From 46ab4472d6284efd2a8712aac3f75eba32d67a0a Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Tue, 17 Oct 2023 21:08:27 -0700 Subject: [PATCH] Update spellcheck to the latest Signed-off-by: Tim Smith --- .github/actions/spelling/excludes.txt | 3 +- .github/actions/spelling/expect.txt | 8 +++++ .../actions/spelling/line_forbidden.patterns | 31 ++++++++++++++++--- .github/actions/spelling/patterns.txt | 1 + .github/dependabot.yml | 7 +++-- .github/workflows/spell-check.yaml | 6 ++-- README.md | 14 ++++----- github-org/README.md | 20 ++++++------ github-org/action.yaml | 4 +-- github-repo/action.yaml | 4 +-- 10 files changed, 65 insertions(+), 33 deletions(-) diff --git a/.github/actions/spelling/excludes.txt b/.github/actions/spelling/excludes.txt index 85fe237..c013ab5 100644 --- a/.github/actions/spelling/excludes.txt +++ b/.github/actions/spelling/excludes.txt @@ -46,4 +46,5 @@ ignore$ \.webp$ \.woff2?$ \.zip$ -^\.github/ +^\.github/actions/spelling/ +^\Q.github/workflows/spelling.yml\E$ diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 31c2731..d91a1c4 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -1,4 +1,12 @@ buildx +cla codeql +dfd +healthz myapp +nginx +notsigned +prcomment +readyz +softprops tibdex diff --git a/.github/actions/spelling/line_forbidden.patterns b/.github/actions/spelling/line_forbidden.patterns index 6fe8574..d52a2b6 100644 --- a/.github/actions/spelling/line_forbidden.patterns +++ b/.github/actions/spelling/line_forbidden.patterns @@ -1,4 +1,4 @@ -# Detect common combinations of valid words that are in fact invalid. +# Detect common combinations of valid words that are in fact invalid. # Useful for brand capitalizations # @@ -9,6 +9,10 @@ \sthe Mondoo Platform\b \sMondoo platform\b +# s.b. Compliance Hub +\scompliance hub\b +\sCompliance hubplatform\b + # # Industry Terms # @@ -44,6 +48,17 @@ # Product Names # +# s.b. Jira +\bJIRA\b + +# s.b. MariaDB +\bMaria DB\b +\bmariaDB\b +# \bmariaDb\b causes failures in MQL queries + +# s.b. PostgreSQL +\bPostgreSql\b + # s.b. Firefox \bFireFox\b @@ -87,6 +102,7 @@ # s.b. Red Hat \bRedHat\b +\bRedhat\b # s.b. AlmaLinux \bAlma Linux\b @@ -159,6 +175,10 @@ \bVcenter\b \bVCenter\b +# s.b. vSphere +\bVsphere\b +\bVSphere\b + # s.b. ESXi \bEsxi\b @@ -370,10 +390,9 @@ \bCloudBuild\b \bCloud build\b -# disabled for now in this repo due to false positives # s.b. Cloud Run -# \bCloudRun\b -# \bCloud run\b +\bCloudRun\b +\bCloud run\b # # Azure Products @@ -381,7 +400,7 @@ # s.b. Key Vault \bKey vault\b -# \bKeyVault\b # disabled for now in this repo due to false positives +\bKeyVault\b # s.b. Ampere \bampere\b @@ -418,6 +437,8 @@ # s.b. Cosmos DB \bCosmosDB\b +\bCosmoDB\b +\bCosmo DB\b # s.b. SignalR Service \bSignalR service\b diff --git a/.github/actions/spelling/patterns.txt b/.github/actions/spelling/patterns.txt index 3c3a1d4..0f6ce24 100644 --- a/.github/actions/spelling/patterns.txt +++ b/.github/actions/spelling/patterns.txt @@ -66,3 +66,4 @@ uid:\s.*$ aws_session_token\s+\=(\s+)?.+ aws_access_key_id\s+\=(\s+)?.+ aws_secret_access_key\s+\=(\s+)?.+ + diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5ace460..567aeae 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,7 @@ +--- version: 2 updates: - - package-ecosystem: "github-actions" - directory: "/" + - package-ecosystem: github-actions + directory: / schedule: - interval: "weekly" + interval: weekly diff --git a/.github/workflows/spell-check.yaml b/.github/workflows/spell-check.yaml index ff89278..44a9aae 100644 --- a/.github/workflows/spell-check.yaml +++ b/.github/workflows/spell-check.yaml @@ -23,12 +23,12 @@ jobs: steps: - name: check-spelling id: spelling - uses: check-spelling/check-spelling@v0.0.21 + uses: check-spelling/check-spelling@v0.0.22 with: suppress_push_for_open_pull_request: 1 checkout: true post_comment: 0 - dictionary_source_prefixes: '{"mondoo": "https://raw.githubusercontent.com/mondoohq/spellcheck-dictionary/main/", "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20220816/dictionaries/"}' + dictionary_source_prefixes: '{"mondoo": "https://raw.githubusercontent.com/mondoohq/spellcheck-dictionary/main/", "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20230509/dictionaries/"}' extra_dictionaries: cspell:aws/aws.txt cspell:filetypes/filetypes.txt cspell:software-terms/src/software-terms.txt @@ -46,7 +46,7 @@ jobs: if: (success() || failure()) && needs.spelling.outputs.followup steps: - name: comment - uses: check-spelling/check-spelling@v0.0.21 + uses: check-spelling/check-spelling@v0.0.22 with: checkout: true task: ${{ needs.spelling.outputs.followup }} diff --git a/README.md b/README.md index 3513768..fbae0a2 100644 --- a/README.md +++ b/README.md @@ -23,18 +23,18 @@ To create a service account on Mondoo Platform: 1. Log in to [Mondoo Platform](https://console.mondoo.com) 2. Select the Space you want to integrate with your repository. -3. Click on **Settings** and then **Service Accounts**. -4. Click **ADD ACCOUNT**. -5. Select the **Base64-encoded** checkbox, and then click on the **GENERATE NEW CREDENTIALS** button. +3. Select **Settings** and then **Service Accounts**. +4. Select **ADD ACCOUNT**. +5. Select the **Base64-encoded** checkbox, and then select the **GENERATE NEW CREDENTIALS** button. 6. Copy the base64 encoded credentials and then move on to the next section. ### Add new GitHub Actions Secrets -1. Click on **Settings** in your GitHub repository. -2. Under the **Security** section click on **Actions**. -3. Click **New repository secret**. +1. Select **Settings** in your GitHub repository. +2. Under the **Security** section select **Actions**. +3. Select **New repository secret**. 4. Name the secret `MONDOO_SERVICE_ACCOUNT` and paste the base64 encoded credentials from the previous section into the value input. -5. Click **Add secret**. +5. Select **Add secret**. ## Examples Workflows diff --git a/github-org/README.md b/github-org/README.md index 33b1245..b956875 100644 --- a/github-org/README.md +++ b/github-org/README.md @@ -22,10 +22,10 @@ The GitHub Organization Action has properties which are passed to the underlying | Property | Required | Default | Description | | ----------------------------- | -------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `organization` | true | | GitHub organization to scan eg. `mondoohq`. | +| `organization` | true | | GitHub organization to scan eg. `mondoohq`. | | `log-level` | false | info | Sets the log level: error, warn, info, debug, trace (default "info") | | `output` | false | compact | Set the output format for scan results: compact, yaml, json, junit, csv, summary, full, report (default "compact") | -| `score-threshold` | false | 0 | Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan). | +| `score-threshold` | false | 0 | Sets the score threshold for scans. Scores that fall below the threshold will exit 1. (default "0" - job continues regardless of the score returned by a scan). | | `is-cicd` | false | true | Flag to disable the auto-detection for CI/CD runs. If deactivated it reports into the Fleet view | | `service-account-credentials` | false | | Base64 encoded [service account credentials](https://mondoo.com/docs/platform/service_accounts/#creating-service-accounts) used to authenticate with Mondoo Platform. You can also use the environment variable mentioned below. | @@ -59,20 +59,20 @@ jobs: ## Using App Tokens -GitHub implements an [aggressive API rate limit](https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limiting) which will impact organizational scans for orgs with a large number of repositories. Normal access tokens are limited to 5,000 requests per hour. By using a GitHub App Token you can increase this limit to 15,000 per hour. +GitHub implements an [aggressive API rate limit](https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limiting) which will impact organizational scans for orgs with a large number of repositories. Normal access tokens are limited to 5,000 requests per hour. By using a GitHub App Token you can increase this limit to 15,000 per hour. To leverage an App Token: 1. As a GitHub Organization Owner, go to your Organizational Settings and then under "Developer Settings" select "GitHub Apps". The URL is ```https://github.com/organizations//settings/apps``` -2. Click the _New GitHub App_ button +2. Select **New GitHub App** 3. Name the app what ever you like, we suggest "Mondoo Org Scan (Internal)" and give it a description -4. Set the _Homepage URL_ to anything, we suggest "https://mondoo.com" -5. Uncheck the "Active" button under "Webhook". +4. Set the **Homepage URL** to anything, we suggest "https://mondoo.com" +5. Uncheck the **Active** button under **Webhook**. 6. Set the permissions for your Repo, Org and Account to allow Mondoo to scan the resources. -7. Select the "Only on this account" button and then click "Create GitHub App" to finish. -8. Record the App ID, then scroll down and click the "Generate a private key" button. This will download the private key that you will use later. -9. Now, click "Install App" and then "Install" next to the Org your planning to scan. You can choose All Repositories or only the rep running this action, then click "Install". -10. Finally, update your action to include the github-app-token action and use it's output token. This will require you to add the Apps ID and Private Key to Action Secrets. The new action will look like: +7. Select the **Only on this account** button and then select **Create GitHub App** to finish. +8. Record the App ID, then scroll down and select the **Generate a private key** button. This will download the private key that you will use later. +9. Now, select **Install App** and then **Install** next to the Org your planning to scan. You can choose All Repositories or only the rep running this action, then select **Install**. +10. Finally, update your action to include the github-app-token action and use it's output token. This will require you to add the Apps ID and Private Key to Action Secrets. The new action will look like: ``` # .... diff --git a/github-org/action.yaml b/github-org/action.yaml index 0a7b989..3131a8a 100644 --- a/github-org/action.yaml +++ b/github-org/action.yaml @@ -1,5 +1,5 @@ -name: "Mondoo Github Organization Action" -description: "Scan Github organizations for misconfigurations with Mondoo" +name: "Mondoo GitHub Organization Action" +description: "Scan GitHub organizations for misconfigurations with Mondoo" branding: icon: "shield" color: "purple" diff --git a/github-repo/action.yaml b/github-repo/action.yaml index e5903cd..b14b8d6 100644 --- a/github-repo/action.yaml +++ b/github-repo/action.yaml @@ -1,5 +1,5 @@ -name: "Mondoo Github Repository Action" -description: "Scan Github repository for misconfigurations with Mondoo" +name: "Mondoo GitHub Repository Action" +description: "Scan GitHub repository for misconfigurations with Mondoo" branding: icon: "shield" color: "purple"