Merge pull request #19 from dataswift/main

Fork Sync
dataswift · Mar 12, 2021 · 6b72ca9 · 6b72ca9
2 parents 1b4fd4a + 5e2e545
commit 6b72ca9
Show file tree

Hide file tree

Showing 12 changed files with 3,468 additions and 4,445 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    target-branch: "main"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    target-branch: "main"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -0,0 +1,34 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+
+categories:
+  - title: 'Features'
+    labels:
+      - 'feature'
+  - title: 'Bugs'
+    labels:
+      - 'bug'
+      - 'fix'
+  - title: 'Maintenance'
+    labels: 
+      - 'chore'
+
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+change-title-escapes: '\<*_&'
+
+version-resolver:
+  default: patch
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+  patch:
+    labels:
+      - 'patch'
+
+template: |
+  ## Changes
+
+  $CHANGES
diff --git a/.github/workflows/test.yml → .github/workflows/ci.yml b/.github/workflows/test.yml → .github/workflows/ci.yml
@@ -1,13 +1,8 @@
-name: Test my typescript action
+name: CI
 
-on:
-  pull_request:
-    paths:
-      - 'src/**'
-      - 'dist/**'
-      - tsconfig.json
-      - package.json
-      - yarn.lock
+on: 
+  workflow_dispatch:
+  push:
 
 env:
   IMAGE_NAME: alpine:3.10.1
@@ -26,23 +21,14 @@ jobs:
       run: yarn run build
 
     - name: Pull docker image
-      run: docker pull alpine:3.10.3
+      run: docker pull ${{ env.IMAGE_NAME }}
 
     - uses: ./
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
-        image: alpine:3.10.1
+        image: ${{ env.IMAGE_NAME }}
         issue_label: trivy,vulnerability,test
         issue_title: Security Alert Test
-        issue_assignee: homoluctus
-
-    - uses: homoluctus/[email protected]
-      if: always()
-      with:
-        type: ${{ job.status }}
-        job_name: ':ts: *test gitrivy (test1)*'
-        channel: '#develop'
-        url: ${{ secrets.SLACK_WEBHOOK }}
 
   test2:
     name: Test for getting image name from enviroment variable
@@ -57,22 +43,13 @@ jobs:
         run: yarn run build
 
       - name: Pull docker image
-        run: docker pull alpine:3.10.3
+        run: docker pull ${{ env.IMAGE_NAME }}
 
       - uses: ./
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           issue_label: trivy,vulnerability,test
           issue_title: Security Alert Test
-          issue_assignee: homoluctus
-
-      - uses: homoluctus/[email protected]
-        if: always()
-        with:
-          type: ${{ job.status }}
-          job_name: ':ts: *test gitrivy (test2)*'
-          channel: '#develop'
-          url: ${{ secrets.SLACK_WEBHOOK }}
 
   test3:
     name: Test not to create issue
@@ -87,16 +64,8 @@ jobs:
         run: yarn run build
 
       - name: Pull docker image
-        run: docker pull alpine:3.10.3
+        run: docker pull ${{ env.IMAGE_NAME }}
 
       - uses: ./
         with:
           issue: 'false'
-
-      - uses: homoluctus/[email protected]
-        if: always()
-        with:
-          type: ${{ job.status }}
-          job_name: ':ts: *test gitrivy (test3)*'
-          channel: '#develop'
-          url: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/.github/workflows/fork-sync.yml b/.github/workflows/fork-sync.yml
@@ -0,0 +1,20 @@
+name: Fork Sync
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 4 * * MON'
+
+jobs:
+  sync:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: tgymnich/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          base: master
+          head: main
+          auto_approve: true
+          personal_token: ${{ secrets.BOT_GITHUB_TOKEN }}
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -0,0 +1,14 @@
+name: Release Drafter
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  update_release_draft:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: release-drafter/release-drafter@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/unittest.yml b/.github/workflows/unittest.yml
@@ -14,9 +14,9 @@ jobs:
     name: Test with jest
     runs-on: ubuntu-18.04
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2.3.4
 
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v2.1.5
         with:
           node-version: '12.x'
 

diff --git a/README.md b/README.md
@@ -24,6 +24,7 @@ If vulnerabilities are found by Trivy, it creates the following GitHub Issue.
 |issue_title|False|Security Alert|Issue title|
 |issue_label|False|trivy,vulnerability|Issue label (separated by commma)|
 |issue_assignee|False|N/A|Issue assignee (separated by commma)|
+|fail_on_vulnerabilities|False|false|Whether the action should fail if any vulnerabilities were found.|
 
 ### Outputs
 

diff --git a/action.yml b/action.yml
@@ -39,6 +39,10 @@ inputs:
   issue_assignee:
     description: 'Issue assignee (separated by commma)'
     required: false
+  fail_on_vulnerabilities:
+    description: Whether the action should fail if a vulnerability was found
+    default: 'false'
+    required: false
 
 outputs:
   issue_number: