diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..e868b6008 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,19 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "docker" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" + - package-ecosystem: "pip" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" + - package-ecosystem: "github-actions" # Core GitHub Actions + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/crda.yml b/.github/workflows/crda.yml new file mode 100644 index 000000000..816db8376 --- /dev/null +++ b/.github/workflows/crda.yml @@ -0,0 +1,126 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow performs a static analysis of your source code using +# Red Hat CodeReady Dependency Analytics. + +# Scans are triggered: +# 1. On every push to default and protected branches +# 2. On every Pull Request targeting the default branch +# 3. On a weekly schedule +# 4. Manually, on demand, via the "workflow_dispatch" event + +# 💁 The CRDA Starter workflow will: +# - Checkout your repository +# - Setup the required tool stack +# - Install the CRDA command line tool +# - Auto detect the manifest file and install the project's dependencies +# - Perform the security scan using CRDA +# - Upload the SARIF result to the GitHub Code Scanning which can be viewed under the security tab +# - Optionally upload the SARIF file as an artifact for the future reference + +# ℹī¸ Configure your repository and the workflow with the following steps: +# 1. Setup the tool stack based on the project's requirement. +# Refer to: https://github.com/redhat-actions/crda/#1-set-up-the-tool-stack +# 2. (Optional) CRDA action attempt to detect the language and install the +# required dependencies for your project. If your project doesn't aligns +# with the default dependency installation command mentioned here +# https://github.com/redhat-actions/crda/#3-installing-dependencies. +# Use the required inputs to setup the same +# 3. (Optional) CRDA action attempts to detect the manifest file if it is +# present in the root of the project and named as per the default mentioned +# here https://github.com/redhat-actions/crda/#3-installing-dependencies. +# If it deviates from the default, use the required inputs to setup the same +# 4. Setup Authentication - Create the CRDA_KEY or SNYK_TOKEN. +# Refer to: https://github.com/redhat-actions/crda/#4-set-up-authentication +# 5. (Optional) Upload SARIF file as an Artifact to download and view +# 6. Commit and push the workflow file to your default branch to trigger a workflow run. + +# 👋 Visit our GitHub organization at https://github.com/redhat-actions/ to see our actions and provide feedback. + +name: CRDA Scan + +# Controls when the workflow will run +on: + # TODO: Customize trigger events based on your DevSecOps processes + # + # This workflow is made to run with OpenShift starter workflow + # https://github.com/actions/starter-workflows/blob/main/deployments/openshift.yml + # However, if you want to run this workflow as a standalone workflow, please + # uncomment the 'push' trigger below and configure it based on your requirements. + # + workflow_call: + secrets: + CRDA_KEY: + required: false + SNYK_TOKEN: + required: false + workflow_dispatch: + + # push: + # branches: [ "main" ] + + # pull_request_target is used to securely share secret to the PR's workflow run. + # For more info visit: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target + pull_request_target: + branches: [ "main" ] + types: [ assigned, opened, synchronize, reopened, labeled, edited ] + +permissions: + contents: read + +jobs: + crda-scan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for redhat-actions/crda to upload SARIF results + name: Scan project vulnerabilities with CRDA + runs-on: ubuntu-20.04 + steps: + + - name: Check out repository + uses: actions/checkout@v2 + + # ******************************************************************* + # Required: Instructions to setup project + # 1. Setup Go, Java, Node.js or Python depending on your project type + # 2. Setup Actions are listed below, choose one from them: + # - Go: https://github.com/actions/setup-go + # - Java: https://github.com/actions/setup-java + # - Node.js: https://github.com/actions/setup-node + # - Python: https://github.com/actions/setup-python + # + # Example: + # - name: Setup Node + # uses: actions/setup-node@v4 + # with: + # node-version: '20' + + # https://github.com/redhat-actions/openshift-tools-installer/blob/main/README.md + - name: Install CRDA CLI + uses: redhat-actions/openshift-tools-installer@v1 + with: + source: github + github_pat: ${{ github.token }} + # Choose the desired version of the CRDA CLI + crda: "latest" + + ###################################################################################### + # https://github.com/redhat-actions/crda/blob/main/README.md + # + # By default, CRDA will detect the manifest file and install the required dependencies + # using the standard command for the project type. + # If your project doesn't aligns with the defaults mentioned in this action, you will + # need to set few inputs that are described here: + # https://github.com/redhat-actions/crda/blob/main/README.md#3-installing-dependencies + # Visit https://github.com/redhat-actions/crda/#4-set-up-authentication to understand + # process to get a SNYK_TOKEN or a CRDA_KEY + - name: CRDA Scan + id: scan + uses: redhat-actions/crda@v1 + with: + crda_key: ${{ secrets.CRDA_KEY }} # Either use crda_key or snyk_token + # snyk_token: ${{ secrets.SNYK_TOKEN }} + # upload_artifact: false # Set this to false to skip artifact upload diff --git a/.github/workflows/prettier.yaml b/.github/workflows/prettier.yaml new file mode 100644 index 000000000..4b57fbfac --- /dev/null +++ b/.github/workflows/prettier.yaml @@ -0,0 +1,21 @@ +--- +name: Prettier-fix +on: [pull_request, push, workflow_dispatch] + +permissions: + contents: write + +jobs: + prettier-fix: + ## Run only if the actor is not the GitHub Actions bot + #if: github.actor != 'github-actions[bot]' + runs-on: ubuntu-latest + # Limit the running time + timeout-minutes: 10 + steps: + - name: Invoke the Prettier fix + # Use the latest commit in the main branch. + uses: WorkOfStan/prettier-fix@main + with: + #node-version: "20" + commit-changes: false diff --git a/.github/workflows/profanityChecker.yaml b/.github/workflows/profanityChecker.yaml new file mode 100644 index 000000000..6a49b2691 --- /dev/null +++ b/.github/workflows/profanityChecker.yaml @@ -0,0 +1,74 @@ +name: profanityChecker + +on: + # Triggers the workflow on push or pull request events but only for the "main" branch + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: +env: + SWEARSCAN_FOUND_ZERO_WORDS: true + +jobs: + profanityCheck: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v4 + with: + path: project-code + + - uses: actions/checkout@v4 + with: + repository: 'Hesham-Elbadawi/list-of-banned-words' + ref: 'master' + path: 'list-of-banned-words' + + - name: "Clean .git" + run: | + rm -rf ./list-of-banned-words/.git + rm -rf ./project-code/.git + rm -rf ./project-code/.github + + - uses: actions/checkout@v4 + with: + ref: 'master' + repository: '8bitbuddhist/swearscan' + path: 'swearscan' + + - name: Create dictionary + run: | + rm -rf ./.git + cd ./swearscan + if [ -f dictionary.csv ]; then mv -f dictionary.csv dictionary.csv.orig; fi + for lang_file in $(find ../list-of-banned-words -maxdepth 1 -name ??); do + sed -e '/,/d;s/$/,1/' $lang_file >> dictionary.csv + echo "" >> dictionary.csv + done + sed -i '/^[[:space:]]*$/d' dictionary.csv + + - name: Profanity Scan + uses: mathiasvr/command-output@v2.0.0 + id: scan_run + with: + run: | + cd ./swearscan + python3 swearscan.py ../project-code + + - name: Set step summary + if: ${{ contains(steps.scan_run.outputs.stdout, 'Total score:') }} + run: echo "### Prophany check found swear words in project code!" >> $GITHUB_STEP_SUMMARY + + - name: Fail if Scan found something + if: ${{ contains(steps.scan_run.outputs.stdout, 'Total score:') }} + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Prophany check found swear words in project code!') + diff --git a/.github/workflows/profanityFilter.yaml b/.github/workflows/profanityFilter.yaml new file mode 100644 index 000000000..641c8ca49 --- /dev/null +++ b/.github/workflows/profanityFilter.yaml @@ -0,0 +1,36 @@ +# The name of the workflow +name: Profanity filter + +# Trigger on issue or pull requests, that are opened, edited, or reopened +on: + issue_comment: + types: [created, edited] + issues: + types: [opened, edited, reopened] + pull_request: + types: [opened, edited, reopened] + +# Required permissions +permissions: + issues: write + pull-requests: write + +jobs: + # Name the job whatever you'd like + apply-filter: + + runs-on: ubuntu-latest + + steps: + + # Name the step anything that makes sense to you + - name: Scan issue or pull request for profanity + # Conditionally run the step if the actor isn't a bot + if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'github-actions[bot]' }} + uses: IEvangelist/profanity-filter@2.0.2 + id: profanity-filter + with: + token: ${{ secrets.GITHUB_TOKEN }} + # See https://bit.ly/potty-mouth-replacement-strategies + replacement-strategy: middle-asterisk # See Replacement strategy + custom-profane-words-url: https://github.com/Hesham-Elbadawi/list-of-banned-words/raw/refs/heads/master/ru diff --git a/.github/workflows/test-workflow.yaml b/.github/workflows/test-workflow.yaml new file mode 100644 index 000000000..db8564089 --- /dev/null +++ b/.github/workflows/test-workflow.yaml @@ -0,0 +1,11 @@ +--- +name: Shit posting +on: [workflow_dispatch] + +jobs: + shitPosting: + runs-on: ubuntu-latest + steps: + - name: Print some shit into console + run: | + echo "Print some nice sentense to please a user" diff --git a/renovate.json b/renovate.json new file mode 100644 index 000000000..5db72dd6a --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended" + ] +}