Skip to content

Commit

Permalink
Merge branch 'main' into narumigsa-patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
narumigsa authored Jul 31, 2024
2 parents 8762234 + df4d880 commit 9f218cc
Show file tree
Hide file tree
Showing 13 changed files with 321 additions and 19 deletions.
99 changes: 99 additions & 0 deletions .github/workflows/megalinter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
---
name: MegaLinter

# yamllint disable-line rule:truthy
on:
# Triggers mega-linter when a pull_request event's activity type is opened, synchronize, or reopened by default.
pull_request:
branches:
- main
workflow_dispatch:


permissions:
contents: write
issues: write
pull-requests: write

env:
# Comment env block if you do not want to apply fixes
# Apply linter fixes configuration
APPLY_FIXES: none # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
APPLY_FIXES_EVENT: all # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all)
APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request)

concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true

jobs:
build:
name: MegaLinter
runs-on: ubuntu-latest
permissions: write-all
steps:
# Git Checkout
- name: Checkout Code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
fetch-depth: 0

# MegaLinter
- name: MegaLinter
id: ml
uses: oxsecurity/megalinter/flavors/javascript@bacb5f8674e3730b904ca4d20c8bd477bc51b1a7 # [email protected]
env:
VALIDATE_ALL_CODEBASE: true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

# Upload MegaLinter artifacts
- name: Archive production artifacts
if: always()
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # pin@v3
with:
name: MegaLinter reports
path: |
megalinter-reports
megalinter-reports/megalinter.log
# Create pull request if applicable (for now works only on PR from same repository, not from forks)
- name: Create Pull Request with applied fixes
id: cpr
if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
uses: peter-evans/create-pull-request@4e1beaa7521e8b457b572c090b25bd3db56bf1c5 # pin@v5
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
commit-message: "[MegaLinter] Apply linters automatic fixes"
title: "[MegaLinter] Apply linters automatic fixes"
labels: bot
- name: Create PR output
if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
run: |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
# Push new commit if applicable (for now works only on PR from same repository, not from forks)
- name: Prepare commit
if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
run: sudo chown -Rc $UID .git/
- name: Commit and push applied linter fixes
if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository)
uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # pin@v5
with:
branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
commit_message: "[MegaLinter] Apply linters fixes"
commit_user_name: megalinter-bot
commit_user_email: [email protected]

- name: Check to see if the SARIF a was generated
id: sarif_file_exists
uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # pin@v2
with:
files: "megalinter-reports/megalinter-report.sarif"

- name: Upload MegaLinter scan results to GitHub Security tab
if: steps.sarif_file_exists.outputs.files_exists == 'true'
uses: github/codeql-action/upload-sarif@3e0e84636c6f5df46a2cb232ae1dd1384713150d # pin@v2
with:
sarif_file: "megalinter-reports/megalinter-report.sarif"
22 changes: 17 additions & 5 deletions .github/workflows/pa11y.yml
Original file line number Diff line number Diff line change
@@ -1,16 +1,28 @@
---
name: Pa11y Testing

on: [pull_request]
# yamllint disable-line rule:truthy
on: [ pull_request ]

Check failure on line 5 in .github/workflows/pa11y.yml

View workflow job for this annotation

GitHub Actions / MegaLinter

5:6 [brackets] too many spaces inside brackets

Check failure on line 5 in .github/workflows/pa11y.yml

View workflow job for this annotation

GitHub Actions / MegaLinter

5:19 [brackets] too many spaces inside brackets

permissions:
contents: write
issues: write
pull-requests: write

concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true

jobs:
build:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3

- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3

- name: Use Node
uses: actions/setup-node@v3
uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # pin@v3
with:
node-version: '17.x'

Expand Down
18 changes: 11 additions & 7 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,22 @@
---
# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security

# yamllint disable-line rule:truthy
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# To guarantee Maintained check is occasionally updated. See
branch_protection_rule: # To guarantee Maintained check is occasionally updated. See

# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: '43 7 * * 3'
push:
branches: [ "main" ]
branches:
- "main"

# Declare default permissions as read only.
permissions: read-all
Expand All @@ -32,12 +36,12 @@ jobs:

steps:
- name: "Checkout code"
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4.1.7
with:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # pin@v2.4.0
with:
results_file: results.sarif
results_format: sarif
Expand All @@ -59,14 +63,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # [email protected]
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # pin@v3
with:
sarif_file: results.sarif
15 changes: 8 additions & 7 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,19 @@
name: Build and Test

# yamllint disable-line rule:truthy
on:
on:
pull_request:


jobs:
build:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3

- name: Use Node
uses: actions/setup-node@v3
uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # pin@v3
with:
node-version: '17.x'

Expand All @@ -23,5 +24,5 @@ jobs:
- name: Build site
run: npm run build

# - name: Run tests
# run: npm run test
# - name: Run tests
# run: npm run test
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -120,3 +120,6 @@ web_modules/
_site
public
node_modules

megalinter-reports
reports
21 changes: 21 additions & 0 deletions .gitleaks.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@

title = "gitleaks config"

[extend]
# useDefault will extend the base configuration with the default gitleaks config:
# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
useDefault = true

[allowlist]
description = "Allowlisted files"
paths = [
'''.automation/test''',
'''megalinter-reports''',
'''.github/linters''',
'''node_modules''',
'''.mypy_cache''',
'''(.*?)gitleaks\.toml$''',
'''(?i)(.*?)(png|jpeg|jpg|gif|doc|docx|pdf|bin|xls|xlsx|pyc|zip)$''',
'''(go.mod|go.sum)$''']


14 changes: 14 additions & 0 deletions .grype.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
fail-on-severity: "high"

exclude:
- './node_modules/**'
- './.git/**'
- './.github/**'
- './_site/**'

ignore:

# Ignored by default; disputed and unwarranted CVE that causes Megalinter to fail
# @link https://nvd.nist.gov/vuln/detail/CVE-2018-20225
- vulnerability: CVE-2018-20225
10 changes: 10 additions & 0 deletions .markdown-link-check.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"retryOn429": true,
"retryCount": 5,
"aliveStatusCodes": [200, 203],
"ignorePatterns": [
{
"pattern": "^https?://github.com/"
}
]
}
27 changes: 27 additions & 0 deletions .markdownlint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---
blanks-around-fences: false
blanks-around-headings: false
blanks-around-lists: false
code-fence-style: false
emphasis-style: false
heading-start-left: false
hr-style: false
list-indent: false
list-marker-space: false
no-blanks-blockquote: false
no-hard-tabs: false
no-missing-space-atx: false
no-missing-space-closed-atx: false
no-multiple-blanks: false
no-multiple-space-atx: false
no-multiple-space-blockquote: false
no-multiple-space-closed-atx: false
no-trailing-spaces: false
ol-prefix: false
strong-style: false
ul-indent: false

MD013:
line_length: 999
heading_line_length: 999
code_block_line_length: 999
57 changes: 57 additions & 0 deletions .mega-linter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
---
# don't test the reports Mega-Linter created, docs, or test files
ADDITIONAL_EXCLUDED_DIRECTORIES: [
report,
megalinter-reports,
docs,
node_modules,
_site,
]

# don't lint test files or documentation
FILTER_REGEX_EXCLUDE: (.venv/|/test/|\.test\.|_test\.|/docs/|/index.html|.github/.*\.html)

# don't scan files listed in .gitignore (e.g., node_modules)
IGNORE_GITIGNORED_FILES: true

# Disable devskim as it's reporting an error with no log message
DISABLE_LINTERS:
[
REPOSITORY_DEVSKIM,
SPELL_MISSPELL,
SPELL_CSPELL,
SPELL_PROSELINT,
COPYPASTE_JSCPD,
BASH_EXEC,
]

# only scan new / updated files, not everything
VALIDATE_ALL_CODEBASE: true

# don't print the alpaca -- it's cute, but we don't need it in the logs
PRINT_ALPACA: false

# write a SARIF file
SARIF_REPORTER: true

# don't fail on finding (yet)
DISABLE_ERRORS: true

# use prettier for JavaScript code formatting
JAVASCRIPT_DEFAULT_STYLE: prettier

# only scan the files in This commit, not the entire history of the repo
REPOSITORY_GITLEAKS_ARGUMENTS: --no-git

# don't lint the generated code in the docs/ directory
REPOSITORY_DEVSKIM_ARGUMENTS: "--skip-git-ignored-files"

# shfmt will..
# - use multiples of 2 spaces for indenting
# - alllow binary operations to start new lines
# - indent switch case statements
# - place spaces around redirections
# - keep column alignment padding
BASH_SHFMT_ARGUMENTS: -i 2 -bn -ci -sr -kp

REPOSITORY_TRUFFLEHOG_ARGUMENTS: "--exclude-paths=.trufflehogignore"
Loading

0 comments on commit 9f218cc

Please sign in to comment.