diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 6494e8d2b4..752dd99eb6 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -26,6 +26,7 @@ It is not:
- [ ] Should use sentence case for the names of workflows and steps (for example, "Run tests").
- [ ] Should be named _only_ by the name of the language or platform (for example, "Go", not "Go CI" or "Go Build").
- [ ] Should include comments in the workflow for any parts that are not obvious or could use clarification.
+- [ ] Should specify least priviledge [permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token) for `GITHUB_TOKEN` so that the workflow runs successfully.
**For _CI_ workflows, the workflow:**
diff --git a/ci/android.yml b/ci/android.yml
index 3037b9ff1b..f289bd5c73 100644
--- a/ci/android.yml
+++ b/ci/android.yml
@@ -17,7 +17,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
- distribution: 'adopt'
+ distribution: 'temurin'
cache: gradle
- name: Grant execute permission for gradlew
diff --git a/ci/ant.yml b/ci/ant.yml
index 655a94c90e..0205d40359 100644
--- a/ci/ant.yml
+++ b/ci/ant.yml
@@ -20,6 +20,6 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
- distribution: 'adopt'
+ distribution: 'temurin'
- name: Build with Ant
run: ant -noinput -buildfile build.xml
diff --git a/ci/datadog-synthetics.yml b/ci/datadog-synthetics.yml
new file mode 100644
index 0000000000..7056f87093
--- /dev/null
+++ b/ci/datadog-synthetics.yml
@@ -0,0 +1,38 @@
+# This workflow will trigger Datadog Synthetic tests within your Datadog organisation
+# For more information on running Synthetic tests within your GitHub workflows see: https://docs.datadoghq.com/synthetics/cicd_integrations/github_actions/
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# To get started:
+
+# 1. Add your Datadog API (DD_API_KEY) and Application Key (DD_APP_KEY) as secrets to your GitHub repository. For more information, see: https://docs.datadoghq.com/account_management/api-app-keys/.
+# 2. Start using the action within your workflow
+
+name: Run Datadog Synthetic tests
+
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+
+ # Run Synthetic tests within your GitHub workflow.
+ # For additional configuration options visit the action within the marketplace: https://github.com/marketplace/actions/datadog-synthetics-ci
+ - name: Run Datadog Synthetic tests
+ uses: DataDog/synthetics-ci-github-action@2b56dc0cca9daa14ab69c0d1d6844296de8f941e
+ with:
+ api_key: ${{secrets.DD_API_KEY}}
+ app_key: ${{secrets.DD_APP_KEY}}
+ test_search_query: 'tag:e2e-tests' #Modify this tag to suit your tagging strategy
+
+
diff --git a/ci/deno.yml b/ci/deno.yml
index 38f231904c..25e9e2a510 100644
--- a/ci/deno.yml
+++ b/ci/deno.yml
@@ -24,7 +24,7 @@ jobs:
- name: Setup Deno
# uses: denoland/setup-deno@v1
- uses: denoland/setup-deno@004814556e37c54a2f6e31384c9e18e9833173669
+ uses: denoland/setup-deno@004814556e37c54a2f6e31384c9e18e983317366
with:
deno-version: v1.x
diff --git a/ci/gradle-publish.yml b/ci/gradle-publish.yml
index f24c004e5e..26bc0df0f2 100644
--- a/ci/gradle-publish.yml
+++ b/ci/gradle-publish.yml
@@ -25,7 +25,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
- distribution: 'adopt'
+ distribution: 'temurin'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
diff --git a/ci/gradle.yml b/ci/gradle.yml
index b83458c09c..cc63e9a087 100644
--- a/ci/gradle.yml
+++ b/ci/gradle.yml
@@ -24,7 +24,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
- distribution: 'adopt'
+ distribution: 'temurin'
- name: Build with Gradle
uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
with:
diff --git a/ci/maven-publish.yml b/ci/maven-publish.yml
index 18dd937d4e..319f9a1194 100644
--- a/ci/maven-publish.yml
+++ b/ci/maven-publish.yml
@@ -21,7 +21,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
- distribution: 'adopt'
+ distribution: 'temurin'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
diff --git a/ci/maven.yml b/ci/maven.yml
index ac3b6de431..f301fe093e 100644
--- a/ci/maven.yml
+++ b/ci/maven.yml
@@ -20,7 +20,7 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
- distribution: 'adopt'
+ distribution: 'temurin'
cache: maven
- name: Build with Maven
run: mvn -B package --file pom.xml
diff --git a/ci/node.js.yml b/ci/node.js.yml
index 89b24fed53..8d1b9c7001 100644
--- a/ci/node.js.yml
+++ b/ci/node.js.yml
@@ -1,4 +1,4 @@
-# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
+# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
name: Node.js CI
diff --git a/ci/properties/datadog-synthetics.properties.json b/ci/properties/datadog-synthetics.properties.json
new file mode 100644
index 0000000000..5a4f74dce0
--- /dev/null
+++ b/ci/properties/datadog-synthetics.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Datadog Synthetics",
+ "description": "Run Datadog Synthetic tests within your GitHub Actions workflow",
+ "iconName": "datadog",
+ "categories": ["Continuous integration", "JavaScript", "TypeScript", "Testing"]
+}
diff --git a/ci/properties/rubyonrails-lint.properties.json b/ci/properties/rubyonrails-lint.properties.json
deleted file mode 100644
index e6e5f6928e..0000000000
--- a/ci/properties/rubyonrails-lint.properties.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "name": "Rails - Install Dependencies and Run Linters",
- "description": "Install dependencies and run linters on Rails application",
- "iconName": "ruby",
- "categories": ["Continuous integration", "Ruby", "Rails"]
-}
diff --git a/ci/properties/rubyonrails.properties.json b/ci/properties/rubyonrails.properties.json
new file mode 100644
index 0000000000..49b29a4ede
--- /dev/null
+++ b/ci/properties/rubyonrails.properties.json
@@ -0,0 +1,6 @@
+{
+ "name": "Ruby on Rails continuous integration",
+ "description": "Build, lint, and test a Rails application",
+ "iconName": "rails",
+ "categories": ["Continuous integration", "Ruby", "Rails"]
+}
diff --git a/ci/pylint.yml b/ci/pylint.yml
index 10c49c6d1d..7b555fee49 100644
--- a/ci/pylint.yml
+++ b/ci/pylint.yml
@@ -20,4 +20,4 @@ jobs:
pip install pylint
- name: Analysing the code with pylint
run: |
- pylint `ls -R|grep .py$|xargs`
+ pylint $(git ls-files '*.py')
diff --git a/ci/rubyonrails-lint.yml b/ci/rubyonrails-lint.yml
deleted file mode 100644
index d95b70e637..0000000000
--- a/ci/rubyonrails-lint.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-# This workflow will download a prebuilt Ruby version, install dependencies, and run linters
-name: Rails - Install dependencies and run linters
-
-on:
- push:
- branches: [ $default-branch ]
- pull_request:
- branches: [ $default-branch ]
-jobs:
- run-lint:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout code
- uses: actions/checkout@v2
-
- - name: Setup Ruby and install gems
- uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
- with:
- bundler-cache: true
- # Add or Replace any other security checks here
- - name: Run security checks
- run: |
- bin/bundler-audit --update
- bin/brakeman -q -w2
- # Add or Replace any other Linters here
- - name: Run linters
- run: |
- bin/rubocop --parallel
\ No newline at end of file
diff --git a/ci/rubyonrails.yml b/ci/rubyonrails.yml
new file mode 100644
index 0000000000..b7b3624394
--- /dev/null
+++ b/ci/rubyonrails.yml
@@ -0,0 +1,58 @@
+# This workflow uses actions that are not certified by GitHub. They are
+# provided by a third-party and are governed by separate terms of service,
+# privacy policy, and support documentation.
+#
+# This workflow will install a prebuilt Ruby version, install dependencies, and
+# run tests and linters.
+name: "Ruby on Rails CI"
+on:
+ push:
+ branches: [ $default-branch ]
+ pull_request:
+ branches: [ $default-branch ]
+jobs:
+ test:
+ runs-on: ubuntu-latest
+ services:
+ postgres:
+ image: postgres:11-alpine
+ ports:
+ - "5432:5432"
+ env:
+ POSTGRES_DB: rails_test
+ POSTGRES_USER: rails
+ POSTGRES_PASSWORD: password
+ env:
+ RAILS_ENV: test
+ DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v2
+ # Add or replace dependency steps here
+ - name: Install Ruby and gems
+ uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92
+ with:
+ bundler-cache: true
+ # Add or replace database setup steps here
+ - name: Set up database schema
+ run: bin/rails db:schema:load
+ # Add or replace test runners here
+ - name: Run tests
+ run: bin/rake
+
+ lint:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v2
+ - name: Install Ruby and gems
+ uses: ruby/setup-ruby@8f312efe1262fb463d906e9bf040319394c18d3e # v1.92
+ with:
+ bundler-cache: true
+ # Add or replace any other lints here
+ - name: Security audit dependencies
+ run: bin/bundler-audit --update
+ - name: Security audit application code
+ run: bin/brakeman -q -w2
+ - name: Lint Ruby files
+ run: bin/rubocop --parallel
diff --git a/ci/scala.yml b/ci/scala.yml
index 4a3c112725..af6b2ed0bc 100644
--- a/ci/scala.yml
+++ b/ci/scala.yml
@@ -17,6 +17,6 @@ jobs:
uses: actions/setup-java@v2
with:
java-version: '11'
- distribution: 'adopt'
+ distribution: 'temurin'
- name: Run tests
run: sbt test
diff --git a/code-scanning/scorecards.yml b/code-scanning/scorecards.yml
index 8b2346a65c..618ce2890a 100644
--- a/code-scanning/scorecards.yml
+++ b/code-scanning/scorecards.yml
@@ -1,5 +1,5 @@
name: Scorecards supply-chain security
-on:
+on:
# Only the default branch is supported.
branch_protection_rule:
schedule:
@@ -17,7 +17,9 @@ jobs:
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
-
+ actions: read
+ contents: read
+
steps:
- name: "Checkout code"
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
@@ -25,17 +27,17 @@ jobs:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@175f59783fa96e44dd6fa96619ab7bdacab56b5c # v0.0.1
+ uses: ossf/scorecard-action@c8416b0b2bf627c349ca92fc8e3de51a64b005cf # v1.0.2
with:
results_file: results.sarif
results_format: sarif
# Read-only PAT token. To create it,
# follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
- repo_token: ${{ secrets.SCORECARD_TOKEN }}
+ repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
# Publish the results to enable scorecard badges. For more details, see
# https://github.com/ossf/scorecard-action#publishing-results.
- # If you are installing the action on a private repo, set it to `publish_results: false`
- # or comment out the following line.
+ # For private repositories, `publish_results` will automatically be set to `false`,
+ # regardless of the value entered here.
publish_results: true
# Upload the results as artifacts (optional).
@@ -45,7 +47,7 @@ jobs:
name: SARIF file
path: results.sarif
retention-days: 5
-
+
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
diff --git a/deployments/azure-container-webapp.yml b/deployments/azure-container-webapp.yml
index 7c7bb2a990..57fe362ab8 100644
--- a/deployments/azure-container-webapp.yml
+++ b/deployments/azure-container-webapp.yml
@@ -62,21 +62,21 @@ jobs:
tags: ghcr.io/${{ env.REPO }}:${{ github.sha }}
file: ./Dockerfile
- deploy:
- runs-on: ubuntu-latest
- needs: build
- environment:
- name: 'Development'
- url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
+ deploy:
+ runs-on: ubuntu-latest
+ needs: build
+ environment:
+ name: 'Development'
+ url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
+
+ steps:
+ - name: Lowercase the repo name and username
+ run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
- steps:
- - name: Lowercase the repo name and username
- run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
-
- - name: Deploy to Azure Web App
- id: deploy-to-webapp
- uses: azure/webapps-deploy@v2
- with:
- app-name: ${{ env.AZURE_WEBAPP_NAME }}
- publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
- images: 'ghcr.io/${{ env.REPO }}:${{ github.sha }}'
+ - name: Deploy to Azure Web App
+ id: deploy-to-webapp
+ uses: azure/webapps-deploy@v2
+ with:
+ app-name: ${{ env.AZURE_WEBAPP_NAME }}
+ publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
+ images: 'ghcr.io/${{ env.REPO }}:${{ github.sha }}'
diff --git a/icons/datadog.svg b/icons/datadog.svg
new file mode 100644
index 0000000000..91cb3b6260
--- /dev/null
+++ b/icons/datadog.svg
@@ -0,0 +1,4 @@
+
diff --git a/icons/rails.svg b/icons/rails.svg
new file mode 100644
index 0000000000..5e1f8f8009
--- /dev/null
+++ b/icons/rails.svg
@@ -0,0 +1 @@
+
diff --git a/icons/scorecards.svg b/icons/scorecards.svg
index 9db608c09f..9433c9195a 100644
--- a/icons/scorecards.svg
+++ b/icons/scorecards.svg
@@ -1,365 +1 @@
-
-
-
+
\ No newline at end of file