feat(gh): add default GitHub repo files (#147)

ruzickap · Feb 11, 2024 · 5367d21 · 5367d21
1 parent c5b046a
commit 5367d21
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 13 deletions.
diff --git a/.checkov.yml b/.checkov.yml
@@ -0,0 +1,3 @@
+skip-check:
+  # The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty
+  - CKV_GHA_7
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -33,6 +33,7 @@ jobs:
             # Extract:   ```bash ... ```
             sed -n "/^  \`\`\`\(bash\|shell\)$/,/^  \`\`\`$/p" "${FILE}" | sed '/^  ```*/d; s/^  //' >> README.sh
           done
+          ls -la README.sh
           chmod a+x README.sh
 
       - name: 💡 MegaLinter

diff --git a/.github/workflows/vuepress-build.yml b/.github/workflows/vuepress-build.yml
@@ -43,7 +43,7 @@ jobs:
         with:
           url: ${{ steps.pages.outputs.base_url }}
           pages_path: .
-          cmd_params: '--exclude=(mylabs.dev) --buffer-size=8192 --max-connections-per-host=5 --color=always --rate-limit=5 --header="User-Agent:Mozilla" --skip-tls-verification'
+          cmd_params: '--exclude=(mylabs.dev|localhost) --buffer-size=8192 --max-connections-per-host=5 --color=always --rate-limit=5 --header="User-Agent:Mozilla" --skip-tls-verification'
 
       - name: Deploy
         uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3

diff --git a/.gitignore b/.gitignore
@@ -18,3 +18,11 @@ README.sh
 
 # demo-magic.sh script
 demo-magic.sh
+
+# Terraform files
+.terraform*
+*.tfstate*
+crash.log
+
+# nohup output
+nohup.out
diff --git a/.lycheeignore b/.lycheeignore
@@ -1 +1 @@
-.*.mylabs.dev
+mylabs.dev
diff --git a/.mega-linter.yml b/.mega-linter.yml
@@ -1,7 +1,7 @@
 # Configuration file for MegaLinter
 # See all available variables at https://megalinter.io/latest/configuration/ and in linters documentation
 
-BASH_SHFMT_ARGUMENTS: --indent 2 --space-redirects
+BASH_SHFMT_ARGUMENTS: --case-indent --indent 2 --space-redirects
 
 DISABLE_LINTERS:
   - MARKDOWN_MARKDOWN_LINK_CHECK # Using lychee instead
@@ -26,9 +26,7 @@ PRINT_ALPACA: false
 # Disable creating report directory
 REPORT_OUTPUT_FOLDER: none
 
-# Issue: https://github.com/bridgecrewio/checkov/issues/3839
-# The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty
-REPOSITORY_CHECKOV_ARGUMENTS: --skip-check CKV_GHA_7
+REPOSITORY_CHECKOV_ARGUMENTS: --quiet
 
 # Do not leave debug code in production, Insecure URL
 REPOSITORY_DEVSKIM_ARGUMENTS: --ignore-globs CHANGELOG.md --ignore-rule-ids DS162092,DS137138

diff --git a/.mlc_config.json b/.mlc_config.json
@@ -1,7 +1,10 @@
 {
   "ignorePatterns": [
     {
-      "pattern": "(https|http)://.*mylabs.dev"
+      "pattern": "(http|https)://.*mylabs.dev"
+    },
+    {
+      "pattern": "(http|https)://localhost"
     }
   ]
 }
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
@@ -1,13 +1,17 @@
 vulnerabilities:
-  # │ glob-parent  │ CVE-2020-28469 │ HIGH     │ fixed  │ 3.1.0             │ 5.1.2         │ Regular expression denial of service                        │
+  # │ glob-parent   │ CVE-2020-28469 │ HIGH     │ fixed    │ 3.1.0             │ 5.1.2               │ Regular expression denial of service                        │
   - id: CVE-2020-28469
-  # │ json5        │ CVE-2022-46175 │ HIGH     │ fixed  │ 0.5.1             │ 2.2.2, 1.0.2  │ json5: Prototype Pollution in JSON5 via Parse Method        │
+  # │ json5         │ CVE-2022-46175 │ HIGH     │ fixed    │ 0.5.1             │ 2.2.2, 1.0.2        │ json5: Prototype Pollution in JSON5 via Parse Method        │
   - id: CVE-2022-46175
-  # │ loader-utils │ CVE-2022-37601 │ CRITICAL │ fixed  │ 0.2.17            │ 2.0.3, 1.4.1  │ loader-utils: prototype pollution in function parseQuery in │
+  # │ loader-utils  │ CVE-2022-37601 │ CRITICAL │ fixed    │ 0.2.17            │ 2.0.3, 1.4.1        │ loader-utils: prototype pollution in function parseQuery in │
   - id: CVE-2022-37601
-  # │ node-forge   │ CVE-2022-24771 │ HIGH     │ fixed  │ 0.10.0            │ 1.3.0         │ node-forge: Signature verification leniency in checking     │
+  # │ node-forge    │ CVE-2022-24771 │ HIGH     │ fixed    │ 0.10.0            │ 1.3.0               │ node-forge: Signature verification leniency in checking     │
   - id: CVE-2022-24771
-  # │ node-forge   │ CVE-2022-24772 │ HIGH     │ fixed  │ 0.10.0            │ 1.3.0         │ node-forge: Signature verification failing to check tailing │
+  # │ node-forge    │ CVE-2022-24772 │ HIGH     │ fixed    │ 0.10.0            │ 1.3.0               │ node-forge: Signature verification failing to check tailing │
   - id: CVE-2022-24772
-  # │ nth-check    │ CVE-2021-3803  │ HIGH     │ fixed  │ 1.0.2             │ 2.0.1         │ inefficient regular expression complexity                   │
+  # │ nth-check     │ CVE-2021-3803  │ HIGH     │ fixed    │ 1.0.2             │ 2.0.1               │ inefficient regular expression complexity                   │
   - id: CVE-2021-3803
+  # | ip            │ CVE-2023-42282 │ HIGH     │ affected │ 1.1.8             │                     │ An issue in NPM IP Package v.1.1.8 and before allows an     │
+  - id: CVE-2023-42282
+  # │ normalize-url │ CVE-2021-33502 │ HIGH     │ fixed    │ 4.5.0             │ 4.5.1, 5.3.1, 6.0.1 │ ReDoS for data URLs                                         │
+  - id: CVE-2021-33502