Commit Graph

1110 Commits

Author SHA1 Message Date
Nick Fyson 63e7f499e9 Merge pull request #1363 from laurentsimon/patch-1
Scorecards: update hash for v1.0.2
2022-01-24 18:44:06 +00:00
laurentsimon 41e7dd427d Scorecards: update hash to v1.0.2
We fixed a small issue and need to update the hash
2022-01-24 08:27:33 -08:00
Andrew Wiltshire ffa80e095e fixed grammatical error in node.js.yml (#1358) 2022-01-20 09:00:56 +05:30
César Román a96d2407b5 fix(ci): pylint.yml (#1108)
ref: #636. `pylint` command does not work

I've had success running the modified command [here](https://github.com/thecesrom/incendium/blob/project/.github/workflows/pylint.yml).

Co-authored-by: Josh Gross <joshmgross@github.com>
2022-01-19 18:41:20 -05:00
Jason Freeberg ba97234b60 Fix indentation error (#1356) 2022-01-18 17:07:26 -05:00
Nick Fyson f2778053bd Merge pull request #1352 from laurentsimon/feat/scorecardicon
 Update scorecards icon
2022-01-18 11:06:49 +00:00
Nick Fyson 0a84296a2a Merge branch 'main' into feat/scorecardicon 2022-01-18 11:05:08 +00:00
André Arko 5635bf05bc Upgrade Rails workflow to true CI (#1353)
* Upgrade Rails workflow to true CI

The existing Rails CI example only runs linters, which is not continuous
integration. This change brings the Rails example workflow up to par
with the other web framework CI flows, like Django.

This example is optimized for Rails 7, which does not include NodeJS,
webpack, or yarn by default. No Rails application code changes are
required for this flow to run the tests, and both minitest and rspec are
supported via the `test` rake task.

* add Rails icon

* use env vars, hopefully

* use the full hash for ruby/setup-ruby

* remove PORT since services cannot use it

* stop repeating identical step envs

* resolve env var declaration error

* update setup-ruby to the SHA of v1.92

* use setup-ruby SHA for lint job too

Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>
2022-01-18 02:04:33 +05:30
Bishal Prasad 11778e9eb0 Add check for GITHUB_TOKEN permissions (#1354) 2022-01-17 13:17:29 +05:30
Beth G f31e3a9c9d Add Datadog Synthetics GitHub action to starter workflows (#1342) 2022-01-15 11:41:46 +05:30
laurentsimon 94100d1d4a bump 2022-01-14 23:32:21 +00:00
laurentsimon b224dd8449 update icon 2022-01-14 23:32:21 +00:00
Manuel 588f02dade Switch java distribution from 'adopt' to 'temurin' (#1065)
adopt is rebranded into temurin
see https://blog.adoptopenjdk.net/2021/03/transition-to-eclipse-an-update/
2022-01-14 18:05:31 -05:00
Nick Fyson e873c3ca45 Merge pull request #1345 from laurentsimon/feat/scorecard-release
Scorecards: Updates for release
2022-01-14 12:15:31 +00:00
laurentsimon 1b10c28ff4 rem tabs and update comment 2022-01-14 03:00:11 +00:00
laurentsimon aa643dfa0c bump hash 2022-01-13 22:29:39 +00:00
laurentsimon b0f310cefc update token name 2022-01-10 23:52:58 +00:00
laurentsimon 00e08539ca prepare release 2022-01-10 23:19:46 +00:00
Nick Fyson 51e7c8e1e6 Merge pull request #1302 from laurentsimon/feat/scorecard
Add scorecards config
2022-01-04 19:16:50 +00:00
laurentsimon d0dba5262b use v0.0.1 2022-01-04 18:26:32 +00:00
laurentsimon b73f59a3e8 add icon 2022-01-04 18:26:32 +00:00
laurentsimon 40772919fb updates 2022-01-04 18:26:32 +00:00
laurentsimon 7c57e8a703 updates 2022-01-04 18:26:32 +00:00
laurentsimon 07be376c3a updates 2022-01-04 18:26:32 +00:00
laurentsimon 48edda6aca reduce text 2022-01-04 18:26:32 +00:00
laurentsimon f38127b062 update text 2022-01-04 18:26:32 +00:00
laurentsimon 9e49744dc2 url 2022-01-04 18:26:32 +00:00
laurentsimon a894da71d1 pin actions 2022-01-04 18:26:32 +00:00
laurentsimon a00db4437c comments 2022-01-04 18:26:32 +00:00
laurentsimon 0e50194de8 use hash 2022-01-04 18:26:32 +00:00
laurentsimon 794e910e12 add scorecards config 2022-01-04 18:26:32 +00:00
Ana Armas Romero f9d17c0062 Merge pull request #1332 from DhavalPatelPersistent/main
Update checkmarx.yml attributes : "uses","project","teams","scanners","params".
2021-12-30 04:17:00 -08:00
DhavalPatelPersistent 97020d0adc Update checkmarx.yml
Point to SHA instead for master
2021-12-30 16:39:28 +05:30
DhavalPatelPersistent 0b45ddae0d Update / Add "uses","project","teams","scanners","params" attributes. 2021-12-24 15:55:11 +05:30
Nick Fyson 5104ac4274 Merge pull request #1324 from adangel/update-pmd
Update pmd to v1.1.0
2021-12-20 15:16:34 +00:00
Andreas Dangel 615c63babc Update pmd to v1.1.0
Use pmd/pmd-github-action@6d98898be0 which is v1.1.0
Use temurin as java distribution
2021-12-20 11:50:23 +01:00
Anurag Chauhan 619bd129a7 Merge pull request #1314 from actions/partner_templates
Merge partner templates to main branch
2021-12-17 22:11:22 +05:30
Anurag Chauhan 7eb13f680a Merge branch 'main' of https://github.com/actions/starter-workflows into partner_templates 2021-12-16 10:55:26 +00:00
Anurag Chauhan 73a17a51b5 deleting azure.yml 2021-12-16 10:55:17 +00:00
Matt Moore 00db25fc1e Enable keyless signing for private repos. (#1295)
Now that cosign 1.4 is out, we can perform keyless signing without panicking on private images (and without `--force` uploading to Rekor).

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
2021-12-13 15:17:02 -05:00
Anurag Chauhan 5bd8eb4344 Merge branch 'main' of https://github.com/actions/starter-workflows into partner_templates 2021-12-09 11:32:59 +00:00
Anurag Chauhan 9c27271e2f Merge pull request #1298 from actions/anuragc617/fix_az_order
Renaming azure template to fix the order
2021-12-08 12:48:11 +05:30
Anurag Chauhan 17c64f97fe resolving comments 2021-12-08 05:01:06 +00:00
Anurag Chauhan c059d06679 renaming azure template to fix the order 2021-12-07 14:16:20 +00:00
Ana Armas Romero 432e3e3e74 Merge pull request #1278 from actions/veracode_workflow
Add veracode workflow
2021-12-07 11:52:25 +01:00
Ana Armas Romero 75ecfa0bae Merge branch 'main' into veracode_workflow 2021-12-07 11:50:58 +01:00
anaarmas 1c56988c5d remove unnecessary uses of the upload-artifact action and improve input file name 2021-12-07 11:35:26 +01:00
Matt Moore 60d206d090 Have the starter docker-publish action sign digests. (#1255)
* Have the starter `docker-publish` action sign digests.

This change installs `sigstore/cosign` using the `cosign-installer` action,
and uses sigstore's "keyless" signing process to sign the resulting image
digest using the action's identity token (see: `id-token: write`).

Signed-off-by: Matt Moore <mattomata@gmail.com>

* Fully qualify the digest, add setup-buildx-action as workaround

* Drop --force, add public repo check

* Use built-in 'private' bit
2021-12-06 22:35:19 +05:30
Nick Fyson d67515a20c Merge pull request #1200 from abirismyname/adding-pmd-workflow
Adding pmd
2021-12-03 18:42:12 +00:00
Abir Majumdar 4e6641ed74 Updating pmd logo 2021-12-03 13:19:43 -05:00