From 015f1fef6f6303c195a4aa8bd0761ca9d59517ec Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 02:44:59 -0400
Subject: [PATCH 01/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 6bd5a18..dab15eb 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -56,6 +56,6 @@ jobs:
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
From 694a598473d4867c44622e13dfa68f6c81967b4f Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 02:50:56 -0400
Subject: [PATCH 02/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index dab15eb..3ccda83 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -59,3 +59,6 @@ jobs:
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
+
+ - name: Codacy Coverage Reporter
+ uses: codacy/codacy-coverage-reporter-action@v1.3.0
From 3bd73b12f73b3546fe008a55a388ece31cfc5364 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 03:18:34 -0400
Subject: [PATCH 03/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 3ccda83..66b83f8 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -62,3 +62,5 @@ jobs:
- name: Codacy Coverage Reporter
uses: codacy/codacy-coverage-reporter-action@v1.3.0
+ with:
+ project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
From fcfc8c52036354a5c324f8e3e022da86306c43fc Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 03:21:42 -0400
Subject: [PATCH 04/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 66b83f8..c25abcd 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -64,3 +64,4 @@ jobs:
uses: codacy/codacy-coverage-reporter-action@v1.3.0
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+ report-path: /tests/coverage/report.xml
From 32b4dd0e5212243fe5f36fb39599c1bdf95e6026 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 03:38:27 -0400
Subject: [PATCH 05/39] Create report.xml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
tests/report.xml | 201 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 201 insertions(+)
create mode 100644 tests/report.xml
diff --git a/tests/report.xml b/tests/report.xml
new file mode 100644
index 0000000..57c4e31
--- /dev/null
+++ b/tests/report.xml
@@ -0,0 +1,201 @@
+
+
+
+
+
+
+ FROM php:8.3.8-apache AS builder
+
+
+
+ RUN apt-get update && \
+ apt-get install -y --no-install-recommends \
+ curl \
+ unzip \
+ libpng-dev \
+ libjpeg-dev \
+ libfreetype6-dev \
+ libexif-dev \
+ libzip-dev \
+ zlib1g-dev \
+ libicu-dev \
+ libldap2-dev \
+ libpq-dev \
+ libonig-dev && \
+ pecl install apcu && \
+ docker-php-ext-enable apcu && \
+ docker-php-ext-configure gd --with-freetype --with-jpeg && \
+ docker-php-ext-install -j$(nproc) gd mysqli pdo pdo_mysql zip intl ldap pgsql pdo_pgsql && \
+ a2enmod rewrite && \
+ a2enmod deflate && \
+ apt-get clean && rm -rf /var/lib/apt/lists/*
+
+
+ WORKDIR /tmp
+ ARG HUMHUB_VERSION=1.16.0
+ RUN curl -L -o humhub.zip https://download.humhub.com/downloads/install/humhub-${HUMHUB_VERSION}.zip && \
+ unzip humhub.zip -d /tmp/humhub_folder && \
+ rm humhub.zip
+
+
+
+
+ FROM php:8.3.8-apache AS runtime-deps
+
+
+
+
+
+ FROM runtime-deps AS final
+
+
+
+
+ LABEL org.opencontainers.image.source="https://github.com/GreenMeteor/humhub-docker"
+ LABEL org.opencontainers.image.revision="$GIT_COMMIT"
+ LABEL org.opencontainers.image.base.name="php:8.3.8-apache"
+
+
+
+
+ RUN groupadd -r humhub && useradd -r -g humhub humhub
+
+
+
+
+ COPY --from=builder /tmp/humhub_folder/. /var/www/html
+
+
+
+
+ COPY src/apache2.conf /etc/apache2/apache2.conf
+ COPY src/humhub.conf /etc/apache2/sites-available/humhub.conf
+
+
+
+
+ RUN a2ensite humhub
+
+
+
+
+ RUN chown -R humhub:humhub /var/www/html && \
+ find /var/www/html -type d -exec chmod 755 {} + && \
+ find /var/www/html -type f -exec chmod 644 {} +
+
+
+
+
+ COPY --chown=humhub:humhub src/crontab /etc/cron.d/humhub-cron
+ RUN chmod 0644 /etc/cron.d/humhub-cron
+
+
+
+
+ EXPOSE 80
+ EXPOSE 443
+
+
+
+
+ WORKDIR /var/www/html
+
+
+
+
+ HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
+ CMD curl --fail http://localhost || exit 1
+
+
+
+
+ USER humhub
+ CMD ["sh", "-c", "service cron start && apache2-foreground"]
+
+
+
+
+
+
+
+
+ version: '3.8'
+
+
+
+ services:
+ humhub:
+ build:
+ context: .
+ dockerfile: src/Dockerfile
+ environment:
+ MYSQL_HOST: "mysql_humhub"
+ MYSQL_DATABASE: "humhub"
+ MYSQL_USER: "humhub"
+ MYSQL_PASSWORD: "password"
+ HUMHUB_DIRECTORY: "/var/www/html"
+ MAILER_DSN: "sendmail://default"
+ volumes:
+ - humhub_files:/var/www/html
+ networks:
+ - humhub_network
+ read_only: true
+ security_opt:
+ - no-new-privileges:true
+
+
+ mysql_humhub:
+ image: mariadb:latest
+ environment:
+ MYSQL_DATABASE: "humhub"
+ MYSQL_USER: "humhub"
+ MYSQL_PASSWORD: "password"
+ volumes:
+ - humhub_db_data:/var/lib/mysql
+ read_only: true
+ security_opt:
+ - no-new-privileges:true
+
+
+ nginx:
+ image: nginx:latest
+ ports:
+ - "80:80"
+ - "443:443"
+ volumes:
+ - ./humhub.conf:/etc/nginx/conf.d/humhub.conf
+ - nginx_cert:/etc/letsencrypt
+ - /var/www/certbot:/var/www/certbot
+ networks:
+ - humhub_network
+ read_only: true
+ security_opt:
+ - no-new-privileges:true
+
+
+ certbot:
+ image: certbot/certbot
+ volumes:
+ - /var/www/certbot:/var/www/certbot
+ - nginx_cert:/etc/letsencrypt
+ entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+ networks:
+ - humhub_network
+ read_only: true
+ security_opt:
+ - no-new-privileges:true
+
+
+ volumes:
+ humhub_files:
+ humhub_db_data:
+ nginx_cert:
+
+
+ networks:
+ humhub_network:
+ driver: bridge
+
+
+
+
From b9f273dc42cac62147963729f430658616c772d5 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 03:42:14 -0400
Subject: [PATCH 06/39] Update report.xml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
tests/report.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/report.xml b/tests/report.xml
index 57c4e31..c762c43 100644
--- a/tests/report.xml
+++ b/tests/report.xml
@@ -1,7 +1,7 @@
-
+
FROM php:8.3.8-apache AS builder
@@ -116,7 +116,7 @@
-
+
version: '3.8'
From ff73a5d93ef580e308fb9c1ea051f25ac95357e2 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 03:57:52 -0400
Subject: [PATCH 07/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 44 ++++++++++++++++++++++--------------
1 file changed, 27 insertions(+), 17 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index c25abcd..00e3798 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -3,22 +3,21 @@
# separate terms of service, privacy policy, and support
# documentation.
-# This workflow checks out code, performs a Codacy security scan
-# and integrates the results with the
-# GitHub Advanced Security code scanning feature. For more information on
-# the Codacy security scan action usage and parameters, see
-# https://github.com/codacy/codacy-analysis-cli-action.
+# This workflow checks out code, runs tests, generates a coverage report,
+# performs a Codacy security scan, and integrates the results with GitHub
+# Advanced Security for code scanning. For more information on the Codacy
+# security scan action usage and parameters, see
+# https://github.com/codacy/codacy-coverage-reporter-action.
# For more information on Codacy Analysis CLI in general, see
-# https://github.com/codacy/codacy-analysis-cli.
+# https://github.com/codacy/codacy-coverage-reporter-action.
-name: Codacy Security Scan
+name: Codacy Security Scan and Coverage Report
on:
push:
- branches: [ "main" ]
+ branches: [ main ]
pull_request:
- # The branches below must be a subset of the branches above
- branches: [ "main" ]
+ branches: [ main ]
schedule:
- cron: '43 23 * * 5'
@@ -42,16 +41,11 @@ jobs:
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
with:
- # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
- # You can also omit the token and run the tools that support default configurations
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
- # Adjust severity of non-security issues
gh-code-scanning-compat: true
- # Force 0 exit code to allow SARIF file generation
- # This will handover control about PR rejection to the GitHub side
max-allowed-issues: 2147483647
# Upload the SARIF file generated in the previous step
@@ -60,8 +54,24 @@ jobs:
with:
sarif_file: results.sarif
- - name: Codacy Coverage Reporter
+ coverage-report:
+ name: Generate and Upload Coverage Report to Codacy
+ runs-on: ubuntu-latest
+ steps:
+ # Checkout the repository to the GitHub Actions runner
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ # Run tests and generate coverage report (replace with your specific commands)
+ - name: Run tests and generate coverage report
+ run: |
+ # Replace with your commands to run tests and generate coverage report
+ npm test --coverage
+ # Adjust commands based on your specific setup to generate report.xml
+
+ # Upload the coverage report to Codacy
+ - name: Upload coverage report to Codacy
uses: codacy/codacy-coverage-reporter-action@v1.3.0
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
- report-path: /tests/coverage/report.xml
+ file: /tests/coverage/report.xml
From 5257ac139e2f11a68b350cc5af0a32fa3e00c78d Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:02:18 -0400
Subject: [PATCH 08/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 00e3798..d64cd39 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -62,12 +62,12 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- # Run tests and generate coverage report (replace with your specific commands)
+ # Replace the "Run tests and generate coverage report" step with:
- name: Run tests and generate coverage report
run: |
- # Replace with your commands to run tests and generate coverage report
+ # cd tests # Adjust this to your actual directory structure
+ npm install
npm test --coverage
- # Adjust commands based on your specific setup to generate report.xml
# Upload the coverage report to Codacy
- name: Upload coverage report to Codacy
From 3200f134b6e8d4fa4d727fed7f45b0522b202c92 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:06:20 -0400
Subject: [PATCH 09/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 16 ++--------------
1 file changed, 2 insertions(+), 14 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index d64cd39..bf58a5a 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -33,11 +33,9 @@ jobs:
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
- # Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v4
- # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
with:
@@ -48,28 +46,18 @@ jobs:
gh-code-scanning-compat: true
max-allowed-issues: 2147483647
- # Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
- coverage-report:
- name: Generate and Upload Coverage Report to Codacy
+ upload-coverage-report:
+ name: Upload Coverage Report to Codacy
runs-on: ubuntu-latest
steps:
- # Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v4
- # Replace the "Run tests and generate coverage report" step with:
- - name: Run tests and generate coverage report
- run: |
- # cd tests # Adjust this to your actual directory structure
- npm install
- npm test --coverage
-
- # Upload the coverage report to Codacy
- name: Upload coverage report to Codacy
uses: codacy/codacy-coverage-reporter-action@v1.3.0
with:
From 1fd05a795b9ee47a493ee3484242a5fab86535ae Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:08:45 -0400
Subject: [PATCH 10/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index bf58a5a..b4180cb 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -62,4 +62,4 @@ jobs:
uses: codacy/codacy-coverage-reporter-action@v1.3.0
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
- file: /tests/coverage/report.xml
+ file: tests/coverage/report.xml
From 809459603feac35dfa53f445287a0b02c65316a9 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:10:50 -0400
Subject: [PATCH 11/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index b4180cb..9d8ffce 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -62,4 +62,6 @@ jobs:
uses: codacy/codacy-coverage-reporter-action@v1.3.0
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
- file: tests/coverage/report.xml
+ file: tests/coverage/report.xml # Adjust this path based on your setup
+ # Add the following line to specify the report file
+ coverage-reports: "tests/coverage/report.xml"
From a7e023bb0914a5bee7cab047208e7968600751b2 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:14:27 -0400
Subject: [PATCH 12/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 9d8ffce..3e9b4c0 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -52,16 +52,11 @@ jobs:
sarif_file: results.sarif
upload-coverage-report:
- name: Upload Coverage Report to Codacy
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Upload coverage report to Codacy
- uses: codacy/codacy-coverage-reporter-action@v1.3.0
- with:
- project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
- file: tests/coverage/report.xml # Adjust this path based on your setup
- # Add the following line to specify the report file
- coverage-reports: "tests/coverage/report.xml"
+ run: |
+ bash <(curl -Ls https://coverage.codacy.com/get.sh) report --project-token ${{ secrets.CODACY_PROJECT_TOKEN }} -r tests/coverage/report.xml --partial
From e3f75341e73c58711f6a2f321b90f12060983d68 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:16:20 -0400
Subject: [PATCH 13/39] Rename tests/report.xml to tests/coverage/report.xml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
tests/{ => coverage}/report.xml | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename tests/{ => coverage}/report.xml (100%)
diff --git a/tests/report.xml b/tests/coverage/report.xml
similarity index 100%
rename from tests/report.xml
rename to tests/coverage/report.xml
From f3a29dda5b71314e4c49a08940209e3e3e4e98eb Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:23:07 -0400
Subject: [PATCH 14/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 3e9b4c0..614a81d 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -46,13 +46,14 @@ jobs:
gh-code-scanning-compat: true
max-allowed-issues: 2147483647
- - name: Upload SARIF results file
+ - name: Upload SARIF results to GitHub Advanced Security
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
upload-coverage-report:
runs-on: ubuntu-latest
+ needs: [codacy-security-scan] # Ensure codacy-security-scan job completes first
steps:
- name: Checkout code
uses: actions/checkout@v4
From b3a58871cf79ffe9f901156b267d5e827160be8d Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:34:23 -0400
Subject: [PATCH 15/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 31 ++++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 614a81d..7c71fbf 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -11,7 +11,7 @@
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-coverage-reporter-action.
-name: Codacy Security Scan and Coverage Report
+name: Codacy Security Scan
on:
push:
@@ -36,12 +36,24 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- - name: Run Codacy Analysis CLI
+ - name: Run Codacy Analysis CLI for Dockerfile
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
- output: results.sarif
+ files: src/Dockerfile
+ output: results_dockerfile.sarif
+ format: sarif
+ gh-code-scanning-compat: true
+ max-allowed-issues: 2147483647
+
+ - name: Run Codacy Analysis CLI for docker-compose.yml
+ uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
+ with:
+ project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+ verbose: true
+ files: src/docker-compose.yml
+ output: results_docker-compose.sarif
format: sarif
gh-code-scanning-compat: true
max-allowed-issues: 2147483647
@@ -49,15 +61,4 @@ jobs:
- name: Upload SARIF results to GitHub Advanced Security
uses: github/codeql-action/upload-sarif@v3
with:
- sarif_file: results.sarif
-
- upload-coverage-report:
- runs-on: ubuntu-latest
- needs: [codacy-security-scan] # Ensure codacy-security-scan job completes first
- steps:
- - name: Checkout code
- uses: actions/checkout@v4
-
- - name: Upload coverage report to Codacy
- run: |
- bash <(curl -Ls https://coverage.codacy.com/get.sh) report --project-token ${{ secrets.CODACY_PROJECT_TOKEN }} -r tests/coverage/report.xml --partial
+ sarif_file: results_dockerfile.sarif, results_docker-compose.sarif
From 539032b9702146fbb2d5a6e7095379f334cfd4e0 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:44:36 -0400
Subject: [PATCH 16/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 46 ++++++++++++++++++++----------------
1 file changed, 25 insertions(+), 21 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 7c71fbf..a4dec27 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -11,7 +11,7 @@
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-coverage-reporter-action.
-name: Codacy Security Scan
+name: Codacy
on:
push:
@@ -36,29 +36,33 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- - name: Run Codacy Analysis CLI for Dockerfile
- uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
- with:
- project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
- verbose: true
- files: src/Dockerfile
- output: results_dockerfile.sarif
- format: sarif
- gh-code-scanning-compat: true
- max-allowed-issues: 2147483647
+ - name: Run Codacy Analysis for Dockerfile
+ run: |
+ # Replace with actual commands to analyze Dockerfile and generate SARIF
+ codacy-analysis-cli analyze --file src/Dockerfile --format sarif --output results_dockerfile.sarif
+ env:
+ CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
+
+ - name: Run Codacy Analysis for docker-compose.yml
+ run: |
+ # Replace with actual commands to analyze docker-compose.yml and generate SARIF
+ codacy-analysis-cli analyze --file src/docker-compose.yml --format sarif --output results_docker-compose.sarif
+ env:
+ CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
+
+ upload-sarif:
+ runs-on: ubuntu-latest
+ needs: codacy-security-scan
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
- - name: Run Codacy Analysis CLI for docker-compose.yml
+ - name: Upload Dockerfile SARIF results to GitHub
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
with:
- project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
- verbose: true
- files: src/docker-compose.yml
- output: results_docker-compose.sarif
- format: sarif
- gh-code-scanning-compat: true
- max-allowed-issues: 2147483647
+ sarif_file: results_dockerfile.sarif
- - name: Upload SARIF results to GitHub Advanced Security
+ - name: Upload docker-compose SARIF results to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
- sarif_file: results_dockerfile.sarif, results_docker-compose.sarif
+ sarif_file: results_docker-compose.sarif
From d134a9fd73a638bed6cafc6a3165adf0445ce316 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:47:37 -0400
Subject: [PATCH 17/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index a4dec27..d4cdde6 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -38,19 +38,18 @@ jobs:
- name: Run Codacy Analysis for Dockerfile
run: |
- # Replace with actual commands to analyze Dockerfile and generate SARIF
codacy-analysis-cli analyze --file src/Dockerfile --format sarif --output results_dockerfile.sarif
env:
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
- name: Run Codacy Analysis for docker-compose.yml
run: |
- # Replace with actual commands to analyze docker-compose.yml and generate SARIF
codacy-analysis-cli analyze --file src/docker-compose.yml --format sarif --output results_docker-compose.sarif
env:
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
upload-sarif:
+ name: Upload SARIF results
runs-on: ubuntu-latest
needs: codacy-security-scan
steps:
From 07678e2960378faa568ea7c0c60c2e0e8f768d93 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:49:46 -0400
Subject: [PATCH 18/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index d4cdde6..496b784 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -57,7 +57,7 @@ jobs:
uses: actions/checkout@v4
- name: Upload Dockerfile SARIF results to GitHub
- uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
+ uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results_dockerfile.sarif
@@ -65,3 +65,8 @@ jobs:
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results_docker-compose.sarif
+
+ - name: Upload docker-compose SARIF results to GitHub
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: results_docker-compose.sarif
From 0885830838ad0477c23efc4dc6a1a175534bab6d Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:57:40 -0400
Subject: [PATCH 19/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 496b784..d822a25 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -36,6 +36,15 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
+ - name: Install Node.js
+ uses: actions/setup-node@v4
+ with:
+ node-version: 'latest'
+
+ - name: Install codacy-analysis-cli
+ run: |
+ npm install -g codacy-analysis-cli
+
- name: Run Codacy Analysis for Dockerfile
run: |
codacy-analysis-cli analyze --file src/Dockerfile --format sarif --output results_dockerfile.sarif
@@ -65,8 +74,3 @@ jobs:
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results_docker-compose.sarif
-
- - name: Upload docker-compose SARIF results to GitHub
- uses: github/codeql-action/upload-sarif@v3
- with:
- sarif_file: results_docker-compose.sarif
From 1753bcb23b87ccb46fe8be5eb60f7484a3d4fade Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 04:59:51 -0400
Subject: [PATCH 20/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index d822a25..0c7e0fb 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -36,14 +36,12 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- - name: Install Node.js
- uses: actions/setup-node@v4
- with:
- node-version: 'latest'
-
- - name: Install codacy-analysis-cli
+ - name: Download and install codacy-analysis-cli
run: |
- npm install -g codacy-analysis-cli
+ mkdir -p $HOME/bin
+ curl -sSL https://github.com/codacy/codacy-analysis-cli/releases/latest/download/codacy-analysis-cli-$(uname -s)-$(uname -m) -o $HOME/bin/codacy-analysis-cli
+ chmod +x $HOME/bin/codacy-analysis-cli
+ export PATH=$HOME/bin:$PATH
- name: Run Codacy Analysis for Dockerfile
run: |
From b8b9dd467cf48cfeb4d80967ac1fa3c0533ce805 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:05:08 -0400
Subject: [PATCH 21/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 0c7e0fb..063cb36 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -36,22 +36,21 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- - name: Download and install codacy-analysis-cli
+ - name: Install codacy-analysis-cli from GitHub
run: |
- mkdir -p $HOME/bin
- curl -sSL https://github.com/codacy/codacy-analysis-cli/releases/latest/download/codacy-analysis-cli-$(uname -s)-$(uname -m) -o $HOME/bin/codacy-analysis-cli
- chmod +x $HOME/bin/codacy-analysis-cli
- export PATH=$HOME/bin:$PATH
+ curl -L https://github.com/codacy/codacy-analysis-cli/archive/master.tar.gz | tar xvz
+ cd codacy-analysis-cli-* && sudo make install
+ if: success()
- name: Run Codacy Analysis for Dockerfile
run: |
- codacy-analysis-cli analyze --file src/Dockerfile --format sarif --output results_dockerfile.sarif
+ /usr/local/bin/codacy-analysis-cli analyze --file src/Dockerfile --format sarif --output results_dockerfile.sarif
env:
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
- name: Run Codacy Analysis for docker-compose.yml
run: |
- codacy-analysis-cli analyze --file src/docker-compose.yml --format sarif --output results_docker-compose.sarif
+ /usr/local/bin/codacy-analysis-cli analyze --file src/docker-compose.yml --format sarif --output results_docker-compose.sarif
env:
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
From b131246d6cf8f75edc1b3fbee045a54130f5efd8 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:10:38 -0400
Subject: [PATCH 22/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 063cb36..7f4f12b 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -40,17 +40,18 @@ jobs:
run: |
curl -L https://github.com/codacy/codacy-analysis-cli/archive/master.tar.gz | tar xvz
cd codacy-analysis-cli-* && sudo make install
- if: success()
- name: Run Codacy Analysis for Dockerfile
+ working-directory: src
run: |
- /usr/local/bin/codacy-analysis-cli analyze --file src/Dockerfile --format sarif --output results_dockerfile.sarif
+ codacy-analysis-cli analyze -t dockerfile --output ../results_dockerfile.sarif
env:
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
- name: Run Codacy Analysis for docker-compose.yml
+ working-directory: src
run: |
- /usr/local/bin/codacy-analysis-cli analyze --file src/docker-compose.yml --format sarif --output results_docker-compose.sarif
+ codacy-analysis-cli analyze -t docker-compose --output ../results_docker-compose.sarif
env:
CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
From 65af07664c0de3d8d8c307cf93260fe7254ef1c6 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:13:39 -0400
Subject: [PATCH 23/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 38 +++++++++++++++++++++++-------------
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 7f4f12b..9dfc300 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -27,33 +27,43 @@ permissions:
jobs:
codacy-security-scan:
permissions:
- contents: read # for actions/checkout to fetch code
- security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
- actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+ contents: read
+ security-events: write
+ actions: read
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- - name: Install codacy-analysis-cli from GitHub
+ - name: Install Hadolint
run: |
- curl -L https://github.com/codacy/codacy-analysis-cli/archive/master.tar.gz | tar xvz
- cd codacy-analysis-cli-* && sudo make install
+ wget -O /bin/hadolint https://github.com/hadolint/hadolint/releases/download/v2.7.0/hadolint-Linux-x86_64
+ chmod +x /bin/hadolint
- - name: Run Codacy Analysis for Dockerfile
+ - name: Run Hadolint for Dockerfile
working-directory: src
run: |
- codacy-analysis-cli analyze -t dockerfile --output ../results_dockerfile.sarif
- env:
- CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
+ hadolint Dockerfile -f json > ../results_dockerfile.sarif
- - name: Run Codacy Analysis for docker-compose.yml
+ - name: Convert Hadolint JSON to SARIF
+ run: |
+ npm install -g hadolint2sarif
+ hadolint2sarif -i ../results_dockerfile.json -o ../results_dockerfile.sarif
+
+ - name: Install docker-compose-linter
+ run: |
+ pip install docker-compose-linter
+
+ - name: Run docker-compose-linter
working-directory: src
run: |
- codacy-analysis-cli analyze -t docker-compose --output ../results_docker-compose.sarif
- env:
- CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
+ docker-compose-linter -f docker-compose.yml > ../results_docker-compose.json
+
+ - name: Convert docker-compose JSON to SARIF
+ run: |
+ npm install -g json2sarif
+ json2sarif -i ../results_docker-compose.json -o ../results_docker-compose.sarif
upload-sarif:
name: Upload SARIF results
From 0db4619bed85cb6de354c3b0c91e4b1992c6dc8a Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:21:41 -0400
Subject: [PATCH 24/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 29 ++++++++++++++---------------
1 file changed, 14 insertions(+), 15 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 9dfc300..ab96458 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -36,20 +36,13 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- - name: Install Hadolint
- run: |
- wget -O /bin/hadolint https://github.com/hadolint/hadolint/releases/download/v2.7.0/hadolint-Linux-x86_64
- chmod +x /bin/hadolint
-
- - name: Run Hadolint for Dockerfile
- working-directory: src
- run: |
- hadolint Dockerfile -f json > ../results_dockerfile.sarif
-
- - name: Convert Hadolint JSON to SARIF
- run: |
- npm install -g hadolint2sarif
- hadolint2sarif -i ../results_dockerfile.json -o ../results_dockerfile.sarif
+ - name: Run Hadolint action for Dockerfile
+ uses: hadolint/hadolint-action@v3
+ with:
+ file: src/Dockerfile
+ id: hadolint
+ - name: Save Hadolint results
+ run: echo '${{ steps.hadolint.outputs.sarif }}' > results_dockerfile.sarif
- name: Install docker-compose-linter
run: |
@@ -63,7 +56,13 @@ jobs:
- name: Convert docker-compose JSON to SARIF
run: |
npm install -g json2sarif
- json2sarif -i ../results_docker-compose.json -o ../results_docker-compose.sarif
+ json2sarif -i results_docker-compose.json -o results_docker-compose.sarif
+
+ - name: Upload coverage report to Codacy
+ run: |
+ bash <(curl -Ls https://coverage.codacy.com/get.sh) report --project-token ${{ secrets.CODACY_PROJECT_TOKEN }} -r tests/coverage/report.xml --partial
+ env:
+ CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
upload-sarif:
name: Upload SARIF results
From 31cf91a123b194a68b74017e15f58a7bbcf22e01 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:23:03 -0400
Subject: [PATCH 25/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index ab96458..06d64cf 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -37,7 +37,7 @@ jobs:
uses: actions/checkout@v4
- name: Run Hadolint action for Dockerfile
- uses: hadolint/hadolint-action@v3
+ uses: hadolint/hadolint-action@v3.1.0
with:
file: src/Dockerfile
id: hadolint
From 5013457873e22df0df45cb6c1d9fa49a1b35039b Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:28:41 -0400
Subject: [PATCH 26/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 06d64cf..e55dccc 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -36,22 +36,28 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
+ - name: Install codacy-analysis-cli from GitHub
+ run: |
+ curl -L https://github.com/codacy/codacy-analysis-cli/archive/master.tar.gz | tar xvz
+ cd codacy-analysis-cli-* && sudo make install
+
- name: Run Hadolint action for Dockerfile
uses: hadolint/hadolint-action@v3.1.0
with:
- file: src/Dockerfile
+ dockerfile: src/Dockerfile
+ format: sarif
id: hadolint
- name: Save Hadolint results
run: echo '${{ steps.hadolint.outputs.sarif }}' > results_dockerfile.sarif
- - name: Install docker-compose-linter
+ - name: Install docker-compose-validator
run: |
- pip install docker-compose-linter
+ pip install docker-compose-validator
- - name: Run docker-compose-linter
+ - name: Run docker-compose-validator
working-directory: src
run: |
- docker-compose-linter -f docker-compose.yml > ../results_docker-compose.json
+ docker-compose-validator docker-compose.yml > ../results_docker-compose.json
- name: Convert docker-compose JSON to SARIF
run: |
From 28acbfc2eb92482ec0429ae97cb34b0bbade21b4 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:34:27 -0400
Subject: [PATCH 27/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index e55dccc..db94507 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -44,7 +44,7 @@ jobs:
- name: Run Hadolint action for Dockerfile
uses: hadolint/hadolint-action@v3.1.0
with:
- dockerfile: src/Dockerfile
+ dockerfile: ../src/Dockerfile
format: sarif
id: hadolint
- name: Save Hadolint results
@@ -55,7 +55,7 @@ jobs:
pip install docker-compose-validator
- name: Run docker-compose-validator
- working-directory: src
+ working-directory: ../src
run: |
docker-compose-validator docker-compose.yml > ../results_docker-compose.json
From 61858123fe7a05bddb023f458a64ce204362bcaf Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:39:34 -0400
Subject: [PATCH 28/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index db94507..74ea46e 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -47,6 +47,7 @@ jobs:
dockerfile: ../src/Dockerfile
format: sarif
id: hadolint
+
- name: Save Hadolint results
run: echo '${{ steps.hadolint.outputs.sarif }}' > results_dockerfile.sarif
@@ -62,13 +63,7 @@ jobs:
- name: Convert docker-compose JSON to SARIF
run: |
npm install -g json2sarif
- json2sarif -i results_docker-compose.json -o results_docker-compose.sarif
-
- - name: Upload coverage report to Codacy
- run: |
- bash <(curl -Ls https://coverage.codacy.com/get.sh) report --project-token ${{ secrets.CODACY_PROJECT_TOKEN }} -r tests/coverage/report.xml --partial
- env:
- CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
+ json2sarif -i ../results_docker-compose.json -o results_docker-compose.sarif
upload-sarif:
name: Upload SARIF results
From 6a2f62f413086c8e9e2ef09a4186ead9be4f3f0c Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:40:42 -0400
Subject: [PATCH 29/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 74ea46e..0a0fd5e 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -44,7 +44,7 @@ jobs:
- name: Run Hadolint action for Dockerfile
uses: hadolint/hadolint-action@v3.1.0
with:
- dockerfile: ../src/Dockerfile
+ dockerfile: src/Dockerfile
format: sarif
id: hadolint
@@ -56,7 +56,7 @@ jobs:
pip install docker-compose-validator
- name: Run docker-compose-validator
- working-directory: ../src
+ working-directory: src
run: |
docker-compose-validator docker-compose.yml > ../results_docker-compose.json
From 81eb4659495296636eae6a85fe52447d495df0cf Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:48:20 -0400
Subject: [PATCH 30/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 32 ++++++++++----------------------
1 file changed, 10 insertions(+), 22 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 0a0fd5e..7749fc7 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -41,29 +41,15 @@ jobs:
curl -L https://github.com/codacy/codacy-analysis-cli/archive/master.tar.gz | tar xvz
cd codacy-analysis-cli-* && sudo make install
- - name: Run Hadolint action for Dockerfile
- uses: hadolint/hadolint-action@v3.1.0
- with:
- dockerfile: src/Dockerfile
- format: sarif
- id: hadolint
-
- - name: Save Hadolint results
- run: echo '${{ steps.hadolint.outputs.sarif }}' > results_dockerfile.sarif
-
- - name: Install docker-compose-validator
- run: |
- pip install docker-compose-validator
-
- - name: Run docker-compose-validator
- working-directory: src
+ # Example: Run Codacy Analysis CLI for Dockerfile linting
+ - name: Run Codacy Analysis for Dockerfile
run: |
- docker-compose-validator docker-compose.yml > ../results_docker-compose.json
+ codacy-analysis-cli analyze --tool hadolint --format sarif --output results_dockerfile.sarif src/Dockerfile
- - name: Convert docker-compose JSON to SARIF
+ # Example: Run Codacy Analysis CLI for general code analysis (replace with your actual commands)
+ - name: Run Codacy Analysis for codebase
run: |
- npm install -g json2sarif
- json2sarif -i ../results_docker-compose.json -o results_docker-compose.sarif
+ codacy-analysis-cli analyze --tool --format sarif --output results_codebase.sarif
upload-sarif:
name: Upload SARIF results
@@ -73,12 +59,14 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
+ # Example: Upload Dockerfile SARIF results to GitHub
- name: Upload Dockerfile SARIF results to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results_dockerfile.sarif
- - name: Upload docker-compose SARIF results to GitHub
+ # Example: Upload codebase SARIF results to GitHub
+ - name: Upload codebase SARIF results to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
- sarif_file: results_docker-compose.sarif
+ sarif_file: results_codebase.sarif
From 27f9d321440d4bac463e6b429e8b2871d08794ee Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 05:57:47 -0400
Subject: [PATCH 31/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 7749fc7..658761b 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -38,13 +38,14 @@ jobs:
- name: Install codacy-analysis-cli from GitHub
run: |
+ sudo apt-get install make
curl -L https://github.com/codacy/codacy-analysis-cli/archive/master.tar.gz | tar xvz
- cd codacy-analysis-cli-* && sudo make install
+ cd codacy-analysis-cli-*
+ sudo make install
- # Example: Run Codacy Analysis CLI for Dockerfile linting
- - name: Run Codacy Analysis for Dockerfile
+ - name: Analyze Dockerfile with codacy-analysis-cli
run: |
- codacy-analysis-cli analyze --tool hadolint --format sarif --output results_dockerfile.sarif src/Dockerfile
+ codacy-analysis-cli analyze --tool dockerfile --format sarif --output results_dockerfile.sarif src/Dockerfile
# Example: Run Codacy Analysis CLI for general code analysis (replace with your actual commands)
- name: Run Codacy Analysis for codebase
From 70c7e6b1bc308dfa88a04ab3c3e83b89610b808c Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 06:03:08 -0400
Subject: [PATCH 32/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 658761b..fb79fd8 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -36,22 +36,20 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- - name: Install codacy-analysis-cli from GitHub
+ - name: Install codacy-analysis-cli
run: |
sudo apt-get install make
curl -L https://github.com/codacy/codacy-analysis-cli/archive/master.tar.gz | tar xvz
cd codacy-analysis-cli-*
sudo make install
+ - name: Set Docker host
+ run: echo "export DOCKER_HOST=tcp://0.0.0.0:2375" >> $HOME/.bashrc && source $HOME/.bashrc
+
- name: Analyze Dockerfile with codacy-analysis-cli
run: |
codacy-analysis-cli analyze --tool dockerfile --format sarif --output results_dockerfile.sarif src/Dockerfile
- # Example: Run Codacy Analysis CLI for general code analysis (replace with your actual commands)
- - name: Run Codacy Analysis for codebase
- run: |
- codacy-analysis-cli analyze --tool --format sarif --output results_codebase.sarif
-
upload-sarif:
name: Upload SARIF results
runs-on: ubuntu-latest
From 1c3118e0a27576db3e2885bfc58e605978b3a409 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 17:32:29 -0400
Subject: [PATCH 33/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index fb79fd8..d22a981 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -36,19 +36,9 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- - name: Install codacy-analysis-cli
- run: |
- sudo apt-get install make
- curl -L https://github.com/codacy/codacy-analysis-cli/archive/master.tar.gz | tar xvz
- cd codacy-analysis-cli-*
- sudo make install
-
- - name: Set Docker host
- run: echo "export DOCKER_HOST=tcp://0.0.0.0:2375" >> $HOME/.bashrc && source $HOME/.bashrc
-
- name: Analyze Dockerfile with codacy-analysis-cli
run: |
- codacy-analysis-cli analyze --tool dockerfile --format sarif --output results_dockerfile.sarif src/Dockerfile
+ docker run --rm -v ${{ github.workspace }}:/src codacy/codacy-analysis-cli:stable analyze --directory /src --format sarif --output /src/results_dockerfile.sarif
upload-sarif:
name: Upload SARIF results
From 0bf20cdd97b4a5c60e44b84a8c182dc9d3d53f17 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 17:40:15 -0400
Subject: [PATCH 34/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index d22a981..de2375f 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -39,6 +39,9 @@ jobs:
- name: Analyze Dockerfile with codacy-analysis-cli
run: |
docker run --rm -v ${{ github.workspace }}:/src codacy/codacy-analysis-cli:stable analyze --directory /src --format sarif --output /src/results_dockerfile.sarif
+ - name: List files for debugging
+ run: |
+ ls -al ${{ github.workspace }}
upload-sarif:
name: Upload SARIF results
@@ -48,14 +51,12 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- # Example: Upload Dockerfile SARIF results to GitHub
+ - name: List files for debugging
+ run: |
+ ls -al ${{ github.workspace }}
+
+ # Upload Dockerfile SARIF results to GitHub
- name: Upload Dockerfile SARIF results to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
- sarif_file: results_dockerfile.sarif
-
- # Example: Upload codebase SARIF results to GitHub
- - name: Upload codebase SARIF results to GitHub
- uses: github/codeql-action/upload-sarif@v3
- with:
- sarif_file: results_codebase.sarif
+ sarif_file: ${{ github.workspace }}/results_dockerfile.sarif
From 3ae2101bf8d67bb952f65ac12358a9c8a711d411 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 18:00:21 -0400
Subject: [PATCH 35/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index de2375f..6b078dc 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -36,12 +36,15 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
+ - name: Create coverage directory
+ run: mkdir -p ${{ github.workspace }}/tests/coverage
+
- name: Analyze Dockerfile with codacy-analysis-cli
run: |
- docker run --rm -v ${{ github.workspace }}:/src codacy/codacy-analysis-cli:stable analyze --directory /src --format sarif --output /src/results_dockerfile.sarif
- - name: List files for debugging
- run: |
- ls -al ${{ github.workspace }}
+ docker run --rm -v ${{ github.workspace }}:/workspace codacy/codacy-analysis-cli:stable analyze --directory /workspace/src --format sarif --output /workspace/tests/coverage/results_dockerfile.sarif
+
+ - name: List files in coverage directory
+ run: ls -al ${{ github.workspace }}/tests/coverage
upload-sarif:
name: Upload SARIF results
@@ -51,12 +54,17 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- - name: List files for debugging
- run: |
- ls -al ${{ github.workspace }}
-
- # Upload Dockerfile SARIF results to GitHub
+ - name: List files in coverage directory
+ run: ls -al ${{ github.workspace }}/tests/coverage
+
+ # Example: Upload Dockerfile SARIF results to GitHub
- name: Upload Dockerfile SARIF results to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
- sarif_file: ${{ github.workspace }}/results_dockerfile.sarif
+ sarif_file: ${{ github.workspace }}/tests/coverage/results_dockerfile.sarif
+
+ # Example: Upload codebase SARIF results to GitHub
+ - name: Upload codebase SARIF results to GitHub
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: ${{ github.workspace }}/tests/coverage/results_codebase.sarif
From 575f3e2b328a4177ef045b70b38ed9e080fbf65a Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 18:04:41 -0400
Subject: [PATCH 36/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 6b078dc..ba62dfe 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -54,16 +54,20 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
+ - name: Create coverage directory (ensure it exists)
+ run: mkdir -p ${{ github.workspace }}/tests/coverage
+
+ # List files in coverage directory (debugging step)
- name: List files in coverage directory
run: ls -al ${{ github.workspace }}/tests/coverage
- # Example: Upload Dockerfile SARIF results to GitHub
+ # Upload Dockerfile SARIF results to GitHub
- name: Upload Dockerfile SARIF results to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ github.workspace }}/tests/coverage/results_dockerfile.sarif
- # Example: Upload codebase SARIF results to GitHub
+ # Upload codebase SARIF results to GitHub
- name: Upload codebase SARIF results to GitHub
uses: github/codeql-action/upload-sarif@v3
with:
From de2fb9b2a2dbf58169ab8da0e776d46ef1568737 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 18:17:14 -0400
Subject: [PATCH 37/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 26 ++++++++++++++++++++------
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index ba62dfe..2a456db 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -36,15 +36,25 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- - name: Create coverage directory
+ - name: Install Codacy Analysis CLI
+ run: |
+ sudo apt-get update && sudo apt-get install -y make
+ curl -L https://github.com/codacy/codacy-analysis-cli/releases/download/3.0.0/codacy-analysis-cli-3.0.0-linux-x86_64.tar.gz | tar xvz
+ sudo mv codacy-analysis-cli-3.0.0/bin/codacy-analysis-cli /usr/local/bin/
+ codacy-analysis-cli --version # Verify installation
+
+ - name: Create coverage directory (ensure it exists)
run: mkdir -p ${{ github.workspace }}/tests/coverage
- - name: Analyze Dockerfile with codacy-analysis-cli
+ - name: Run tests and generate coverage reports
run: |
docker run --rm -v ${{ github.workspace }}:/workspace codacy/codacy-analysis-cli:stable analyze --directory /workspace/src --format sarif --output /workspace/tests/coverage/results_dockerfile.sarif
- - name: List files in coverage directory
- run: ls -al ${{ github.workspace }}/tests/coverage
+ - name: Upload coverage reports to Codacy
+ env:
+ CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
+ run: |
+ codacy-coverage-reporter report -l -r ${{ github.workspace }}/tests/coverage/results_dockerfile.sarif
upload-sarif:
name: Upload SARIF results
@@ -57,10 +67,14 @@ jobs:
- name: Create coverage directory (ensure it exists)
run: mkdir -p ${{ github.workspace }}/tests/coverage
- # List files in coverage directory (debugging step)
- - name: List files in coverage directory
+ - name: List files in coverage directory (debugging step)
run: ls -al ${{ github.workspace }}/tests/coverage
+ - name: Wait for SARIF file to be created
+ run: |
+ echo "Waiting for SARIF file to be created..."
+ sleep 10
+
# Upload Dockerfile SARIF results to GitHub
- name: Upload Dockerfile SARIF results to GitHub
uses: github/codeql-action/upload-sarif@v3
From 4df2a7797a523b4330f117e2956428c6b44081eb Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Mon, 24 Jun 2024 18:19:30 -0400
Subject: [PATCH 38/39] Update codacy.yml
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
.github/workflows/codacy.yml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 2a456db..2851b15 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -38,8 +38,9 @@ jobs:
- name: Install Codacy Analysis CLI
run: |
- sudo apt-get update && sudo apt-get install -y make
- curl -L https://github.com/codacy/codacy-analysis-cli/releases/download/3.0.0/codacy-analysis-cli-3.0.0-linux-x86_64.tar.gz | tar xvz
+ sudo apt-get update && sudo apt-get install -y curl make
+ curl -L https://github.com/codacy/codacy-analysis-cli/releases/download/3.0.0/codacy-analysis-cli-3.0.0-linux-x86_64.tar.gz --output codacy-analysis-cli.tar.gz
+ tar xvzf codacy-analysis-cli.tar.gz
sudo mv codacy-analysis-cli-3.0.0/bin/codacy-analysis-cli /usr/local/bin/
codacy-analysis-cli --version # Verify installation
From 899ad08f8179511d603951ac649d890df52df046 Mon Sep 17 00:00:00 2001
From: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
Date: Thu, 27 Jun 2024 18:02:06 -0400
Subject: [PATCH 39/39] Update Dockerfile
Signed-off-by: ArchBlood <35392110+ArchBlood@users.noreply.github.com>
---
src/Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Dockerfile b/src/Dockerfile
index b69ba0f..2018c4b 100644
--- a/src/Dockerfile
+++ b/src/Dockerfile
@@ -19,7 +19,7 @@ RUN apt-get update && \
pecl install apcu && \
docker-php-ext-enable apcu && \
docker-php-ext-configure gd --with-freetype --with-jpeg && \
- docker-php-ext-install -j$(nproc) gd mysqli pdo pdo_mysql zip intl ldap pgsql pdo_pgsql && \
+ docker-php-ext-install -j$(nproc) gd mysqli pdo pdo_mysql zip intl ldap pgsql pdo_pgsql mbstring && \
a2enmod rewrite && \
a2enmod deflate && \
apt-get clean && rm -rf /var/lib/apt/lists/*