From 4b93ad1a7ed26976b71b65ed2d148fa0e3725561 Mon Sep 17 00:00:00 2001 From: Theomegas1 <68930103+Apostles1@users.noreply.github.com> Date: Wed, 23 Aug 2023 06:19:18 -0400 Subject: [PATCH 1/6] Create ruby.yml --- .github/workflows/ruby.yml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/ruby.yml diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml new file mode 100644 index 0000000..ba8e2f7 --- /dev/null +++ b/.github/workflows/ruby.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake +# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby + +name: Ruby + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +permissions: + contents: read + +jobs: + test: + + runs-on: ubuntu-latest + strategy: + matrix: + ruby-version: ['2.6', '2.7', '3.0'] + + steps: + - uses: actions/checkout@v3 + - name: Set up Ruby + # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby, + # change this to (see https://github.com/ruby/setup-ruby#versioning): + # uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 + with: + ruby-version: ${{ matrix.ruby-version }} + bundler-cache: true # runs 'bundle install' and caches installed gems automatically + - name: Run tests + run: bundle exec rake From 4809017b87656619ea8b521dc46d5112358a11a0 Mon Sep 17 00:00:00 2001 From: Theomegas1 <68930103+Apostles1@users.noreply.github.com> Date: Sat, 2 Sep 2023 17:53:38 -0400 Subject: [PATCH 2/6] Create codeql.yml the program setup to organize job output Signed-off-by: Theomegas1 <68930103+Apostles1@users.noreply.github.com> --- .github/workflows/codeql.yml | 113 +++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..1cd6af4 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,113 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above- name: Execute Job + # You may pin to the exact commit or the version. + # uses: parasoft/execute-job-action@1899d360584e281e027c537d2df0f75a1115776e + uses: parasoft/execute-job-action@1.0.7 + with: + # CTP URL + ctpUrl: + # CTP Username + ctpUsername: + # CTP Password + ctpPassword: + # CTP Test Execution Job Name + ctpJob: + # Abort the job after timeout exceeded + abortOnTimeout: # optional + # Timeout value in minutes + timeoutInMinutes: # optional + # Publish test execution results to DTP + publishReport: # optional + # DTP URL + dtpUrl: # optional + # DTP Username + dtpUsername: # optional + # DTP Password + dtpPassword: # optional + # DTP Project Name + dtpProject: # optional + # Build ID to send to DTP + buildId: # optional + # Session Tag to send to DTP + sessionTag: # optional + # Append the test variable set environment name to the session tag + appendEnvironment: # optional branches: [ "main" ] + schedule: + - cron: '21 9 * * 0' + +jobs: + analyze: + name: Analyze + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners + # Consider using larger runners for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'javascript', 'ruby' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] + # Use only 'java' to analyze code written in Java, Kotlin or both + # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" From c12b22499946e05f1af09f0ce3d8a1a5ebe5b390 Mon Sep 17 00:00:00 2001 From: Theomegas1 <68930103+Apostles1@users.noreply.github.com> Date: Tue, 26 Sep 2023 19:34:17 -0400 Subject: [PATCH 3/6] Create manual.yml for no contrast build Signed-off-by: Theomegas1 <68930103+Apostles1@users.noreply.github.com> --- .github/workflows/manual.yml | 50 ++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/manual.yml diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml new file mode 100644 index 0000000..eba5664 --- /dev/null +++ b/.github/workflows/manual.yml @@ -0,0 +1,50 @@ +# This is a basic workflow that is manually triggered + +name: Manual workflow + +# Controls when the action will run. Workflow runs when manually triggered using the UI +# or API. +on: + workflow_dispatch: + # Inputs the workflow accepts. + inputs: + name: + # Friendly description to be shown in the UI instead of 'name' + description: 'Person to greet' + # Default value if no value is explicitly provided + default: 'World' + # Input has to be provided for the workflow to run + required: true + # The data type of the input + type: string + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "greet" + greet: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Runs a single command using the runners shell + - name: Send greeting + run: echo "Hello ${{ inputs.name }}"- name: Setup .NET Core SDK + uses: actions/setup-dotnet@v3.2.0 + with: + # Optional SDK version(s) to use. If not provided, will install global.json version when available. Examples: 2.2.104, 3.1, 3.1.x, 3.x, 6.0.2xx + dotnet-version: # optional + # Optional quality of the build. The possible values are: daily, signed, validated, preview, ga. + dotnet-quality: # optional + # Optional global.json location, if your global.json isn't located in the root of the repo. + global-json-file: # optional + # Optional package source for which to set up authentication. Will consult any existing NuGet.config in the root of the repo and provide a temporary NuGet.config using the NUGET_AUTH_TOKEN environment variable as a ClearTextPassword + source-url: # optional + # Optional OWNER for using packages from GitHub Package Registry organizations/users other than the current repository's owner. Only used if a GPR URL is also provided in source-url + owner: # optional + # Optional NuGet.config location, if your NuGet.config isn't located in the root of the repo. + config-file: # optional + # Optional input to enable caching of the NuGet global-packages folder + cache: # optional + # Used to specify the path to a dependency file: packages.lock.json. Supports wildcards or a list of file names for caching multiple dependencies. + cache-dependency-path: # optional From 280df59adc639519dc0d52a500abe65f1584df3b Mon Sep 17 00:00:00 2001 From: Theomegas1 <68930103+Apostles1@users.noreply.github.com> Date: Tue, 26 Sep 2023 19:51:51 -0400 Subject: [PATCH 4/6] Update manual.yml setup to ready Signed-off-by: Theomegas1 <68930103+Apostles1@users.noreply.github.com> --- .github/workflows/manual.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml index eba5664..9c44a20 100644 --- a/.github/workflows/manual.yml +++ b/.github/workflows/manual.yml @@ -48,3 +48,33 @@ jobs: cache: # optional # Used to specify the path to a dependency file: packages.lock.json. Supports wildcards or a list of file names for caching multiple dependencies. cache-dependency-path: # optional +name: learn-github-actions +run-name: ${{ github.actor }} is learning GitHub Actions +on: [push] +jobs: + check-bats-version: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v3 + with: + node-version: '14' + - run: npm install -g bats + - run: bats -v +- name: Cache + uses: actions/cache@v3.3.2 + with: + # A list of files, directories, and wildcard patterns to cache and restore + path: + # An explicit key for restoring and saving the cache + key: + # An ordered list of keys to use for restoring stale cache if no cache hit occurred for key. Note `cache-hit` returns false in this case. + restore-keys: # optional + # The chunk size used to split up large files during upload, in bytes + upload-chunk-size: # optional + # An optional boolean when enabled, allows windows runners to save or restore caches that can be restored or saved respectively on other platforms + enableCrossOsArchive: # optional, default is false + # Fail the workflow if cache entry is not found + fail-on-cache-miss: # optional, default is false + # Check if a cache entry exists for the given input(s) (key, restore-keys) without downloading the cache + lookup-only: # optional, default is false From c3624364b94ddccc98562ea3007dcd0494dac290 Mon Sep 17 00:00:00 2001 From: Theomegas1 <68930103+Apostles1@users.noreply.github.com> Date: Wed, 27 Sep 2023 19:25:40 -0400 Subject: [PATCH 5/6] Create npm-publish-github-packages.yml github workflow Signed-off-by: Theomegas1 <68930103+Apostles1@users.noreply.github.com> --- .../workflows/npm-publish-github-packages.yml | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/workflows/npm-publish-github-packages.yml diff --git a/.github/workflows/npm-publish-github-packages.yml b/.github/workflows/npm-publish-github-packages.yml new file mode 100644 index 0000000..e610bcd --- /dev/null +++ b/.github/workflows/npm-publish-github-packages.yml @@ -0,0 +1,59 @@ +# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created +# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages + +name: Node.js Package + +on: + release: + types: [created] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 16 + - run: npm ci + - run: npm test + + publish-gpr: + needs: build + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: 16 + registry-url: https://npm.pkg.github.com/ + - run: npm ci + - run: npm publish + env: + NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} +- name: Setup Node.js environment + uses: actions/setup-node@v3.8.1 + with: + # Set always-auth in npmrc. + always-auth: # optional, default is false + # Version Spec of the version to use. Examples: 12.x, 10.15.1, >=10.15.0. + node-version: # optional + # File containing the version Spec of the version to use. Examples: .nvmrc, .node-version, .tool-versions. + node-version-file: # optional + # Target architecture for Node to use. Examples: x86, x64. Will use system architecture by default. + architecture: # optional + # Set this option if you want the action to check for the latest available version that satisfies the version spec. + check-latest: # optional + # Optional registry to set up for auth. Will set the registry in a project level .npmrc and .yarnrc file, and set up auth to read in from env.NODE_AUTH_TOKEN. + registry-url: # optional + # Optional scope for authenticating against scoped registries. Will fall back to the repository owner when using the GitHub Packages registry (https://npm.pkg.github.com/). + scope: # optional + # Used to pull node distributions from node-versions. Since there's a default, this is typically not supplied by the user. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting. + token: # optional, default is ${{ github.server_url == 'https://github.com' && github.token || '' }} + # Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm. + cache: # optional + # Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. Supports wildcards or a list of file names for caching multiple dependencies. + cache-dependency-path: # optional From 270929880edcbc79dfb0f0d7b00ead16ea2afac2 Mon Sep 17 00:00:00 2001 From: Theomegas1 <68930103+Apostles1@users.noreply.github.com> Date: Fri, 8 Nov 2024 14:11:44 -0500 Subject: [PATCH 6/6] Create rubyonrails.yml azure reasource manager Signed-off-by: Theomegas1 <68930103+Apostles1@users.noreply.github.com> --- .github/workflows/rubyonrails.yml | 79 +++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 .github/workflows/rubyonrails.yml diff --git a/.github/workflows/rubyonrails.yml b/.github/workflows/rubyonrails.yml new file mode 100644 index 0000000..7534400 --- /dev/null +++ b/.github/workflows/rubyonrails.yml @@ -0,0 +1,79 @@ + - name: Azure Resource Manager (ARM) Template Deployment + # You may pin to the exact commit or the version. + # uses: whiteducksoftware/azure-arm-action@9bae2e95df87dbd4acae11deb0765be7256fd141 + uses: whiteducksoftware/azure-arm-action@v3.3 + with: + # Paste output of `az ad sp create-for-rbac -o json` as value of secret variable: AZURE_CREDENTIALS + creds: + # Provide the name of a resource group. + resourceGroupName: + # Specify the path to the Azure Resource Manager template. + templateLocation: + # Specifies the name of the resource group deployment to create. + deploymentName: + # Incremental (only add resources to resource group) or Complete (remove extra resources from resource group). + deploymentMode: # optional, default is Incremental + # Specify either path to the Azure Resource Manager parameters file or pass them as 'key1=value1;key2=value2;...'. + parameters: # optional + # Specify either path to the Azure Resource Manager override parameters file or pass them as 'key1=value1;key2=value2;...'. + overrideParameters: # optional + # This workflow uses actions that are not certified by GitHub. They are +# provided by a third-party and are governed by separate terms of service, +# privacy policy, and support documentation. +# +# This workflow will install a prebuilt Ruby version, install dependencies, and +# run tests and linters. +name: "Ruby on Rails CI" +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] +jobs: + test: + runs-on: ubuntu-latest + services: + postgres: + image: postgres:11-alpine + ports: + - "5432:5432" + env: + POSTGRES_DB: rails_test + POSTGRES_USER: rails + POSTGRES_PASSWORD: password + env: + RAILS_ENV: test + DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test" + steps: + - name: Checkout code + uses: actions/checkout@v4 + # Add or replace dependency steps here + - name: Install Ruby and gems + uses: ruby/setup-ruby@78c01b705fd9d5ad960d432d3a0cfa341d50e410 # v1.179.1 + with: + bundler-cache: true + # Add or replace database setup steps here + - name: Set up database schema + run: bin/rails db:schema:load + # Add or replace test runners here + - name: Run tests + run: bin/rake + + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Ruby and gems + uses: ruby/setup-ruby@78c01b705fd9d5ad960d432d3a0cfa341d50e410 # v1.179.1 + with: + bundler-cache: true + - name: Generate binstubs + run: bundle binstubs bundler-audit brakeman rubocop + # Add or replace any other lints here + - name: Security audit dependencies + run: bin/bundler-audit --update + - name: Security audit application code + run: bin/brakeman -q -w2 + - name: Lint Ruby files + run: bin/rubocop --parallel