mirror of
https://github.com/ivuorinen/actions.git
synced 2026-02-03 10:42:36 +00:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
55f7471ea2 | ||
|
|
e58379d592 | ||
| 85811a09ab |
25
.github/renovate.json
vendored
25
.github/renovate.json
vendored
@@ -1,33 +1,20 @@
|
|||||||
{
|
{
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
"extends": [
|
"extends": ["github>ivuorinen/renovate-config"],
|
||||||
"github>ivuorinen/renovate-config"
|
|
||||||
],
|
|
||||||
"packageRules": [
|
"packageRules": [
|
||||||
{
|
{
|
||||||
"matchUpdateTypes": [
|
"matchUpdateTypes": ["minor", "patch"],
|
||||||
"minor",
|
|
||||||
"patch"
|
|
||||||
],
|
|
||||||
"matchCurrentVersion": "!/^0/",
|
"matchCurrentVersion": "!/^0/",
|
||||||
"automerge": true
|
"automerge": true
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"matchDepTypes": [
|
"matchDepTypes": ["devDependencies"],
|
||||||
"devDependencies"
|
|
||||||
],
|
|
||||||
"automerge": true
|
"automerge": true
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"schedule": [
|
"schedule": ["before 4am on monday"],
|
||||||
"before 4am on monday"
|
|
||||||
],
|
|
||||||
"vulnerabilityAlerts": {
|
"vulnerabilityAlerts": {
|
||||||
"labels": [
|
"labels": ["security"],
|
||||||
"security"
|
"assignees": ["ivuorinen"]
|
||||||
],
|
|
||||||
"assignees": [
|
|
||||||
"ivuorinen"
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
4
.github/workflows/action-security.yml
vendored
4
.github/workflows/action-security.yml
vendored
@@ -117,14 +117,14 @@ jobs:
|
|||||||
|
|
||||||
- name: Upload Trivy results
|
- name: Upload Trivy results
|
||||||
if: steps.verify-sarif.outputs.has_trivy == 'true'
|
if: steps.verify-sarif.outputs.has_trivy == 'true'
|
||||||
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
|
uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
|
||||||
with:
|
with:
|
||||||
sarif_file: 'trivy-results.sarif'
|
sarif_file: 'trivy-results.sarif'
|
||||||
category: 'trivy'
|
category: 'trivy'
|
||||||
|
|
||||||
- name: Upload Gitleaks results
|
- name: Upload Gitleaks results
|
||||||
if: steps.verify-sarif.outputs.has_gitleaks == 'true'
|
if: steps.verify-sarif.outputs.has_gitleaks == 'true'
|
||||||
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
|
uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
|
||||||
with:
|
with:
|
||||||
sarif_file: 'gitleaks-report.sarif'
|
sarif_file: 'gitleaks-report.sarif'
|
||||||
category: 'gitleaks'
|
category: 'gitleaks'
|
||||||
|
|||||||
6
.github/workflows/codeql.yml
vendored
6
.github/workflows/codeql.yml
vendored
@@ -32,15 +32,15 @@ jobs:
|
|||||||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
|
uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
|
||||||
with:
|
with:
|
||||||
languages: ${{ matrix.language }}
|
languages: ${{ matrix.language }}
|
||||||
queries: security-and-quality
|
queries: security-and-quality
|
||||||
|
|
||||||
- name: Autobuild
|
- name: Autobuild
|
||||||
uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
|
uses: github/codeql-action/autobuild@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
|
||||||
|
|
||||||
- name: Perform CodeQL Analysis
|
- name: Perform CodeQL Analysis
|
||||||
uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
|
uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
|
||||||
with:
|
with:
|
||||||
category: '/language:${{matrix.language}}'
|
category: '/language:${{matrix.language}}'
|
||||||
|
|||||||
4
.github/workflows/pr-lint.yml
vendored
4
.github/workflows/pr-lint.yml
vendored
@@ -113,7 +113,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Upload SARIF Report
|
- name: Upload SARIF Report
|
||||||
if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
|
if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
|
||||||
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
|
uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
|
||||||
with:
|
with:
|
||||||
sarif_file: megalinter-reports/sarif
|
sarif_file: megalinter-reports/sarif
|
||||||
category: megalinter
|
category: megalinter
|
||||||
@@ -133,7 +133,7 @@ jobs:
|
|||||||
env.APPLY_FIXES_MODE == 'pull_request' &&
|
env.APPLY_FIXES_MODE == 'pull_request' &&
|
||||||
(github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) &&
|
(github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) &&
|
||||||
!contains(github.event.head_commit.message, 'skip fix')
|
!contains(github.event.head_commit.message, 'skip fix')
|
||||||
uses: peter-evans/create-pull-request@dd2324fc52d5d43c699a5636bcf19fceaa70c284 # v7.0.7
|
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
|
||||||
id: cpr
|
id: cpr
|
||||||
with:
|
with:
|
||||||
token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }}
|
||||||
|
|||||||
6
.github/workflows/security-suite.yml
vendored
6
.github/workflows/security-suite.yml
vendored
@@ -87,7 +87,7 @@ jobs:
|
|||||||
--enableExperimental
|
--enableExperimental
|
||||||
--failOnCVSS 7
|
--failOnCVSS 7
|
||||||
- name: Upload OWASP Results
|
- name: Upload OWASP Results
|
||||||
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
|
uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
|
||||||
with:
|
with:
|
||||||
sarif_file: reports/dependency-check-report.sarif
|
sarif_file: reports/dependency-check-report.sarif
|
||||||
category: owasp-dependency-check
|
category: owasp-dependency-check
|
||||||
@@ -119,7 +119,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
args: --all-projects --sarif-file-output=snyk-results.sarif
|
args: --all-projects --sarif-file-output=snyk-results.sarif
|
||||||
- name: Upload Snyk Results
|
- name: Upload Snyk Results
|
||||||
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
|
uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
|
||||||
with:
|
with:
|
||||||
sarif_file: snyk-results.sarif
|
sarif_file: snyk-results.sarif
|
||||||
category: snyk
|
category: snyk
|
||||||
@@ -146,7 +146,7 @@ jobs:
|
|||||||
results_format: sarif
|
results_format: sarif
|
||||||
publish_results: true
|
publish_results: true
|
||||||
- name: Upload Scorecard Results
|
- name: Upload Scorecard Results
|
||||||
uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
|
uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
|
||||||
with:
|
with:
|
||||||
sarif_file: scorecard-results.sarif
|
sarif_file: scorecard-results.sarif
|
||||||
category: scorecard
|
category: scorecard
|
||||||
|
|||||||
@@ -238,12 +238,6 @@ runs:
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check for any PHP errors in vendor
|
|
||||||
find vendor -name "*.php" -type f -exec php -l {} \; > /dev/null
|
|
||||||
|
|
||||||
# Verify Composer installation
|
|
||||||
composer validate --no-check-all --strict
|
|
||||||
|
|
||||||
- name: Generate Optimized Autoloader
|
- name: Generate Optimized Autoloader
|
||||||
if: success()
|
if: success()
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|||||||
Reference in New Issue
Block a user