From d15ac14c015173261dc98ad7d98c4a31888b741c Mon Sep 17 00:00:00 2001 From: chiefmikey Date: Mon, 17 Oct 2022 14:42:34 -0600 Subject: [PATCH 1/3] Update workflows --- .github/workflows/codesee-arch-diagram.yml | 20 ++++++++++++++++---- .github/workflows/dependabot-auto-merge.yml | 3 ++- .github/workflows/snyk.yml | 10 ++++------ .github/workflows/sonarcloud.yml | 11 +++++++++-- beta/workflows/beta-compile.yml | 3 +-- 5 files changed, 32 insertions(+), 15 deletions(-) diff --git a/.github/workflows/codesee-arch-diagram.yml b/.github/workflows/codesee-arch-diagram.yml index 4d96faa8..1d81dfbf 100644 --- a/.github/workflows/codesee-arch-diagram.yml +++ b/.github/workflows/codesee-arch-diagram.yml @@ -1,12 +1,18 @@ +# This workflow was added by CodeSee. Learn more at https://codesee.io/ on: push: branches: - main pull_request_target: - types: [opened, synchronize, reopened] + types: + - opened + - synchronize + - reopened name: CodeSee Map +permissions: read-all + jobs: test_map_action: runs-on: ubuntu-latest @@ -54,13 +60,19 @@ jobs: with: ruby-version: '3.0' - # CodeSee Maps Rust support uses a static binary so there's no setup step required. + # We need the rust toolchain because it uses rustc and cargo to inspect the package + - name: Configure Rust 1.x stable + uses: actions-rs/toolchain@v1 + if: ${{ fromJSON(steps.detect-languages.outputs.languages).rust }} + with: + toolchain: stable - name: Generate Map id: generate-map uses: Codesee-io/codesee-map-action@latest with: step: map + api_token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }} github_ref: ${{ github.ref }} languages: ${{ steps.detect-languages.outputs.languages }} @@ -71,11 +83,11 @@ jobs: step: mapUpload api_token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }} github_ref: ${{ github.ref }} - + - name: Insights id: insights uses: Codesee-io/codesee-map-action@latest with: step: insights api_token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }} - github_ref: ${{ github.ref }} + github_ref: ${{ github.ref }} \ No newline at end of file diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index e62a61e3..8940674f 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -1,4 +1,5 @@ -name: Dependabot auto-merge +name: Dependabot Auto-Merge + on: pull_request permissions: diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index cf9fc688..1d97e0a6 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -1,9 +1,6 @@ name: "Snyk: Node" -on: - push: - branches: - - main - pull_request: + +on: push permissions: write-all @@ -14,11 +11,12 @@ jobs: steps: - uses: actions/checkout@v3 - name: Snyk Scan - uses: snyk/actions/node@0.3.0 + uses: snyk/actions/node@master continue-on-error: true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: + command: monitor args: --sarif-file-output=snyk.sarif - name: Upload Results to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v2 diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index f821defa..b8bffa2b 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -1,7 +1,14 @@ name: SonarCloud Analysis on: - pull_request: + push: + branches: + - main + pull_request_target: + types: + - opened + - synchronize + - reopened permissions: pull-requests: read @@ -12,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Analyze - uses: SonarSource/sonarcloud-github-action@v1.7 + uses: SonarSource/sonarcloud-github-action@master env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/beta/workflows/beta-compile.yml b/beta/workflows/beta-compile.yml index 9ef72462..46e74409 100644 --- a/beta/workflows/beta-compile.yml +++ b/beta/workflows/beta-compile.yml @@ -1,7 +1,6 @@ name: Beta Compile -on: - pull_request: +on: pull_request jobs: build: From 6be9ea42bd9612a1b073ab67608db940715de68e Mon Sep 17 00:00:00 2001 From: chiefmikey Date: Mon, 17 Oct 2022 14:44:37 -0600 Subject: [PATCH 2/3] Add snyk test command --- .github/workflows/snyk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 1d97e0a6..07a94127 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -16,7 +16,7 @@ jobs: env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - command: monitor + command: monitor, test args: --sarif-file-output=snyk.sarif - name: Upload Results to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v2 From 6b8707ce8d49aa85bb9b2334023ca43d7e37631b Mon Sep 17 00:00:00 2001 From: chiefmikey Date: Mon, 17 Oct 2022 14:45:59 -0600 Subject: [PATCH 3/3] Remove snyk commands --- .github/workflows/snyk.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 07a94127..15df17e7 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -16,7 +16,6 @@ jobs: env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - command: monitor, test args: --sarif-file-output=snyk.sarif - name: Upload Results to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v2