From 9362e223f6499ed7e6a7730d7b489b8e7a76207a Mon Sep 17 00:00:00 2001 From: "whitesource-bolt-for-github[bot]" <42819689+whitesource-bolt-for-github[bot]@users.noreply.github.com> Date: Thu, 19 Aug 2021 19:26:06 +0000 Subject: [PATCH 1/6] Add .whitesource configuration file --- .whitesource | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .whitesource diff --git a/.whitesource b/.whitesource new file mode 100644 index 0000000000..55b922e8c1 --- /dev/null +++ b/.whitesource @@ -0,0 +1,12 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff" + }, + "issueSettings": { + "minSeverityLevel": "LOW" + } +} \ No newline at end of file From c605c41c96cabdd067cdf7a2d09bc731898d9ba3 Mon Sep 17 00:00:00 2001 From: Santiago De Jesus Villalobos-Gonzalez <71681815+LaudateCorpus1@users.noreply.github.com> Date: Sat, 11 Sep 2021 14:15:39 -0700 Subject: [PATCH 2/6] Create .circleci --- .circleci/tempFile | 1 + 1 file changed, 1 insertion(+) create mode 100644 .circleci/tempFile diff --git a/.circleci/tempFile b/.circleci/tempFile new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/.circleci/tempFile @@ -0,0 +1 @@ + From 69c4064207f10cf30fee6d5a9f60caf18e395db7 Mon Sep 17 00:00:00 2001 From: Santiago De Jesus Villalobos-Gonzalez <71681815+LaudateCorpus1@users.noreply.github.com> Date: Sat, 11 Sep 2021 14:16:12 -0700 Subject: [PATCH 3/6] Create config.yml --- .circleci/config.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000000..7d77d92ff3 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,26 @@ +# Use the latest 2.1 version of CircleCI pipeline process engine. See: https://circleci.com/docs/2.0/configuration-reference +version: 2.1 +jobs: + build: + working_directory: ~/repo + docker: + - image: circleci/golang:1.15.8 + steps: + - checkout + - restore_cache: + keys: + - go-mod-v4-{{ checksum "go.sum" }} + - run: + name: Install Dependencies + command: go mod download + - save_cache: + key: go-mod-v4-{{ checksum "go.sum" }} + paths: + - "/go/pkg/mod" + - run: + name: Run tests + command: | + mkdir -p /tmp/test-reports + gotestsum --junitfile /tmp/test-reports/unit-tests.xml + - store_test_results: + path: /tmp/test-reports From 05f884aeb4938c02f88d6ac3aad41a00ef24606b Mon Sep 17 00:00:00 2001 From: Santiago De Jesus Villalobos-Gonzalez <71681815+LaudateCorpus1@users.noreply.github.com> Date: Sat, 11 Sep 2021 14:16:30 -0700 Subject: [PATCH 4/6] Delete tempFile --- .circleci/tempFile | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .circleci/tempFile diff --git a/.circleci/tempFile b/.circleci/tempFile deleted file mode 100644 index 8b13789179..0000000000 --- a/.circleci/tempFile +++ /dev/null @@ -1 +0,0 @@ - From 1e8f96e641f9e2613ebade70c21a65634bcb30b3 Mon Sep 17 00:00:00 2001 From: Santiago De Jesus Villalobos-Gonzalez <71681815+LaudateCorpus1@users.noreply.github.com> Date: Sat, 11 Sep 2021 14:16:48 -0700 Subject: [PATCH 5/6] google.yml --- .github/workflows/google.yml | 80 ++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 .github/workflows/google.yml diff --git a/.github/workflows/google.yml b/.github/workflows/google.yml new file mode 100644 index 0000000000..5e803edba5 --- /dev/null +++ b/.github/workflows/google.yml @@ -0,0 +1,80 @@ +# This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when a release is created +# +# To configure this workflow: +# +# 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc. +# +# 2. Set up secrets in your workspace: GKE_PROJECT with the name of the project and GKE_SA_KEY with the Base64 encoded JSON service account key (https://github.com/GoogleCloudPlatform/github-actions/tree/docs/service-account-key/setup-gcloud#inputs). +# +# 3. Change the values for the GKE_ZONE, GKE_CLUSTER, IMAGE, and DEPLOYMENT_NAME environment variables (below). +# +# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke + +name: Build and Deploy to GKE + +on: + release: + types: [created] + +env: + PROJECT_ID: ${{ secrets.GKE_PROJECT }} + GKE_CLUSTER: cluster-1 # TODO: update to cluster name + GKE_ZONE: us-central1-c # TODO: update to cluster zone + DEPLOYMENT_NAME: gke-test # TODO: update to deployment name + IMAGE: static-site + +jobs: + setup-build-publish-deploy: + name: Setup, Build, Publish, and Deploy + runs-on: ubuntu-latest + environment: production + + steps: + - name: Checkout + uses: actions/checkout@v2 + + # Setup gcloud CLI + - uses: google-github-actions/setup-gcloud@v0.2.0 + with: + service_account_key: ${{ secrets.GKE_SA_KEY }} + project_id: ${{ secrets.GKE_PROJECT }} + + # Configure Docker to use the gcloud command-line tool as a credential + # helper for authentication + - run: |- + gcloud --quiet auth configure-docker + + # Get the GKE credentials so we can deploy to the cluster + - uses: google-github-actions/get-gke-credentials@v0.2.1 + with: + cluster_name: ${{ env.GKE_CLUSTER }} + location: ${{ env.GKE_ZONE }} + credentials: ${{ secrets.GKE_SA_KEY }} + + # Build the Docker image + - name: Build + run: |- + docker build \ + --tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \ + --build-arg GITHUB_SHA="$GITHUB_SHA" \ + --build-arg GITHUB_REF="$GITHUB_REF" \ + . + + # Push the Docker image to Google Container Registry + - name: Publish + run: |- + docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" + + # Set up kustomize + - name: Set up Kustomize + run: |- + curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64 + chmod u+x ./kustomize + + # Deploy the Docker image to the GKE cluster + - name: Deploy + run: |- + ./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA + ./kustomize build . | kubectl apply -f - + kubectl rollout status deployment/$DEPLOYMENT_NAME + kubectl get services -o wide From f1f76d765edfd5fd9f04676c26bf0abcb021d633 Mon Sep 17 00:00:00 2001 From: Santiago De Jesus Villalobos-Gonzalez <71681815+LaudateCorpus1@users.noreply.github.com> Date: Sat, 11 Sep 2021 14:17:29 -0700 Subject: [PATCH 6/6] analysis.yml --- .github/workflows/devskim-analysis.yml | 34 ++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/devskim-analysis.yml diff --git a/.github/workflows/devskim-analysis.yml b/.github/workflows/devskim-analysis.yml new file mode 100644 index 0000000000..e87fa21d6a --- /dev/null +++ b/.github/workflows/devskim-analysis.yml @@ -0,0 +1,34 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: DevSkim + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + schedule: + - cron: '28 8 * * 1' + +jobs: + lint: + name: DevSkim + runs-on: ubuntu-20.04 + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run DevSkim scanner + uses: microsoft/DevSkim-Action@v1 + + - name: Upload DevSkim scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: devskim-results.sarif