Compare commits

...

19 Commits

Author SHA1 Message Date
Shubham Tiwari 95e540fe9a adding category in the template property file (#1094)
Validate Data / validate-data (push) Has been cancelled
2021-09-15 15:56:14 +05:30
John Bohannon 238e55b9b4 Merge pull request #1091 from tetchel/openshift-ghcr-squashed
Update OpenShift workflow to use GHCR by default (#6)
2021-09-14 15:01:30 -04:00
Tim Etchells 149cf11287 Update github-script major version
Co-authored-by: John Bohannon <imjohnbo@github.com>
2021-09-14 11:52:30 -07:00
Tim Etchells 48e2865d35 Update OpenShift workflow to use GHCR by default (#6)
- Simplifies required configuration since a registry account is now
  optional
- Update a variety of comments
- Use tools-installer to install oc
- Other small changes towards a better UX

Signed-off-by: Tim Etchells <tetchel@gmail.com>
2021-09-14 11:12:35 -07:00
Ashwin Sangem 028df69d88 Added support for Java Frameworks, Spring and JSF to CI Templates. (#1087) 2021-09-14 08:04:52 +05:30
tmash06 b33f57dde1 Fixed a broken link to actions/upload-a-build-artifact in dotnet-desktop.yml. (#1074)
Co-authored-by: Josh Gross <joshmgross@github.com>
2021-09-09 15:45:29 -04:00
Ninad Kavimandan 84a9757692 added React and Angular as categories to node (#1084) 2021-09-09 16:16:31 +05:30
Nick Fyson 29e8b6c38a Merge pull request #1081 from actions/nickfyson/add-codeql-to-ghes
Nickfyson/add codeql to ghes
2021-09-08 11:05:03 +01:00
Nick Fyson c2cc54a69e only check nwo of supported actions 2021-09-08 10:28:14 +01:00
Nick Fyson 7aa1944311 only run ghes sync checks on YML files 2021-09-08 10:08:06 +01:00
Nick Fyson e6aff964db add codeql workflow to ghes 2021-09-08 09:54:15 +01:00
Nick Fyson ff4d33e44b Merge pull request #1080 from actions/revert-1077-nickfyson/add-codeql-to-ghes
Revert "add codeql workflow to ghes branch"
2021-09-08 07:27:03 +01:00
Nick Fyson 41e3bc11ea Revert "add codeql workflow to ghes branch" 2021-09-08 07:26:24 +01:00
Nick Fyson 79ff92ef6d Merge pull request #1077 from actions/nickfyson/add-codeql-to-ghes
add codeql workflow to ghes branch
2021-09-08 07:24:31 +01:00
Nick Fyson e9f0116056 Merge branch 'main' into nickfyson/add-codeql-to-ghes 2021-09-08 07:23:25 +01:00
Aparna Ravindra 237e7737ce restoring from main (#1078) 2021-09-08 11:52:12 +05:30
Nick Fyson fc748cc482 add codeql workflow to ghes 2021-09-06 15:25:04 +00:00
Aparna Ravindra 7b64f44165 Directory for deployments (#1071)
* moving deployment templates

* including deployment directory in scripts

* validate categories script init

* introducing scout

* introducing workflow

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate.rb

* Update validate.rb

* Update validate.rb

* Update validate.rb

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate.rb

* Update validate-categories.yaml

* Update validate-categories.yaml

* Create test_comment.yaml

* rename

* using [enter]

* testing newline

* test

* setting up variable

* using echo -e

* using join

* testing space space new line

* setting multi line in echo

* removing checkout

* setting rows-generator

* fixing error

* using join

* commit

* Update test_comment.yaml

* escaping pipe

* printing debug line

* using %0A

* Update validate-categories.yaml

* Update validate.rb

* Update validate.rb

* removing debug

* removing variable

* Update validate.rb

* Update validate-categories.yaml

* Validate categories comment on pr (#32)

* reverting deployment directory

* checking for output

* Categories validation two workflows (#34)

comment on pr in a separate workflow

* Categories validation two workflows (#35)

using right dir name

* Categories validation two workflows (#36)

.

* Categories validation two workflows (#37)

fixing typo

* adding if conditions

* adding try catch

* using console instead of echo

* equating to upstream

* moving deployment templates
2021-09-06 11:04:54 +05:30
Varun Sharma ac64f9caf5 Secure workflows (#1) (#1072)
* Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-feature.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-support.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/stale.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/sync_ghes.yaml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/validate-data.yaml

Co-authored-by: Step Security <bot@stepsecurity.io>

Co-authored-by: step-security[bot] <89328102+step-security[bot]@users.noreply.github.com>
Co-authored-by: Step Security <bot@stepsecurity.io>
2021-09-02 16:05:24 -04:00
72 changed files with 293 additions and 230 deletions
+2
View File
@@ -5,6 +5,8 @@ on:
jobs:
build:
permissions:
issues: write
runs-on: ubuntu-latest
steps:
- name: Close Issue
+2
View File
@@ -5,6 +5,8 @@ on:
jobs:
build:
permissions:
issues: write
runs-on: ubuntu-latest
steps:
- name: Close Issue
+3
View File
@@ -7,6 +7,9 @@ on:
jobs:
stale:
permissions:
issues: write
pull-requests: write
runs-on: ubuntu-latest
steps:
+2
View File
@@ -7,6 +7,8 @@ on:
jobs:
sync:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+2
View File
@@ -6,6 +6,8 @@ on:
jobs:
validate-data:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+1 -1
View File
@@ -107,7 +107,7 @@ jobs:
- name: Remove the pfx
run: Remove-Item -path $env:Wap_Project_Directory\$env:Signing_Certificate
# Upload the MSIX package: https://github.com/marketplace/actions/upload-artifact
# Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact
- name: Upload build artifacts
uses: actions/upload-artifact@v2
with:
-180
View File
@@ -1,180 +0,0 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
### The OpenShift Starter workflow will:
# - Checkout your repository
# - Perform a Docker build
# - Push the built image to an image registry
# - Log in to your OpenShift cluster
# - Create an OpenShift app from the image and expose it to the internet.
### Before you begin:
# - Have write access to a container image registry such as quay.io or Dockerhub.
# - Have access to an OpenShift cluster.
# - For instructions to get started with OpenShift see https://www.openshift.com/try
# - The project you wish to add this workflow to should have a Dockerfile.
# - If you don't have a Dockerfile at the repository root, see the buildah-build step.
# - Builds from scratch are also available, but require more configuration.
### To get the workflow running:
# 1. Add this workflow to your repository.
# 2. Edit the top-level 'env' section, which contains a list of environment variables that must be configured.
# 3. Create the secrets referenced in the 'env' section under your repository Settings.
# 4. Edit the 'branches' in the 'on' section to trigger the workflow on a push to your branch.
# 5. Commit and push your changes.
# For a more sophisticated example, see https://github.com/redhat-actions/spring-petclinic/blob/main/.github/workflows/petclinic-sample.yaml
# Also see our GitHub organization, https://github.com/redhat-actions/
# ▶️ See a video of how to set up this workflow at https://www.youtube.com/watch?v=6hgBO-1pKho
name: OpenShift
# ⬇️ Modify the fields marked with ⬇️ to fit your project, and create any secrets that are referenced.
# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
env:
# ⬇️ EDIT with your registry and registry path.
REGISTRY: quay.io/<username>
# ⬇️ EDIT with your registry username.
REGISTRY_USER: <username>
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
# ⬇️ EDIT to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# ⬇️ EDIT with any additional port your application should expose.
# By default, oc new-app action creates a service to the image's lowest numeric exposed port.
APP_PORT: ""
# ⬇️ EDIT if you wish to set the kube context's namespace after login. Leave blank to use the default namespace.
OPENSHIFT_NAMESPACE: ""
# If you wish to manually provide the APP_NAME and TAG, set them here, otherwise they will be auto-detected.
APP_NAME: ""
TAG: ""
on:
# https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows
push:
# Edit to the branch(es) you want to build and deploy on each push.
branches: [ $default-branch ]
jobs:
openshift-ci-cd:
name: Build and deploy to OpenShift
runs-on: ubuntu-18.04
environment: production
outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
steps:
- name: Check if secrets exists
uses: actions/github-script@v3
with:
script: |
const secrets = {
REGISTRY_PASSWORD: `${{ secrets.REGISTRY_PASSWORD }}`,
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
};
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
if (value.length === 0) {
core.warning(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`✅ All the required secrets are set`);
}
- uses: actions/checkout@v2
- name: Determine app name
if: env.APP_NAME == ''
run: |
echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV
- name: Determine tag
if: env.TAG == ''
run: |
echo "TAG=${GITHUB_SHA::7}" | tee -a $GITHUB_ENV
# https://github.com/redhat-actions/buildah-build#readme
- name: Build from Dockerfile
id: image-build
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.APP_NAME }}
tags: ${{ env.TAG }}
# If you don't have a dockerfile, see:
# https://github.com/redhat-actions/buildah-build#scratch-build-inputs
# Otherwise, point this to your Dockerfile relative to the repository root.
dockerfiles: |
./Dockerfile
# https://github.com/redhat-actions/push-to-registry#readme
- name: Push to registry
id: push-to-registry
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.image-build.outputs.image }}
tags: ${{ steps.image-build.outputs.tags }}
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
# The path the image was pushed to is now stored in ${{ steps.push-to-registry.outputs.registry-path }}
# oc-login works on all platforms, but oc must be installed first.
# The GitHub Ubuntu runner already includes oc.
# Otherwise, https://github.com/redhat-actions/openshift-tools-installer can be used to install oc,
# as well as many other tools.
# https://github.com/redhat-actions/oc-login#readme
- name: Log in to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
# This step should create a deployment, service, and route to run your app and expose it to the internet.
# https://github.com/redhat-actions/oc-new-app#readme
- name: Create and expose app
id: deploy-and-expose
uses: redhat-actions/oc-new-app@v1
with:
app_name: ${{ env.APP_NAME }}
image: ${{ steps.push-to-registry.outputs.registry-path }}
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
port: ${{ env.APP_PORT }}
- name: View application route
run: |
[[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1)
echo "======================== Your application is available at: ========================"
echo ${{ env.ROUTE }}
echo "==================================================================================="
echo
echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\""
env:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Ada",
"description": "Build Ada project with GPRbuild.",
"iconName": "ada",
"categories": ["Ada"]
"categories": ["Continuous integration", "Ada"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Android CI",
"description": "Build an Android project with Gradle.",
"iconName": "android",
"categories": ["Java", "Mobile"]
"categories": ["Continuous integration", "Java", "Mobile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Ant",
"description": "Build and test a Java project with Apache Ant.",
"iconName": "ant",
"categories": ["Ant", "Java"]
"categories": ["Continuous integration", "Ant", "Java"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "C/C++ with Make",
"description": "Build and test a C/C++ project using Make.",
"iconName": "c-cpp",
"categories": ["C", "C++"]
"categories": ["Continuous integration", "C", "C++"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Clojure",
"description": "Build and test a Clojure project with Leiningen.",
"iconName": "clojure",
"categories": ["Clojure", "Java"]
"categories": ["Continuous integration", "Clojure", "Java"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "CMake based projects",
"description": "Build and test a CMake based project.",
"iconName": "cmake",
"categories": ["C", "C++"]
"categories": ["Continuous integration", "C", "C++"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Crystal",
"description": "Build and test a Crystal project.",
"iconName": "crystal",
"categories": ["Crystal"]
"categories": ["Continuous integration", "Crystal"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "D",
"description": "Build and test a D project with dub.",
"iconName": "d",
"categories": [ "D" ]
"categories": ["Continuous integration", "D"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Dart",
"description": "Build and test a Dart project with Pub.",
"iconName": "dart",
"categories": ["Dart"]
"categories": ["Continuous integration", "Dart"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Deno",
"description": "Test your Deno project",
"iconName": "deno",
"categories": ["JavaScript", "TypeScript", "Deno"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "Deno"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Django",
"description": "Build and Test a Django Project",
"iconName": "django",
"categories": ["Python", "Django"]
"categories": ["Continuous integration", "Python", "Django"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Docker image",
"description": "Build a Docker image to deploy, run, or push to a registry.",
"iconName": "docker",
"categories": ["Dockerfile"]
"categories": ["Continuous integration", "Dockerfile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Docker Container",
"description": "Build, test and push Docker image to GitHub Packages.",
"iconName": "docker",
"categories": ["Dockerfile"]
"categories": ["Continuous integration", "Dockerfile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": ".NET Desktop",
"description": "Build, test, sign and publish a desktop application built on .NET.",
"iconName": "dotnet",
"categories": ["C#", "Visual Basic", "WPF", ".NET"]
"categories": ["Continuous integration", "C#", "Visual Basic", "WPF", ".NET"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": ".NET",
"description": "Build and test a .NET or ASP.NET Core project.",
"iconName": "dotnet",
"categories": ["C#", "F#", "Visual Basic", "ASP", "ASP.NET", ".NET"]
"categories": ["Continuous integration", "C#", "F#", "Visual Basic", "ASP", "ASP.NET", ".NET"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Elixir",
"description": "Build and test an Elixir project with Mix.",
"iconName": "elixir",
"categories": ["Elixir", "Erlang"]
"categories": ["Continuous integration", "Elixir", "Erlang"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Erlang",
"description": "Build and test an Erlang project with rebar.",
"iconName": "erlang",
"categories": ["Erlang"]
"categories": ["Continuous integration", "Erlang"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Ruby Gem",
"description": "Pushes a Ruby Gem to RubyGems and GitHub Package Registry.",
"iconName": "ruby-gems",
"categories": ["Ruby"]
"categories": ["Continuous integration", "Ruby"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Go",
"description": "Build a Go project.",
"iconName": "go",
"categories": ["Go"]
"categories": ["Continuous integration", "Go"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Java Package with Gradle",
"description": "Build a Java Package using Gradle and publish to GitHub Packages.",
"iconName": "gradle",
"categories": ["Java", "Gradle"]
"categories": ["Continuous integration", "Java", "Gradle", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Gradle",
"description": "Build and test a Java project using a Gradle wrapper script.",
"iconName": "gradle",
"categories": ["Java", "Gradle"]
"categories": ["Continuous integration", "Java", "Gradle", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Grunt",
"description": "Build a NodeJS project with npm and grunt.",
"iconName": "grunt",
"categories": ["JavaScript", "TypeScript", "npm", "Grunt"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Grunt"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Gulp",
"description": "Build a NodeJS project with npm and gulp.",
"iconName": "gulp",
"categories": ["JavaScript", "TypeScript", "npm", "Gulp"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Gulp"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Haskell",
"description": "Build and test a Haskell project with Cabal.",
"iconName": "haskell",
"categories": ["Haskell"]
"categories": ["Continuous integration", "Haskell"]
}
+1
View File
@@ -3,6 +3,7 @@
"description": "Build and test an iOS application using xcodebuild and any available iPhone simulator.",
"iconName": "xcode",
"categories": [
"Continuous integration",
"iOS",
"Xcode"
]
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Jekyll",
"description": "Package a Jekyll site using the jekyll/builder Docker image.",
"iconName": "jekyll",
"categories": ["HTML"]
"categories": ["Continuous integration", "HTML"]
}
+1
View File
@@ -3,6 +3,7 @@
"description": "Test a Laravel project.",
"iconName": "php",
"categories": [
"Continuous integration",
"PHP",
"Laravel"
]
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Java Package with Maven",
"description": "Build a Java Package using Maven and publish to GitHub Packages.",
"iconName": "maven",
"categories": ["Java", "Maven"]
"categories": ["Continuous integration", "Java", "Maven", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Maven",
"description": "Build and test a Java project with Apache Maven.",
"iconName": "maven",
"categories": ["Java", "Maven"]
"categories": ["Continuous integration", "Java", "Maven", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "MSBuild based projects",
"description": "Build a MSBuild based project.",
"iconName": "c-cpp",
"categories": ["C", "C++"]
"categories": ["Continuous integration", "C", "C++"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Node.js",
"description": "Build and test a Node.js project with npm.",
"iconName": "nodejs",
"categories": ["JavaScript", "npm"]
"categories": ["Continuous integration", "JavaScript", "npm", "React", "Angular"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Node.js Package",
"description": "Publishes a Node.js package to npm and GitHub Packages.",
"iconName": "node-package-transparent",
"categories": ["JavaScript", "npm"]
"categories": ["Continuous integration", "JavaScript", "npm"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "PHP",
"description": "Build and test a PHP application using Composer",
"iconName": "php",
"categories": ["PHP", "Composer"]
"categories": ["Continuous integration", "PHP", "Composer"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Pylint",
"description": "Lint a Python application with pylint.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Python application",
"description": "Create and test a Python application.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python"]
}
@@ -2,5 +2,5 @@
"name": "Python Package using Anaconda",
"description": "Create and test a Python package on multiple Python versions using Anaconda for package management.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Python package",
"description": "Create and test a Python package on multiple Python versions.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Python Package",
"description": "Publish a Python Package to PyPI on release.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "R package",
"description": "Create and test an R package on multiple R versions.",
"iconName": "r",
"categories": ["R"]
"categories": ["Continuous integration", "R"]
}
+6
View File
@@ -0,0 +1,6 @@
{
"name": "Rails - Build and Run Linters",
"description": "Build Rails application and run linters",
"iconName": "ruby",
"categories": ["Continuous integration", "Ruby", "Rails"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Ruby",
"description": "Build and test a Ruby project with Rake.",
"iconName": "ruby",
"categories": ["Ruby"]
"categories": ["Continuous integration", "Ruby"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Rust",
"description": "Build and test a Rust project with Cargo.",
"iconName": "rust",
"categories": ["Rust"]
"categories": ["Continuous integration", "Rust"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Scala",
"description": "Build and test a Scala project with SBT.",
"iconName": "scala",
"categories": ["Scala", "Java"]
"categories": ["Continuous integration", "Scala", "Java"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Swift",
"description": "Build and test a Swift Package.",
"iconName": "swift",
"categories": ["Swift"]
"categories": ["Continuous integration", "Swift"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Webpack",
"description": "Build a NodeJS project with npm and webpack.",
"iconName": "webpack",
"categories": ["JavaScript", "TypeScript", "npm", "Webpack"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Webpack"]
}
+32
View File
@@ -0,0 +1,32 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will download a prebuilt Ruby version, install dependencies, and run linters
name: Build Rails and run linters
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
run-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Ruby and install gems
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
# Add or Replace any other security checks here
- name: Run security checks
run: |
bin/bundler-audit --update
bin/brakeman -q -w2
# Add or Replace any other Linters here
- name: Run linters
run: |
bin/rubocop --parallel
View File
View File
+187
View File
@@ -0,0 +1,187 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# 💁 The OpenShift Starter workflow will:
# - Checkout your repository
# - Perform a container image build
# - Push the built image to the GitHub Container Registry (GHCR)
# - Log in to your OpenShift cluster
# - Create an OpenShift app from the image and expose it to the internet
# ️ Configure your repository and the workflow with the following steps:
# 1. Have access to an OpenShift cluster. Refer to https://www.openshift.com/try
# 2. Create the OPENSHIFT_SERVER and OPENSHIFT_TOKEN repository secrets. Refer to:
# - https://github.com/redhat-actions/oc-login#readme
# - https://docs.github.com/en/actions/reference/encrypted-secrets
# - https://cli.github.com/manual/gh_secret_set
# 3. (Optional) Edit the top-level 'env' section as marked with '🖊️' if the defaults are not suitable for your project.
# 4. (Optional) Edit the build-image step to build your project.
# The default build type is by using a Dockerfile at the root of the repository,
# but can be replaced with a different file, a source-to-image build, or a step-by-step buildah build.
# 5. Commit and push the workflow file to your default branch to trigger a workflow run.
# 👋 Visit our GitHub organization at https://github.com/redhat-actions/ to see our actions and provide feedback.
name: OpenShift
env:
# 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: ""
# 🖊️ EDIT to set a name for your OpenShift app, or a default one will be generated below.
APP_NAME: ""
# 🖊️ EDIT with the port your application should be accessible on.
# If the container image exposes *exactly one* port, this can be left blank.
# Refer to the 'port' input of https://github.com/redhat-actions/oc-new-app
APP_PORT: ""
# 🖊️ EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
IMAGE_REGISTRY_USER: ${{ github.actor }}
IMAGE_REGISTRY_PASSWORD: ${{ github.token }}
# 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below.
IMAGE_TAGS: ""
on:
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows
push:
# Edit to the branch(es) you want to build and deploy on each push.
branches: [ $default-branch ]
jobs:
openshift-ci-cd:
name: Build and deploy to OpenShift
# ubuntu-20.04 can also be used.
runs-on: ubuntu-18.04
environment: production
outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
steps:
- name: Check for required secrets
uses: actions/github-script@v4
with:
script: |
const secrets = {
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
};
const GHCR = "ghcr.io";
if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) {
core.info(`Image registry is ${GHCR} - no registry password required`);
}
else {
core.info("A registry password is required");
secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`;
}
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
if (value.length === 0) {
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`✅ All the required secrets are set`);
}
- name: Check out repository
uses: actions/checkout@v2
- name: Determine app name
if: env.APP_NAME == ''
run: |
echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV
- name: Determine image tags
if: env.IMAGE_TAGS == ''
run: |
echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV
# https://github.com/redhat-actions/buildah-build#readme
- name: Build from Dockerfile
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.APP_NAME }}
tags: ${{ env.IMAGE_TAGS }}
# If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs
# Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build
# Otherwise, point this to your Dockerfile/Containerfile relative to the repository root.
dockerfiles: |
./Dockerfile
# https://github.com/redhat-actions/push-to-registry#readme
- name: Push to registry
id: push-image
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.IMAGE_REGISTRY_USER }}
password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
# The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }}
- name: Install oc
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: 4
# https://github.com/redhat-actions/oc-login#readme
- name: Log in to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
# This step should create a deployment, service, and route to run your app and expose it to the internet.
# https://github.com/redhat-actions/oc-new-app#readme
- name: Create and expose app
id: deploy-and-expose
uses: redhat-actions/oc-new-app@v1
with:
app_name: ${{ env.APP_NAME }}
image: ${{ steps.push-image.outputs.registry-path }}
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
port: ${{ env.APP_PORT }}
- name: Print application URL
env:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
run: |
[[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1)
echo
echo "======================== Your application is available at: ========================"
echo ${{ env.ROUTE }}
echo "==================================================================================="
echo
echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\""
@@ -3,5 +3,5 @@
"description": "Build a Docker-based project and deploy it to OpenShift.",
"creator": "Red Hat",
"iconName": "openshift",
"categories": ["Dockerfile","Deployment" ]
"categories": ["Deployment", "Dockerfile"]
}
+4 -3
View File
@@ -45,7 +45,7 @@ async function checkWorkflows(
});
for (const e of dir) {
if (e.isFile()) {
if (e.isFile() && extname(e.name) === ".yml") {
const workflowFilePath = join(folder, e.name);
const workflowId = basename(e.name, extname(e.name));
const workflowProperties: WorkflowProperties = require(join(
@@ -58,7 +58,7 @@ async function checkWorkflows(
const isPartnerWorkflow = workflowProperties.creator ? partnersSet.has(workflowProperties.creator.toLowerCase()) : false;
const enabled =
!isPartnerWorkflow &&
!isPartnerWorkflow &&
(await checkWorkflow(workflowFilePath, enabledActions));
const workflowDesc: WorkflowDesc = {
@@ -104,7 +104,8 @@ async function checkWorkflow(
if (!!step.uses) {
// Check if allowed action
const [actionName, _] = step.uses.split("@");
if (!enabledActionsSet.has(actionName.toLowerCase())) {
const actionNwo = actionName.split("/").slice(0, 2).join("/");
if (!enabledActionsSet.has(actionNwo.toLowerCase())) {
console.info(
`Workflow ${workflowPath} uses '${actionName}' which is not supported for GHES.`
);
+5 -2
View File
@@ -1,7 +1,9 @@
{
"folders": [
"../../ci",
"../../automation"
"../../automation",
"../../deployments",
"../../code-scanning"
],
"enabledActions": [
"actions/checkout",
@@ -15,7 +17,8 @@
"actions/stale",
"actions/starter-workflows",
"actions/upload-artifact",
"actions/upload-release-asset"
"actions/upload-release-asset",
"github/codeql-action"
],
"partners": [
"Alibaba Cloud",
+2 -1
View File
@@ -1,6 +1,7 @@
{
"folders": [
"../../ci",
"../../automation"
"../../automation",
"../../deployments"
]
}