diff --git a/.github/workflows/invoke-codeql-analysis.yml b/.github/workflows/invoke-codeql-analysis.yml index 74dd9f0..9c5d1ce 100644 --- a/.github/workflows/invoke-codeql-analysis.yml +++ b/.github/workflows/invoke-codeql-analysis.yml @@ -20,4 +20,19 @@ jobs: actions: "read" contents: "read" security-events: "write" - uses: "hugoalh/hugoalh/.github/workflows/call-invoke-codeql-analysis-0.yml@main" + runs-on: "ubuntu-latest" + steps: + - name: "Checkout Repository" + uses: "actions/checkout@v4.1.7" + with: + fetch-depth: "0" + - name: "Initialize CodeQL" + uses: "github/codeql-action/init@v3.26.6" + with: + queries: "+security-and-quality" + # Automatically build attempts to build any compiled languages. + - name: "Build Repository" + uses: "github/codeql-action/autobuild@v3.26.6" + continue-on-error: true + - name: "Analyze Repository" + uses: "github/codeql-action/analyze@v3.26.6" diff --git a/.github/workflows/invoke-devskim-analysis.yml b/.github/workflows/invoke-devskim-analysis.yml index 1ab39ba..663a2e4 100644 --- a/.github/workflows/invoke-devskim-analysis.yml +++ b/.github/workflows/invoke-devskim-analysis.yml @@ -20,4 +20,15 @@ jobs: actions: "read" contents: "read" security-events: "write" - uses: "hugoalh/hugoalh/.github/workflows/call-invoke-devskim-analysis-0.yml@main" + runs-on: "ubuntu-latest" + steps: + - name: "Checkout Repository" + uses: "actions/checkout@v4.1.7" + with: + fetch-depth: "0" + - name: "Analyze Repository" + uses: "microsoft/DevSkim-Action@v1.0.14" + - name: "Upload Analysis Result" + uses: "github/codeql-action/upload-sarif@v3.26.6" + with: + sarif_file: "devskim-results.sarif" diff --git a/.github/workflows/publish-docker-container-ghp.yml b/.github/workflows/publish-docker-image.yml similarity index 72% rename from .github/workflows/publish-docker-container-ghp.yml rename to .github/workflows/publish-docker-image.yml index 2080c5c..8adce21 100644 --- a/.github/workflows/publish-docker-container-ghp.yml +++ b/.github/workflows/publish-docker-image.yml @@ -1,5 +1,5 @@ # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json -name: "Publish Docker Container - GitHub Packages" +name: "Publish Docker Image" on: push: tags: @@ -22,23 +22,29 @@ env: REGISTRY: "ghcr.io" IMAGE_NAME: "${{github.event.repository.full_name}}" jobs: - main: - name: "Main" + ghp: + name: "GitHub Packages" + permissions: + contents: "read" + packages: "write" runs-on: "ubuntu-latest" steps: - name: "Checkout Repository" uses: "actions/checkout@v4.1.7" - - name: "Sign In To Registry ${{env.REGISTRY}}" + - name: "Setup Docker Buildx" + uses: "docker/setup-buildx-action@v3.6.1" + - name: "Sign In To GitHub Packages" uses: "docker/login-action@v3.3.0" with: - registry: "${{env.REGISTRY}}" + registry: "ghcr.io" username: "${{github.actor}}" password: "${{github.token}}" - - name: "Generate Docker Metadata" - id: "docker-meta" + - name: "Resolve Metadata" + id: "metadata" uses: "docker/metadata-action@v5.5.1" with: - images: "${{env.REGISTRY}}/${{env.IMAGE_NAME}}" + images: |- + name=ghcr.io/${{github.repository}} tags: |- type=raw,enable=${{inputs.tag != ''}},value=${{inputs.tag}} type=raw,enable=${{inputs.latest == 'true'}},value=latest @@ -47,21 +53,25 @@ jobs: type=semver,enable=${{inputs.tag == ''}},pattern={{major}}.{{minor}} type=semver,enable=${{inputs.tag == ''}},pattern={{major}} labels: |- - org.opencontainers.image.authors=${{github.event.repository.owner.login}} + org.opencontainers.image.authors=${{github.repository_owner}} org.opencontainers.image.licenses=MIT org.opencontainers.image.title=Send Discord Webhook (GitHub Action) Image org.opencontainers.image.description=A Docker image for Send Discord Webhook (GitHub Action) to send Discord webhook. - - name: "Build & Push Docker Image" + - name: "Build & Publish Docker Image" uses: "docker/build-push-action@v6.7.0" with: context: "./" file: "Dockerfile" - labels: "${{steps.docker-meta.outputs.labels}}" + labels: "${{steps.metadata.outputs.labels}}" platforms: |- linux/amd64 pull: "true" push: "true" - tags: "${{steps.docker-meta.outputs.tags}}" + tags: "${{steps.metadata.outputs.tags}}" + cache-from: |- + type=gha + cache-to: |- + type=gha,mode=max - name: "List Docker Image" run: |- docker image ls --all --digests --no-trunc diff --git a/.github/workflows/scan-virus.yml b/.github/workflows/scan-virus.yml index 2b2c176..33cc847 100644 --- a/.github/workflows/scan-virus.yml +++ b/.github/workflows/scan-virus.yml @@ -40,13 +40,20 @@ jobs: name: "Main" permissions: contents: "read" - uses: "hugoalh/hugoalh/.github/workflows/call-scan-virus-0.yml@main" - with: - git_integrate: "${{github.event.inputs.git_integrate || 'False'}}" - git_limit: "${{github.event.inputs.git_limit || '0'}}" - git_reverse: "${{github.event.inputs.git_reverse || 'False'}}" - ignores_post: |- - Param($ElementPostMeta) - Return ( - $ElementPostMeta.Path -imatch '^node_modules[\\/]' - ) + runs-on: "ubuntu-latest" + steps: + - name: "Checkout Repository" + uses: "actions/checkout@v4.1.7" + with: + fetch-depth: "0" + - name: "Scan Repository" + uses: "hugoalh/scan-virus-ghaction/clamav@v0.20.1" + with: + git_integrate: "${{github.event.inputs.git_integrate || 'False'}}" + git_limit: "${{github.event.inputs.git_limit || '0'}}" + git_reverse: "${{github.event.inputs.git_reverse || 'False'}}" + ignores_post: |- + Param($ElementPostMeta) + Return ( + $ElementPostMeta.Path -imatch '^node_modules[\\/]' + ) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 52ea791..a0ac4cb 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -14,4 +14,12 @@ jobs: contents: "read" issues: "write" pull-requests: "write" - uses: "hugoalh/hugoalh/.github/workflows/call-sync-labels-0.yml@main" + runs-on: "ubuntu-latest" + steps: + - name: "Checkout Repository" + uses: "actions/checkout@v4.1.7" + - name: "Sync Labels" + uses: "EndBug/label-sync@v2.3.3" + with: + config-file: ".github/labels.yml" + delete-other-labels: "true"