Compare commits

...

297 Commits

Author SHA1 Message Date
Sampark Sharma e526628119 Fix to resolve code scanning inclusions to ghes
Validate Data / validate-data (push) Has been cancelled
2022-02-23 10:33:02 +00:00
Atul Malaviya 300f303442 Added PR trigger (#1448) 2022-02-20 13:48:18 +05:30
Nick Fyson 8573ed9cf5 Merge pull request #1416 from arjundashrath/patch-8 2022-02-16 10:50:19 +00:00
Nick Fyson 48d70bb057 Merge branch 'main' into patch-8 2022-02-16 10:47:11 +00:00
Nick Fyson 5a06c8f464 Merge pull request #1404 from h0x0er/patch-7
Added github_token permissions in code-scanning/semgrep.yml
2022-02-16 10:07:51 +00:00
Nick Fyson 0c9bd866a7 Merge branch 'main' into patch-7 2022-02-16 10:00:27 +00:00
Nick Fyson e53dd812a5 Merge pull request #1424 from Devils-Knight/permks-7
Add token permissions for code-scanning/stackhawk.yml
2022-02-16 09:53:27 +00:00
Nick Fyson dc87bafe6f Merge branch 'main' into permks-7 2022-02-16 09:52:35 +00:00
Nick Fyson af74f124fb Merge pull request #1432 from Devils-Knight/permks-10
Add token permissions for code-scanning/njsscan.yml
2022-02-16 09:20:03 +00:00
Shubham malik 6706b36121 Update njsscan.yml 2022-02-15 16:04:39 +05:30
Shubham malik aa4aa29543 Update stackhawk.yml 2022-02-14 15:51:06 +05:30
arjundashrath 4333c79965 Update codacy.yml 2022-02-14 13:08:08 +05:30
h0x0er 14ce90e99f added github_token permissions 2022-02-14 11:13:30 +05:30
Chris Gavin 7fb1c31151 Merge pull request #1402 from actions/fix-enterprise-exclusions
Fix some workflows not being excluded from Enterprise syncing.
2022-02-11 17:02:20 +00:00
Chris Gavin 4579cb5c54 Fix some workflows not being excluded from Enterprise syncing. 2022-02-11 15:03:41 +00:00
Nick Fyson e9cc9b14bc Merge pull request #1397 from adangel/update-pmd
Update pmd to v1.2.0
2022-02-11 09:50:48 +00:00
Andreas Dangel d580918e06 Update pmd to v1.2.0
* Use pmd/pmd-github-action@967a81f8b6
   which is v1.2.0
* Remove "cache: maven" setting, which fails if no pom.xml file
   is existing
* Set parameter "analyzeModifiedFilesOnly: false" to prevent incomplete
   analysis results. See also https://github.com/pmd/pmd-github-action/issues/35
2022-02-10 18:10:25 +01:00
Nick Fyson 2e489c2619 Merge pull request #1368 from Devils-Knight/Permissions
Add token permissions for code-scanning/crunch42.yml
2022-02-04 14:38:09 +00:00
Nick Fyson 53217fe594 Merge branch 'main' into Permissions 2022-02-04 14:37:22 +00:00
Nick Fyson 64ccdd2a47 Merge pull request #1373 from h0x0er/main
Added GITHUB_TOKEN permission for code-scanning/anchore.yml
2022-02-04 10:45:44 +00:00
Nick Fyson c84eced9e9 Merge branch 'main' into main 2022-02-04 10:43:53 +00:00
Nick Fyson 8ec9e75aba Merge pull request #1377 from Devils-Knight/permissions
Add token permissions for code-scanning/checkmarx.yml
2022-02-04 10:26:09 +00:00
Nick Fyson 251b7bbc24 Merge branch 'main' into permissions 2022-02-04 10:25:18 +00:00
Bishal Prasad de41169eb0 Revert "Add Datadog Synthetics GitHub action to starter workflows (#1342)" (#1385)
This reverts commit f31e3a9c9d.
2022-02-04 09:45:26 +05:30
Daz DeBoer 98bd06c9ad Update for gradle/gradle-build-action@v2.1.3 (#1384) 2022-02-03 16:24:19 -05:00
h0x0er 7ea0d435cf Merge branch 'main' into main 2022-02-03 13:40:22 +05:30
Shubham malik d71bfc344e Create checkmarx.yml 2022-02-01 22:34:47 +05:30
Anurag Chauhan 5cdc69b0e1 Merge pull request #1374 from actions/code_scanning_desc
Fixing some code scanning workflows description
2022-02-01 16:45:07 +05:30
Anurag Chauhan 9ef177a834 Merge branch 'main' into code_scanning_desc 2022-02-01 16:44:05 +05:30
Daz DeBoer 776a960496 Update for gradle-build-action@v2.1.2 release (#1375) 2022-01-31 16:47:10 -05:00
Anurag Chauhan 890150c289 Fixing some code scanning workflows description 2022-01-31 10:48:11 +00:00
h0x0er 0e684da195 x
Merge branch 'main' of https://github.com/h0x0er/starter-workflows
2022-01-31 14:29:45 +05:30
h0x0er 34d35389d1 updated gh_token permissions for anchore/scan-action 2022-01-31 14:29:11 +05:30
h0x0er 8430b6f878 Update 2022-01-31 14:23:00 +05:30
Fedor Isakov c005c55b8b update google workflow (#1359) 2022-01-30 11:37:53 +05:30
Nick Fyson 2e8fec55f6 Merge pull request #1348 from Devils-Knight/starter-workflow 2022-01-28 22:04:00 +00:00
Nick Fyson e833ff06e4 Merge branch 'main' into starter-workflow 2022-01-28 22:00:17 +00:00
Aarnav Pai 1220bda7e4 Fix version of denoland/setup-deno (#1369)
* Fix version of `denoland/setup-deno`

* Update deno.yml
2022-01-27 10:51:47 -05:00
Shubham malik 4f0f3e716d Update crunch42.yml 2022-01-27 15:38:23 +05:30
Bishal Prasad 80404f48bc Rename node.js.yml to ci/node.js.yml 2022-01-27 10:28:39 +05:30
Bishal Prasad c0b5490590 Rename ci/bishal-node.js.yml to node.js.yml 2022-01-27 10:27:32 +05:30
Bishal Prasad 7a56117f98 Rename node.js.yml to bishal-node.js.yml 2022-01-27 10:27:08 +05:30
Shubham malik 3b8f20ff6f updated permission 2022-01-26 22:42:19 +05:30
Nick Fyson 63e7f499e9 Merge pull request #1363 from laurentsimon/patch-1
Scorecards: update hash for v1.0.2
2022-01-24 18:44:06 +00:00
laurentsimon 41e7dd427d Scorecards: update hash to v1.0.2
We fixed a small issue and need to update the hash
2022-01-24 08:27:33 -08:00
Andrew Wiltshire ffa80e095e fixed grammatical error in node.js.yml (#1358) 2022-01-20 09:00:56 +05:30
César Román a96d2407b5 fix(ci): pylint.yml (#1108)
ref: #636. `pylint` command does not work

I've had success running the modified command [here](https://github.com/thecesrom/incendium/blob/project/.github/workflows/pylint.yml).

Co-authored-by: Josh Gross <joshmgross@github.com>
2022-01-19 18:41:20 -05:00
Jason Freeberg ba97234b60 Fix indentation error (#1356) 2022-01-18 17:07:26 -05:00
Nick Fyson f2778053bd Merge pull request #1352 from laurentsimon/feat/scorecardicon
 Update scorecards icon
2022-01-18 11:06:49 +00:00
Nick Fyson 0a84296a2a Merge branch 'main' into feat/scorecardicon 2022-01-18 11:05:08 +00:00
André Arko 5635bf05bc Upgrade Rails workflow to true CI (#1353)
* Upgrade Rails workflow to true CI

The existing Rails CI example only runs linters, which is not continuous
integration. This change brings the Rails example workflow up to par
with the other web framework CI flows, like Django.

This example is optimized for Rails 7, which does not include NodeJS,
webpack, or yarn by default. No Rails application code changes are
required for this flow to run the tests, and both minitest and rspec are
supported via the `test` rake task.

* add Rails icon

* use env vars, hopefully

* use the full hash for ruby/setup-ruby

* remove PORT since services cannot use it

* stop repeating identical step envs

* resolve env var declaration error

* update setup-ruby to the SHA of v1.92

* use setup-ruby SHA for lint job too

Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>
2022-01-18 02:04:33 +05:30
Bishal Prasad 11778e9eb0 Add check for GITHUB_TOKEN permissions (#1354) 2022-01-17 13:17:29 +05:30
Beth G f31e3a9c9d Add Datadog Synthetics GitHub action to starter workflows (#1342) 2022-01-15 11:41:46 +05:30
laurentsimon 94100d1d4a bump 2022-01-14 23:32:21 +00:00
laurentsimon b224dd8449 update icon 2022-01-14 23:32:21 +00:00
Manuel 588f02dade Switch java distribution from 'adopt' to 'temurin' (#1065)
adopt is rebranded into temurin
see https://blog.adoptopenjdk.net/2021/03/transition-to-eclipse-an-update/
2022-01-14 18:05:31 -05:00
Nick Fyson e873c3ca45 Merge pull request #1345 from laurentsimon/feat/scorecard-release
Scorecards: Updates for release
2022-01-14 12:15:31 +00:00
laurentsimon 1b10c28ff4 rem tabs and update comment 2022-01-14 03:00:11 +00:00
laurentsimon aa643dfa0c bump hash 2022-01-13 22:29:39 +00:00
shubham malik f78e23c19d Update trivy.yml 2022-01-13 11:12:14 +05:30
laurentsimon b0f310cefc update token name 2022-01-10 23:52:58 +00:00
laurentsimon 00e08539ca prepare release 2022-01-10 23:19:46 +00:00
Nick Fyson 51e7c8e1e6 Merge pull request #1302 from laurentsimon/feat/scorecard
Add scorecards config
2022-01-04 19:16:50 +00:00
laurentsimon d0dba5262b use v0.0.1 2022-01-04 18:26:32 +00:00
laurentsimon b73f59a3e8 add icon 2022-01-04 18:26:32 +00:00
laurentsimon 40772919fb updates 2022-01-04 18:26:32 +00:00
laurentsimon 7c57e8a703 updates 2022-01-04 18:26:32 +00:00
laurentsimon 07be376c3a updates 2022-01-04 18:26:32 +00:00
laurentsimon 48edda6aca reduce text 2022-01-04 18:26:32 +00:00
laurentsimon f38127b062 update text 2022-01-04 18:26:32 +00:00
laurentsimon 9e49744dc2 url 2022-01-04 18:26:32 +00:00
laurentsimon a894da71d1 pin actions 2022-01-04 18:26:32 +00:00
laurentsimon a00db4437c comments 2022-01-04 18:26:32 +00:00
laurentsimon 0e50194de8 use hash 2022-01-04 18:26:32 +00:00
laurentsimon 794e910e12 add scorecards config 2022-01-04 18:26:32 +00:00
Ana Armas Romero f9d17c0062 Merge pull request #1332 from DhavalPatelPersistent/main
Update checkmarx.yml attributes : "uses","project","teams","scanners","params".
2021-12-30 04:17:00 -08:00
DhavalPatelPersistent 97020d0adc Update checkmarx.yml
Point to SHA instead for master
2021-12-30 16:39:28 +05:30
DhavalPatelPersistent 0b45ddae0d Update / Add "uses","project","teams","scanners","params" attributes. 2021-12-24 15:55:11 +05:30
Nick Fyson 5104ac4274 Merge pull request #1324 from adangel/update-pmd
Update pmd to v1.1.0
2021-12-20 15:16:34 +00:00
Andreas Dangel 615c63babc Update pmd to v1.1.0
Use pmd/pmd-github-action@6d98898be0 which is v1.1.0
Use temurin as java distribution
2021-12-20 11:50:23 +01:00
Anurag Chauhan 619bd129a7 Merge pull request #1314 from actions/partner_templates
Merge partner templates to main branch
2021-12-17 22:11:22 +05:30
Anurag Chauhan 7eb13f680a Merge branch 'main' of https://github.com/actions/starter-workflows into partner_templates 2021-12-16 10:55:26 +00:00
Anurag Chauhan 73a17a51b5 deleting azure.yml 2021-12-16 10:55:17 +00:00
Matt Moore 00db25fc1e Enable keyless signing for private repos. (#1295)
Now that cosign 1.4 is out, we can perform keyless signing without panicking on private images (and without `--force` uploading to Rekor).

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
2021-12-13 15:17:02 -05:00
Anurag Chauhan 5bd8eb4344 Merge branch 'main' of https://github.com/actions/starter-workflows into partner_templates 2021-12-09 11:32:59 +00:00
Anurag Chauhan 9c27271e2f Merge pull request #1298 from actions/anuragc617/fix_az_order
Renaming azure template to fix the order
2021-12-08 12:48:11 +05:30
Anurag Chauhan 17c64f97fe resolving comments 2021-12-08 05:01:06 +00:00
Anurag Chauhan c059d06679 renaming azure template to fix the order 2021-12-07 14:16:20 +00:00
Ana Armas Romero 432e3e3e74 Merge pull request #1278 from actions/veracode_workflow
Add veracode workflow
2021-12-07 11:52:25 +01:00
Ana Armas Romero 75ecfa0bae Merge branch 'main' into veracode_workflow 2021-12-07 11:50:58 +01:00
anaarmas 1c56988c5d remove unnecessary uses of the upload-artifact action and improve input file name 2021-12-07 11:35:26 +01:00
Matt Moore 60d206d090 Have the starter docker-publish action sign digests. (#1255)
* Have the starter `docker-publish` action sign digests.

This change installs `sigstore/cosign` using the `cosign-installer` action,
and uses sigstore's "keyless" signing process to sign the resulting image
digest using the action's identity token (see: `id-token: write`).

Signed-off-by: Matt Moore <mattomata@gmail.com>

* Fully qualify the digest, add setup-buildx-action as workaround

* Drop --force, add public repo check

* Use built-in 'private' bit
2021-12-06 22:35:19 +05:30
Nick Fyson d67515a20c Merge pull request #1200 from abirismyname/adding-pmd-workflow
Adding pmd
2021-12-03 18:42:12 +00:00
Abir Majumdar 4e6641ed74 Updating pmd logo 2021-12-03 13:19:43 -05:00
Nick Fyson f46fcd0e80 Merge branch 'main' into adding-pmd-workflow 2021-12-03 16:13:55 +00:00
Abir Majumdar 649bca8dab Updating logo and adding sha to workflow 2021-12-03 10:33:18 -05:00
Daz DeBoer f7b1f1515d Use gradle-build-action in starter workflows (#1237)
The `gradle-build-action` provides enhanced execution and caching functionality for Gradle.
This change updates starter workflows to use `v2.0.0` of `gradle-build-action`.

Improvements over invoking Gradle directly include:
- Easier to run the workflow with a particular Gradle version
- More sophisticated and more efficient caching of Gradle User Home between invocations
- Detailed reporting of cache usage and cache configuration options
- Automatic capture of Build Scan links

Co-authored-by: Josh Gross <joshmgross@github.com>
2021-12-02 17:22:55 -05:00
Abir Majumdar 2863ef2206 Merge branch 'main' into adding-pmd-workflow 2021-12-02 08:46:08 -05:00
Marcel Wagner 9920cac8e9 Update text flow for cmake comment (#1054) 2021-12-02 09:21:29 +05:30
Jason Freeberg a48ef3a643 Update azure-webapps-node.yml (#1282) 2021-12-01 20:52:36 -05:00
Abir Majumdar 435b265ae0 Removing dupe 2021-12-01 17:02:40 -05:00
Abir Majumdar 3fd42f21fc Merge branch 'main' into adding-pmd-workflow 2021-12-01 16:05:16 -05:00
Abir Majumdar d2bba6f2d9 Adding icon 2021-12-01 16:03:49 -05:00
Abir Majumdar ce771c75d8 Referencing new official PMD github action 2021-12-01 15:50:22 -05:00
Myles Borins 4238ac653e chore: split npm publish into 2 workflows (#1281)
Currently we suggest that folks dual publish to both npm + gpr.

There are a large number of edge cases related to doing this and IMHO it is
not the best practice. Let's make two separate workflows.
2021-12-01 14:38:35 -05:00
Nick Fyson 7ebee84fa6 Merge pull request #1262 from apisec-inc/master
Added starter workflow to help get started with APIsec-Scan code-scanning Action
2021-12-01 12:45:02 +00:00
Anurag Chauhan a8de83bc48 Merge pull request #1268 from actions/update_azure_py_webapp_cache
Updating azure partner templates to use commitId for 3rd party actions and setup actions cache.
2021-12-01 15:19:00 +05:30
abdul-hai-apisec e99eb117c5 Merge remote-tracking branch 'origin/master' 2021-12-01 13:44:28 +05:30
abdul-hai-apisec 3f39a5a76b Removed the unwanted space in actions file.
Updated the logo to have only the shield portion.
2021-12-01 13:27:02 +05:30
anaarmas b629998430 replace unnecessary actions with shell commands 2021-11-30 09:56:40 +01:00
abdul-hai-apisec fa053f9bf1 Merge branch 'main' into master 2021-11-30 12:24:56 +05:30
anaarmas 1a37cd5345 add veracode workflow 2021-11-29 11:49:33 +01:00
Anurag Chauhan 3258466b26 Adding commit sha for 3rd party actions 2021-11-29 08:51:54 +00:00
Nick Fyson a85155b04a Merge pull request #1266 from actions/detekt_workflow
Add Detekt workflow template
2021-11-25 10:15:32 +00:00
Nick Fyson e1db44513b Merge branch 'main' into detekt_workflow 2021-11-25 10:07:09 +00:00
Anurag Chauhan b4ee598043 use setup cache option instead of action 2021-11-25 10:03:14 +00:00
Anurag Chauhan cb87b05b73 Merge pull request #1162 from JasonFreeberg/partner_templates
Add partner templates for Azure Web Apps
2021-11-25 12:03:45 +05:30
Jason Freeberg 1a67e08a9e Update azure-webapps-container.yml 2021-11-24 15:58:25 -08:00
Jason Freeberg 278aa7a82e Add dependency caching for .NET, Node, PHP, and Python workflows 2021-11-24 14:26:16 -08:00
Jason Freeberg 8fd6550c33 Revert overwrite from upstream pull 2021-11-24 14:20:00 -08:00
Jason Freeberg b9fd04a8cf Merge remote-tracking branch 'upstream/partner_templates' into partner_templates 2021-11-24 12:13:19 -08:00
Anurag Chauhan 2d4fbbba8f Merge pull request #1259 from FrodoTheTrue/update-google-deployment-2
Update google deployment starter workflow (partner_templates)
2021-11-24 15:47:21 +05:30
Anurag Chauhan 12aae3647b Merge branch 'partner_templates' into update-google-deployment-2 2021-11-24 13:38:23 +05:30
Anurag Chauhan a96cff48f1 Merge pull request #1207 from gambtho/thgamble/aksstarter
Deploy an application to AKS
2021-11-24 13:37:33 +05:30
anaarmas c4dadecc05 find a way to pin the SHA for detekt workflow template 2021-11-23 21:14:53 +01:00
Ana Armas Romero 200b0c34b1 Merge pull request #1254 from actions/move-code-scanning-workflows
Validate Data / validate-data (push) Has been cancelled
Move code scanning workflows
2021-11-23 14:21:15 +01:00
anaarmas 0debae5ec7 fix crunch42 template id so it overrides old template as required 2021-11-23 09:37:32 +01:00
abdul-hai-apisec 6439d558f4 Updated the names as per the pull request checklist. 2021-11-22 21:14:54 +05:30
abdul-hai-apisec 499e38bc3e Added starter workflow to help you get started with APIsec-Scan Actions. 2021-11-22 20:35:15 +05:30
Fedor Isakov 28856d6071 Update google deployment starter workflow 2021-11-19 20:46:53 +03:00
anaarmas 52edf1b580 add a bunch of code scanning workflows 2021-11-19 16:55:27 +01:00
anaarmas 42dcf88eb9 add detekt workflow 2021-11-19 16:41:15 +01:00
Tom Gamble 2b3dac02b4 Merge branch 'partner_templates' into thgamble/aksstarter 2021-11-18 10:10:38 -05:00
gambtho 11147495c0 variable cleanup and comment additions 2021-11-18 07:30:10 -05:00
Jason Freeberg 757758750a Merge remote-tracking branch 'upstream/partner_templates' into partner_templates 2021-11-16 09:45:39 -08:00
Jason Freeberg 214aeaaafe Update quickstart link 2021-11-16 09:43:18 -08:00
Nick Fyson da223f8a03 Merge pull request #1238 from meme/nowsecure
Add NowSecure starter workflow
2021-11-15 22:23:51 +00:00
Keegan Saunders f61ca9907b Add NowSecure starter workflow 2021-11-15 08:40:01 -05:00
Ashwin Sangem 4f8abda415 Updated the azure properties file to the main branch version. (#1251)
* Added Cloudrail according to instructions and existing examples

* Adding Cloudrail according to documentation and examples

* Oops

* Add original Fortify on Demand workflow

* Update Fortify on Demand workflow

* Update Fortify on Demand supported languages

* Add 3rd-party GitHub Actions disclaimer

* Sysdig Secure Inline Scan with SARIF report to starter workflows

* Added some extra comments, Github Actions V2 and changed env vars

* Reviews from PR #1110

* Adding 'Dockerfile' to category list

* Update according to PR review comments

* File renames as requested in PR comments

* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)

This reverts commit 7f30309cce.

* use env variables for user-set values (#1117)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Apply suggestions from nickfyson's code review

Co-authored-by: Nick Fyson <nickfyson@github.com>

* removing "deployment" templates from sync-ghes (#1127)

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Changed svg logo

* Rename sysdig.svg to sysdig-scan.svg

* Switched svg logo (again) for a better fit

* Rename fortify.json to fortify.properties.json

* Correct character-case of "c" in Cloudrail

* AWS template also used Docker

* trigger on push instead of release (#1157)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Adding MobSF starter workflow

* Adhering to pull request guidelines

* python: update to use python 3.10

Signed-off-by: Rui Chen <rui@chenrui.dev>

* Added new templates for 3 clouds.

* Revert "Added new templates for 3 clouds."

This reverts commit c765d6316f.

* Add ruby and update workflow

* Add workflow for Microsoft C++ Code Analysis

* Updated action to meet guidelines

* quote the version strings

* correct typo in msvc.properties.json

* Update codeql.properties.json

* Update code-scanning/properties/codeql.properties.json

Co-authored-by: Arthur Baars <arthur@semmle.com>

* Update codeql.properties.json

* Update codeql.properties.json

* Update code-scanning/mobsf.yml

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/mobsf.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Fixed typo in workflow that will cause every run to fail

* Update commit SHA

* r: use setup-r@1 and include r@4 for starter (#1169)

* r: use setup-r@1 and include r@4 for starter

Signed-off-by: Rui Chen <rui@chenrui.dev>

* use sha instead of tag for external action

Co-authored-by: Josh Gross <joshmgross@github.com>

Co-authored-by: Josh Gross <joshmgross@github.com>

* elixir: refresh dependencies (#1212)

- setup action got renamed into `setup-beam`
- update elixir and erlang versions

* Updated to main branch version.

Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Abir Majumdar <abirismyname@github.com>
Co-authored-by: Rui Chen <rui@chenrui.dev>
Co-authored-by: David Verdeguer <daverlo@github.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
Co-authored-by: David Verdeguer <47184891+Daverlo@users.noreply.github.com>
Co-authored-by: Arthur Baars <arthur@semmle.com>
Co-authored-by: Abir Majumdar <83433840+abirismyname@users.noreply.github.com>
Co-authored-by: Marco Gario <marcogario@github.com>
Co-authored-by: Andy McKay <andymckay@github.com>
2021-11-15 18:03:36 +05:30
Ashwin Sangem b1b3ae86ee Sync partner_templates with the main Branch. (#1250)
* Added Cloudrail according to instructions and existing examples

* Adding Cloudrail according to documentation and examples

* Oops

* Add original Fortify on Demand workflow

* Update Fortify on Demand workflow

* Update Fortify on Demand supported languages

* Add 3rd-party GitHub Actions disclaimer

* Sysdig Secure Inline Scan with SARIF report to starter workflows

* Added some extra comments, Github Actions V2 and changed env vars

* Reviews from PR #1110

* Adding 'Dockerfile' to category list

* Update according to PR review comments

* File renames as requested in PR comments

* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)

This reverts commit 7f30309cce.

* use env variables for user-set values (#1117)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Apply suggestions from nickfyson's code review

Co-authored-by: Nick Fyson <nickfyson@github.com>

* removing "deployment" templates from sync-ghes (#1127)

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Changed svg logo

* Rename sysdig.svg to sysdig-scan.svg

* Switched svg logo (again) for a better fit

* Rename fortify.json to fortify.properties.json

* Correct character-case of "c" in Cloudrail

* AWS template also used Docker

* trigger on push instead of release (#1157)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Adding MobSF starter workflow

* Adhering to pull request guidelines

* python: update to use python 3.10

Signed-off-by: Rui Chen <rui@chenrui.dev>

* Added new templates for 3 clouds.

* Revert "Added new templates for 3 clouds."

This reverts commit c765d6316f.

* Add ruby and update workflow

* Add workflow for Microsoft C++ Code Analysis

* Updated action to meet guidelines

* quote the version strings

* correct typo in msvc.properties.json

* Update codeql.properties.json

* Update code-scanning/properties/codeql.properties.json

Co-authored-by: Arthur Baars <arthur@semmle.com>

* Update codeql.properties.json

* Update codeql.properties.json

* Update code-scanning/mobsf.yml

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/mobsf.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Fixed typo in workflow that will cause every run to fail

* Update commit SHA

* r: use setup-r@1 and include r@4 for starter (#1169)

* r: use setup-r@1 and include r@4 for starter

Signed-off-by: Rui Chen <rui@chenrui.dev>

* use sha instead of tag for external action

Co-authored-by: Josh Gross <joshmgross@github.com>

Co-authored-by: Josh Gross <joshmgross@github.com>

* elixir: refresh dependencies (#1212)

- setup action got renamed into `setup-beam`
- update elixir and erlang versions

Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Abir Majumdar <abirismyname@github.com>
Co-authored-by: Rui Chen <rui@chenrui.dev>
Co-authored-by: David Verdeguer <daverlo@github.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
Co-authored-by: David Verdeguer <47184891+Daverlo@users.noreply.github.com>
Co-authored-by: Arthur Baars <arthur@semmle.com>
Co-authored-by: Abir Majumdar <83433840+abirismyname@users.noreply.github.com>
Co-authored-by: Marco Gario <marcogario@github.com>
Co-authored-by: Andy McKay <andymckay@github.com>
2021-11-15 13:47:17 +05:30
Ashwin Sangem 2f7dd74318 Dummy azure templates (#1249)
* Rename "azure.yml" to Node-specific name

* Add templates and properties for other languages

* Add workflow for .NET Core

* Add workflow and properties file for PHP

* Updates from PR review

* Fix EOF

* Use latest versions

* Renamed the file appropriately.

* Put the azure file back.

* Added azure back.

* Revert "Dummy azure templates for showcasing the CD Ordering Behavior (#1194)"

This reverts commit 9ce2a5b56f.

Co-authored-by: Jason Freeberg <jafreebe@microsoft.com>
2021-11-15 13:40:30 +05:30
Tom Gamble 50fcc151be Update aks.properties.json 2021-11-12 07:11:40 -05:00
Tom Gamble d739e93e5e Update aks.properties.json 2021-11-09 07:01:43 -05:00
rui 56c93ff752 elixir: refresh dependencies (#1212)
- setup action got renamed into `setup-beam`
- update elixir and erlang versions
2021-11-08 11:14:50 -05:00
Jason Freeberg 5354877aa0 enable caching 2021-11-03 18:10:02 -07:00
Jason Freeberg a561392dff Update azure-webapps-container.yml 2021-11-03 18:02:06 -07:00
Jason Freeberg 69f26d5fd6 Copy/paste error 2021-11-03 17:58:38 -07:00
Tom Gamble cde6fc6c14 Update aks.properties.json 2021-11-01 09:41:55 -04:00
gambtho 644f0a59aa step names and registry path 2021-10-28 23:05:42 -04:00
gambtho de6c8cbcf0 add aks starter 2021-10-28 22:58:17 -04:00
rui 1d8891efc2 r: use setup-r@1 and include r@4 for starter (#1169)
* r: use setup-r@1 and include r@4 for starter

Signed-off-by: Rui Chen <rui@chenrui.dev>

* use sha instead of tag for external action

Co-authored-by: Josh Gross <joshmgross@github.com>

Co-authored-by: Josh Gross <joshmgross@github.com>
2021-10-28 11:37:36 -04:00
Andy McKay 93ee3d86f6 Merge pull request #1168 from chenrui333/python-3.10
python: update to use python 3.10
2021-10-28 07:40:41 -07:00
Andy McKay 97d8c1c765 Merge branch 'main' into python-3.10 2021-10-28 07:39:33 -07:00
Anurag Chauhan abf0c13931 Merge pull request #1187 from simonaco/partner_templates
Add partner templates for Azure Static Web Apps
2021-10-28 11:35:52 +05:30
Nick Fyson 1b52eb3e6f Merge pull request #1160 from abirismyname/adding-mobsf-to-codescanning 2021-10-27 21:38:42 +01:00
Nick Fyson 216dc929eb Merge branch 'main' into adding-mobsf-to-codescanning 2021-10-27 21:34:36 +01:00
Abir Majumdar c3c12f1950 Adding pmd 2021-10-27 15:35:18 -04:00
Jason Freeberg e1ca1f58be typos 2021-10-27 12:23:24 -07:00
Jason Freeberg e176cd52cd Add more tech stack metadata to the properties files 2021-10-27 12:20:29 -07:00
Jason Freeberg 3893e3d7c8 Add setup instructions to the top 2021-10-27 12:20:09 -07:00
David Verdeguer ef1ebb2538 Merge pull request #1180 from actions/daverlo/ruby-beta
Add ruby and update CodeQL workflow
2021-10-27 16:07:51 +02:00
David Verdeguer 440e8daf05 Merge branch 'main' into daverlo/ruby-beta 2021-10-27 16:01:12 +02:00
Marco Gario 0f5b68ee4f Merge pull request #1198 from d-winsor/msvc-typo
Fixed typo in Microsoft C++ Code Analysis workflow.
2021-10-27 10:16:35 +02:00
Daniel Winsor d9dc2c2f72 Update commit SHA 2021-10-26 21:48:19 -07:00
Daniel Winsor 83bdb0fcd6 Fixed typo in workflow that will cause every run to fail 2021-10-26 21:37:36 -07:00
Simona Cotin 767ba11df2 update action version to v1 2021-10-26 13:15:05 +02:00
Simona Cotin 464fcecb39 Merge branch 'actions:partner_templates' into partner_templates 2021-10-26 13:13:11 +02:00
Abir Majumdar ed8c87df74 Update code-scanning/properties/mobsf.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
2021-10-25 21:40:48 -04:00
Abir Majumdar 09b078fd76 Update code-scanning/mobsf.yml
Co-authored-by: Nick Fyson <nickfyson@github.com>
2021-10-25 21:40:31 -04:00
Ashwin Sangem c0fe29b09d Added Azure Id template back. (#1195)
* Rename "azure.yml" to Node-specific name

* Add templates and properties for other languages

* Add workflow for .NET Core

* Add workflow and properties file for PHP

* Updates from PR review

* Fix EOF

* Use latest versions

* Renamed the file appropriately.

* Put the azure file back.

* Added azure back.

Co-authored-by: Jason Freeberg <jafreebe@microsoft.com>
2021-10-25 22:06:21 +05:30
Ashwin Sangem 9ce2a5b56f Dummy azure templates for showcasing the CD Ordering Behavior (#1194)
* Rename "azure.yml" to Node-specific name

* Add templates and properties for other languages

* Add workflow for .NET Core

* Add workflow and properties file for PHP

* Updates from PR review

* Fix EOF

* Use latest versions

* Renamed the file appropriately.

Co-authored-by: Jason Freeberg <jafreebe@microsoft.com>
2021-10-25 21:16:06 +05:30
Ashwin Sangem 87a12c3391 Undo bug bash changes and Sync with the main branch (#1193)
* Added Cloudrail according to instructions and existing examples

* Adding Cloudrail according to documentation and examples

* Oops

* Add original Fortify on Demand workflow

* Update Fortify on Demand workflow

* Update Fortify on Demand supported languages

* Add 3rd-party GitHub Actions disclaimer

* Sysdig Secure Inline Scan with SARIF report to starter workflows

* Added some extra comments, Github Actions V2 and changed env vars

* Reviews from PR #1110

* Adding 'Dockerfile' to category list

* Update according to PR review comments

* File renames as requested in PR comments

* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)

This reverts commit 7f30309cce.

* use env variables for user-set values (#1117)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Apply suggestions from nickfyson's code review

Co-authored-by: Nick Fyson <nickfyson@github.com>

* removing "deployment" templates from sync-ghes (#1127)

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Changed svg logo

* Rename sysdig.svg to sysdig-scan.svg

* Switched svg logo (again) for a better fit

* Rename fortify.json to fortify.properties.json

* Correct character-case of "c" in Cloudrail

* AWS template also used Docker

* trigger on push instead of release (#1157)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Added new templates for 3 clouds.

* Revert "Added new templates for 3 clouds."

This reverts commit c765d6316f.

* Add workflow for Microsoft C++ Code Analysis

* Updated action to meet guidelines

* correct typo in msvc.properties.json

* Removed the dummy templates used in bug_bash.

Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
2021-10-25 19:30:04 +05:30
Jason Freeberg c78dd727e9 Use latest versions 2021-10-24 21:47:00 -07:00
Jason Freeberg b5113430d9 Fix EOF 2021-10-24 21:46:13 -07:00
Jason Freeberg 704eb638ce Updates from PR review 2021-10-24 21:45:21 -07:00
Jason Freeberg a702d187d1 Add workflow and properties file for PHP 2021-10-24 21:37:36 -07:00
Simona Cotin 27ebc235ee Add partner templates for Azure Static Web Apps 2021-10-22 13:00:26 +02:00
Ashwin Sangem 39293c2452 Deleting gcp dummy templates. (#1186) 2021-10-22 16:24:02 +05:30
Bishal Prasad cd0b591526 Update google_python.properties.json 2021-10-22 16:13:36 +05:30
Bishal Prasad 4abed744e3 Update azure_docker.properties.json 2021-10-22 16:12:34 +05:30
Bishal Prasad 7b8fcf2d84 Rename aws_java.yaml to aws_node.yaml 2021-10-22 16:11:57 +05:30
Bishal Prasad 2b39072b92 Rename aws_java.properties.json to aws_node.properties.json 2021-10-22 16:11:39 +05:30
Bishal Prasad 34a94290c1 Update aws_java.properties.json 2021-10-22 16:10:51 +05:30
Bishal Prasad 41027f9cb5 Update aws_dockerfile.properties.json 2021-10-22 16:08:40 +05:30
Bishal Prasad a7e746ef4e Rename aws_node.yaml to aws_java.yaml 2021-10-22 16:01:43 +05:30
Bishal Prasad 62a3686226 Rename aws_node.properties.json to aws_java.properties.json 2021-10-22 16:00:55 +05:30
Bishal Prasad ff38066101 Create aws_node.properties.json 2021-10-22 16:00:18 +05:30
Bishal Prasad 1ff952c678 Update aws_node.properties.json 2021-10-22 16:00:12 +05:30
Bishal Prasad 1d19515d95 Update google_java.properties.json 2021-10-22 15:58:29 +05:30
Bishal Prasad c3f7e66294 Update azure_docker.properties.json 2021-10-22 15:53:33 +05:30
Bishal Prasad d6e33d5f35 fix dummy template names (#1185) 2021-10-22 15:48:49 +05:30
David Verdeguer 4a9a12a099 Update codeql.properties.json 2021-10-22 11:52:12 +02:00
Ashwin Sangem a3270e70de Add files via upload 2021-10-22 15:13:09 +05:30
Ashwin Sangem 0f29a0acbb Add files via upload 2021-10-22 15:12:17 +05:30
David Verdeguer 3a3f99717d Update codeql.properties.json 2021-10-22 11:40:38 +02:00
David Verdeguer 281a35c5ef Update code-scanning/properties/codeql.properties.json
Co-authored-by: Arthur Baars <arthur@semmle.com>
2021-10-22 11:37:35 +02:00
Ashwin Sangem 4e20b52618 Sync partner_templates branch with main (#1184)
* Added Cloudrail according to instructions and existing examples

* Adding Cloudrail according to documentation and examples

* Oops

* Add original Fortify on Demand workflow

* Update Fortify on Demand workflow

* Update Fortify on Demand supported languages

* Add 3rd-party GitHub Actions disclaimer

* Sysdig Secure Inline Scan with SARIF report to starter workflows

* Added some extra comments, Github Actions V2 and changed env vars

* Reviews from PR #1110

* Adding 'Dockerfile' to category list

* Update according to PR review comments

* File renames as requested in PR comments

* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)

This reverts commit 7f30309cce.

* use env variables for user-set values (#1117)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Apply suggestions from nickfyson's code review

Co-authored-by: Nick Fyson <nickfyson@github.com>

* removing "deployment" templates from sync-ghes (#1127)

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Changed svg logo

* Rename sysdig.svg to sysdig-scan.svg

* Switched svg logo (again) for a better fit

* Rename fortify.json to fortify.properties.json

* Correct character-case of "c" in Cloudrail

* AWS template also used Docker

* trigger on push instead of release (#1157)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Added new templates for 3 clouds.

* Revert "Added new templates for 3 clouds."

This reverts commit c765d6316f.

* Add workflow for Microsoft C++ Code Analysis

* Updated action to meet guidelines

* correct typo in msvc.properties.json

Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
2021-10-22 14:47:00 +05:30
David Verdeguer dcdce00205 Update codeql.properties.json 2021-10-22 10:54:14 +02:00
Nick Fyson 8a8c5b274c Merge pull request #1183 from actions/nickfyson-patch-1
correct typo in msvc.properties.json
2021-10-22 09:36:46 +01:00
Nick Fyson 149db50d43 correct typo in msvc.properties.json 2021-10-22 09:33:24 +01:00
Nick Fyson c3de16f318 Merge pull request #1181 from d-winsor/msvc-analysis
Microsoft C++ Code Analysis Action
2021-10-22 09:31:29 +01:00
Rui Chen 40f0709bd6 quote the version strings 2021-10-22 01:14:49 -04:00
Daniel Winsor 9fccb15dc6 Updated action to meet guidelines 2021-10-21 16:18:11 -07:00
Daniel Winsor bafed29a86 Add workflow for Microsoft C++ Code Analysis 2021-10-21 14:14:02 -07:00
David Verdeguer 042eac3858 Add ruby and update workflow 2021-10-21 22:11:00 +02:00
Ashwin Sangem e3fc80f30e Revert "Added new templates for 3 clouds."
This reverts commit c765d6316f.
2021-10-21 08:59:43 +00:00
Ashwin Sangem c765d6316f Added new templates for 3 clouds. 2021-10-21 14:27:06 +05:30
Rui Chen e6620ddc5b python: update to use python 3.10
Signed-off-by: Rui Chen <rui@chenrui.dev>
2021-10-20 00:02:48 -04:00
Jason Freeberg 4fad808870 Add workflow for .NET Core 2021-10-15 15:47:30 -07:00
Jason Freeberg e59c11c494 Add templates and properties for other languages 2021-10-15 15:33:45 -07:00
Jason Freeberg 21775ad05b Rename "azure.yml" to Node-specific name 2021-10-15 15:32:54 -07:00
Abir Majumdar 6e44c89176 Adhering to pull request guidelines 2021-10-15 08:55:34 -04:00
Abir Majumdar ffef54a02c Adding MobSF starter workflow 2021-10-15 08:37:05 -04:00
Nick Fyson 700743e332 Merge pull request #1153 from yi2020/patch-1
Correct character-case of "c" in Cloudrail
2021-10-12 09:58:03 +01:00
Nick Fyson a857e4e5a6 Merge branch 'main' into patch-1 2021-10-12 09:56:26 +01:00
Sarah Edwards 6b14bf21cb trigger on push instead of release (#1157)
Co-authored-by: Josh Gross <joshmgross@github.com>
2021-10-11 15:53:15 -04:00
Ashwin Sangem ad91ff259d AWS template also used Docker 2021-10-11 14:58:21 +05:30
Ashwin Sangem cbd5b645f1 Merge pull request #1110 from manuelbcd/main (#1155)
* Added Cloudrail according to instructions and existing examples

* Adding Cloudrail according to documentation and examples

* Oops

* Add original Fortify on Demand workflow

* Update Fortify on Demand workflow

* Update Fortify on Demand supported languages

* Add 3rd-party GitHub Actions disclaimer

* Sysdig Secure Inline Scan with SARIF report to starter workflows

* Added some extra comments, Github Actions V2 and changed env vars

* Reviews from PR #1110

* Adding 'Dockerfile' to category list

* Update according to PR review comments

* File renames as requested in PR comments

* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)

This reverts commit 7f30309cce.

* use env variables for user-set values (#1117)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Apply suggestions from nickfyson's code review

Co-authored-by: Nick Fyson <nickfyson@github.com>

* removing "deployment" templates from sync-ghes (#1127)

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Changed svg logo

* Rename sysdig.svg to sysdig-scan.svg

* Switched svg logo (again) for a better fit

* Rename fortify.json to fortify.properties.json

Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
2021-10-08 17:31:42 +05:30
Yoni Leitersdorf 2e38bc8da2 Correct character-case of "c" in Cloudrail 2021-10-06 12:52:26 -07:00
Nick Fyson 5b659e82b4 Merge pull request #1110 from manuelbcd/main
Sysdig inline scanning
2021-10-06 10:14:48 +01:00
manuelbcd 764ebceaf5 Merge branch 'main' into main 2021-10-05 22:46:19 +02:00
Nick Fyson 122f83ece7 Merge pull request #1152 from actions/nickfyson/fix-fortify
Rename fortify.json to fortify.properties.json
2021-10-05 20:50:47 +01:00
Nick Fyson 6a1dba2d71 Rename fortify.json to fortify.properties.json 2021-10-05 20:44:48 +01:00
Nick Fyson a95943d406 Merge pull request #1090 from fortify/main
Add Fortify on Demand code scanning workflow
2021-10-05 20:24:09 +01:00
manuelbcd d07ff38b96 Merge branch 'main' into main 2021-10-05 15:10:10 +02:00
manuelbcd 3c200bdb21 Switched svg logo (again) for a better fit 2021-10-05 15:09:31 +02:00
manuelbcd b258b33234 Rename sysdig.svg to sysdig-scan.svg 2021-10-05 15:02:00 +02:00
manuelbcd c342a0c6e3 Merge branch 'main' of github.com:manuelbcd/starter-workflows 2021-10-05 10:40:25 +02:00
manuelbcd b55a65157e Changed svg logo 2021-10-05 10:39:56 +02:00
manuelbcd b7d9f15826 Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
2021-10-05 09:30:53 +02:00
manuelbcd 2a1abda503 Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
2021-10-05 09:30:45 +02:00
Aparna Ravindra 85d2a866f0 removing "deployment" templates from sync-ghes (#1127) 2021-10-05 11:22:46 +05:30
Nick Fyson 5d273fbcb3 Merge pull request #1047 from yi2020/add_cloudrail
Add Indeni Cloudrail
2021-10-04 19:45:31 +01:00
Nick Fyson d4dccf0b1e Merge branch 'main' into add_cloudrail 2021-10-04 19:44:55 +01:00
Yoni Leitersdorf c705225b8f Apply suggestions from nickfyson's code review
Co-authored-by: Nick Fyson <nickfyson@github.com>
2021-10-04 09:48:47 -07:00
Sarah Edwards 596b345944 use env variables for user-set values (#1117)
Co-authored-by: Josh Gross <joshmgross@github.com>
2021-10-01 15:07:03 -04:00
Ashwin Sangem 7b9e3b6858 Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)
This reverts commit 7f30309cce.
2021-10-01 18:50:08 +05:30
Ana Armas Romero 13f632a90b Merge pull request #1144 from swarkentin/patch-1
Remove mention of trial for Mayhem for API
2021-09-30 11:41:10 +02:00
Ana Armas Romero 65fef9614f Merge branch 'main' into patch-1 2021-09-30 11:40:11 +02:00
Aparna Ravindra 02d91c6ccf checking for allowed category in validate-data script (#1131)
* checking for allowed category

* Update index.ts
2021-09-30 10:19:20 +05:30
Ashwin Sangem 6b053712be Added dockerfile to relevant CD template categories. (#1136)
* Added Dockerfile to Category for relevant CD templates.

* Update terraform.properties.json
2021-09-30 07:31:43 +05:30
Sheldon Warkentin 8c91a4c02f Remoev mention of trial for Mayhem for API
A free plan is now in place with a professional trial that may be opted into afterward.
2021-09-29 13:45:57 -06:00
Nick Fyson 15daabeaa4 Merge pull request #1129 from actions/nickfyson/validate-code-scanning
start validating code-scanning workflows
2021-09-29 16:18:11 +01:00
Nick Fyson 4087ed4594 Merge branch 'main' into nickfyson/validate-code-scanning 2021-09-29 16:11:58 +01:00
Fernando de Oliveira 7f30309cce Azure Data Factory CI starter workflow (#1111)
* Azure Data Factory CI starter workflow

* fix: data factory starter categories

* fix: checkout step formatting

* fix: data-factory-export targeting latest version

* feature: latest adf validate and export versions

* feature: Azure Data Factory tech_stack category for CI starter

Co-authored-by: Fernando de Oliveira <5161098+fernandoBRS@users.noreply.github.com>
2021-09-29 10:32:01 +05:30
Gary Houbre f0b8c8ad72 Starter workflow Symfony (#1069)
* Add Symfony to starter Workflow

* Added Properties from Symfony

* Update symfony.yml

* Update symfony.yml

* Update symfony.yml

* Fix Wrong Configuration

* Review and fixing

* Update Symfony Properties Category

Co-authored-by: Ashwin Sangem <ashwinsangem@github.com>
2021-09-28 15:11:17 +05:30
Nick Fyson 70655750b2 check for yml and yaml extensions 2021-09-28 09:37:43 +01:00
Ruud Senden cb6678504a File renames as requested in PR comments 2021-09-28 10:24:29 +02:00
Ruud Senden fd79bd4838 Merge branch 'main' into main 2021-09-28 10:21:39 +02:00
Nick Fyson b5a43f8049 Merge branch 'main' into add_cloudrail 2021-09-27 21:35:59 +01:00
Nick Fyson 9426610033 Merge branch 'main' into nickfyson/validate-code-scanning 2021-09-27 20:46:46 +01:00
Nick Fyson b58a4e21c6 start validating code-scanning workflows 2021-09-27 20:35:10 +01:00
Randy Kleinman 4a9a1680df Update README grammar (#1123)
substitue -> substitute
2021-09-24 18:05:34 -04:00
Aparna Ravindra 5a1343bb22 Adding template - Build Xcode project (#1095)
* adding build for xcode

* renaming template

Co-authored-by: Ashwin Sangem <ashwinsangem@github.com>
2021-09-23 10:29:50 +05:30
Ruud Senden 97de22b47c Update according to PR review comments 2021-09-22 14:12:39 +02:00
Ruud Senden 835899e531 Merge branch 'actions:main' into main 2021-09-22 14:07:52 +02:00
Fernando de Oliveira 55f65bcc15 Directory structure updated (#1112)
Co-authored-by: Fernando de Oliveira <5161098+fernandoBRS@users.noreply.github.com>
2021-09-22 16:37:22 +05:30
manuelbcd 9b4fcbf911 Adding 'Dockerfile' to category list 2021-09-21 11:25:16 +02:00
manuelbcd 7d41cdb581 Reviews from PR #1110 2021-09-21 11:03:21 +02:00
Ninad Kavimandan e4091f2f55 add Vue to nodejs props (#1109) 2021-09-21 13:35:26 +05:30
manuelbcd 38d4e3bfd2 Added some extra comments, Github Actions V2 and changed env vars 2021-09-20 11:52:53 +02:00
Cadu Ribeiro 6dfa11d0c4 Add github/super-linter as starter workflow on CI (#1089)
This commit adds github/super-linter as a starter workflow to execute
several linters based on the user codebase on changed files.

Co-authored-by: Josh Gross <joshmgross@github.com>
2021-09-17 16:58:46 -04:00
Ruud Senden 45ae2e08fc Merge branch 'main' into main 2021-09-17 12:38:42 +02:00
Manuel Boira Cuevas 5e116cb9e8 Sysdig Secure Inline Scan with SARIF report to starter workflows 2021-09-16 10:47:05 +02:00
Ninad Kavimandan c36ea2c560 add Continuous integration to makefile props (#1100) 2021-09-16 11:51:53 +05:30
Ninad Kavimandan 59daabb07b support AspNetCore and DotNetConsole (#1096)
Co-authored-by: Ashwin Sangem <ashwinsangem@github.com>
2021-09-16 11:19:17 +05:30
Ninad Kavimandan 9095e7c9d5 added prefix npm- (#1097) 2021-09-16 11:17:56 +05:30
Ninad Kavimandan 1cb322141e add makefile template (#1093)
Co-authored-by: Ashwin Sangem <ashwinsangem@github.com>
2021-09-16 11:02:21 +05:30
Shubham Tiwari df5ac56102 Adding category in the template property file (#1092)
* adding category in the template property file

* added category on ruby template
2021-09-16 11:00:07 +05:30
Aparna Ravindra dda42cb8f2 Addition to categories to python templates (#1088)
* addition to categories for python-app template

* adding categories to pylint template

* adding categories to python-package template

Co-authored-by: Ashwin Sangem <ashwinsangem@github.com>
2021-09-15 20:04:06 +05:30
Aparna Ravindra 3175118151 Addressing review comments - Renaming template and updating setup-ruby action version (#1086)
* renaming template and updating setup-ruby action version

* renaming rubyrails files

* renaming rails files
2021-09-15 20:02:11 +05:30
John Bohannon 238e55b9b4 Merge pull request #1091 from tetchel/openshift-ghcr-squashed
Update OpenShift workflow to use GHCR by default (#6)
2021-09-14 15:01:30 -04:00
Tim Etchells 149cf11287 Update github-script major version
Co-authored-by: John Bohannon <imjohnbo@github.com>
2021-09-14 11:52:30 -07:00
Tim Etchells 48e2865d35 Update OpenShift workflow to use GHCR by default (#6)
- Simplifies required configuration since a registry account is now
  optional
- Update a variety of comments
- Use tools-installer to install oc
- Other small changes towards a better UX

Signed-off-by: Tim Etchells <tetchel@gmail.com>
2021-09-14 11:12:35 -07:00
Ruud Senden 30715e86a4 Add 3rd-party GitHub Actions disclaimer 2021-09-14 09:06:33 +02:00
Ruud Senden ddf7fe1e94 Merge branch 'actions:main' into main 2021-09-14 08:58:07 +02:00
Ruud Senden 6d89fb8045 Update Fortify on Demand supported languages 2021-09-14 08:56:36 +02:00
Ashwin Sangem 028df69d88 Added support for Java Frameworks, Spring and JSF to CI Templates. (#1087) 2021-09-14 08:04:52 +05:30
Ruud Senden 99fae1ecb1 Update Fortify on Demand workflow 2021-09-13 10:29:38 +02:00
Ruud Senden b671ee6c7b Add original Fortify on Demand workflow 2021-09-13 10:16:30 +02:00
tmash06 b33f57dde1 Fixed a broken link to actions/upload-a-build-artifact in dotnet-desktop.yml. (#1074)
Co-authored-by: Josh Gross <joshmgross@github.com>
2021-09-09 15:45:29 -04:00
Ninad Kavimandan 84a9757692 added React and Angular as categories to node (#1084) 2021-09-09 16:16:31 +05:30
Nick Fyson 29e8b6c38a Merge pull request #1081 from actions/nickfyson/add-codeql-to-ghes
Nickfyson/add codeql to ghes
2021-09-08 11:05:03 +01:00
Nick Fyson c2cc54a69e only check nwo of supported actions 2021-09-08 10:28:14 +01:00
Nick Fyson 7aa1944311 only run ghes sync checks on YML files 2021-09-08 10:08:06 +01:00
Nick Fyson e6aff964db add codeql workflow to ghes 2021-09-08 09:54:15 +01:00
Nick Fyson ff4d33e44b Merge pull request #1080 from actions/revert-1077-nickfyson/add-codeql-to-ghes
Revert "add codeql workflow to ghes branch"
2021-09-08 07:27:03 +01:00
Nick Fyson 41e3bc11ea Revert "add codeql workflow to ghes branch" 2021-09-08 07:26:24 +01:00
Nick Fyson 79ff92ef6d Merge pull request #1077 from actions/nickfyson/add-codeql-to-ghes
add codeql workflow to ghes branch
2021-09-08 07:24:31 +01:00
Nick Fyson e9f0116056 Merge branch 'main' into nickfyson/add-codeql-to-ghes 2021-09-08 07:23:25 +01:00
Aparna Ravindra 237e7737ce restoring from main (#1078) 2021-09-08 11:52:12 +05:30
Nick Fyson fc748cc482 add codeql workflow to ghes 2021-09-06 15:25:04 +00:00
Aparna Ravindra 7b64f44165 Directory for deployments (#1071)
* moving deployment templates

* including deployment directory in scripts

* validate categories script init

* introducing scout

* introducing workflow

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate.rb

* Update validate.rb

* Update validate.rb

* Update validate.rb

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate.rb

* Update validate-categories.yaml

* Update validate-categories.yaml

* Create test_comment.yaml

* rename

* using [enter]

* testing newline

* test

* setting up variable

* using echo -e

* using join

* testing space space new line

* setting multi line in echo

* removing checkout

* setting rows-generator

* fixing error

* using join

* commit

* Update test_comment.yaml

* escaping pipe

* printing debug line

* using %0A

* Update validate-categories.yaml

* Update validate.rb

* Update validate.rb

* removing debug

* removing variable

* Update validate.rb

* Update validate-categories.yaml

* Validate categories comment on pr (#32)

* reverting deployment directory

* checking for output

* Categories validation two workflows (#34)

comment on pr in a separate workflow

* Categories validation two workflows (#35)

using right dir name

* Categories validation two workflows (#36)

.

* Categories validation two workflows (#37)

fixing typo

* adding if conditions

* adding try catch

* using console instead of echo

* equating to upstream

* moving deployment templates
2021-09-06 11:04:54 +05:30
Varun Sharma ac64f9caf5 Secure workflows (#1) (#1072)
* Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-feature.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-support.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/stale.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/sync_ghes.yaml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/validate-data.yaml

Co-authored-by: Step Security <bot@stepsecurity.io>

Co-authored-by: step-security[bot] <89328102+step-security[bot]@users.noreply.github.com>
Co-authored-by: Step Security <bot@stepsecurity.io>
2021-09-02 16:05:24 -04:00
Yoni Leitersdorf 98bde3b31e Oops 2021-08-17 07:32:50 -07:00
Yoni Leitersdorf 188b52b51c Adding Cloudrail according to documentation and examples 2021-08-17 07:29:29 -07:00
Yoni Leitersdorf 69184c7484 Added Cloudrail according to instructions and existing examples 2021-08-17 07:29:02 -07:00
211 changed files with 5140 additions and 462 deletions
+1
View File
@@ -26,6 +26,7 @@ It is not:
- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
**For _CI_ workflows, the workflow:**
+2
View File
@@ -5,6 +5,8 @@ on:
jobs:
build:
permissions:
issues: write
runs-on: ubuntu-latest
steps:
- name: Close Issue
+2
View File
@@ -5,6 +5,8 @@ on:
jobs:
build:
permissions:
issues: write
runs-on: ubuntu-latest
steps:
- name: Close Issue
+3
View File
@@ -7,6 +7,9 @@ on:
jobs:
stale:
permissions:
issues: write
pull-requests: write
runs-on: ubuntu-latest
steps:
+2
View File
@@ -7,6 +7,8 @@ on:
jobs:
sync:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+2
View File
@@ -6,6 +6,8 @@ on:
jobs:
validate-data:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+3 -2
View File
@@ -12,7 +12,8 @@ These are the workflow files for helping people get started with GitHub Actions.
### Directory structure
* [ci](ci): solutions for Continuous Integration and Deployments
* [ci](ci): solutions for Continuous Integration workflows.
* [deployments](deployments): solutions for Deployment workflows.
* [automation](automation): solutions for automating workflows.
* [code-scanning](code-scanning): starter workflows for [Code Scanning](https://github.com/features/security)
* [icons](icons): svg icons for the relevant template
@@ -44,5 +45,5 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`.
These variables can be placed in the starter workflow and will be substituted as detailed below:
* `$default-branch`: will substitute the branch from the repository, for example `main` and `master`
* `$protected-branches`: will substitue any protected branches from the repository.
* `$protected-branches`: will substitute any protected branches from the repository
* `$cron-daily`: will substitute a valid but random time within the day
+1 -1
View File
@@ -17,7 +17,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
cache: gradle
- name: Grant execute permission for gradlew
+1 -1
View File
@@ -20,6 +20,6 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
- name: Build with Ant
run: ant -noinput -buildfile build.xml
-50
View File
@@ -1,50 +0,0 @@
# This workflow will build and push a node.js application to an Azure Web App when a release is created.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/azure/app-service/app-service-plan-manage#create-an-app-service-plan
#
# To configure this workflow:
#
# 1. For Linux apps, add an app setting called WEBSITE_WEBDEPLOY_USE_SCM and set it to true in your app **before downloading the file**.
# For more instructions see: https://docs.microsoft.com/azure/app-service/configure-common#configure-app-settings
#
# 2. Set up a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE with the value of your Azure publish profile.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Change the values for the AZURE_WEBAPP_NAME, AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables (below).
#
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
on:
release:
types: [created]
env:
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '10.x' # set this to the node version to use
jobs:
build-and-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v2
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODE_VERSION }}
- name: npm install, build, and test
run: |
# Build and test the project, then
# deploy to Azure Web App.
npm install
npm run build --if-present
npm run test --if-present
- name: 'Deploy to Azure WebApp'
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
+2 -3
View File
@@ -12,9 +12,8 @@ env:
jobs:
build:
# The CMake configure and build commands are platform agnostic and should work equally
# well on Windows or Mac. You can convert this to a matrix build if you need
# cross-platform coverage.
# The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
# You can convert this to a matrix build if you need cross-platform coverage.
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
runs-on: ubuntu-latest
+1 -1
View File
@@ -24,7 +24,7 @@ jobs:
- name: Setup Deno
# uses: denoland/setup-deno@v1
uses: denoland/setup-deno@004814556e37c54a2f6e31384c9e18e9833173669
uses: denoland/setup-deno@004814556e37c54a2f6e31384c9e18e983317366
with:
deno-version: v1.x
+30
View File
@@ -29,11 +29,27 @@ jobs:
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
with:
cosign-release: 'v1.4.0'
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
@@ -55,9 +71,23 @@ jobs:
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+1 -1
View File
@@ -107,7 +107,7 @@ jobs:
- name: Remove the pfx
run: Remove-Item -path $env:Wap_Project_Directory\$env:Signing_Certificate
# Upload the MSIX package: https://github.com/marketplace/actions/upload-artifact
# Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact
- name: Upload build artifacts
uses: actions/upload-artifact@v2
with:
+3 -3
View File
@@ -15,10 +15,10 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up Elixir
uses: erlef/setup-elixir@885971a72ed1f9240973bd92ab57af8c1aa68f24
uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f
with:
elixir-version: '1.10.3' # Define the elixir version [required]
otp-version: '22.3' # Define the OTP version [required]
elixir-version: '1.12.3' # Define the elixir version [required]
otp-version: '24.1' # Define the OTP version [required]
- name: Restore dependencies cache
uses: actions/cache@v2
with:
-80
View File
@@ -1,80 +0,0 @@
# This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when a release is created
#
# To configure this workflow:
#
# 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc.
#
# 2. Set up secrets in your workspace: GKE_PROJECT with the name of the project and GKE_SA_KEY with the Base64 encoded JSON service account key (https://github.com/GoogleCloudPlatform/github-actions/tree/docs/service-account-key/setup-gcloud#inputs).
#
# 3. Change the values for the GKE_ZONE, GKE_CLUSTER, IMAGE, and DEPLOYMENT_NAME environment variables (below).
#
# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke
name: Build and Deploy to GKE
on:
release:
types: [created]
env:
PROJECT_ID: ${{ secrets.GKE_PROJECT }}
GKE_CLUSTER: cluster-1 # TODO: update to cluster name
GKE_ZONE: us-central1-c # TODO: update to cluster zone
DEPLOYMENT_NAME: gke-test # TODO: update to deployment name
IMAGE: static-site
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish, and Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v2
# Setup gcloud CLI
- uses: google-github-actions/setup-gcloud@v0.2.0
with:
service_account_key: ${{ secrets.GKE_SA_KEY }}
project_id: ${{ secrets.GKE_PROJECT }}
# Configure Docker to use the gcloud command-line tool as a credential
# helper for authentication
- run: |-
gcloud --quiet auth configure-docker
# Get the GKE credentials so we can deploy to the cluster
- uses: google-github-actions/get-gke-credentials@v0.2.1
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_ZONE }}
credentials: ${{ secrets.GKE_SA_KEY }}
# Build the Docker image
- name: Build
run: |-
docker build \
--tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \
--build-arg GITHUB_SHA="$GITHUB_SHA" \
--build-arg GITHUB_REF="$GITHUB_REF" \
.
# Push the Docker image to Google Container Registry
- name: Publish
run: |-
docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA"
# Set up kustomize
- name: Set up Kustomize
run: |-
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
chmod u+x ./kustomize
# Deploy the Docker image to the GKE cluster
- name: Deploy
run: |-
./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA
./kustomize build . | kubectl apply -f -
kubectl rollout status deployment/$DEPLOYMENT_NAME
kubectl get services -o wide
+11 -3
View File
@@ -1,3 +1,7 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
@@ -21,17 +25,21 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Build with Gradle
run: gradle build
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
with:
arguments: build
# The USERNAME and TOKEN need to correspond to the credentials environment variables used in
# the publishing section of your build.gradle
- name: Publish to GitHub Packages
run: gradle publish
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
with:
arguments: publish
env:
USERNAME: ${{ github.actor }}
TOKEN: ${{ secrets.GITHUB_TOKEN }}
+8 -5
View File
@@ -1,3 +1,7 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
@@ -20,9 +24,8 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
cache: gradle
- name: Grant execute permission for gradlew
run: chmod +x gradlew
distribution: 'temurin'
- name: Build with Gradle
run: ./gradlew build
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
with:
arguments: build
+27
View File
@@ -0,0 +1,27 @@
name: Makefile CI
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: configure
run: ./configure
- name: Install dependencies
run: make
- name: Run check
run: make check
- name: Run distcheck
run: make distcheck
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
+1 -1
View File
@@ -20,7 +20,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
cache: maven
- name: Build with Maven
run: mvn -B package --file pom.xml
+5 -1
View File
@@ -1,6 +1,10 @@
name: MSBuild
on: [push]
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
env:
# Path to the solution file relative to the root of the project.
+1 -1
View File
@@ -1,4 +1,4 @@
# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
name: Node.js CI
View File
View File
+36
View File
@@ -0,0 +1,36 @@
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
name: Node.js Package
on:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 16
- run: npm ci
- run: npm test
publish-gpr:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 16
registry-url: $registry-url(npm)
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+2 -19
View File
@@ -14,7 +14,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 14
node-version: 16
- run: npm ci
- run: npm test
@@ -25,26 +25,9 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 14
node-version: 16
registry-url: https://registry.npmjs.org/
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
publish-gpr:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 14
registry-url: $registry-url(npm)
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+30
View File
@@ -0,0 +1,30 @@
name: Xcode - Build and Analyze
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
build:
name: Build and analyse default scheme using xcodebuild command
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set Default Scheme
run: |
scheme_list=$(xcodebuild -list -json | tr -d "\n")
default=$(echo $scheme_list | ruby -e "require 'json'; puts JSON.parse(STDIN.gets)['project']['targets'][0]")
echo $default | cat >default
echo Using default scheme: $default
- name: Build
env:
scheme: ${{ 'default' }}
run: |
if [ $scheme = default ]; then scheme=$(cat default); fi
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
xcodebuild clean build analyze -scheme "$scheme" -"$filetype_parameter" "$file_to_build" | xcpretty && exit ${PIPESTATUS[0]}
-180
View File
@@ -1,180 +0,0 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
### The OpenShift Starter workflow will:
# - Checkout your repository
# - Perform a Docker build
# - Push the built image to an image registry
# - Log in to your OpenShift cluster
# - Create an OpenShift app from the image and expose it to the internet.
### Before you begin:
# - Have write access to a container image registry such as quay.io or Dockerhub.
# - Have access to an OpenShift cluster.
# - For instructions to get started with OpenShift see https://www.openshift.com/try
# - The project you wish to add this workflow to should have a Dockerfile.
# - If you don't have a Dockerfile at the repository root, see the buildah-build step.
# - Builds from scratch are also available, but require more configuration.
### To get the workflow running:
# 1. Add this workflow to your repository.
# 2. Edit the top-level 'env' section, which contains a list of environment variables that must be configured.
# 3. Create the secrets referenced in the 'env' section under your repository Settings.
# 4. Edit the 'branches' in the 'on' section to trigger the workflow on a push to your branch.
# 5. Commit and push your changes.
# For a more sophisticated example, see https://github.com/redhat-actions/spring-petclinic/blob/main/.github/workflows/petclinic-sample.yaml
# Also see our GitHub organization, https://github.com/redhat-actions/
# ▶️ See a video of how to set up this workflow at https://www.youtube.com/watch?v=6hgBO-1pKho
name: OpenShift
# ⬇️ Modify the fields marked with ⬇️ to fit your project, and create any secrets that are referenced.
# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
env:
# ⬇️ EDIT with your registry and registry path.
REGISTRY: quay.io/<username>
# ⬇️ EDIT with your registry username.
REGISTRY_USER: <username>
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
# ⬇️ EDIT to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# ⬇️ EDIT with any additional port your application should expose.
# By default, oc new-app action creates a service to the image's lowest numeric exposed port.
APP_PORT: ""
# ⬇️ EDIT if you wish to set the kube context's namespace after login. Leave blank to use the default namespace.
OPENSHIFT_NAMESPACE: ""
# If you wish to manually provide the APP_NAME and TAG, set them here, otherwise they will be auto-detected.
APP_NAME: ""
TAG: ""
on:
# https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows
push:
# Edit to the branch(es) you want to build and deploy on each push.
branches: [ $default-branch ]
jobs:
openshift-ci-cd:
name: Build and deploy to OpenShift
runs-on: ubuntu-18.04
environment: production
outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
steps:
- name: Check if secrets exists
uses: actions/github-script@v3
with:
script: |
const secrets = {
REGISTRY_PASSWORD: `${{ secrets.REGISTRY_PASSWORD }}`,
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
};
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
if (value.length === 0) {
core.warning(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`✅ All the required secrets are set`);
}
- uses: actions/checkout@v2
- name: Determine app name
if: env.APP_NAME == ''
run: |
echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV
- name: Determine tag
if: env.TAG == ''
run: |
echo "TAG=${GITHUB_SHA::7}" | tee -a $GITHUB_ENV
# https://github.com/redhat-actions/buildah-build#readme
- name: Build from Dockerfile
id: image-build
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.APP_NAME }}
tags: ${{ env.TAG }}
# If you don't have a dockerfile, see:
# https://github.com/redhat-actions/buildah-build#scratch-build-inputs
# Otherwise, point this to your Dockerfile relative to the repository root.
dockerfiles: |
./Dockerfile
# https://github.com/redhat-actions/push-to-registry#readme
- name: Push to registry
id: push-to-registry
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.image-build.outputs.image }}
tags: ${{ steps.image-build.outputs.tags }}
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
# The path the image was pushed to is now stored in ${{ steps.push-to-registry.outputs.registry-path }}
# oc-login works on all platforms, but oc must be installed first.
# The GitHub Ubuntu runner already includes oc.
# Otherwise, https://github.com/redhat-actions/openshift-tools-installer can be used to install oc,
# as well as many other tools.
# https://github.com/redhat-actions/oc-login#readme
- name: Log in to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
# This step should create a deployment, service, and route to run your app and expose it to the internet.
# https://github.com/redhat-actions/oc-new-app#readme
- name: Create and expose app
id: deploy-and-expose
uses: redhat-actions/oc-new-app@v1
with:
app_name: ${{ env.APP_NAME }}
image: ${{ steps.push-to-registry.outputs.registry-path }}
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
port: ${{ env.APP_PORT }}
- name: View application route
run: |
[[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1)
echo "======================== Your application is available at: ========================"
echo ${{ env.ROUTE }}
echo "==================================================================================="
echo
echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\""
env:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Ada",
"description": "Build Ada project with GPRbuild.",
"iconName": "ada",
"categories": ["Ada"]
"categories": ["Continuous integration", "Ada"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Android CI",
"description": "Build an Android project with Gradle.",
"iconName": "android",
"categories": ["Java", "Mobile"]
"categories": ["Continuous integration", "Java", "Mobile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Ant",
"description": "Build and test a Java project with Apache Ant.",
"iconName": "ant",
"categories": ["Ant", "Java"]
"categories": ["Continuous integration", "Ant", "Java"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "C/C++ with Make",
"description": "Build and test a C/C++ project using Make.",
"iconName": "c-cpp",
"categories": ["C", "C++"]
"categories": ["Continuous integration", "C", "C++"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Clojure",
"description": "Build and test a Clojure project with Leiningen.",
"iconName": "clojure",
"categories": ["Clojure", "Java"]
"categories": ["Continuous integration", "Clojure", "Java"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "CMake based projects",
"description": "Build and test a CMake based project.",
"iconName": "cmake",
"categories": ["C", "C++"]
"categories": ["Continuous integration", "C", "C++"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Crystal",
"description": "Build and test a Crystal project.",
"iconName": "crystal",
"categories": ["Crystal"]
"categories": ["Continuous integration", "Crystal"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "D",
"description": "Build and test a D project with dub.",
"iconName": "d",
"categories": [ "D" ]
"categories": ["Continuous integration", "D"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Dart",
"description": "Build and test a Dart project with Pub.",
"iconName": "dart",
"categories": ["Dart"]
"categories": ["Continuous integration", "Dart"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Deno",
"description": "Test your Deno project",
"iconName": "deno",
"categories": ["JavaScript", "TypeScript", "Deno"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "Deno"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Django",
"description": "Build and Test a Django Project",
"iconName": "django",
"categories": ["Python", "Django"]
"categories": ["Continuous integration", "Python", "Django"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Docker image",
"description": "Build a Docker image to deploy, run, or push to a registry.",
"iconName": "docker",
"categories": ["Dockerfile"]
"categories": ["Continuous integration", "Dockerfile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Docker Container",
"description": "Build, test and push Docker image to GitHub Packages.",
"iconName": "docker",
"categories": ["Dockerfile"]
"categories": ["Continuous integration", "Dockerfile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": ".NET Desktop",
"description": "Build, test, sign and publish a desktop application built on .NET.",
"iconName": "dotnet",
"categories": ["C#", "Visual Basic", "WPF", ".NET"]
"categories": ["Continuous integration", "C#", "Visual Basic", "WPF", ".NET"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": ".NET",
"description": "Build and test a .NET or ASP.NET Core project.",
"iconName": "dotnet",
"categories": ["C#", "F#", "Visual Basic", "ASP", "ASP.NET", ".NET"]
"categories": ["Continuous integration", "C#", "F#", "Visual Basic", "ASP", "ASP.NET", ".NET", "AspNetCore", "DotNetConsole"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Elixir",
"description": "Build and test an Elixir project with Mix.",
"iconName": "elixir",
"categories": ["Elixir", "Erlang"]
"categories": ["Continuous integration", "Elixir", "Erlang"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Erlang",
"description": "Build and test an Erlang project with rebar.",
"iconName": "erlang",
"categories": ["Erlang"]
"categories": ["Continuous integration", "Erlang"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Ruby Gem",
"description": "Pushes a Ruby Gem to RubyGems and GitHub Package Registry.",
"iconName": "ruby-gems",
"categories": ["Ruby"]
"categories": ["Continuous integration", "Ruby"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Go",
"description": "Build a Go project.",
"iconName": "go",
"categories": ["Go"]
"categories": ["Continuous integration", "Go"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Java Package with Gradle",
"description": "Build a Java Package using Gradle and publish to GitHub Packages.",
"iconName": "gradle",
"categories": ["Java", "Gradle"]
"categories": ["Continuous integration", "Java", "Gradle", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Gradle",
"description": "Build and test a Java project using a Gradle wrapper script.",
"iconName": "gradle",
"categories": ["Java", "Gradle"]
"categories": ["Continuous integration", "Java", "Gradle", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Haskell",
"description": "Build and test a Haskell project with Cabal.",
"iconName": "haskell",
"categories": ["Haskell"]
"categories": ["Continuous integration", "Haskell"]
}
+1
View File
@@ -3,6 +3,7 @@
"description": "Build and test an iOS application using xcodebuild and any available iPhone simulator.",
"iconName": "xcode",
"categories": [
"Continuous integration",
"iOS",
"Xcode"
]
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Jekyll",
"description": "Package a Jekyll site using the jekyll/builder Docker image.",
"iconName": "jekyll",
"categories": ["HTML"]
"categories": ["Continuous integration", "HTML"]
}
+1
View File
@@ -3,6 +3,7 @@
"description": "Test a Laravel project.",
"iconName": "php",
"categories": [
"Continuous integration",
"PHP",
"Laravel"
]
+6
View File
@@ -0,0 +1,6 @@
{
"name": "Build projects with Make",
"description": "Build and test a project using Make.",
"iconName": "makefile",
"categories": ["Continuous integration", "Makefile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Java Package with Maven",
"description": "Build a Java Package using Maven and publish to GitHub Packages.",
"iconName": "maven",
"categories": ["Java", "Maven"]
"categories": ["Continuous integration", "Java", "Maven", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Maven",
"description": "Build and test a Java project with Apache Maven.",
"iconName": "maven",
"categories": ["Java", "Maven"]
"categories": ["Continuous integration", "Java", "Maven", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "MSBuild based projects",
"description": "Build a MSBuild based project.",
"iconName": "c-cpp",
"categories": ["C", "C++"]
"categories": ["Continuous integration", "C", "C++"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Node.js",
"description": "Build and test a Node.js project with npm.",
"iconName": "nodejs",
"categories": ["JavaScript", "npm"]
"categories": ["Continuous integration", "JavaScript", "npm", "React", "Angular", "Vue"]
}
@@ -2,5 +2,5 @@
"name": "Grunt",
"description": "Build a NodeJS project with npm and grunt.",
"iconName": "grunt",
"categories": ["JavaScript", "TypeScript", "npm", "Grunt"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Grunt"]
}
@@ -2,5 +2,5 @@
"name": "Gulp",
"description": "Build a NodeJS project with npm and gulp.",
"iconName": "gulp",
"categories": ["JavaScript", "TypeScript", "npm", "Gulp"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Gulp"]
}
@@ -0,0 +1,6 @@
{
"name": "Publish Node.js Package to GitHub Packages",
"description": "Publishes a Node.js package to GitHub Packages.",
"iconName": "node-package-transparent",
"categories": ["Continuous integration", "JavaScript", "npm"]
}
+2 -2
View File
@@ -1,6 +1,6 @@
{
"name": "Publish Node.js Package",
"description": "Publishes a Node.js package to npm and GitHub Packages.",
"description": "Publishes a Node.js package to npm.",
"iconName": "node-package-transparent",
"categories": ["JavaScript", "npm"]
"categories": ["Continuous integration", "JavaScript", "npm"]
}
@@ -0,0 +1,6 @@
{
"name": "Xcode - Build and Analyze",
"description": "Build Xcode project using xcodebuild",
"iconName": "xcode",
"categories": ["Continuous integration", "Xcode", "Objective-C"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "PHP",
"description": "Build and test a PHP application using Composer",
"iconName": "php",
"categories": ["PHP", "Composer"]
"categories": ["Continuous integration", "PHP", "Composer"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Pylint",
"description": "Lint a Python application with pylint.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python", "Bottle", "Flask"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Python application",
"description": "Create and test a Python application.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python", "Bottle", "Flask"]
}
@@ -2,5 +2,5 @@
"name": "Python Package using Anaconda",
"description": "Create and test a Python package on multiple Python versions using Anaconda for package management.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Python package",
"description": "Create and test a Python package on multiple Python versions.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python", "Bottle", "Flask"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Python Package",
"description": "Publish a Python Package to PyPI on release.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "R package",
"description": "Create and test an R package on multiple R versions.",
"iconName": "r",
"categories": ["R"]
"categories": ["Continuous integration", "R"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Ruby",
"description": "Build and test a Ruby project with Rake.",
"iconName": "ruby",
"categories": ["Ruby"]
"categories": ["Continuous integration", "Ruby"]
}
@@ -0,0 +1,6 @@
{
"name": "Ruby on Rails continuous integration",
"description": "Build, lint, and test a Rails application",
"iconName": "rails",
"categories": ["Continuous integration", "Ruby", "Rails"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Rust",
"description": "Build and test a Rust project with Cargo.",
"iconName": "rust",
"categories": ["Rust"]
"categories": ["Continuous integration", "Rust"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Scala",
"description": "Build and test a Scala project with SBT.",
"iconName": "scala",
"categories": ["Scala", "Java"]
"categories": ["Continuous integration", "Scala", "Java"]
}
@@ -0,0 +1,6 @@
{
"name": "Super Linter - Run Linters for several languages",
"description": "Run linters for several languages on your code base for changed files",
"iconName": "octicon check-circle",
"categories": ["Continuous integration", "code-quality", "code-review"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Swift",
"description": "Build and test a Swift Package.",
"iconName": "swift",
"categories": ["Swift"]
"categories": ["Continuous integration", "Swift"]
}
+10
View File
@@ -0,0 +1,10 @@
{
"name": "Symfony",
"description": "Test a Symfony project.",
"iconName": "php",
"categories": [
"Continuous integration",
"PHP",
"Symfony"
]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Webpack",
"description": "Build a NodeJS project with npm and webpack.",
"iconName": "webpack",
"categories": ["JavaScript", "TypeScript", "npm", "Webpack"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Webpack"]
}
+6 -5
View File
@@ -4,19 +4,20 @@ on: [push]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.8", "3.9", "3.10"]
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.9
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: 3.9
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install pylint
- name: Analysing the code with pylint
run: |
pylint `ls -R|grep .py$|xargs`
pylint $(git ls-files '*.py')
+2 -2
View File
@@ -16,10 +16,10 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.9
- name: Set up Python 3.10
uses: actions/setup-python@v2
with:
python-version: 3.9
python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
+2 -2
View File
@@ -10,10 +10,10 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.8
- name: Set up Python 3.10
uses: actions/setup-python@v2
with:
python-version: 3.8
python-version: 3.10
- name: Add conda to system path
run: |
# $CONDA is an environment variable pointing to the root of the miniconda directory
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
strategy:
fail-fast: false
matrix:
python-version: [3.7, 3.8, 3.9]
python-version: ["3.8", "3.9", "3.10"]
steps:
- uses: actions/checkout@v2
+2 -2
View File
@@ -19,12 +19,12 @@ jobs:
runs-on: macos-latest
strategy:
matrix:
r-version: [3.5, 3.6]
r-version: ['3.6.3', '4.1.1']
steps:
- uses: actions/checkout@v2
- name: Set up R ${{ matrix.r-version }}
uses: r-lib/actions/setup-r@ffe45a39586f073cc2e9af79c4ba563b657dc6e3
uses: r-lib/actions/setup-r@f57f1301a053485946083d7a45022b278929a78a
with:
r-version: ${{ matrix.r-version }}
- name: Install dependencies
+58
View File
@@ -0,0 +1,58 @@
# This workflow uses actions that are not certified by GitHub. They are
# provided by a third-party and are governed by separate terms of service,
# privacy policy, and support documentation.
#
# This workflow will install a prebuilt Ruby version, install dependencies, and
# run tests and linters.
name: "Ruby on Rails CI"
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:11-alpine
ports:
- "5432:5432"
env:
POSTGRES_DB: rails_test
POSTGRES_USER: rails
POSTGRES_PASSWORD: password
env:
RAILS_ENV: test
DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"
steps:
- name: Checkout code
uses: actions/checkout@v2
# Add or replace dependency steps here
- name: Install Ruby and gems
uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92
with:
bundler-cache: true
# Add or replace database setup steps here
- name: Set up database schema
run: bin/rails db:schema:load
# Add or replace test runners here
- name: Run tests
run: bin/rake
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Ruby and gems
uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92
with:
bundler-cache: true
# Add or replace any other lints here
- name: Security audit dependencies
run: bin/bundler-audit --update
- name: Security audit application code
run: bin/brakeman -q -w2
- name: Lint Ruby files
run: bin/rubocop --parallel
+1 -1
View File
@@ -17,6 +17,6 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
- name: Run tests
run: sbt test
+29
View File
@@ -0,0 +1,29 @@
# This workflow executes several linters on changed files based on languages used in your code base whenever
# you push a code or open a pull request.
#
# You can adjust the behavior by modifying this file.
# For more information, see:
# https://github.com/github/super-linter
name: Lint Code Base
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
run-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
# Full git history is needed to get a proper list of changed files within `super-linter`
fetch-depth: 0
- name: Lint Code Base
uses: github/super-linter@v4
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: $default-branch
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+39
View File
@@ -0,0 +1,39 @@
name: Symfony
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
symfony-tests:
runs-on: ubuntu-latest
steps:
# To automatically get bug fixes and new Php versions for shivammathur/setup-php,
# change this to (see https://github.com/shivammathur/setup-php#bookmark-versioning):
# uses: shivammathur/setup-php@v2
- uses: shivammathur/setup-php@2cb9b829437ee246e9b3cac53555a39208ca6d28
with:
php-version: '8.0'
- uses: actions/checkout@v2
- name: Copy .env.test.local
run: php -r "file_exists('.env.test.local') || copy('.env.test', '.env.test.local');"
- name: Cache Composer packages
id: composer-cache
uses: actions/cache@v2
with:
path: vendor
key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-php-
- name: Install Dependencies
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
- name: Create Database
run: |
mkdir -p data
touch data/database.sqlite
- name: Execute tests (Unit and Feature tests) via PHPUnit
env:
DATABASE_URL: sqlite:///%kernel.project_dir%/data/database.sqlite
run: vendor/bin/phpunit
+45
View File
@@ -0,0 +1,45 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow checks out code, builds an image, performs a container image
# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security
# code scanning feature. For more information on the Anchore scan action usage
# and parameters, see https://github.com/anchore/scan-action. For more
# information on Anchore's container image scanning tool Grype, see
# https://github.com/anchore/grype
name: Anchore Container Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
Anchore-Build-Scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v2
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
uses: anchore/scan-action@b08527d5ae7f7dc76f9621edb6e49eaf47933ccd
with:
image: "localbuild/testimage:latest"
acs-report-enable: true
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
+64
View File
@@ -0,0 +1,64 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# APIsec addresses the critical need to secure APIs before they reach production.
# APIsec provides the industrys only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.
# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
# How to Get Started with APIsec.ai
# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
#
# 2. Register your account at https://cloud.fxlabs.io/#/signup .
#
# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
#
# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
#
# apisec-run-scan
#
# This action triggers the on-demand scans for projects registered in APIsec.
# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings.
# Else you can view the scan results from the project home page in APIsec Platform.
# The link to view the scan results is also displayed on the console on successful completion of action.
# This is a starter workflow to help you get started with APIsec-Scan Actions
name: APIsec
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the $default-branch branch
# Customize trigger events based on your DevSecOps processes.
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
Trigger APIsec scan:
runs-on: ubuntu-latest
steps:
- name: APIsec scan
uses: apisec-inc/apisec-run-scan@f62d0c6fae8a80f97b091a323befdb56e6ad9993
with:
# The APIsec username with which the scans will be executed
apisec-username: ${{ secrets.apisec_username }}
# The Password of the APIsec user with which the scans will be executed
apisec-password: ${{ secrets.apisec_password}}
# The name of the project for security scan
apisec-project: "VAmPI"
# The name of the sarif format result file The file is written only if this property is provided.
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ./apisec-results.sarif
+51
View File
@@ -0,0 +1,51 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow integrates Brakeman with GitHub's Code Scanning feature
# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
name: Brakeman Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
brakeman-scan:
name: Brakeman Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v2
# Customize the ruby version depending on your needs
- name: Setup Ruby
uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf
with:
ruby-version: '2.7'
- name: Setup Brakeman
env:
BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
run: |
gem install brakeman --version $BRAKEMAN_VERSION
# Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
- name: Scan
continue-on-error: true
run: |
brakeman -f sarif -o output.sarif.json .
# Upload the SARIF file generated in the previous step
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: output.sarif.json
+54
View File
@@ -0,0 +1,54 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This is a basic workflow to help you get started with Using Checkmarx CxFlow Action
name: CxFlow
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
permissions:
contents: read
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
permissions:
contents: read # for actions/checkout to fetch code
issues: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to github issues
pull-requests: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to PR
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
# Runs the Checkmarx Scan leveraging the latest version of CxFlow - REFER to Action README for list of inputs
- name: Checkmarx CxFlow Action
uses: checkmarx-ts/checkmarx-cxflow-github-action@9975af7d6b957abec9ee9646effa3fb3b82c5314
with:
project: ${{ secrets.CHECKMARX_PROJECT }}
team: ${{ secrets.CHECKMARX_TEAMS }}
checkmarx_url: ${{ secrets.CHECKMARX_URL }}
checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
scanners: sast
params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory
# Upload the Report for CodeQL/Security Alerts
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: cx.sarif
+58
View File
@@ -0,0 +1,58 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Cloudrail
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
cloudrail:
name: Run Indeni Cloudrail on Terraform code with SARIF output
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Clone repo
uses: actions/checkout@v2
# For Terraform, Cloudrail requires the plan as input. So we generate it using
# the Terraform core binary.
- uses: hashicorp/setup-terraform@v1
with:
terraform_version: v0.13.2
- run: terraform init
- run: terraform plan -out=plan.out
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# Confirm we have the plan file
- run: stat plan.out
- name: Run Cloudrail
uses: indeni/cloudrail-run-ga@b56ed2d30913c975b36df231adc2eabf05523622
with:
tf-plan-file: plan.out # This was created in a "terraform plan" step
cloudrail-api-key: ${{ secrets.CLOUDRAIL_API_KEY }} # This requires registration to Indeni Cloudrail's SaaS at https://web.cloudrail.app
cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
# Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always()
# is needed to ensure the SARIF file is uploaded
if: always()
with:
sarif_file: cloudrail_results.sarif
+60
View File
@@ -0,0 +1,60 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow checks out code, performs a Codacy security scan
# and integrates the results with the
# GitHub Advanced Security code scanning feature. For more information on
# the Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli-action.
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-analysis-cli.
name: Codacy Security Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
codacy-security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v2
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
with:
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
# You can also omit the token and run the tools that support default configurations
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
# Adjust severity of non-security issues
gh-code-scanning-compat: true
# Force 0 exit code to allow SARIF file generation
# This will handover control about PR rejection to the GitHub side
max-allowed-issues: 2147483647
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
+1 -2
View File
@@ -34,8 +34,7 @@ jobs:
matrix:
language: [ $detected-codeql-languages ]
# CodeQL supports [ $supported-codeql-languages ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
# Learn more about CodeQL language support at https://git.io/codeql-language-support
steps:
- name: Checkout repository
+42
View File
@@ -0,0 +1,42 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow requires that you have an existing account with codescan.io
# For more information about configuring your workflow,
# read our documentation at https://github.com/codescan-io/codescan-scanner-action
name: CodeScan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
CodeScan:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Cache files
uses: actions/cache@v2
with:
path: |
~/.sonar
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Run Analysis
uses: codescan-io/codescan-scanner-action@5b2e8c5683ef6a5adc8fa3b7950bb07debccce12
with:
login: ${{ secrets.CODESCAN_AUTH_TOKEN }}
organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: codescan.sarif
+59
View File
@@ -0,0 +1,59 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow locates REST API file contracts
# (Swagger or OpenAPI format, v2 and v3, JSON and YAML)
# and runs 200+ security checks on them using 42Crunch Security Audit technology.
#
# Documentation is located here: https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
#
# To use this workflow, you will need to complete the following setup steps.
#
# 1. Create a free 42Crunch account at https://platform.42crunch.com/register
#
# 2. Follow steps at https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
# to create an API Token on the 42Crunch platform
#
# 3. Add a secret in GitHub as explained in https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm,
# store the 42Crunch API Token in that secret, and supply the secret's name as api-token parameter in this workflow
#
# If you have any questions or need help contact https://support.42crunch.com
name: "42Crunch REST API Static Security Testing"
# follow standard Code Scanning triggers
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
rest-api-static-security-testing:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for 42Crunch/api-security-audit-action to upload results to Github Code Scanning
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: 42Crunch REST API Static Security Testing
uses: 42Crunch/api-security-audit-action@96228d9c48873fe001354047d47fb62be42abeb1
with:
# Please create free account at https://platform.42crunch.com/register
# Follow these steps to configure API_TOKEN https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
api-token: ${{ secrets.API_TOKEN }}
# Fail if any OpenAPI file scores lower than 75
min-score: 75
# Upload results to Github code scanning
upload-to-code-scanning: true
# Github token for uploading the results
github-token: ${{ github.token }}
+118
View File
@@ -0,0 +1,118 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow performs a static analysis of your Kotlin source code using
# Detekt.
#
# Scans are triggered:
# 1. On every push to default and protected branches
# 2. On every Pull Request targeting the default branch
# 3. On a weekly schedule
# 4. Manually, on demand, via the "workflow_dispatch" event
#
# The workflow should work with no modifications, but you might like to use a
# later version of the Detekt CLI by modifing the $DETEKT_RELEASE_TAG
# environment variable.
name: Scan with Detekt
on:
# Triggers the workflow on push or pull request events but only for default and protected branches
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
# Release tag associated with version of Detekt to be installed
# SARIF support (required for this workflow) was introduced in Detekt v1.15.0
DETEKT_RELEASE_TAG: v1.15.0
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "scan"
scan:
name: Scan
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
# Gets the download URL associated with the $DETEKT_RELEASE_TAG
- name: Get Detekt download URL
id: detekt_info
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api graphql --field tagName=$DETEKT_RELEASE_TAG --raw-field query='
query getReleaseAssetDownloadUrl($tagName: String!) {
repository(name: "detekt", owner: "detekt") {
release(tagName: $tagName) {
releaseAssets(name: "detekt", first: 1) {
nodes {
downloadUrl
}
}
tagCommit {
oid
}
}
}
}
' 1> gh_response.json
DETEKT_RELEASE_SHA=$(jq --raw-output '.data.repository.release.releaseAssets.tagCommit.oid' gh_response.json)
if [ $DETEKT_RELEASE_SHA != "37f0a1d006977512f1f216506cd695039607c3e5" ]; then
echo "Release tag doesn't match expected commit SHA"
exit 1
fi
DETEKT_DOWNLOAD_URL=$(jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' gh_response.json)
echo "::set-output name=download_url::$DETEKT_DOWNLOAD_URL"
# Sets up the detekt cli
- name: Setup Detekt
run: |
dest=$( mktemp -d )
curl --request GET \
--url ${{ steps.detekt_info.outputs.download_url }} \
--silent \
--location \
--output $dest/detekt
chmod a+x $dest/detekt
echo $dest >> $GITHUB_PATH
# Performs static analysis using Detekt
- name: Run Detekt
continue-on-error: true
run: |
detekt --input ${{ github.workspace }} --report sarif:${{ github.workspace }}/detekt.sarif.json
# Modifies the SARIF output produced by Detekt so that absolute URIs are relative
# This is so we can easily map results onto their source files
# This can be removed once relative URI support lands in Detekt: https://git.io/JLBbA
- name: Make artifact location URIs relative
continue-on-error: true
run: |
echo "$(
jq \
--arg github_workspace ${{ github.workspace }} \
'. | ( .runs[].results[].locations[].physicalLocation.artifactLocation.uri |= if test($github_workspace) then .[($github_workspace | length | . + 1):] else . end )' \
${{ github.workspace }}/detekt.sarif.json
)" > ${{ github.workspace }}/detekt.sarif.json
# Uploads results to GitHub repository using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: ${{ github.workspace }}/detekt.sarif.json
checkout_path: ${{ github.workspace }}
+97
View File
@@ -0,0 +1,97 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
################################################################################################################################################
# Fortify lets you build secure software fast with an appsec platform that automates testing throughout the DevSecOps pipeline. Fortify static,#
# dynamic, interactive, and runtime security testing is available on premises or as a service. To learn more about Fortify, start a free trial #
# or contact our sales team, visit microfocus.com/appsecurity. #
# #
# Use this workflow template as a basis for integrating Fortify on Demand Static Application Security Testing(SAST) into your GitHub workflows.#
# This template demonstrates the steps to prepare the code+dependencies, initiate a scan, download results once complete and import into #
# GitHub Security Code Scanning Alerts. Existing customers should review inputs and environment variables below to configure scanning against #
# an existing application in your Fortify on Demand tenant. Additional information is available in the comments throughout the workflow, the #
# documentation for the Fortify actions used, and the Fortify on Demand / ScanCentral Client product documentation. If you need additional #
# assistance with configuration, feel free to create a help ticket in the Fortify on Demand portal. #
################################################################################################################################################
name: Fortify on Demand Scan
# TODO: Customize trigger events based on your DevSecOps processes and typical FoD SAST scan time
on:
workflow_dispatch:
push:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
FoD-SAST-Scan:
# Use the appropriate runner for building your source code.
# TODO: Use a Windows runner for .NET projects that use msbuild. Additional changes to RUN commands will be required to switch to Windows syntax.
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
# Check out source code
- name: Check Out Source Code
uses: actions/checkout@v2
# Java is required to run the various Fortify utilities.
# When scanning a Java application, please use the appropriate Java version for building your application.
- name: Setup Java
uses: actions/setup-java@v1
with:
java-version: 1.8
# Prepare source+dependencies for upload. The default example is for a Maven project that uses pom.xml.
# TODO: Update PACKAGE_OPTS based on the ScanCentral Client documentation for your project's included tech stack(s). Helpful hints:
# ScanCentral Client will download dependencies for maven (-bt mvn) and gradle (-bt gradle).
# ScanCentral Client can download dependencies for msbuild projects (-bt msbuild); however, you must convert the workflow to use a Windows runner.
# ScanCentral has additional options that should be set for PHP and Python projects
# For other build tools, add your build commands to download necessary dependencies and prepare according to Fortify on Demand Packaging documentation.
# ScanCentral Client documentation is located at https://www.microfocus.com/documentation/fortify-software-security-center/
- name: Download Fortify ScanCentral Client
uses: fortify/gha-setup-scancentral-client@5b7382f8234fb9840958c49d5f32ae854115f9f3
- name: Package Code + Dependencies
run: scancentral package $PACKAGE_OPTS -o package.zip
env:
PACKAGE_OPTS: "-bt mvn"
# Start Fortify on Demand SAST scan and wait until results complete. For more information on FoDUploader commands, see https://github.com/fod-dev/fod-uploader-java
# TODO: Update ENV variables for your application and create the necessary GitHub Secrets. Helpful hints:
# Credentials and release ID should be obtained from your FoD tenant (either Personal Access Token or API Key can be used).
# Automated Audit preference should be configured for the release's Static Scan Settings in the Fortify on Demand portal.
- name: Download Fortify on Demand Universal CI Tool
uses: fortify/gha-setup-fod-uploader@6e6bb8a33cb476e240929fa8ebc739ff110e7433
- name: Perform SAST Scan
run: java -jar $FOD_UPLOAD_JAR -z package.zip -aurl $FOD_API_URL -purl $FOD_URL -rid "$FOD_RELEASE_ID" -tc "$FOD_TENANT" -uc "$FOD_USER" "$FOD_PAT" $FOD_UPLOADER_OPTS -n "$FOD_UPLOADER_NOTES"
env:
FOD_URL: "https://ams.fortify.com/"
FOD_API_URL: "https://api.ams.fortify.com/"
FOD_TENANT: ${{ secrets.FOD_TENANT }}
FOD_USER: ${{ secrets.FOD_USER }}
FOD_PAT: ${{ secrets.FOD_PAT }}
FOD_RELEASE_ID: ${{ secrets.FOD_RELEASE_ID }}
FOD_UPLOADER_OPTS: "-ep 2 -pp 0 -I 1 -apf"
FOD_UPLOADER_NOTES: 'Triggered by GitHub Actions (${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})'
# Once scan completes, pull SAST issues from Fortify on Demand and generate SARIF output.
- name: Export results to GitHub-optimized SARIF
uses: fortify/gha-export-vulnerabilities@fcb374411cff9809028c911dabb8b57dbdae623b
with:
fod_base_url: "https://ams.fortify.com/"
fod_tenant: ${{ secrets.FOD_TENANT }}
fod_user: ${{ secrets.FOD_USER }}
fod_password: ${{ secrets.FOD_PAT }}
fod_release_id: ${{ secrets.FOD_RELEASE_ID }}
# Import Fortify on Demand results to GitHub Security Code Scanning
- name: Import Results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ./gh-fortify-sast.sarif
+1 -1
View File
@@ -10,7 +10,7 @@
# To use this workflow, you will need to:
#
# 1. Create a Mayhem for API account at
# https://mayhem4api.forallsecure.com/signup (30-day free trial)
# https://mayhem4api.forallsecure.com/signup
#
# 2. Create a service account token `mapi organization service-account create
# <org-name> <service-account-name>`

Some files were not shown because too many files have changed in this diff Show More