Daniel Gibbs
2 years ago
4 changed files with 45 additions and 146 deletions
@ -1,61 +0,0 @@ |
|||
# This workflow uses actions that are not certified by GitHub. |
|||
# They are provided by a third-party and are governed by |
|||
# separate terms of service, privacy policy, and support |
|||
# documentation. |
|||
|
|||
# This workflow checks out code, performs a Codacy security scan |
|||
# and integrates the results with the |
|||
# GitHub Advanced Security code scanning feature. For more information on |
|||
# the Codacy security scan action usage and parameters, see |
|||
# https://github.com/codacy/codacy-analysis-cli-action. |
|||
# For more information on Codacy Analysis CLI in general, see |
|||
# https://github.com/codacy/codacy-analysis-cli. |
|||
|
|||
name: Codacy Security Scan |
|||
|
|||
on: |
|||
push: |
|||
branches: ["main", "master"] |
|||
pull_request: |
|||
# The branches below must be a subset of the branches above |
|||
branches: ["main", "master"] |
|||
schedule: |
|||
- cron: "28 22 * * 4" |
|||
|
|||
permissions: |
|||
contents: read |
|||
|
|||
jobs: |
|||
codacy-security-scan: |
|||
permissions: |
|||
contents: read # for actions/checkout to fetch code |
|||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results |
|||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status |
|||
name: Codacy Security Scan |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
# Checkout the repository to the GitHub Actions runner |
|||
- name: Checkout code |
|||
uses: actions/checkout@v3 |
|||
|
|||
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis |
|||
- name: Run Codacy Analysis CLI |
|||
uses: codacy/[email protected] |
|||
with: |
|||
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository |
|||
# You can also omit the token and run the tools that support default configurations |
|||
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} |
|||
verbose: true |
|||
output: results.sarif |
|||
format: sarif |
|||
# Adjust severity of non-security issues |
|||
gh-code-scanning-compat: true |
|||
# Force 0 exit code to allow SARIF file generation |
|||
# This will handover control about PR rejection to the GitHub side |
|||
max-allowed-issues: 2147483647 |
|||
|
|||
# Upload the SARIF file generated in the previous step |
|||
- name: Upload SARIF results file |
|||
uses: github/codeql-action/upload-sarif@v2 |
|||
with: |
|||
sarif_file: results.sarif |
|||
@ -36,9 +36,32 @@ jobs: |
|||
push: true |
|||
tags: | |
|||
gameservermanagers/steamcmd:latest |
|||
gameservermanagers/steamcmd:ubuntu |
|||
gameservermanagers/steamcmd:ubuntu-22.04 |
|||
ghcr.io/gameservermanagers/steamcmd:latest |
|||
ghcr.io/gameservermanagers/steamcmd:ubuntu |
|||
ghcr.io/gameservermanagers/steamcmd:ubuntu-22.04 |
|||
|
|||
ubuntu-2004: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- name: Checkout |
|||
uses: actions/checkout@v3 |
|||
- name: Set up QEMU |
|||
uses: docker/setup-qemu-action@v2 |
|||
- name: Set up Docker Buildx |
|||
uses: docker/[email protected] |
|||
- name: Login to DockerHub |
|||
uses: docker/[email protected] |
|||
with: |
|||
username: ${{ secrets.DOCKER_HUB_USERNAME }} |
|||
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} |
|||
- name: Login to GitHub Container Registry |
|||
uses: docker/[email protected] |
|||
with: |
|||
registry: ghcr.io |
|||
username: ${{ github.actor }} |
|||
password: ${{ secrets.GITHUB_TOKEN }} |
|||
- name: Build and push (Ubuntu 20.04) |
|||
uses: docker/[email protected] |
|||
with: |
|||
@ -49,7 +72,28 @@ jobs: |
|||
tags: | |
|||
gameservermanagers/steamcmd:ubuntu-20.04 |
|||
ghcr.io/gameservermanagers/steamcmd:ubuntu-20.04 |
|||
- name: Build and push (Ubuntu 18.04) |
|||
|
|||
ubuntu-1804: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- name: Checkout |
|||
uses: actions/checkout@v3 |
|||
- name: Set up QEMU |
|||
uses: docker/setup-qemu-action@v2 |
|||
- name: Set up Docker Buildx |
|||
uses: docker/[email protected] |
|||
- name: Login to DockerHub |
|||
uses: docker/[email protected] |
|||
with: |
|||
username: ${{ secrets.DOCKER_HUB_USERNAME }} |
|||
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} |
|||
- name: Login to GitHub Container Registry |
|||
uses: docker/[email protected] |
|||
with: |
|||
registry: ghcr.io |
|||
username: ${{ github.actor }} |
|||
password: ${{ secrets.GITHUB_TOKEN }} |
|||
- name: Build and push (Ubuntu 20.04) |
|||
uses: docker/[email protected] |
|||
with: |
|||
context: . |
|||
|
|||
@ -1,55 +0,0 @@ |
|||
# This workflow uses actions that are not certified by GitHub. |
|||
# They are provided by a third-party and are governed by |
|||
# separate terms of service, privacy policy, and support |
|||
# documentation. |
|||
|
|||
# A sample workflow which checks out the code, builds a container |
|||
# image using Docker and scans that image for vulnerabilities using |
|||
# Snyk. The results are then uploaded to GitHub Security Code Scanning |
|||
# |
|||
# For more examples, including how to limit scans to only high-severity |
|||
# issues, monitor images for newly disclosed vulnerabilities in Snyk and |
|||
# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/ |
|||
|
|||
name: Snyk Container |
|||
|
|||
on: |
|||
push: |
|||
branches: ["main", "master"] |
|||
pull_request: |
|||
# The branches below must be a subset of the branches above |
|||
branches: ["main", "master"] |
|||
schedule: |
|||
- cron: "45 1 * * 4" |
|||
|
|||
permissions: |
|||
contents: read |
|||
|
|||
jobs: |
|||
snyk: |
|||
permissions: |
|||
contents: read # for actions/checkout to fetch code |
|||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results |
|||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Build a Docker image |
|||
run: docker build -t gameservermanagers/steamcmd -f Dockerfile.ubuntu-2204 . |
|||
- name: Run Snyk to check Docker image for vulnerabilities |
|||
# Snyk can be used to break the build when it detects vulnerabilities. |
|||
# In this case we want to upload the issues to GitHub Code Scanning |
|||
continue-on-error: true |
|||
uses: snyk/actions/docker@master |
|||
env: |
|||
# In order to use the Snyk Action you will need to have a Snyk API token. |
|||
# More details in https://github.com/snyk/actions#getting-your-snyk-token |
|||
# or you can signup for free at https://snyk.io/login |
|||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} |
|||
with: |
|||
image: gameservermanagers/steamcmd |
|||
args: --file=Dockerfile.ubuntu-2204 |
|||
- name: Upload result to GitHub Code Scanning |
|||
uses: github/codeql-action/upload-sarif@v2 |
|||
with: |
|||
sarif_file: snyk.sarif |
|||
@ -1,29 +0,0 @@ |
|||
# This workflow executes several linters on changed files based on languages used in your code base whenever |
|||
# you push a code or open a pull request. |
|||
# |
|||
# You can adjust the behavior by modifying this file. |
|||
# For more information, see: |
|||
# https://github.com/github/super-linter |
|||
name: Lint Code Base |
|||
|
|||
on: |
|||
push: |
|||
branches: ["main", "master"] |
|||
pull_request: |
|||
branches: ["main", "master"] |
|||
jobs: |
|||
run-lint: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- name: Checkout code |
|||
uses: actions/checkout@v3 |
|||
with: |
|||
# Full git history is needed to get a proper list of changed files within `super-linter` |
|||
fetch-depth: 0 |
|||
|
|||
- name: Lint Code Base |
|||
uses: github/super-linter@v4 |
|||
env: |
|||
VALIDATE_ALL_CODEBASE: false |
|||
DEFAULT_BRANCH: "main" |
|||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
|||
Loading…
Reference in new issue