From a9a87d957dadf0ccfe1be7f723cb2138ad946803 Mon Sep 17 00:00:00 2001 From: BakedSunny <110278648+lilsunny243@users.noreply.github.com> Date: Sun, 4 Sep 2022 17:27:43 +0200 Subject: [PATCH 1/4] Create settings.json --- .vscode/settings.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..7afa09c --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,13 @@ +{ + "objectscript.showExplorer": false, + "yaml.customTags": [ + "!upload scalar", + "!remove scalar", + "!keep scalar", + "!erase scalar", + "!jwt scalar" + ], + "yaml.schemas": { + "https://raw.githubusercontent.com/doanthuanthanh88/testapi6/main/schema.json": "*.yaml" + } +} \ No newline at end of file From 368fa51e99059b07d92544058a51f133e91fb1f9 Mon Sep 17 00:00:00 2001 From: Gebacken Sonnig <110278648+lilsunny243@users.noreply.github.com> Date: Thu, 2 Mar 2023 03:13:16 +0100 Subject: [PATCH 2/4] Create .github/dependabot.yml --- .github/dependabot.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..ac6621f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" From 55f365c84c7b621889441bea834dfbe528cbb1eb Mon Sep 17 00:00:00 2001 From: Gebacken Sonnig <110278648+lilsunny243@users.noreply.github.com> Date: Sat, 30 Sep 2023 11:29:53 +0200 Subject: [PATCH 3/4] Create blank.yml --- .github/workflows/blank.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/workflows/blank.yml diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml new file mode 100644 index 0000000..18a6a3e --- /dev/null +++ b/.github/workflows/blank.yml @@ -0,0 +1,36 @@ +# This is a basic workflow to help you get started with Actions + +name: CI + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the "main" branch + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v3 + + # Runs a single command using the runners shell + - name: Run a one-line script + run: echo Hello, world! + + # Runs a set of commands using the runners shell + - name: Run a multi-line script + run: | + echo Add other actions to build, + echo test, and deploy your project. From 35ea999d362ee2f238d479f2204d85f3ffde0233 Mon Sep 17 00:00:00 2001 From: Gebacken Sonnig <110278648+lilsunny243@users.noreply.github.com> Date: Sat, 30 Sep 2023 11:31:08 +0200 Subject: [PATCH 4/4] Create ossar.yml --- .github/workflows/ossar.yml | 56 +++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/workflows/ossar.yml diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml new file mode 100644 index 0000000..1805f86 --- /dev/null +++ b/.github/workflows/ossar.yml @@ -0,0 +1,56 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow integrates a collection of open source static analysis tools +# with GitHub code scanning. For documentation, or to provide feedback, visit +# https://github.com/github/ossar-action +name: OSSAR + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '45 6 * * 4' + +permissions: + contents: read + +jobs: + OSSAR-Scan: + # OSSAR runs on windows-latest. + # ubuntu-latest and macos-latest support coming soon + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + runs-on: windows-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Ensure a compatible version of dotnet is installed. + # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. + # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. + # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. + # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: + # - name: Install .NET + # uses: actions/setup-dotnet@v2 + # with: + # dotnet-version: '3.1.x' + + # Run open source static analysis tools + - name: Run OSSAR + uses: github/ossar-action@v1 + id: ossar + + # Upload results to the Security tab + - name: Upload OSSAR results + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: ${{ steps.ossar.outputs.sarifFile }}