Daniel Gibbs
3 years ago
3 changed files with 90 additions and 55 deletions
@ -0,0 +1,61 @@ |
|||||
|
# This workflow uses actions that are not certified by GitHub. |
||||
|
# They are provided by a third-party and are governed by |
||||
|
# separate terms of service, privacy policy, and support |
||||
|
# documentation. |
||||
|
|
||||
|
# This workflow checks out code, performs a Codacy security scan |
||||
|
# and integrates the results with the |
||||
|
# GitHub Advanced Security code scanning feature. For more information on |
||||
|
# the Codacy security scan action usage and parameters, see |
||||
|
# https://github.com/codacy/codacy-analysis-cli-action. |
||||
|
# For more information on Codacy Analysis CLI in general, see |
||||
|
# https://github.com/codacy/codacy-analysis-cli. |
||||
|
|
||||
|
name: Codacy Security Scan |
||||
|
|
||||
|
on: |
||||
|
push: |
||||
|
branches: ["main","master"] |
||||
|
pull_request: |
||||
|
# The branches below must be a subset of the branches above |
||||
|
branches: ["main","master"] |
||||
|
schedule: |
||||
|
- cron: "28 22 * * 4" |
||||
|
|
||||
|
permissions: |
||||
|
contents: read |
||||
|
|
||||
|
jobs: |
||||
|
codacy-security-scan: |
||||
|
permissions: |
||||
|
contents: read # for actions/checkout to fetch code |
||||
|
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results |
||||
|
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status |
||||
|
name: Codacy Security Scan |
||||
|
runs-on: ubuntu-latest |
||||
|
steps: |
||||
|
# Checkout the repository to the GitHub Actions runner |
||||
|
- name: Checkout code |
||||
|
uses: actions/checkout@v3 |
||||
|
|
||||
|
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis |
||||
|
- name: Run Codacy Analysis CLI |
||||
|
uses: codacy/[email protected] |
||||
|
with: |
||||
|
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository |
||||
|
# You can also omit the token and run the tools that support default configurations |
||||
|
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} |
||||
|
verbose: true |
||||
|
output: results.sarif |
||||
|
format: sarif |
||||
|
# Adjust severity of non-security issues |
||||
|
gh-code-scanning-compat: true |
||||
|
# Force 0 exit code to allow SARIF file generation |
||||
|
# This will handover control about PR rejection to the GitHub side |
||||
|
max-allowed-issues: 2147483647 |
||||
|
|
||||
|
# Upload the SARIF file generated in the previous step |
||||
|
- name: Upload SARIF results file |
||||
|
uses: github/codeql-action/upload-sarif@v2 |
||||
|
with: |
||||
|
sarif_file: results.sarif |
||||
@ -1,55 +0,0 @@ |
|||||
--- |
|
||||
################################# |
|
||||
################################# |
|
||||
## Super Linter GitHub Actions ## |
|
||||
################################# |
|
||||
################################# |
|
||||
name: Lint Code Base |
|
||||
|
|
||||
# |
|
||||
# Documentation: |
|
||||
# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions |
|
||||
# |
|
||||
|
|
||||
############################# |
|
||||
# Start the job on all push # |
|
||||
############################# |
|
||||
on: |
|
||||
push: |
|
||||
branches-ignore: [master, main] |
|
||||
# Remove the line above to run when pushing to master |
|
||||
pull_request: |
|
||||
|
|
||||
############### |
|
||||
# Set the Job # |
|
||||
############### |
|
||||
jobs: |
|
||||
build: |
|
||||
# Name the Job |
|
||||
name: Lint Code Base |
|
||||
# Set the agent to run on |
|
||||
runs-on: ubuntu-latest |
|
||||
|
|
||||
################## |
|
||||
# Load all steps # |
|
||||
################## |
|
||||
steps: |
|
||||
########################## |
|
||||
# Checkout the code base # |
|
||||
########################## |
|
||||
- name: Checkout Code |
|
||||
uses: actions/checkout@v2 |
|
||||
with: |
|
||||
# Full git history is needed to get a proper list of changed files within `super-linter` |
|
||||
fetch-depth: 0 |
|
||||
|
|
||||
################################ |
|
||||
# Run Linter against code base # |
|
||||
################################ |
|
||||
- name: Lint Code Base |
|
||||
uses: github/super-linter@v4 |
|
||||
env: |
|
||||
VALIDATE_ALL_CODEBASE: false |
|
||||
# Change to 'master' if your main branch differs |
|
||||
DEFAULT_BRANCH: main |
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
|
||||
@ -0,0 +1,29 @@ |
|||||
|
# This workflow executes several linters on changed files based on languages used in your code base whenever |
||||
|
# you push a code or open a pull request. |
||||
|
# |
||||
|
# You can adjust the behavior by modifying this file. |
||||
|
# For more information, see: |
||||
|
# https://github.com/github/super-linter |
||||
|
name: Lint Code Base |
||||
|
|
||||
|
on: |
||||
|
push: |
||||
|
branches: ["main","master"] |
||||
|
pull_request: |
||||
|
branches: ["main","master"] |
||||
|
jobs: |
||||
|
run-lint: |
||||
|
runs-on: ubuntu-latest |
||||
|
steps: |
||||
|
- name: Checkout code |
||||
|
uses: actions/checkout@v3 |
||||
|
with: |
||||
|
# Full git history is needed to get a proper list of changed files within `super-linter` |
||||
|
fetch-depth: 0 |
||||
|
|
||||
|
- name: Lint Code Base |
||||
|
uses: github/super-linter@v4 |
||||
|
env: |
||||
|
VALIDATE_ALL_CODEBASE: false |
||||
|
DEFAULT_BRANCH: "main" |
||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
||||
Loading…
Reference in new issue