Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/github_actions/security-actions/s…
Browse files Browse the repository at this point in the history
…can-docker-image/anchore/scan-action-3.3.6
  • Loading branch information
saisatishkarra authored Sep 18, 2023
2 parents 69f9257 + 32dac54 commit 08a7a8f
Show file tree
Hide file tree
Showing 28 changed files with 745 additions and 451 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build-sdk-js.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
path: ${{github.workspace}}/sdk
- uses: ./code-build-actions/build-js-sdk
with:
dry-run: true
dry-run: 'true'
app_directory: ${{ github.workspace }}
sdk_output_directory: ${{github.workspace}}/sdk
token: ${{secrets.GITHUB_TOKEN}}
28 changes: 28 additions & 0 deletions .github/workflows/lua-lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: Luacheck Test

on:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- '*'
workflow_dispatch: {}

jobs:
test-lua-lint:
env:
TEST_REPOSITORY: "${{github.repository_owner}}/atc-router"
runs-on: ubuntu-latest
name: Luacheck code analysis
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v3
with:
repository: ${{env.TEST_REPOSITORY}}
path: ${{env.TEST_REPOSITORY}}
- uses: ./code-check-actions/lua-lint
with:
additional_args: '--no-default-config --config ${{env.TEST_REPOSITORY}}/.luacheckrc ${{env.TEST_REPOSITORY}}'
28 changes: 0 additions & 28 deletions .github/workflows/luacheck.yml

This file was deleted.

37 changes: 37 additions & 0 deletions .github/workflows/rust-lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Rust Lint Test

on:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- '*'
workflow_dispatch: {}

jobs:
test-rust-lint:
permissions:
# required for all workflows
security-events: write
checks: write
pull-requests: write
# only required for workflows in private repositories
actions: read
contents: read
env:
TEST_REPOSITORY: "${{github.repository_owner}}/atc-router"
runs-on: ubuntu-latest
name: Rust Code Linting checks
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v3
with:
repository: ${{env.TEST_REPOSITORY}}
path: ${{env.TEST_REPOSITORY}}
- uses: ./code-check-actions/rust-lint
with:
token: ${{secrets.GITHUB_TOKEN}}
manifest_dir: ${{ github.workspace }}/${{env.TEST_REPOSITORY}}
38 changes: 38 additions & 0 deletions .github/workflows/rust-sca.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Rust SCA Test

on:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- '*'
workflow_dispatch: {}

jobs:
test-rust-sca:
permissions:
# required for all workflows
security-events: write
checks: write
pull-requests: write
# only required for workflows in private repositories
actions: read
contents: read
env:
TEST_REPOSITORY: "${{github.repository_owner}}/atc-router"
runs-on: ubuntu-latest
name: Rust code analysis and SCA checks
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v3
with:
repository: ${{env.TEST_REPOSITORY}}
path: ${{env.TEST_REPOSITORY}}
- uses: ./security-actions/scan-rust
with:
asset_prefix: ${{env.TEST_REPOSITORY}}
dir: ${{ github.workspace }}/${{env.TEST_REPOSITORY}}
codeql_upload: false
34 changes: 0 additions & 34 deletions .github/workflows/rustcheck.yml

This file was deleted.

38 changes: 38 additions & 0 deletions .github/workflows/semgrep.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Semgrep

on:
pull_request: {}
push:
branches:
- master
- main
workflow_dispatch: {}


jobs:
semgrep:
name: SAST
runs-on: ubuntu-20.04
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
env:
TEST_REPOSITORY: "${{github.repository_owner}}/atc-router"
if: (github.actor != 'dependabot[bot]')

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v3
with:
repository: ${{env.TEST_REPOSITORY}}
token: ${{secrets.GITHUB_TOKEN}}
path: ${{env.TEST_REPOSITORY}}
- uses: ./security-actions/semgrep
with:
additional_config: '--config p/rust'
codeql_upload: false
fail_on_findings: false

4 changes: 3 additions & 1 deletion CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
* @Kong/team-shared-actions-reviewers

security-actions/ @Kong/team-security-engineering
security-actions/ @Kong/team-security-engineering
pr-previews/ @adamdehaven @ValeryG @Drew-Kimberly
code-check-actions/ @Kong/team-security-engineering
14 changes: 14 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,16 @@
# public-shared-actions
Shared actions available to both public and private repositories

## Usage

```yaml
- uses: Kong/public-shared-actions/<action-name>@<tag>
```
For example:
```yaml
- uses: Kong/public-shared-actions/code-build-actions/[email protected]
```
2 changes: 1 addition & 1 deletion code-build-actions/build-js-sdk/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Build JS SDK
uses: Kong/public-shared-actions/build-js-sdk@main
uses: Kong/public-shared-actions/code-build-actions/build-js-sdk

```

Expand Down
12 changes: 2 additions & 10 deletions code-build-actions/build-js-sdk/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ inputs:
dry-run:
description: 'If true, the action will not push the changes to the PR'
required: false
default: false
default: 'false'
token:
description: 'A Github Token'
required: true
Expand Down Expand Up @@ -50,17 +50,9 @@ runs:
shell: bash
working-directory: ${{inputs.sdk_output_directory}}
run: |
openapi-generator-cli generate --generator-key client
openapi-generator-cli generate --generator-key client -o src
- name: "Clean up generator files"
shell: bash
working-directory: ${{inputs.sdk_output_directory}}/src
run: |
rm -rf openapitools.json templates-js .openapi-generator-ignore .openapi-generator git_push.sh
- name: Commit SDK changes to the PR
uses: EndBug/add-and-commit@v9
if: ${{ !inputs.dry-run }}
with:
cwd: ${{inputs.sdk_output_directory}}
add: src
default_author: github_actions
message: Update SDK based on openapi.yaml changes
71 changes: 71 additions & 0 deletions code-check-actions/lua-lint/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
# Lua Check - Github Action

Luacheck is a static analyzer for Lua. The options for static analysis configuration can be used on the command line, put into a config file or directly into checked files as Lua comments.

This action analyzes all changed lua files using [lunarmodules/luacheck](https://github.com/lunarmodules/luacheck).

This action looks for any `cli` arguments and a deafult `.luacheckrc` config to derive the final configuaration as mentioned in [docs](https://luacheck.readthedocs.io/en/stable/cli.html#command-line-options)

## Inputs

```yaml
additional_args:
description: 'Arguments to luacheck'
required: 'false'
default: '.' # Default: Run luacheck on workspace dir
```
## Outputs
- Depending on the event, refer [publishing](https://github.com/EnricoMi/publish-unit-test-result-action#publishing-test-results)
## Action Output
- Always exit with 0 even when there are warnings / errors and be non-blocking
- The failure mode of build is not configurable based on shared action outcome
## Example usage
```yaml
name: Lua Code Quality

on:
pull_request: {}
workflow_dispatch: {}
push:
branches:
- main

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
lua:
name: Lua Lint
runs-on: ubuntu-20.04
permissions:
contents: read
issues: read
checks: write
pull-requests: write
if: (github.actor != 'dependabot[bot]')

steps:
- name: Checkout source code
uses: actions/checkout@v3

# Optional step to run on only changed files
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v36
with:
files: |
**.lua
- name: Lua Check
if: steps.changed-files.outputs.any_changed == 'true'
uses: Kong/public-shared-actions/code-check-actions/luacheck@main
with:
additional_args: '--no-default-config --config .luacheckrc'
files: ${{ steps.changed-files.outputs.all_changed_files }}
```
Loading

0 comments on commit 08a7a8f

Please sign in to comment.