From b7b9bd7c6c34498e5ba2bdc5ae82c757b727fc89 Mon Sep 17 00:00:00 2001 From: Metaverse Multiverse <148008296+metaversemultiverse@users.noreply.github.com> Date: Sat, 10 Feb 2024 17:15:00 -0800 Subject: [PATCH 1/5] Create jekyll-gh-pages.yml --- .github/workflows/jekyll-gh-pages.yml | 104 ++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 .github/workflows/jekyll-gh-pages.yml diff --git a/.github/workflows/jekyll-gh-pages.yml b/.github/workflows/jekyll-gh-pages.yml new file mode 100644 index 00000000000000..341570c0095745 --- /dev/null +++ b/.github/workflows/jekyll-gh-pages.yml @@ -0,0 +1,104 @@ +name: Deploy Jekyll to GitHub Pages + +on: + push: + branches: [main] + pull_request: + workflow_dispatch: + +jobs: + + # Lint, test and build + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Cache dependencies + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + + - name: Install dependencies + run: npm install + + - name: Lint code + run: npm run lint + + - name: Unit tests + run: npm test + + - name: Build site + run: npm run build + + - name: Archive production artifacts + uses: actions/upload-artifact@v3 + with: + name: Production artifacts + path: public + + - name: Notify on failure + if: failure() + uses: actions/slack@v3 + with: + status: ${{ job.status }} + + # Security checks + security: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Install dependencies + run: npm install + + - name: Vulnerability scanning + uses: actions/scan-for-secrets@v3 + + - name: Bandit security checks + uses: actions/bandit@v2 + with: + bandit-args: public/ + + - name: Notify on failure + if: failure() + uses: actions/slack@v3 + with: + status: ${{ job.status }} + + # Deploy to GitHub Pages + deploy: + needs: [build, security] + runs-on: ubuntu-latest + + steps: + - name: Download build artifacts + uses: actions/download-artifact@v3 + with: + name: Production artifacts + path: public + + - name: Tag release + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git tag -a ${{ github.sh -m "Deploying ${{ github.sha }}" + + - name: Deploy to GitHub Pages + uses: peaceiris/actions-gh-pages@v3 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./public + + - name: Notify on deployment + if: success() + uses: actions/slack@v3 + with: + status: Deployed ${{ github.sha }} to GitHub Pages From 8096f63ad1401b9dfe96ccfb37484727c92ea8e4 Mon Sep 17 00:00:00 2001 From: Metaverse Multiverse <148008296+metaversemultiverse@users.noreply.github.com> Date: Sat, 10 Feb 2024 18:05:49 -0800 Subject: [PATCH 2/5] Create codeql.yml --- .github/workflows/codeql.yml | 78 ++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000000000..19f95a2a71380b --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,78 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + schedule: + - cron: '33 21 * * 6' + +jobs: + analyze: + name: Analyze + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners + # Consider using larger runners for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: write-all + + strategy: + fail-fast: false + matrix: + language: [ 'c-cpp', 'go', 'javascript-typescript', 'python' ] + # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ] + # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From ded9fecd64d1989729347f4c834009d2adf88523 Mon Sep 17 00:00:00 2001 From: Metaverse Multiverse <148008296+metaversemultiverse@users.noreply.github.com> Date: Sat, 10 Feb 2024 18:11:21 -0800 Subject: [PATCH 3/5] Update codeql.yml --- .github/workflows/codeql.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 19f95a2a71380b..48313cfd6d39af 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,7 +34,7 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'c-cpp', 'go', 'javascript-typescript', 'python' ] + language: [ 'c-cpp', 'go', 'javascript-typescript', 'python', 'csharp', 'ruby', 'swift' ] # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ] # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both @@ -68,9 +68,9 @@ jobs: # If the Autobuild fails above, remove it and uncomment the following three lines. # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh + - run: | + echo "Run, Build Application using script" + ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 From 8eaaff15b2e691998cf9a516cd6f592fce712e66 Mon Sep 17 00:00:00 2001 From: Metaverse Multiverse <148008296+metaversemultiverse@users.noreply.github.com> Date: Sat, 10 Feb 2024 18:20:54 -0800 Subject: [PATCH 4/5] Update coverity.yml --- .github/workflows/coverity.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index e5532d381bcb15..5b1991e5e506a2 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -18,9 +18,11 @@ name: Coverity # # By default, the builds are submitted to the Coverity project `git`. To override this, # set the repository variable `COVERITY_PROJECT`. - + on: push: + pull_request: + branches: ["*"] defaults: run: From 3bfb2035e4ef94911c8cb6de30e2c49903234cb5 Mon Sep 17 00:00:00 2001 From: Metaverse Multiverse <148008296+metaversemultiverse@users.noreply.github.com> Date: Sun, 3 Mar 2024 00:38:27 -0800 Subject: [PATCH 5/5] Update codeql.yml Signed-off-by: Metaverse Multiverse <148008296+metaversemultiverse@users.noreply.github.com> --- .github/workflows/codeql.yml | 50 +++++++++++++----------------------- 1 file changed, 18 insertions(+), 32 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 48313cfd6d39af..89216c988305cf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,13 +1,7 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# +# For most projects, this workflow file will remain unchanged; it's designed to be plug-and-play. # ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. +# We've tried to identify the languages in your repository. Please verify +# the `language` matrix below to ensure it includes all supported CodeQL languages for your project. # name: "CodeQL" @@ -22,11 +16,11 @@ on: jobs: analyze: name: Analyze - # Runner size impacts CodeQL analysis time. To learn more, please see: + # The size of the runner affects the CodeQL analysis duration. For more information, visit: # - https://gh.io/recommended-hardware-resources-for-running-codeql # - https://gh.io/supported-runners-and-hardware-resources # - https://gh.io/using-larger-runners - # Consider using larger runners for possible analysis time improvements. + # Opting for larger runners may reduce analysis time. runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} permissions: write-all @@ -35,41 +29,33 @@ jobs: fail-fast: false matrix: language: [ 'c-cpp', 'go', 'javascript-typescript', 'python', 'csharp', 'ruby', 'swift' ] - # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ] - # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + # Supported CodeQL languages include [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ] + # Use 'java-kotlin' for Java, Kotlin, or both + # Use 'javascript-typescript' for JavaScript, TypeScript, or both + # Discover more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository uses: actions/checkout@v4 - # Initializes the CodeQL tools for scanning. + # Prepares the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + # To specify custom queries, add them here or in a config file. + # By default, queries here will override config file specifications. + # Use "+" prefix here to combine these queries with those in the config file. - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # For details on CodeQL query packs, see: https://docs.github.com/en/code-security/code-scanning/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality + # ℹī¸ Commands to run using the OS shell. + # 📚 For syntax details, visit https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v3 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + # If Autobuild fails, remove it and uncomment the lines below, adjusting them to build your code. See the EXAMPLE for guidance. - run: | - echo "Run, Build Application using script" + echo "Executing Build Script" ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis