from actions/partner_templates
Merge partner templates to main branch
2021-12-17 22:11:22 +05:30
Anurag Chauhan 7eb13f680a Merge branch 'main' of https://github.com/actions/starter-workflows into partner_templates 2021-12-16 10:55:26 +00:00
Anurag Chauhan 73a17a51b5 deleting azure.yml 2021-12-16 10:55:17 +00:00
Matt Moore 00db25fc1e Enable keyless signing for private repos. (#1295)
Now that cosign 1.4 is out, we can perform keyless signing without panicking on private images (and without `--force` uploading to Rekor).

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
2021-12-13 15:17:02 -05:00
Anurag Chauhan 5bd8eb4344 Merge branch 'main' of https://github.com/actions/starter-workflows into partner_templates 2021-12-09 11:32:59 +00:00
Anurag Chauhan 9c27271e2f Merge pull request #1298 from actions/anuragc617/fix_az_order
Renaming azure template to fix the order
2021-12-08 12:48:11 +05:30
Anurag Chauhan 17c64f97fe resolving comments 2021-12-08 05:01:06 +00:00
Anurag Chauhan c059d06679 renaming azure template to fix the order 2021-12-07 14:16:20 +00:00
Ana Armas Romero 432e3e3e74 Merge pull request #1278 from actions/veracode_workflow
Add veracode workflow
2021-12-07 11:52:25 +01:00
Ana Armas Romero 75ecfa0bae Merge branch 'main' into veracode_workflow 2021-12-07 11:50:58 +01:00
anaarmas 1c56988c5d remove unnecessary uses of the upload-artifact action and improve input file name 2021-12-07 11:35:26 +01:00
Matt Moore 60d206d090 Have the starter docker-publish action sign digests. (#1255)
* Have the starter `docker-publish` action sign digests.

This change installs `sigstore/cosign` using the `cosign-installer` action,
and uses sigstore's "keyless" signing process to sign the resulting image
digest using the action's identity token (see: `id-token: write`).

Signed-off-by: Matt Moore <mattomata@gmail.com>

* Fully qualify the digest, add setup-buildx-action as workaround

* Drop --force, add public repo check

* Use built-in 'private' bit
2021-12-06 22:35:19 +05:30
Nick Fyson d67515a20c Merge pull request #1200 from abirismyname/adding-pmd-workflow
Adding pmd
2021-12-03 18:42:12 +00:00
Abir Majumdar 4e6641ed74 Updating pmd logo 2021-12-03 13:19:43 -05:00
Nick Fyson f46fcd0e80 Merge branch 'main' into adding-pmd-workflow 2021-12-03 16:13:55 +00:00
Abir Majumdar 649bca8dab Updating logo and adding sha to workflow 2021-12-03 10:33:18 -05:00
Daz DeBoer f7b1f1515d Use gradle-build-action in starter workflows (#1237)
The `gradle-build-action` provides enhanced execution and caching functionality for Gradle.
This change updates starter workflows to use `v2.0.0` of `gradle-build-action`.

Improvements over invoking Gradle directly include:
- Easier to run the workflow with a particular Gradle version
- More sophisticated and more efficient caching of Gradle User Home between invocations
- Detailed reporting of cache usage and cache configuration options
- Automatic capture of Build Scan links

Co-authored-by: Josh Gross <joshmgross@github.com>
2021-12-02 17:22:55 -05:00
Abir Majumdar 2863ef2206 Merge branch 'main' into adding-pmd-workflow 2021-12-02 08:46:08 -05:00
Marcel Wagner 9920cac8e9 Update text flow for cmake comment (#1054) 2021-12-02 09:21:29 +05:30
Jason Freeberg a48ef3a643 Update azure-webapps-node.yml (#1282) 2021-12-01 20:52:36 -05:00
Abir Majumdar 435b265ae0 Removing dupe 2021-12-01 17:02:40 -05:00
Abir Majumdar 3fd42f21fc Merge branch 'main' into adding-pmd-workflow 2021-12-01 16:05:16 -05:00
Abir Majumdar d2bba6f2d9 Adding icon 2021-12-01 16:03:49 -05:00
Abir Majumdar ce771c75d8 Referencing new official PMD github action 2021-12-01 15:50:22 -05:00
Myles Borins 4238ac653e chore: split npm publish into 2 workflows (#1281)
Currently we suggest that folks dual publish to both npm + gpr.

There are a large number of edge cases related to doing this and IMHO it is
not the best practice. Let's make two separate workflows.
2021-12-01 14:38:35 -05:00
Nick Fyson 7ebee84fa6 Merge pull request #1262 from apisec-inc/master
Added starter workflow to help get started with APIsec-Scan code-scanning Action
2021-12-01 12:45:02 +00:00
Anurag Chauhan a8de83bc48 Merge pull request #1268 from actions/update_azure_py_webapp_cache
Updating azure partner templates to use commitId for 3rd party actions and setup actions cache.
2021-12-01 15:19:00 +05:30
abdul-hai-apisec e99eb117c5 Merge remote-tracking branch 'origin/master' 2021-12-01 13:44:28 +05:30
abdul-hai-apisec 3f39a5a76b Removed the unwanted space in actions file.
Updated the logo to have only the shield portion.
2021-12-01 13:27:02 +05:30
anaarmas b629998430 replace unnecessary actions with shell commands 2021-11-30 09:56:40 +01:00
abdul-hai-apisec fa053f9bf1 Merge branch 'main' into master 2021-11-30 12:24:56 +05:30
anaarmas 1a37cd5345 add veracode workflow 2021-11-29 11:49:33 +01:00
Anurag Chauhan 3258466b26 Adding commit sha for 3rd party actions 2021-11-29 08:51:54 +00:00
Nick Fyson a85155b04a Merge pull request #1266 from actions/detekt_workflow
Add Detekt workflow template
2021-11-25 10:15:32 +00:00
Nick Fyson e1db44513b Merge branch 'main' into detekt_workflow 2021-11-25 10:07:09 +00:00
Anurag Chauhan b4ee598043 use setup cache option instead of action 2021-11-25 10:03:14 +00:00
Anurag Chauhan cb87b05b73 Merge pull request #1162 from JasonFreeberg/partner_templates
Add partner templates for Azure Web Apps
2021-11-25 12:03:45 +05:30
Jason Freeberg 1a67e08a9e Update azure-webapps-container.yml 2021-11-24 15:58:25 -08:00
Jason Freeberg 278aa7a82e Add dependency caching for .NET, Node, PHP, and Python workflows 2021-11-24 14:26:16 -08:00
Jason Freeberg 8fd6550c33 Revert overwrite from upstream pull 2021-11-24 14:20:00 -08:00
Jason Freeberg b9fd04a8cf Merge remote-tracking branch 'upstream/partner_templates' into partner_templates 2021-11-24 12:13:19 -08:00
Anurag Chauhan 2d4fbbba8f Merge pull request #1259 from FrodoTheTrue/update-google-deployment-2
Update google deployment starter workflow (partner_templates)
2021-11-24 15:47:21 +05:30
Anurag Chauhan 12aae3647b Merge branch 'partner_templates' into update-google-deployment-2 2021-11-24 13:38:23 +05:30