* Upgrade Rails workflow to true CI
The existing Rails CI example only runs linters, which is not continuous
integration. This change brings the Rails example workflow up to par
with the other web framework CI flows, like Django.
This example is optimized for Rails 7, which does not include NodeJS,
webpack, or yarn by default. No Rails application code changes are
required for this flow to run the tests, and both minitest and rspec are
supported via the `test` rake task.
* add Rails icon
* use env vars, hopefully
* use the full hash for ruby/setup-ruby
* remove PORT since services cannot use it
* stop repeating identical step envs
* resolve env var declaration error
* update setup-ruby to the SHA of v1.92
* use setup-ruby SHA for lint job too
Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>
Now that cosign 1.4 is out, we can perform keyless signing without panicking on private images (and without `--force` uploading to Rekor).
Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
* Have the starter `docker-publish` action sign digests.
This change installs `sigstore/cosign` using the `cosign-installer` action,
and uses sigstore's "keyless" signing process to sign the resulting image
digest using the action's identity token (see: `id-token: write`).
Signed-off-by: Matt Moore <mattomata@gmail.com>
* Fully qualify the digest, add setup-buildx-action as workaround
* Drop --force, add public repo check
* Use built-in 'private' bit
The `gradle-build-action` provides enhanced execution and caching functionality for Gradle.
This change updates starter workflows to use `v2.0.0` of `gradle-build-action`.
Improvements over invoking Gradle directly include:
- Easier to run the workflow with a particular Gradle version
- More sophisticated and more efficient caching of Gradle User Home between invocations
- Detailed reporting of cache usage and cache configuration options
- Automatic capture of Build Scan links
Co-authored-by: Josh Gross <joshmgross@github.com>
Currently we suggest that folks dual publish to both npm + gpr.
There are a large number of edge cases related to doing this and IMHO it is
not the best practice. Let's make two separate workflows.
* Added Cloudrail according to instructions and existing examples
* Adding Cloudrail according to documentation and examples
* Oops
* Add original Fortify on Demand workflow
* Update Fortify on Demand workflow
* Update Fortify on Demand supported languages
* Add 3rd-party GitHub Actions disclaimer
* Sysdig Secure Inline Scan with SARIF report to starter workflows
* Added some extra comments, Github Actions V2 and changed env vars
* Reviews from PR #1110
* Adding 'Dockerfile' to category list
* Update according to PR review comments
* File renames as requested in PR comments
* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)
This reverts commit 7f30309cce.
* use env variables for user-set values (#1117)
Co-authored-by: Josh Gross <joshmgross@github.com>
* Apply suggestions from nickfyson's code review
Co-authored-by: Nick Fyson <nickfyson@github.com>
* removing "deployment" templates from sync-ghes (#1127)
* Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Changed svg logo
* Rename sysdig.svg to sysdig-scan.svg
* Switched svg logo (again) for a better fit
* Rename fortify.json to fortify.properties.json
* Correct character-case of "c" in Cloudrail
* AWS template also used Docker
* trigger on push instead of release (#1157)
Co-authored-by: Josh Gross <joshmgross@github.com>
* Adding MobSF starter workflow
* Adhering to pull request guidelines
* python: update to use python 3.10
Signed-off-by: Rui Chen <rui@chenrui.dev>
* Added new templates for 3 clouds.
* Revert "Added new templates for 3 clouds."
This reverts commit c765d6316f.
* Add ruby and update workflow
* Add workflow for Microsoft C++ Code Analysis
* Updated action to meet guidelines
* quote the version strings
* correct typo in msvc.properties.json
* Update codeql.properties.json
* Update code-scanning/properties/codeql.properties.json
Co-authored-by: Arthur Baars <arthur@semmle.com>
* Update codeql.properties.json
* Update codeql.properties.json
* Update code-scanning/mobsf.yml
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Update code-scanning/properties/mobsf.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Fixed typo in workflow that will cause every run to fail
* Update commit SHA
* r: use setup-r@1 and include r@4 for starter (#1169)
* r: use setup-r@1 and include r@4 for starter
Signed-off-by: Rui Chen <rui@chenrui.dev>
* use sha instead of tag for external action
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
* elixir: refresh dependencies (#1212)
- setup action got renamed into `setup-beam`
- update elixir and erlang versions
* Updated to main branch version.
Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Abir Majumdar <abirismyname@github.com>
Co-authored-by: Rui Chen <rui@chenrui.dev>
Co-authored-by: David Verdeguer <daverlo@github.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
Co-authored-by: David Verdeguer <47184891+Daverlo@users.noreply.github.com>
Co-authored-by: Arthur Baars <arthur@semmle.com>
Co-authored-by: Abir Majumdar <83433840+abirismyname@users.noreply.github.com>
Co-authored-by: Marco Gario <marcogario@github.com>
Co-authored-by: Andy McKay <andymckay@github.com>
* Added Cloudrail according to instructions and existing examples
* Adding Cloudrail according to documentation and examples
* Oops
* Add original Fortify on Demand workflow
* Update Fortify on Demand workflow
* Update Fortify on Demand supported languages
* Add 3rd-party GitHub Actions disclaimer
* Sysdig Secure Inline Scan with SARIF report to starter workflows
* Added some extra comments, Github Actions V2 and changed env vars
* Reviews from PR #1110
* Adding 'Dockerfile' to category list
* Update according to PR review comments
* File renames as requested in PR comments
* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)
This reverts commit 7f30309cce.
* use env variables for user-set values (#1117)
Co-authored-by: Josh Gross <joshmgross@github.com>
* Apply suggestions from nickfyson's code review
Co-authored-by: Nick Fyson <nickfyson@github.com>
* removing "deployment" templates from sync-ghes (#1127)
* Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Changed svg logo
* Rename sysdig.svg to sysdig-scan.svg
* Switched svg logo (again) for a better fit
* Rename fortify.json to fortify.properties.json
* Correct character-case of "c" in Cloudrail
* AWS template also used Docker
* trigger on push instead of release (#1157)
Co-authored-by: Josh Gross <joshmgross@github.com>
* Adding MobSF starter workflow
* Adhering to pull request guidelines
* python: update to use python 3.10
Signed-off-by: Rui Chen <rui@chenrui.dev>
* Added new templates for 3 clouds.
* Revert "Added new templates for 3 clouds."
This reverts commit c765d6316f.
* Add ruby and update workflow
* Add workflow for Microsoft C++ Code Analysis
* Updated action to meet guidelines
* quote the version strings
* correct typo in msvc.properties.json
* Update codeql.properties.json
* Update code-scanning/properties/codeql.properties.json
Co-authored-by: Arthur Baars <arthur@semmle.com>
* Update codeql.properties.json
* Update codeql.properties.json
* Update code-scanning/mobsf.yml
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Update code-scanning/properties/mobsf.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Fixed typo in workflow that will cause every run to fail
* Update commit SHA
* r: use setup-r@1 and include r@4 for starter (#1169)
* r: use setup-r@1 and include r@4 for starter
Signed-off-by: Rui Chen <rui@chenrui.dev>
* use sha instead of tag for external action
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
* elixir: refresh dependencies (#1212)
- setup action got renamed into `setup-beam`
- update elixir and erlang versions
Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Abir Majumdar <abirismyname@github.com>
Co-authored-by: Rui Chen <rui@chenrui.dev>
Co-authored-by: David Verdeguer <daverlo@github.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
Co-authored-by: David Verdeguer <47184891+Daverlo@users.noreply.github.com>
Co-authored-by: Arthur Baars <arthur@semmle.com>
Co-authored-by: Abir Majumdar <83433840+abirismyname@users.noreply.github.com>
Co-authored-by: Marco Gario <marcogario@github.com>
Co-authored-by: Andy McKay <andymckay@github.com>
* Rename "azure.yml" to Node-specific name
* Add templates and properties for other languages
* Add workflow for .NET Core
* Add workflow and properties file for PHP
* Updates from PR review
* Fix EOF
* Use latest versions
* Renamed the file appropriately.
* Put the azure file back.
* Added azure back.
* Revert "Dummy azure templates for showcasing the CD Ordering Behavior (#1194)"
This reverts commit 9ce2a5b56f.
Co-authored-by: Jason Freeberg <jafreebe@microsoft.com>
* r: use setup-r@1 and include r@4 for starter
Signed-off-by: Rui Chen <rui@chenrui.dev>
* use sha instead of tag for external action
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
* Rename "azure.yml" to Node-specific name
* Add templates and properties for other languages
* Add workflow for .NET Core
* Add workflow and properties file for PHP
* Updates from PR review
* Fix EOF
* Use latest versions
* Renamed the file appropriately.
* Put the azure file back.
* Added azure back.
Co-authored-by: Jason Freeberg <jafreebe@microsoft.com>
* Rename "azure.yml" to Node-specific name
* Add templates and properties for other languages
* Add workflow for .NET Core
* Add workflow and properties file for PHP
* Updates from PR review
* Fix EOF
* Use latest versions
* Renamed the file appropriately.
Co-authored-by: Jason Freeberg <jafreebe@microsoft.com>
* Added Cloudrail according to instructions and existing examples
* Adding Cloudrail according to documentation and examples
* Oops
* Add original Fortify on Demand workflow
* Update Fortify on Demand workflow
* Update Fortify on Demand supported languages
* Add 3rd-party GitHub Actions disclaimer
* Sysdig Secure Inline Scan with SARIF report to starter workflows
* Added some extra comments, Github Actions V2 and changed env vars
* Reviews from PR #1110
* Adding 'Dockerfile' to category list
* Update according to PR review comments
* File renames as requested in PR comments
* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)
This reverts commit 7f30309cce.
* use env variables for user-set values (#1117)
Co-authored-by: Josh Gross <joshmgross@github.com>
* Apply suggestions from nickfyson's code review
Co-authored-by: Nick Fyson <nickfyson@github.com>
* removing "deployment" templates from sync-ghes (#1127)
* Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Changed svg logo
* Rename sysdig.svg to sysdig-scan.svg
* Switched svg logo (again) for a better fit
* Rename fortify.json to fortify.properties.json
* Correct character-case of "c" in Cloudrail
* AWS template also used Docker
* trigger on push instead of release (#1157)
Co-authored-by: Josh Gross <joshmgross@github.com>
* Added new templates for 3 clouds.
* Revert "Added new templates for 3 clouds."
This reverts commit c765d6316f.
* Add workflow for Microsoft C++ Code Analysis
* Updated action to meet guidelines
* correct typo in msvc.properties.json
* Removed the dummy templates used in bug_bash.
Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
* Added Cloudrail according to instructions and existing examples
* Adding Cloudrail according to documentation and examples
* Oops
* Add original Fortify on Demand workflow
* Update Fortify on Demand workflow
* Update Fortify on Demand supported languages
* Add 3rd-party GitHub Actions disclaimer
* Sysdig Secure Inline Scan with SARIF report to starter workflows
* Added some extra comments, Github Actions V2 and changed env vars
* Reviews from PR #1110
* Adding 'Dockerfile' to category list
* Update according to PR review comments
* File renames as requested in PR comments
* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)
This reverts commit 7f30309cce.
* use env variables for user-set values (#1117)
Co-authored-by: Josh Gross <joshmgross@github.com>
* Apply suggestions from nickfyson's code review
Co-authored-by: Nick Fyson <nickfyson@github.com>
* removing "deployment" templates from sync-ghes (#1127)
* Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Changed svg logo
* Rename sysdig.svg to sysdig-scan.svg
* Switched svg logo (again) for a better fit
* Rename fortify.json to fortify.properties.json
* Correct character-case of "c" in Cloudrail
* AWS template also used Docker
* trigger on push instead of release (#1157)
Co-authored-by: Josh Gross <joshmgross@github.com>
* Added new templates for 3 clouds.
* Revert "Added new templates for 3 clouds."
This reverts commit c765d6316f.
* Add workflow for Microsoft C++ Code Analysis
* Updated action to meet guidelines
* correct typo in msvc.properties.json
Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
* Added Cloudrail according to instructions and existing examples
* Adding Cloudrail according to documentation and examples
* Oops
* Add original Fortify on Demand workflow
* Update Fortify on Demand workflow
* Update Fortify on Demand supported languages
* Add 3rd-party GitHub Actions disclaimer
* Sysdig Secure Inline Scan with SARIF report to starter workflows
* Added some extra comments, Github Actions V2 and changed env vars
* Reviews from PR #1110
* Adding 'Dockerfile' to category list
* Update according to PR review comments
* File renames as requested in PR comments
* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)
This reverts commit 7f30309cce.
* use env variables for user-set values (#1117)
Co-authored-by: Josh Gross <joshmgross@github.com>
* Apply suggestions from nickfyson's code review
Co-authored-by: Nick Fyson <nickfyson@github.com>
* removing "deployment" templates from sync-ghes (#1127)
* Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
* Changed svg logo
* Rename sysdig.svg to sysdig-scan.svg
* Switched svg logo (again) for a better fit
* Rename fortify.json to fortify.properties.json
Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
* Azure Data Factory CI starter workflow
* fix: data factory starter categories
* fix: checkout step formatting
* fix: data-factory-export targeting latest version
* feature: latest adf validate and export versions
* feature: Azure Data Factory tech_stack category for CI starter
Co-authored-by: Fernando de Oliveira <5161098+fernandoBRS@users.noreply.github.com>
This commit adds github/super-linter as a starter workflow to execute
several linters based on the user codebase on changed files.
Co-authored-by: Josh Gross <joshmgross@github.com>
- Simplifies required configuration since a registry account is now
optional
- Update a variety of comments
- Use tools-installer to install oc
- Other small changes towards a better UX
Signed-off-by: Tim Etchells <tetchel@gmail.com>
* Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-feature.yml
* Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-support.yml
* Restrict permissions for the GITHUB_TOKEN in .github/workflows/stale.yml
* Restrict permissions for the GITHUB_TOKEN in .github/workflows/sync_ghes.yaml
* Restrict permissions for the GITHUB_TOKEN in .github/workflows/validate-data.yaml
Co-authored-by: Step Security <bot@stepsecurity.io>
Co-authored-by: step-security[bot] <89328102+step-security[bot]@users.noreply.github.com>
Co-authored-by: Step Security <bot@stepsecurity.io>
- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
# This workflow will build and push a node.js application to an Azure Web App when a release is created.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/azure/app-service/app-service-plan-manage#create-an-app-service-plan
#
# To configure this workflow:
#
# 1. For Linux apps, add an app setting called WEBSITE_WEBDEPLOY_USE_SCM and set it to true in your app **before downloading the file**.
# For more instructions see: https://docs.microsoft.com/azure/app-service/configure-common#configure-app-settings
#
# 2. Set up a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE with the value of your Azure publish profile.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Change the values for the AZURE_WEBAPP_NAME, AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables (below).
#
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
on:
release:
types:[created]
env:
AZURE_WEBAPP_NAME:your-app-name # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH:'.'# set this to the path to your web app project, defaults to the repository root
NODE_VERSION:'10.x'# set this to the node version to use
# This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when a release is created
#
# To configure this workflow:
#
# 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc.
#
# 2. Set up secrets in your workspace: GKE_PROJECT with the name of the project and GKE_SA_KEY with the Base64 encoded JSON service account key (https://github.com/GoogleCloudPlatform/github-actions/tree/docs/service-account-key/setup-gcloud#inputs).
#
# 3. Change the values for the GKE_ZONE, GKE_CLUSTER, IMAGE, and DEPLOYMENT_NAME environment variables (below).
#
# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke
name:Build and Deploy to GKE
on:
release:
types:[created]
env:
PROJECT_ID:${{ secrets.GKE_PROJECT }}
GKE_CLUSTER: cluster-1 # TODO:update to cluster name
GKE_ZONE: us-central1-c # TODO:update to cluster zone
DEPLOYMENT_NAME: gke-test # TODO:update to deployment name
IMAGE:static-site
jobs:
setup-build-publish-deploy:
name:Setup, Build, Publish, and Deploy
runs-on:ubuntu-latest
environment:production
steps:
- name:Checkout
uses:actions/checkout@v2
# Setup gcloud CLI
- uses:google-github-actions/setup-gcloud@v0.2.0
with:
service_account_key:${{ secrets.GKE_SA_KEY }}
project_id:${{ secrets.GKE_PROJECT }}
# Configure Docker to use the gcloud command-line tool as a credential
# helper for authentication
- run:|-
gcloud --quiet auth configure-docker
# Get the GKE credentials so we can deploy to the cluster
# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
if [ $scheme = default ]; then scheme=$(cat default); fi
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This is a basic workflow to help you get started with Using Checkmarx CxFlow Action
name:CxFlow
on:
push:
branches:[$default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches:[$default-branch ]
schedule:
- cron:$cron-weekly
# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
permissions:
contents:read
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
permissions:
contents:read# for actions/checkout to fetch code
issues:write# for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to github issues
pull-requests:write# for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to PR
security-events:write# for github/codeql-action/upload-sarif to upload SARIF results
# TODO: Customize trigger events based on your DevSecOps processes and typical FoD SAST scan time
on:
workflow_dispatch:
push:
branches:[$default-branch ]
schedule:
- cron:$cron-weekly
jobs:
FoD-SAST-Scan:
# Use the appropriate runner for building your source code.
# TODO: Use a Windows runner for .NET projects that use msbuild. Additional changes to RUN commands will be required to switch to Windows syntax.
runs-on:ubuntu-latest
permissions:
actions:read
contents:read
security-events:write
steps:
# Check out source code
- name:Check Out Source Code
uses:actions/checkout@v2
# Java is required to run the various Fortify utilities.
# When scanning a Java application, please use the appropriate Java version for building your application.
- name:Setup Java
uses:actions/setup-java@v1
with:
java-version:1.8
# Prepare source+dependencies for upload. The default example is for a Maven project that uses pom.xml.
# TODO: Update PACKAGE_OPTS based on the ScanCentral Client documentation for your project's included tech stack(s). Helpful hints:
# ScanCentral Client will download dependencies for maven (-bt mvn) and gradle (-bt gradle).
# ScanCentral Client can download dependencies for msbuild projects (-bt msbuild); however, you must convert the workflow to use a Windows runner.
# ScanCentral has additional options that should be set for PHP and Python projects
# For other build tools, add your build commands to download necessary dependencies and prepare according to Fortify on Demand Packaging documentation.
# ScanCentral Client documentation is located at https://www.microfocus.com/documentation/fortify-software-security-center/
# Start Fortify on Demand SAST scan and wait until results complete. For more information on FoDUploader commands, see https://github.com/fod-dev/fod-uploader-java
# TODO: Update ENV variables for your application and create the necessary GitHub Secrets. Helpful hints:
# Credentials and release ID should be obtained from your FoD tenant (either Personal Access Token or API Key can be used).
# Automated Audit preference should be configured for the release's Static Scan Settings in the Fortify on Demand portal.
- name:Download Fortify on Demand Universal CI Tool
# 2. Create a service account token `mapi organization service-account create
# <org-name> <service-account-name>`
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.