Compare commits
180 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| e526628119 | |||
| 300f303442 | |||
| 8573ed9cf5 | |||
| 48d70bb057 | |||
| 5a06c8f464 | |||
| 0c9bd866a7 | |||
| e53dd812a5 | |||
| dc87bafe6f | |||
| af74f124fb | |||
| 6706b36121 | |||
| aa4aa29543 | |||
| 4333c79965 | |||
| 14ce90e99f | |||
| 7fb1c31151 | |||
| 4579cb5c54 | |||
| e9cc9b14bc | |||
| d580918e06 | |||
| 2e489c2619 | |||
| 53217fe594 | |||
| 64ccdd2a47 | |||
| c84eced9e9 | |||
| 8ec9e75aba | |||
| 251b7bbc24 | |||
| de41169eb0 | |||
| 98bd06c9ad | |||
| 7ea0d435cf | |||
| d71bfc344e | |||
| 5cdc69b0e1 | |||
| 9ef177a834 | |||
| 776a960496 | |||
| 890150c289 | |||
| 0e684da195 | |||
| 34d35389d1 | |||
| 8430b6f878 | |||
| c005c55b8b | |||
| 2e8fec55f6 | |||
| e833ff06e4 | |||
| 1220bda7e4 | |||
| 4f0f3e716d | |||
| 80404f48bc | |||
| c0b5490590 | |||
| 7a56117f98 | |||
| 3b8f20ff6f | |||
| 63e7f499e9 | |||
| 41e7dd427d | |||
| ffa80e095e | |||
| a96d2407b5 | |||
| ba97234b60 | |||
| f2778053bd | |||
| 0a84296a2a | |||
| 5635bf05bc | |||
| 11778e9eb0 | |||
| f31e3a9c9d | |||
| 94100d1d4a | |||
| b224dd8449 | |||
| 588f02dade | |||
| e873c3ca45 | |||
| 1b10c28ff4 | |||
| aa643dfa0c | |||
| f78e23c19d | |||
| b0f310cefc | |||
| 00e08539ca | |||
| 51e7c8e1e6 | |||
| d0dba5262b | |||
| b73f59a3e8 | |||
| 40772919fb | |||
| 7c57e8a703 | |||
| 07be376c3a | |||
| 48edda6aca | |||
| f38127b062 | |||
| 9e49744dc2 | |||
| a894da71d1 | |||
| a00db4437c | |||
| 0e50194de8 | |||
| 794e910e12 | |||
| f9d17c0062 | |||
| 97020d0adc | |||
| 0b45ddae0d | |||
| 5104ac4274 | |||
| 615c63babc | |||
| 619bd129a7 | |||
| 7eb13f680a | |||
| 73a17a51b5 | |||
| 00db25fc1e | |||
| 5bd8eb4344 | |||
| 9c27271e2f | |||
| 17c64f97fe | |||
| c059d06679 | |||
| 432e3e3e74 | |||
| 75ecfa0bae | |||
| 1c56988c5d | |||
| 60d206d090 | |||
| d67515a20c | |||
| 4e6641ed74 | |||
| f46fcd0e80 | |||
| 649bca8dab | |||
| f7b1f1515d | |||
| 2863ef2206 | |||
| 9920cac8e9 | |||
| a48ef3a643 | |||
| 435b265ae0 | |||
| 3fd42f21fc | |||
| d2bba6f2d9 | |||
| ce771c75d8 | |||
| 4238ac653e | |||
| 7ebee84fa6 | |||
| a8de83bc48 | |||
| e99eb117c5 | |||
| 3f39a5a76b | |||
| b629998430 | |||
| fa053f9bf1 | |||
| 1a37cd5345 | |||
| 3258466b26 | |||
| a85155b04a | |||
| e1db44513b | |||
| b4ee598043 | |||
| cb87b05b73 | |||
| 1a67e08a9e | |||
| 278aa7a82e | |||
| 8fd6550c33 | |||
| b9fd04a8cf | |||
| 2d4fbbba8f | |||
| 12aae3647b | |||
| a96cff48f1 | |||
| c4dadecc05 | |||
| 6439d558f4 | |||
| 499e38bc3e | |||
| 28856d6071 | |||
| 42dcf88eb9 | |||
| 2b3dac02b4 | |||
| 11147495c0 | |||
| 757758750a | |||
| 214aeaaafe | |||
| 4f8abda415 | |||
| b1b3ae86ee | |||
| 2f7dd74318 | |||
| 50fcc151be | |||
| d739e93e5e | |||
| 5354877aa0 | |||
| a561392dff | |||
| 69f26d5fd6 | |||
| cde6fc6c14 | |||
| 644f0a59aa | |||
| de6c8cbcf0 | |||
| abf0c13931 | |||
| c3c12f1950 | |||
| e1ca1f58be | |||
| e176cd52cd | |||
| 3893e3d7c8 | |||
| 767ba11df2 | |||
| 464fcecb39 | |||
| c0fe29b09d | |||
| 9ce2a5b56f | |||
| 87a12c3391 | |||
| c78dd727e9 | |||
| b5113430d9 | |||
| 704eb638ce | |||
| a702d187d1 | |||
| 27ebc235ee | |||
| 39293c2452 | |||
| cd0b591526 | |||
| 4abed744e3 | |||
| 7b8fcf2d84 | |||
| 2b39072b92 | |||
| 34a94290c1 | |||
| 41027f9cb5 | |||
| a7e746ef4e | |||
| 62a3686226 | |||
| ff38066101 | |||
| 1ff952c678 | |||
| 1d19515d95 | |||
| c3f7e66294 | |||
| d6e33d5f35 | |||
| a3270e70de | |||
| 0f29a0acbb | |||
| 4e20b52618 | |||
| 4fad808870 | |||
| e59c11c494 | |||
| 21775ad05b | |||
| cbd5b645f1 |
@@ -26,6 +26,7 @@ It is not:
|
||||
- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
|
||||
- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
|
||||
- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
|
||||
- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
|
||||
|
||||
**For _CI_ workflows, the workflow:**
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
cache: gradle
|
||||
|
||||
- name: Grant execute permission for gradlew
|
||||
|
||||
@@ -20,6 +20,6 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
- name: Build with Ant
|
||||
run: ant -noinput -buildfile build.xml
|
||||
|
||||
@@ -12,9 +12,8 @@ env:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
# The CMake configure and build commands are platform agnostic and should work equally
|
||||
# well on Windows or Mac. You can convert this to a matrix build if you need
|
||||
# cross-platform coverage.
|
||||
# The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
|
||||
# You can convert this to a matrix build if you need cross-platform coverage.
|
||||
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
|
||||
@@ -24,7 +24,7 @@ jobs:
|
||||
|
||||
- name: Setup Deno
|
||||
# uses: denoland/setup-deno@v1
|
||||
uses: denoland/setup-deno@004814556e37c54a2f6e31384c9e18e9833173669
|
||||
uses: denoland/setup-deno@004814556e37c54a2f6e31384c9e18e983317366
|
||||
with:
|
||||
deno-version: v1.x
|
||||
|
||||
|
||||
@@ -29,11 +29,27 @@ jobs:
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
# This is used to complete the identity challenge
|
||||
# with sigstore/fulcio when running outside of PRs.
|
||||
id-token: write
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Install the cosign tool except on PR
|
||||
# https://github.com/sigstore/cosign-installer
|
||||
- name: Install cosign
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
|
||||
with:
|
||||
cosign-release: 'v1.4.0'
|
||||
|
||||
|
||||
# Workaround: https://github.com/docker/build-push-action/issues/461
|
||||
- name: Setup Docker buildx
|
||||
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
|
||||
|
||||
# Login against a Docker registry except on PR
|
||||
# https://github.com/docker/login-action
|
||||
- name: Log into registry ${{ env.REGISTRY }}
|
||||
@@ -55,9 +71,23 @@ jobs:
|
||||
# Build and push Docker image with Buildx (don't push on PR)
|
||||
# https://github.com/docker/build-push-action
|
||||
- name: Build and push Docker image
|
||||
id: build-and-push
|
||||
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
|
||||
with:
|
||||
context: .
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
|
||||
# Sign the resulting Docker image digest except on PRs.
|
||||
# This will only write to the public Rekor transparency log when the Docker
|
||||
# repository is public to avoid leaking data. If you would like to publish
|
||||
# transparency data even for private images, pass --force to cosign below.
|
||||
# https://github.com/sigstore/cosign
|
||||
- name: Sign the published Docker image
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
env:
|
||||
COSIGN_EXPERIMENTAL: "true"
|
||||
# This step uses the identity token to provision an ephemeral certificate
|
||||
# against the sigstore community Fulcio instance.
|
||||
run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
|
||||
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
|
||||
|
||||
@@ -21,17 +25,21 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
|
||||
settings-path: ${{ github.workspace }} # location for the settings.xml file
|
||||
|
||||
- name: Build with Gradle
|
||||
run: gradle build
|
||||
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
|
||||
with:
|
||||
arguments: build
|
||||
|
||||
# The USERNAME and TOKEN need to correspond to the credentials environment variables used in
|
||||
# the publishing section of your build.gradle
|
||||
- name: Publish to GitHub Packages
|
||||
run: gradle publish
|
||||
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
|
||||
with:
|
||||
arguments: publish
|
||||
env:
|
||||
USERNAME: ${{ github.actor }}
|
||||
TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
|
||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
|
||||
|
||||
@@ -20,9 +24,8 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
cache: gradle
|
||||
- name: Grant execute permission for gradlew
|
||||
run: chmod +x gradlew
|
||||
distribution: 'temurin'
|
||||
- name: Build with Gradle
|
||||
run: ./gradlew build
|
||||
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
|
||||
with:
|
||||
arguments: build
|
||||
|
||||
@@ -21,7 +21,7 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
|
||||
settings-path: ${{ github.workspace }} # location for the settings.xml file
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
cache: maven
|
||||
- name: Build with Maven
|
||||
run: mvn -B package --file pom.xml
|
||||
|
||||
@@ -1,6 +1,10 @@
|
||||
name: MSBuild
|
||||
|
||||
on: [push]
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
env:
|
||||
# Path to the solution file relative to the root of the project.
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
|
||||
# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
|
||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
|
||||
|
||||
name: Node.js CI
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
|
||||
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
|
||||
|
||||
name: Node.js Package
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [created]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: 16
|
||||
- run: npm ci
|
||||
- run: npm test
|
||||
|
||||
publish-gpr:
|
||||
needs: build
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: 16
|
||||
registry-url: $registry-url(npm)
|
||||
- run: npm ci
|
||||
- run: npm publish
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||
@@ -14,7 +14,7 @@ jobs:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: 14
|
||||
node-version: 16
|
||||
- run: npm ci
|
||||
- run: npm test
|
||||
|
||||
@@ -25,26 +25,9 @@ jobs:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: 14
|
||||
node-version: 16
|
||||
registry-url: https://registry.npmjs.org/
|
||||
- run: npm ci
|
||||
- run: npm publish
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
|
||||
|
||||
publish-gpr:
|
||||
needs: build
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: 14
|
||||
registry-url: $registry-url(npm)
|
||||
- run: npm ci
|
||||
- run: npm publish
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Publish Node.js Package to GitHub Packages",
|
||||
"description": "Publishes a Node.js package to GitHub Packages.",
|
||||
"iconName": "node-package-transparent",
|
||||
"categories": ["Continuous integration", "JavaScript", "npm"]
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "Publish Node.js Package",
|
||||
"description": "Publishes a Node.js package to npm and GitHub Packages.",
|
||||
"description": "Publishes a Node.js package to npm.",
|
||||
"iconName": "node-package-transparent",
|
||||
"categories": ["Continuous integration", "JavaScript", "npm"]
|
||||
}
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
{
|
||||
"name": "Rails - Install Dependencies and Run Linters",
|
||||
"description": "Install dependencies and run linters on Rails application",
|
||||
"iconName": "ruby",
|
||||
"categories": ["Continuous integration", "Ruby", "Rails"]
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"name": "Ruby on Rails continuous integration",
|
||||
"description": "Build, lint, and test a Rails application",
|
||||
"iconName": "rails",
|
||||
"categories": ["Continuous integration", "Ruby", "Rails"]
|
||||
}
|
||||
@@ -20,4 +20,4 @@ jobs:
|
||||
pip install pylint
|
||||
- name: Analysing the code with pylint
|
||||
run: |
|
||||
pylint `ls -R|grep .py$|xargs`
|
||||
pylint $(git ls-files '*.py')
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
# This workflow will download a prebuilt Ruby version, install dependencies, and run linters
|
||||
name: Rails - Install dependencies and run linters
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
jobs:
|
||||
run-lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Setup Ruby and install gems
|
||||
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
|
||||
with:
|
||||
bundler-cache: true
|
||||
# Add or Replace any other security checks here
|
||||
- name: Run security checks
|
||||
run: |
|
||||
bin/bundler-audit --update
|
||||
bin/brakeman -q -w2
|
||||
# Add or Replace any other Linters here
|
||||
- name: Run linters
|
||||
run: |
|
||||
bin/rubocop --parallel
|
||||
@@ -0,0 +1,58 @@
|
||||
# This workflow uses actions that are not certified by GitHub. They are
|
||||
# provided by a third-party and are governed by separate terms of service,
|
||||
# privacy policy, and support documentation.
|
||||
#
|
||||
# This workflow will install a prebuilt Ruby version, install dependencies, and
|
||||
# run tests and linters.
|
||||
name: "Ruby on Rails CI"
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-latest
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:11-alpine
|
||||
ports:
|
||||
- "5432:5432"
|
||||
env:
|
||||
POSTGRES_DB: rails_test
|
||||
POSTGRES_USER: rails
|
||||
POSTGRES_PASSWORD: password
|
||||
env:
|
||||
RAILS_ENV: test
|
||||
DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
# Add or replace dependency steps here
|
||||
- name: Install Ruby and gems
|
||||
uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92
|
||||
with:
|
||||
bundler-cache: true
|
||||
# Add or replace database setup steps here
|
||||
- name: Set up database schema
|
||||
run: bin/rails db:schema:load
|
||||
# Add or replace test runners here
|
||||
- name: Run tests
|
||||
run: bin/rake
|
||||
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Ruby and gems
|
||||
uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92
|
||||
with:
|
||||
bundler-cache: true
|
||||
# Add or replace any other lints here
|
||||
- name: Security audit dependencies
|
||||
run: bin/bundler-audit --update
|
||||
- name: Security audit application code
|
||||
run: bin/brakeman -q -w2
|
||||
- name: Lint Ruby files
|
||||
run: bin/rubocop --parallel
|
||||
@@ -17,6 +17,6 @@ jobs:
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'adopt'
|
||||
distribution: 'temurin'
|
||||
- name: Run tests
|
||||
run: sbt test
|
||||
|
||||
@@ -20,8 +20,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
Anchore-Build-Scan:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout the code
|
||||
@@ -36,4 +42,4 @@ jobs:
|
||||
- name: Upload Anchore Scan Report
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
sarif_file: results.sarif
|
||||
|
||||
@@ -0,0 +1,64 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# APIsec addresses the critical need to secure APIs before they reach production.
|
||||
# APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.
|
||||
# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
|
||||
|
||||
# How to Get Started with APIsec.ai
|
||||
# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
|
||||
#
|
||||
# 2. Register your account at https://cloud.fxlabs.io/#/signup .
|
||||
#
|
||||
# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
|
||||
#
|
||||
# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
|
||||
#
|
||||
# apisec-run-scan
|
||||
#
|
||||
# This action triggers the on-demand scans for projects registered in APIsec.
|
||||
# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings.
|
||||
# Else you can view the scan results from the project home page in APIsec Platform.
|
||||
# The link to view the scan results is also displayed on the console on successful completion of action.
|
||||
|
||||
# This is a starter workflow to help you get started with APIsec-Scan Actions
|
||||
|
||||
name: APIsec
|
||||
|
||||
# Controls when the workflow will run
|
||||
on:
|
||||
# Triggers the workflow on push or pull request events but only for the $default-branch branch
|
||||
# Customize trigger events based on your DevSecOps processes.
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
# Allows you to run this workflow manually from the Actions tab
|
||||
workflow_dispatch:
|
||||
|
||||
|
||||
jobs:
|
||||
Trigger APIsec scan:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: APIsec scan
|
||||
uses: apisec-inc/apisec-run-scan@f62d0c6fae8a80f97b091a323befdb56e6ad9993
|
||||
with:
|
||||
# The APIsec username with which the scans will be executed
|
||||
apisec-username: ${{ secrets.apisec_username }}
|
||||
# The Password of the APIsec user with which the scans will be executed
|
||||
apisec-password: ${{ secrets.apisec_password}}
|
||||
# The name of the project for security scan
|
||||
apisec-project: "VAmPI"
|
||||
# The name of the sarif format result file The file is written only if this property is provided.
|
||||
sarif-result-file: "apisec-results.sarif"
|
||||
- name: Import results
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: ./apisec-results.sarif
|
||||
@@ -17,10 +17,18 @@ on:
|
||||
- cron: $cron-weekly
|
||||
|
||||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
# This workflow contains a single job called "build"
|
||||
build:
|
||||
# The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
issues: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to github issues
|
||||
pull-requests: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to PR
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
|
||||
@@ -29,14 +37,16 @@ jobs:
|
||||
- uses: actions/checkout@v2
|
||||
# Runs the Checkmarx Scan leveraging the latest version of CxFlow - REFER to Action README for list of inputs
|
||||
- name: Checkmarx CxFlow Action
|
||||
uses: checkmarx-ts/checkmarx-cxflow-github-action@04e6403dbbfee0fd3fb076e5791202c31c54fe6b
|
||||
uses: checkmarx-ts/checkmarx-cxflow-github-action@9975af7d6b957abec9ee9646effa3fb3b82c5314
|
||||
with:
|
||||
project: GithubActionTest
|
||||
team: '\CxServer\SP\Checkmarx'
|
||||
project: ${{ secrets.CHECKMARX_PROJECT }}
|
||||
team: ${{ secrets.CHECKMARX_TEAMS }}
|
||||
checkmarx_url: ${{ secrets.CHECKMARX_URL }}
|
||||
checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
|
||||
checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
|
||||
checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
|
||||
scanners: sast
|
||||
params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory
|
||||
# Upload the Report for CodeQL/Security Alerts
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
|
||||
@@ -22,8 +22,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
codacy-security-scan:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
name: Codacy Security Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
@@ -33,8 +33,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
rest-api-static-security-testing:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for 42Crunch/api-security-audit-action to upload results to Github Code Scanning
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
@@ -0,0 +1,118 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow performs a static analysis of your Kotlin source code using
|
||||
# Detekt.
|
||||
#
|
||||
# Scans are triggered:
|
||||
# 1. On every push to default and protected branches
|
||||
# 2. On every Pull Request targeting the default branch
|
||||
# 3. On a weekly schedule
|
||||
# 4. Manually, on demand, via the "workflow_dispatch" event
|
||||
#
|
||||
# The workflow should work with no modifications, but you might like to use a
|
||||
# later version of the Detekt CLI by modifing the $DETEKT_RELEASE_TAG
|
||||
# environment variable.
|
||||
name: Scan with Detekt
|
||||
|
||||
on:
|
||||
# Triggers the workflow on push or pull request events but only for default and protected branches
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
# Allows you to run this workflow manually from the Actions tab
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
# Release tag associated with version of Detekt to be installed
|
||||
# SARIF support (required for this workflow) was introduced in Detekt v1.15.0
|
||||
DETEKT_RELEASE_TAG: v1.15.0
|
||||
|
||||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
|
||||
jobs:
|
||||
# This workflow contains a single job called "scan"
|
||||
scan:
|
||||
name: Scan
|
||||
# The type of runner that the job will run on
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
# Steps represent a sequence of tasks that will be executed as part of the job
|
||||
steps:
|
||||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
# Gets the download URL associated with the $DETEKT_RELEASE_TAG
|
||||
- name: Get Detekt download URL
|
||||
id: detekt_info
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
gh api graphql --field tagName=$DETEKT_RELEASE_TAG --raw-field query='
|
||||
query getReleaseAssetDownloadUrl($tagName: String!) {
|
||||
repository(name: "detekt", owner: "detekt") {
|
||||
release(tagName: $tagName) {
|
||||
releaseAssets(name: "detekt", first: 1) {
|
||||
nodes {
|
||||
downloadUrl
|
||||
}
|
||||
}
|
||||
tagCommit {
|
||||
oid
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
' 1> gh_response.json
|
||||
|
||||
DETEKT_RELEASE_SHA=$(jq --raw-output '.data.repository.release.releaseAssets.tagCommit.oid' gh_response.json)
|
||||
if [ $DETEKT_RELEASE_SHA != "37f0a1d006977512f1f216506cd695039607c3e5" ]; then
|
||||
echo "Release tag doesn't match expected commit SHA"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
DETEKT_DOWNLOAD_URL=$(jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' gh_response.json)
|
||||
echo "::set-output name=download_url::$DETEKT_DOWNLOAD_URL"
|
||||
|
||||
# Sets up the detekt cli
|
||||
- name: Setup Detekt
|
||||
run: |
|
||||
dest=$( mktemp -d )
|
||||
curl --request GET \
|
||||
--url ${{ steps.detekt_info.outputs.download_url }} \
|
||||
--silent \
|
||||
--location \
|
||||
--output $dest/detekt
|
||||
chmod a+x $dest/detekt
|
||||
echo $dest >> $GITHUB_PATH
|
||||
|
||||
# Performs static analysis using Detekt
|
||||
- name: Run Detekt
|
||||
continue-on-error: true
|
||||
run: |
|
||||
detekt --input ${{ github.workspace }} --report sarif:${{ github.workspace }}/detekt.sarif.json
|
||||
|
||||
# Modifies the SARIF output produced by Detekt so that absolute URIs are relative
|
||||
# This is so we can easily map results onto their source files
|
||||
# This can be removed once relative URI support lands in Detekt: https://git.io/JLBbA
|
||||
- name: Make artifact location URIs relative
|
||||
continue-on-error: true
|
||||
run: |
|
||||
echo "$(
|
||||
jq \
|
||||
--arg github_workspace ${{ github.workspace }} \
|
||||
'. | ( .runs[].results[].locations[].physicalLocation.artifactLocation.uri |= if test($github_workspace) then .[($github_workspace | length | . + 1):] else . end )' \
|
||||
${{ github.workspace }}/detekt.sarif.json
|
||||
)" > ${{ github.workspace }}/detekt.sarif.json
|
||||
|
||||
# Uploads results to GitHub repository using the upload-sarif action
|
||||
- uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: ${{ github.workspace }}/detekt.sarif.json
|
||||
checkout_path: ${{ github.workspace }}
|
||||
@@ -17,8 +17,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
njsscan:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
runs-on: ubuntu-latest
|
||||
name: njsscan code scanning
|
||||
steps:
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
name: pmd
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
jobs:
|
||||
pmd-code-scan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up JDK 11
|
||||
uses: actions/setup-java@v2
|
||||
with:
|
||||
java-version: '11'
|
||||
distribution: 'temurin'
|
||||
- name: Run PMD
|
||||
id: pmd
|
||||
uses: pmd/pmd-github-action@967a81f8b657c87f7c3e96b62301cb1a48efef29
|
||||
with:
|
||||
rulesets: 'rulesets/java/quickstart.xml'
|
||||
sourcePath: 'src/main/java'
|
||||
analyzeModifiedFilesOnly: false
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: pmd-report.sarif
|
||||
@@ -0,0 +1,24 @@
|
||||
{
|
||||
"name": "APIsec Scan",
|
||||
"creator": "APIsec",
|
||||
"description": "APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.",
|
||||
"iconName": "apisec",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"C",
|
||||
"C#",
|
||||
"C++",
|
||||
"Go",
|
||||
"Java",
|
||||
"JavaScript",
|
||||
"Kotlin",
|
||||
"Objective C",
|
||||
"PHP",
|
||||
"Python",
|
||||
"Ruby",
|
||||
"Rust",
|
||||
"Scala",
|
||||
"Swift",
|
||||
"TypeScript"
|
||||
]
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "cloudrail",
|
||||
"creator": "Indeni Cloudrail",
|
||||
"description": "Cloudrail can be used to scan your infrastructure-as-code files for potential security and compliance issues. The Cloudrail action is often used as part of both CI workflows (on pull_request) and on CD workflows to identify potential issues.",
|
||||
"description": "Cloudrail can be used to scan your infrastructure-as-code files for potential security and compliance issues.",
|
||||
"iconName": "cloudrail",
|
||||
"categories": ["Code Scanning", "HCL"]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
{
|
||||
"name": "Detekt",
|
||||
"creator": "Detekt",
|
||||
"description": "Static code analysis for Kotlin",
|
||||
"iconName": "detekt",
|
||||
"categories": ["Code Scanning", "Kotlin"],
|
||||
"enterprise": false
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
{
|
||||
"name": "pmd",
|
||||
"creator": "pmd",
|
||||
"description": "PMD is a static source code analyzer. It supports Java, JavaScript, Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.",
|
||||
"iconName": "pmd",
|
||||
"categories": [
|
||||
"Code Scanning",
|
||||
"Java",
|
||||
"JavaScript",
|
||||
"Apex",
|
||||
"Modelica",
|
||||
"PLSQL",
|
||||
"Apache Velocity",
|
||||
"XML",
|
||||
"XSl",
|
||||
"Scala"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "OSSF Scorecards",
|
||||
"creator": "Open Source Security Foundation (OpenSSF)",
|
||||
"description": "Scorecards is a static supply-chain security analysis tool to assess the security posture of your project",
|
||||
"iconName": "scorecards",
|
||||
"categories": ["Code Scanning"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Veracode Static Analysis",
|
||||
"creator": "Veracode",
|
||||
"description": "Get fast feedback on flaws with Veracode Static Analysis and the pipeline scan. Break the build based on flaw severity and CWE category.",
|
||||
"iconName": "veracode",
|
||||
"categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "kotlin", "scala", "groovy", "tsql", "plsql", "perl", "cobol"]
|
||||
}
|
||||
@@ -0,0 +1,55 @@
|
||||
name: Scorecards supply-chain security
|
||||
on:
|
||||
# Only the default branch is supported.
|
||||
branch_protection_rule:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
push:
|
||||
branches: [ $default-branch ]
|
||||
|
||||
# Declare default permissions as read only.
|
||||
permissions: read-all
|
||||
|
||||
jobs:
|
||||
analysis:
|
||||
name: Scorecards analysis
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
# Needed to upload the results to code-scanning dashboard.
|
||||
security-events: write
|
||||
actions: read
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: "Run analysis"
|
||||
uses: ossf/scorecard-action@c8416b0b2bf627c349ca92fc8e3de51a64b005cf # v1.0.2
|
||||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
# Read-only PAT token. To create it,
|
||||
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
|
||||
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
|
||||
# Publish the results to enable scorecard badges. For more details, see
|
||||
# https://github.com/ossf/scorecard-action#publishing-results.
|
||||
# For private repositories, `publish_results` will automatically be set to `false`,
|
||||
# regardless of the value entered here.
|
||||
publish_results: true
|
||||
|
||||
# Upload the results as artifacts (optional).
|
||||
- name: "Upload artifact"
|
||||
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
retention-days: 5
|
||||
|
||||
# Upload the results to GitHub's code scanning dashboard.
|
||||
- name: "Upload to code-scanning"
|
||||
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
@@ -19,8 +19,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
semgrep:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
name: Scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
@@ -37,8 +37,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
stackhawk:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info
|
||||
name: StackHawk
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
|
||||
@@ -14,8 +14,14 @@ on:
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
permissions:
|
||||
contents: read # for actions/checkout to fetch code
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
name: Build
|
||||
runs-on: "ubuntu-18.04"
|
||||
steps:
|
||||
|
||||
@@ -0,0 +1,51 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow will initiate a Veracode Static Analysis Pipeline scan, return a results.json and convert to SARIF for upload as a code scanning alert
|
||||
|
||||
name: Veracode Static Analysis Pipeline Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ $default-branch, $protected-branches ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ $default-branch ]
|
||||
schedule:
|
||||
- cron: $cron-weekly
|
||||
|
||||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
|
||||
jobs:
|
||||
# This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter
|
||||
build-and-pipeline-scan:
|
||||
# The type of runner that the job will run on
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
repository: ''
|
||||
|
||||
- run: zip -r veracode-scan-target.zip ./
|
||||
|
||||
# download the Veracode Static Analysis Pipeline scan jar
|
||||
- run: curl --silent --show-error --fail -O https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
|
||||
- run: unzip -o pipeline-scan-LATEST.zip
|
||||
|
||||
- uses: actions/setup-java@v1
|
||||
with:
|
||||
java-version: 1.8
|
||||
- run: java -jar pipeline-scan.jar --veracode_api_id "${{secrets.VERACODE_API_ID}}" --veracode_api_key "${{secrets.VERACODE_API_KEY}}" --fail_on_severity="Very High, High" --file veracode-scan-target.zip
|
||||
continue-on-error: true
|
||||
- name: Convert pipeline scan output to SARIF format
|
||||
id: convert
|
||||
uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be
|
||||
with:
|
||||
pipeline-results-json: results.json
|
||||
- uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: veracode-results.sarif
|
||||
@@ -0,0 +1,82 @@
|
||||
# This workflow will build and push a Docker container to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-custom-container?tabs=dotnet&pivots=container-linux
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Create a GitHub Personal access token with "repo" and "read:packages" permissions.
|
||||
#
|
||||
# 4. Create three app settings on your Azure Web app:
|
||||
# DOCKER_REGISTRY_SERVER_URL: Set this to "https://ghcr.io"
|
||||
# DOCKER_REGISTRY_SERVER_USERNAME: Set this to the GitHub username or organization that owns the repository
|
||||
# DOCKER_REGISTRY_SERVER_PASSWORD: Set this to the value of your PAT token from the previous step
|
||||
#
|
||||
# 5. Change the value for the AZURE_WEBAPP_NAME.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
name: Build and deploy a container to an Azure Web App
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: Log in to GitHub container registry
|
||||
uses: docker/login-action@v1.10.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ github.token }}
|
||||
|
||||
- name: Lowercase the repo name and username
|
||||
run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
|
||||
|
||||
- name: Build and push container image to registry
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: true
|
||||
tags: ghcr.io/${{ env.REPO }}:${{ github.sha }}
|
||||
file: ./Dockerfile
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Lowercase the repo name and username
|
||||
run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
|
||||
|
||||
- name: Deploy to Azure Web App
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
images: 'ghcr.io/${{ env.REPO }}:${{ github.sha }}'
|
||||
@@ -0,0 +1,80 @@
|
||||
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
|
||||
#
|
||||
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
|
||||
# https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
|
||||
# https://github.com/Azure/aks-create-action
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set the following secrets in your repository:
|
||||
# - AZURE_CREDENTIALS (instructions for getting this https://github.com/Azure/login#configure-a-service-principal-with-a-secret)
|
||||
#
|
||||
# 2. Set the following environment variables (or replace the values below):
|
||||
# - AZURE_CONTAINER_REGISTRY (name of your container registry)
|
||||
# - PROJECT_NAME
|
||||
# - RESOURCE_GROUP (where your cluster is deployed)
|
||||
# - CLUSTER_NAME (name of your AKS cluster)
|
||||
#
|
||||
# 3. Choose the approrpiate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes helm, then set
|
||||
# any needed environment variables such as:
|
||||
# - CHART_PATH
|
||||
# - CHART_OVERRIDE_PATH
|
||||
#
|
||||
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
|
||||
# For more options with the actions used below please see the folllowing
|
||||
# https://github.com/Azure/login
|
||||
# https://github.com/Azure/aks-set-context
|
||||
# https://github.com/marketplace/actions/azure-cli-action
|
||||
# https://github.com/Azure/k8s-bake
|
||||
# https://github.com/Azure/k8s-deploy
|
||||
|
||||
on: [push]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
|
||||
- name: Azure Login
|
||||
uses: azure/login@v1
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
||||
|
||||
- name: Build image on ACR
|
||||
uses: azure/CLI@v1
|
||||
with:
|
||||
azcliversion: 2.29.1
|
||||
inlineScript: |
|
||||
az configure --defaults acr=${{ env.AZURE_CONTAINER_REGISTRY }}
|
||||
az acr build -t -t ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.PROJECT_NAME }}:${{ github.sha }}
|
||||
|
||||
- name: Gets K8s context
|
||||
uses: azure/aks-set-context@v1
|
||||
with:
|
||||
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
||||
resource-group: ${{ env.RESOURCE_GROUP }}
|
||||
cluster-name: ${{ env.CLUSTER_NAME }}
|
||||
id: login
|
||||
|
||||
- name: Configure deployment
|
||||
uses: azure/k8s-bake@v1
|
||||
with:
|
||||
renderEngine: 'helm'
|
||||
helmChart: ${{ env.CHART_PATH }}
|
||||
overrideFiles: ${{ env.CHART_OVERRIDE_PATH }}
|
||||
overrides: |
|
||||
replicas:2
|
||||
helm-version: 'latest'
|
||||
id: bake
|
||||
|
||||
- name: Deploys application
|
||||
- uses: Azure/k8s-deploy@v1
|
||||
with:
|
||||
manifests: ${{ steps.bake.outputs.manifestsBundle }}
|
||||
images: |
|
||||
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.PROJECT_NAME }}:${{ github.sha }}
|
||||
imagepullsecrets: |
|
||||
${{ env.PROJECT_NAME }}
|
||||
@@ -0,0 +1,64 @@
|
||||
# This workflow will build and push a web application to an Azure Static Web App when you change your code.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure Static Web App.
|
||||
# For instructions see https://docs.microsoft.com/azure/static-web-apps/get-started-portal?tabs=vanilla-javascript
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Set up a secret in your repository named AZURE_STATIC_WEB_APPS_API_TOKEN with the value of your Static Web Apps deployment token.
|
||||
# For instructions on obtaining the deployment token see: https://docs.microsoft.com/azure/static-web-apps/deployment-token-management
|
||||
#
|
||||
# 3. Change the values for the APP_LOCATION, API_LOCATION and APP_ARTIFACT_LOCATION, AZURE_STATIC_WEB_APPS_API_TOKEN environment variables (below).
|
||||
# For instructions on setting up the appropriate configuration values go to https://docs.microsoft.com/azure/static-web-apps/front-end-frameworks
|
||||
name: Deploy web app to Azure Static Web Apps
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
pull_request:
|
||||
types: [opened, synchronize, reopened, closed]
|
||||
branches:
|
||||
- $default-branch
|
||||
|
||||
# Environment variables available to all jobs and steps in this workflow
|
||||
env:
|
||||
APP_LOCATION: "/" # location of your client code
|
||||
API_LOCATION: "api" # location of your api source code - optional
|
||||
APP_ARTIFACT_LOCATION: "build" # location of client code build output
|
||||
AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing deployment token for your static web app
|
||||
|
||||
jobs:
|
||||
build_and_deploy_job:
|
||||
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed')
|
||||
runs-on: ubuntu-latest
|
||||
name: Build and Deploy Job
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
submodules: true
|
||||
- name: Build And Deploy
|
||||
id: builddeploy
|
||||
uses: Azure/static-web-apps-deploy@v1
|
||||
with:
|
||||
azure_static_web_apps_api_token: ${{ env.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing api token for app
|
||||
repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments)
|
||||
action: "upload"
|
||||
###### Repository/Build Configurations - These values can be configured to match you app requirements. ######
|
||||
# For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig
|
||||
app_location: ${{ env.APP_LOCATION }}
|
||||
api_location: ${{ env.API_LOCATION }}
|
||||
app_artifact_location: ${{ env.APP_ARTIFACT_LOCATION }}
|
||||
###### End of Repository/Build Configurations ######
|
||||
|
||||
close_pull_request_job:
|
||||
if: github.event_name == 'pull_request' && github.event.action == 'closed'
|
||||
runs-on: ubuntu-latest
|
||||
name: Close Pull Request Job
|
||||
steps:
|
||||
- name: Close Pull Request
|
||||
id: closepullrequest
|
||||
uses: Azure/static-web-apps-deploy@v1
|
||||
with:
|
||||
azure_static_web_apps_api_token: ${{ env.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing api token for app
|
||||
action: "close"
|
||||
@@ -0,0 +1,84 @@
|
||||
# This workflow will build and push a .NET Core app to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-dotnetcore?tabs=net60&pivots=development-environment-vscode
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and DOTNET_VERSION environment variables below.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
name: Build and deploy ASP.Net Core app to an Azure Web App
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
DOTNET_VERSION: '5' # set this to the .NET Core version to use
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up .NET Core
|
||||
uses: actions/setup-dotnet@v1
|
||||
with:
|
||||
dotnet-version: ${{ env.DOTNET_VERSION }}
|
||||
|
||||
- name: Set up dependency caching for faster builds
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/.nuget/packages
|
||||
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-nuget-
|
||||
|
||||
- name: Build with dotnet
|
||||
run: dotnet build --configuration Release
|
||||
|
||||
- name: dotnet publish
|
||||
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/myapp
|
||||
|
||||
- name: Upload artifact for deployment job
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: .net-app
|
||||
path: ${{env.DOTNET_ROOT}}/myapp
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Download artifact from build job
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: .net-app
|
||||
|
||||
- name: Deploy to Azure Web App
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
|
||||
@@ -0,0 +1,73 @@
|
||||
# This workflow will build and push a Java application to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-java?tabs=javase&pivots=platform-linux
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the JAVA_VERSION environment variable below.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
name: Build and deploy JAR app to Azure Web App
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
|
||||
JAVA_VERSION: '11' # set this to the Java version to use
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Java version
|
||||
uses: actions/setup-java@v2.3.1
|
||||
with:
|
||||
java-version: ${{ env.JAVA_VERSION }}
|
||||
cache: 'maven'
|
||||
|
||||
- name: Build with Maven
|
||||
run: mvn clean install
|
||||
|
||||
- name: Upload artifact for deployment job
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: java-app
|
||||
path: '${{ github.workspace }}/target/*.jar'
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Download artifact from build job
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: java-app
|
||||
|
||||
- name: Deploy to Azure Web App
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: '*.jar'
|
||||
@@ -0,0 +1,74 @@
|
||||
# This workflow will build and push a node.js application to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-nodejs?tabs=linux&pivots=development-environment-cli
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables below.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
NODE_VERSION: '14.x' # set this to the node version to use
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Node.js
|
||||
uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
cache: 'npm'
|
||||
|
||||
- name: npm install, build, and test
|
||||
run: |
|
||||
npm install
|
||||
npm run build --if-present
|
||||
npm run test --if-present
|
||||
|
||||
- name: Upload artifact for deployment job
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: node-app
|
||||
path: .
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Download artifact from build job
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: node-app
|
||||
|
||||
- name: 'Deploy to Azure WebApp'
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
|
||||
@@ -0,0 +1,95 @@
|
||||
# This workflow will build and push a PHP application to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-php?pivots=platform-linux
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and PHP_VERSION environment variables below.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
name: Build and deploy PHP app to Azure Web App
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
PHP_VERSION: '8.x' # set this to the PHP version to use
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Setup PHP
|
||||
uses: shivammathur/setup-php@7c0b4c8c8ebed23eca9ec2802474895d105b11bc
|
||||
with:
|
||||
php-version: ${{ env.PHP_VERSION }}
|
||||
|
||||
- name: Check if composer.json exists
|
||||
id: check_files
|
||||
uses: andstor/file-existence-action@87d74d4732ddb824259d80c8a508c0124bf1c673
|
||||
with:
|
||||
files: 'composer.json'
|
||||
|
||||
- name: Get Composer Cache Directory
|
||||
id: composer-cache
|
||||
if: steps.check_files.outputs.files_exists == 'true'
|
||||
run: |
|
||||
echo "::set-output name=dir::$(composer config cache-files-dir)"
|
||||
|
||||
- name: Set up dependency caching for faster installs
|
||||
uses: actions/cache@v2
|
||||
if: steps.check_files.outputs.files_exists == 'true'
|
||||
with:
|
||||
path: ${{ steps.composer-cache.outputs.dir }}
|
||||
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-composer-
|
||||
|
||||
- name: Run composer install if composer.json exists
|
||||
if: steps.check_files.outputs.files_exists == 'true'
|
||||
run: composer validate --no-check-publish && composer install --prefer-dist --no-progress
|
||||
|
||||
- name: Upload artifact for deployment job
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: php-app
|
||||
path: .
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Download artifact from build job
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: php-app
|
||||
|
||||
- name: 'Deploy to Azure Web App'
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: .
|
||||
@@ -0,0 +1,82 @@
|
||||
# This workflow will build and push a Python application to an Azure Web App when a commit is pushed to your default branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-python?tabs=bash&pivots=python-framework-flask
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
|
||||
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
|
||||
#
|
||||
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the PYTHON_VERSION environment variables below.
|
||||
#
|
||||
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
|
||||
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
|
||||
|
||||
name: Build and deploy Python app to Azure Web App
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
|
||||
PYTHON_VERSION: '3.8' # set this to the Python version to use
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Set up Python version
|
||||
uses: actions/setup-python@v2.2.2
|
||||
with:
|
||||
python-version: ${{ env.PYTHON_VERSION }}
|
||||
cache: 'pip'
|
||||
|
||||
- name: Create and start virtual environment
|
||||
run: |
|
||||
python -m venv venv
|
||||
source venv/bin/activate
|
||||
|
||||
- name: Install dependencies
|
||||
run: pip install -r requirements.txt
|
||||
|
||||
# Optional: Add step to run tests here (PyTest, Django test suites, etc.)
|
||||
|
||||
- name: Upload artifact for deployment jobs
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: python-app
|
||||
path: |
|
||||
.
|
||||
!venv/
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
environment:
|
||||
name: 'Development'
|
||||
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
|
||||
|
||||
steps:
|
||||
- name: Download artifact from build job
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: python-app
|
||||
path: .
|
||||
|
||||
- name: 'Deploy to Azure Web App'
|
||||
id: deploy-to-webapp
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
@@ -1,51 +0,0 @@
|
||||
# This workflow will build and push a node.js application to an Azure Web App when there is a push to the $default-branch branch.
|
||||
#
|
||||
# This workflow assumes you have already created the target Azure App Service web app.
|
||||
# For instructions see https://docs.microsoft.com/azure/app-service/app-service-plan-manage#create-an-app-service-plan
|
||||
#
|
||||
# To configure this workflow:
|
||||
#
|
||||
# 1. For Linux apps, add an app setting called WEBSITE_WEBDEPLOY_USE_SCM and set it to true in your app **before downloading the file**.
|
||||
# For more instructions see: https://docs.microsoft.com/azure/app-service/configure-common#configure-app-settings
|
||||
#
|
||||
# 2. Set up a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE with the value of your Azure publish profile.
|
||||
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
|
||||
#
|
||||
# 3. Change the values for the AZURE_WEBAPP_NAME, AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables (below).
|
||||
#
|
||||
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
|
||||
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- $default-branch
|
||||
|
||||
env:
|
||||
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
|
||||
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
|
||||
NODE_VERSION: '10.x' # set this to the node version to use
|
||||
|
||||
jobs:
|
||||
build-and-deploy:
|
||||
name: Build and Deploy
|
||||
runs-on: ubuntu-latest
|
||||
environment: production
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Use Node.js ${{ env.NODE_VERSION }}
|
||||
uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
- name: npm install, build, and test
|
||||
run: |
|
||||
# Build and test the project, then
|
||||
# deploy to Azure Web App.
|
||||
npm install
|
||||
npm run build --if-present
|
||||
npm run test --if-present
|
||||
- name: 'Deploy to Azure WebApp'
|
||||
uses: azure/webapps-deploy@v2
|
||||
with:
|
||||
app-name: ${{ env.AZURE_WEBAPP_NAME }}
|
||||
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
|
||||
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
|
||||
@@ -4,11 +4,11 @@
|
||||
#
|
||||
# 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc.
|
||||
#
|
||||
# 2. Set up secrets in your workspace: GKE_PROJECT with the name of the project and GKE_SA_KEY with the Base64 encoded JSON service account key (https://github.com/GoogleCloudPlatform/github-actions/tree/docs/service-account-key/setup-gcloud#inputs).
|
||||
# 2. Create and configure a Workload Identity Provider for GitHub (https://github.com/google-github-actions/auth#setting-up-workload-identity-federation)
|
||||
#
|
||||
# 3. Change the values for the GKE_ZONE, GKE_CLUSTER, IMAGE, and DEPLOYMENT_NAME environment variables (below).
|
||||
# 3. Change the values for the GAR_LOCATION, GKE_ZONE, GKE_CLUSTER, IMAGE, REPOSITORY and DEPLOYMENT_NAME environment variables (below).
|
||||
#
|
||||
# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke
|
||||
# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke-kustomize
|
||||
|
||||
name: Build and Deploy to GKE
|
||||
|
||||
@@ -19,9 +19,11 @@ on:
|
||||
|
||||
env:
|
||||
PROJECT_ID: ${{ secrets.GKE_PROJECT }}
|
||||
GAR_LOCATION: us-central1 # TODO: update region of the Artifact Registry
|
||||
GKE_CLUSTER: cluster-1 # TODO: update to cluster name
|
||||
GKE_ZONE: us-central1-c # TODO: update to cluster zone
|
||||
DEPLOYMENT_NAME: gke-test # TODO: update to deployment name
|
||||
REPOSITORY: samples # TODO: update to Artifact Registry docker repository
|
||||
IMAGE: static-site
|
||||
|
||||
jobs:
|
||||
@@ -30,52 +32,61 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
environment: production
|
||||
|
||||
permissions:
|
||||
contents: 'read'
|
||||
id-token: 'write'
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# Setup gcloud CLI
|
||||
- uses: google-github-actions/setup-gcloud@v0.2.0
|
||||
# Configure Workload Identity Federation and generate an access token.
|
||||
- id: 'auth'
|
||||
name: 'Authenticate to Google Cloud'
|
||||
uses: 'google-github-actions/auth@v0'
|
||||
with:
|
||||
service_account_key: ${{ secrets.GKE_SA_KEY }}
|
||||
project_id: ${{ secrets.GKE_PROJECT }}
|
||||
token_format: 'access_token'
|
||||
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
|
||||
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
|
||||
|
||||
# Configure Docker to use the gcloud command-line tool as a credential
|
||||
# helper for authentication
|
||||
- run: |-
|
||||
gcloud --quiet auth configure-docker
|
||||
# Alternative option - authentication via credentials json
|
||||
# - id: 'auth'
|
||||
# uses: 'google-github-actions/auth@v0'
|
||||
# with:
|
||||
# credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
|
||||
|
||||
- name: Docker configuration
|
||||
run: |-
|
||||
echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GAR_LOCATION-docker.pkg.dev
|
||||
# Get the GKE credentials so we can deploy to the cluster
|
||||
- uses: google-github-actions/get-gke-credentials@v0.2.1
|
||||
- name: Set up GKE credentials
|
||||
uses: google-github-actions/get-gke-credentials@v0
|
||||
with:
|
||||
cluster_name: ${{ env.GKE_CLUSTER }}
|
||||
location: ${{ env.GKE_ZONE }}
|
||||
credentials: ${{ secrets.GKE_SA_KEY }}
|
||||
|
||||
# Build the Docker image
|
||||
- name: Build
|
||||
run: |-
|
||||
docker build \
|
||||
--tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \
|
||||
--tag "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" \
|
||||
--build-arg GITHUB_SHA="$GITHUB_SHA" \
|
||||
--build-arg GITHUB_REF="$GITHUB_REF" \
|
||||
.
|
||||
|
||||
# Push the Docker image to Google Container Registry
|
||||
# Push the Docker image to Google Artifact Registry
|
||||
- name: Publish
|
||||
run: |-
|
||||
docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA"
|
||||
|
||||
docker push "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA"
|
||||
# Set up kustomize
|
||||
- name: Set up Kustomize
|
||||
run: |-
|
||||
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
|
||||
chmod u+x ./kustomize
|
||||
|
||||
# Deploy the Docker image to the GKE cluster
|
||||
- name: Deploy
|
||||
run: |-
|
||||
./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA
|
||||
# replacing the image name in the k8s template
|
||||
./kustomize edit set image LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG=$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA
|
||||
./kustomize build . | kubectl apply -f -
|
||||
kubectl rollout status deployment/$DEPLOYMENT_NAME
|
||||
kubectl get services -o wide
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy a container to an Azure Web App",
|
||||
"description": "Build a container and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "Dockerfile"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy to a AKS Cluster",
|
||||
"description": "Deploy an application to a Azure Kubernetes Service Cluster using Azure Credentials",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "Kompose", "Helm", "Kustomize", "Kubernetes", "Dockerfile"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy web app to Azure Static Web Apps",
|
||||
"description": "Build and deploy web application to an Azure Static Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure-staticwebapp",
|
||||
"categories": ["Deployment", "React", "Angular", "Vue", "Svelte", "Gatsby", "Next", "Nuxt", "Jekyll", "Blazor"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy a .NET Core app to an Azure Web App",
|
||||
"description": "Build a .NET Core project and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "C#", "aspNetCore"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy a Java .jar app to an Azure Web App",
|
||||
"description": "Build a Java project and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "Java", "Maven"]
|
||||
}
|
||||
@@ -3,5 +3,5 @@
|
||||
"description": "Build a Node.js project and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment"]
|
||||
}
|
||||
"categories": ["Deployment", "JavaScript", "TypeScript", "npm"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy a PHP app to an Azure Web App",
|
||||
"description": "Build a PHP app and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "PHP"]
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
{
|
||||
"name": "Deploy a Python app to an Azure Web App",
|
||||
"description": "Build a Python app and deploy it to an Azure Web App.",
|
||||
"creator": "Microsoft Azure",
|
||||
"iconName": "azure",
|
||||
"categories": ["Deployment", "Python", "Django", "Flask", "Pip"]
|
||||
}
|
||||
@@ -3,5 +3,5 @@
|
||||
"description": "Build a docker container, publish it to Google Container Registry, and deploy to GKE.",
|
||||
"creator": "Google Cloud",
|
||||
"iconName": "googlegke",
|
||||
"categories": ["Deployment", "Dockerfile"]
|
||||
"categories": ["Deployment", "Dockerfile", "Kubernetes", "Kustomize"]
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<svg width="533px" height="617px" viewBox="0 0 533 617" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<title>Fill 11</title>
|
||||
<g id="Screens" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
|
||||
<g id="Logo-Mark" transform="translate(-484.000000, -442.000000)" fill="#025C7A">
|
||||
<path d="M746.975832,712.678783 C764.128375,712.678783 778.123597,726.606828 778.123597,743.759372 C778.123597,760.889523 764.128375,774.884745 746.975832,774.884745 C729.823288,774.884745 715.872851,760.889523 715.872851,743.759372 C715.872851,726.606828 729.823288,712.678783 746.975832,712.678783 L746.975832,712.678783 Z M746.707124,442 L484,586.565042 L484,707.618111 C483.977626,778.26599 504.444238,846.876165 543.183012,905.991981 C581.944178,965.063013 636.693485,1011.16887 701.541744,1039.38324 L745.385975,1058.39435 L777.048764,1044.35434 L777.048764,829.90276 C812.76457,817.407826 838.605347,783.707332 838.605347,743.759372 C838.605347,693.264612 797.515376,652.174641 746.975832,652.174641 C696.481072,652.174641 655.391101,693.264612 655.391101,743.759372 C655.391101,783.729725 681.231878,817.430219 716.947684,829.90276 L716.947684,979.39412 C666.945556,955.725401 624.512044,919.091509 594.080834,872.69455 C561.858236,823.498547 544.817654,766.442827 544.817654,707.662896 L544.817654,622.504771 L546.317941,621.676254 L747.132578,511.192376 L748.520904,511.931324 L955.493439,622.706302 L955.493439,704.304043 C955.560616,763.845314 938.161756,821.550412 905.155425,871.127085 C892.526137,890.09341 877.456083,907.805762 860.325931,923.838688 L860.325931,1001.60734 C898.392934,975.408281 930.481178,942.87219 955.762147,904.872364 C995.463792,845.3087 1016.35586,775.937185 1016.26658,704.348827 L1016.26658,586.318726 L746.707124,442 Z" id="Fill-11"></path>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.9 KiB |
@@ -0,0 +1,17 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 18 18" width="18" height="18">
|
||||
<defs>
|
||||
<linearGradient id="e6ad4df9-0ab7-4b49-9706-620b42380f0b" x1="9" y1="16.236" x2="9" y2="5.599" gradientUnits="userSpaceOnUse">
|
||||
<stop offset="0" stop-color="#005ba1" />
|
||||
<stop offset="0.775" stop-color="#0078d4" />
|
||||
</linearGradient>
|
||||
</defs>
|
||||
<g id="e7885b9c-9714-4276-bd41-591cb7e086a5">
|
||||
<path d="M0,5.6H18a0,0,0,0,1,0,0V15.635a.6.6,0,0,1-.6.6H.6a.6.6,0,0,1-.6-.6V5.6A0,0,0,0,1,0,5.6Z" fill="url(#e6ad4df9-0ab7-4b49-9706-620b42380f0b)" />
|
||||
<rect x="1.309" y="6.657" width="15.527" height="8.514" rx="0.6" fill="#5ea0ef" opacity="0.6" />
|
||||
<path d="M.6,1.764H17.4a.6.6,0,0,1,.6.6V5.6a0,0,0,0,1,0,0H0a0,0,0,0,1,0,0V2.365A.6.6,0,0,1,.6,1.764Z" fill="#005ba1" />
|
||||
<path d="M7.109,13.217l-.321.32a.144.144,0,0,1-.205,0L4.258,11.205a.29.29,0,0,1,0-.41l.321-.32L7.11,13.012A.145.145,0,0,1,7.109,13.217Zm3.653,0,.321.32a.144.144,0,0,0,.205,0l2.325-2.332a.29.29,0,0,0,0-.41l-.322-.32-2.53,2.537A.145.145,0,0,0,10.762,13.217Z" fill="#fff" opacity="0.8" />
|
||||
<path d="M6.831,8.433l.32.321a.144.144,0,0,1,0,.205L4.576,11.527l-.32-.322a.289.289,0,0,1,0-.41l2.37-2.363A.145.145,0,0,1,6.831,8.433Zm4.207,0-.32.321a.144.144,0,0,0,0,.205l2.575,2.568.32-.321a.292.292,0,0,0,0-.411l-2.37-2.362A.144.144,0,0,0,11.038,8.434Z" fill="#fff" />
|
||||
<path d="M8.159,14.363,7.646,14.2a.105.105,0,0,1-.067-.131L9.669,7.54a.1.1,0,0,1,.13-.067l.513.164a.1.1,0,0,1,.067.13L8.289,14.3A.1.1,0,0,1,8.159,14.363Z" fill="#fff" />
|
||||
<path d="M3.166,3.847a.76.76,0,1,1-.76-.76A.76.76,0,0,1,3.166,3.847ZM4.8,3.087a.76.76,0,1,0,.76.76A.76.76,0,0,0,4.8,3.087Zm2.393,0a.76.76,0,1,0,.76.76A.76.76,0,0,0,7.191,3.087Z" fill="#fff" />
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.7 KiB |
@@ -0,0 +1,32 @@
|
||||
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
|
||||
viewBox="0 0 60 60" style="enable-background:new 0 0 60 60;" xml:space="preserve">
|
||||
<g>
|
||||
|
||||
<linearGradient id="XMLID_3_" gradientUnits="userSpaceOnUse" x1="15.9594" y1="-13.0143" x2="44.3068" y2="15.3332" gradientTransform="matrix(1 0 0 -1 0 61)">
|
||||
<stop offset="9.677000e-02" style="stop-color:#0095D5"/>
|
||||
<stop offset="0.3007" style="stop-color:#238AD9"/>
|
||||
<stop offset="0.6211" style="stop-color:#557BDE"/>
|
||||
<stop offset="0.8643" style="stop-color:#7472E2"/>
|
||||
<stop offset="1" style="stop-color:#806EE3"/>
|
||||
</linearGradient>
|
||||
<polygon id="XMLID_2_" style="fill:url(#XMLID_3_);" points="0,60 30.1,29.9 60,60 "/>
|
||||
|
||||
<linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="4.2092" y1="48.9409" x2="20.6734" y2="65.405" gradientTransform="matrix(1 0 0 -1 0 61)">
|
||||
<stop offset="0.1183" style="stop-color:#0095D5"/>
|
||||
<stop offset="0.4178" style="stop-color:#3C83DC"/>
|
||||
<stop offset="0.6962" style="stop-color:#6D74E1"/>
|
||||
<stop offset="0.8333" style="stop-color:#806EE3"/>
|
||||
</linearGradient>
|
||||
<polygon style="fill:url(#SVGID_1_);" points="0,0 30.1,0 0,32.5 "/>
|
||||
|
||||
<linearGradient id="SVGID_2_" gradientUnits="userSpaceOnUse" x1="-10.1017" y1="5.8362" x2="45.7315" y2="61.6694" gradientTransform="matrix(1 0 0 -1 0 61)">
|
||||
<stop offset="0.1075" style="stop-color:#C757BC"/>
|
||||
<stop offset="0.2138" style="stop-color:#D0609A"/>
|
||||
<stop offset="0.4254" style="stop-color:#E1725C"/>
|
||||
<stop offset="0.6048" style="stop-color:#EE7E2F"/>
|
||||
<stop offset="0.743" style="stop-color:#F58613"/>
|
||||
<stop offset="0.8232" style="stop-color:#F88909"/>
|
||||
</linearGradient>
|
||||
<polygon style="fill:url(#SVGID_2_);" points="30.1,0 0,31.7 0,60 30.1,29.9 60,0 "/>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 1.8 KiB |
@@ -0,0 +1,49 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<svg
|
||||
xml:space="preserve"
|
||||
enable-background="new 0 0 1600 1200"
|
||||
viewBox="0 0 567.79999 232.97284"
|
||||
y="0px"
|
||||
x="0px"
|
||||
id="Layer_1"
|
||||
version="1.1"
|
||||
width="567.79999"
|
||||
height="232.97284"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"><metadata
|
||||
id="metadata79"><rdf:RDF><cc:Work
|
||||
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
|
||||
id="defs77" />
|
||||
<g
|
||||
id="g72"
|
||||
transform="translate(-516,-478.61358)"><g
|
||||
id="g947"><path
|
||||
fill="none"
|
||||
d="m 934.8,558.4 h -24.9 v 79.3 H 936 c 21.4,0 37.1,-16.1 37.1,-39.5 0.1,-23.5 -16.4,-39.8 -38.3,-39.8 z"
|
||||
id="path4" /><path
|
||||
fill="#58595b"
|
||||
d="m 569.6,682.1 c -0.5,-3.1 -1.1,-6.2 -1.1,-9.3 -0.1,-17.6 0,-35.2 -0.2,-52.8 -0.1,-7.3 -1.9,-14.2 -7.1,-19.7 -1.8,-1.9 -3.9,-3.6 -5.9,-5.4 2,-1.8 4.1,-3.5 5.9,-5.4 5.2,-5.5 7,-12.3 7.1,-19.7 0.2,-17.6 0.1,-35.2 0.2,-52.8 0,-3.1 0.6,-6.2 1.1,-9.3 0.6,-4 3.1,-6.3 7,-6.8 h 20.8 v -22.2 h -14.3 c -11.2,-0.5 -22,1 -31.3,9 -7.6,6.6 -10.1,15.5 -10.3,25 -0.4,16.3 -0.1,32.6 -0.3,48.9 0,3.6 -0.4,7.2 -1.3,10.7 -0.1,0.3 -0.2,0.6 -0.3,0.9 -1.2,3.2 -3.2,5.3 -5.6,6.8 -1.2,0.7 -2.6,1.3 -4.1,1.7 -1.3,0.4 -2.4,0.6 -3.2,0.9 -0.8,0.1 -1.5,0.2 -2.2,0.3 H 516 v 11.8 11.8 h 8.5 c 0.7,0.1 1.4,0.1 2.2,0.3 0.8,0.3 1.8,0.6 3.2,0.9 1.5,0.4 2.9,1 4.1,1.7 2.3,1.5 4.4,3.6 5.6,6.8 0.1,0.3 0.2,0.6 0.3,0.9 0.9,3.5 1.3,7.1 1.3,10.7 0.2,16.3 -0.1,32.6 0.3,48.9 0.2,9.5 2.8,18.4 10.3,25 9.3,8.1 20.1,9.5 31.3,9 h 14.3 v -22.2 h -20.8 c -3.8,-0.1 -6.4,-2.4 -7,-6.4 z"
|
||||
id="path60" /><path
|
||||
fill="#58595b"
|
||||
d="m 1075.3,583.3 c -0.7,-0.1 -1.4,-0.1 -2.2,-0.3 -0.8,-0.3 -1.8,-0.6 -3.2,-0.9 -1.5,-0.4 -2.9,-1 -4.1,-1.7 -2.3,-1.5 -4.4,-3.6 -5.6,-6.8 -0.1,-0.3 -0.2,-0.6 -0.3,-0.9 -0.9,-3.5 -1.3,-7.1 -1.3,-10.7 -0.2,-16.3 0.1,-32.6 -0.3,-48.9 -0.2,-9.5 -2.8,-18.4 -10.3,-25 -9.3,-8.1 -20.1,-9.5 -31.3,-9 h -14.3 v 22.2 h 20.8 c 3.9,0.5 6.4,2.8 7,6.8 0.5,3.1 1.1,6.2 1.1,9.3 0.1,17.6 0,35.2 0.2,52.8 0.1,7.3 1.9,14.2 7.1,19.7 1.8,1.9 3.9,3.6 5.9,5.4 -2,1.8 -4.1,3.5 -5.9,5.4 -5.2,5.5 -7,12.3 -7.1,19.7 -0.2,17.6 -0.1,35.2 -0.2,52.8 0,3.1 -0.6,6.2 -1.1,9.3 -0.6,4 -3.1,6.3 -7,6.8 h -20.8 v 22.2 h 14.3 c 11.2,0.5 22,-1 31.3,-9 7.6,-6.6 10.1,-15.5 10.3,-25 0.4,-16.3 0.1,-32.6 0.3,-48.9 0,-3.6 0.4,-7.2 1.3,-10.7 0.1,-0.3 0.2,-0.6 0.3,-0.9 1.2,-3.2 3.2,-5.3 5.6,-6.8 1.2,-0.7 2.6,-1.3 4.1,-1.7 1.3,-0.4 2.4,-0.6 3.2,-0.9 0.8,-0.1 1.5,-0.2 2.2,-0.3 h 8.5 v -11.8 -11.8 h -8.5 z"
|
||||
id="path62" /><g
|
||||
id="g70">
|
||||
<polygon
|
||||
fill="#1dbf73"
|
||||
points="721.4,534.1 721.4,662 747.5,662 747.5,575.8 781.5,649.1 800.3,649.1 834.3,575.8 834.3,662 860.2,662 860.2,534.1 828.1,534.1 791,612.3 753.7,534.1 "
|
||||
id="polygon64" />
|
||||
<path
|
||||
fill="#1dbf73"
|
||||
d="M 935.3,534.1 H 881 V 662 h 53.2 c 40.4,0 68.3,-26.3 68.3,-64 0.1,-37.8 -27.5,-63.9 -67.2,-63.9 z m 0.8,103.6 H 910 v -79.3 h 24.9 c 21.9,0 38.4,16.3 38.4,39.8 -0.1,23.4 -15.8,39.5 -37.2,39.5 z"
|
||||
id="path66" />
|
||||
<path
|
||||
fill="#1dbf73"
|
||||
d="m 723.3,525.6 c -4,2.2 -7.9,4.7 -11.7,7.2 -7.4,5 -14.1,10.3 -19.8,15.2 -2.7,2.4 -5.2,4.6 -7.4,6.7 -1.1,0.9 -2.1,1.8 -3.1,2.7 -3.4,3 -6.6,6 -9.7,8.8 -17,15.8 -29.2,28.9 -29.2,28.9 l -16,-18 -8,-8.9 -5.7,-6.4 c 0.6,-3.1 2.9,-5.7 5.7,-7.9 1.9,-1.5 4,-2.7 6.1,-3.8 4.1,-2.1 7.7,-3.2 7.7,-3.2 l 2.7,3.2 6.8,7.9 8,9.3 c 2.9,-3 5.8,-5.9 8.6,-8.6 3.2,-3.1 6.4,-6 9.5,-8.6 2.2,-1.9 4.4,-3.8 6.6,-5.5 2.1,-1.6 4.2,-3.1 6.5,-4.6 -7.8,-3.8 -17.6,-5.9 -29,-5.9 H 597.6 V 662 h 28.9 v -36.5 h 25.4 c 32.5,0 51.2,-17.2 51.2,-47 0,-9.9 -2.3,-18.4 -6.7,-25.1 z"
|
||||
id="path68" />
|
||||
</g></g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 3.8 KiB |
@@ -0,0 +1 @@
|
||||
<svg height="32" viewBox="0 0 90 32" width="90" xmlns="http://www.w3.org/2000/svg"><style>path { fill: #D30001; }</style><path d="m418.082357 25.9995403v4.1135034h-7.300339v1.89854h3.684072c1.972509 0 4.072534 1.4664311 4.197997 3.9665124l.005913.2373977v1.5821167c-.087824 3.007959-2.543121 4.1390018-4.071539 4.2011773l-.132371.0027328h-7.390745v-4.0909018l7.481152-.0226016v-1.9889467l-1.190107.0007441-.346911.0008254-.084566.0003251-.127643.0007097-.044785.0003793-.055764.0007949-.016378.0008259c.000518.0004173.013246.0008384.034343.0012518l.052212.000813c.030547.0003979.066903.0007803.105225.0011355l.078131.0006709-.155385-.0004701c-.31438-.001557-.85249-.0041098-1.729029-.0080055-1.775258 0-4.081832-1.3389153-4.219994-3.9549201l-.006518-.24899v-1.423905c0-2.6982402 2.278213-4.182853 4.065464-4.2678491l.161048-.003866zm-18.691579 0v11.8658752h6.170255v4.1361051h-10.735792v-16.0019803zm-6.441475 0v16.0019803h-4.588139v-16.0019803zm-10.803597 0c1.057758 0 4.04923.7305141 4.198142 3.951222l.005768.2526881v11.7980702h-4.271715v-2.8252084h-4.136105v2.8252084h-4.407325v-11.7980702c0-1.3184306 1.004082-4.0468495 3.946899-4.197411l.257011-.0064991zm-24.147177-.0027581 8.580186.0005749c.179372.0196801 4.753355.5702841 4.753355 5.5438436s-3.775694 5.3947112-3.92376 5.4093147l-.004472.0004216 5.00569 5.0505836h-6.374959l-3.726209-3.8608906v3.8608906h-4.309831zm22.418634-2.6971669.033418.0329283s-.384228.27122-.791058.610245c-12.837747-9.4927002-20.680526-5.0175701-23.144107-3.8196818-11.187826 6.2428065-7.954768 21.5678895-7.888988 21.8737669l.001006.0046469h-17.855317s.67805-6.6900935 5.4244-14.600677c4.74635-7.9105834 12.837747-13.9000252 19.414832-14.4876686 12.681632-1.2703535 24.110975 9.7062594 24.805814 10.3864403zm-31.111679 14.1815719 2.44098.881465c.113008.8852319.273103 1.7233771.441046 2.4882761l.101394.4499406-2.7122-.9718717c-.113009-.67805-.226017-1.6499217-.27122-2.84781zm31.506724-7.6619652h-1.514312c-1.128029 0-1.333125.5900716-1.370415.8046431l-.007251.056292-.000906.0152319-.00013 3.9153864h4.136105l-.000316-3.916479c-.004939-.0795522-.08331-.8750744-1.242775-.8750744zm-50.492125.339025 2.599192.94927c-.316423.731729-.719369 1.6711108-1.011998 2.4093289l-.118085.3028712-2.599192-.94927c.226017-.610245.700652-1.7403284 1.130083-2.7122001zm35.445121-.1434449h-3.456844v3.6588673h3.434397s.98767-.3815997.98767-1.8406572-.965223-1.8182101-.965223-1.8182101zm-15.442645-.7606218 1.62732 1.2882951c-.180814.705172-.318232 1.410344-.412255 2.115516l-.06238.528879-1.830735-1.4465067c.180813-.81366.384228-1.6499217.67805-2.4861834zm4.000495-6.3058651 1.017075 1.5369134c-.39779.4158707-.766649.8317413-1.095006 1.2707561l-.238493.3339623-1.08488-1.6273201c.40683-.5198383.881465-1.0396767 1.401304-1.5143117zm-16.182794-3.3450467 1.604719 1.4013034c-.40683.4237812-.800947.8729894-1.172815 1.3285542l-.364099.4569775-1.740328-1.4917101c.519838-.5650416 1.08488-1.1300833 1.672523-1.695125zm22.398252-.0904067.497237 1.4917101c-.524359.162732-1.048717.3688592-1.573076.6068095l-.393269.1842488-.519838-1.559515c.565041-.2486184 1.22049-.4972367 1.988946-.7232534zm5.28879-.54244c.578603.0361627 1.171671.1012555 1.779204.2068505l.458361.0869712-.090406 1.4013034c-.596684-.1265694-1.193368-.2097435-1.790052-.2495224l-.447513-.0216976zm-18.555968-6.2380601 1.017075 1.559515c-.440733.2203663-.868752.4661594-1.303128.7278443l-.437201.2666291-1.039676-1.5821167c.610245-.3616267 1.197888-.67805 1.76293-.9718717zm18.601172-.8588633c1.344799.3842283 1.923513.6474959 2.155025.7707625l.037336.0202958-.090406 1.5143117c-.482169-.1958811-.964338-.381717-1.453204-.5575078l-.739158-.2561522zm-8.633837-1.3334984.452033 1.3787017h-.226016c-.491587 0-.983173.0127134-1.474759.0476754l-.491587.0427313-.429431-1.3334984c.745855-.0904067 1.469108-.13561 2.16976-.13561z" transform="translate(-329 -10)"/></svg>
|
||||
|
After Width: | Height: | Size: 3.8 KiB |
|
After Width: | Height: | Size: 8.4 KiB |
@@ -0,0 +1 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 620.16 469.63"><defs><style>.cls-1{fill:#00b2e5;}</style></defs><g id="Layer_2" data-name="Layer 2"><g id="Layer_1-2" data-name="Layer 1"><path class="cls-1" d="M470.88,235.88c0,128.94-105.7,233.75-235.42,233.75S0,364.3,0,234.79,105.66,0,235.46,0C367.42,0,470.88,103.68,470.88,235.88Zm-95.64.69c0-56.47-38-146.09-139.78-146.09-96.44,0-139.8,84.38-139.8,144.31S139,379.11,235.46,379.11,375.24,295.74,375.24,236.57Zm244.92,225.2V7.91h-167V98.49h71.42V461.77Z"/></g></g></svg>
|
||||
|
After Width: | Height: | Size: 526 B |
@@ -21,6 +21,8 @@ interface WorkflowProperties {
|
||||
categories: string[] | null;
|
||||
|
||||
creator?: string;
|
||||
|
||||
enterprise?: boolean;
|
||||
}
|
||||
|
||||
interface WorkflowsCheckResult {
|
||||
@@ -31,13 +33,15 @@ interface WorkflowsCheckResult {
|
||||
async function checkWorkflows(
|
||||
folders: string[],
|
||||
enabledActions: string[],
|
||||
partners: string[]
|
||||
partners: string[],
|
||||
codeScanningTemplates: string[]
|
||||
): Promise<WorkflowsCheckResult> {
|
||||
const result: WorkflowsCheckResult = {
|
||||
compatibleWorkflows: [],
|
||||
incompatibleWorkflows: [],
|
||||
};
|
||||
const partnersSet = new Set(partners.map((x) => x.toLowerCase()));
|
||||
const codeScanningTemplatesSet = new Set(codeScanningTemplates)
|
||||
|
||||
for (const folder of folders) {
|
||||
const dir = await fs.readdir(folder, {
|
||||
@@ -57,8 +61,11 @@ async function checkWorkflows(
|
||||
|
||||
const isPartnerWorkflow = workflowProperties.creator ? partnersSet.has(workflowProperties.creator.toLowerCase()) : false;
|
||||
|
||||
const isCodeScanningTemplateEnabled = (folder === "../../code-scanning") ? codeScanningTemplatesSet.has(e.name) : true;
|
||||
|
||||
const enabled =
|
||||
!isPartnerWorkflow &&
|
||||
isCodeScanningTemplateEnabled &&
|
||||
(await checkWorkflow(workflowFilePath, enabledActions));
|
||||
|
||||
const workflowDesc: WorkflowDesc = {
|
||||
@@ -130,7 +137,8 @@ async function checkWorkflow(
|
||||
const result = await checkWorkflows(
|
||||
settings.folders,
|
||||
settings.enabledActions,
|
||||
settings.partners
|
||||
settings.partners,
|
||||
settings.codeScanningTemplates
|
||||
);
|
||||
|
||||
console.group(
|
||||
|
||||
@@ -28,5 +28,8 @@
|
||||
"Red Hat",
|
||||
"Tencent Cloud",
|
||||
"HashiCorp"
|
||||
],
|
||||
"codeScanningTemplates": [
|
||||
"codeql.yml"
|
||||
]
|
||||
}
|
||||
|
||||