Compare commits

...

117 Commits

Author SHA1 Message Date
Ana Armas Romero 200b0c34b1 Merge pull request #1254 from actions/move-code-scanning-workflows
Validate Data / validate-data (push) Has been cancelled
Move code scanning workflows
2021-11-23 14:21:15 +01:00
anaarmas 0debae5ec7 fix crunch42 template id so it overrides old template as required 2021-11-23 09:37:32 +01:00
anaarmas 52edf1b580 add a bunch of code scanning workflows 2021-11-19 16:55:27 +01:00
Nick Fyson da223f8a03 Merge pull request #1238 from meme/nowsecure
Add NowSecure starter workflow
2021-11-15 22:23:51 +00:00
Keegan Saunders f61ca9907b Add NowSecure starter workflow 2021-11-15 08:40:01 -05:00
rui 56c93ff752 elixir: refresh dependencies (#1212)
- setup action got renamed into `setup-beam`
- update elixir and erlang versions
2021-11-08 11:14:50 -05:00
rui 1d8891efc2 r: use setup-r@1 and include r@4 for starter (#1169)
* r: use setup-r@1 and include r@4 for starter

Signed-off-by: Rui Chen <rui@chenrui.dev>

* use sha instead of tag for external action

Co-authored-by: Josh Gross <joshmgross@github.com>

Co-authored-by: Josh Gross <joshmgross@github.com>
2021-10-28 11:37:36 -04:00
Andy McKay 93ee3d86f6 Merge pull request #1168 from chenrui333/python-3.10
python: update to use python 3.10
2021-10-28 07:40:41 -07:00
Andy McKay 97d8c1c765 Merge branch 'main' into python-3.10 2021-10-28 07:39:33 -07:00
Nick Fyson 1b52eb3e6f Merge pull request #1160 from abirismyname/adding-mobsf-to-codescanning 2021-10-27 21:38:42 +01:00
Nick Fyson 216dc929eb Merge branch 'main' into adding-mobsf-to-codescanning 2021-10-27 21:34:36 +01:00
David Verdeguer ef1ebb2538 Merge pull request #1180 from actions/daverlo/ruby-beta
Add ruby and update CodeQL workflow
2021-10-27 16:07:51 +02:00
David Verdeguer 440e8daf05 Merge branch 'main' into daverlo/ruby-beta 2021-10-27 16:01:12 +02:00
Marco Gario 0f5b68ee4f Merge pull request #1198 from d-winsor/msvc-typo
Fixed typo in Microsoft C++ Code Analysis workflow.
2021-10-27 10:16:35 +02:00
Daniel Winsor d9dc2c2f72 Update commit SHA 2021-10-26 21:48:19 -07:00
Daniel Winsor 83bdb0fcd6 Fixed typo in workflow that will cause every run to fail 2021-10-26 21:37:36 -07:00
Abir Majumdar ed8c87df74 Update code-scanning/properties/mobsf.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
2021-10-25 21:40:48 -04:00
Abir Majumdar 09b078fd76 Update code-scanning/mobsf.yml
Co-authored-by: Nick Fyson <nickfyson@github.com>
2021-10-25 21:40:31 -04:00
David Verdeguer 4a9a12a099 Update codeql.properties.json 2021-10-22 11:52:12 +02:00
David Verdeguer 3a3f99717d Update codeql.properties.json 2021-10-22 11:40:38 +02:00
David Verdeguer 281a35c5ef Update code-scanning/properties/codeql.properties.json
Co-authored-by: Arthur Baars <arthur@semmle.com>
2021-10-22 11:37:35 +02:00
David Verdeguer dcdce00205 Update codeql.properties.json 2021-10-22 10:54:14 +02:00
Nick Fyson 8a8c5b274c Merge pull request #1183 from actions/nickfyson-patch-1
correct typo in msvc.properties.json
2021-10-22 09:36:46 +01:00
Nick Fyson 149db50d43 correct typo in msvc.properties.json 2021-10-22 09:33:24 +01:00
Nick Fyson c3de16f318 Merge pull request #1181 from d-winsor/msvc-analysis
Microsoft C++ Code Analysis Action
2021-10-22 09:31:29 +01:00
Rui Chen 40f0709bd6 quote the version strings 2021-10-22 01:14:49 -04:00
Daniel Winsor 9fccb15dc6 Updated action to meet guidelines 2021-10-21 16:18:11 -07:00
Daniel Winsor bafed29a86 Add workflow for Microsoft C++ Code Analysis 2021-10-21 14:14:02 -07:00
David Verdeguer 042eac3858 Add ruby and update workflow 2021-10-21 22:11:00 +02:00
Ashwin Sangem e3fc80f30e Revert "Added new templates for 3 clouds."
This reverts commit c765d6316f.
2021-10-21 08:59:43 +00:00
Ashwin Sangem c765d6316f Added new templates for 3 clouds. 2021-10-21 14:27:06 +05:30
Rui Chen e6620ddc5b python: update to use python 3.10
Signed-off-by: Rui Chen <rui@chenrui.dev>
2021-10-20 00:02:48 -04:00
Abir Majumdar 6e44c89176 Adhering to pull request guidelines 2021-10-15 08:55:34 -04:00
Abir Majumdar ffef54a02c Adding MobSF starter workflow 2021-10-15 08:37:05 -04:00
Nick Fyson 700743e332 Merge pull request #1153 from yi2020/patch-1
Correct character-case of "c" in Cloudrail
2021-10-12 09:58:03 +01:00
Nick Fyson a857e4e5a6 Merge branch 'main' into patch-1 2021-10-12 09:56:26 +01:00
Sarah Edwards 6b14bf21cb trigger on push instead of release (#1157)
Co-authored-by: Josh Gross <joshmgross@github.com>
2021-10-11 15:53:15 -04:00
Ashwin Sangem ad91ff259d AWS template also used Docker 2021-10-11 14:58:21 +05:30
Yoni Leitersdorf 2e38bc8da2 Correct character-case of "c" in Cloudrail 2021-10-06 12:52:26 -07:00
Nick Fyson 5b659e82b4 Merge pull request #1110 from manuelbcd/main
Sysdig inline scanning
2021-10-06 10:14:48 +01:00
manuelbcd 764ebceaf5 Merge branch 'main' into main 2021-10-05 22:46:19 +02:00
Nick Fyson 122f83ece7 Merge pull request #1152 from actions/nickfyson/fix-fortify
Rename fortify.json to fortify.properties.json
2021-10-05 20:50:47 +01:00
Nick Fyson 6a1dba2d71 Rename fortify.json to fortify.properties.json 2021-10-05 20:44:48 +01:00
Nick Fyson a95943d406 Merge pull request #1090 from fortify/main
Add Fortify on Demand code scanning workflow
2021-10-05 20:24:09 +01:00
manuelbcd d07ff38b96 Merge branch 'main' into main 2021-10-05 15:10:10 +02:00
manuelbcd 3c200bdb21 Switched svg logo (again) for a better fit 2021-10-05 15:09:31 +02:00
manuelbcd b258b33234 Rename sysdig.svg to sysdig-scan.svg 2021-10-05 15:02:00 +02:00
manuelbcd c342a0c6e3 Merge branch 'main' of github.com:manuelbcd/starter-workflows 2021-10-05 10:40:25 +02:00
manuelbcd b55a65157e Changed svg logo 2021-10-05 10:39:56 +02:00
manuelbcd b7d9f15826 Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
2021-10-05 09:30:53 +02:00
manuelbcd 2a1abda503 Update code-scanning/properties/sysdig-scan.properties.json
Co-authored-by: Nick Fyson <nickfyson@github.com>
2021-10-05 09:30:45 +02:00
Aparna Ravindra 85d2a866f0 removing "deployment" templates from sync-ghes (#1127) 2021-10-05 11:22:46 +05:30
Nick Fyson 5d273fbcb3 Merge pull request #1047 from yi2020/add_cloudrail
Add Indeni Cloudrail
2021-10-04 19:45:31 +01:00
Nick Fyson d4dccf0b1e Merge branch 'main' into add_cloudrail 2021-10-04 19:44:55 +01:00
Yoni Leitersdorf c705225b8f Apply suggestions from nickfyson's code review
Co-authored-by: Nick Fyson <nickfyson@github.com>
2021-10-04 09:48:47 -07:00
Sarah Edwards 596b345944 use env variables for user-set values (#1117)
Co-authored-by: Josh Gross <joshmgross@github.com>
2021-10-01 15:07:03 -04:00
Ashwin Sangem 7b9e3b6858 Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)
This reverts commit 7f30309cce.
2021-10-01 18:50:08 +05:30
Ana Armas Romero 13f632a90b Merge pull request #1144 from swarkentin/patch-1
Remove mention of trial for Mayhem for API
2021-09-30 11:41:10 +02:00
Ana Armas Romero 65fef9614f Merge branch 'main' into patch-1 2021-09-30 11:40:11 +02:00
Aparna Ravindra 02d91c6ccf checking for allowed category in validate-data script (#1131)
* checking for allowed category

* Update index.ts
2021-09-30 10:19:20 +05:30
Ashwin Sangem 6b053712be Added dockerfile to relevant CD template categories. (#1136)
* Added Dockerfile to Category for relevant CD templates.

* Update terraform.properties.json
2021-09-30 07:31:43 +05:30
Sheldon Warkentin 8c91a4c02f Remoev mention of trial for Mayhem for API
A free plan is now in place with a professional trial that may be opted into afterward.
2021-09-29 13:45:57 -06:00
Nick Fyson 15daabeaa4 Merge pull request #1129 from actions/nickfyson/validate-code-scanning
start validating code-scanning workflows
2021-09-29 16:18:11 +01:00
Nick Fyson 4087ed4594 Merge branch 'main' into nickfyson/validate-code-scanning 2021-09-29 16:11:58 +01:00
Fernando de Oliveira 7f30309cce Azure Data Factory CI starter workflow (#1111)
* Azure Data Factory CI starter workflow

* fix: data factory starter categories

* fix: checkout step formatting

* fix: data-factory-export targeting latest version

* feature: latest adf validate and export versions

* feature: Azure Data Factory tech_stack category for CI starter

Co-authored-by: Fernando de Oliveira <5161098+fernandoBRS@users.noreply.github.com>
2021-09-29 10:32:01 +05:30
Gary Houbre f0b8c8ad72 Starter workflow Symfony (#1069)
* Add Symfony to starter Workflow

* Added Properties from Symfony

* Update symfony.yml

* Update symfony.yml

* Update symfony.yml

* Fix Wrong Configuration

* Review and fixing

* Update Symfony Properties Category

Co-authored-by: Ashwin Sangem <ashwinsangem@github.com>
2021-09-28 15:11:17 +05:30
Nick Fyson 70655750b2 check for yml and yaml extensions 2021-09-28 09:37:43 +01:00
Ruud Senden cb6678504a File renames as requested in PR comments 2021-09-28 10:24:29 +02:00
Ruud Senden fd79bd4838 Merge branch 'main' into main 2021-09-28 10:21:39 +02:00
Nick Fyson b5a43f8049 Merge branch 'main' into add_cloudrail 2021-09-27 21:35:59 +01:00
Nick Fyson 9426610033 Merge branch 'main' into nickfyson/validate-code-scanning 2021-09-27 20:46:46 +01:00
Nick Fyson b58a4e21c6 start validating code-scanning workflows 2021-09-27 20:35:10 +01:00
Randy Kleinman 4a9a1680df Update README grammar (#1123)
substitue -> substitute
2021-09-24 18:05:34 -04:00
Aparna Ravindra 5a1343bb22 Adding template - Build Xcode project (#1095)
* adding build for xcode

* renaming template

Co-authored-by: Ashwin Sangem <ashwinsangem@github.com>
2021-09-23 10:29:50 +05:30
Ruud Senden 97de22b47c Update according to PR review comments 2021-09-22 14:12:39 +02:00
Ruud Senden 835899e531 Merge branch 'actions:main' into main 2021-09-22 14:07:52 +02:00
Fernando de Oliveira 55f65bcc15 Directory structure updated (#1112)
Co-authored-by: Fernando de Oliveira <5161098+fernandoBRS@users.noreply.github.com>
2021-09-22 16:37:22 +05:30
manuelbcd 9b4fcbf911 Adding 'Dockerfile' to category list 2021-09-21 11:25:16 +02:00
manuelbcd 7d41cdb581 Reviews from PR #1110 2021-09-21 11:03:21 +02:00
Ninad Kavimandan e4091f2f55 add Vue to nodejs props (#1109) 2021-09-21 13:35:26 +05:30
manuelbcd 38d4e3bfd2 Added some extra comments, Github Actions V2 and changed env vars 2021-09-20 11:52:53 +02:00
Cadu Ribeiro 6dfa11d0c4 Add github/super-linter as starter workflow on CI (#1089)
This commit adds github/super-linter as a starter workflow to execute
several linters based on the user codebase on changed files.

Co-authored-by: Josh Gross <joshmgross@github.com>
2021-09-17 16:58:46 -04:00
Ruud Senden 45ae2e08fc Merge branch 'main' into main 2021-09-17 12:38:42 +02:00
Manuel Boira Cuevas 5e116cb9e8 Sysdig Secure Inline Scan with SARIF report to starter workflows 2021-09-16 10:47:05 +02:00
Ninad Kavimandan c36ea2c560 add Continuous integration to makefile props (#1100) 2021-09-16 11:51:53 +05:30
Ninad Kavimandan 59daabb07b support AspNetCore and DotNetConsole (#1096)
Co-authored-by: Ashwin Sangem <ashwinsangem@github.com>
2021-09-16 11:19:17 +05:30
Ninad Kavimandan 9095e7c9d5 added prefix npm- (#1097) 2021-09-16 11:17:56 +05:30
Ninad Kavimandan 1cb322141e add makefile template (#1093)
Co-authored-by: Ashwin Sangem <ashwinsangem@github.com>
2021-09-16 11:02:21 +05:30
Shubham Tiwari df5ac56102 Adding category in the template property file (#1092)
* adding category in the template property file

* added category on ruby template
2021-09-16 11:00:07 +05:30
Aparna Ravindra dda42cb8f2 Addition to categories to python templates (#1088)
* addition to categories for python-app template

* adding categories to pylint template

* adding categories to python-package template

Co-authored-by: Ashwin Sangem <ashwinsangem@github.com>
2021-09-15 20:04:06 +05:30
Aparna Ravindra 3175118151 Addressing review comments - Renaming template and updating setup-ruby action version (#1086)
* renaming template and updating setup-ruby action version

* renaming rubyrails files

* renaming rails files
2021-09-15 20:02:11 +05:30
John Bohannon 238e55b9b4 Merge pull request #1091 from tetchel/openshift-ghcr-squashed
Update OpenShift workflow to use GHCR by default (#6)
2021-09-14 15:01:30 -04:00
Tim Etchells 149cf11287 Update github-script major version
Co-authored-by: John Bohannon <imjohnbo@github.com>
2021-09-14 11:52:30 -07:00
Tim Etchells 48e2865d35 Update OpenShift workflow to use GHCR by default (#6)
- Simplifies required configuration since a registry account is now
  optional
- Update a variety of comments
- Use tools-installer to install oc
- Other small changes towards a better UX

Signed-off-by: Tim Etchells <tetchel@gmail.com>
2021-09-14 11:12:35 -07:00
Ruud Senden 30715e86a4 Add 3rd-party GitHub Actions disclaimer 2021-09-14 09:06:33 +02:00
Ruud Senden ddf7fe1e94 Merge branch 'actions:main' into main 2021-09-14 08:58:07 +02:00
Ruud Senden 6d89fb8045 Update Fortify on Demand supported languages 2021-09-14 08:56:36 +02:00
Ashwin Sangem 028df69d88 Added support for Java Frameworks, Spring and JSF to CI Templates. (#1087) 2021-09-14 08:04:52 +05:30
Ruud Senden 99fae1ecb1 Update Fortify on Demand workflow 2021-09-13 10:29:38 +02:00
Ruud Senden b671ee6c7b Add original Fortify on Demand workflow 2021-09-13 10:16:30 +02:00
tmash06 b33f57dde1 Fixed a broken link to actions/upload-a-build-artifact in dotnet-desktop.yml. (#1074)
Co-authored-by: Josh Gross <joshmgross@github.com>
2021-09-09 15:45:29 -04:00
Ninad Kavimandan 84a9757692 added React and Angular as categories to node (#1084) 2021-09-09 16:16:31 +05:30
Nick Fyson 29e8b6c38a Merge pull request #1081 from actions/nickfyson/add-codeql-to-ghes
Nickfyson/add codeql to ghes
2021-09-08 11:05:03 +01:00
Nick Fyson c2cc54a69e only check nwo of supported actions 2021-09-08 10:28:14 +01:00
Nick Fyson 7aa1944311 only run ghes sync checks on YML files 2021-09-08 10:08:06 +01:00
Nick Fyson e6aff964db add codeql workflow to ghes 2021-09-08 09:54:15 +01:00
Nick Fyson ff4d33e44b Merge pull request #1080 from actions/revert-1077-nickfyson/add-codeql-to-ghes
Revert "add codeql workflow to ghes branch"
2021-09-08 07:27:03 +01:00
Nick Fyson 41e3bc11ea Revert "add codeql workflow to ghes branch" 2021-09-08 07:26:24 +01:00
Nick Fyson 79ff92ef6d Merge pull request #1077 from actions/nickfyson/add-codeql-to-ghes
add codeql workflow to ghes branch
2021-09-08 07:24:31 +01:00
Nick Fyson e9f0116056 Merge branch 'main' into nickfyson/add-codeql-to-ghes 2021-09-08 07:23:25 +01:00
Aparna Ravindra 237e7737ce restoring from main (#1078) 2021-09-08 11:52:12 +05:30
Nick Fyson fc748cc482 add codeql workflow to ghes 2021-09-06 15:25:04 +00:00
Aparna Ravindra 7b64f44165 Directory for deployments (#1071)
* moving deployment templates

* including deployment directory in scripts

* validate categories script init

* introducing scout

* introducing workflow

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate.rb

* Update validate.rb

* Update validate.rb

* Update validate.rb

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate-categories.yaml

* Update validate.rb

* Update validate-categories.yaml

* Update validate-categories.yaml

* Create test_comment.yaml

* rename

* using [enter]

* testing newline

* test

* setting up variable

* using echo -e

* using join

* testing space space new line

* setting multi line in echo

* removing checkout

* setting rows-generator

* fixing error

* using join

* commit

* Update test_comment.yaml

* escaping pipe

* printing debug line

* using %0A

* Update validate-categories.yaml

* Update validate.rb

* Update validate.rb

* removing debug

* removing variable

* Update validate.rb

* Update validate-categories.yaml

* Validate categories comment on pr (#32)

* reverting deployment directory

* checking for output

* Categories validation two workflows (#34)

comment on pr in a separate workflow

* Categories validation two workflows (#35)

using right dir name

* Categories validation two workflows (#36)

.

* Categories validation two workflows (#37)

fixing typo

* adding if conditions

* adding try catch

* using console instead of echo

* equating to upstream

* moving deployment templates
2021-09-06 11:04:54 +05:30
Varun Sharma ac64f9caf5 Secure workflows (#1) (#1072)
* Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-feature.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-support.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/stale.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/sync_ghes.yaml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/validate-data.yaml

Co-authored-by: Step Security <bot@stepsecurity.io>

Co-authored-by: step-security[bot] <89328102+step-security[bot]@users.noreply.github.com>
Co-authored-by: Step Security <bot@stepsecurity.io>
2021-09-02 16:05:24 -04:00
Yoni Leitersdorf 98bde3b31e Oops 2021-08-17 07:32:50 -07:00
Yoni Leitersdorf 188b52b51c Adding Cloudrail according to documentation and examples 2021-08-17 07:29:29 -07:00
Yoni Leitersdorf 69184c7484 Added Cloudrail according to instructions and existing examples 2021-08-17 07:29:02 -07:00
161 changed files with 3672 additions and 294 deletions
+2
View File
@@ -5,6 +5,8 @@ on:
jobs:
build:
permissions:
issues: write
runs-on: ubuntu-latest
steps:
- name: Close Issue
+2
View File
@@ -5,6 +5,8 @@ on:
jobs:
build:
permissions:
issues: write
runs-on: ubuntu-latest
steps:
- name: Close Issue
+3
View File
@@ -7,6 +7,9 @@ on:
jobs:
stale:
permissions:
issues: write
pull-requests: write
runs-on: ubuntu-latest
steps:
+2
View File
@@ -7,6 +7,8 @@ on:
jobs:
sync:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+2
View File
@@ -6,6 +6,8 @@ on:
jobs:
validate-data:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+3 -2
View File
@@ -12,7 +12,8 @@ These are the workflow files for helping people get started with GitHub Actions.
### Directory structure
* [ci](ci): solutions for Continuous Integration and Deployments
* [ci](ci): solutions for Continuous Integration workflows.
* [deployments](deployments): solutions for Deployment workflows.
* [automation](automation): solutions for automating workflows.
* [code-scanning](code-scanning): starter workflows for [Code Scanning](https://github.com/features/security)
* [icons](icons): svg icons for the relevant template
@@ -44,5 +45,5 @@ For example: `ci/django.yml` and `ci/properties/django.properties.json`.
These variables can be placed in the starter workflow and will be substituted as detailed below:
* `$default-branch`: will substitute the branch from the repository, for example `main` and `master`
* `$protected-branches`: will substitue any protected branches from the repository.
* `$protected-branches`: will substitute any protected branches from the repository
* `$cron-daily`: will substitute a valid but random time within the day
+1 -1
View File
@@ -107,7 +107,7 @@ jobs:
- name: Remove the pfx
run: Remove-Item -path $env:Wap_Project_Directory\$env:Signing_Certificate
# Upload the MSIX package: https://github.com/marketplace/actions/upload-artifact
# Upload the MSIX package: https://github.com/marketplace/actions/upload-a-build-artifact
- name: Upload build artifacts
uses: actions/upload-artifact@v2
with:
+3 -3
View File
@@ -15,10 +15,10 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up Elixir
uses: erlef/setup-elixir@885971a72ed1f9240973bd92ab57af8c1aa68f24
uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f
with:
elixir-version: '1.10.3' # Define the elixir version [required]
otp-version: '22.3' # Define the OTP version [required]
elixir-version: '1.12.3' # Define the elixir version [required]
otp-version: '24.1' # Define the OTP version [required]
- name: Restore dependencies cache
uses: actions/cache@v2
with:
+27
View File
@@ -0,0 +1,27 @@
name: Makefile CI
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: configure
run: ./configure
- name: Install dependencies
run: make
- name: Run check
run: make check
- name: Run distcheck
run: make distcheck
View File
View File
+30
View File
@@ -0,0 +1,30 @@
name: Xcode - Build and Analyze
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
build:
name: Build and analyse default scheme using xcodebuild command
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set Default Scheme
run: |
scheme_list=$(xcodebuild -list -json | tr -d "\n")
default=$(echo $scheme_list | ruby -e "require 'json'; puts JSON.parse(STDIN.gets)['project']['targets'][0]")
echo $default | cat >default
echo Using default scheme: $default
- name: Build
env:
scheme: ${{ 'default' }}
run: |
if [ $scheme = default ]; then scheme=$(cat default); fi
if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
xcodebuild clean build analyze -scheme "$scheme" -"$filetype_parameter" "$file_to_build" | xcpretty && exit ${PIPESTATUS[0]}
-180
View File
@@ -1,180 +0,0 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
### The OpenShift Starter workflow will:
# - Checkout your repository
# - Perform a Docker build
# - Push the built image to an image registry
# - Log in to your OpenShift cluster
# - Create an OpenShift app from the image and expose it to the internet.
### Before you begin:
# - Have write access to a container image registry such as quay.io or Dockerhub.
# - Have access to an OpenShift cluster.
# - For instructions to get started with OpenShift see https://www.openshift.com/try
# - The project you wish to add this workflow to should have a Dockerfile.
# - If you don't have a Dockerfile at the repository root, see the buildah-build step.
# - Builds from scratch are also available, but require more configuration.
### To get the workflow running:
# 1. Add this workflow to your repository.
# 2. Edit the top-level 'env' section, which contains a list of environment variables that must be configured.
# 3. Create the secrets referenced in the 'env' section under your repository Settings.
# 4. Edit the 'branches' in the 'on' section to trigger the workflow on a push to your branch.
# 5. Commit and push your changes.
# For a more sophisticated example, see https://github.com/redhat-actions/spring-petclinic/blob/main/.github/workflows/petclinic-sample.yaml
# Also see our GitHub organization, https://github.com/redhat-actions/
# ▶️ See a video of how to set up this workflow at https://www.youtube.com/watch?v=6hgBO-1pKho
name: OpenShift
# ⬇️ Modify the fields marked with ⬇️ to fit your project, and create any secrets that are referenced.
# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
env:
# ⬇️ EDIT with your registry and registry path.
REGISTRY: quay.io/<username>
# ⬇️ EDIT with your registry username.
REGISTRY_USER: <username>
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
# ⬇️ EDIT to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# ⬇️ EDIT with any additional port your application should expose.
# By default, oc new-app action creates a service to the image's lowest numeric exposed port.
APP_PORT: ""
# ⬇️ EDIT if you wish to set the kube context's namespace after login. Leave blank to use the default namespace.
OPENSHIFT_NAMESPACE: ""
# If you wish to manually provide the APP_NAME and TAG, set them here, otherwise they will be auto-detected.
APP_NAME: ""
TAG: ""
on:
# https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows
push:
# Edit to the branch(es) you want to build and deploy on each push.
branches: [ $default-branch ]
jobs:
openshift-ci-cd:
name: Build and deploy to OpenShift
runs-on: ubuntu-18.04
environment: production
outputs:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
steps:
- name: Check if secrets exists
uses: actions/github-script@v3
with:
script: |
const secrets = {
REGISTRY_PASSWORD: `${{ secrets.REGISTRY_PASSWORD }}`,
OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
};
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
if (value.length === 0) {
core.warning(`Secret "${name}" is not set`);
return true;
}
core.info(`✔️ Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`✅ All the required secrets are set`);
}
- uses: actions/checkout@v2
- name: Determine app name
if: env.APP_NAME == ''
run: |
echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV
- name: Determine tag
if: env.TAG == ''
run: |
echo "TAG=${GITHUB_SHA::7}" | tee -a $GITHUB_ENV
# https://github.com/redhat-actions/buildah-build#readme
- name: Build from Dockerfile
id: image-build
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.APP_NAME }}
tags: ${{ env.TAG }}
# If you don't have a dockerfile, see:
# https://github.com/redhat-actions/buildah-build#scratch-build-inputs
# Otherwise, point this to your Dockerfile relative to the repository root.
dockerfiles: |
./Dockerfile
# https://github.com/redhat-actions/push-to-registry#readme
- name: Push to registry
id: push-to-registry
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.image-build.outputs.image }}
tags: ${{ steps.image-build.outputs.tags }}
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
# The path the image was pushed to is now stored in ${{ steps.push-to-registry.outputs.registry-path }}
# oc-login works on all platforms, but oc must be installed first.
# The GitHub Ubuntu runner already includes oc.
# Otherwise, https://github.com/redhat-actions/openshift-tools-installer can be used to install oc,
# as well as many other tools.
# https://github.com/redhat-actions/oc-login#readme
- name: Log in to OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
# This step should create a deployment, service, and route to run your app and expose it to the internet.
# https://github.com/redhat-actions/oc-new-app#readme
- name: Create and expose app
id: deploy-and-expose
uses: redhat-actions/oc-new-app@v1
with:
app_name: ${{ env.APP_NAME }}
image: ${{ steps.push-to-registry.outputs.registry-path }}
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
port: ${{ env.APP_PORT }}
- name: View application route
run: |
[[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1)
echo "======================== Your application is available at: ========================"
echo ${{ env.ROUTE }}
echo "==================================================================================="
echo
echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\""
env:
ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Ada",
"description": "Build Ada project with GPRbuild.",
"iconName": "ada",
"categories": ["Ada"]
"categories": ["Continuous integration", "Ada"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Android CI",
"description": "Build an Android project with Gradle.",
"iconName": "android",
"categories": ["Java", "Mobile"]
"categories": ["Continuous integration", "Java", "Mobile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Ant",
"description": "Build and test a Java project with Apache Ant.",
"iconName": "ant",
"categories": ["Ant", "Java"]
"categories": ["Continuous integration", "Ant", "Java"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "C/C++ with Make",
"description": "Build and test a C/C++ project using Make.",
"iconName": "c-cpp",
"categories": ["C", "C++"]
"categories": ["Continuous integration", "C", "C++"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Clojure",
"description": "Build and test a Clojure project with Leiningen.",
"iconName": "clojure",
"categories": ["Clojure", "Java"]
"categories": ["Continuous integration", "Clojure", "Java"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "CMake based projects",
"description": "Build and test a CMake based project.",
"iconName": "cmake",
"categories": ["C", "C++"]
"categories": ["Continuous integration", "C", "C++"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Crystal",
"description": "Build and test a Crystal project.",
"iconName": "crystal",
"categories": ["Crystal"]
"categories": ["Continuous integration", "Crystal"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "D",
"description": "Build and test a D project with dub.",
"iconName": "d",
"categories": [ "D" ]
"categories": ["Continuous integration", "D"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Dart",
"description": "Build and test a Dart project with Pub.",
"iconName": "dart",
"categories": ["Dart"]
"categories": ["Continuous integration", "Dart"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Deno",
"description": "Test your Deno project",
"iconName": "deno",
"categories": ["JavaScript", "TypeScript", "Deno"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "Deno"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Django",
"description": "Build and Test a Django Project",
"iconName": "django",
"categories": ["Python", "Django"]
"categories": ["Continuous integration", "Python", "Django"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Docker image",
"description": "Build a Docker image to deploy, run, or push to a registry.",
"iconName": "docker",
"categories": ["Dockerfile"]
"categories": ["Continuous integration", "Dockerfile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Docker Container",
"description": "Build, test and push Docker image to GitHub Packages.",
"iconName": "docker",
"categories": ["Dockerfile"]
"categories": ["Continuous integration", "Dockerfile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": ".NET Desktop",
"description": "Build, test, sign and publish a desktop application built on .NET.",
"iconName": "dotnet",
"categories": ["C#", "Visual Basic", "WPF", ".NET"]
"categories": ["Continuous integration", "C#", "Visual Basic", "WPF", ".NET"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": ".NET",
"description": "Build and test a .NET or ASP.NET Core project.",
"iconName": "dotnet",
"categories": ["C#", "F#", "Visual Basic", "ASP", "ASP.NET", ".NET"]
"categories": ["Continuous integration", "C#", "F#", "Visual Basic", "ASP", "ASP.NET", ".NET", "AspNetCore", "DotNetConsole"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Elixir",
"description": "Build and test an Elixir project with Mix.",
"iconName": "elixir",
"categories": ["Elixir", "Erlang"]
"categories": ["Continuous integration", "Elixir", "Erlang"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Erlang",
"description": "Build and test an Erlang project with rebar.",
"iconName": "erlang",
"categories": ["Erlang"]
"categories": ["Continuous integration", "Erlang"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Ruby Gem",
"description": "Pushes a Ruby Gem to RubyGems and GitHub Package Registry.",
"iconName": "ruby-gems",
"categories": ["Ruby"]
"categories": ["Continuous integration", "Ruby"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Go",
"description": "Build a Go project.",
"iconName": "go",
"categories": ["Go"]
"categories": ["Continuous integration", "Go"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Java Package with Gradle",
"description": "Build a Java Package using Gradle and publish to GitHub Packages.",
"iconName": "gradle",
"categories": ["Java", "Gradle"]
"categories": ["Continuous integration", "Java", "Gradle", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Gradle",
"description": "Build and test a Java project using a Gradle wrapper script.",
"iconName": "gradle",
"categories": ["Java", "Gradle"]
"categories": ["Continuous integration", "Java", "Gradle", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Haskell",
"description": "Build and test a Haskell project with Cabal.",
"iconName": "haskell",
"categories": ["Haskell"]
"categories": ["Continuous integration", "Haskell"]
}
+1
View File
@@ -3,6 +3,7 @@
"description": "Build and test an iOS application using xcodebuild and any available iPhone simulator.",
"iconName": "xcode",
"categories": [
"Continuous integration",
"iOS",
"Xcode"
]
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Jekyll",
"description": "Package a Jekyll site using the jekyll/builder Docker image.",
"iconName": "jekyll",
"categories": ["HTML"]
"categories": ["Continuous integration", "HTML"]
}
+1
View File
@@ -3,6 +3,7 @@
"description": "Test a Laravel project.",
"iconName": "php",
"categories": [
"Continuous integration",
"PHP",
"Laravel"
]
+6
View File
@@ -0,0 +1,6 @@
{
"name": "Build projects with Make",
"description": "Build and test a project using Make.",
"iconName": "makefile",
"categories": ["Continuous integration", "Makefile"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Java Package with Maven",
"description": "Build a Java Package using Maven and publish to GitHub Packages.",
"iconName": "maven",
"categories": ["Java", "Maven"]
"categories": ["Continuous integration", "Java", "Maven", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Java with Maven",
"description": "Build and test a Java project with Apache Maven.",
"iconName": "maven",
"categories": ["Java", "Maven"]
"categories": ["Continuous integration", "Java", "Maven", "Spring", "JSF"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "MSBuild based projects",
"description": "Build a MSBuild based project.",
"iconName": "c-cpp",
"categories": ["C", "C++"]
"categories": ["Continuous integration", "C", "C++"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Node.js",
"description": "Build and test a Node.js project with npm.",
"iconName": "nodejs",
"categories": ["JavaScript", "npm"]
"categories": ["Continuous integration", "JavaScript", "npm", "React", "Angular", "Vue"]
}
@@ -2,5 +2,5 @@
"name": "Grunt",
"description": "Build a NodeJS project with npm and grunt.",
"iconName": "grunt",
"categories": ["JavaScript", "TypeScript", "npm", "Grunt"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Grunt"]
}
@@ -2,5 +2,5 @@
"name": "Gulp",
"description": "Build a NodeJS project with npm and gulp.",
"iconName": "gulp",
"categories": ["JavaScript", "TypeScript", "npm", "Gulp"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Gulp"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Node.js Package",
"description": "Publishes a Node.js package to npm and GitHub Packages.",
"iconName": "node-package-transparent",
"categories": ["JavaScript", "npm"]
"categories": ["Continuous integration", "JavaScript", "npm"]
}
@@ -0,0 +1,6 @@
{
"name": "Xcode - Build and Analyze",
"description": "Build Xcode project using xcodebuild",
"iconName": "xcode",
"categories": ["Continuous integration", "Xcode", "Objective-C"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "PHP",
"description": "Build and test a PHP application using Composer",
"iconName": "php",
"categories": ["PHP", "Composer"]
"categories": ["Continuous integration", "PHP", "Composer"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Pylint",
"description": "Lint a Python application with pylint.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python", "Bottle", "Flask"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Python application",
"description": "Create and test a Python application.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python", "Bottle", "Flask"]
}
@@ -2,5 +2,5 @@
"name": "Python Package using Anaconda",
"description": "Create and test a Python package on multiple Python versions using Anaconda for package management.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Python package",
"description": "Create and test a Python package on multiple Python versions.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python", "Bottle", "Flask"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Publish Python Package",
"description": "Publish a Python Package to PyPI on release.",
"iconName": "python",
"categories": ["Python"]
"categories": ["Continuous integration", "Python"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "R package",
"description": "Create and test an R package on multiple R versions.",
"iconName": "r",
"categories": ["R"]
"categories": ["Continuous integration", "R"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Ruby",
"description": "Build and test a Ruby project with Rake.",
"iconName": "ruby",
"categories": ["Ruby"]
"categories": ["Continuous integration", "Ruby"]
}
@@ -0,0 +1,6 @@
{
"name": "Rails - Install Dependencies and Run Linters",
"description": "Install dependencies and run linters on Rails application",
"iconName": "ruby",
"categories": ["Continuous integration", "Ruby", "Rails"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Rust",
"description": "Build and test a Rust project with Cargo.",
"iconName": "rust",
"categories": ["Rust"]
"categories": ["Continuous integration", "Rust"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Scala",
"description": "Build and test a Scala project with SBT.",
"iconName": "scala",
"categories": ["Scala", "Java"]
"categories": ["Continuous integration", "Scala", "Java"]
}
@@ -0,0 +1,6 @@
{
"name": "Super Linter - Run Linters for several languages",
"description": "Run linters for several languages on your code base for changed files",
"iconName": "octicon check-circle",
"categories": ["Continuous integration", "code-quality", "code-review"]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Swift",
"description": "Build and test a Swift Package.",
"iconName": "swift",
"categories": ["Swift"]
"categories": ["Continuous integration", "Swift"]
}
+10
View File
@@ -0,0 +1,10 @@
{
"name": "Symfony",
"description": "Test a Symfony project.",
"iconName": "php",
"categories": [
"Continuous integration",
"PHP",
"Symfony"
]
}
+1 -1
View File
@@ -2,5 +2,5 @@
"name": "Webpack",
"description": "Build a NodeJS project with npm and webpack.",
"iconName": "webpack",
"categories": ["JavaScript", "TypeScript", "npm", "Webpack"]
"categories": ["Continuous integration", "JavaScript", "TypeScript", "npm", "Webpack"]
}
+5 -4
View File
@@ -4,15 +4,16 @@ on: [push]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.8", "3.9", "3.10"]
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.9
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: 3.9
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
+2 -2
View File
@@ -16,10 +16,10 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.9
- name: Set up Python 3.10
uses: actions/setup-python@v2
with:
python-version: 3.9
python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
+2 -2
View File
@@ -10,10 +10,10 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.8
- name: Set up Python 3.10
uses: actions/setup-python@v2
with:
python-version: 3.8
python-version: 3.10
- name: Add conda to system path
run: |
# $CONDA is an environment variable pointing to the root of the miniconda directory
+1 -1
View File
@@ -16,7 +16,7 @@ jobs:
strategy:
fail-fast: false
matrix:
python-version: [3.7, 3.8, 3.9]
python-version: ["3.8", "3.9", "3.10"]
steps:
- uses: actions/checkout@v2
+2 -2
View File
@@ -19,12 +19,12 @@ jobs:
runs-on: macos-latest
strategy:
matrix:
r-version: [3.5, 3.6]
r-version: ['3.6.3', '4.1.1']
steps:
- uses: actions/checkout@v2
- name: Set up R ${{ matrix.r-version }}
uses: r-lib/actions/setup-r@ffe45a39586f073cc2e9af79c4ba563b657dc6e3
uses: r-lib/actions/setup-r@f57f1301a053485946083d7a45022b278929a78a
with:
r-version: ${{ matrix.r-version }}
- name: Install dependencies
+32
View File
@@ -0,0 +1,32 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will download a prebuilt Ruby version, install dependencies, and run linters
name: Rails - Install dependencies and run linters
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
run-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Ruby and install gems
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
with:
bundler-cache: true
# Add or Replace any other security checks here
- name: Run security checks
run: |
bin/bundler-audit --update
bin/brakeman -q -w2
# Add or Replace any other Linters here
- name: Run linters
run: |
bin/rubocop --parallel
+29
View File
@@ -0,0 +1,29 @@
# This workflow executes several linters on changed files based on languages used in your code base whenever
# you push a code or open a pull request.
#
# You can adjust the behavior by modifying this file.
# For more information, see:
# https://github.com/github/super-linter
name: Lint Code Base
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
run-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
# Full git history is needed to get a proper list of changed files within `super-linter`
fetch-depth: 0
- name: Lint Code Base
uses: github/super-linter@v4
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: $default-branch
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+39
View File
@@ -0,0 +1,39 @@
name: Symfony
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
symfony-tests:
runs-on: ubuntu-latest
steps:
# To automatically get bug fixes and new Php versions for shivammathur/setup-php,
# change this to (see https://github.com/shivammathur/setup-php#bookmark-versioning):
# uses: shivammathur/setup-php@v2
- uses: shivammathur/setup-php@2cb9b829437ee246e9b3cac53555a39208ca6d28
with:
php-version: '8.0'
- uses: actions/checkout@v2
- name: Copy .env.test.local
run: php -r "file_exists('.env.test.local') || copy('.env.test', '.env.test.local');"
- name: Cache Composer packages
id: composer-cache
uses: actions/cache@v2
with:
path: vendor
key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-php-
- name: Install Dependencies
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
- name: Create Database
run: |
mkdir -p data
touch data/database.sqlite
- name: Execute tests (Unit and Feature tests) via PHPUnit
env:
DATABASE_URL: sqlite:///%kernel.project_dir%/data/database.sqlite
run: vendor/bin/phpunit
+39
View File
@@ -0,0 +1,39 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow checks out code, builds an image, performs a container image
# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security
# code scanning feature. For more information on the Anchore scan action usage
# and parameters, see https://github.com/anchore/scan-action. For more
# information on Anchore's container image scanning tool Grype, see
# https://github.com/anchore/grype
name: Anchore Container Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
Anchore-Build-Scan:
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v2
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
uses: anchore/scan-action@b08527d5ae7f7dc76f9621edb6e49eaf47933ccd
with:
image: "localbuild/testimage:latest"
acs-report-enable: true
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
+51
View File
@@ -0,0 +1,51 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow integrates Brakeman with GitHub's Code Scanning feature
# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
name: Brakeman Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
brakeman-scan:
name: Brakeman Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v2
# Customize the ruby version depending on your needs
- name: Setup Ruby
uses: ruby/setup-ruby@f20f1eae726df008313d2e0d78c5e602562a1bcf
with:
ruby-version: '2.7'
- name: Setup Brakeman
env:
BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
run: |
gem install brakeman --version $BRAKEMAN_VERSION
# Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
- name: Scan
continue-on-error: true
run: |
brakeman -f sarif -o output.sarif.json .
# Upload the SARIF file generated in the previous step
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: output.sarif.json
+44
View File
@@ -0,0 +1,44 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This is a basic workflow to help you get started with Using Checkmarx CxFlow Action
name: CxFlow
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
runs-on: ubuntu-latest
# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
# Runs the Checkmarx Scan leveraging the latest version of CxFlow - REFER to Action README for list of inputs
- name: Checkmarx CxFlow Action
uses: checkmarx-ts/checkmarx-cxflow-github-action@04e6403dbbfee0fd3fb076e5791202c31c54fe6b
with:
project: GithubActionTest
team: '\CxServer\SP\Checkmarx'
checkmarx_url: ${{ secrets.CHECKMARX_URL }}
checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
# Upload the Report for CodeQL/Security Alerts
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: cx.sarif
+58
View File
@@ -0,0 +1,58 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Cloudrail
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
cloudrail:
name: Run Indeni Cloudrail on Terraform code with SARIF output
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Clone repo
uses: actions/checkout@v2
# For Terraform, Cloudrail requires the plan as input. So we generate it using
# the Terraform core binary.
- uses: hashicorp/setup-terraform@v1
with:
terraform_version: v0.13.2
- run: terraform init
- run: terraform plan -out=plan.out
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# Confirm we have the plan file
- run: stat plan.out
- name: Run Cloudrail
uses: indeni/cloudrail-run-ga@b56ed2d30913c975b36df231adc2eabf05523622
with:
tf-plan-file: plan.out # This was created in a "terraform plan" step
cloudrail-api-key: ${{ secrets.CLOUDRAIL_API_KEY }} # This requires registration to Indeni Cloudrail's SaaS at https://web.cloudrail.app
cloud-account-id: # Leave this empty for Static Analaysis, or provide an account ID for Dynamic Analysis, see instructions in Cloudrail SaaS
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
# Remember that if issues are found, Cloudrail return non-zero exit code, so the if: always()
# is needed to ensure the SARIF file is uploaded
if: always()
with:
sarif_file: cloudrail_results.sarif
+54
View File
@@ -0,0 +1,54 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow checks out code, performs a Codacy security scan
# and integrates the results with the
# GitHub Advanced Security code scanning feature. For more information on
# the Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli-action.
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-analysis-cli.
name: Codacy Security Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
codacy-security-scan:
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v2
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
with:
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
# You can also omit the token and run the tools that support default configurations
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
# Adjust severity of non-security issues
gh-code-scanning-compat: true
# Force 0 exit code to allow SARIF file generation
# This will handover control about PR rejection to the GitHub side
max-allowed-issues: 2147483647
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
+1 -2
View File
@@ -34,8 +34,7 @@ jobs:
matrix:
language: [ $detected-codeql-languages ]
# CodeQL supports [ $supported-codeql-languages ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
# Learn more about CodeQL language support at https://git.io/codeql-language-support
steps:
- name: Checkout repository
+42
View File
@@ -0,0 +1,42 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow requires that you have an existing account with codescan.io
# For more information about configuring your workflow,
# read our documentation at https://github.com/codescan-io/codescan-scanner-action
name: CodeScan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
CodeScan:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Cache files
uses: actions/cache@v2
with:
path: |
~/.sonar
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Run Analysis
uses: codescan-io/codescan-scanner-action@5b2e8c5683ef6a5adc8fa3b7950bb07debccce12
with:
login: ${{ secrets.CODESCAN_AUTH_TOKEN }}
organization: ${{ secrets.CODESCAN_ORGANIZATION_KEY }}
projectKey: ${{ secrets.CODESCAN_PROJECT_KEY }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: codescan.sarif
+53
View File
@@ -0,0 +1,53 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow locates REST API file contracts
# (Swagger or OpenAPI format, v2 and v3, JSON and YAML)
# and runs 200+ security checks on them using 42Crunch Security Audit technology.
#
# Documentation is located here: https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
#
# To use this workflow, you will need to complete the following setup steps.
#
# 1. Create a free 42Crunch account at https://platform.42crunch.com/register
#
# 2. Follow steps at https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
# to create an API Token on the 42Crunch platform
#
# 3. Add a secret in GitHub as explained in https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm,
# store the 42Crunch API Token in that secret, and supply the secret's name as api-token parameter in this workflow
#
# If you have any questions or need help contact https://support.42crunch.com
name: "42Crunch REST API Static Security Testing"
# follow standard Code Scanning triggers
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
rest-api-static-security-testing:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: 42Crunch REST API Static Security Testing
uses: 42Crunch/api-security-audit-action@96228d9c48873fe001354047d47fb62be42abeb1
with:
# Please create free account at https://platform.42crunch.com/register
# Follow these steps to configure API_TOKEN https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm
api-token: ${{ secrets.API_TOKEN }}
# Fail if any OpenAPI file scores lower than 75
min-score: 75
# Upload results to Github code scanning
upload-to-code-scanning: true
# Github token for uploading the results
github-token: ${{ github.token }}
+97
View File
@@ -0,0 +1,97 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
################################################################################################################################################
# Fortify lets you build secure software fast with an appsec platform that automates testing throughout the DevSecOps pipeline. Fortify static,#
# dynamic, interactive, and runtime security testing is available on premises or as a service. To learn more about Fortify, start a free trial #
# or contact our sales team, visit microfocus.com/appsecurity. #
# #
# Use this workflow template as a basis for integrating Fortify on Demand Static Application Security Testing(SAST) into your GitHub workflows.#
# This template demonstrates the steps to prepare the code+dependencies, initiate a scan, download results once complete and import into #
# GitHub Security Code Scanning Alerts. Existing customers should review inputs and environment variables below to configure scanning against #
# an existing application in your Fortify on Demand tenant. Additional information is available in the comments throughout the workflow, the #
# documentation for the Fortify actions used, and the Fortify on Demand / ScanCentral Client product documentation. If you need additional #
# assistance with configuration, feel free to create a help ticket in the Fortify on Demand portal. #
################################################################################################################################################
name: Fortify on Demand Scan
# TODO: Customize trigger events based on your DevSecOps processes and typical FoD SAST scan time
on:
workflow_dispatch:
push:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
FoD-SAST-Scan:
# Use the appropriate runner for building your source code.
# TODO: Use a Windows runner for .NET projects that use msbuild. Additional changes to RUN commands will be required to switch to Windows syntax.
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
# Check out source code
- name: Check Out Source Code
uses: actions/checkout@v2
# Java is required to run the various Fortify utilities.
# When scanning a Java application, please use the appropriate Java version for building your application.
- name: Setup Java
uses: actions/setup-java@v1
with:
java-version: 1.8
# Prepare source+dependencies for upload. The default example is for a Maven project that uses pom.xml.
# TODO: Update PACKAGE_OPTS based on the ScanCentral Client documentation for your project's included tech stack(s). Helpful hints:
# ScanCentral Client will download dependencies for maven (-bt mvn) and gradle (-bt gradle).
# ScanCentral Client can download dependencies for msbuild projects (-bt msbuild); however, you must convert the workflow to use a Windows runner.
# ScanCentral has additional options that should be set for PHP and Python projects
# For other build tools, add your build commands to download necessary dependencies and prepare according to Fortify on Demand Packaging documentation.
# ScanCentral Client documentation is located at https://www.microfocus.com/documentation/fortify-software-security-center/
- name: Download Fortify ScanCentral Client
uses: fortify/gha-setup-scancentral-client@5b7382f8234fb9840958c49d5f32ae854115f9f3
- name: Package Code + Dependencies
run: scancentral package $PACKAGE_OPTS -o package.zip
env:
PACKAGE_OPTS: "-bt mvn"
# Start Fortify on Demand SAST scan and wait until results complete. For more information on FoDUploader commands, see https://github.com/fod-dev/fod-uploader-java
# TODO: Update ENV variables for your application and create the necessary GitHub Secrets. Helpful hints:
# Credentials and release ID should be obtained from your FoD tenant (either Personal Access Token or API Key can be used).
# Automated Audit preference should be configured for the release's Static Scan Settings in the Fortify on Demand portal.
- name: Download Fortify on Demand Universal CI Tool
uses: fortify/gha-setup-fod-uploader@6e6bb8a33cb476e240929fa8ebc739ff110e7433
- name: Perform SAST Scan
run: java -jar $FOD_UPLOAD_JAR -z package.zip -aurl $FOD_API_URL -purl $FOD_URL -rid "$FOD_RELEASE_ID" -tc "$FOD_TENANT" -uc "$FOD_USER" "$FOD_PAT" $FOD_UPLOADER_OPTS -n "$FOD_UPLOADER_NOTES"
env:
FOD_URL: "https://ams.fortify.com/"
FOD_API_URL: "https://api.ams.fortify.com/"
FOD_TENANT: ${{ secrets.FOD_TENANT }}
FOD_USER: ${{ secrets.FOD_USER }}
FOD_PAT: ${{ secrets.FOD_PAT }}
FOD_RELEASE_ID: ${{ secrets.FOD_RELEASE_ID }}
FOD_UPLOADER_OPTS: "-ep 2 -pp 0 -I 1 -apf"
FOD_UPLOADER_NOTES: 'Triggered by GitHub Actions (${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})'
# Once scan completes, pull SAST issues from Fortify on Demand and generate SARIF output.
- name: Export results to GitHub-optimized SARIF
uses: fortify/gha-export-vulnerabilities@fcb374411cff9809028c911dabb8b57dbdae623b
with:
fod_base_url: "https://ams.fortify.com/"
fod_tenant: ${{ secrets.FOD_TENANT }}
fod_user: ${{ secrets.FOD_USER }}
fod_password: ${{ secrets.FOD_PAT }}
fod_release_id: ${{ secrets.FOD_RELEASE_ID }}
# Import Fortify on Demand results to GitHub Security Code Scanning
- name: Import Results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ./gh-fortify-sast.sarif
+1 -1
View File
@@ -10,7 +10,7 @@
# To use this workflow, you will need to:
#
# 1. Create a Mayhem for API account at
# https://mayhem4api.forallsecure.com/signup (30-day free trial)
# https://mayhem4api.forallsecure.com/signup
#
# 2. Create a service account token `mapi organization service-account create
# <org-name> <service-account-name>`
+36
View File
@@ -0,0 +1,36 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: MobSF
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
mobile-security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup python
uses: actions/setup-python@v2
with:
python-version: 3.8
- name: Run mobsfscan
uses: MobSF/mobsfscan@a60d10a83af68e23e0b30611c6515da604f06f65
with:
args: . --sarif --output results.sarif || true
- name: Upload mobsfscan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
+59
View File
@@ -0,0 +1,59 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# Find more information at:
# https://github.com/microsoft/msvc-code-analysis-action
name: Microsoft C++ Code Analysis
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
env:
# Path to the CMake build directory.
build: '${{ github.workspace }}/build'
jobs:
analyze:
name: Analyze
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Configure CMake
run: cmake -B ${{ env.build }}
# Build is not required unless generated source files are used
# - name: Build CMake
# run: cmake --build ${{ env.build }}
- name: Initialize MSVC Code Analysis
uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
# Provide a unique ID to access the sarif output path
id: run-analysis
with:
cmakeBuildDirectory: ${{ env.build }}
# Ruleset file that will determine what checks will be run
ruleset: NativeRecommendedRules.ruleset
# Upload SARIF file to GitHub Code Scanning Alerts
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.run-analysis.outputs.sarif }}
# Upload SARIF file as an Artifact to download and view
# - name: Upload SARIF as an Artifact
# uses: actions/upload-artifact@v2
# with:
# name: sarif-file
# path: ${{ steps.run-analysis.outputs.sarif }}
+35
View File
@@ -0,0 +1,35 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow integrates njsscan with GitHub's Code Scanning feature
# nodejsscan is a static security code scanner that finds insecure code patterns in your Node.js applications
name: njsscan sarif
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
njsscan:
runs-on: ubuntu-latest
name: njsscan code scanning
steps:
- name: Checkout the code
uses: actions/checkout@v2
- name: nodejsscan scan
id: njsscan
uses: ajinabraham/njsscan-action@7237412fdd36af517e2745077cedbf9d6900d711
with:
args: '. --sarif --output results.sarif || true'
- name: Upload njsscan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
+52
View File
@@ -0,0 +1,52 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# NowSecure: The Mobile Security Experts <https://www.nowsecure.com/>.
#
# To use this workflow, you must be an existing NowSecure customer with GitHub Advanced Security (GHAS) enabled for your
# repository.
#
# If you *are not* an existing customer, click here to contact us for licensing and pricing details:
# <https://info.nowsecure.com/github-request>.
#
# Instructions:
#
# 1. In the settings for your repository, click "Secrets" then "New repository secret". Name the secret "NS_TOKEN" and
# paste in your Platform token. If you do not have a Platform token, or wish to create a new one for GitHub, visit
# NowSecure Platform and go to "Profile & Preferences" then create a token labelled "GitHub".
#
# 2. Follow the annotated workflow below and make any necessary modifications then save the workflow to your repository
# and review the "Security" tab once the action has run.
name: "NowSecure"
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
jobs:
nowsecure:
name: NowSecure
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build your application
run: ./gradlew assembleDebug # Update this to build your Android or iOS application
- name: Run NowSecure
uses: nowsecure/nowsecure-action@3b439db31b6dce857b09f5222fd13ffc3159ad26
with:
token: ${{ secrets.NS_TOKEN }}
app_file: app-debug.apk # Update this to a path to your .ipa or .apk
group_id: {{ groupId }} # Update this to your desired Platform group ID
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: NowSecure.sarif
+49
View File
@@ -0,0 +1,49 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow integrates a collection of open source static analysis tools
# with GitHub code scanning. For documentation, or to provide feedback, visit
# https://github.com/github/ossar-action
name: OSSAR
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
OSSAR-Scan:
# OSSAR runs on windows-latest.
# ubuntu-latest and macos-latest support coming soon
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Ensure a compatible version of dotnet is installed.
# The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
# A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
# GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
# For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
# - name: Install .NET
# uses: actions/setup-dotnet@v1
# with:
# dotnet-version: '3.1.x'
# Run open source static analysis tools
- name: Run OSSAR
uses: github/ossar-action@v1
id: ossar
# Upload results to the Security tab
- name: Upload OSSAR results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}
+54
View File
@@ -0,0 +1,54 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# A sample workflow that checks for security issues using
# the Prisma Cloud Infrastructure as Code Scan Action on
# the IaC files present in the repository.
# The results are uploaded to GitHub Security Code Scanning
#
# For more details on the Action configuration see https://github.com/prisma-cloud-shiftleft/iac-scan-action
name: Prisma Cloud IaC Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
prisma_cloud_iac_scan:
runs-on: ubuntu-latest
name: Run Prisma Cloud IaC Scan to check
steps:
- name: Checkout
uses: actions/checkout@v2
- id: iac-scan
name: Run Scan on CFT files in the repository
uses: prisma-cloud-shiftleft/iac-scan-action@53278c231c438216d99b463308a3cbed351ba0c3
with:
# You will need Prisma Cloud API Access Token
# More details in https://github.com/prisma-cloud-shiftleft/iac-scan-action
prisma_api_url: ${{ secrets.PRISMA_CLOUD_API_URL }}
access_key: ${{ secrets.PRISMA_CLOUD_ACCESS_KEY }}
secret_key: ${{ secrets.PRISMA_CLOUD_SECRET_KEY }}
# Scan sources on Prisma Cloud are uniquely identified by their name
asset_name: 'my-asset-name'
# The service need to know the type of IaC being scanned
template_type: 'CFT'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
# Results are generated only on a success or failure
# this is required since GitHub by default won't run the next step
# when the previous one has failed.
# And alternative it to add `continue-on-error: true` to the previous step
if: success() || failure()
with:
# The SARIF Log file name is configurable on scan action
# therefore the file name is best read from the steps output
sarif_file: ${{ steps.iac-scan.outputs.iac_scan_result_sarif_path }}
@@ -0,0 +1,7 @@
{
"name": "Anchore Container Scan",
"creator": "Indeni Cloudrail",
"description": "Produce container image vulnerability and compliance reports based on the open-source Anchore container image scanner.",
"iconName": "anchore",
"categories": ["Code Scanning", "dockerfile"]
}
@@ -0,0 +1,7 @@
{
"name": "Brakeman",
"creator": "Brakeman",
"description": "Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications.",
"iconName": "brakeman",
"categories": ["Code Scanning", "ruby"]
}
@@ -0,0 +1,7 @@
{
"name": "CxSAST",
"creator": "Checkmarx",
"description": "Scan your code with Checkmarx CxSAST and see your results in the GitHub security tab.",
"iconName": "checkmarx",
"categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "json", "kotlin", "apex", "scala", "perl"]
}
@@ -0,0 +1,7 @@
{
"name": "cloudrail",
"creator": "Indeni Cloudrail",
"description": "Cloudrail can be used to scan your infrastructure-as-code files for potential security and compliance issues. The Cloudrail action is often used as part of both CI workflows (on pull_request) and on CD workflows to identify potential issues.",
"iconName": "cloudrail",
"categories": ["Code Scanning", "HCL"]
}
@@ -0,0 +1,7 @@
{
"name": "Codacy Security Scan",
"creator": "Codacy",
"description": "Free, out-of-the-box, security analysis provided by multiple open source static analysis tools.",
"iconName": "codacy",
"categories": ["Code Scanning", "apex", "bash", "c", "coffeescript", "c++", "c#", "crystal", "dockerfile", "elixir", "go", "groovy", "java", "javascript", "jsp", "kotlin", "markdown", "php", "plsql", "powershell", "python", "ruby", "scala", "swift", "tsql", "typescript", "velocity", "vba", "xml"]
}
@@ -1,7 +1,7 @@
{
"name": "CodeQL Analysis",
"creator": "GitHub",
"description": "Security analysis from GitHub for C, C++, C#, Java, JavaScript, TypeScript, Python, and Go developers.",
"description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.",
"iconName": "octicon mark-github",
"categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python"]
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"]
}
@@ -0,0 +1,7 @@
{
"name": "CodeScan",
"creator": "CodeScan Enterprises, LLC",
"description": "CodeScan allows for better visibility on your code quality checks based on your custom rulesets.",
"iconName": "codescan",
"categories": ["Code Scanning", "javascript", "apex"]
}
@@ -0,0 +1,7 @@
{
"name": "42Crunch API Security Audit",
"creator": "42Crunch",
"description": "Use the 42Crunch API Security Audit REST API to perform static application security testing (SAST) on OpenAPI/Swagger files.",
"iconName": "42crunch",
"categories": ["Code Scanning"]
}
@@ -0,0 +1,7 @@
{
"name": "Fortify on Demand Scan",
"creator": "Micro Focus",
"description": "Integrate Fortify's comprehensive static code analysis (SAST) for 27+ languages into your DevSecOps workflows to build secure software faster.",
"iconName": "fortify",
"categories": ["Code Scanning", "ABAP", "ActionScript", "Apex", "C#", "C", "C++", "COBOL", "ColdFusion", "Dockerfile", "Go", "HTML", "Java", "JavaScript", "JSON", "Java Server Pages", "Kotlin", "MXML", "Objective-C", "Objective-C++", "PHP", "PLSQL", "Python", "Ruby", "Scala", "Swift", "TSQL", "TypeScript", "VBScript", "Visual Basic .NET", "Visual Basic", "XML"]
}
@@ -0,0 +1,13 @@
{
"name": "mobsf",
"creator": "mobsf",
"description": "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.",
"iconName": "mobsf",
"categories": [
"Code Scanning",
"Java",
"Swift",
"Objective-C",
"Kotlin"
]
}
@@ -0,0 +1,7 @@
{
"name": "Microsoft C++ Code Analysis",
"creator": "Microsoft",
"description": "Code Analysis with the Microsoft C & C++ Compiler for CMake based projects.",
"iconName": "microsoft",
"categories": ["Code Scanning", "C", "C++"]
}
@@ -0,0 +1,7 @@
{
"name": "njsscan",
"creator": "NodeJSScan",
"description": "nodejsscan is a static security code scanner that finds insecure code patterns in your Node.js applications.",
"iconName": "njsscan",
"categories": ["Code Scanning", "JavaScript", "TypeScript"]
}
@@ -0,0 +1,21 @@
{
"name": "NowSecure",
"creator": "NowSecure",
"description": "The NowSecure Action delivers fast, accurate, automated security analysis of iOS and Android apps coded in any language",
"iconName": "nowsecure",
"categories": [
"Code Scanning",
"Java",
"Kotlin",
"Scala",
"Swift",
"Objective C",
"C",
"C++",
"C#",
"Rust",
"JavaScript",
"TypeScript",
"Node"
]
}
@@ -0,0 +1,7 @@
{
"name": "OSSAR",
"creator": "GitHub",
"description": "Run multiple open source security static analysis tools without the added complexity with OSSAR (Open Source Static Analysis Runner).",
"iconName": "octicon mark-github",
"categories": ["Code Scanning", "python", "javascript"]
}

Some files were not shown because too many files have changed in this diff Show More