diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 0138fa5f6e..6494e8d2b4 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,19 +1,60 @@
-Thank you for sending in this pull request. Please make sure you take a look at the [contributing file](CONTRIBUTING.md). Here's a few things for you to consider in this pull request:
+
-- [ ] Includes a matching `ci/properties/*.properties.json` file.
-- [ ] Use title case for the names of workflows and steps, for example "Run tests".
-- [ ] The name of CI workflows should only be the name of the language or platform: for example "Go" (not "Go CI" or "Go Build")
-- [ ] Include comments in the workflow for any parts that are not obvious or could use clarification.
-- [ ] CI workflows should run `push`.
-- [ ] Packaging workflows should run on `release` with `types: [created]`.
+## Pre-requisites
-Some general notes:
+- [ ] Prior to submitting a new workflow, please apply to join the GitHub Technology Partner Program: [partner.github.com/apply](https://partner.github.com/apply?partnershipType=Technology+Partner).
-- [ ] Does not use an Action that isn't in the `actions` organization.
-- [ ] Does not send data to any 3rd party service except for the purposes of installing dependencies.
-- [ ] Does not use a paid service or product.
+---
+
+### **Please note that at this time we are only accepting new starter workflows for Code Scanning. Updates to existing starter workflows are fine.**
+
+---
+
+## Tasks
+
+**For _all_ workflows, the workflow:**
+
+- [ ] Should be contained in a `.yml` file with the language or platform as its filename, in lower, [_kebab-cased_](https://en.wikipedia.org/wiki/Kebab_case) format (for example, [`docker-image.yml`](https://github.com/actions/starter-workflows/blob/main/ci/docker-image.yml)). Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").
+- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
+- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
+- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
+
+**For _CI_ workflows, the workflow:**
+
+- [ ] Should be preserved under [the `ci` directory](https://github.com/actions/starter-workflows/tree/main/ci).
+- [ ] Should include a matching `ci/properties/*.properties.json` file (for example, [`ci/properties/docker-publish.properties.json`](https://github.com/actions/starter-workflows/blob/main/ci/properties/docker-publish.properties.json)).
+- [ ] Should run on `push` to `branches: [ $default-branch ]` and `pull_request` to `branches: [ $default-branch ]`.
+- [ ] Packaging workflows should run on `release` with `types: [ created ]`.
+- [ ] Publishing workflows should have a filename that is the name of the language or platform, in lower case, followed by "-publish" (for example, [`docker-publish.yml`](https://github.com/actions/starter-workflows/blob/main/ci/docker-publish.yml)).
+
+**For _Code Scanning_ workflows, the workflow:**
+
+- [ ] Should be preserved under [the `code-scanning` directory](https://github.com/actions/starter-workflows/tree/main/ci).
+- [ ] Should include a matching `code-scanning/properties/*.properties.json` file (for example, [`code-scanning/properties/codeql.properties.json`](https://github.com/actions/starter-workflows/blob/main/code-scanning/properties/codeql.properties.json)), with properties set as follows:
+ - [ ] `name`: Name of the Code Scanning integration.
+ - [ ] `organization`: Name of the organization producing the Code Scanning integration.
+ - [ ] `description`: Short description of the Code Scanning integration.
+ - [ ] `categories`: Array of languages supported by the Code Scanning integration.
+ - [ ] `iconName`: Name of the SVG logo representing the Code Scanning integration. This SVG logo must be present in [the `icons` directory](https://github.com/actions/starter-workflows/tree/main/icons).
+- [ ] Should run on `push` to `branches: [ $default-branch, $protected-branches ]` and `pull_request` to `branches: [ $default-branch ]`. We also recommend a `schedule` trigger of `cron: $cron-weekly` (for example, [`codeql.yml`](https://github.com/actions/starter-workflows/blob/c59b62dee0eae1f9f368b7011cf05c2fc42cf084/code-scanning/codeql.yml#L14-L21)).
+
+**Some general notes:**
+
+- [ ] This workflow must _only_ use actions that are produced by GitHub, [in the `actions` organization](https://github.com/actions), **or**
+- [ ] This workflow must _only_ use actions that are produced by the language or ecosystem that the workflow supports. These actions must be [published to the GitHub Marketplace](https://github.com/marketplace?type=actions). We require that these actions be referenced using the full 40 character hash of the action's commit instead of a tag. Additionally, workflows must include the following comment at the top of the workflow file:
+ ```
+ # This workflow uses actions that are not certified by GitHub.
+ # They are provided by a third-party and are governed by
+ # separate terms of service, privacy policy, and support
+ # documentation.
+ ```
+- [ ] Automation and CI workflows should not send data to any 3rd party service except for the purposes of installing dependencies.
+- [ ] Automation and CI workflows cannot be dependent on a paid service or product.
diff --git a/.github/workflows/label-feature.yml b/.github/workflows/label-feature.yml
new file mode 100644
index 0000000000..96ac8c1fff
--- /dev/null
+++ b/.github/workflows/label-feature.yml
@@ -0,0 +1,19 @@
+name: Close as a feature
+on:
+ issues:
+ types: [labeled]
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Close Issue
+ uses: peter-evans/close-issue@v1
+ if: contains(github.event.issue.labels.*.name, 'feature')
+ with:
+ comment: |
+ Thank you 🙇 for this request. This request has been classified as a feature by the maintainers.
+
+ We take all the requests for features seriously and have passed this on to the internal teams for their consideration.
+
+ Because any feature requires further maintenance and support in the long term by this team, we would like to exercise caution into adding new features. If this feature is something that can be implemented independently, please consider forking this repository and adding the feature.
diff --git a/.github/workflows/label-support.yml b/.github/workflows/label-support.yml
new file mode 100644
index 0000000000..c6f2aa4de6
--- /dev/null
+++ b/.github/workflows/label-support.yml
@@ -0,0 +1,19 @@
+name: Close as a support issue
+on:
+ issues:
+ types: [labeled]
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Close Issue
+ uses: peter-evans/close-issue@v1
+ if: contains(github.event.issue.labels.*.name, 'support')
+ with:
+ comment: |
+ Sorry, but we'd like to keep issues related to code in this repository. Thank you 🙇
+
+ If you have questions about writing workflows or action files, then please [visit the GitHub Community Forum's Actions Board](https://github.community/t5/GitHub-Actions/bd-p/actions)
+
+ If you are having an issue or question about GitHub Actions then please [contact customer support](https://help.github.com/en/articles/about-github-actions#contacting-support)
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
new file mode 100644
index 0000000000..c116b932c8
--- /dev/null
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,19 @@
+name: Mark stale issues and pull requests
+
+on:
+ schedule:
+ - cron: "21 4 * * *"
+
+jobs:
+ stale:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/stale@v3
+ with:
+ stale-issue-message: 'This issue has become stale and will be closed automatically within a period of time. Sorry about that.'
+ stale-pr-message: 'This pull request has become stale and will be closed automatically within a period of time. Sorry about that.'
+ stale-issue-label: 'no-issue-activity'
+ stale-pr-label: 'no-pr-activity'
+ days-before-stale: 90
diff --git a/.github/workflows/sync_ghes.yaml b/.github/workflows/sync_ghes.yaml
new file mode 100644
index 0000000000..a3c298a37f
--- /dev/null
+++ b/.github/workflows/sync_ghes.yaml
@@ -0,0 +1,32 @@
+name: Sync workflows for GHES
+
+on:
+ push:
+ branches:
+ - main
+
+jobs:
+ sync:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - run: |
+ git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*
+ git config user.email "cschleiden@github.com"
+ git config user.name "GitHub Actions"
+ - uses: actions/setup-node@v2
+ with:
+ node-version: '12'
+ - name: Check starter workflows for GHES compat
+ run: |
+ npm ci
+ npx ts-node-script ./index.ts
+ working-directory: ./script/sync-ghes
+ - run: |
+ git add -A
+ if [ -z "$(git status --porcelain)" ]; then
+ echo "No changes to commit"
+ else
+ git commit -m "Updating GHES workflows"
+ fi
+ - run: git push
diff --git a/.github/workflows/validate-data.yaml b/.github/workflows/validate-data.yaml
new file mode 100644
index 0000000000..745bc25eb3
--- /dev/null
+++ b/.github/workflows/validate-data.yaml
@@ -0,0 +1,21 @@
+name: Validate Data
+
+on:
+ push:
+ pull_request:
+
+jobs:
+ validate-data:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+
+ - uses: actions/setup-node@v2
+ with:
+ node-version: "12"
+
+ - name: Validate workflows
+ run: |
+ npm ci
+ npx ts-node-script ./index.ts
+ working-directory: ./script/validate-data
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000..c5364f299f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+script/**/node_modules
\ No newline at end of file
diff --git a/.vscode/launch.json b/.vscode/launch.json
new file mode 100644
index 0000000000..a5cc14660e
--- /dev/null
+++ b/.vscode/launch.json
@@ -0,0 +1,21 @@
+{
+ // Use IntelliSense to learn about possible attributes.
+ // Hover to view descriptions of existing attributes.
+ // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+ "version": "0.2.0",
+ "configurations": [
+ {
+ "type": "node",
+ "request": "launch",
+ "name": "Launch Program",
+ "args": ["${workspaceRoot}/script/index.ts"],
+ "runtimeArgs": ["-r", "ts-node/register"],
+ "cwd": "${workspaceRoot}/script",
+ "protocol": "inspector",
+ "internalConsoleOptions": "openOnSessionStart",
+ "env": {
+ "TS_NODE_IGNORE": "false"
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 0000000000..3732a32a40
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1,3 @@
+* @actions/actions-experience
+
+/code-scanning/ @actions/advanced-security-code-scanning
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
deleted file mode 100644
index 3a64696bc2..0000000000
--- a/CODE_OF_CONDUCT.md
+++ /dev/null
@@ -1,76 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to make participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal
-appearance, race, religion, or sexual identity and orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
- advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
- address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
- professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies within all project spaces, and it also applies when
-an individual is representing the project or its community in public spaces.
-Examples of representing a project or community include using an official
-project e-mail address, posting via an official social media account, or acting
-as an appointed representative at an online or offline event. Representation of
-a project may be further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at opensource@github.com. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
-
-[homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see
-https://www.contributor-covenant.org/faq
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 80411383b4..2a0e55fff6 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -4,16 +4,21 @@
Hi there 👋 We are excited that you want to contribute a new workflow to this repo. By doing this you are helping people get up and running with GitHub Actions and that's cool 😎.
-Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE.md).
+Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](https://github.com/actions/starter-workflows/blob/main/LICENSE).
-Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in this project you agree to abide by its terms.
+Please note that this project is released with a [Contributor Code of Conduct](
+https://github.com/actions/.github/blob/main/CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
-There are few requirements for adding in a new workflow, which we'll need to review before we merge:
+**At this time we are only accepting new starter workflows for Code Scanning**
+
+### Previous guidelines for new starter workflows.
+
+Before merging a new workflow, the following requirements need to be met:
- Should be as simple as is needed for the service.
- There are many programming languages and tools out there. Right now we don't have a page that allows for a really large number of workflows, so we do have to be a little choosy about what we accept. Less popular tools or languages might not be accepted.
-- Should not send data to any 3rd party service except for the purposes of installing dependencies.
-- Cannot use an Action that isn't in the `actions` organization.
-- Cannot be to a paid service or product.
+- Automation and CI workflows should not send data to any 3rd party service except for the purposes of installing dependencies.
+- Automation and CI workflows cannot be dependent on a paid service or product.
+- We require that Actions outside of the `actions` organization be pinned to a specific SHA.
Thank you
diff --git a/LICENSE b/LICENSE
index 331b241b36..d4528d7eea 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
MIT License
-Copyright (c) 2019 GitHub
+Copyright (c) 2020 GitHub
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,5 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE. THIS LICENSE DOES NOT GRANT YOU RIGHTS TO USE ANY CONTRIBUTORS'
+NAME, LOGO, OR TRADEMARKS.
diff --git a/README.md b/README.md
index b1dd935eae..e2766916c4 100644
--- a/README.md
+++ b/README.md
@@ -4,18 +4,21 @@
## Starter Workflows
-
+These are the workflow files for helping people get started with GitHub Actions. They're presented whenever you start to create a new GitHub Actions workflow.
+
+**If you want to get started with GitHub Actions, you can use these starter workflows by clicking the "Actions" tab in the repository where you want to create a workflow.**
-These are the workflow files for helping people get started with GitHub Actions.
+
**Directory structure:**
* [ci](ci): solutions for Continuous Integration
* [automation](automation): solutions for automating workflows.
+* [code-scanning](code-scanning): starter workflows for [Code Scanning](https://github.com/features/security)
* [icons](icons): svg icons for the relevant template
Each workflow must be written in YAML and have a `.yml` extension. They also need a corresponding `.properties.json` file that contains extra metadata about the workflow (this is displayed in the GitHub.com UI).
-For example: `ci/python-django.yml` and `ci/python-django.properties.json`.
+For example: `ci/django.yml` and `ci/properties/django.properties.json`.
**Valid properties:**
* `name`: the name shown in onboarding
diff --git a/automation/greetings.yml b/automation/greetings.yml
index 28ee6b2f11..ee1cb11677 100644
--- a/automation/greetings.yml
+++ b/automation/greetings.yml
@@ -5,9 +5,12 @@ on: [pull_request, issues]
jobs:
greeting:
runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ pull-requests: write
steps:
- uses: actions/first-interaction@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- issue-message: 'Message that will be displayed on users'' first issue'
- pr-message: 'Message that will be displayed on users'' first pr'
+ issue-message: 'Message that will be displayed on users first issue'
+ pr-message: 'Message that will be displayed on users first pull request'
diff --git a/automation/label.yml b/automation/label.yml
index 6057a1cf6c..5cdc45e6d4 100644
--- a/automation/label.yml
+++ b/automation/label.yml
@@ -1,3 +1,10 @@
+# This workflow will triage pull requests and apply a label based on the
+# paths that are modified in the pull request.
+#
+# To use this workflow, you will need to set up a .github/labeler.yml
+# file with configuration. For more information, see:
+# https://github.com/actions/labeler
+
name: Labeler
on: [pull_request]
@@ -5,8 +12,11 @@ jobs:
label:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ pull-requests: write
steps:
- uses: actions/labeler@v2
with:
- repo-token: "${{ secrets.GITHUB_TOKEN }}"
\ No newline at end of file
+ repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/automation/manual.yml b/automation/manual.yml
new file mode 100644
index 0000000000..4a7131e812
--- /dev/null
+++ b/automation/manual.yml
@@ -0,0 +1,30 @@
+# This is a basic workflow that is manually triggered
+
+name: Manual workflow
+
+# Controls when the action will run. Workflow runs when manually triggered using the UI
+# or API.
+on:
+ workflow_dispatch:
+ # Inputs the workflow accepts.
+ inputs:
+ name:
+ # Friendly description to be shown in the UI instead of 'name'
+ description: 'Person to greet'
+ # Default value if no value is explicitly provided
+ default: 'World'
+ # Input has to be provided for the workflow to run
+ required: true
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ # This workflow contains a single job called "greet"
+ greet:
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # Runs a single command using the runners shell
+ - name: Send greeting
+ run: echo "Hello ${{ github.event.inputs.name }}"
\ No newline at end of file
diff --git a/automation/properties/manual.properties.json b/automation/properties/manual.properties.json
new file mode 100644
index 0000000000..1befabec0a
--- /dev/null
+++ b/automation/properties/manual.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Manual workflow",
+ "description": "Simple workflow that is manually triggered.",
+ "iconName": "octicon person",
+ "categories": ["Automation"]
+}
diff --git a/automation/stale.yml b/automation/stale.yml
index 688fb4debe..30c3dd9bc9 100644
--- a/automation/stale.yml
+++ b/automation/stale.yml
@@ -2,15 +2,18 @@ name: Mark stale issues and pull requests
on:
schedule:
- - cron: "0 0 * * *"
+ - cron: "30 1 * * *"
jobs:
stale:
runs-on: ubuntu-latest
-
+ permissions:
+ issues: write
+ pull-requests: write
+
steps:
- - uses: actions/stale@v1
+ - uses: actions/stale@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'Stale issue message'
diff --git a/ci/ada.yml b/ci/ada.yml
new file mode 100644
index 0000000000..a27902a5ed
--- /dev/null
+++ b/ci/ada.yml
@@ -0,0 +1,24 @@
+name: Ada (GNAT)
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ - name: Set up GNAT toolchain
+ run: >
+ sudo apt-get update &&
+ sudo apt-get install gnat gprbuild
+
+ - name: Build
+ run: gprbuild -j0 -p
diff --git a/ci/alibabacloud.yml b/ci/alibabacloud.yml
new file mode 100644
index 0000000000..9ccc0333b9
--- /dev/null
+++ b/ci/alibabacloud.yml
@@ -0,0 +1,119 @@
+# This workflow will build and push a new container image to Alibaba Cloud Container Registry (ACR),
+# and then will deploy it to Alibaba Cloud Container Service for Kubernetes (ACK), when a release is created.
+#
+# To use this workflow, you will need to complete the following set-up steps:
+#
+# 1. Create an ACR repository to store your container images.
+# You can use ACR EE instance for more security and better performance.
+# For instructions see https://www.alibabacloud.com/help/doc-detail/142168.htm
+#
+# 2. Create an ACK cluster to run your containerized application.
+# You can use ACK Pro cluster for more security and better performance.
+# For instructions see https://www.alibabacloud.com/help/doc-detail/95108.htm
+#
+# 3. Store your AccessKey pair in GitHub Actions secrets named `ACCESS_KEY_ID` and `ACCESS_KEY_SECRET`.
+# For instructions on setting up secrets see: https://developer.github.com/actions/managing-workflows/storing-secrets/
+#
+# 4. Change the values for the REGION_ID, REGISTRY, NAMESPACE, IMAGE, ACK_CLUSTER_ID, and ACK_DEPLOYMENT_NAME.
+#
+
+name: Build and Deploy to ACK
+
+on:
+ release:
+ types: [created]
+
+# Environment variables available to all jobs and steps in this workflow.
+env:
+ REGION_ID: cn-hangzhou
+ REGISTRY: registry.cn-hangzhou.aliyuncs.com
+ NAMESPACE: namespace
+ IMAGE: repo
+ TAG: ${{ github.sha }}
+ ACK_CLUSTER_ID: clusterID
+ ACK_DEPLOYMENT_NAME: nginx-deployment
+
+ ACR_EE_REGISTRY: myregistry.cn-hangzhou.cr.aliyuncs.com
+ ACR_EE_INSTANCE_ID: instanceID
+ ACR_EE_NAMESPACE: namespace
+ ACR_EE_IMAGE: repo
+ ACR_EE_TAG: ${{ github.sha }}
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ environment: production
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ # 1.1 Login to ACR
+ - name: Login to ACR with the AccessKey pair
+ uses: aliyun/acr-login@v1
+ with:
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+
+ # 1.2 Buid and push image to ACR
+ - name: Build and push image to ACR
+ run: |
+ docker build --tag "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" .
+ docker push "$REGISTRY/$NAMESPACE/$IMAGE:$TAG"
+
+ # 1.3 Scan image in ACR
+ - name: Scan image in ACR
+ uses: aliyun/acr-scan@v1
+ with:
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ repository: "${{ env.NAMESPACE }}/${{ env.IMAGE }}"
+ tag: "${{ env.TAG }}"
+
+ # 2.1 (Optional) Login to ACR EE
+ - uses: actions/checkout@v2
+ - name: Login to ACR EE with the AccessKey pair
+ uses: aliyun/acr-login@v1
+ with:
+ login-server: "https://${{ env.ACR_EE_REGISTRY }}"
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ instance-id: "${{ env.ACR_EE_INSTANCE_ID }}"
+
+ # 2.2 (Optional) Build and push image ACR EE
+ - name: Build and push image to ACR EE
+ run: |
+ docker build -t "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" .
+ docker push "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG"
+ # 2.3 (Optional) Scan image in ACR EE
+ - name: Scan image in ACR EE
+ uses: aliyun/acr-scan@v1
+ with:
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ instance-id: "${{ env.ACR_EE_INSTANCE_ID }}"
+ repository: "${{ env.ACR_EE_NAMESPACE}}/${{ env.ACR_EE_IMAGE }}"
+ tag: "${{ env.ACR_EE_TAG }}"
+
+ # 3.1 Set ACK context
+ - name: Set K8s context
+ uses: aliyun/ack-set-context@v1
+ with:
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ cluster-id: "${{ env.ACK_CLUSTER_ID }}"
+
+ # 3.2 Deploy the image to the ACK cluster
+ - name: Set up Kustomize
+ run: |-
+ curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash /dev/stdin 3.8.6
+ - name: Deploy
+ run: |-
+ ./kustomize edit set image REGISTRY/NAMESPACE/IMAGE:TAG=$REGISTRY/$NAMESPACE/$IMAGE:$TAG
+ ./kustomize build . | kubectl apply -f -
+ kubectl rollout status deployment/$ACK_DEPLOYMENT_NAME
+ kubectl get services -o wide
diff --git a/ci/android.yml b/ci/android.yml
index 23f10f1f47..4bbc689631 100644
--- a/ci/android.yml
+++ b/ci/android.yml
@@ -1,17 +1,25 @@
-name: Android CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: set up JDK 1.8
- uses: actions/setup-java@v1
- with:
- java-version: 1.8
- - name: Build with Gradle
- run: ./gradlew build
+name: Android CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: set up JDK 11
+ uses: actions/setup-java@v2
+ with:
+ java-version: '11'
+ distribution: 'adopt'
+
+ - name: Grant execute permission for gradlew
+ run: chmod +x gradlew
+ - name: Build with Gradle
+ run: ./gradlew build
diff --git a/ci/ant.yml b/ci/ant.yml
index 757429c05d..655a94c90e 100644
--- a/ci/ant.yml
+++ b/ci/ant.yml
@@ -1,17 +1,25 @@
-name: Java CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Set up JDK 1.8
- uses: actions/setup-java@v1
- with:
- java-version: 1.8
- - name: Build with Ant
- run: ant -noinput -buildfile build.xml
+# This workflow will build a Java project with Ant
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-ant
+
+name: Java CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up JDK 11
+ uses: actions/setup-java@v2
+ with:
+ java-version: '11'
+ distribution: 'adopt'
+ - name: Build with Ant
+ run: ant -noinput -buildfile build.xml
diff --git a/ci/asp.net-core.yml b/ci/asp.net-core.yml
deleted file mode 100644
index 74a9e4170b..0000000000
--- a/ci/asp.net-core.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: ASP.NET Core CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Setup .NET Core
- uses: actions/setup-dotnet@v1
- with:
- dotnet-version: 2.2.108
- - name: Build with dotnet
- run: dotnet build --configuration Release
diff --git a/ci/aws.yml b/ci/aws.yml
new file mode 100644
index 0000000000..8b10116fa0
--- /dev/null
+++ b/ci/aws.yml
@@ -0,0 +1,81 @@
+# This workflow will build and push a new container image to Amazon ECR,
+# and then will deploy a new task definition to Amazon ECS, when a release is created
+#
+# To use this workflow, you will need to complete the following set-up steps:
+#
+# 1. Create an ECR repository to store your images.
+# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
+# Replace the value of `ECR_REPOSITORY` in the workflow below with your repository's name.
+# Replace the value of `aws-region` in the workflow below with your repository's region.
+#
+# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
+# For example, follow the Getting Started guide on the ECS console:
+# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
+# Replace the values for `service` and `cluster` in the workflow below with your service and cluster names.
+#
+# 3. Store your ECS task definition as a JSON file in your repository.
+# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
+# Replace the value of `task-definition` in the workflow below with your JSON file's name.
+# Replace the value of `container-name` in the workflow below with the name of the container
+# in the `containerDefinitions` section of the task definition.
+#
+# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
+# See the documentation for each action used below for the recommended IAM policies for this IAM user,
+# and best practices on handling the access key credentials.
+
+on:
+ release:
+ types: [created]
+
+name: Deploy to Amazon ECS
+
+jobs:
+ deploy:
+ name: Deploy
+ runs-on: ubuntu-latest
+ environment: production
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ - name: Configure AWS credentials
+ uses: aws-actions/configure-aws-credentials@v1
+ with:
+ aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ aws-region: us-east-2
+
+ - name: Login to Amazon ECR
+ id: login-ecr
+ uses: aws-actions/amazon-ecr-login@v1
+
+ - name: Build, tag, and push image to Amazon ECR
+ id: build-image
+ env:
+ ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+ ECR_REPOSITORY: my-ecr-repo
+ IMAGE_TAG: ${{ github.sha }}
+ run: |
+ # Build a docker container and
+ # push it to ECR so that it can
+ # be deployed to ECS.
+ docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+ docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+ echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
+
+ - name: Fill in the new image ID in the Amazon ECS task definition
+ id: task-def
+ uses: aws-actions/amazon-ecs-render-task-definition@v1
+ with:
+ task-definition: task-definition.json
+ container-name: sample-app
+ image: ${{ steps.build-image.outputs.image }}
+
+ - name: Deploy Amazon ECS task definition
+ uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+ with:
+ task-definition: ${{ steps.task-def.outputs.task-definition }}
+ service: sample-app-service
+ cluster: default
+ wait-for-service-stability: true
diff --git a/ci/azure.yml b/ci/azure.yml
new file mode 100644
index 0000000000..0262b4920f
--- /dev/null
+++ b/ci/azure.yml
@@ -0,0 +1,50 @@
+# This workflow will build and push a node.js application to an Azure Web App when a release is created.
+#
+# This workflow assumes you have already created the target Azure App Service web app.
+# For instructions see https://docs.microsoft.com/azure/app-service/app-service-plan-manage#create-an-app-service-plan
+#
+# To configure this workflow:
+#
+# 1. For Linux apps, add an app setting called WEBSITE_WEBDEPLOY_USE_SCM and set it to true in your app **before downloading the file**.
+# For more instructions see: https://docs.microsoft.com/azure/app-service/configure-common#configure-app-settings
+#
+# 2. Set up a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE with the value of your Azure publish profile.
+# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
+#
+# 3. Change the values for the AZURE_WEBAPP_NAME, AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables (below).
+#
+# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
+# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
+on:
+ release:
+ types: [created]
+
+env:
+ AZURE_WEBAPP_NAME: your-app-name # set this to your application's name
+ AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
+ NODE_VERSION: '10.x' # set this to the node version to use
+
+jobs:
+ build-and-deploy:
+ name: Build and Deploy
+ runs-on: ubuntu-latest
+ environment: production
+ steps:
+ - uses: actions/checkout@v2
+ - name: Use Node.js ${{ env.NODE_VERSION }}
+ uses: actions/setup-node@v2
+ with:
+ node-version: ${{ env.NODE_VERSION }}
+ - name: npm install, build, and test
+ run: |
+ # Build and test the project, then
+ # deploy to Azure Web App.
+ npm install
+ npm run build --if-present
+ npm run test --if-present
+ - name: 'Deploy to Azure WebApp'
+ uses: azure/webapps-deploy@v2
+ with:
+ app-name: ${{ env.AZURE_WEBAPP_NAME }}
+ publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
+ package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}
diff --git a/ci/blank.yml b/ci/blank.yml
index e712debe98..32142871a4 100644
--- a/ci/blank.yml
+++ b/ci/blank.yml
@@ -1,17 +1,36 @@
-name: CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Run a one-line script
- run: echo Hello, world!
- - name: Run a multi-line script
- run: |
- echo Add other actions to build,
- echo test, and deploy your project.
+# This is a basic workflow to help you get started with Actions
+
+name: CI
+
+# Controls when the action will run.
+on:
+ # Triggers the workflow on push or pull request events but only for the $default-branch branch
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ # This workflow contains a single job called "build"
+ build:
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+ - uses: actions/checkout@v2
+
+ # Runs a single command using the runners shell
+ - name: Run a one-line script
+ run: echo Hello, world!
+
+ # Runs a set of commands using the runners shell
+ - name: Run a multi-line script
+ run: |
+ echo Add other actions to build,
+ echo test, and deploy your project.
diff --git a/ci/c-cpp.yml b/ci/c-cpp.yml
index 2ec660636d..88d1497621 100644
--- a/ci/c-cpp.yml
+++ b/ci/c-cpp.yml
@@ -1,19 +1,23 @@
-name: C/C++ CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: configure
- run: ./configure
- - name: make
- run: make
- - name: make check
- run: make check
- - name: make distcheck
- run: make distcheck
+name: C/C++ CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: configure
+ run: ./configure
+ - name: make
+ run: make
+ - name: make check
+ run: make check
+ - name: make distcheck
+ run: make distcheck
diff --git a/ci/clojure.yml b/ci/clojure.yml
index 4c4da621a7..098918a1b8 100644
--- a/ci/clojure.yml
+++ b/ci/clojure.yml
@@ -1,15 +1,19 @@
-name: Clojure CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Install dependencies
- run: lein deps
- - name: Run tests
- run: lein test
+name: Clojure CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Install dependencies
+ run: lein deps
+ - name: Run tests
+ run: lein test
diff --git a/ci/cmake.yml b/ci/cmake.yml
new file mode 100644
index 0000000000..16341407df
--- /dev/null
+++ b/ci/cmake.yml
@@ -0,0 +1,38 @@
+name: CMake
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+env:
+ # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
+ BUILD_TYPE: Release
+
+jobs:
+ build:
+ # The CMake configure and build commands are platform agnostic and should work equally
+ # well on Windows or Mac. You can convert this to a matrix build if you need
+ # cross-platform coverage.
+ # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Configure CMake
+ # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
+ # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
+ run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
+
+ - name: Build
+ # Build your program with the given configuration
+ run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
+
+ - name: Test
+ working-directory: ${{github.workspace}}/build
+ # Execute tests defined by the CMake configuration.
+ # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
+ run: ctest -C ${{env.BUILD_TYPE}}
+
diff --git a/ci/crystal.yml b/ci/crystal.yml
index 9efdbabb80..6552afa563 100644
--- a/ci/crystal.yml
+++ b/ci/crystal.yml
@@ -1,18 +1,22 @@
-name: Crystal CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- container:
- image: crystallang/crystal
-
- steps:
- - uses: actions/checkout@v1
- - name: Install dependencies
- run: shards install
- - name: Run tests
- run: crystal spec
+name: Crystal CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ container:
+ image: crystallang/crystal
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Install dependencies
+ run: shards install
+ - name: Run tests
+ run: crystal spec
diff --git a/ci/d.yml b/ci/d.yml
new file mode 100644
index 0000000000..6086681203
--- /dev/null
+++ b/ci/d.yml
@@ -0,0 +1,29 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+name: D
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - uses: dlang-community/setup-dlang@4c99aa991ce7d19dd3064de0a4f2f6b2f152e2d7
+
+ - name: 'Build & Test'
+ run: |
+ # Build the project, with its main file included, without unittests
+ dub build --compiler=$DC
+ # Build and run tests, as defined by `unittest` configuration
+ # In this mode, `mainSourceFile` is excluded and `version (unittest)` are included
+ # See https://dub.pm/package-format-json.html#configurations
+ dub test --compiler=$DC
diff --git a/ci/dart.yml b/ci/dart.yml
index 408bc91374..7486577484 100644
--- a/ci/dart.yml
+++ b/ci/dart.yml
@@ -1,18 +1,42 @@
-name: Dart CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- container:
- image: google/dart:latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Install dependencies
- run: pub get
- - name: Run tests
- run: pub run test
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Dart
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+
+ # Note: This workflow uses the latest stable version of the Dart SDK.
+ # You can specify other versions if desired, see documentation here:
+ # https://github.com/dart-lang/setup-dart/blob/main/README.md
+ # - uses: dart-lang/setup-dart@v1
+ - uses: dart-lang/setup-dart@9a04e6d73cca37bd455e0608d7e5092f881fd603
+
+ - name: Install dependencies
+ run: dart pub get
+
+ # Uncomment this step to verify the use of 'dart format' on each commit.
+ # - name: Verify formatting
+ # run: dart format --output=none --set-exit-if-changed .
+
+ # Consider passing '--fatal-infos' for slightly stricter analysis.
+ - name: Analyze project source
+ run: dart analyze
+
+ # Your project will need to have tests in test/ and a dependency on
+ # package:test for this step to succeed. Note that Flutter projects will
+ # want to change this to 'flutter test'.
+ - name: Run tests
+ run: dart test
diff --git a/ci/deno.yml b/ci/deno.yml
new file mode 100644
index 0000000000..cf91f5ee79
--- /dev/null
+++ b/ci/deno.yml
@@ -0,0 +1,47 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow will install Deno and run tests across stable and canary builds on Windows, Ubuntu and macOS.
+# For more information see: https://github.com/denoland/setup-deno
+
+name: Deno
+
+on:
+ push:
+ branches: [$default-branch]
+ pull_request:
+ branches: [$default-branch]
+
+jobs:
+ test:
+ runs-on: ${{ matrix.os }} # runs a test on Ubuntu, Windows and macOS
+
+ strategy:
+ matrix:
+ deno: ["v1.x", "canary"]
+ os: [macOS-latest, windows-latest, ubuntu-latest]
+
+ steps:
+ - name: Setup repo
+ uses: actions/checkout@v2
+
+ - name: Setup Deno
+ # uses: denoland/setup-deno@v1
+ uses: denoland/setup-deno@4a4e59637fa62bd6c086a216c7e4c5b457ea9e79
+ with:
+ deno-version: ${{ matrix.deno }} # tests across multiple Deno versions
+
+ # Uncomment this step to verify the use of 'deno fmt' on each commit.
+ # - name: Verify formatting
+ # run: deno fmt --check
+
+ - name: Run linter
+ run: deno lint
+
+ - name: Cache dependencies
+ run: deno cache deps.ts
+
+ - name: Run tests
+ run: deno test -A --unstable
diff --git a/ci/django.yml b/ci/django.yml
new file mode 100644
index 0000000000..dbde2666b0
--- /dev/null
+++ b/ci/django.yml
@@ -0,0 +1,30 @@
+name: Django CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+ strategy:
+ max-parallel: 4
+ matrix:
+ python-version: [3.7, 3.8, 3.9]
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up Python ${{ matrix.python-version }}
+ uses: actions/setup-python@v2
+ with:
+ python-version: ${{ matrix.python-version }}
+ - name: Install Dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install -r requirements.txt
+ - name: Run Tests
+ run: |
+ python manage.py test
diff --git a/ci/docker-image.yml b/ci/docker-image.yml
index 5001295cb1..78532a335a 100644
--- a/ci/docker-image.yml
+++ b/ci/docker-image.yml
@@ -1,14 +1,18 @@
-name: Docker Image CI
-
-on: [push]
-
-jobs:
-
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Build the Docker image
- run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)
+name: Docker Image CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Build the Docker image
+ run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)
diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml
new file mode 100644
index 0000000000..ba6974478c
--- /dev/null
+++ b/ci/docker-publish.yml
@@ -0,0 +1,80 @@
+name: Docker
+
+on:
+ push:
+ # Publish `$default-branch` as Docker `latest` image.
+ branches:
+ - $default-branch
+
+ # Publish `v1.2.3` tags as releases.
+ tags:
+ - v*
+
+ # Run tests for any PRs.
+ pull_request:
+
+env:
+ # TODO: Change variable to your image's name.
+ IMAGE_NAME: image
+
+jobs:
+ # Run tests.
+ # See also https://docs.docker.com/docker-hub/builds/automated-testing/
+ test:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Run tests
+ run: |
+ if [ -f docker-compose.test.yml ]; then
+ docker-compose --file docker-compose.test.yml build
+ docker-compose --file docker-compose.test.yml run sut
+ else
+ docker build . --file Dockerfile
+ fi
+
+ # Push image to GitHub Packages.
+ # See also https://docs.docker.com/docker-hub/builds/
+ push:
+ # Ensure test job passes before pushing image.
+ needs: test
+
+ runs-on: ubuntu-latest
+ if: github.event_name == 'push'
+
+ permissions:
+ contents: read
+ packages: write
+
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Build image
+ run: docker build . --file Dockerfile --tag $IMAGE_NAME
+
+ - name: Log into registry
+ run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin
+
+ - name: Push image
+ run: |
+ IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/$IMAGE_NAME
+
+ # Change all uppercase to lowercase
+ IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+
+ # Strip git ref prefix from version
+ VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+
+ # Strip "v" prefix from tag name
+ [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+
+ # Use Docker `latest` tag convention
+ [ "$VERSION" == "$default-branch" ] && VERSION=latest
+
+ echo IMAGE_ID=$IMAGE_ID
+ echo VERSION=$VERSION
+
+ docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
+ docker push $IMAGE_ID:$VERSION
diff --git a/ci/dotnet-desktop.yml b/ci/dotnet-desktop.yml
new file mode 100644
index 0000000000..2e55b15519
--- /dev/null
+++ b/ci/dotnet-desktop.yml
@@ -0,0 +1,115 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow will build, test, sign and package a WPF or Windows Forms desktop application
+# built on .NET Core.
+# To learn how to migrate your existing application to .NET Core,
+# refer to https://docs.microsoft.com/en-us/dotnet/desktop-wpf/migration/convert-project-from-net-framework
+#
+# To configure this workflow:
+#
+# 1. Configure environment variables
+# GitHub sets default environment variables for every workflow run.
+# Replace the variables relative to your project in the "env" section below.
+#
+# 2. Signing
+# Generate a signing certificate in the Windows Application
+# Packaging Project or add an existing signing certificate to the project.
+# Next, use PowerShell to encode the .pfx file using Base64 encoding
+# by running the following Powershell script to generate the output string:
+#
+# $pfx_cert = Get-Content '.\SigningCertificate.pfx' -Encoding Byte
+# [System.Convert]::ToBase64String($pfx_cert) | Out-File 'SigningCertificate_Encoded.txt'
+#
+# Open the output file, SigningCertificate_Encoded.txt, and copy the
+# string inside. Then, add the string to the repo as a GitHub secret
+# and name it "Base64_Encoded_Pfx."
+# For more information on how to configure your signing certificate for
+# this workflow, refer to https://github.com/microsoft/github-actions-for-desktop-apps#signing
+#
+# Finally, add the signing certificate password to the repo as a secret and name it "Pfx_Key".
+# See "Build the Windows Application Packaging project" below to see how the secret is used.
+#
+# For more information on GitHub Actions, refer to https://github.com/features/actions
+# For a complete CI/CD sample to get started with GitHub Action workflows for Desktop Applications,
+# refer to https://github.com/microsoft/github-actions-for-desktop-apps
+
+name: .NET Core Desktop
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+
+ build:
+
+ strategy:
+ matrix:
+ configuration: [Debug, Release]
+
+ runs-on: windows-latest # For a list of available runner types, refer to
+ # https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idruns-on
+
+ env:
+ Solution_Name: your-solution-name # Replace with your solution name, i.e. MyWpfApp.sln.
+ Test_Project_Path: your-test-project-path # Replace with the path to your test project, i.e. MyWpfApp.Tests\MyWpfApp.Tests.csproj.
+ Wap_Project_Directory: your-wap-project-directory-name # Replace with the Wap project directory relative to the solution, i.e. MyWpfApp.Package.
+ Wap_Project_Path: your-wap-project-path # Replace with the path to your Wap project, i.e. MyWpf.App.Package\MyWpfApp.Package.wapproj.
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+ with:
+ fetch-depth: 0
+
+ # Install the .NET Core workload
+ - name: Install .NET Core
+ uses: actions/setup-dotnet@v1
+ with:
+ dotnet-version: 5.0.x
+
+ # Add MSBuild to the PATH: https://github.com/microsoft/setup-msbuild
+ - name: Setup MSBuild.exe
+ uses: microsoft/setup-msbuild@v1.0.2
+
+ # Execute all unit tests in the solution
+ - name: Execute unit tests
+ run: dotnet test
+
+ # Restore the application to populate the obj folder with RuntimeIdentifiers
+ - name: Restore the application
+ run: msbuild $env:Solution_Name /t:Restore /p:Configuration=$env:Configuration
+ env:
+ Configuration: ${{ matrix.configuration }}
+
+ # Decode the base 64 encoded pfx and save the Signing_Certificate
+ - name: Decode the pfx
+ run: |
+ $pfx_cert_byte = [System.Convert]::FromBase64String("${{ secrets.Base64_Encoded_Pfx }}")
+ $certificatePath = Join-Path -Path $env:Wap_Project_Directory -ChildPath GitHubActionsWorkflow.pfx
+ [IO.File]::WriteAllBytes("$certificatePath", $pfx_cert_byte)
+
+ # Create the app package by building and packaging the Windows Application Packaging project
+ - name: Create the app package
+ run: msbuild $env:Wap_Project_Path /p:Configuration=$env:Configuration /p:UapAppxPackageBuildMode=$env:Appx_Package_Build_Mode /p:AppxBundle=$env:Appx_Bundle /p:PackageCertificateKeyFile=GitHubActionsWorkflow.pfx /p:PackageCertificatePassword=${{ secrets.Pfx_Key }}
+ env:
+ Appx_Bundle: Always
+ Appx_Bundle_Platforms: x86|x64
+ Appx_Package_Build_Mode: StoreUpload
+ Configuration: ${{ matrix.configuration }}
+
+ # Remove the pfx
+ - name: Remove the pfx
+ run: Remove-Item -path $env:Wap_Project_Directory\$env:Signing_Certificate
+
+ # Upload the MSIX package: https://github.com/marketplace/actions/upload-artifact
+ - name: Upload build artifacts
+ uses: actions/upload-artifact@v2
+ with:
+ name: MSIX Package
+ path: ${{ env.Wap_Project_Directory }}\AppPackages
diff --git a/ci/dotnet.yml b/ci/dotnet.yml
new file mode 100644
index 0000000000..c31cf6857f
--- /dev/null
+++ b/ci/dotnet.yml
@@ -0,0 +1,25 @@
+name: .NET
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Setup .NET
+ uses: actions/setup-dotnet@v1
+ with:
+ dotnet-version: 5.0.x
+ - name: Restore dependencies
+ run: dotnet restore
+ - name: Build
+ run: dotnet build --no-restore
+ - name: Test
+ run: dotnet test --no-build --verbosity normal
diff --git a/ci/elixir.yml b/ci/elixir.yml
index eed27bc28b..3f64657060 100644
--- a/ci/elixir.yml
+++ b/ci/elixir.yml
@@ -1,21 +1,31 @@
name: Elixir CI
-on: push
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
jobs:
build:
+ name: Build and test
runs-on: ubuntu-latest
- container:
- image: elixir:1.9.1-slim
-
steps:
- - uses: actions/checkout@v1
- - name: Install Dependencies
- run: |
- mix local.rebar --force
- mix local.hex --force
- mix deps.get
- - name: Run Tests
+ - uses: actions/checkout@v2
+ - name: Set up Elixir
+ uses: erlef/setup-elixir@885971a72ed1f9240973bd92ab57af8c1aa68f24
+ with:
+ elixir-version: '1.10.3' # Define the elixir version [required]
+ otp-version: '22.3' # Define the OTP version [required]
+ - name: Restore dependencies cache
+ uses: actions/cache@v2
+ with:
+ path: deps
+ key: ${{ runner.os }}-mix-${{ hashFiles('**/mix.lock') }}
+ restore-keys: ${{ runner.os }}-mix-
+ - name: Install dependencies
+ run: mix deps.get
+ - name: Run tests
run: mix test
diff --git a/ci/erlang.yml b/ci/erlang.yml
index e67464c792..25cb8939e7 100644
--- a/ci/erlang.yml
+++ b/ci/erlang.yml
@@ -1,19 +1,23 @@
-name: Erlang CI
-
-on: [push]
-
-jobs:
-
- build:
-
- runs-on: ubuntu-latest
-
- container:
- image: erlang:22.0.7
-
- steps:
- - uses: actions/checkout@v1
- - name: Compile
- run: rebar3 compile
- - name: Run tests
- run: rebar3 do eunit, ct
+name: Erlang CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+
+ build:
+
+ runs-on: ubuntu-latest
+
+ container:
+ image: erlang:22.0.7
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Compile
+ run: rebar3 compile
+ - name: Run tests
+ run: rebar3 do eunit, ct
diff --git a/ci/gem-push.yml b/ci/gem-push.yml
index ff0bfb3d9d..3dc62be3cb 100644
--- a/ci/gem-push.yml
+++ b/ci/gem-push.yml
@@ -1,36 +1,37 @@
name: Ruby Gem
on:
- pull_request:
- branches:
- - master
push:
- branches:
- - master
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
jobs:
build:
name: Build + Publish
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
steps:
- - uses: actions/checkout@master
+ - uses: actions/checkout@v2
- name: Set up Ruby 2.6
uses: actions/setup-ruby@v1
with:
- version: 2.6.x
+ ruby-version: 2.6.x
- name: Publish to GPR
run: |
mkdir -p $HOME/.gem
touch $HOME/.gem/credentials
chmod 0600 $HOME/.gem/credentials
- printf -- "---\n:github: Bearer ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+ printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
gem build *.gemspec
gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
env:
- GEM_HOST_API_KEY: ${{secrets.GPR_AUTH_TOKEN}}
- OWNER: username
+ GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
+ OWNER: ${{ github.repository_owner }}
- name: Publish to RubyGems
run: |
@@ -41,4 +42,4 @@ jobs:
gem build *.gemspec
gem push *.gem
env:
- GEM_HOST_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
+ GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
diff --git a/ci/go.yml b/ci/go.yml
index 169022ba33..bcf4489be4 100644
--- a/ci/go.yml
+++ b/ci/go.yml
@@ -1,28 +1,25 @@
-name: Go
-on: [push]
-jobs:
-
- build:
- name: Build
- runs-on: ubuntu-latest
- steps:
-
- - name: Set up Go 1.13
- uses: actions/setup-go@v1
- with:
- go-version: 1.13
- id: go
-
- - name: Check out code into the Go module directory
- uses: actions/checkout@v1
-
- - name: Get dependencies
- run: |
- go get -v -t -d ./...
- if [ -f Gopkg.toml ]; then
- curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
- dep ensure
- fi
-
- - name: Build
- run: go build -v .
+name: Go
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Set up Go
+ uses: actions/setup-go@v2
+ with:
+ go-version: 1.15
+
+ - name: Build
+ run: go build -v ./...
+
+ - name: Test
+ run: go test -v ./...
diff --git a/ci/google.yml b/ci/google.yml
new file mode 100644
index 0000000000..5e803edba5
--- /dev/null
+++ b/ci/google.yml
@@ -0,0 +1,80 @@
+# This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when a release is created
+#
+# To configure this workflow:
+#
+# 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc.
+#
+# 2. Set up secrets in your workspace: GKE_PROJECT with the name of the project and GKE_SA_KEY with the Base64 encoded JSON service account key (https://github.com/GoogleCloudPlatform/github-actions/tree/docs/service-account-key/setup-gcloud#inputs).
+#
+# 3. Change the values for the GKE_ZONE, GKE_CLUSTER, IMAGE, and DEPLOYMENT_NAME environment variables (below).
+#
+# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke
+
+name: Build and Deploy to GKE
+
+on:
+ release:
+ types: [created]
+
+env:
+ PROJECT_ID: ${{ secrets.GKE_PROJECT }}
+ GKE_CLUSTER: cluster-1 # TODO: update to cluster name
+ GKE_ZONE: us-central1-c # TODO: update to cluster zone
+ DEPLOYMENT_NAME: gke-test # TODO: update to deployment name
+ IMAGE: static-site
+
+jobs:
+ setup-build-publish-deploy:
+ name: Setup, Build, Publish, and Deploy
+ runs-on: ubuntu-latest
+ environment: production
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ # Setup gcloud CLI
+ - uses: google-github-actions/setup-gcloud@v0.2.0
+ with:
+ service_account_key: ${{ secrets.GKE_SA_KEY }}
+ project_id: ${{ secrets.GKE_PROJECT }}
+
+ # Configure Docker to use the gcloud command-line tool as a credential
+ # helper for authentication
+ - run: |-
+ gcloud --quiet auth configure-docker
+
+ # Get the GKE credentials so we can deploy to the cluster
+ - uses: google-github-actions/get-gke-credentials@v0.2.1
+ with:
+ cluster_name: ${{ env.GKE_CLUSTER }}
+ location: ${{ env.GKE_ZONE }}
+ credentials: ${{ secrets.GKE_SA_KEY }}
+
+ # Build the Docker image
+ - name: Build
+ run: |-
+ docker build \
+ --tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \
+ --build-arg GITHUB_SHA="$GITHUB_SHA" \
+ --build-arg GITHUB_REF="$GITHUB_REF" \
+ .
+
+ # Push the Docker image to Google Container Registry
+ - name: Publish
+ run: |-
+ docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA"
+
+ # Set up kustomize
+ - name: Set up Kustomize
+ run: |-
+ curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
+ chmod u+x ./kustomize
+
+ # Deploy the Docker image to the GKE cluster
+ - name: Deploy
+ run: |-
+ ./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA
+ ./kustomize build . | kubectl apply -f -
+ kubectl rollout status deployment/$DEPLOYMENT_NAME
+ kubectl get services -o wide
diff --git a/ci/gradle-publish.yml b/ci/gradle-publish.yml
new file mode 100644
index 0000000000..a74a1ce2eb
--- /dev/null
+++ b/ci/gradle-publish.yml
@@ -0,0 +1,37 @@
+# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
+# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
+
+name: Gradle Package
+
+on:
+ release:
+ types: [created]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up JDK 11
+ uses: actions/setup-java@v2
+ with:
+ java-version: '11'
+ distribution: 'adopt'
+ server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
+ settings-path: ${{ github.workspace }} # location for the settings.xml file
+
+ - name: Build with Gradle
+ run: gradle build
+
+ # The USERNAME and TOKEN need to correspond to the credentials environment variables used in
+ # the publishing section of your build.gradle
+ - name: Publish to GitHub Packages
+ run: gradle publish
+ env:
+ USERNAME: ${{ github.actor }}
+ TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/ci/gradle.yml b/ci/gradle.yml
index 8e4dc5ea31..6e7e922b22 100644
--- a/ci/gradle.yml
+++ b/ci/gradle.yml
@@ -1,17 +1,27 @@
-name: Java CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Set up JDK 1.8
- uses: actions/setup-java@v1
- with:
- java-version: 1.8
- - name: Build with Gradle
- run: ./gradlew build
+# This workflow will build a Java project with Gradle
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
+
+name: Java CI with Gradle
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up JDK 11
+ uses: actions/setup-java@v2
+ with:
+ java-version: '11'
+ distribution: 'adopt'
+ - name: Grant execute permission for gradlew
+ run: chmod +x gradlew
+ - name: Build with Gradle
+ run: ./gradlew build
diff --git a/ci/haskell.yml b/ci/haskell.yml
index f4e3bb4050..c1d7dc7aeb 100644
--- a/ci/haskell.yml
+++ b/ci/haskell.yml
@@ -1,19 +1,40 @@
-name: Haskell CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Install dependencies
- run: cabal install --only-dependencies --enable-tests
- - name: Build
- run: |
- cabal configure --enable-tests
- cabal build
- - name: Run tests
- run: cabal test
+name: Haskell CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - uses: actions/setup-haskell@v1
+ with:
+ ghc-version: '8.10.3'
+ cabal-version: '3.2'
+
+ - name: Cache
+ uses: actions/cache@v1
+ env:
+ cache-name: cache-cabal
+ with:
+ path: ~/.cabal
+ key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/*.cabal') }}-${{ hashFiles('**/cabal.project') }}
+ restore-keys: |
+ ${{ runner.os }}-build-${{ env.cache-name }}-
+ ${{ runner.os }}-build-
+ ${{ runner.os }}-
+
+ - name: Install dependencies
+ run: |
+ cabal update
+ cabal build --only-dependencies --enable-tests --enable-benchmarks
+ - name: Build
+ run: cabal build --enable-tests --enable-benchmarks all
+ - name: Run tests
+ run: cabal test all
diff --git a/ci/ibm.yml b/ci/ibm.yml
new file mode 100644
index 0000000000..a8502cdd0c
--- /dev/null
+++ b/ci/ibm.yml
@@ -0,0 +1,75 @@
+# This workflow will build a docker container, publish it to IBM Container Registry, and deploy it to IKS when a release is created
+#
+# To configure this workflow:
+#
+# 1. Ensure that your repository contains a Dockerfile
+# 2. Setup secrets in your repository by going to settings: Create ICR_NAMESPACE and IBM_CLOUD_API_KEY
+# 3. Change the values for the IBM_CLOUD_REGION, REGISTRY_HOSTNAME, IMAGE_NAME, IKS_CLUSTER, DEPLOYMENT_NAME, and PORT
+
+name: Build and Deploy to IKS
+
+on:
+ release:
+ types: [created]
+
+# Environment variables available to all jobs and steps in this workflow
+env:
+ GITHUB_SHA: ${{ github.sha }}
+ IBM_CLOUD_API_KEY: ${{ secrets.IBM_CLOUD_API_KEY }}
+ IBM_CLOUD_REGION: us-south
+ ICR_NAMESPACE: ${{ secrets.ICR_NAMESPACE }}
+ REGISTRY_HOSTNAME: us.icr.io
+ IMAGE_NAME: iks-test
+ IKS_CLUSTER: example-iks-cluster-name-or-id
+ DEPLOYMENT_NAME: iks-test
+ PORT: 5001
+
+jobs:
+ setup-build-publish-deploy:
+ name: Setup, Build, Publish, and Deploy
+ runs-on: ubuntu-latest
+ environment: production
+ steps:
+
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ # Download and Install IBM Cloud CLI
+ - name: Install IBM Cloud CLI
+ run: |
+ curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
+ ibmcloud --version
+ ibmcloud config --check-version=false
+ ibmcloud plugin install -f kubernetes-service
+ ibmcloud plugin install -f container-registry
+
+ # Authenticate with IBM Cloud CLI
+ - name: Authenticate with IBM Cloud CLI
+ run: |
+ ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" -r "${IBM_CLOUD_REGION}" -g default
+ ibmcloud cr region-set "${IBM_CLOUD_REGION}"
+ ibmcloud cr login
+
+ # Build the Docker image
+ - name: Build with Docker
+ run: |
+ docker build -t "$REGISTRY_HOSTNAME"/"$ICR_NAMESPACE"/"$IMAGE_NAME":"$GITHUB_SHA" \
+ --build-arg GITHUB_SHA="$GITHUB_SHA" \
+ --build-arg GITHUB_REF="$GITHUB_REF" .
+
+ # Push the image to IBM Container Registry
+ - name: Push the image to ICR
+ run: |
+ docker push $REGISTRY_HOSTNAME/$ICR_NAMESPACE/$IMAGE_NAME:$GITHUB_SHA
+
+ # Deploy the Docker image to the IKS cluster
+ - name: Deploy to IKS
+ run: |
+ ibmcloud ks cluster config --cluster $IKS_CLUSTER
+ kubectl config current-context
+ kubectl create deployment $DEPLOYMENT_NAME --image=$REGISTRY_HOSTNAME/$ICR_NAMESPACE/$IMAGE_NAME:$GITHUB_SHA --dry-run -o yaml > deployment.yaml
+ kubectl apply -f deployment.yaml
+ kubectl rollout status deployment/$DEPLOYMENT_NAME
+ kubectl create service loadbalancer $DEPLOYMENT_NAME --tcp=80:$PORT --dry-run -o yaml > service.yaml
+ kubectl apply -f service.yaml
+ kubectl get services -o wide
diff --git a/ci/ios.yml b/ci/ios.yml
new file mode 100644
index 0000000000..74c974d1dc
--- /dev/null
+++ b/ci/ios.yml
@@ -0,0 +1,44 @@
+name: iOS starter workflow
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+ name: Build and Test default scheme using any available iPhone simulator
+ runs-on: macos-latest
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+ - name: Set Default Scheme
+ run: |
+ scheme_list=$(xcodebuild -list -json | tr -d "\n")
+ default=$(echo $scheme_list | ruby -e "require 'json'; puts JSON.parse(STDIN.gets)['project']['targets'][0]")
+ echo $default | cat >default
+ echo Using default scheme: $default
+ - name: Build
+ env:
+ scheme: ${{ 'default' }}
+ platform: ${{ 'iOS Simulator' }}
+ run: |
+ # xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
+ device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'``
+ if [ $scheme = default ]; then scheme=$(cat default); fi
+ if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
+ file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
+ xcodebuild build-for-testing -scheme "$scheme" -"$filetype_parameter" "$file_to_build" -destination "platform=$platform,name=$device"
+ - name: Test
+ env:
+ scheme: ${{ 'default' }}
+ platform: ${{ 'iOS Simulator' }}
+ run: |
+ # xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959)
+ device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}'``
+ if [ $scheme = default ]; then scheme=$(cat default); fi
+ if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi
+ file_to_build=`echo $file_to_build | awk '{$1=$1;print}'`
+ xcodebuild test-without-building -scheme "$scheme" -"$filetype_parameter" "$file_to_build" -destination "platform=$platform,name=$device"
diff --git a/ci/jekyll.yml b/ci/jekyll.yml
index 782095829c..71920c128d 100644
--- a/ci/jekyll.yml
+++ b/ci/jekyll.yml
@@ -1,16 +1,20 @@
-name: Jekyll site CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Build the site in the jekyll/builder container
- run: |
- docker run \
- -v ${{ github.workspace }}:/srv/jekyll -v ${{ github.workspace }}/_site:/srv/jekyll/_site \
- jekyll/builder:latest /bin/bash -c "chmod 777 /srv/jekyll && jekyll build --future"
+name: Jekyll site CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Build the site in the jekyll/builder container
+ run: |
+ docker run \
+ -v ${{ github.workspace }}:/srv/jekyll -v ${{ github.workspace }}/_site:/srv/jekyll/_site \
+ jekyll/builder:latest /bin/bash -c "chmod -R 777 /srv/jekyll && jekyll build --future"
diff --git a/ci/laravel.yml b/ci/laravel.yml
new file mode 100644
index 0000000000..5f4e6c9023
--- /dev/null
+++ b/ci/laravel.yml
@@ -0,0 +1,35 @@
+name: Laravel
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ laravel-tests:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: shivammathur/setup-php@15c43e89cdef867065b0213be354c2841860869e
+ with:
+ php-version: '8.0'
+ - uses: actions/checkout@v2
+ - name: Copy .env
+ run: php -r "file_exists('.env') || copy('.env.example', '.env');"
+ - name: Install Dependencies
+ run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
+ - name: Generate key
+ run: php artisan key:generate
+ - name: Directory Permissions
+ run: chmod -R 777 storage bootstrap/cache
+ - name: Create Database
+ run: |
+ mkdir -p database
+ touch database/database.sqlite
+ - name: Execute tests (Unit and Feature tests) via PHPUnit
+ env:
+ DB_CONNECTION: sqlite
+ DB_DATABASE: database/database.sqlite
+ run: vendor/bin/phpunit
diff --git a/ci/maven-publish.yml b/ci/maven-publish.yml
new file mode 100644
index 0000000000..18dd937d4e
--- /dev/null
+++ b/ci/maven-publish.yml
@@ -0,0 +1,34 @@
+# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created
+# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path
+
+name: Maven Package
+
+on:
+ release:
+ types: [created]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up JDK 11
+ uses: actions/setup-java@v2
+ with:
+ java-version: '11'
+ distribution: 'adopt'
+ server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
+ settings-path: ${{ github.workspace }} # location for the settings.xml file
+
+ - name: Build with Maven
+ run: mvn -B package --file pom.xml
+
+ - name: Publish to GitHub Packages Apache Maven
+ run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml
+ env:
+ GITHUB_TOKEN: ${{ github.token }}
diff --git a/ci/maven.yml b/ci/maven.yml
index dbc347f9c3..923425b43e 100644
--- a/ci/maven.yml
+++ b/ci/maven.yml
@@ -1,17 +1,25 @@
-name: Java CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Set up JDK 1.8
- uses: actions/setup-java@v1
- with:
- java-version: 1.8
- - name: Build with Maven
- run: mvn -B package --file pom.xml
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Java CI with Maven
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up JDK 11
+ uses: actions/setup-java@v2
+ with:
+ java-version: '11'
+ distribution: 'adopt'
+ - name: Build with Maven
+ run: mvn -B package --file pom.xml
diff --git a/ci/msbuild.yml b/ci/msbuild.yml
new file mode 100644
index 0000000000..29b6acebc1
--- /dev/null
+++ b/ci/msbuild.yml
@@ -0,0 +1,32 @@
+name: MSBuild
+
+on: [push]
+
+env:
+ # Path to the solution file relative to the root of the project.
+ SOLUTION_FILE_PATH: .
+
+ # Configuration type to build.
+ # You can convert this to a build matrix if you need coverage of multiple configuration types.
+ # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+ BUILD_CONFIGURATION: Release
+
+jobs:
+ build:
+ runs-on: windows-latest
+
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Add MSBuild to PATH
+ uses: microsoft/setup-msbuild@v1.0.2
+
+ - name: Restore NuGet packages
+ working-directory: ${{env.GITHUB_WORKSPACE}}
+ run: nuget restore ${{env.SOLUTION_FILE_PATH}}
+
+ - name: Build
+ working-directory: ${{env.GITHUB_WORKSPACE}}
+ # Add additional options to the MSBuild command line here (like platform or verbosity level).
+ # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+ run: msbuild /m /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
diff --git a/ci/node.js.yml b/ci/node.js.yml
index 8da6b92630..06cd54bc93 100644
--- a/ci/node.js.yml
+++ b/ci/node.js.yml
@@ -1,26 +1,30 @@
-name: Node CI
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- strategy:
- matrix:
- node-version: [8.x, 10.x, 12.x]
-
- steps:
- - uses: actions/checkout@v1
- - name: Use Node.js ${{ matrix.node-version }}
- uses: actions/setup-node@v1
- with:
- node-version: ${{ matrix.node-version }}
- - name: npm install, build, and test
- run: |
- npm install
- npm run build --if-present
- npm test
- env:
- CI: true
+# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
+
+name: Node.js CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ strategy:
+ matrix:
+ node-version: [10.x, 12.x, 14.x, 15.x]
+ # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Use Node.js ${{ matrix.node-version }}
+ uses: actions/setup-node@v2
+ with:
+ node-version: ${{ matrix.node-version }}
+ - run: npm ci
+ - run: npm run build --if-present
+ - run: npm test
diff --git a/ci/npm-publish.yml b/ci/npm-publish.yml
index 3ae89d4e74..84629029a3 100644
--- a/ci/npm-publish.yml
+++ b/ci/npm-publish.yml
@@ -1,19 +1,18 @@
+# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
+# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
+
name: Node.js Package
on:
- pull_request:
- branches:
- - master
- push:
- branches:
- - master
+ release:
+ types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v1
- - uses: actions/setup-node@v1
+ - uses: actions/checkout@v2
+ - uses: actions/setup-node@v2
with:
node-version: 12
- run: npm ci
@@ -23,11 +22,12 @@ jobs:
needs: build
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v1
- - uses: actions/setup-node@v1
+ - uses: actions/checkout@v2
+ - uses: actions/setup-node@v2
with:
node-version: 12
registry-url: https://registry.npmjs.org/
+ - run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
@@ -35,13 +35,16 @@ jobs:
publish-gpr:
needs: build
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
steps:
- - uses: actions/checkout@v1
- - uses: actions/setup-node@v1
+ - uses: actions/checkout@v2
+ - uses: actions/setup-node@v2
with:
node-version: 12
- registry-url: https://npm.pkg.github.com/
- scope: '@your-github-username'
+ registry-url: $registry-url(npm)
+ - run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/ci/openshift.yml b/ci/openshift.yml
new file mode 100644
index 0000000000..6d5c20a2cd
--- /dev/null
+++ b/ci/openshift.yml
@@ -0,0 +1,179 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+### The OpenShift Starter workflow will:
+# - Checkout your repository
+# - Perform a Docker build
+# - Push the built image to an image registry
+# - Log in to your OpenShift cluster
+# - Create an OpenShift app from the image and expose it to the internet.
+
+### Before you begin:
+# - Have write access to a container image registry such as quay.io or Dockerhub.
+# - Have access to an OpenShift cluster.
+# - For instructions to get started with OpenShift see https://www.openshift.com/try
+# - The project you wish to add this workflow to should have a Dockerfile.
+# - If you don't have a Dockerfile at the repository root, see the buildah-build step.
+# - Builds from scratch are also available, but require more configuration.
+
+### To get the workflow running:
+# 1. Add this workflow to your repository.
+# 2. Edit the top-level 'env' section, which contains a list of environment variables that must be configured.
+# 3. Create the secrets referenced in the 'env' section under your repository Settings.
+# 4. Edit the 'branches' in the 'on' section to trigger the workflow on a push to your branch.
+# 5. Commit and push your changes.
+
+# For a more sophisticated example, see https://github.com/redhat-actions/spring-petclinic/blob/main/.github/workflows/petclinic-sample.yaml
+# Also see our GitHub organization, https://github.com/redhat-actions/
+# ▶️ See a video of how to set up this workflow at https://www.youtube.com/watch?v=6hgBO-1pKho
+
+name: OpenShift
+
+# ⬇️ Modify the fields marked with ⬇️ to fit your project, and create any secrets that are referenced.
+# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
+env:
+ # ⬇️ EDIT with your registry and registry path.
+ REGISTRY: quay.io/
+ # ⬇️ EDIT with your registry username.
+ REGISTRY_USER:
+ REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+
+ # ⬇️ EDIT to log into your OpenShift cluster and set up the context.
+ # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
+ OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
+ OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
+
+ # ⬇️ EDIT with any additional port your application should expose.
+ # By default, oc new-app action creates a service to the image's lowest numeric exposed port.
+ APP_PORT: ""
+
+ # ⬇️ EDIT if you wish to set the kube context's namespace after login. Leave blank to use the default namespace.
+ OPENSHIFT_NAMESPACE: ""
+
+ # If you wish to manually provide the APP_NAME and TAG, set them here, otherwise they will be auto-detected.
+ APP_NAME: ""
+ TAG: ""
+
+on:
+ # https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows
+ push:
+ # Edit to the branch(es) you want to build and deploy on each push.
+ branches: [ $default-branch ]
+
+jobs:
+ openshift-ci-cd:
+ name: Build and deploy to OpenShift
+ runs-on: ubuntu-18.04
+ environment: production
+
+ outputs:
+ ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
+ SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
+
+ steps:
+ - name: Check if secrets exists
+ uses: actions/github-script@v3
+ with:
+ script: |
+ const secrets = {
+ REGISTRY_PASSWORD: `${{ secrets.REGISTRY_PASSWORD }}`,
+ OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`,
+ OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`,
+ };
+
+ const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
+ if (value.length === 0) {
+ core.warning(`Secret "${name}" is not set`);
+ return true;
+ }
+ core.info(`✔️ Secret "${name}" is set`);
+ return false;
+
+ });
+
+ if (missingSecrets.length > 0) {
+ core.setFailed(`❌ At least one required secret is not set in the repository. \n` +
+ "You can add it using:\n" +
+ "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
+ "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
+ "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
+ }
+ else {
+ core.info(`✅ All the required secrets are set`);
+ }
+
+ - uses: actions/checkout@v2
+
+ - name: Determine app name
+ if: env.APP_NAME == ''
+ run: |
+ echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV
+
+ - name: Determine tag
+ if: env.TAG == ''
+ run: |
+ echo "TAG=${GITHUB_SHA::7}" | tee -a $GITHUB_ENV
+
+ # https://github.com/redhat-actions/buildah-build#readme
+ - name: Build from Dockerfile
+ id: image-build
+ uses: redhat-actions/buildah-build@v2
+ with:
+ image: ${{ env.APP_NAME }}
+ tags: ${{ env.TAG }}
+ # If you don't have a dockerfile, see:
+ # https://github.com/redhat-actions/buildah-build#scratch-build-inputs
+ # Otherwise, point this to your Dockerfile relative to the repository root.
+ dockerfiles: |
+ ./Dockerfile
+
+ # https://github.com/redhat-actions/push-to-registry#readme
+ - name: Push to registry
+ id: push-to-registry
+ uses: redhat-actions/push-to-registry@v2
+ with:
+ image: ${{ steps.image-build.outputs.image }}
+ tags: ${{ steps.image-build.outputs.tags }}
+ registry: ${{ env.REGISTRY }}
+ username: ${{ env.REGISTRY_USER }}
+ password: ${{ env.REGISTRY_PASSWORD }}
+
+ # The path the image was pushed to is now stored in ${{ steps.push-to-registry.outputs.registry-path }}
+
+ # oc-login works on all platforms, but oc must be installed first.
+ # The GitHub Ubuntu runner already includes oc.
+ # Otherwise, https://github.com/redhat-actions/oc-installer#readme is available.
+
+ # https://github.com/redhat-actions/oc-login#readme
+ - name: Log in to OpenShift
+ uses: redhat-actions/oc-login@v1
+ with:
+ openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
+ openshift_token: ${{ env.OPENSHIFT_TOKEN }}
+ insecure_skip_tls_verify: true
+ namespace: ${{ env.OPENSHIFT_NAMESPACE }}
+
+ # This step should create a deployment, service, and route to run your app and expose it to the internet.
+ # https://github.com/redhat-actions/oc-new-app#readme
+ - name: Create and expose app
+ id: deploy-and-expose
+ uses: redhat-actions/oc-new-app@v1
+ with:
+ app_name: ${{ env.APP_NAME }}
+ image: ${{ steps.push-to-registry.outputs.registry-path }}
+ namespace: ${{ env.OPENSHIFT_NAMESPACE }}
+ port: ${{ env.APP_PORT }}
+
+ - name: View application route
+ run: |
+ [[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1)
+ echo "======================== Your application is available at: ========================"
+ echo ${{ env.ROUTE }}
+ echo "==================================================================================="
+ echo
+ echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\""
+ env:
+ ROUTE: ${{ steps.deploy-and-expose.outputs.route }}
+ SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }}
diff --git a/ci/php.yml b/ci/php.yml
new file mode 100644
index 0000000000..6acfdd17d8
--- /dev/null
+++ b/ci/php.yml
@@ -0,0 +1,36 @@
+name: PHP Composer
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Validate composer.json and composer.lock
+ run: composer validate --strict
+
+ - name: Cache Composer packages
+ id: composer-cache
+ uses: actions/cache@v2
+ with:
+ path: vendor
+ key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+ restore-keys: |
+ ${{ runner.os }}-php-
+
+ - name: Install dependencies
+ run: composer install --prefer-dist --no-progress
+
+ # Add a test script to composer.json, for instance: "test": "vendor/bin/phpunit"
+ # Docs: https://getcomposer.org/doc/articles/scripts.md
+
+ # - name: Run test suite
+ # run: composer run-script test
diff --git a/ci/properties/ada.properties.json b/ci/properties/ada.properties.json
new file mode 100644
index 0000000000..71021d003c
--- /dev/null
+++ b/ci/properties/ada.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Ada",
+ "description": "Build Ada project with GPRbuild.",
+ "iconName": "ada",
+ "categories": ["Ada"]
+}
diff --git a/ci/properties/alibabacloud.properties.json b/ci/properties/alibabacloud.properties.json
new file mode 100644
index 0000000000..bbee6dfaab
--- /dev/null
+++ b/ci/properties/alibabacloud.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Deploy to Alibaba Cloud ACK",
+ "description": "Deploy a container to Alibaba Cloud Container Service for Kubernetes (ACK).",
+ "creator": "Alibaba Cloud",
+ "iconName": "alibabacloud",
+ "categories": null
+}
diff --git a/ci/properties/android.properties.json b/ci/properties/android.properties.json
index a557fd9a7d..29d293f1a5 100644
--- a/ci/properties/android.properties.json
+++ b/ci/properties/android.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Android CI",
- "description": "Build an Android project with Gradle.",
- "iconName": "android",
- "categories": ["Java", "Mobile"]
-}
\ No newline at end of file
+{
+ "name": "Android CI",
+ "description": "Build an Android project with Gradle.",
+ "iconName": "android",
+ "categories": ["Java", "Mobile"]
+}
diff --git a/ci/properties/ant.properties.json b/ci/properties/ant.properties.json
index 4139b67260..5a4d7a99e8 100644
--- a/ci/properties/ant.properties.json
+++ b/ci/properties/ant.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Java with Ant",
- "description": "Build and test a Java project with Apache Ant.",
- "iconName": "ant",
- "categories": ["Ant", "Java"]
-}
\ No newline at end of file
+{
+ "name": "Java with Ant",
+ "description": "Build and test a Java project with Apache Ant.",
+ "iconName": "ant",
+ "categories": ["Ant", "Java"]
+}
diff --git a/ci/properties/asp.net-core.properties.json b/ci/properties/asp.net-core.properties.json
deleted file mode 100644
index 02756f1683..0000000000
--- a/ci/properties/asp.net-core.properties.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "name": "ASP.NET Core",
- "description": "Build and test an ASP.NET Core project targeting .NET Core.",
- "iconName": "dotnetcore",
- "categories": ["ASP", "ASP.NET", ".NET"]
-}
\ No newline at end of file
diff --git a/ci/properties/aws.properties.json b/ci/properties/aws.properties.json
new file mode 100644
index 0000000000..b80775f1a7
--- /dev/null
+++ b/ci/properties/aws.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Deploy to Amazon ECS",
+ "description": "Deploy a container to an Amazon ECS service powered by AWS Fargate or Amazon EC2.",
+ "creator": "Amazon Web Services",
+ "iconName": "aws",
+ "categories": null
+}
\ No newline at end of file
diff --git a/ci/properties/azure.properties.json b/ci/properties/azure.properties.json
new file mode 100644
index 0000000000..fd9d0d8630
--- /dev/null
+++ b/ci/properties/azure.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Deploy Node.js to Azure Web App",
+ "description": "Build a Node.js project and deploy it to an Azure Web App.",
+ "creator": "Microsoft Azure",
+ "iconName": "azure",
+ "categories": null
+}
\ No newline at end of file
diff --git a/ci/properties/blank.properties.json b/ci/properties/blank.properties.json
index 927085bc52..d244772cfd 100644
--- a/ci/properties/blank.properties.json
+++ b/ci/properties/blank.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Simple workflow",
- "description": "Start with a file with the minimum necessary structure.",
- "iconName": "blank",
- "categories": null
-}
\ No newline at end of file
+{
+ "name": "Simple workflow",
+ "description": "Start with a file with the minimum necessary structure.",
+ "iconName": "blank",
+ "categories": null
+}
diff --git a/ci/properties/c-cpp.properties.json b/ci/properties/c-cpp.properties.json
index 605cd8902f..5d2a2df038 100644
--- a/ci/properties/c-cpp.properties.json
+++ b/ci/properties/c-cpp.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "C/C++ with Make",
- "description": "Build and test a C/C++ project using Make.",
- "iconName": "c-cpp",
- "categories": ["C", "C++"]
-}
\ No newline at end of file
+{
+ "name": "C/C++ with Make",
+ "description": "Build and test a C/C++ project using Make.",
+ "iconName": "c-cpp",
+ "categories": ["C", "C++"]
+}
diff --git a/ci/properties/clojure.properties.json b/ci/properties/clojure.properties.json
index 9d17772667..5a9e3ed163 100644
--- a/ci/properties/clojure.properties.json
+++ b/ci/properties/clojure.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Clojure",
- "description": "Build and test a Clojure project with Leiningen.",
- "iconName": "clojure",
- "categories": ["Clojure", "Java"]
-}
\ No newline at end of file
+{
+ "name": "Clojure",
+ "description": "Build and test a Clojure project with Leiningen.",
+ "iconName": "clojure",
+ "categories": ["Clojure", "Java"]
+}
diff --git a/ci/properties/cmake.properties.json b/ci/properties/cmake.properties.json
new file mode 100644
index 0000000000..ac001c3b78
--- /dev/null
+++ b/ci/properties/cmake.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "CMake based projects",
+ "description": "Build and test a CMake based project.",
+ "iconName": "cmake",
+ "categories": ["C", "C++"]
+}
\ No newline at end of file
diff --git a/ci/properties/crystal.properties.json b/ci/properties/crystal.properties.json
index f5edf7ded3..bb058f760e 100644
--- a/ci/properties/crystal.properties.json
+++ b/ci/properties/crystal.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Crystal",
- "description": "Build and test a Crystal project.",
- "iconName": "crystal",
- "categories": ["Crystal"]
-}
\ No newline at end of file
+{
+ "name": "Crystal",
+ "description": "Build and test a Crystal project.",
+ "iconName": "crystal",
+ "categories": ["Crystal"]
+}
diff --git a/ci/properties/d.properties.json b/ci/properties/d.properties.json
new file mode 100644
index 0000000000..5c67054a57
--- /dev/null
+++ b/ci/properties/d.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "D",
+ "description": "Build and test a D project with dub.",
+ "iconName": "d",
+ "categories": [ "D" ]
+}
diff --git a/ci/properties/dart.properties.json b/ci/properties/dart.properties.json
index a0aad8c021..022a003227 100644
--- a/ci/properties/dart.properties.json
+++ b/ci/properties/dart.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Dart",
- "description": "Build and test a Dart project with Pub.",
- "iconName": "dart",
- "categories": ["Dart"]
-}
\ No newline at end of file
+{
+ "name": "Dart",
+ "description": "Build and test a Dart project with Pub.",
+ "iconName": "dart",
+ "categories": ["Dart"]
+}
diff --git a/ci/properties/deno.properties.json b/ci/properties/deno.properties.json
new file mode 100644
index 0000000000..8a2c76276c
--- /dev/null
+++ b/ci/properties/deno.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Deno",
+ "description": "Test your Deno project",
+ "iconName": "deno",
+ "categories": ["JavaScript", "TypeScript", "Deno"]
+}
diff --git a/ci/properties/django.properties.json b/ci/properties/django.properties.json
new file mode 100644
index 0000000000..30154416e2
--- /dev/null
+++ b/ci/properties/django.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Django",
+ "description": "Build and Test a Django Project",
+ "iconName": "django",
+ "categories": ["Python", "Django"]
+}
diff --git a/ci/properties/docker-image.properties.json b/ci/properties/docker-image.properties.json
index 2db2368a72..8ad7552468 100644
--- a/ci/properties/docker-image.properties.json
+++ b/ci/properties/docker-image.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Docker image",
- "description": "Build a Docker image to deploy, run, or push to a registry.",
- "iconName": "docker",
- "categories": ["Dockerfile"]
-}
\ No newline at end of file
+{
+ "name": "Docker image",
+ "description": "Build a Docker image to deploy, run, or push to a registry.",
+ "iconName": "docker",
+ "categories": ["Dockerfile"]
+}
diff --git a/ci/properties/docker-publish.properties.json b/ci/properties/docker-publish.properties.json
new file mode 100644
index 0000000000..1b36c0f0e9
--- /dev/null
+++ b/ci/properties/docker-publish.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Publish Docker Container",
+ "description": "Build, test and push Docker image to GitHub Packages.",
+ "iconName": "docker",
+ "categories": ["Dockerfile"]
+}
diff --git a/ci/properties/dotnet-desktop.properties.json b/ci/properties/dotnet-desktop.properties.json
new file mode 100644
index 0000000000..f6e1cb8428
--- /dev/null
+++ b/ci/properties/dotnet-desktop.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": ".NET Desktop",
+ "description": "Build, test, sign and publish a desktop application built on .NET.",
+ "iconName": "dotnet",
+ "categories": ["C#", "Visual Basic", "WPF", ".NET"]
+}
\ No newline at end of file
diff --git a/ci/properties/dotnet.properties.json b/ci/properties/dotnet.properties.json
new file mode 100644
index 0000000000..b3feafb9cf
--- /dev/null
+++ b/ci/properties/dotnet.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": ".NET",
+ "description": "Build and test a .NET or ASP.NET Core project.",
+ "iconName": "dotnet",
+ "categories": ["C#", "F#", "Visual Basic", "ASP", "ASP.NET", ".NET"]
+}
diff --git a/ci/properties/elixir.properties.json b/ci/properties/elixir.properties.json
index 4b082d71e9..572992df13 100644
--- a/ci/properties/elixir.properties.json
+++ b/ci/properties/elixir.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Elixir",
- "description": "Build and test an Elixir project with Mix.",
- "iconName": "elixir",
- "categories": ["Elixir", "Erlang"]
-}
\ No newline at end of file
+{
+ "name": "Elixir",
+ "description": "Build and test an Elixir project with Mix.",
+ "iconName": "elixir",
+ "categories": ["Elixir", "Erlang"]
+}
diff --git a/ci/properties/erlang.properties.json b/ci/properties/erlang.properties.json
index c728ac241b..d712b0564c 100644
--- a/ci/properties/erlang.properties.json
+++ b/ci/properties/erlang.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Erlang",
- "description": "Build and test an Erlang project with rebar.",
- "iconName": "erlang",
- "categories": ["Erlang"]
-}
\ No newline at end of file
+{
+ "name": "Erlang",
+ "description": "Build and test an Erlang project with rebar.",
+ "iconName": "erlang",
+ "categories": ["Erlang"]
+}
diff --git a/ci/properties/go.properties.json b/ci/properties/go.properties.json
index 3391245158..b96c0a1159 100644
--- a/ci/properties/go.properties.json
+++ b/ci/properties/go.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Go",
- "description": "Build a Go project.",
- "iconName": "go",
- "categories": ["Go"]
-}
\ No newline at end of file
+{
+ "name": "Go",
+ "description": "Build a Go project.",
+ "iconName": "go",
+ "categories": ["Go"]
+}
diff --git a/ci/properties/google.properties.json b/ci/properties/google.properties.json
new file mode 100644
index 0000000000..e2d917d3fa
--- /dev/null
+++ b/ci/properties/google.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Build and Deploy to GKE",
+ "description": "Build a docker container, publish it to Google Container Registry, and deploy to GKE.",
+ "creator": "Google Cloud",
+ "iconName": "googlegke",
+ "categories": null
+}
\ No newline at end of file
diff --git a/ci/properties/gradle-publish.properties.json b/ci/properties/gradle-publish.properties.json
new file mode 100644
index 0000000000..90b7295585
--- /dev/null
+++ b/ci/properties/gradle-publish.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Publish Java Package with Gradle",
+ "description": "Build a Java Package using Gradle and publish to GitHub Packages.",
+ "iconName": "gradle",
+ "categories": ["Java", "Gradle"]
+}
\ No newline at end of file
diff --git a/ci/properties/gradle.properties.json b/ci/properties/gradle.properties.json
index c58d68ab03..bfe1a6f045 100644
--- a/ci/properties/gradle.properties.json
+++ b/ci/properties/gradle.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Gradle",
- "description": "Build and test a Java project using a Gradle wrapper script.",
- "iconName": "gradle",
- "categories": ["Java", "Gradle"]
-}
\ No newline at end of file
+{
+ "name": "Java with Gradle",
+ "description": "Build and test a Java project using a Gradle wrapper script.",
+ "iconName": "gradle",
+ "categories": ["Java", "Gradle"]
+}
diff --git a/ci/properties/haskell.properties.json b/ci/properties/haskell.properties.json
index ae71a60dfc..2dedbf2e86 100644
--- a/ci/properties/haskell.properties.json
+++ b/ci/properties/haskell.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Haskell",
- "description": "Build and test a Haskell project with Cabal.",
- "iconName": "haskell",
- "categories": ["Haskell"]
-}
\ No newline at end of file
+{
+ "name": "Haskell",
+ "description": "Build and test a Haskell project with Cabal.",
+ "iconName": "haskell",
+ "categories": ["Haskell"]
+}
diff --git a/ci/properties/ibm.properties.json b/ci/properties/ibm.properties.json
new file mode 100644
index 0000000000..cfd03835e4
--- /dev/null
+++ b/ci/properties/ibm.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Deploy to IBM Cloud Kubernetes Service",
+ "description": "Build a docker container, publish it to IBM Cloud Container Registry, and deploy to IBM Cloud Kubernetes Service.",
+ "creator": "IBM",
+ "iconName": "ibm",
+ "categories": null
+}
\ No newline at end of file
diff --git a/ci/properties/ios.properties.json b/ci/properties/ios.properties.json
new file mode 100644
index 0000000000..0b3a9edd6d
--- /dev/null
+++ b/ci/properties/ios.properties.json
@@ -0,0 +1,9 @@
+{
+ "name": "iOS",
+ "description": "Build and test an iOS application using xcodebuild and any available iPhone simulator.",
+ "iconName": "xcode",
+ "categories": [
+ "iOS",
+ "Xcode"
+ ]
+}
diff --git a/ci/properties/jekyll.properties.json b/ci/properties/jekyll.properties.json
index c97835a4b7..38cc6cd23d 100644
--- a/ci/properties/jekyll.properties.json
+++ b/ci/properties/jekyll.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Jekyll",
- "description": "Package a Jekyll site using the jekyll/builder Docker image.",
- "iconName": "jekyll",
- "categories": ["HTML"]
-}
\ No newline at end of file
+{
+ "name": "Jekyll",
+ "description": "Package a Jekyll site using the jekyll/builder Docker image.",
+ "iconName": "jekyll",
+ "categories": ["HTML"]
+}
diff --git a/ci/properties/laravel.properties.json b/ci/properties/laravel.properties.json
new file mode 100644
index 0000000000..f10a4623af
--- /dev/null
+++ b/ci/properties/laravel.properties.json
@@ -0,0 +1,9 @@
+{
+ "name": "Laravel",
+ "description": "Test a Laravel project.",
+ "iconName": "php",
+ "categories": [
+ "PHP",
+ "Laravel"
+ ]
+}
\ No newline at end of file
diff --git a/ci/properties/maven-publish.properties.json b/ci/properties/maven-publish.properties.json
new file mode 100644
index 0000000000..2f59f41478
--- /dev/null
+++ b/ci/properties/maven-publish.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Publish Java Package with Maven",
+ "description": "Build a Java Package using Maven and publish to GitHub Packages.",
+ "iconName": "maven",
+ "categories": ["Java", "Maven"]
+}
\ No newline at end of file
diff --git a/ci/properties/maven.properties.json b/ci/properties/maven.properties.json
index 1875bdcdc7..e322d04152 100644
--- a/ci/properties/maven.properties.json
+++ b/ci/properties/maven.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Maven",
- "description": "Build and test a Java project with Apache Maven.",
- "iconName": "maven",
- "categories": ["Java", "Maven"]
-}
\ No newline at end of file
+{
+ "name": "Java with Maven",
+ "description": "Build and test a Java project with Apache Maven.",
+ "iconName": "maven",
+ "categories": ["Java", "Maven"]
+}
diff --git a/ci/properties/msbuild.properties.json b/ci/properties/msbuild.properties.json
new file mode 100644
index 0000000000..b90cad8c97
--- /dev/null
+++ b/ci/properties/msbuild.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "MSBuild based projects",
+ "description": "Build a MSBuild based project.",
+ "iconName": "c-cpp",
+ "categories": ["C", "C++"]
+}
\ No newline at end of file
diff --git a/ci/properties/node.js.properties.json b/ci/properties/node.js.properties.json
index 99a79bcb84..6ab4c53072 100644
--- a/ci/properties/node.js.properties.json
+++ b/ci/properties/node.js.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Node.js",
- "description": "Build and test a Node.js project with npm.",
- "iconName": "nodejs",
- "categories": ["JavaScript", "Node", "Npm"]
-}
\ No newline at end of file
+{
+ "name": "Node.js",
+ "description": "Build and test a Node.js project with npm.",
+ "iconName": "nodejs",
+ "categories": ["JavaScript", "Node", "Npm"]
+}
diff --git a/ci/properties/npm-publish.properties.json b/ci/properties/npm-publish.properties.json
index 989c262c97..d253373b18 100644
--- a/ci/properties/npm-publish.properties.json
+++ b/ci/properties/npm-publish.properties.json
@@ -1,6 +1,6 @@
{
- "name": "Node.js Package",
- "description": "Publishes a Node.js package to npm and GitHub Package Registry.",
+ "name": "Publish Node.js Package",
+ "description": "Publishes a Node.js package to npm and GitHub Packages.",
"iconName": "node-package-transparent",
"categories": ["JavaScript", "SDLC"]
}
diff --git a/ci/properties/openshift.properties.json b/ci/properties/openshift.properties.json
new file mode 100644
index 0000000000..53538c716e
--- /dev/null
+++ b/ci/properties/openshift.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "OpenShift",
+ "description": "Build a Docker-based project and deploy it to OpenShift.",
+ "creator": "Red Hat",
+ "iconName": "openshift",
+ "categories": [ "Dockerfile" ]
+}
diff --git a/ci/properties/php.properties.json b/ci/properties/php.properties.json
new file mode 100644
index 0000000000..641e536f28
--- /dev/null
+++ b/ci/properties/php.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "PHP",
+ "description": "Build and test a PHP application using Composer",
+ "iconName": "php",
+ "categories": ["PHP", "Composer"]
+}
\ No newline at end of file
diff --git a/ci/properties/pylint.properties.json b/ci/properties/pylint.properties.json
new file mode 100644
index 0000000000..c7d136342e
--- /dev/null
+++ b/ci/properties/pylint.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Pylint",
+ "description": "Lint a Python application with pylint.",
+ "iconName": "python",
+ "categories": ["Python"]
+}
diff --git a/ci/properties/python-app.properties.json b/ci/properties/python-app.properties.json
index cdf0330d0f..34e4a5780a 100644
--- a/ci/properties/python-app.properties.json
+++ b/ci/properties/python-app.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Python application",
- "description": "Create and test a Python application.",
- "iconName": "python",
- "categories": ["Python"]
-}
\ No newline at end of file
+{
+ "name": "Python application",
+ "description": "Create and test a Python application.",
+ "iconName": "python",
+ "categories": ["Python"]
+}
diff --git a/ci/properties/python-package-conda.properties.json b/ci/properties/python-package-conda.properties.json
new file mode 100644
index 0000000000..1f6436db47
--- /dev/null
+++ b/ci/properties/python-package-conda.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Python Package using Anaconda",
+ "description": "Create and test a Python package on multiple Python versions using Anaconda for package management.",
+ "iconName": "python",
+ "categories": ["Python"]
+}
diff --git a/ci/properties/python-package.properties.json b/ci/properties/python-package.properties.json
index 4b3a8da1fb..4e09d40d5f 100644
--- a/ci/properties/python-package.properties.json
+++ b/ci/properties/python-package.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Python package",
- "description": "Create and test a Python package on multiple Python versions.",
- "iconName": "python",
- "categories": ["Python"]
-}
\ No newline at end of file
+{
+ "name": "Python package",
+ "description": "Create and test a Python package on multiple Python versions.",
+ "iconName": "python",
+ "categories": ["Python"]
+}
diff --git a/ci/properties/r.properties.json b/ci/properties/r.properties.json
new file mode 100644
index 0000000000..84ba0ec9c5
--- /dev/null
+++ b/ci/properties/r.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "R package",
+ "description": "Create and test an R package on multiple R versions.",
+ "iconName": "r",
+ "categories": ["R"]
+}
diff --git a/ci/properties/ruby.properties.json b/ci/properties/ruby.properties.json
index df74931265..904f12fd4a 100644
--- a/ci/properties/ruby.properties.json
+++ b/ci/properties/ruby.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Ruby",
- "description": "Build and test a Ruby project with Rake.",
- "iconName": "ruby",
- "categories": ["Ruby"]
-}
\ No newline at end of file
+{
+ "name": "Ruby",
+ "description": "Build and test a Ruby project with Rake.",
+ "iconName": "ruby",
+ "categories": ["Ruby"]
+}
diff --git a/ci/properties/rust.properties.json b/ci/properties/rust.properties.json
index 6f4f967366..3a6dc02ae1 100644
--- a/ci/properties/rust.properties.json
+++ b/ci/properties/rust.properties.json
@@ -1,6 +1,6 @@
-{
- "name": "Rust",
- "description": "Build and test a Rust project with Cargo.",
- "iconName": "rust",
- "categories": ["Rust"]
+{
+ "name": "Rust",
+ "description": "Build and test a Rust project with Cargo.",
+ "iconName": "rust",
+ "categories": ["Rust"]
}
\ No newline at end of file
diff --git a/ci/properties/scala.properties.json b/ci/properties/scala.properties.json
new file mode 100644
index 0000000000..a92fc7309a
--- /dev/null
+++ b/ci/properties/scala.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Scala",
+ "description": "Build and test a Scala project with SBT.",
+ "iconName": "scala",
+ "categories": ["Scala", "Java"]
+}
diff --git a/ci/properties/swift.properties.json b/ci/properties/swift.properties.json
new file mode 100644
index 0000000000..9efd64515d
--- /dev/null
+++ b/ci/properties/swift.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Swift",
+ "description": "Build and test a Swift Package.",
+ "iconName": "swift",
+ "categories": ["Swift"]
+}
diff --git a/ci/properties/tencent.properties.json b/ci/properties/tencent.properties.json
new file mode 100644
index 0000000000..ba579a19e2
--- /dev/null
+++ b/ci/properties/tencent.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Tencent Kubernetes Engine",
+ "description": "This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE).",
+ "creator": "Tencent Cloud",
+ "iconName": "tencentcloud",
+ "categories": null
+}
\ No newline at end of file
diff --git a/ci/properties/terraform.properties.json b/ci/properties/terraform.properties.json
new file mode 100644
index 0000000000..bfeabdf3e9
--- /dev/null
+++ b/ci/properties/terraform.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Terraform",
+ "description": "Set up Terraform CLI in your GitHub Actions workflow.",
+ "creator": "HashiCorp",
+ "iconName": "terraform",
+ "categories": null
+}
diff --git a/ci/pylint.yml b/ci/pylint.yml
new file mode 100644
index 0000000000..c16ba223d6
--- /dev/null
+++ b/ci/pylint.yml
@@ -0,0 +1,22 @@
+name: Pylint
+
+on: [push]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up Python 3.8
+ uses: actions/setup-python@v1
+ with:
+ python-version: 3.8
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install pylint
+ - name: Analysing the code with pylint
+ run: |
+ pylint `ls -R|grep .py$|xargs`
diff --git a/ci/python-app.yml b/ci/python-app.yml
index 81d1ef640f..f6ad69af7b 100644
--- a/ci/python-app.yml
+++ b/ci/python-app.yml
@@ -1,30 +1,36 @@
-name: Python application
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Set up Python 3.7
- uses: actions/setup-python@v1
- with:
- python-version: 3.7
- - name: Install dependencies
- run: |
- python -m pip install --upgrade pip
- pip install -r requirements.txt
- - name: Lint with flake8
- run: |
- pip install flake8
- # stop the build if there are Python syntax errors or undefined names
- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
- # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- - name: Test with pytest
- run: |
- pip install pytest
- pytest
+# This workflow will install Python dependencies, run tests and lint with a single version of Python
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: Python application
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up Python 3.9
+ uses: actions/setup-python@v2
+ with:
+ python-version: 3.9
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install flake8 pytest
+ if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+ - name: Lint with flake8
+ run: |
+ # stop the build if there are Python syntax errors or undefined names
+ flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+ # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+ flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+ - name: Test with pytest
+ run: |
+ pytest
diff --git a/ci/python-package-conda.yml b/ci/python-package-conda.yml
new file mode 100644
index 0000000000..7bae7e2475
--- /dev/null
+++ b/ci/python-package-conda.yml
@@ -0,0 +1,34 @@
+name: Python Package using Conda
+
+on: [push]
+
+jobs:
+ build-linux:
+ runs-on: ubuntu-latest
+ strategy:
+ max-parallel: 5
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up Python 3.8
+ uses: actions/setup-python@v2
+ with:
+ python-version: 3.8
+ - name: Add conda to system path
+ run: |
+ # $CONDA is an environment variable pointing to the root of the miniconda directory
+ echo $CONDA/bin >> $GITHUB_PATH
+ - name: Install dependencies
+ run: |
+ conda env update --file environment.yml --name base
+ - name: Lint with flake8
+ run: |
+ conda install flake8
+ # stop the build if there are Python syntax errors or undefined names
+ flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+ # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+ flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+ - name: Test with pytest
+ run: |
+ conda install pytest
+ pytest
diff --git a/ci/python-package.yml b/ci/python-package.yml
index 24f36a85b9..b079b1c7a1 100644
--- a/ci/python-package.yml
+++ b/ci/python-package.yml
@@ -1,34 +1,40 @@
-name: Python package
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
- strategy:
- max-parallel: 4
- matrix:
- python-version: [2.7, 3.5, 3.6, 3.7]
-
- steps:
- - uses: actions/checkout@v1
- - name: Set up Python ${{ matrix.python-version }}
- uses: actions/setup-python@v1
- with:
- python-version: ${{ matrix.python-version }}
- - name: Install dependencies
- run: |
- python -m pip install --upgrade pip
- pip install -r requirements.txt
- - name: Lint with flake8
- run: |
- pip install flake8
- # stop the build if there are Python syntax errors or undefined names
- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
- # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- - name: Test with pytest
- run: |
- pip install pytest
- pytest
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: Python package
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ python-version: [3.7, 3.8, 3.9]
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up Python ${{ matrix.python-version }}
+ uses: actions/setup-python@v2
+ with:
+ python-version: ${{ matrix.python-version }}
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ python -m pip install flake8 pytest
+ if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+ - name: Lint with flake8
+ run: |
+ # stop the build if there are Python syntax errors or undefined names
+ flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+ # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+ flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+ - name: Test with pytest
+ run: |
+ pytest
diff --git a/ci/python-publish.yml b/ci/python-publish.yml
index 21f2f01de1..1a03a7b6c4 100644
--- a/ci/python-publish.yml
+++ b/ci/python-publish.yml
@@ -1,3 +1,6 @@
+# This workflow will upload a Python Package using Twine when a release is created
+# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
+
name: Upload Python Package
on:
@@ -6,11 +9,13 @@ on:
jobs:
deploy:
+
runs-on: ubuntu-latest
+
steps:
- - uses: actions/checkout@v1
+ - uses: actions/checkout@v2
- name: Set up Python
- uses: actions/setup-python@v1
+ uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install dependencies
diff --git a/ci/r.yml b/ci/r.yml
new file mode 100644
index 0000000000..efc65874da
--- /dev/null
+++ b/ci/r.yml
@@ -0,0 +1,37 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+#
+# See https://github.com/r-lib/actions/tree/master/examples#readme for
+# additional example workflows available for the R community.
+
+name: R
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+ runs-on: macOS-latest
+ strategy:
+ matrix:
+ r-version: [3.5, 3.6]
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up R ${{ matrix.r-version }}
+ uses: r-lib/actions/setup-r@ffe45a39586f073cc2e9af79c4ba563b657dc6e3
+ with:
+ r-version: ${{ matrix.r-version }}
+ - name: Install dependencies
+ run: |
+ install.packages(c("remotes", "rcmdcheck"))
+ remotes::install_deps(dependencies = TRUE)
+ shell: Rscript {0}
+ - name: Check
+ run: rcmdcheck::rcmdcheck(args = "--no-manual", error_on = "error")
+ shell: Rscript {0}
diff --git a/ci/ruby.yml b/ci/ruby.yml
index 7258d723c9..f6ae1e3573 100644
--- a/ci/ruby.yml
+++ b/ci/ruby.yml
@@ -1,20 +1,35 @@
-name: Ruby
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Set up Ruby 2.6
- uses: actions/setup-ruby@v1
- with:
- ruby-version: 2.6.x
- - name: Build and test with Rake
- run: |
- gem install bundler
- bundle install --jobs 4 --retry 3
- bundle exec rake
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ test:
+
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ ruby-version: ['2.6', '2.7', '3.0']
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up Ruby
+ # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+ # change this to (see https://github.com/ruby/setup-ruby#versioning):
+ # uses: ruby/setup-ruby@v1
+ uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
+ with:
+ ruby-version: ${{ matrix.ruby-version }}
+ bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+ - name: Run tests
+ run: bundle exec rake
diff --git a/ci/rust.yml b/ci/rust.yml
index 9ca641ba19..6c82c610fe 100644
--- a/ci/rust.yml
+++ b/ci/rust.yml
@@ -1,15 +1,22 @@
-name: Rust
-
-on: [push]
-
-jobs:
- build:
-
- runs-on: ubuntu-latest
-
- steps:
- - uses: actions/checkout@v1
- - name: Build
- run: cargo build --verbose
- - name: Run tests
- run: cargo test --verbose
+name: Rust
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+env:
+ CARGO_TERM_COLOR: always
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Build
+ run: cargo build --verbose
+ - name: Run tests
+ run: cargo test --verbose
diff --git a/ci/scala.yml b/ci/scala.yml
new file mode 100644
index 0000000000..4a3c112725
--- /dev/null
+++ b/ci/scala.yml
@@ -0,0 +1,22 @@
+name: Scala CI
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Set up JDK 11
+ uses: actions/setup-java@v2
+ with:
+ java-version: '11'
+ distribution: 'adopt'
+ - name: Run tests
+ run: sbt test
diff --git a/ci/swift.yml b/ci/swift.yml
new file mode 100644
index 0000000000..df062b53e5
--- /dev/null
+++ b/ci/swift.yml
@@ -0,0 +1,19 @@
+name: Swift
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+
+ runs-on: macos-latest
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Build
+ run: swift build -v
+ - name: Run tests
+ run: swift test -v
diff --git a/ci/tencent.yml b/ci/tencent.yml
new file mode 100644
index 0000000000..1a059a6d09
--- /dev/null
+++ b/ci/tencent.yml
@@ -0,0 +1,76 @@
+# This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE).
+#
+# To configure this workflow:
+#
+# 1. Ensure that your repository contains the necessary configuration for your Tencent Kubernetes Engine cluster,
+# including deployment.yml, kustomization.yml, service.yml, etc.
+#
+# 2. Set up secrets in your workspace:
+# - TENCENT_CLOUD_SECRET_ID with Tencent Cloud secret id
+# - TENCENT_CLOUD_SECRET_KEY with Tencent Cloud secret key
+# - TENCENT_CLOUD_ACCOUNT_ID with Tencent Cloud account id
+# - TKE_REGISTRY_PASSWORD with TKE registry password
+#
+# 3. Change the values for the TKE_IMAGE_URL, TKE_REGION, TKE_CLUSTER_ID and DEPLOYMENT_NAME environment variables (below).
+
+name: Tencent Kubernetes Engine
+
+on:
+ release:
+ types: [created]
+
+# Environment variables available to all jobs and steps in this workflow
+env:
+ TKE_IMAGE_URL: ccr.ccs.tencentyun.com/demo/mywebapp
+ TKE_REGION: ap-guangzhou
+ TKE_CLUSTER_ID: cls-mywebapp
+ DEPLOYMENT_NAME: tke-test
+
+jobs:
+ setup-build-publish-deploy:
+ name: Setup, Build, Publish, and Deploy
+ runs-on: ubuntu-latest
+ environment: production
+ steps:
+
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ # Build
+ - name: Build Docker image
+ run: |
+ docker build -t ${TKE_IMAGE_URL}:${GITHUB_SHA} .
+
+ - name: Login TKE Registry
+ run: |
+ docker login -u ${{ secrets.TENCENT_CLOUD_ACCOUNT_ID }} -p ${{ secrets.TKE_REGISTRY_PASSWORD }} ${TKE_IMAGE_URL}
+
+ # Push the Docker image to TKE Registry
+ - name: Publish
+ run: |
+ docker push ${TKE_IMAGE_URL}:${GITHUB_SHA}
+
+ - name: Set up Kustomize
+ run: |
+ curl -o kustomize --location https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
+ chmod u+x ./kustomize
+
+ - name: Set up ~/.kube/config for connecting TKE cluster
+ uses: TencentCloud/tke-cluster-credential-action@v1
+ with:
+ secret_id: ${{ secrets.TENCENT_CLOUD_SECRET_ID }}
+ secret_key: ${{ secrets.TENCENT_CLOUD_SECRET_KEY }}
+ tke_region: ${{ env.TKE_REGION }}
+ cluster_id: ${{ env.TKE_CLUSTER_ID }}
+
+ - name: Switch to TKE context
+ run: |
+ kubectl config use-context ${TKE_CLUSTER_ID}-context-default
+
+ # Deploy the Docker image to the TKE cluster
+ - name: Deploy
+ run: |
+ ./kustomize edit set image ${TKE_IMAGE_URL}:${GITHUB_SHA}
+ ./kustomize build . | kubectl apply -f -
+ kubectl rollout status deployment/${DEPLOYMENT_NAME}
+ kubectl get services -o wide
\ No newline at end of file
diff --git a/ci/terraform.yml b/ci/terraform.yml
new file mode 100644
index 0000000000..589f1f30fc
--- /dev/null
+++ b/ci/terraform.yml
@@ -0,0 +1,91 @@
+# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file
+# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run
+# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events
+# to the $default-branch branch, `terraform apply` will be executed.
+#
+# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform
+#
+# To use this workflow, you will need to complete the following setup steps.
+#
+# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined.
+# Example `main.tf`:
+# # The configuration for the `remote` backend.
+# terraform {
+# backend "remote" {
+# # The name of your Terraform Cloud organization.
+# organization = "example-organization"
+#
+# # The name of the Terraform Cloud workspace to store Terraform state files in.
+# workspaces {
+# name = "example-workspace"
+# }
+# }
+# }
+#
+# # An example resource that does nothing.
+# resource "null_resource" "example" {
+# triggers = {
+# value = "A example resource that does nothing!"
+# }
+# }
+#
+#
+# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository.
+# Documentation:
+# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
+# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
+#
+# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action.
+# Example:
+# - name: Setup Terraform
+# uses: hashicorp/setup-terraform@v1
+# with:
+# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+name: 'Terraform'
+
+on:
+ push:
+ branches:
+ - $default-branch
+ pull_request:
+
+jobs:
+ terraform:
+ name: 'Terraform'
+ runs-on: ubuntu-latest
+ environment: production
+
+ # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+ defaults:
+ run:
+ shell: bash
+
+ steps:
+ # Checkout the repository to the GitHub Actions runner
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v1
+ with:
+ cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+ # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+ - name: Terraform Init
+ run: terraform init
+
+ # Checks that all Terraform configuration files adhere to a canonical format
+ - name: Terraform Format
+ run: terraform fmt -check
+
+ # Generates an execution plan for Terraform
+ - name: Terraform Plan
+ run: terraform plan
+
+ # On push to $default-branch, build or change infrastructure according to Terraform configuration files
+ # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
+ - name: Terraform Apply
+ if: github.ref == 'refs/heads/$default-branch' && github.event_name == 'push'
+ run: terraform apply -auto-approve
diff --git a/code-scanning/README.md b/code-scanning/README.md
new file mode 100644
index 0000000000..076d57c649
--- /dev/null
+++ b/code-scanning/README.md
@@ -0,0 +1,3 @@
+# Code Scanning Workflows
+
+GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. Before you can configure code scanning for a repository, you must enable code scanning by adding a GitHub Actions workflow to the repository. For more information, see [Setting up code scanning for a repository](https://docs.github.com/en/code-security/secure-coding/setting-up-code-scanning-for-a-repository).
diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml
new file mode 100644
index 0000000000..b32675e536
--- /dev/null
+++ b/code-scanning/codeql.yml
@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: [ $detected-codeql-languages ]
+ # CodeQL supports [ $supported-codeql-languages ]
+ # Learn more:
+ # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v2
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v1
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+ # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v1
+
+ # ℹ️ Command-line programs to run using the OS shell.
+ # 📚 https://git.io/JvXDl
+
+ # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+ # and modify them (or add more) to build your code if your project
+ # uses a compiled language
+
+ #- run: |
+ # make bootstrap
+ # make release
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v1
diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml
new file mode 100644
index 0000000000..1cad70cba8
--- /dev/null
+++ b/code-scanning/kubesec.yml
@@ -0,0 +1,41 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Kubesec
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+jobs:
+ lint:
+ name: Kubesec
+ runs-on: ubuntu-20.04
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v2
+
+ - name: Run kubesec scanner
+ uses: controlplaneio/kubesec-action@43d0ddff5ffee89a6bb9f29b64cd865411137b14
+ with:
+ input: file.yaml # specify configuration file to scan here
+ format: template
+ template: template/sarif.tpl
+ output: kubesec-results.sarif
+ exit-code: "0"
+
+ - name: Upload Kubesec scan results to GitHub Security tab
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ sarif_file: kubesec-results.sarif
\ No newline at end of file
diff --git a/code-scanning/mayhem-for-api.yml b/code-scanning/mayhem-for-api.yml
new file mode 100644
index 0000000000..0aab0b4601
--- /dev/null
+++ b/code-scanning/mayhem-for-api.yml
@@ -0,0 +1,66 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+#
+# This workflow starts your API and fuzzes it with ForAllSecure Mayhem for API
+# to find reliability, performance and security issues before they reach
+# production.
+#
+# To use this workflow, you will need to:
+#
+# 1. Create a Mayhem for API account at
+# https://mayhem4api.forallsecure.com/signup (30-day free trial)
+#
+# 2. Create a service account token `mapi organization service-account create
+# `
+#
+# 3. Add the service account token as a secret in GitHub called "MAPI_TOKEN"
+#
+# 4. Update the "Start your API" step to run your API in the background before
+# starting the Mayhem for API scan, and update the `api-url` & `api-spec`
+# field.
+#
+# If you have any questions, please contact us at mayhem4api@forallsecure.com
+
+name: "Mayhem for API"
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ $default-branch ]
+
+jobs:
+ mayhem-for-api:
+ name: Mayhem for API
+ # Mayhem for API runs on linux, mac and windows
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+ steps:
+ - uses: actions/checkout@v2
+
+ # Run your API in the background. Ideally, the API would run in debug
+ # mode & send stacktraces back on "500 Internal Server Error" responses
+ # (don't do this in production though!)
+ - name: Start your API
+ run: ./run_your_api.sh & # <- ✏️ update this
+
+ - name: Mayhem for API
+ uses: ForAllSecure/mapi-action@193b709971cc377675e33284aecbf9229853e010
+ continue-on-error: true
+ with:
+ mapi-token: ${{ secrets.MAPI_TOKEN }}
+ api-url: http://localhost:8080 # <- ✏️ update this
+ api-spec: http://localhost:8080/openapi.json # <- ✏️ update this
+ duration: 60
+ sarif-report: mapi.sarif
+
+ - name: Upload SARIF file
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ sarif_file: mapi.sarif
diff --git a/code-scanning/powershell.yml b/code-scanning/powershell.yml
new file mode 100644
index 0000000000..dfbf452e2b
--- /dev/null
+++ b/code-scanning/powershell.yml
@@ -0,0 +1,42 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+#
+# https://github.com/microsoft/action-psscriptanalyzer
+# For more information on PSScriptAnalyzer in general, see
+# https://github.com/PowerShell/PSScriptAnalyzer
+
+name: PSScriptAnalyzer
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+jobs:
+ build:
+ name: PSScriptAnalyzer
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Run PSScriptAnalyzer
+ uses: microsoft/psscriptanalyzer-action@2044ae068e37d0161fa2127de04c19633882f061
+ with:
+ # Check https://github.com/microsoft/action-psscriptanalyzer for more info about the options.
+ # The below set up runs PSScriptAnalyzer to your entire repository and runs some basic security rules.
+ path: .\
+ recurse: true
+ # Include your own basic security rules. Removing this option will run all the rules
+ includeRule: '"PSAvoidGlobalAliases", "PSAvoidUsingConvertToSecureStringWithPlainText"'
+ output: results.sarif
+
+ # Upload the SARIF file generated in the previous step
+ - name: Upload SARIF results file
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ sarif_file: results.sarif
diff --git a/code-scanning/properties/codeql.properties.json b/code-scanning/properties/codeql.properties.json
new file mode 100644
index 0000000000..cb9305a9a1
--- /dev/null
+++ b/code-scanning/properties/codeql.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "CodeQL Analysis",
+ "creator": "GitHub",
+ "description": "Security analysis from GitHub for C, C++, C#, Java, JavaScript, TypeScript, Python, and Go developers.",
+ "iconName": "octicon mark-github",
+ "categories": ["Code Scanning", "C", "C#", "C++", "Go", "Java", "JavaScript", "TypeScript", "Python"]
+}
diff --git a/code-scanning/properties/kubesec.properties.json b/code-scanning/properties/kubesec.properties.json
new file mode 100644
index 0000000000..66d5619f47
--- /dev/null
+++ b/code-scanning/properties/kubesec.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Kubesec",
+ "creator": "Controlplane",
+ "description": "Security risk analysis for Kubernetes resources. Submit pod-types (such as deployment, cronjob) to receive an itemised security risk score.",
+ "iconName": "kubesec",
+ "categories": ["Code Scanning"]
+}
diff --git a/code-scanning/properties/mayhem-for-api.properties.json b/code-scanning/properties/mayhem-for-api.properties.json
new file mode 100644
index 0000000000..b700dae74a
--- /dev/null
+++ b/code-scanning/properties/mayhem-for-api.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Mayhem for API",
+ "creator": "ForAllSecure",
+ "description": "Automatically test your REST APIs with your OpenAPI specs and Postman collections.",
+ "iconName": "mayhem-for-api",
+ "categories": ["Code Scanning", "C#", "Go", "Java", "Scala", "JavaScript", "TypeScript", "Ruby", "PHP", "Swift", "Kotlin" , "Python", "Rust", "Objective C"]
+}
diff --git a/code-scanning/properties/powershell.properties.json b/code-scanning/properties/powershell.properties.json
new file mode 100644
index 0000000000..95420ae194
--- /dev/null
+++ b/code-scanning/properties/powershell.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "PSScriptAnalyzer",
+ "creator": "Microsoft Corporation",
+ "description": "A static code checker for PowerShell modules and scripts. PSScriptAnalyzer checks the quality of PowerShell code by running a set of rules.",
+ "iconName": "powershell",
+ "categories": ["Code Scanning", "PowerShell"]
+}
\ No newline at end of file
diff --git a/code-scanning/properties/synopsys-io.properties.json b/code-scanning/properties/synopsys-io.properties.json
new file mode 100644
index 0000000000..ea7fae7571
--- /dev/null
+++ b/code-scanning/properties/synopsys-io.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "Synopsys Intelligent Security Scan Action",
+ "creator": "Synopsys",
+ "description": "The Synopsys Intelligent Security Scan Action helps selectively perform SAST and SCA scans, triggered during a variety of GitHub Platform events",
+ "iconName": "synopsys-io",
+ "categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "Ruby", "PHP", "Swift", "Kotlin" , "Python", "VB.NET", "Objective C"]
+}
diff --git a/code-scanning/properties/tfsec.properties.json b/code-scanning/properties/tfsec.properties.json
new file mode 100644
index 0000000000..6796d7929d
--- /dev/null
+++ b/code-scanning/properties/tfsec.properties.json
@@ -0,0 +1,7 @@
+{
+ "name": "tfsec",
+ "creator": "tfsec",
+ "description": "A static analysis security scanner for your Terraform code. Discover problems with your infrastructure before hackers do.",
+ "iconName": "tfsec",
+ "categories": ["Code Scanning", "HCL"]
+}
diff --git a/code-scanning/synopsys-io.yml b/code-scanning/synopsys-io.yml
new file mode 100644
index 0000000000..0c1ff16a3a
--- /dev/null
+++ b/code-scanning/synopsys-io.yml
@@ -0,0 +1,77 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Synopsys Intelligent Security Scan
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v2
+
+ - name: Synopsys Intelligent Security Scan
+ id: prescription
+ uses: synopsys-sig/intelligent-security-scan@48eedfcd42bc342a294dc495ac452797b2d9ff08
+ with:
+ ioServerUrl: ${{secrets.IO_SERVER_URL}}
+ ioServerToken: ${{secrets.IO_SERVER_TOKEN}}
+ workflowServerUrl: ${{secrets.WORKFLOW_SERVER_URL}}
+ additionalWorkflowArgs: --polaris.url=${{secrets.POLARIS_SERVER_URL}} --polaris.token=${{secrets.POLARIS_ACCESS_TOKEN}}
+ stage: "IO"
+
+ # Please note that the ID in previous step was set to prescription
+ # in order for this logic to work also make sure that POLARIS_ACCESS_TOKEN
+ # is defined in settings
+ - name: Static Analysis with Polaris
+ if: ${{steps.prescription.outputs.sastScan == 'true' }}
+ run: |
+ export POLARIS_SERVER_URL=${{ secrets.POLARIS_SERVER_URL}}
+ export POLARIS_ACCESS_TOKEN=${{ secrets.POLARIS_ACCESS_TOKEN}}
+ wget -q ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
+ unzip -j polaris_cli-linux64.zip -d /tmp
+ /tmp/polaris analyze -w
+
+ # Please note that the ID in previous step was set to prescription
+ # in order for this logic to work
+ - name: Software Composition Analysis with Black Duck
+ if: ${{steps.prescription.outputs.scaScan == 'true' }}
+ uses: blackducksoftware/github-action@9ea442b34409737f64743781e9adc71fd8e17d38
+ with:
+ args: '--blackduck.url="${{ secrets.BLACKDUCK_URL}}" --blackduck.api.token="${{ secrets.BLACKDUCK_TOKEN}}" --detect.tools="SIGNATURE_SCAN,DETECTOR"'
+
+ - name: Synopsys Intelligent Security Scan
+ if: ${{ steps.prescription.outputs.sastScan == 'true' || steps.prescription.outputs.scaScan == 'true' }}
+ uses: synopsys-sig/intelligent-security-scan@48eedfcd42bc342a294dc495ac452797b2d9ff08
+ with:
+ ioServerUrl: ${{secrets.IO_SERVER_URL}}
+ ioServerToken: ${{secrets.IO_SERVER_TOKEN}}
+ workflowServerUrl: ${{secrets.WORKFLOW_SERVER_URL}}
+ additionalWorkflowArgs: --IS_SAST_ENABLED=${{steps.prescription.outputs.sastScan}} --IS_SCA_ENABLED=${{steps.prescription.outputs.scaScan}}
+ --polaris.project.name={{PROJECT_NAME}} --polaris.url=${{secrets.POLARIS_SERVER_URL}} --polaris.token=${{secrets.POLARIS_ACCESS_TOKEN}}
+ --blackduck.project.name={{PROJECT_NAME}}:{{PROJECT_VERSION}} --blackduck.url=${{secrets.BLACKDUCK_URL}} --blackduck.api.token=${{secrets.BLACKDUCK_TOKEN}}
+ stage: "WORKFLOW"
+
+ - name: Upload SARIF file
+ if: ${{steps.prescription.outputs.sastScan == 'true' }}
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ # Path to SARIF file relative to the root of the repository
+ sarif_file: workflowengine-results.sarif.json
diff --git a/code-scanning/tfsec.yml b/code-scanning/tfsec.yml
new file mode 100644
index 0000000000..479f713c96
--- /dev/null
+++ b/code-scanning/tfsec.yml
@@ -0,0 +1,38 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: tfsec
+
+on:
+ push:
+ branches: [ $default-branch, $protected-branches ]
+ pull_request:
+ branches: [ $default-branch ]
+ schedule:
+ - cron: $cron-weekly
+
+jobs:
+ tfsec:
+ name: Run tfsec sarif report
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ steps:
+ - name: Clone repo
+ uses: actions/checkout@v2
+
+ - name: Run tfsec
+ uses: tfsec/tfsec-sarif-action@9a83b5c3524f825c020e356335855741fd02745f
+ with:
+ sarif_file: tfsec.sarif
+
+ - name: Upload SARIF file
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ # Path to SARIF file relative to the root of the repository
+ sarif_file: tfsec.sarif
diff --git a/icons/ada.svg b/icons/ada.svg
new file mode 100644
index 0000000000..6a0d58fa62
--- /dev/null
+++ b/icons/ada.svg
@@ -0,0 +1,283 @@
+
+
\ No newline at end of file
diff --git a/icons/alibabacloud.svg b/icons/alibabacloud.svg
new file mode 100644
index 0000000000..c7acdab9ec
--- /dev/null
+++ b/icons/alibabacloud.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/aws.svg b/icons/aws.svg
new file mode 100644
index 0000000000..59ff870b98
--- /dev/null
+++ b/icons/aws.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/azure.svg b/icons/azure.svg
new file mode 100644
index 0000000000..2ff63c104e
--- /dev/null
+++ b/icons/azure.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/cmake.svg b/icons/cmake.svg
new file mode 100644
index 0000000000..254fe0129b
--- /dev/null
+++ b/icons/cmake.svg
@@ -0,0 +1,493 @@
+
+
+
+
diff --git a/icons/d.svg b/icons/d.svg
new file mode 100644
index 0000000000..f2492bc3f7
--- /dev/null
+++ b/icons/d.svg
@@ -0,0 +1,216 @@
+
+
+
+
diff --git a/icons/deno.svg b/icons/deno.svg
new file mode 100644
index 0000000000..17ffb3e596
--- /dev/null
+++ b/icons/deno.svg
@@ -0,0 +1 @@
+
diff --git a/icons/dotnetcore.svg b/icons/dotnetcore.svg
deleted file mode 100644
index 6d31060b33..0000000000
--- a/icons/dotnetcore.svg
+++ /dev/null
@@ -1 +0,0 @@
-
\ No newline at end of file
diff --git a/icons/googlegke.svg b/icons/googlegke.svg
new file mode 100644
index 0000000000..68ecb39136
--- /dev/null
+++ b/icons/googlegke.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/ibm.svg b/icons/ibm.svg
new file mode 100644
index 0000000000..7139661458
--- /dev/null
+++ b/icons/ibm.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/kubesec.svg b/icons/kubesec.svg
new file mode 100644
index 0000000000..828eb09467
--- /dev/null
+++ b/icons/kubesec.svg
@@ -0,0 +1,16 @@
+
+
diff --git a/icons/mayhem-for-api.svg b/icons/mayhem-for-api.svg
new file mode 100644
index 0000000000..af426ff630
--- /dev/null
+++ b/icons/mayhem-for-api.svg
@@ -0,0 +1,19 @@
+
diff --git a/icons/openshift.svg b/icons/openshift.svg
new file mode 100644
index 0000000000..85149ff7d7
--- /dev/null
+++ b/icons/openshift.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/powershell.svg b/icons/powershell.svg
new file mode 100644
index 0000000000..ec01c8cb51
--- /dev/null
+++ b/icons/powershell.svg
@@ -0,0 +1,29 @@
+
+
+
\ No newline at end of file
diff --git a/icons/r.svg b/icons/r.svg
new file mode 100644
index 0000000000..78281f78ff
--- /dev/null
+++ b/icons/r.svg
@@ -0,0 +1,14 @@
+
diff --git a/icons/scala.svg b/icons/scala.svg
new file mode 100644
index 0000000000..80c5b99904
--- /dev/null
+++ b/icons/scala.svg
@@ -0,0 +1 @@
+
diff --git a/icons/swift.svg b/icons/swift.svg
new file mode 100644
index 0000000000..69df9cd20a
--- /dev/null
+++ b/icons/swift.svg
@@ -0,0 +1,10 @@
+
+
diff --git a/icons/synopsys-io.svg b/icons/synopsys-io.svg
new file mode 100644
index 0000000000..764a3be23c
--- /dev/null
+++ b/icons/synopsys-io.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/tencentcloud.svg b/icons/tencentcloud.svg
new file mode 100644
index 0000000000..af729a46ce
--- /dev/null
+++ b/icons/tencentcloud.svg
@@ -0,0 +1,29 @@
+
+
\ No newline at end of file
diff --git a/icons/terraform.svg b/icons/terraform.svg
new file mode 100644
index 0000000000..718fc0f4e5
--- /dev/null
+++ b/icons/terraform.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/icons/tfsec.svg b/icons/tfsec.svg
new file mode 100644
index 0000000000..60b6014c10
--- /dev/null
+++ b/icons/tfsec.svg
@@ -0,0 +1,36 @@
+
+
\ No newline at end of file
diff --git a/script/sync-ghes/exec.ts b/script/sync-ghes/exec.ts
new file mode 100644
index 0000000000..e5293246cb
--- /dev/null
+++ b/script/sync-ghes/exec.ts
@@ -0,0 +1,42 @@
+import { spawn } from "child_process";
+
+export class ExecResult {
+ stdout = "";
+ exitCode = 0;
+}
+
+/**
+ * Executes a process
+ */
+export async function exec(
+ command: string,
+ args: string[] = [],
+ allowAllExitCodes: boolean = false
+): Promise {
+ process.stdout.write(`EXEC: ${command} ${args.join(" ")}\n`);
+ return new Promise((resolve, reject) => {
+ const execResult = new ExecResult();
+ const cp = spawn(command, args, {});
+
+ // STDOUT
+ cp.stdout.on("data", (data) => {
+ process.stdout.write(data);
+ execResult.stdout += data.toString();
+ });
+
+ // STDERR
+ cp.stderr.on("data", (data) => {
+ process.stderr.write(data);
+ });
+
+ // Close
+ cp.on("close", (code) => {
+ execResult.exitCode = code;
+ if (code === 0 || allowAllExitCodes) {
+ resolve(execResult);
+ } else {
+ reject(new Error(`Command exited with code ${code}`));
+ }
+ });
+ });
+}
diff --git a/script/sync-ghes/index.ts b/script/sync-ghes/index.ts
new file mode 100755
index 0000000000..0fa34400bb
--- /dev/null
+++ b/script/sync-ghes/index.ts
@@ -0,0 +1,184 @@
+#!/usr/bin/env npx ts-node
+import { promises as fs } from "fs";
+import { safeLoad } from "js-yaml";
+import { basename, extname, join } from "path";
+import { exec } from "./exec";
+
+interface WorkflowDesc {
+ folder: string;
+ id: string;
+ iconName?: string;
+ iconType?: "svg" | "octicon";
+}
+
+interface WorkflowProperties {
+ name: string;
+
+ description: string;
+
+ iconName?: string;
+
+ categories: string[] | null;
+}
+
+interface WorkflowsCheckResult {
+ compatibleWorkflows: WorkflowDesc[];
+ incompatibleWorkflows: WorkflowDesc[];
+}
+
+async function checkWorkflows(
+ folders: string[],
+ enabledActions: string[]
+): Promise {
+ const result: WorkflowsCheckResult = {
+ compatibleWorkflows: [],
+ incompatibleWorkflows: [],
+ };
+
+ for (const folder of folders) {
+ const dir = await fs.readdir(folder, {
+ withFileTypes: true,
+ });
+
+ for (const e of dir) {
+ if (e.isFile()) {
+ const workflowFilePath = join(folder, e.name);
+ const workflowId = basename(e.name, extname(e.name));
+ const workflowProperties: WorkflowProperties = require(join(
+ folder,
+ "properties",
+ `${workflowId}.properties.json`
+ ));
+ const iconName: string | undefined = workflowProperties["iconName"];
+
+ const isBlankTemplate = workflowId === "blank";
+ const partnerWorkflow = workflowProperties.categories === null;
+
+ const enabled =
+ (isBlankTemplate || !partnerWorkflow) &&
+ (await checkWorkflow(workflowFilePath, enabledActions));
+
+ const workflowDesc: WorkflowDesc = {
+ folder,
+ id: workflowId,
+ iconName,
+ iconType:
+ iconName && iconName.startsWith("octicon") ? "octicon" : "svg",
+ };
+
+ if (!enabled) {
+ result.incompatibleWorkflows.push(workflowDesc);
+ } else {
+ result.compatibleWorkflows.push(workflowDesc);
+ }
+ }
+ }
+ }
+
+ return result;
+}
+
+/**
+ * Check if a workflow uses only the given set of actions.
+ *
+ * @param workflowPath Path to workflow yaml file
+ * @param enabledActions List of enabled actions
+ */
+async function checkWorkflow(
+ workflowPath: string,
+ enabledActions: string[]
+): Promise {
+ // Create set with lowercase action names for easier, case-insensitive lookup
+ const enabledActionsSet = new Set(enabledActions.map((x) => x.toLowerCase()));
+
+ try {
+ const workflowFileContent = await fs.readFile(workflowPath, "utf8");
+ const workflow = safeLoad(workflowFileContent);
+
+ for (const job of Object.keys(workflow.jobs || {}).map(
+ (k) => workflow.jobs[k]
+ )) {
+ for (const step of job.steps || []) {
+ if (!!step.uses) {
+ // Check if allowed action
+ const [actionName, _] = step.uses.split("@");
+ if (!enabledActionsSet.has(actionName.toLowerCase())) {
+ console.info(
+ `Workflow ${workflowPath} uses '${actionName}' which is not supported for GHES.`
+ );
+ return false;
+ }
+ }
+ }
+ }
+
+ // All used actions are enabled 🎉
+ return true;
+ } catch (e) {
+ console.error("Error while checking workflow", e);
+ throw e;
+ }
+}
+
+(async function main() {
+ try {
+ const settings = require("./settings.json");
+
+ const result = await checkWorkflows(
+ settings.folders,
+ settings.enabledActions
+ );
+
+ console.group(
+ `Found ${result.compatibleWorkflows.length} starter workflows compatible with GHES:`
+ );
+ console.log(
+ result.compatibleWorkflows.map((x) => `${x.folder}/${x.id}`).join("\n")
+ );
+ console.groupEnd();
+
+ console.group(
+ `Ignored ${result.incompatibleWorkflows.length} starter-workflows incompatible with GHES:`
+ );
+ console.log(
+ result.incompatibleWorkflows.map((x) => `${x.folder}/${x.id}`).join("\n")
+ );
+ console.groupEnd();
+
+ console.log("Switch to GHES branch");
+ await exec("git", ["checkout", "ghes"]);
+
+ // In order to sync from main, we might need to remove some workflows, add some
+ // and modify others. The lazy approach is to delete all workflows first, and then
+ // just bring the compatible ones over from the main branch. We let git figure out
+ // whether it's a deletion, add, or modify and commit the new state.
+ console.log("Remove all workflows");
+ await exec("rm", ["-fr", ...settings.folders]);
+ await exec("rm", ["-fr", "../../icons"]);
+
+ console.log("Sync changes from main for compatible workflows");
+ await exec("git", [
+ "checkout",
+ "main",
+ "--",
+ ...Array.prototype.concat.apply(
+ [],
+ result.compatibleWorkflows.map((x) => {
+ const r = [
+ join(x.folder, `${x.id}.yml`),
+ join(x.folder, "properties", `${x.id}.properties.json`),
+ ];
+
+ if (x.iconType === "svg") {
+ r.push(join("../../icons", `${x.iconName}.svg`));
+ }
+
+ return r;
+ })
+ ),
+ ]);
+ } catch (e) {
+ console.error("Unhandled error while syncing workflows", e);
+ process.exitCode = 1;
+ }
+})();
diff --git a/script/sync-ghes/package-lock.json b/script/sync-ghes/package-lock.json
new file mode 100644
index 0000000000..ebcd318060
--- /dev/null
+++ b/script/sync-ghes/package-lock.json
@@ -0,0 +1,112 @@
+{
+ "name": "sync-ghes-actions",
+ "version": "1.0.0",
+ "lockfileVersion": 1,
+ "requires": true,
+ "dependencies": {
+ "@types/js-yaml": {
+ "version": "3.12.4",
+ "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.4.tgz",
+ "integrity": "sha512-fYMgzN+9e28R81weVN49inn/u798ruU91En1ZnGvSZzCRc5jXx9B2EDhlRaWmcO1RIxFHL8AajRXzxDuJu93+A==",
+ "dev": true
+ },
+ "@types/node": {
+ "version": "14.0.1",
+ "resolved": "https://registry.npmjs.org/@types/node/-/node-14.0.1.tgz",
+ "integrity": "sha512-FAYBGwC+W6F9+huFIDtn43cpy7+SzG+atzRiTfdp3inUKL2hXnd4rG8hylJLIh4+hqrQy1P17kvJByE/z825hA==",
+ "dev": true
+ },
+ "arg": {
+ "version": "4.1.3",
+ "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz",
+ "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==",
+ "dev": true
+ },
+ "argparse": {
+ "version": "1.0.10",
+ "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+ "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+ "requires": {
+ "sprintf-js": "~1.0.2"
+ }
+ },
+ "buffer-from": {
+ "version": "1.1.1",
+ "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz",
+ "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==",
+ "dev": true
+ },
+ "diff": {
+ "version": "4.0.2",
+ "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
+ "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==",
+ "dev": true
+ },
+ "esprima": {
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+ "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A=="
+ },
+ "js-yaml": {
+ "version": "3.13.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz",
+ "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==",
+ "requires": {
+ "argparse": "^1.0.7",
+ "esprima": "^4.0.0"
+ }
+ },
+ "make-error": {
+ "version": "1.3.6",
+ "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz",
+ "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==",
+ "dev": true
+ },
+ "source-map": {
+ "version": "0.6.1",
+ "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+ "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+ "dev": true
+ },
+ "source-map-support": {
+ "version": "0.5.19",
+ "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.19.tgz",
+ "integrity": "sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw==",
+ "dev": true,
+ "requires": {
+ "buffer-from": "^1.0.0",
+ "source-map": "^0.6.0"
+ }
+ },
+ "sprintf-js": {
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+ "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw="
+ },
+ "ts-node": {
+ "version": "8.10.1",
+ "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-8.10.1.tgz",
+ "integrity": "sha512-bdNz1L4ekHiJul6SHtZWs1ujEKERJnHs4HxN7rjTyyVOFf3HaJ6sLqe6aPG62XTzAB/63pKRh5jTSWL0D7bsvw==",
+ "dev": true,
+ "requires": {
+ "arg": "^4.1.0",
+ "diff": "^4.0.1",
+ "make-error": "^1.1.1",
+ "source-map-support": "^0.5.17",
+ "yn": "3.1.1"
+ }
+ },
+ "typescript": {
+ "version": "3.9.2",
+ "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.2.tgz",
+ "integrity": "sha512-q2ktq4n/uLuNNShyayit+DTobV2ApPEo/6so68JaD5ojvc/6GClBipedB9zNWYxRSAlZXAe405Rlijzl6qDiSw==",
+ "dev": true
+ },
+ "yn": {
+ "version": "3.1.1",
+ "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
+ "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==",
+ "dev": true
+ }
+ }
+}
diff --git a/script/sync-ghes/package.json b/script/sync-ghes/package.json
new file mode 100644
index 0000000000..c3c9872458
--- /dev/null
+++ b/script/sync-ghes/package.json
@@ -0,0 +1,19 @@
+{
+ "name": "sync-ghes-actions",
+ "version": "1.0.0",
+ "main": "index.ts",
+ "scripts": {
+ "test": "echo \"Error: no test specified\" && exit 1"
+ },
+ "author": "github/c2c-actions-experience",
+ "license": "MIT",
+ "devDependencies": {
+ "@types/js-yaml": "^3.12.4",
+ "@types/node": "^14.0.1",
+ "ts-node": "^8.10.1",
+ "typescript": "^3.9.2"
+ },
+ "dependencies": {
+ "js-yaml": "^3.13.1"
+ }
+}
diff --git a/script/sync-ghes/settings.json b/script/sync-ghes/settings.json
new file mode 100644
index 0000000000..050ea0a742
--- /dev/null
+++ b/script/sync-ghes/settings.json
@@ -0,0 +1,20 @@
+{
+ "folders": [
+ "../../ci",
+ "../../automation"
+ ],
+ "enabledActions": [
+ "actions/checkout",
+ "actions/create-release",
+ "actions/delete-package-versions",
+ "actions/download-artifact",
+ "actions/setup-dotnet",
+ "actions/setup-go",
+ "actions/setup-java",
+ "actions/setup-node",
+ "actions/stale",
+ "actions/starter-workflows",
+ "actions/upload-artifact",
+ "actions/upload-release-asset"
+ ]
+}
diff --git a/script/sync-ghes/tsconfig.json b/script/sync-ghes/tsconfig.json
new file mode 100644
index 0000000000..7c50a205d0
--- /dev/null
+++ b/script/sync-ghes/tsconfig.json
@@ -0,0 +1,5 @@
+{
+ "compilerOptions": {
+ },
+ "include": ["*.ts"]
+}
\ No newline at end of file
diff --git a/script/validate-data/index.ts b/script/validate-data/index.ts
new file mode 100755
index 0000000000..81048f8e7f
--- /dev/null
+++ b/script/validate-data/index.ts
@@ -0,0 +1,119 @@
+#!/usr/bin/env npx ts-node
+import { promises as fs } from "fs";
+import { safeLoad } from "js-yaml";
+import { basename, extname, join } from "path";
+import { Validator as validator } from "jsonschema";
+import { endGroup, error, info, setFailed, startGroup } from '@actions/core';
+
+interface WorkflowWithErrors {
+ id: string;
+ errors: string[];
+}
+
+interface WorkflowProperties {
+ name: string;
+ description: string;
+ iconName: string;
+ categories: string[];
+}
+
+const propertiesSchema = {
+ type: "object",
+ properties: {
+ name: { type: "string", required: true },
+ description: { type: "string", required: true },
+ creator: { type: "string", required: false },
+ iconName: { type: "string", required: true },
+ categories: {
+ anyOf: [
+ {
+ type: "array",
+ items: { type: "string" }
+ },
+ {
+ type: "null",
+ }
+ ],
+ required: true
+ },
+ }
+}
+
+async function checkWorkflows(folders: string[]): Promise {
+ const result: WorkflowWithErrors[] = []
+
+ for (const folder of folders) {
+ const dir = await fs.readdir(folder, {
+ withFileTypes: true,
+ });
+
+ for (const e of dir) {
+ if (e.isFile()) {
+ const fileType = basename(e.name, extname(e.name))
+
+ const workflowFilePath = join(folder, e.name);
+ const propertiesFilePath = join(folder, "properties", `${fileType}.properties.json`)
+
+ const errors = await checkWorkflow(workflowFilePath, propertiesFilePath);
+ if (errors.errors.length > 0) {
+ result.push(errors)
+ }
+ }
+ }
+ }
+
+ return result;
+}
+
+async function checkWorkflow(workflowPath: string, propertiesPath: string): Promise {
+ let workflowErrors: WorkflowWithErrors = {
+ id: workflowPath,
+ errors: []
+ }
+
+ try {
+ const workflowFileContent = await fs.readFile(workflowPath, "utf8");
+ safeLoad(workflowFileContent); // Validate yaml parses without error
+
+ const propertiesFileContent = await fs.readFile(propertiesPath, "utf8")
+ const properties: WorkflowProperties = JSON.parse(propertiesFileContent)
+
+ let v = new validator();
+ const res = v.validate(properties, propertiesSchema)
+ workflowErrors.errors = res.errors.map(e => e.toString())
+
+ if (properties.iconName && !properties.iconName.startsWith("octicon")) {
+ try {
+ await fs.access(`../../icons/${properties.iconName}.svg`)
+ } catch (e) {
+ workflowErrors.errors.push(`No icon named ${properties.iconName} found`)
+ }
+ }
+ } catch (e) {
+ workflowErrors.errors.push(e.toString())
+ }
+ return workflowErrors;
+}
+
+(async function main() {
+ try {
+ const settings = require("./settings.json");
+ const erroredWorkflows = await checkWorkflows(
+ settings.folders
+ )
+
+ if (erroredWorkflows.length > 0) {
+ startGroup(`😟 - Found ${erroredWorkflows.length} workflows with errors:`);
+ erroredWorkflows.forEach(erroredWorkflow => {
+ error(`Errors in ${erroredWorkflow.id} - ${erroredWorkflow.errors.map(e => e.toString()).join(", ")}`)
+ })
+ endGroup();
+ setFailed(`Found ${erroredWorkflows.length} workflows with errors`);
+ } else {
+ info("🎉🤘 - Found no workflows with errors!")
+ }
+ } catch (e) {
+ error(`Unhandled error while syncing workflows: ${e}`);
+ setFailed(`Unhandled error`)
+ }
+})();
diff --git a/script/validate-data/package-lock.json b/script/validate-data/package-lock.json
new file mode 100644
index 0000000000..8839d6ab1e
--- /dev/null
+++ b/script/validate-data/package-lock.json
@@ -0,0 +1,122 @@
+{
+ "name": "sync-ghes-actions",
+ "version": "1.0.0",
+ "lockfileVersion": 1,
+ "requires": true,
+ "dependencies": {
+ "@actions/core": {
+ "version": "1.2.6",
+ "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.2.6.tgz",
+ "integrity": "sha512-ZQYitnqiyBc3D+k7LsgSBmMDVkOVidaagDG7j3fOym77jNunWRuYx7VSHa9GNfFZh+zh61xsCjRj4JxMZlDqTA=="
+ },
+ "@types/js-yaml": {
+ "version": "3.12.4",
+ "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-3.12.4.tgz",
+ "integrity": "sha512-fYMgzN+9e28R81weVN49inn/u798ruU91En1ZnGvSZzCRc5jXx9B2EDhlRaWmcO1RIxFHL8AajRXzxDuJu93+A==",
+ "dev": true
+ },
+ "@types/node": {
+ "version": "14.0.1",
+ "resolved": "https://registry.npmjs.org/@types/node/-/node-14.0.1.tgz",
+ "integrity": "sha512-FAYBGwC+W6F9+huFIDtn43cpy7+SzG+atzRiTfdp3inUKL2hXnd4rG8hylJLIh4+hqrQy1P17kvJByE/z825hA==",
+ "dev": true
+ },
+ "arg": {
+ "version": "4.1.3",
+ "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz",
+ "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==",
+ "dev": true
+ },
+ "argparse": {
+ "version": "1.0.10",
+ "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+ "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+ "requires": {
+ "sprintf-js": "~1.0.2"
+ }
+ },
+ "buffer-from": {
+ "version": "1.1.1",
+ "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz",
+ "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==",
+ "dev": true
+ },
+ "diff": {
+ "version": "4.0.2",
+ "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
+ "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==",
+ "dev": true
+ },
+ "esprima": {
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+ "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A=="
+ },
+ "js-yaml": {
+ "version": "3.13.1",
+ "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz",
+ "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==",
+ "requires": {
+ "argparse": "^1.0.7",
+ "esprima": "^4.0.0"
+ }
+ },
+ "jsonschema": {
+ "version": "1.2.6",
+ "resolved": "https://registry.npmjs.org/jsonschema/-/jsonschema-1.2.6.tgz",
+ "integrity": "sha512-SqhURKZG07JyKKeo/ir24QnS4/BV7a6gQy93bUSe4lUdNp0QNpIz2c9elWJQ9dpc5cQYY6cvCzgRwy0MQCLyqA=="
+ },
+ "make-error": {
+ "version": "1.3.6",
+ "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz",
+ "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==",
+ "dev": true
+ },
+ "source-map": {
+ "version": "0.6.1",
+ "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+ "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+ "dev": true
+ },
+ "source-map-support": {
+ "version": "0.5.19",
+ "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.19.tgz",
+ "integrity": "sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw==",
+ "dev": true,
+ "requires": {
+ "buffer-from": "^1.0.0",
+ "source-map": "^0.6.0"
+ }
+ },
+ "sprintf-js": {
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+ "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw="
+ },
+ "ts-node": {
+ "version": "8.10.1",
+ "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-8.10.1.tgz",
+ "integrity": "sha512-bdNz1L4ekHiJul6SHtZWs1ujEKERJnHs4HxN7rjTyyVOFf3HaJ6sLqe6aPG62XTzAB/63pKRh5jTSWL0D7bsvw==",
+ "dev": true,
+ "requires": {
+ "arg": "^4.1.0",
+ "diff": "^4.0.1",
+ "make-error": "^1.1.1",
+ "source-map-support": "^0.5.17",
+ "yn": "3.1.1"
+ }
+ },
+ "typescript": {
+ "version": "3.9.2",
+ "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.9.2.tgz",
+ "integrity": "sha512-q2ktq4n/uLuNNShyayit+DTobV2ApPEo/6so68JaD5ojvc/6GClBipedB9zNWYxRSAlZXAe405Rlijzl6qDiSw==",
+ "dev": true
+ },
+ "yn": {
+ "version": "3.1.1",
+ "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
+ "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==",
+ "dev": true
+ }
+ }
+}
diff --git a/script/validate-data/package.json b/script/validate-data/package.json
new file mode 100644
index 0000000000..e6403ee20d
--- /dev/null
+++ b/script/validate-data/package.json
@@ -0,0 +1,21 @@
+{
+ "name": "validate-data",
+ "version": "1.0.0",
+ "main": "index.ts",
+ "scripts": {
+ "test": "echo \"Error: no test specified\" && exit 1"
+ },
+ "author": "github/c2c-actions-experience",
+ "license": "MIT",
+ "devDependencies": {
+ "@types/js-yaml": "^3.12.4",
+ "@types/node": "^14.0.1",
+ "ts-node": "^8.10.1",
+ "typescript": "^3.9.2"
+ },
+ "dependencies": {
+ "@actions/core": "^1.2.6",
+ "js-yaml": "^3.13.1",
+ "jsonschema": "^1.2.6"
+ }
+}
\ No newline at end of file
diff --git a/script/validate-data/settings.json b/script/validate-data/settings.json
new file mode 100644
index 0000000000..1913e2fb5b
--- /dev/null
+++ b/script/validate-data/settings.json
@@ -0,0 +1,6 @@
+{
+ "folders": [
+ "../../ci",
+ "../../automation"
+ ]
+}
\ No newline at end of file
diff --git a/script/validate-data/tsconfig.json b/script/validate-data/tsconfig.json
new file mode 100644
index 0000000000..7c50a205d0
--- /dev/null
+++ b/script/validate-data/tsconfig.json
@@ -0,0 +1,5 @@
+{
+ "compilerOptions": {
+ },
+ "include": ["*.ts"]
+}
\ No newline at end of file