Compare commits

..

180 Commits

Author SHA1 Message Date
Sampark Sharma e526628119 Fix to resolve code scanning inclusions to ghes
Validate Data / validate-data (push) Has been cancelled
2022-02-23 10:33:02 +00:00
Atul Malaviya 300f303442 Added PR trigger (#1448) 2022-02-20 13:48:18 +05:30
Nick Fyson 8573ed9cf5 Merge pull request #1416 from arjundashrath/patch-8 2022-02-16 10:50:19 +00:00
Nick Fyson 48d70bb057 Merge branch 'main' into patch-8 2022-02-16 10:47:11 +00:00
Nick Fyson 5a06c8f464 Merge pull request #1404 from h0x0er/patch-7
Added github_token permissions in code-scanning/semgrep.yml
2022-02-16 10:07:51 +00:00
Nick Fyson 0c9bd866a7 Merge branch 'main' into patch-7 2022-02-16 10:00:27 +00:00
Nick Fyson e53dd812a5 Merge pull request #1424 from Devils-Knight/permks-7
Add token permissions for code-scanning/stackhawk.yml
2022-02-16 09:53:27 +00:00
Nick Fyson dc87bafe6f Merge branch 'main' into permks-7 2022-02-16 09:52:35 +00:00
Nick Fyson af74f124fb Merge pull request #1432 from Devils-Knight/permks-10
Add token permissions for code-scanning/njsscan.yml
2022-02-16 09:20:03 +00:00
Shubham malik 6706b36121 Update njsscan.yml 2022-02-15 16:04:39 +05:30
Shubham malik aa4aa29543 Update stackhawk.yml 2022-02-14 15:51:06 +05:30
arjundashrath 4333c79965 Update codacy.yml 2022-02-14 13:08:08 +05:30
h0x0er 14ce90e99f added github_token permissions 2022-02-14 11:13:30 +05:30
Chris Gavin 7fb1c31151 Merge pull request #1402 from actions/fix-enterprise-exclusions
Fix some workflows not being excluded from Enterprise syncing.
2022-02-11 17:02:20 +00:00
Chris Gavin 4579cb5c54 Fix some workflows not being excluded from Enterprise syncing. 2022-02-11 15:03:41 +00:00
Nick Fyson e9cc9b14bc Merge pull request #1397 from adangel/update-pmd
Update pmd to v1.2.0
2022-02-11 09:50:48 +00:00
Andreas Dangel d580918e06 Update pmd to v1.2.0
* Use pmd/pmd-github-action@967a81f8b6
   which is v1.2.0
* Remove "cache: maven" setting, which fails if no pom.xml file
   is existing
* Set parameter "analyzeModifiedFilesOnly: false" to prevent incomplete
   analysis results. See also https://github.com/pmd/pmd-github-action/issues/35
2022-02-10 18:10:25 +01:00
Nick Fyson 2e489c2619 Merge pull request #1368 from Devils-Knight/Permissions
Add token permissions for code-scanning/crunch42.yml
2022-02-04 14:38:09 +00:00
Nick Fyson 53217fe594 Merge branch 'main' into Permissions 2022-02-04 14:37:22 +00:00
Nick Fyson 64ccdd2a47 Merge pull request #1373 from h0x0er/main
Added GITHUB_TOKEN permission for code-scanning/anchore.yml
2022-02-04 10:45:44 +00:00
Nick Fyson c84eced9e9 Merge branch 'main' into main 2022-02-04 10:43:53 +00:00
Nick Fyson 8ec9e75aba Merge pull request #1377 from Devils-Knight/permissions
Add token permissions for code-scanning/checkmarx.yml
2022-02-04 10:26:09 +00:00
Nick Fyson 251b7bbc24 Merge branch 'main' into permissions 2022-02-04 10:25:18 +00:00
Bishal Prasad de41169eb0 Revert "Add Datadog Synthetics GitHub action to starter workflows (#1342)" (#1385)
This reverts commit f31e3a9c9d.
2022-02-04 09:45:26 +05:30
Daz DeBoer 98bd06c9ad Update for gradle/gradle-build-action@v2.1.3 (#1384) 2022-02-03 16:24:19 -05:00
h0x0er 7ea0d435cf Merge branch 'main' into main 2022-02-03 13:40:22 +05:30
Shubham malik d71bfc344e Create checkmarx.yml 2022-02-01 22:34:47 +05:30
Anurag Chauhan 5cdc69b0e1 Merge pull request #1374 from actions/code_scanning_desc
Fixing some code scanning workflows description
2022-02-01 16:45:07 +05:30
Anurag Chauhan 9ef177a834 Merge branch 'main' into code_scanning_desc 2022-02-01 16:44:05 +05:30
Daz DeBoer 776a960496 Update for gradle-build-action@v2.1.2 release (#1375) 2022-01-31 16:47:10 -05:00
Anurag Chauhan 890150c289 Fixing some code scanning workflows description 2022-01-31 10:48:11 +00:00
h0x0er 0e684da195 x
Merge branch 'main' of https://github.com/h0x0er/starter-workflows
2022-01-31 14:29:45 +05:30
h0x0er 34d35389d1 updated gh_token permissions for anchore/scan-action 2022-01-31 14:29:11 +05:30
h0x0er 8430b6f878 Update 2022-01-31 14:23:00 +05:30
Fedor Isakov c005c55b8b update google workflow (#1359) 2022-01-30 11:37:53 +05:30
Nick Fyson 2e8fec55f6 Merge pull request #1348 from Devils-Knight/starter-workflow 2022-01-28 22:04:00 +00:00
Nick Fyson e833ff06e4 Merge branch 'main' into starter-workflow 2022-01-28 22:00:17 +00:00
Aarnav Pai 1220bda7e4 Fix version of denoland/setup-deno (#1369)
* Fix version of `denoland/setup-deno`

* Update deno.yml
2022-01-27 10:51:47 -05:00
Shubham malik 4f0f3e716d Update crunch42.yml 2022-01-27 15:38:23 +05:30
Bishal Prasad 80404f48bc Rename node.js.yml to ci/node.js.yml 2022-01-27 10:28:39 +05:30
Bishal Prasad c0b5490590 Rename ci/bishal-node.js.yml to node.js.yml 2022-01-27 10:27:32 +05:30
Bishal Prasad 7a56117f98 Rename node.js.yml to bishal-node.js.yml 2022-01-27 10:27:08 +05:30
Shubham malik 3b8f20ff6f updated permission 2022-01-26 22:42:19 +05:30
Nick Fyson 63e7f499e9 Merge pull request #1363 from laurentsimon/patch-1
Scorecards: update hash for v1.0.2
2022-01-24 18:44:06 +00:00
laurentsimon 41e7dd427d Scorecards: update hash to v1.0.2
We fixed a small issue and need to update the hash
2022-01-24 08:27:33 -08:00
Andrew Wiltshire ffa80e095e fixed grammatical error in node.js.yml (#1358) 2022-01-20 09:00:56 +05:30
César Román a96d2407b5 fix(ci): pylint.yml (#1108)
ref: #636. `pylint` command does not work

I've had success running the modified command [here](https://github.com/thecesrom/incendium/blob/project/.github/workflows/pylint.yml).

Co-authored-by: Josh Gross <joshmgross@github.com>
2022-01-19 18:41:20 -05:00
Jason Freeberg ba97234b60 Fix indentation error (#1356) 2022-01-18 17:07:26 -05:00
Nick Fyson f2778053bd Merge pull request #1352 from laurentsimon/feat/scorecardicon
 Update scorecards icon
2022-01-18 11:06:49 +00:00
Nick Fyson 0a84296a2a Merge branch 'main' into feat/scorecardicon 2022-01-18 11:05:08 +00:00
André Arko 5635bf05bc Upgrade Rails workflow to true CI (#1353)
* Upgrade Rails workflow to true CI

The existing Rails CI example only runs linters, which is not continuous
integration. This change brings the Rails example workflow up to par
with the other web framework CI flows, like Django.

This example is optimized for Rails 7, which does not include NodeJS,
webpack, or yarn by default. No Rails application code changes are
required for this flow to run the tests, and both minitest and rspec are
supported via the `test` rake task.

* add Rails icon

* use env vars, hopefully

* use the full hash for ruby/setup-ruby

* remove PORT since services cannot use it

* stop repeating identical step envs

* resolve env var declaration error

* update setup-ruby to the SHA of v1.92

* use setup-ruby SHA for lint job too

Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>
2022-01-18 02:04:33 +05:30
Bishal Prasad 11778e9eb0 Add check for GITHUB_TOKEN permissions (#1354) 2022-01-17 13:17:29 +05:30
Beth G f31e3a9c9d Add Datadog Synthetics GitHub action to starter workflows (#1342) 2022-01-15 11:41:46 +05:30
laurentsimon 94100d1d4a bump 2022-01-14 23:32:21 +00:00
laurentsimon b224dd8449 update icon 2022-01-14 23:32:21 +00:00
Manuel 588f02dade Switch java distribution from 'adopt' to 'temurin' (#1065)
adopt is rebranded into temurin
see https://blog.adoptopenjdk.net/2021/03/transition-to-eclipse-an-update/
2022-01-14 18:05:31 -05:00
Nick Fyson e873c3ca45 Merge pull request #1345 from laurentsimon/feat/scorecard-release
Scorecards: Updates for release
2022-01-14 12:15:31 +00:00
laurentsimon 1b10c28ff4 rem tabs and update comment 2022-01-14 03:00:11 +00:00
laurentsimon aa643dfa0c bump hash 2022-01-13 22:29:39 +00:00
shubham malik f78e23c19d Update trivy.yml 2022-01-13 11:12:14 +05:30
laurentsimon b0f310cefc update token name 2022-01-10 23:52:58 +00:00
laurentsimon 00e08539ca prepare release 2022-01-10 23:19:46 +00:00
Nick Fyson 51e7c8e1e6 Merge pull request #1302 from laurentsimon/feat/scorecard
Add scorecards config
2022-01-04 19:16:50 +00:00
laurentsimon d0dba5262b use v0.0.1 2022-01-04 18:26:32 +00:00
laurentsimon b73f59a3e8 add icon 2022-01-04 18:26:32 +00:00
laurentsimon 40772919fb updates 2022-01-04 18:26:32 +00:00
laurentsimon 7c57e8a703 updates 2022-01-04 18:26:32 +00:00
laurentsimon 07be376c3a updates 2022-01-04 18:26:32 +00:00
laurentsimon 48edda6aca reduce text 2022-01-04 18:26:32 +00:00
laurentsimon f38127b062 update text 2022-01-04 18:26:32 +00:00
laurentsimon 9e49744dc2 url 2022-01-04 18:26:32 +00:00
laurentsimon a894da71d1 pin actions 2022-01-04 18:26:32 +00:00
laurentsimon a00db4437c comments 2022-01-04 18:26:32 +00:00
laurentsimon 0e50194de8 use hash 2022-01-04 18:26:32 +00:00
laurentsimon 794e910e12 add scorecards config 2022-01-04 18:26:32 +00:00
Ana Armas Romero f9d17c0062 Merge pull request #1332 from DhavalPatelPersistent/main
Update checkmarx.yml attributes : "uses","project","teams","scanners","params".
2021-12-30 04:17:00 -08:00
DhavalPatelPersistent 97020d0adc Update checkmarx.yml
Point to SHA instead for master
2021-12-30 16:39:28 +05:30
DhavalPatelPersistent 0b45ddae0d Update / Add "uses","project","teams","scanners","params" attributes. 2021-12-24 15:55:11 +05:30
Nick Fyson 5104ac4274 Merge pull request #1324 from adangel/update-pmd
Update pmd to v1.1.0
2021-12-20 15:16:34 +00:00
Andreas Dangel 615c63babc Update pmd to v1.1.0
Use pmd/pmd-github-action@6d98898be0 which is v1.1.0
Use temurin as java distribution
2021-12-20 11:50:23 +01:00
Anurag Chauhan 619bd129a7 Merge pull request #1314 from actions/partner_templates
Merge partner templates to main branch
2021-12-17 22:11:22 +05:30
Anurag Chauhan 7eb13f680a Merge branch 'main' of https://github.com/actions/starter-workflows into partner_templates 2021-12-16 10:55:26 +00:00
Anurag Chauhan 73a17a51b5 deleting azure.yml 2021-12-16 10:55:17 +00:00
Matt Moore 00db25fc1e Enable keyless signing for private repos. (#1295)
Now that cosign 1.4 is out, we can perform keyless signing without panicking on private images (and without `--force` uploading to Rekor).

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
2021-12-13 15:17:02 -05:00
Anurag Chauhan 5bd8eb4344 Merge branch 'main' of https://github.com/actions/starter-workflows into partner_templates 2021-12-09 11:32:59 +00:00
Anurag Chauhan 9c27271e2f Merge pull request #1298 from actions/anuragc617/fix_az_order
Renaming azure template to fix the order
2021-12-08 12:48:11 +05:30
Anurag Chauhan 17c64f97fe resolving comments 2021-12-08 05:01:06 +00:00
Anurag Chauhan c059d06679 renaming azure template to fix the order 2021-12-07 14:16:20 +00:00
Ana Armas Romero 432e3e3e74 Merge pull request #1278 from actions/veracode_workflow
Add veracode workflow
2021-12-07 11:52:25 +01:00
Ana Armas Romero 75ecfa0bae Merge branch 'main' into veracode_workflow 2021-12-07 11:50:58 +01:00
anaarmas 1c56988c5d remove unnecessary uses of the upload-artifact action and improve input file name 2021-12-07 11:35:26 +01:00
Matt Moore 60d206d090 Have the starter docker-publish action sign digests. (#1255)
* Have the starter `docker-publish` action sign digests.

This change installs `sigstore/cosign` using the `cosign-installer` action,
and uses sigstore's "keyless" signing process to sign the resulting image
digest using the action's identity token (see: `id-token: write`).

Signed-off-by: Matt Moore <mattomata@gmail.com>

* Fully qualify the digest, add setup-buildx-action as workaround

* Drop --force, add public repo check

* Use built-in 'private' bit
2021-12-06 22:35:19 +05:30
Nick Fyson d67515a20c Merge pull request #1200 from abirismyname/adding-pmd-workflow
Adding pmd
2021-12-03 18:42:12 +00:00
Abir Majumdar 4e6641ed74 Updating pmd logo 2021-12-03 13:19:43 -05:00
Nick Fyson f46fcd0e80 Merge branch 'main' into adding-pmd-workflow 2021-12-03 16:13:55 +00:00
Abir Majumdar 649bca8dab Updating logo and adding sha to workflow 2021-12-03 10:33:18 -05:00
Daz DeBoer f7b1f1515d Use gradle-build-action in starter workflows (#1237)
The `gradle-build-action` provides enhanced execution and caching functionality for Gradle.
This change updates starter workflows to use `v2.0.0` of `gradle-build-action`.

Improvements over invoking Gradle directly include:
- Easier to run the workflow with a particular Gradle version
- More sophisticated and more efficient caching of Gradle User Home between invocations
- Detailed reporting of cache usage and cache configuration options
- Automatic capture of Build Scan links

Co-authored-by: Josh Gross <joshmgross@github.com>
2021-12-02 17:22:55 -05:00
Abir Majumdar 2863ef2206 Merge branch 'main' into adding-pmd-workflow 2021-12-02 08:46:08 -05:00
Marcel Wagner 9920cac8e9 Update text flow for cmake comment (#1054) 2021-12-02 09:21:29 +05:30
Jason Freeberg a48ef3a643 Update azure-webapps-node.yml (#1282) 2021-12-01 20:52:36 -05:00
Abir Majumdar 435b265ae0 Removing dupe 2021-12-01 17:02:40 -05:00
Abir Majumdar 3fd42f21fc Merge branch 'main' into adding-pmd-workflow 2021-12-01 16:05:16 -05:00
Abir Majumdar d2bba6f2d9 Adding icon 2021-12-01 16:03:49 -05:00
Abir Majumdar ce771c75d8 Referencing new official PMD github action 2021-12-01 15:50:22 -05:00
Myles Borins 4238ac653e chore: split npm publish into 2 workflows (#1281)
Currently we suggest that folks dual publish to both npm + gpr.

There are a large number of edge cases related to doing this and IMHO it is
not the best practice. Let's make two separate workflows.
2021-12-01 14:38:35 -05:00
Nick Fyson 7ebee84fa6 Merge pull request #1262 from apisec-inc/master
Added starter workflow to help get started with APIsec-Scan code-scanning Action
2021-12-01 12:45:02 +00:00
Anurag Chauhan a8de83bc48 Merge pull request #1268 from actions/update_azure_py_webapp_cache
Updating azure partner templates to use commitId for 3rd party actions and setup actions cache.
2021-12-01 15:19:00 +05:30
abdul-hai-apisec e99eb117c5 Merge remote-tracking branch 'origin/master' 2021-12-01 13:44:28 +05:30
abdul-hai-apisec 3f39a5a76b Removed the unwanted space in actions file.
Updated the logo to have only the shield portion.
2021-12-01 13:27:02 +05:30
anaarmas b629998430 replace unnecessary actions with shell commands 2021-11-30 09:56:40 +01:00
abdul-hai-apisec fa053f9bf1 Merge branch 'main' into master 2021-11-30 12:24:56 +05:30
anaarmas 1a37cd5345 add veracode workflow 2021-11-29 11:49:33 +01:00
Anurag Chauhan 3258466b26 Adding commit sha for 3rd party actions 2021-11-29 08:51:54 +00:00
Nick Fyson a85155b04a Merge pull request #1266 from actions/detekt_workflow
Add Detekt workflow template
2021-11-25 10:15:32 +00:00
Nick Fyson e1db44513b Merge branch 'main' into detekt_workflow 2021-11-25 10:07:09 +00:00
Anurag Chauhan b4ee598043 use setup cache option instead of action 2021-11-25 10:03:14 +00:00
Anurag Chauhan cb87b05b73 Merge pull request #1162 from JasonFreeberg/partner_templates
Add partner templates for Azure Web Apps
2021-11-25 12:03:45 +05:30
Jason Freeberg 1a67e08a9e Update azure-webapps-container.yml 2021-11-24 15:58:25 -08:00
Jason Freeberg 278aa7a82e Add dependency caching for .NET, Node, PHP, and Python workflows 2021-11-24 14:26:16 -08:00
Jason Freeberg 8fd6550c33 Revert overwrite from upstream pull 2021-11-24 14:20:00 -08:00
Jason Freeberg b9fd04a8cf Merge remote-tracking branch 'upstream/partner_templates' into partner_templates 2021-11-24 12:13:19 -08:00
Anurag Chauhan 2d4fbbba8f Merge pull request #1259 from FrodoTheTrue/update-google-deployment-2
Update google deployment starter workflow (partner_templates)
2021-11-24 15:47:21 +05:30
Anurag Chauhan 12aae3647b Merge branch 'partner_templates' into update-google-deployment-2 2021-11-24 13:38:23 +05:30
Anurag Chauhan a96cff48f1 Merge pull request #1207 from gambtho/thgamble/aksstarter
Deploy an application to AKS
2021-11-24 13:37:33 +05:30
anaarmas c4dadecc05 find a way to pin the SHA for detekt workflow template 2021-11-23 21:14:53 +01:00
abdul-hai-apisec 6439d558f4 Updated the names as per the pull request checklist. 2021-11-22 21:14:54 +05:30
abdul-hai-apisec 499e38bc3e Added starter workflow to help you get started with APIsec-Scan Actions. 2021-11-22 20:35:15 +05:30
Fedor Isakov 28856d6071 Update google deployment starter workflow 2021-11-19 20:46:53 +03:00
anaarmas 42dcf88eb9 add detekt workflow 2021-11-19 16:41:15 +01:00
Tom Gamble 2b3dac02b4 Merge branch 'partner_templates' into thgamble/aksstarter 2021-11-18 10:10:38 -05:00
gambtho 11147495c0 variable cleanup and comment additions 2021-11-18 07:30:10 -05:00
Jason Freeberg 757758750a Merge remote-tracking branch 'upstream/partner_templates' into partner_templates 2021-11-16 09:45:39 -08:00
Jason Freeberg 214aeaaafe Update quickstart link 2021-11-16 09:43:18 -08:00
Ashwin Sangem 4f8abda415 Updated the azure properties file to the main branch version. (#1251)
* Added Cloudrail according to instructions and existing examples

* Adding Cloudrail according to documentation and examples

* Oops

* Add original Fortify on Demand workflow

* Update Fortify on Demand workflow

* Update Fortify on Demand supported languages

* Add 3rd-party GitHub Actions disclaimer

* Sysdig Secure Inline Scan with SARIF report to starter workflows

* Added some extra comments, Github Actions V2 and changed env vars

* Reviews from PR #1110

* Adding 'Dockerfile' to category list

* Update according to PR review comments

* File renames as requested in PR comments

* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)

This reverts commit 7f30309cce.

* use env variables for user-set values (#1117)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Apply suggestions from nickfyson's code review

Co-authored-by: Nick Fyson <nickfyson@github.com>

* removing "deployment" templates from sync-ghes (#1127)

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Changed svg logo

* Rename sysdig.svg to sysdig-scan.svg

* Switched svg logo (again) for a better fit

* Rename fortify.json to fortify.properties.json

* Correct character-case of "c" in Cloudrail

* AWS template also used Docker

* trigger on push instead of release (#1157)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Adding MobSF starter workflow

* Adhering to pull request guidelines

* python: update to use python 3.10

Signed-off-by: Rui Chen <rui@chenrui.dev>

* Added new templates for 3 clouds.

* Revert "Added new templates for 3 clouds."

This reverts commit c765d6316f.

* Add ruby and update workflow

* Add workflow for Microsoft C++ Code Analysis

* Updated action to meet guidelines

* quote the version strings

* correct typo in msvc.properties.json

* Update codeql.properties.json

* Update code-scanning/properties/codeql.properties.json

Co-authored-by: Arthur Baars <arthur@semmle.com>

* Update codeql.properties.json

* Update codeql.properties.json

* Update code-scanning/mobsf.yml

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/mobsf.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Fixed typo in workflow that will cause every run to fail

* Update commit SHA

* r: use setup-r@1 and include r@4 for starter (#1169)

* r: use setup-r@1 and include r@4 for starter

Signed-off-by: Rui Chen <rui@chenrui.dev>

* use sha instead of tag for external action

Co-authored-by: Josh Gross <joshmgross@github.com>

Co-authored-by: Josh Gross <joshmgross@github.com>

* elixir: refresh dependencies (#1212)

- setup action got renamed into `setup-beam`
- update elixir and erlang versions

* Updated to main branch version.

Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Abir Majumdar <abirismyname@github.com>
Co-authored-by: Rui Chen <rui@chenrui.dev>
Co-authored-by: David Verdeguer <daverlo@github.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
Co-authored-by: David Verdeguer <47184891+Daverlo@users.noreply.github.com>
Co-authored-by: Arthur Baars <arthur@semmle.com>
Co-authored-by: Abir Majumdar <83433840+abirismyname@users.noreply.github.com>
Co-authored-by: Marco Gario <marcogario@github.com>
Co-authored-by: Andy McKay <andymckay@github.com>
2021-11-15 18:03:36 +05:30
Ashwin Sangem b1b3ae86ee Sync partner_templates with the main Branch. (#1250)
* Added Cloudrail according to instructions and existing examples

* Adding Cloudrail according to documentation and examples

* Oops

* Add original Fortify on Demand workflow

* Update Fortify on Demand workflow

* Update Fortify on Demand supported languages

* Add 3rd-party GitHub Actions disclaimer

* Sysdig Secure Inline Scan with SARIF report to starter workflows

* Added some extra comments, Github Actions V2 and changed env vars

* Reviews from PR #1110

* Adding 'Dockerfile' to category list

* Update according to PR review comments

* File renames as requested in PR comments

* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)

This reverts commit 7f30309cce.

* use env variables for user-set values (#1117)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Apply suggestions from nickfyson's code review

Co-authored-by: Nick Fyson <nickfyson@github.com>

* removing "deployment" templates from sync-ghes (#1127)

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Changed svg logo

* Rename sysdig.svg to sysdig-scan.svg

* Switched svg logo (again) for a better fit

* Rename fortify.json to fortify.properties.json

* Correct character-case of "c" in Cloudrail

* AWS template also used Docker

* trigger on push instead of release (#1157)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Adding MobSF starter workflow

* Adhering to pull request guidelines

* python: update to use python 3.10

Signed-off-by: Rui Chen <rui@chenrui.dev>

* Added new templates for 3 clouds.

* Revert "Added new templates for 3 clouds."

This reverts commit c765d6316f.

* Add ruby and update workflow

* Add workflow for Microsoft C++ Code Analysis

* Updated action to meet guidelines

* quote the version strings

* correct typo in msvc.properties.json

* Update codeql.properties.json

* Update code-scanning/properties/codeql.properties.json

Co-authored-by: Arthur Baars <arthur@semmle.com>

* Update codeql.properties.json

* Update codeql.properties.json

* Update code-scanning/mobsf.yml

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/mobsf.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Fixed typo in workflow that will cause every run to fail

* Update commit SHA

* r: use setup-r@1 and include r@4 for starter (#1169)

* r: use setup-r@1 and include r@4 for starter

Signed-off-by: Rui Chen <rui@chenrui.dev>

* use sha instead of tag for external action

Co-authored-by: Josh Gross <joshmgross@github.com>

Co-authored-by: Josh Gross <joshmgross@github.com>

* elixir: refresh dependencies (#1212)

- setup action got renamed into `setup-beam`
- update elixir and erlang versions

Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Abir Majumdar <abirismyname@github.com>
Co-authored-by: Rui Chen <rui@chenrui.dev>
Co-authored-by: David Verdeguer <daverlo@github.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
Co-authored-by: David Verdeguer <47184891+Daverlo@users.noreply.github.com>
Co-authored-by: Arthur Baars <arthur@semmle.com>
Co-authored-by: Abir Majumdar <83433840+abirismyname@users.noreply.github.com>
Co-authored-by: Marco Gario <marcogario@github.com>
Co-authored-by: Andy McKay <andymckay@github.com>
2021-11-15 13:47:17 +05:30
Ashwin Sangem 2f7dd74318 Dummy azure templates (#1249)
* Rename "azure.yml" to Node-specific name

* Add templates and properties for other languages

* Add workflow for .NET Core

* Add workflow and properties file for PHP

* Updates from PR review

* Fix EOF

* Use latest versions

* Renamed the file appropriately.

* Put the azure file back.

* Added azure back.

* Revert "Dummy azure templates for showcasing the CD Ordering Behavior (#1194)"

This reverts commit 9ce2a5b56f.

Co-authored-by: Jason Freeberg <jafreebe@microsoft.com>
2021-11-15 13:40:30 +05:30
Tom Gamble 50fcc151be Update aks.properties.json 2021-11-12 07:11:40 -05:00
Tom Gamble d739e93e5e Update aks.properties.json 2021-11-09 07:01:43 -05:00
Jason Freeberg 5354877aa0 enable caching 2021-11-03 18:10:02 -07:00
Jason Freeberg a561392dff Update azure-webapps-container.yml 2021-11-03 18:02:06 -07:00
Jason Freeberg 69f26d5fd6 Copy/paste error 2021-11-03 17:58:38 -07:00
Tom Gamble cde6fc6c14 Update aks.properties.json 2021-11-01 09:41:55 -04:00
gambtho 644f0a59aa step names and registry path 2021-10-28 23:05:42 -04:00
gambtho de6c8cbcf0 add aks starter 2021-10-28 22:58:17 -04:00
Anurag Chauhan abf0c13931 Merge pull request #1187 from simonaco/partner_templates
Add partner templates for Azure Static Web Apps
2021-10-28 11:35:52 +05:30
Abir Majumdar c3c12f1950 Adding pmd 2021-10-27 15:35:18 -04:00
Jason Freeberg e1ca1f58be typos 2021-10-27 12:23:24 -07:00
Jason Freeberg e176cd52cd Add more tech stack metadata to the properties files 2021-10-27 12:20:29 -07:00
Jason Freeberg 3893e3d7c8 Add setup instructions to the top 2021-10-27 12:20:09 -07:00
Simona Cotin 767ba11df2 update action version to v1 2021-10-26 13:15:05 +02:00
Simona Cotin 464fcecb39 Merge branch 'actions:partner_templates' into partner_templates 2021-10-26 13:13:11 +02:00
Ashwin Sangem c0fe29b09d Added Azure Id template back. (#1195)
* Rename "azure.yml" to Node-specific name

* Add templates and properties for other languages

* Add workflow for .NET Core

* Add workflow and properties file for PHP

* Updates from PR review

* Fix EOF

* Use latest versions

* Renamed the file appropriately.

* Put the azure file back.

* Added azure back.

Co-authored-by: Jason Freeberg <jafreebe@microsoft.com>
2021-10-25 22:06:21 +05:30
Ashwin Sangem 9ce2a5b56f Dummy azure templates for showcasing the CD Ordering Behavior (#1194)
* Rename "azure.yml" to Node-specific name

* Add templates and properties for other languages

* Add workflow for .NET Core

* Add workflow and properties file for PHP

* Updates from PR review

* Fix EOF

* Use latest versions

* Renamed the file appropriately.

Co-authored-by: Jason Freeberg <jafreebe@microsoft.com>
2021-10-25 21:16:06 +05:30
Ashwin Sangem 87a12c3391 Undo bug bash changes and Sync with the main branch (#1193)
* Added Cloudrail according to instructions and existing examples

* Adding Cloudrail according to documentation and examples

* Oops

* Add original Fortify on Demand workflow

* Update Fortify on Demand workflow

* Update Fortify on Demand supported languages

* Add 3rd-party GitHub Actions disclaimer

* Sysdig Secure Inline Scan with SARIF report to starter workflows

* Added some extra comments, Github Actions V2 and changed env vars

* Reviews from PR #1110

* Adding 'Dockerfile' to category list

* Update according to PR review comments

* File renames as requested in PR comments

* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)

This reverts commit 7f30309cce.

* use env variables for user-set values (#1117)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Apply suggestions from nickfyson's code review

Co-authored-by: Nick Fyson <nickfyson@github.com>

* removing "deployment" templates from sync-ghes (#1127)

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Changed svg logo

* Rename sysdig.svg to sysdig-scan.svg

* Switched svg logo (again) for a better fit

* Rename fortify.json to fortify.properties.json

* Correct character-case of "c" in Cloudrail

* AWS template also used Docker

* trigger on push instead of release (#1157)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Added new templates for 3 clouds.

* Revert "Added new templates for 3 clouds."

This reverts commit c765d6316f.

* Add workflow for Microsoft C++ Code Analysis

* Updated action to meet guidelines

* correct typo in msvc.properties.json

* Removed the dummy templates used in bug_bash.

Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
2021-10-25 19:30:04 +05:30
Jason Freeberg c78dd727e9 Use latest versions 2021-10-24 21:47:00 -07:00
Jason Freeberg b5113430d9 Fix EOF 2021-10-24 21:46:13 -07:00
Jason Freeberg 704eb638ce Updates from PR review 2021-10-24 21:45:21 -07:00
Jason Freeberg a702d187d1 Add workflow and properties file for PHP 2021-10-24 21:37:36 -07:00
Simona Cotin 27ebc235ee Add partner templates for Azure Static Web Apps 2021-10-22 13:00:26 +02:00
Ashwin Sangem 39293c2452 Deleting gcp dummy templates. (#1186) 2021-10-22 16:24:02 +05:30
Bishal Prasad cd0b591526 Update google_python.properties.json 2021-10-22 16:13:36 +05:30
Bishal Prasad 4abed744e3 Update azure_docker.properties.json 2021-10-22 16:12:34 +05:30
Bishal Prasad 7b8fcf2d84 Rename aws_java.yaml to aws_node.yaml 2021-10-22 16:11:57 +05:30
Bishal Prasad 2b39072b92 Rename aws_java.properties.json to aws_node.properties.json 2021-10-22 16:11:39 +05:30
Bishal Prasad 34a94290c1 Update aws_java.properties.json 2021-10-22 16:10:51 +05:30
Bishal Prasad 41027f9cb5 Update aws_dockerfile.properties.json 2021-10-22 16:08:40 +05:30
Bishal Prasad a7e746ef4e Rename aws_node.yaml to aws_java.yaml 2021-10-22 16:01:43 +05:30
Bishal Prasad 62a3686226 Rename aws_node.properties.json to aws_java.properties.json 2021-10-22 16:00:55 +05:30
Bishal Prasad ff38066101 Create aws_node.properties.json 2021-10-22 16:00:18 +05:30
Bishal Prasad 1ff952c678 Update aws_node.properties.json 2021-10-22 16:00:12 +05:30
Bishal Prasad 1d19515d95 Update google_java.properties.json 2021-10-22 15:58:29 +05:30
Bishal Prasad c3f7e66294 Update azure_docker.properties.json 2021-10-22 15:53:33 +05:30
Bishal Prasad d6e33d5f35 fix dummy template names (#1185) 2021-10-22 15:48:49 +05:30
Ashwin Sangem a3270e70de Add files via upload 2021-10-22 15:13:09 +05:30
Ashwin Sangem 0f29a0acbb Add files via upload 2021-10-22 15:12:17 +05:30
Ashwin Sangem 4e20b52618 Sync partner_templates branch with main (#1184)
* Added Cloudrail according to instructions and existing examples

* Adding Cloudrail according to documentation and examples

* Oops

* Add original Fortify on Demand workflow

* Update Fortify on Demand workflow

* Update Fortify on Demand supported languages

* Add 3rd-party GitHub Actions disclaimer

* Sysdig Secure Inline Scan with SARIF report to starter workflows

* Added some extra comments, Github Actions V2 and changed env vars

* Reviews from PR #1110

* Adding 'Dockerfile' to category list

* Update according to PR review comments

* File renames as requested in PR comments

* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)

This reverts commit 7f30309cce.

* use env variables for user-set values (#1117)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Apply suggestions from nickfyson's code review

Co-authored-by: Nick Fyson <nickfyson@github.com>

* removing "deployment" templates from sync-ghes (#1127)

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Changed svg logo

* Rename sysdig.svg to sysdig-scan.svg

* Switched svg logo (again) for a better fit

* Rename fortify.json to fortify.properties.json

* Correct character-case of "c" in Cloudrail

* AWS template also used Docker

* trigger on push instead of release (#1157)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Added new templates for 3 clouds.

* Revert "Added new templates for 3 clouds."

This reverts commit c765d6316f.

* Add workflow for Microsoft C++ Code Analysis

* Updated action to meet guidelines

* correct typo in msvc.properties.json

Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
Co-authored-by: Daniel Winsor <danwin@microsoft.com>
2021-10-22 14:47:00 +05:30
Jason Freeberg 4fad808870 Add workflow for .NET Core 2021-10-15 15:47:30 -07:00
Jason Freeberg e59c11c494 Add templates and properties for other languages 2021-10-15 15:33:45 -07:00
Jason Freeberg 21775ad05b Rename "azure.yml" to Node-specific name 2021-10-15 15:32:54 -07:00
Ashwin Sangem cbd5b645f1 Merge pull request #1110 from manuelbcd/main (#1155)
* Added Cloudrail according to instructions and existing examples

* Adding Cloudrail according to documentation and examples

* Oops

* Add original Fortify on Demand workflow

* Update Fortify on Demand workflow

* Update Fortify on Demand supported languages

* Add 3rd-party GitHub Actions disclaimer

* Sysdig Secure Inline Scan with SARIF report to starter workflows

* Added some extra comments, Github Actions V2 and changed env vars

* Reviews from PR #1110

* Adding 'Dockerfile' to category list

* Update according to PR review comments

* File renames as requested in PR comments

* Revert "Azure Data Factory CI starter workflow (#1111)" (#1146)

This reverts commit 7f30309cce.

* use env variables for user-set values (#1117)

Co-authored-by: Josh Gross <joshmgross@github.com>

* Apply suggestions from nickfyson's code review

Co-authored-by: Nick Fyson <nickfyson@github.com>

* removing "deployment" templates from sync-ghes (#1127)

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Update code-scanning/properties/sysdig-scan.properties.json

Co-authored-by: Nick Fyson <nickfyson@github.com>

* Changed svg logo

* Rename sysdig.svg to sysdig-scan.svg

* Switched svg logo (again) for a better fit

* Rename fortify.json to fortify.properties.json

Co-authored-by: Yoni Leitersdorf <y@indeni.com>
Co-authored-by: Ruud Senden <ruud.senden@microfocus.com>
Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local>
Co-authored-by: manuelbcd <manuel.boira@sysdig.com>
Co-authored-by: Nick Fyson <nickfyson@github.com>
Co-authored-by: Sarah Edwards <skedwards88@github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com>
Co-authored-by: manuelbcd <manuelbcd@gmail.com>
2021-10-08 17:31:42 +05:30
69 changed files with 1459 additions and 159 deletions
+1
View File
@@ -26,6 +26,7 @@ It is not:
- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
**For _CI_ workflows, the workflow:**
+1 -1
View File
@@ -17,7 +17,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
cache: gradle
- name: Grant execute permission for gradlew
+1 -1
View File
@@ -20,6 +20,6 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
- name: Build with Ant
run: ant -noinput -buildfile build.xml
+2 -3
View File
@@ -12,9 +12,8 @@ env:
jobs:
build:
# The CMake configure and build commands are platform agnostic and should work equally
# well on Windows or Mac. You can convert this to a matrix build if you need
# cross-platform coverage.
# The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
# You can convert this to a matrix build if you need cross-platform coverage.
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
runs-on: ubuntu-latest
+1 -1
View File
@@ -24,7 +24,7 @@ jobs:
- name: Setup Deno
# uses: denoland/setup-deno@v1
uses: denoland/setup-deno@004814556e37c54a2f6e31384c9e18e9833173669
uses: denoland/setup-deno@004814556e37c54a2f6e31384c9e18e983317366
with:
deno-version: v1.x
+30
View File
@@ -29,11 +29,27 @@ jobs:
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422
with:
cosign-release: 'v1.4.0'
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
@@ -55,9 +71,23 @@ jobs:
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+11 -3
View File
@@ -1,3 +1,7 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
@@ -21,17 +25,21 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Build with Gradle
run: gradle build
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
with:
arguments: build
# The USERNAME and TOKEN need to correspond to the credentials environment variables used in
# the publishing section of your build.gradle
- name: Publish to GitHub Packages
run: gradle publish
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
with:
arguments: publish
env:
USERNAME: ${{ github.actor }}
TOKEN: ${{ secrets.GITHUB_TOKEN }}
+8 -5
View File
@@ -1,3 +1,7 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
@@ -20,9 +24,8 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
cache: gradle
- name: Grant execute permission for gradlew
run: chmod +x gradlew
distribution: 'temurin'
- name: Build with Gradle
run: ./gradlew build
uses: gradle/gradle-build-action@937999e9cc2425eddc7fd62d1053baf041147db7
with:
arguments: build
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
+1 -1
View File
@@ -20,7 +20,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
cache: maven
- name: Build with Maven
run: mvn -B package --file pom.xml
+5 -1
View File
@@ -1,6 +1,10 @@
name: MSBuild
on: [push]
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
env:
# Path to the solution file relative to the root of the project.
+1 -1
View File
@@ -1,4 +1,4 @@
# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
name: Node.js CI
+36
View File
@@ -0,0 +1,36 @@
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
name: Node.js Package
on:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 16
- run: npm ci
- run: npm test
publish-gpr:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 16
registry-url: $registry-url(npm)
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+2 -19
View File
@@ -14,7 +14,7 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 14
node-version: 16
- run: npm ci
- run: npm test
@@ -25,26 +25,9 @@ jobs:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 14
node-version: 16
registry-url: https://registry.npmjs.org/
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
publish-gpr:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: 14
registry-url: $registry-url(npm)
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
@@ -0,0 +1,6 @@
{
"name": "Publish Node.js Package to GitHub Packages",
"description": "Publishes a Node.js package to GitHub Packages.",
"iconName": "node-package-transparent",
"categories": ["Continuous integration", "JavaScript", "npm"]
}
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "Publish Node.js Package",
"description": "Publishes a Node.js package to npm and GitHub Packages.",
"description": "Publishes a Node.js package to npm.",
"iconName": "node-package-transparent",
"categories": ["Continuous integration", "JavaScript", "npm"]
}
@@ -1,6 +0,0 @@
{
"name": "Rails - Install Dependencies and Run Linters",
"description": "Install dependencies and run linters on Rails application",
"iconName": "ruby",
"categories": ["Continuous integration", "Ruby", "Rails"]
}
@@ -0,0 +1,6 @@
{
"name": "Ruby on Rails continuous integration",
"description": "Build, lint, and test a Rails application",
"iconName": "rails",
"categories": ["Continuous integration", "Ruby", "Rails"]
}
+1 -1
View File
@@ -20,4 +20,4 @@ jobs:
pip install pylint
- name: Analysing the code with pylint
run: |
pylint `ls -R|grep .py$|xargs`
pylint $(git ls-files '*.py')
-32
View File
@@ -1,32 +0,0 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will download a prebuilt Ruby version, install dependencies, and run linters
name: Rails - Install dependencies and run linters
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
run-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Ruby and install gems
uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
with:
bundler-cache: true
# Add or Replace any other security checks here
- name: Run security checks
run: |
bin/bundler-audit --update
bin/brakeman -q -w2
# Add or Replace any other Linters here
- name: Run linters
run: |
bin/rubocop --parallel
+58
View File
@@ -0,0 +1,58 @@
# This workflow uses actions that are not certified by GitHub. They are
# provided by a third-party and are governed by separate terms of service,
# privacy policy, and support documentation.
#
# This workflow will install a prebuilt Ruby version, install dependencies, and
# run tests and linters.
name: "Ruby on Rails CI"
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:11-alpine
ports:
- "5432:5432"
env:
POSTGRES_DB: rails_test
POSTGRES_USER: rails
POSTGRES_PASSWORD: password
env:
RAILS_ENV: test
DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"
steps:
- name: Checkout code
uses: actions/checkout@v2
# Add or replace dependency steps here
- name: Install Ruby and gems
uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92
with:
bundler-cache: true
# Add or replace database setup steps here
- name: Set up database schema
run: bin/rails db:schema:load
# Add or replace test runners here
- name: Run tests
run: bin/rake
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install Ruby and gems
uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92
with:
bundler-cache: true
# Add or replace any other lints here
- name: Security audit dependencies
run: bin/bundler-audit --update
- name: Security audit application code
run: bin/brakeman -q -w2
- name: Lint Ruby files
run: bin/rubocop --parallel
+1 -1
View File
@@ -17,6 +17,6 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'adopt'
distribution: 'temurin'
- name: Run tests
run: sbt test
+7 -1
View File
@@ -20,8 +20,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
Anchore-Build-Scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- name: Checkout the code
@@ -36,4 +42,4 @@ jobs:
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
sarif_file: results.sarif
+64
View File
@@ -0,0 +1,64 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# APIsec addresses the critical need to secure APIs before they reach production.
# APIsec provides the industrys only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.
# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
# How to Get Started with APIsec.ai
# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
#
# 2. Register your account at https://cloud.fxlabs.io/#/signup .
#
# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
#
# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
#
# apisec-run-scan
#
# This action triggers the on-demand scans for projects registered in APIsec.
# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings.
# Else you can view the scan results from the project home page in APIsec Platform.
# The link to view the scan results is also displayed on the console on successful completion of action.
# This is a starter workflow to help you get started with APIsec-Scan Actions
name: APIsec
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the $default-branch branch
# Customize trigger events based on your DevSecOps processes.
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
Trigger APIsec scan:
runs-on: ubuntu-latest
steps:
- name: APIsec scan
uses: apisec-inc/apisec-run-scan@f62d0c6fae8a80f97b091a323befdb56e6ad9993
with:
# The APIsec username with which the scans will be executed
apisec-username: ${{ secrets.apisec_username }}
# The Password of the APIsec user with which the scans will be executed
apisec-password: ${{ secrets.apisec_password}}
# The name of the project for security scan
apisec-project: "VAmPI"
# The name of the sarif format result file The file is written only if this property is provided.
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ./apisec-results.sarif
+13 -3
View File
@@ -17,10 +17,18 @@ on:
- cron: $cron-weekly
# A workflow run is made up of one or more jobs that can run sequentially or in parallel - this job is specifically configured to use the Checkmarx CxFlow Action
permissions:
contents: read
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on - Ubuntu is required as Docker is leveraged for the action
permissions:
contents: read # for actions/checkout to fetch code
issues: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to github issues
pull-requests: write # for checkmarx-ts/checkmarx-cxflow-github-action to write feedback to PR
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
# Steps require - checkout code, run CxFlow Action, Upload SARIF report (optional)
@@ -29,14 +37,16 @@ jobs:
- uses: actions/checkout@v2
# Runs the Checkmarx Scan leveraging the latest version of CxFlow - REFER to Action README for list of inputs
- name: Checkmarx CxFlow Action
uses: checkmarx-ts/checkmarx-cxflow-github-action@04e6403dbbfee0fd3fb076e5791202c31c54fe6b
uses: checkmarx-ts/checkmarx-cxflow-github-action@9975af7d6b957abec9ee9646effa3fb3b82c5314
with:
project: GithubActionTest
team: '\CxServer\SP\Checkmarx'
project: ${{ secrets.CHECKMARX_PROJECT }}
team: ${{ secrets.CHECKMARX_TEAMS }}
checkmarx_url: ${{ secrets.CHECKMARX_URL }}
checkmarx_username: ${{ secrets.CHECKMARX_USERNAME }}
checkmarx_password: ${{ secrets.CHECKMARX_PASSWORD }}
checkmarx_client_secret: ${{ secrets.CHECKMARX_CLIENT_SECRET }}
scanners: sast
params: --namespace=${{ github.repository_owner }} --repo-name=${{ github.event.repository.name }} --branch=${{ github.ref }} --cx-flow.filterSeverity --cx-flow.filterCategory
# Upload the Report for CodeQL/Security Alerts
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
+6
View File
@@ -22,8 +22,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
codacy-security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
+6
View File
@@ -33,8 +33,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
rest-api-static-security-testing:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for 42Crunch/api-security-audit-action to upload results to Github Code Scanning
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
+118
View File
@@ -0,0 +1,118 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow performs a static analysis of your Kotlin source code using
# Detekt.
#
# Scans are triggered:
# 1. On every push to default and protected branches
# 2. On every Pull Request targeting the default branch
# 3. On a weekly schedule
# 4. Manually, on demand, via the "workflow_dispatch" event
#
# The workflow should work with no modifications, but you might like to use a
# later version of the Detekt CLI by modifing the $DETEKT_RELEASE_TAG
# environment variable.
name: Scan with Detekt
on:
# Triggers the workflow on push or pull request events but only for default and protected branches
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
# Release tag associated with version of Detekt to be installed
# SARIF support (required for this workflow) was introduced in Detekt v1.15.0
DETEKT_RELEASE_TAG: v1.15.0
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "scan"
scan:
name: Scan
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
# Gets the download URL associated with the $DETEKT_RELEASE_TAG
- name: Get Detekt download URL
id: detekt_info
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api graphql --field tagName=$DETEKT_RELEASE_TAG --raw-field query='
query getReleaseAssetDownloadUrl($tagName: String!) {
repository(name: "detekt", owner: "detekt") {
release(tagName: $tagName) {
releaseAssets(name: "detekt", first: 1) {
nodes {
downloadUrl
}
}
tagCommit {
oid
}
}
}
}
' 1> gh_response.json
DETEKT_RELEASE_SHA=$(jq --raw-output '.data.repository.release.releaseAssets.tagCommit.oid' gh_response.json)
if [ $DETEKT_RELEASE_SHA != "37f0a1d006977512f1f216506cd695039607c3e5" ]; then
echo "Release tag doesn't match expected commit SHA"
exit 1
fi
DETEKT_DOWNLOAD_URL=$(jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' gh_response.json)
echo "::set-output name=download_url::$DETEKT_DOWNLOAD_URL"
# Sets up the detekt cli
- name: Setup Detekt
run: |
dest=$( mktemp -d )
curl --request GET \
--url ${{ steps.detekt_info.outputs.download_url }} \
--silent \
--location \
--output $dest/detekt
chmod a+x $dest/detekt
echo $dest >> $GITHUB_PATH
# Performs static analysis using Detekt
- name: Run Detekt
continue-on-error: true
run: |
detekt --input ${{ github.workspace }} --report sarif:${{ github.workspace }}/detekt.sarif.json
# Modifies the SARIF output produced by Detekt so that absolute URIs are relative
# This is so we can easily map results onto their source files
# This can be removed once relative URI support lands in Detekt: https://git.io/JLBbA
- name: Make artifact location URIs relative
continue-on-error: true
run: |
echo "$(
jq \
--arg github_workspace ${{ github.workspace }} \
'. | ( .runs[].results[].locations[].physicalLocation.artifactLocation.uri |= if test($github_workspace) then .[($github_workspace | length | . + 1):] else . end )' \
${{ github.workspace }}/detekt.sarif.json
)" > ${{ github.workspace }}/detekt.sarif.json
# Uploads results to GitHub repository using the upload-sarif action
- uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: ${{ github.workspace }}/detekt.sarif.json
checkout_path: ${{ github.workspace }}
+6
View File
@@ -17,8 +17,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
njsscan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
name: njsscan code scanning
steps:
+36
View File
@@ -0,0 +1,36 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: pmd
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
jobs:
pmd-code-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
java-version: '11'
distribution: 'temurin'
- name: Run PMD
id: pmd
uses: pmd/pmd-github-action@967a81f8b657c87f7c3e96b62301cb1a48efef29
with:
rulesets: 'rulesets/java/quickstart.xml'
sourcePath: 'src/main/java'
analyzeModifiedFilesOnly: false
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: pmd-report.sarif
@@ -0,0 +1,24 @@
{
"name": "APIsec Scan",
"creator": "APIsec",
"description": "APIsec provides the industrys only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.",
"iconName": "apisec",
"categories": [
"Code Scanning",
"C",
"C#",
"C++",
"Go",
"Java",
"JavaScript",
"Kotlin",
"Objective C",
"PHP",
"Python",
"Ruby",
"Rust",
"Scala",
"Swift",
"TypeScript"
]
}
@@ -1,7 +1,7 @@
{
"name": "cloudrail",
"creator": "Indeni Cloudrail",
"description": "Cloudrail can be used to scan your infrastructure-as-code files for potential security and compliance issues. The Cloudrail action is often used as part of both CI workflows (on pull_request) and on CD workflows to identify potential issues.",
"description": "Cloudrail can be used to scan your infrastructure-as-code files for potential security and compliance issues.",
"iconName": "cloudrail",
"categories": ["Code Scanning", "HCL"]
}
@@ -0,0 +1,8 @@
{
"name": "Detekt",
"creator": "Detekt",
"description": "Static code analysis for Kotlin",
"iconName": "detekt",
"categories": ["Code Scanning", "Kotlin"],
"enterprise": false
}
@@ -0,0 +1,18 @@
{
"name": "pmd",
"creator": "pmd",
"description": "PMD is a static source code analyzer. It supports Java, JavaScript, Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.",
"iconName": "pmd",
"categories": [
"Code Scanning",
"Java",
"JavaScript",
"Apex",
"Modelica",
"PLSQL",
"Apache Velocity",
"XML",
"XSl",
"Scala"
]
}
@@ -0,0 +1,7 @@
{
"name": "OSSF Scorecards",
"creator": "Open Source Security Foundation (OpenSSF)",
"description": "Scorecards is a static supply-chain security analysis tool to assess the security posture of your project",
"iconName": "scorecards",
"categories": ["Code Scanning"]
}
@@ -0,0 +1,7 @@
{
"name": "Veracode Static Analysis",
"creator": "Veracode",
"description": "Get fast feedback on flaws with Veracode Static Analysis and the pipeline scan. Break the build based on flaw severity and CWE category.",
"iconName": "veracode",
"categories": ["Code Scanning", "javascript", "python", "java", "php", "c#", "c", "c++", "ruby", "swift", "go", "kotlin", "scala", "groovy", "tsql", "plsql", "perl", "cobol"]
}
+55
View File
@@ -0,0 +1,55 @@
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
- cron: $cron-weekly
push:
branches: [ $default-branch ]
# Declare default permissions as read only.
permissions: read-all
jobs:
analysis:
name: Scorecards analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
actions: read
contents: read
steps:
- name: "Checkout code"
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@c8416b0b2bf627c349ca92fc8e3de51a64b005cf # v1.0.2
with:
results_file: results.sarif
results_format: sarif
# Read-only PAT token. To create it,
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Publish the results to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories, `publish_results` will automatically be set to `false`,
# regardless of the value entered here.
publish_results: true
# Upload the results as artifacts (optional).
- name: "Upload artifact"
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
with:
sarif_file: results.sarif
+6
View File
@@ -19,8 +19,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
semgrep:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Scan
runs-on: ubuntu-latest
steps:
+6
View File
@@ -37,8 +37,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
stackhawk:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info
name: StackHawk
runs-on: ubuntu-20.04
steps:
+6
View File
@@ -14,8 +14,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
build:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Build
runs-on: "ubuntu-18.04"
steps:
+51
View File
@@ -0,0 +1,51 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will initiate a Veracode Static Analysis Pipeline scan, return a results.json and convert to SARIF for upload as a code scanning alert
name: Veracode Static Analysis Pipeline Scan
on:
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter
build-and-pipeline-scan:
# The type of runner that the job will run on
runs-on: ubuntu-latest
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it and copies all sources into ZIP file for submitting for analysis. Replace this section with your applications build steps
- uses: actions/checkout@v2
with:
repository: ''
- run: zip -r veracode-scan-target.zip ./
# download the Veracode Static Analysis Pipeline scan jar
- run: curl --silent --show-error --fail -O https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
- run: unzip -o pipeline-scan-LATEST.zip
- uses: actions/setup-java@v1
with:
java-version: 1.8
- run: java -jar pipeline-scan.jar --veracode_api_id "${{secrets.VERACODE_API_ID}}" --veracode_api_key "${{secrets.VERACODE_API_KEY}}" --fail_on_severity="Very High, High" --file veracode-scan-target.zip
continue-on-error: true
- name: Convert pipeline scan output to SARIF format
id: convert
uses: veracode/veracode-pipeline-scan-results-to-sarif@ff08ae5b45d5384cb4679932f184c013d34da9be
with:
pipeline-results-json: results.json
- uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: veracode-results.sarif
+82
View File
@@ -0,0 +1,82 @@
# This workflow will build and push a Docker container to an Azure Web App when a commit is pushed to your default branch.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-custom-container?tabs=dotnet&pivots=container-linux
#
# To configure this workflow:
#
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
#
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Create a GitHub Personal access token with "repo" and "read:packages" permissions.
#
# 4. Create three app settings on your Azure Web app:
# DOCKER_REGISTRY_SERVER_URL: Set this to "https://ghcr.io"
# DOCKER_REGISTRY_SERVER_USERNAME: Set this to the GitHub username or organization that owns the repository
# DOCKER_REGISTRY_SERVER_PASSWORD: Set this to the value of your PAT token from the previous step
#
# 5. Change the value for the AZURE_WEBAPP_NAME.
#
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
name: Build and deploy a container to an Azure Web App
env:
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
on:
push:
branches:
- $default-branch
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Log in to GitHub container registry
uses: docker/login-action@v1.10.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Lowercase the repo name and username
run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
- name: Build and push container image to registry
uses: docker/build-push-action@v2
with:
push: true
tags: ghcr.io/${{ env.REPO }}:${{ github.sha }}
file: ./Dockerfile
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Development'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Lowercase the repo name and username
run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
images: 'ghcr.io/${{ env.REPO }}:${{ github.sha }}'
+80
View File
@@ -0,0 +1,80 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
# For instructions see https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
# https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
# 1. Set the following secrets in your repository:
# - AZURE_CREDENTIALS (instructions for getting this https://github.com/Azure/login#configure-a-service-principal-with-a-secret)
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry)
# - PROJECT_NAME
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
#
# 3. Choose the approrpiate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes helm, then set
# any needed environment variables such as:
# - CHART_PATH
# - CHART_OVERRIDE_PATH
#
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
# For more options with the actions used below please see the folllowing
# https://github.com/Azure/login
# https://github.com/Azure/aks-set-context
# https://github.com/marketplace/actions/azure-cli-action
# https://github.com/Azure/k8s-bake
# https://github.com/Azure/k8s-deploy
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Build image on ACR
uses: azure/CLI@v1
with:
azcliversion: 2.29.1
inlineScript: |
az configure --defaults acr=${{ env.AZURE_CONTAINER_REGISTRY }}
az acr build -t -t ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.PROJECT_NAME }}:${{ github.sha }}
- name: Gets K8s context
uses: azure/aks-set-context@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
id: login
- name: Configure deployment
uses: azure/k8s-bake@v1
with:
renderEngine: 'helm'
helmChart: ${{ env.CHART_PATH }}
overrideFiles: ${{ env.CHART_OVERRIDE_PATH }}
overrides: |
replicas:2
helm-version: 'latest'
id: bake
- name: Deploys application
- uses: Azure/k8s-deploy@v1
with:
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.PROJECT_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.PROJECT_NAME }}
+64
View File
@@ -0,0 +1,64 @@
# This workflow will build and push a web application to an Azure Static Web App when you change your code.
#
# This workflow assumes you have already created the target Azure Static Web App.
# For instructions see https://docs.microsoft.com/azure/static-web-apps/get-started-portal?tabs=vanilla-javascript
#
# To configure this workflow:
#
# 1. Set up a secret in your repository named AZURE_STATIC_WEB_APPS_API_TOKEN with the value of your Static Web Apps deployment token.
# For instructions on obtaining the deployment token see: https://docs.microsoft.com/azure/static-web-apps/deployment-token-management
#
# 3. Change the values for the APP_LOCATION, API_LOCATION and APP_ARTIFACT_LOCATION, AZURE_STATIC_WEB_APPS_API_TOKEN environment variables (below).
# For instructions on setting up the appropriate configuration values go to https://docs.microsoft.com/azure/static-web-apps/front-end-frameworks
name: Deploy web app to Azure Static Web Apps
on:
push:
branches:
- $default-branch
pull_request:
types: [opened, synchronize, reopened, closed]
branches:
- $default-branch
# Environment variables available to all jobs and steps in this workflow
env:
APP_LOCATION: "/" # location of your client code
API_LOCATION: "api" # location of your api source code - optional
APP_ARTIFACT_LOCATION: "build" # location of client code build output
AZURE_STATIC_WEB_APPS_API_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing deployment token for your static web app
jobs:
build_and_deploy_job:
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed')
runs-on: ubuntu-latest
name: Build and Deploy Job
steps:
- uses: actions/checkout@v2
with:
submodules: true
- name: Build And Deploy
id: builddeploy
uses: Azure/static-web-apps-deploy@v1
with:
azure_static_web_apps_api_token: ${{ env.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing api token for app
repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments)
action: "upload"
###### Repository/Build Configurations - These values can be configured to match you app requirements. ######
# For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig
app_location: ${{ env.APP_LOCATION }}
api_location: ${{ env.API_LOCATION }}
app_artifact_location: ${{ env.APP_ARTIFACT_LOCATION }}
###### End of Repository/Build Configurations ######
close_pull_request_job:
if: github.event_name == 'pull_request' && github.event.action == 'closed'
runs-on: ubuntu-latest
name: Close Pull Request Job
steps:
- name: Close Pull Request
id: closepullrequest
uses: Azure/static-web-apps-deploy@v1
with:
azure_static_web_apps_api_token: ${{ env.AZURE_STATIC_WEB_APPS_API_TOKEN }} # secret containing api token for app
action: "close"
+84
View File
@@ -0,0 +1,84 @@
# This workflow will build and push a .NET Core app to an Azure Web App when a commit is pushed to your default branch.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-dotnetcore?tabs=net60&pivots=development-environment-vscode
#
# To configure this workflow:
#
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
#
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and DOTNET_VERSION environment variables below.
#
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
name: Build and deploy ASP.Net Core app to an Azure Web App
env:
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
DOTNET_VERSION: '5' # set this to the .NET Core version to use
on:
push:
branches:
- $default-branch
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up .NET Core
uses: actions/setup-dotnet@v1
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Set up dependency caching for faster builds
uses: actions/cache@v2
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
restore-keys: |
${{ runner.os }}-nuget-
- name: Build with dotnet
run: dotnet build --configuration Release
- name: dotnet publish
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/myapp
- name: Upload artifact for deployment job
uses: actions/upload-artifact@v2
with:
name: .net-app
path: ${{env.DOTNET_ROOT}}/myapp
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Development'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact@v2
with:
name: .net-app
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
+73
View File
@@ -0,0 +1,73 @@
# This workflow will build and push a Java application to an Azure Web App when a commit is pushed to your default branch.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-java?tabs=javase&pivots=platform-linux
#
# To configure this workflow:
#
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
#
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the JAVA_VERSION environment variable below.
#
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
name: Build and deploy JAR app to Azure Web App
env:
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
JAVA_VERSION: '11' # set this to the Java version to use
on:
push:
branches:
- $default-branch
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Java version
uses: actions/setup-java@v2.3.1
with:
java-version: ${{ env.JAVA_VERSION }}
cache: 'maven'
- name: Build with Maven
run: mvn clean install
- name: Upload artifact for deployment job
uses: actions/upload-artifact@v2
with:
name: java-app
path: '${{ github.workspace }}/target/*.jar'
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Development'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact@v2
with:
name: java-app
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: '*.jar'
+74
View File
@@ -0,0 +1,74 @@
# This workflow will build and push a node.js application to an Azure Web App when a commit is pushed to your default branch.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-nodejs?tabs=linux&pivots=development-environment-cli
#
# To configure this workflow:
#
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
#
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables below.
#
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
on:
push:
branches:
- $default-branch
workflow_dispatch:
env:
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '14.x' # set this to the node version to use
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: npm install, build, and test
run: |
npm install
npm run build --if-present
npm run test --if-present
- name: Upload artifact for deployment job
uses: actions/upload-artifact@v2
with:
name: node-app
path: .
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Development'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact@v2
with:
name: node-app
- name: 'Deploy to Azure WebApp'
id: deploy-to-webapp
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
+95
View File
@@ -0,0 +1,95 @@
# This workflow will build and push a PHP application to an Azure Web App when a commit is pushed to your default branch.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-php?pivots=platform-linux
#
# To configure this workflow:
#
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
#
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and PHP_VERSION environment variables below.
#
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
name: Build and deploy PHP app to Azure Web App
on:
push:
branches:
- $default-branch
workflow_dispatch:
env:
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
PHP_VERSION: '8.x' # set this to the PHP version to use
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup PHP
uses: shivammathur/setup-php@7c0b4c8c8ebed23eca9ec2802474895d105b11bc
with:
php-version: ${{ env.PHP_VERSION }}
- name: Check if composer.json exists
id: check_files
uses: andstor/file-existence-action@87d74d4732ddb824259d80c8a508c0124bf1c673
with:
files: 'composer.json'
- name: Get Composer Cache Directory
id: composer-cache
if: steps.check_files.outputs.files_exists == 'true'
run: |
echo "::set-output name=dir::$(composer config cache-files-dir)"
- name: Set up dependency caching for faster installs
uses: actions/cache@v2
if: steps.check_files.outputs.files_exists == 'true'
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Run composer install if composer.json exists
if: steps.check_files.outputs.files_exists == 'true'
run: composer validate --no-check-publish && composer install --prefer-dist --no-progress
- name: Upload artifact for deployment job
uses: actions/upload-artifact@v2
with:
name: php-app
path: .
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Development'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact@v2
with:
name: php-app
- name: 'Deploy to Azure Web App'
id: deploy-to-webapp
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: .
+82
View File
@@ -0,0 +1,82 @@
# This workflow will build and push a Python application to an Azure Web App when a commit is pushed to your default branch.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-python?tabs=bash&pivots=python-framework-flask
#
# To configure this workflow:
#
# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
#
# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the PYTHON_VERSION environment variables below.
#
# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
name: Build and deploy Python app to Azure Web App
env:
AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
PYTHON_VERSION: '3.8' # set this to the Python version to use
on:
push:
branches:
- $default-branch
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Python version
uses: actions/setup-python@v2.2.2
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip'
- name: Create and start virtual environment
run: |
python -m venv venv
source venv/bin/activate
- name: Install dependencies
run: pip install -r requirements.txt
# Optional: Add step to run tests here (PyTest, Django test suites, etc.)
- name: Upload artifact for deployment jobs
uses: actions/upload-artifact@v2
with:
name: python-app
path: |
.
!venv/
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Development'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact@v2
with:
name: python-app
path: .
- name: 'Deploy to Azure Web App'
id: deploy-to-webapp
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
-51
View File
@@ -1,51 +0,0 @@
# This workflow will build and push a node.js application to an Azure Web App when there is a push to the $default-branch branch.
#
# This workflow assumes you have already created the target Azure App Service web app.
# For instructions see https://docs.microsoft.com/azure/app-service/app-service-plan-manage#create-an-app-service-plan
#
# To configure this workflow:
#
# 1. For Linux apps, add an app setting called WEBSITE_WEBDEPLOY_USE_SCM and set it to true in your app **before downloading the file**.
# For more instructions see: https://docs.microsoft.com/azure/app-service/configure-common#configure-app-settings
#
# 2. Set up a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE with the value of your Azure publish profile.
# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
#
# 3. Change the values for the AZURE_WEBAPP_NAME, AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables (below).
#
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
on:
push:
branches:
- $default-branch
env:
AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
NODE_VERSION: '10.x' # set this to the node version to use
jobs:
build-and-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v2
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v2
with:
node-version: ${{ env.NODE_VERSION }}
- name: npm install, build, and test
run: |
# Build and test the project, then
# deploy to Azure Web App.
npm install
npm run build --if-present
npm run test --if-present
- name: 'Deploy to Azure WebApp'
uses: azure/webapps-deploy@v2
with:
app-name: ${{ env.AZURE_WEBAPP_NAME }}
publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
+31 -20
View File
@@ -4,11 +4,11 @@
#
# 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc.
#
# 2. Set up secrets in your workspace: GKE_PROJECT with the name of the project and GKE_SA_KEY with the Base64 encoded JSON service account key (https://github.com/GoogleCloudPlatform/github-actions/tree/docs/service-account-key/setup-gcloud#inputs).
# 2. Create and configure a Workload Identity Provider for GitHub (https://github.com/google-github-actions/auth#setting-up-workload-identity-federation)
#
# 3. Change the values for the GKE_ZONE, GKE_CLUSTER, IMAGE, and DEPLOYMENT_NAME environment variables (below).
# 3. Change the values for the GAR_LOCATION, GKE_ZONE, GKE_CLUSTER, IMAGE, REPOSITORY and DEPLOYMENT_NAME environment variables (below).
#
# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke
# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke-kustomize
name: Build and Deploy to GKE
@@ -19,9 +19,11 @@ on:
env:
PROJECT_ID: ${{ secrets.GKE_PROJECT }}
GAR_LOCATION: us-central1 # TODO: update region of the Artifact Registry
GKE_CLUSTER: cluster-1 # TODO: update to cluster name
GKE_ZONE: us-central1-c # TODO: update to cluster zone
DEPLOYMENT_NAME: gke-test # TODO: update to deployment name
REPOSITORY: samples # TODO: update to Artifact Registry docker repository
IMAGE: static-site
jobs:
@@ -30,52 +32,61 @@ jobs:
runs-on: ubuntu-latest
environment: production
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Checkout
uses: actions/checkout@v2
# Setup gcloud CLI
- uses: google-github-actions/setup-gcloud@v0.2.0
# Configure Workload Identity Federation and generate an access token.
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v0'
with:
service_account_key: ${{ secrets.GKE_SA_KEY }}
project_id: ${{ secrets.GKE_PROJECT }}
token_format: 'access_token'
workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider'
service_account: 'my-service-account@my-project.iam.gserviceaccount.com'
# Configure Docker to use the gcloud command-line tool as a credential
# helper for authentication
- run: |-
gcloud --quiet auth configure-docker
# Alternative option - authentication via credentials json
# - id: 'auth'
# uses: 'google-github-actions/auth@v0'
# with:
# credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: Docker configuration
run: |-
echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GAR_LOCATION-docker.pkg.dev
# Get the GKE credentials so we can deploy to the cluster
- uses: google-github-actions/get-gke-credentials@v0.2.1
- name: Set up GKE credentials
uses: google-github-actions/get-gke-credentials@v0
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_ZONE }}
credentials: ${{ secrets.GKE_SA_KEY }}
# Build the Docker image
- name: Build
run: |-
docker build \
--tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \
--tag "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" \
--build-arg GITHUB_SHA="$GITHUB_SHA" \
--build-arg GITHUB_REF="$GITHUB_REF" \
.
# Push the Docker image to Google Container Registry
# Push the Docker image to Google Artifact Registry
- name: Publish
run: |-
docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA"
docker push "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA"
# Set up kustomize
- name: Set up Kustomize
run: |-
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
chmod u+x ./kustomize
# Deploy the Docker image to the GKE cluster
- name: Deploy
run: |-
./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA
# replacing the image name in the k8s template
./kustomize edit set image LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG=$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA
./kustomize build . | kubectl apply -f -
kubectl rollout status deployment/$DEPLOYMENT_NAME
kubectl get services -o wide
@@ -0,0 +1,7 @@
{
"name": "Deploy a container to an Azure Web App",
"description": "Build a container and deploy it to an Azure Web App.",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment", "Dockerfile"]
}
@@ -0,0 +1,7 @@
{
"name": "Deploy to a AKS Cluster",
"description": "Deploy an application to a Azure Kubernetes Service Cluster using Azure Credentials",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment", "Kompose", "Helm", "Kustomize", "Kubernetes", "Dockerfile"]
}
@@ -0,0 +1,7 @@
{
"name": "Deploy web app to Azure Static Web Apps",
"description": "Build and deploy web application to an Azure Static Web App.",
"creator": "Microsoft Azure",
"iconName": "azure-staticwebapp",
"categories": ["Deployment", "React", "Angular", "Vue", "Svelte", "Gatsby", "Next", "Nuxt", "Jekyll", "Blazor"]
}
@@ -0,0 +1,7 @@
{
"name": "Deploy a .NET Core app to an Azure Web App",
"description": "Build a .NET Core project and deploy it to an Azure Web App.",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment", "C#", "aspNetCore"]
}
@@ -0,0 +1,7 @@
{
"name": "Deploy a Java .jar app to an Azure Web App",
"description": "Build a Java project and deploy it to an Azure Web App.",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment", "Java", "Maven"]
}
@@ -3,5 +3,5 @@
"description": "Build a Node.js project and deploy it to an Azure Web App.",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment"]
}
"categories": ["Deployment", "JavaScript", "TypeScript", "npm"]
}
@@ -0,0 +1,7 @@
{
"name": "Deploy a PHP app to an Azure Web App",
"description": "Build a PHP app and deploy it to an Azure Web App.",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment", "PHP"]
}
@@ -0,0 +1,7 @@
{
"name": "Deploy a Python app to an Azure Web App",
"description": "Build a Python app and deploy it to an Azure Web App.",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment", "Python", "Django", "Flask", "Pip"]
}
@@ -3,5 +3,5 @@
"description": "Build a docker container, publish it to Google Container Registry, and deploy to GKE.",
"creator": "Google Cloud",
"iconName": "googlegke",
"categories": ["Deployment", "Dockerfile"]
"categories": ["Deployment", "Dockerfile", "Kubernetes", "Kustomize"]
}
+9
View File
@@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="533px" height="617px" viewBox="0 0 533 617" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<title>Fill 11</title>
<g id="Screens" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="Logo-Mark" transform="translate(-484.000000, -442.000000)" fill="#025C7A">
<path d="M746.975832,712.678783 C764.128375,712.678783 778.123597,726.606828 778.123597,743.759372 C778.123597,760.889523 764.128375,774.884745 746.975832,774.884745 C729.823288,774.884745 715.872851,760.889523 715.872851,743.759372 C715.872851,726.606828 729.823288,712.678783 746.975832,712.678783 L746.975832,712.678783 Z M746.707124,442 L484,586.565042 L484,707.618111 C483.977626,778.26599 504.444238,846.876165 543.183012,905.991981 C581.944178,965.063013 636.693485,1011.16887 701.541744,1039.38324 L745.385975,1058.39435 L777.048764,1044.35434 L777.048764,829.90276 C812.76457,817.407826 838.605347,783.707332 838.605347,743.759372 C838.605347,693.264612 797.515376,652.174641 746.975832,652.174641 C696.481072,652.174641 655.391101,693.264612 655.391101,743.759372 C655.391101,783.729725 681.231878,817.430219 716.947684,829.90276 L716.947684,979.39412 C666.945556,955.725401 624.512044,919.091509 594.080834,872.69455 C561.858236,823.498547 544.817654,766.442827 544.817654,707.662896 L544.817654,622.504771 L546.317941,621.676254 L747.132578,511.192376 L748.520904,511.931324 L955.493439,622.706302 L955.493439,704.304043 C955.560616,763.845314 938.161756,821.550412 905.155425,871.127085 C892.526137,890.09341 877.456083,907.805762 860.325931,923.838688 L860.325931,1001.60734 C898.392934,975.408281 930.481178,942.87219 955.762147,904.872364 C995.463792,845.3087 1016.35586,775.937185 1016.26658,704.348827 L1016.26658,586.318726 L746.707124,442 Z" id="Fill-11"></path>
</g>
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.9 KiB

+17
View File
@@ -0,0 +1,17 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 18 18" width="18" height="18">
<defs>
<linearGradient id="e6ad4df9-0ab7-4b49-9706-620b42380f0b" x1="9" y1="16.236" x2="9" y2="5.599" gradientUnits="userSpaceOnUse">
<stop offset="0" stop-color="#005ba1" />
<stop offset="0.775" stop-color="#0078d4" />
</linearGradient>
</defs>
<g id="e7885b9c-9714-4276-bd41-591cb7e086a5">
<path d="M0,5.6H18a0,0,0,0,1,0,0V15.635a.6.6,0,0,1-.6.6H.6a.6.6,0,0,1-.6-.6V5.6A0,0,0,0,1,0,5.6Z" fill="url(#e6ad4df9-0ab7-4b49-9706-620b42380f0b)" />
<rect x="1.309" y="6.657" width="15.527" height="8.514" rx="0.6" fill="#5ea0ef" opacity="0.6" />
<path d="M.6,1.764H17.4a.6.6,0,0,1,.6.6V5.6a0,0,0,0,1,0,0H0a0,0,0,0,1,0,0V2.365A.6.6,0,0,1,.6,1.764Z" fill="#005ba1" />
<path d="M7.109,13.217l-.321.32a.144.144,0,0,1-.205,0L4.258,11.205a.29.29,0,0,1,0-.41l.321-.32L7.11,13.012A.145.145,0,0,1,7.109,13.217Zm3.653,0,.321.32a.144.144,0,0,0,.205,0l2.325-2.332a.29.29,0,0,0,0-.41l-.322-.32-2.53,2.537A.145.145,0,0,0,10.762,13.217Z" fill="#fff" opacity="0.8" />
<path d="M6.831,8.433l.32.321a.144.144,0,0,1,0,.205L4.576,11.527l-.32-.322a.289.289,0,0,1,0-.41l2.37-2.363A.145.145,0,0,1,6.831,8.433Zm4.207,0-.32.321a.144.144,0,0,0,0,.205l2.575,2.568.32-.321a.292.292,0,0,0,0-.411l-2.37-2.362A.144.144,0,0,0,11.038,8.434Z" fill="#fff" />
<path d="M8.159,14.363,7.646,14.2a.105.105,0,0,1-.067-.131L9.669,7.54a.1.1,0,0,1,.13-.067l.513.164a.1.1,0,0,1,.067.13L8.289,14.3A.1.1,0,0,1,8.159,14.363Z" fill="#fff" />
<path d="M3.166,3.847a.76.76,0,1,1-.76-.76A.76.76,0,0,1,3.166,3.847ZM4.8,3.087a.76.76,0,1,0,.76.76A.76.76,0,0,0,4.8,3.087Zm2.393,0a.76.76,0,1,0,.76.76A.76.76,0,0,0,7.191,3.087Z" fill="#fff" />
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.7 KiB

+32
View File
@@ -0,0 +1,32 @@
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
viewBox="0 0 60 60" style="enable-background:new 0 0 60 60;" xml:space="preserve">
<g>
<linearGradient id="XMLID_3_" gradientUnits="userSpaceOnUse" x1="15.9594" y1="-13.0143" x2="44.3068" y2="15.3332" gradientTransform="matrix(1 0 0 -1 0 61)">
<stop offset="9.677000e-02" style="stop-color:#0095D5"/>
<stop offset="0.3007" style="stop-color:#238AD9"/>
<stop offset="0.6211" style="stop-color:#557BDE"/>
<stop offset="0.8643" style="stop-color:#7472E2"/>
<stop offset="1" style="stop-color:#806EE3"/>
</linearGradient>
<polygon id="XMLID_2_" style="fill:url(#XMLID_3_);" points="0,60 30.1,29.9 60,60 "/>
<linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="4.2092" y1="48.9409" x2="20.6734" y2="65.405" gradientTransform="matrix(1 0 0 -1 0 61)">
<stop offset="0.1183" style="stop-color:#0095D5"/>
<stop offset="0.4178" style="stop-color:#3C83DC"/>
<stop offset="0.6962" style="stop-color:#6D74E1"/>
<stop offset="0.8333" style="stop-color:#806EE3"/>
</linearGradient>
<polygon style="fill:url(#SVGID_1_);" points="0,0 30.1,0 0,32.5 "/>
<linearGradient id="SVGID_2_" gradientUnits="userSpaceOnUse" x1="-10.1017" y1="5.8362" x2="45.7315" y2="61.6694" gradientTransform="matrix(1 0 0 -1 0 61)">
<stop offset="0.1075" style="stop-color:#C757BC"/>
<stop offset="0.2138" style="stop-color:#D0609A"/>
<stop offset="0.4254" style="stop-color:#E1725C"/>
<stop offset="0.6048" style="stop-color:#EE7E2F"/>
<stop offset="0.743" style="stop-color:#F58613"/>
<stop offset="0.8232" style="stop-color:#F88909"/>
</linearGradient>
<polygon style="fill:url(#SVGID_2_);" points="30.1,0 0,31.7 0,60 30.1,29.9 60,0 "/>
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.8 KiB

+49
View File
@@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
xml:space="preserve"
enable-background="new 0 0 1600 1200"
viewBox="0 0 567.79999 232.97284"
y="0px"
x="0px"
id="Layer_1"
version="1.1"
width="567.79999"
height="232.97284"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:dc="http://purl.org/dc/elements/1.1/"><metadata
id="metadata79"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
id="defs77" />
<g
id="g72"
transform="translate(-516,-478.61358)"><g
id="g947"><path
fill="none"
d="m 934.8,558.4 h -24.9 v 79.3 H 936 c 21.4,0 37.1,-16.1 37.1,-39.5 0.1,-23.5 -16.4,-39.8 -38.3,-39.8 z"
id="path4" /><path
fill="#58595b"
d="m 569.6,682.1 c -0.5,-3.1 -1.1,-6.2 -1.1,-9.3 -0.1,-17.6 0,-35.2 -0.2,-52.8 -0.1,-7.3 -1.9,-14.2 -7.1,-19.7 -1.8,-1.9 -3.9,-3.6 -5.9,-5.4 2,-1.8 4.1,-3.5 5.9,-5.4 5.2,-5.5 7,-12.3 7.1,-19.7 0.2,-17.6 0.1,-35.2 0.2,-52.8 0,-3.1 0.6,-6.2 1.1,-9.3 0.6,-4 3.1,-6.3 7,-6.8 h 20.8 v -22.2 h -14.3 c -11.2,-0.5 -22,1 -31.3,9 -7.6,6.6 -10.1,15.5 -10.3,25 -0.4,16.3 -0.1,32.6 -0.3,48.9 0,3.6 -0.4,7.2 -1.3,10.7 -0.1,0.3 -0.2,0.6 -0.3,0.9 -1.2,3.2 -3.2,5.3 -5.6,6.8 -1.2,0.7 -2.6,1.3 -4.1,1.7 -1.3,0.4 -2.4,0.6 -3.2,0.9 -0.8,0.1 -1.5,0.2 -2.2,0.3 H 516 v 11.8 11.8 h 8.5 c 0.7,0.1 1.4,0.1 2.2,0.3 0.8,0.3 1.8,0.6 3.2,0.9 1.5,0.4 2.9,1 4.1,1.7 2.3,1.5 4.4,3.6 5.6,6.8 0.1,0.3 0.2,0.6 0.3,0.9 0.9,3.5 1.3,7.1 1.3,10.7 0.2,16.3 -0.1,32.6 0.3,48.9 0.2,9.5 2.8,18.4 10.3,25 9.3,8.1 20.1,9.5 31.3,9 h 14.3 v -22.2 h -20.8 c -3.8,-0.1 -6.4,-2.4 -7,-6.4 z"
id="path60" /><path
fill="#58595b"
d="m 1075.3,583.3 c -0.7,-0.1 -1.4,-0.1 -2.2,-0.3 -0.8,-0.3 -1.8,-0.6 -3.2,-0.9 -1.5,-0.4 -2.9,-1 -4.1,-1.7 -2.3,-1.5 -4.4,-3.6 -5.6,-6.8 -0.1,-0.3 -0.2,-0.6 -0.3,-0.9 -0.9,-3.5 -1.3,-7.1 -1.3,-10.7 -0.2,-16.3 0.1,-32.6 -0.3,-48.9 -0.2,-9.5 -2.8,-18.4 -10.3,-25 -9.3,-8.1 -20.1,-9.5 -31.3,-9 h -14.3 v 22.2 h 20.8 c 3.9,0.5 6.4,2.8 7,6.8 0.5,3.1 1.1,6.2 1.1,9.3 0.1,17.6 0,35.2 0.2,52.8 0.1,7.3 1.9,14.2 7.1,19.7 1.8,1.9 3.9,3.6 5.9,5.4 -2,1.8 -4.1,3.5 -5.9,5.4 -5.2,5.5 -7,12.3 -7.1,19.7 -0.2,17.6 -0.1,35.2 -0.2,52.8 0,3.1 -0.6,6.2 -1.1,9.3 -0.6,4 -3.1,6.3 -7,6.8 h -20.8 v 22.2 h 14.3 c 11.2,0.5 22,-1 31.3,-9 7.6,-6.6 10.1,-15.5 10.3,-25 0.4,-16.3 0.1,-32.6 0.3,-48.9 0,-3.6 0.4,-7.2 1.3,-10.7 0.1,-0.3 0.2,-0.6 0.3,-0.9 1.2,-3.2 3.2,-5.3 5.6,-6.8 1.2,-0.7 2.6,-1.3 4.1,-1.7 1.3,-0.4 2.4,-0.6 3.2,-0.9 0.8,-0.1 1.5,-0.2 2.2,-0.3 h 8.5 v -11.8 -11.8 h -8.5 z"
id="path62" /><g
id="g70">
<polygon
fill="#1dbf73"
points="721.4,534.1 721.4,662 747.5,662 747.5,575.8 781.5,649.1 800.3,649.1 834.3,575.8 834.3,662 860.2,662 860.2,534.1 828.1,534.1 791,612.3 753.7,534.1 "
id="polygon64" />
<path
fill="#1dbf73"
d="M 935.3,534.1 H 881 V 662 h 53.2 c 40.4,0 68.3,-26.3 68.3,-64 0.1,-37.8 -27.5,-63.9 -67.2,-63.9 z m 0.8,103.6 H 910 v -79.3 h 24.9 c 21.9,0 38.4,16.3 38.4,39.8 -0.1,23.4 -15.8,39.5 -37.2,39.5 z"
id="path66" />
<path
fill="#1dbf73"
d="m 723.3,525.6 c -4,2.2 -7.9,4.7 -11.7,7.2 -7.4,5 -14.1,10.3 -19.8,15.2 -2.7,2.4 -5.2,4.6 -7.4,6.7 -1.1,0.9 -2.1,1.8 -3.1,2.7 -3.4,3 -6.6,6 -9.7,8.8 -17,15.8 -29.2,28.9 -29.2,28.9 l -16,-18 -8,-8.9 -5.7,-6.4 c 0.6,-3.1 2.9,-5.7 5.7,-7.9 1.9,-1.5 4,-2.7 6.1,-3.8 4.1,-2.1 7.7,-3.2 7.7,-3.2 l 2.7,3.2 6.8,7.9 8,9.3 c 2.9,-3 5.8,-5.9 8.6,-8.6 3.2,-3.1 6.4,-6 9.5,-8.6 2.2,-1.9 4.4,-3.8 6.6,-5.5 2.1,-1.6 4.2,-3.1 6.5,-4.6 -7.8,-3.8 -17.6,-5.9 -29,-5.9 H 597.6 V 662 h 28.9 v -36.5 h 25.4 c 32.5,0 51.2,-17.2 51.2,-47 0,-9.9 -2.3,-18.4 -6.7,-25.1 z"
id="path68" />
</g></g>
</g>
</svg>

After

Width:  |  Height:  |  Size: 3.8 KiB

+1
View File
@@ -0,0 +1 @@
<svg height="32" viewBox="0 0 90 32" width="90" xmlns="http://www.w3.org/2000/svg"><style>path { fill: #D30001; }</style><path d="m418.082357 25.9995403v4.1135034h-7.300339v1.89854h3.684072c1.972509 0 4.072534 1.4664311 4.197997 3.9665124l.005913.2373977v1.5821167c-.087824 3.007959-2.543121 4.1390018-4.071539 4.2011773l-.132371.0027328h-7.390745v-4.0909018l7.481152-.0226016v-1.9889467l-1.190107.0007441-.346911.0008254-.084566.0003251-.127643.0007097-.044785.0003793-.055764.0007949-.016378.0008259c.000518.0004173.013246.0008384.034343.0012518l.052212.000813c.030547.0003979.066903.0007803.105225.0011355l.078131.0006709-.155385-.0004701c-.31438-.001557-.85249-.0041098-1.729029-.0080055-1.775258 0-4.081832-1.3389153-4.219994-3.9549201l-.006518-.24899v-1.423905c0-2.6982402 2.278213-4.182853 4.065464-4.2678491l.161048-.003866zm-18.691579 0v11.8658752h6.170255v4.1361051h-10.735792v-16.0019803zm-6.441475 0v16.0019803h-4.588139v-16.0019803zm-10.803597 0c1.057758 0 4.04923.7305141 4.198142 3.951222l.005768.2526881v11.7980702h-4.271715v-2.8252084h-4.136105v2.8252084h-4.407325v-11.7980702c0-1.3184306 1.004082-4.0468495 3.946899-4.197411l.257011-.0064991zm-24.147177-.0027581 8.580186.0005749c.179372.0196801 4.753355.5702841 4.753355 5.5438436s-3.775694 5.3947112-3.92376 5.4093147l-.004472.0004216 5.00569 5.0505836h-6.374959l-3.726209-3.8608906v3.8608906h-4.309831zm22.418634-2.6971669.033418.0329283s-.384228.27122-.791058.610245c-12.837747-9.4927002-20.680526-5.0175701-23.144107-3.8196818-11.187826 6.2428065-7.954768 21.5678895-7.888988 21.8737669l.001006.0046469h-17.855317s.67805-6.6900935 5.4244-14.600677c4.74635-7.9105834 12.837747-13.9000252 19.414832-14.4876686 12.681632-1.2703535 24.110975 9.7062594 24.805814 10.3864403zm-31.111679 14.1815719 2.44098.881465c.113008.8852319.273103 1.7233771.441046 2.4882761l.101394.4499406-2.7122-.9718717c-.113009-.67805-.226017-1.6499217-.27122-2.84781zm31.506724-7.6619652h-1.514312c-1.128029 0-1.333125.5900716-1.370415.8046431l-.007251.056292-.000906.0152319-.00013 3.9153864h4.136105l-.000316-3.916479c-.004939-.0795522-.08331-.8750744-1.242775-.8750744zm-50.492125.339025 2.599192.94927c-.316423.731729-.719369 1.6711108-1.011998 2.4093289l-.118085.3028712-2.599192-.94927c.226017-.610245.700652-1.7403284 1.130083-2.7122001zm35.445121-.1434449h-3.456844v3.6588673h3.434397s.98767-.3815997.98767-1.8406572-.965223-1.8182101-.965223-1.8182101zm-15.442645-.7606218 1.62732 1.2882951c-.180814.705172-.318232 1.410344-.412255 2.115516l-.06238.528879-1.830735-1.4465067c.180813-.81366.384228-1.6499217.67805-2.4861834zm4.000495-6.3058651 1.017075 1.5369134c-.39779.4158707-.766649.8317413-1.095006 1.2707561l-.238493.3339623-1.08488-1.6273201c.40683-.5198383.881465-1.0396767 1.401304-1.5143117zm-16.182794-3.3450467 1.604719 1.4013034c-.40683.4237812-.800947.8729894-1.172815 1.3285542l-.364099.4569775-1.740328-1.4917101c.519838-.5650416 1.08488-1.1300833 1.672523-1.695125zm22.398252-.0904067.497237 1.4917101c-.524359.162732-1.048717.3688592-1.573076.6068095l-.393269.1842488-.519838-1.559515c.565041-.2486184 1.22049-.4972367 1.988946-.7232534zm5.28879-.54244c.578603.0361627 1.171671.1012555 1.779204.2068505l.458361.0869712-.090406 1.4013034c-.596684-.1265694-1.193368-.2097435-1.790052-.2495224l-.447513-.0216976zm-18.555968-6.2380601 1.017075 1.559515c-.440733.2203663-.868752.4661594-1.303128.7278443l-.437201.2666291-1.039676-1.5821167c.610245-.3616267 1.197888-.67805 1.76293-.9718717zm18.601172-.8588633c1.344799.3842283 1.923513.6474959 2.155025.7707625l.037336.0202958-.090406 1.5143117c-.482169-.1958811-.964338-.381717-1.453204-.5575078l-.739158-.2561522zm-8.633837-1.3334984.452033 1.3787017h-.226016c-.491587 0-.983173.0127134-1.474759.0476754l-.491587.0427313-.429431-1.3334984c.745855-.0904067 1.469108-.13561 2.16976-.13561z" transform="translate(-329 -10)"/></svg>

After

Width:  |  Height:  |  Size: 3.8 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 8.4 KiB

+1
View File
@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 620.16 469.63"><defs><style>.cls-1{fill:#00b2e5;}</style></defs><g id="Layer_2" data-name="Layer 2"><g id="Layer_1-2" data-name="Layer 1"><path class="cls-1" d="M470.88,235.88c0,128.94-105.7,233.75-235.42,233.75S0,364.3,0,234.79,105.66,0,235.46,0C367.42,0,470.88,103.68,470.88,235.88Zm-95.64.69c0-56.47-38-146.09-139.78-146.09-96.44,0-139.8,84.38-139.8,144.31S139,379.11,235.46,379.11,375.24,295.74,375.24,236.57Zm244.92,225.2V7.91h-167V98.49h71.42V461.77Z"/></g></g></svg>

After

Width:  |  Height:  |  Size: 526 B

+10 -2
View File
@@ -21,6 +21,8 @@ interface WorkflowProperties {
categories: string[] | null;
creator?: string;
enterprise?: boolean;
}
interface WorkflowsCheckResult {
@@ -31,13 +33,15 @@ interface WorkflowsCheckResult {
async function checkWorkflows(
folders: string[],
enabledActions: string[],
partners: string[]
partners: string[],
codeScanningTemplates: string[]
): Promise<WorkflowsCheckResult> {
const result: WorkflowsCheckResult = {
compatibleWorkflows: [],
incompatibleWorkflows: [],
};
const partnersSet = new Set(partners.map((x) => x.toLowerCase()));
const codeScanningTemplatesSet = new Set(codeScanningTemplates)
for (const folder of folders) {
const dir = await fs.readdir(folder, {
@@ -57,8 +61,11 @@ async function checkWorkflows(
const isPartnerWorkflow = workflowProperties.creator ? partnersSet.has(workflowProperties.creator.toLowerCase()) : false;
const isCodeScanningTemplateEnabled = (folder === "../../code-scanning") ? codeScanningTemplatesSet.has(e.name) : true;
const enabled =
!isPartnerWorkflow &&
isCodeScanningTemplateEnabled &&
(await checkWorkflow(workflowFilePath, enabledActions));
const workflowDesc: WorkflowDesc = {
@@ -130,7 +137,8 @@ async function checkWorkflow(
const result = await checkWorkflows(
settings.folders,
settings.enabledActions,
settings.partners
settings.partners,
settings.codeScanningTemplates
);
console.group(
+3
View File
@@ -28,5 +28,8 @@
"Red Hat",
"Tencent Cloud",
"HashiCorp"
],
"codeScanningTemplates": [
"codeql.yml"
]
}