From 98e44b2c91c7034c6104821e31da5f2d04bca174 Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Tue, 21 Apr 2020 20:42:18 -0400 Subject: [PATCH] Other Github workflows: - Labels - Dockerhub description sync - Misspell checks - Security analysis --- .github/labels.yml | 51 ++++++++++++++++++ .github/workflows/dockerhub-description.yml | 19 +++++++ .github/workflows/labels.yml | 18 +++++++ .github/workflows/misspell.yml | 16 ++++++ .github/workflows/security.yml | 59 +++++++++++++++++++++ 5 files changed, 163 insertions(+) create mode 100644 .github/labels.yml create mode 100644 .github/workflows/dockerhub-description.yml create mode 100644 .github/workflows/labels.yml create mode 100644 .github/workflows/misspell.yml create mode 100644 .github/workflows/security.yml diff --git a/.github/labels.yml b/.github/labels.yml new file mode 100644 index 0000000..7cb37d7 --- /dev/null +++ b/.github/labels.yml @@ -0,0 +1,51 @@ +- name: ":robot: bot" + color: "69cde9" + description: "" +- name: ":bug: bug" + color: "b60205" + description: "" +- name: ":game_die: dependencies" + color: "0366d6" + description: "" +- name: ":memo: documentation" + color: "c5def5" + description: "" +- name: ":busts_in_silhouette: duplicate" + color: "cccccc" + description: "" +- name: ":sparkles: enhancement" + color: "0054ca" + description: "" +- name: ":bulb: feature request" + color: "0e8a16" + description: "" +- name: ":mega: feedback" + color: "03a9f4" + description: "" +- name: ":rocket: future maybe" + color: "fef2c0" + description: "" +- name: ":hatching_chick: good first issue" + color: "7057ff" + description: "" +- name: ":pray: help wanted" + color: "4caf50" + description: "" +- name: ":hand: hold" + color: "24292f" + description: "" +- name: ":no_entry_sign: invalid" + color: "e6e6e6" + description: "" +- name: ":interrobang: maybe bug" + color: "ff5722" + description: "" +- name: ":thinking: needs more info" + color: "795548" + description: "" +- name: ":question: question" + color: "3f51b5" + description: "" +- name: ":coffin: wontfix" + color: "ffffff" + description: "" diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml new file mode 100644 index 0000000..89f9e67 --- /dev/null +++ b/.github/workflows/dockerhub-description.yml @@ -0,0 +1,19 @@ +name: Docker Hub description +on: + push: + branches: [master] + paths: + - README.md + - .github/workflows/dockerhub-description.yml +jobs: + dockerHubDescription: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Docker Hub Description + uses: peter-evans/dockerhub-description@v2.1.0 + env: + DOCKERHUB_USERNAME: qmcgaw + DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} + DOCKERHUB_REPOSITORY: qmcgaw/cod4 diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml new file mode 100644 index 0000000..372b8c9 --- /dev/null +++ b/.github/workflows/labels.yml @@ -0,0 +1,18 @@ +name: labels +on: + push: + branches: ["master"] + paths: + - '.github/labels.yml' + - '.github/workflows/labels.yml' +jobs: + labeler: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Labeler + if: success() + uses: crazy-max/ghaction-github-labeler@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/misspell.yml b/.github/workflows/misspell.yml new file mode 100644 index 0000000..1311db3 --- /dev/null +++ b/.github/workflows/misspell.yml @@ -0,0 +1,16 @@ +name: Misspells +on: + pull_request: + branches: [master] + push: + branches: [master] +jobs: + misspell: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: reviewdog/action-misspell@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + locale: "US" + level: error diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 0000000..8bbca15 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,59 @@ +name: Security scan of Docker image +on: + push: + branches: [master] + paths-ignore: + - .github/workflows/buildx-release.yml + - .github/workflows/dockerhub-description.yml + - .github/workflows/greetings.yml + - .github/workflows/labels.yml + - .github/workflows/misspell.yml + - .github/workflows/security.yml + - .dockerignore + - .gitignore + - docker-compose.yml + - LICENSE + - README.md + - title.svg + pull_request: + branches: [master] + paths-ignore: + - .github/workflows/buildx-release.yml + - .github/workflows/dockerhub-description.yml + - .github/workflows/greetings.yml + - .github/workflows/labels.yml + - .github/workflows/misspell.yml + - .github/workflows/security.yml + - .dockerignore + - .gitignore + - docker-compose.yml + - LICENSE + - README.md + - title.svg + schedule: + - cron: '0 9 * * *' +jobs: + security-analysis: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Check for scratch + id: scratchCheck + run: echo ::set-output name=scratch::$(cat Dockerfile | grep 'FROM scratch') + - name: Build image + if: steps.scratchCheck.outputs.scratch == '' + run: docker build -t image . + - name: Phonito + if: steps.scratchCheck.outputs.scratch == '' + uses: phonito/phonito-scanner-action@master + with: + image: image + fail-level: LOW + phonito-token: ${{ secrets.PHONITO_TOKEN }} + - name: Trivy + if: steps.scratchCheck.outputs.scratch == '' + uses: homoluctus/gitrivy@v1.0.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + image: image