From 8c9696bf0eb482619a23d2040c705203827e7f95 Mon Sep 17 00:00:00 2001 From: Alexandre Teles Date: Fri, 30 Sep 2022 19:23:47 -0300 Subject: [PATCH 1/7] feature: add new workflows --- .github/workflows/codeql_analysis.yml | 49 ++++++++++ .github/workflows/dev.yml | 93 +++++++++++++++++++ .../{build_features.yml => features.yml} | 45 +++++++-- .github/workflows/mypy.yml | 26 ++++++ .github/workflows/pull_requests.yml | 89 ++++++++++++++++++ 5 files changed, 294 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/codeql_analysis.yml create mode 100644 .github/workflows/dev.yml rename .github/workflows/{build_features.yml => features.yml} (53%) create mode 100644 .github/workflows/mypy.yml create mode 100644 .github/workflows/pull_requests.yml diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml new file mode 100644 index 0000000..3d77560 --- /dev/null +++ b/.github/workflows/codeql_analysis.yml @@ -0,0 +1,49 @@ +name: "CodeQL" + +on: + push: + branches: [ "main", "dev" ] + pull_request: + branches: [ "main", "dev" ] + schedule: + - cron: '21 13 * * 3' + workflow_dispatch: + inputs: + branch: + description: 'Custom branch' + required: false + default: '' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + if: github.event_name == 'workflow_dispatch' && github.event.inputs.branch != '' + with: + ref: ${{ inputs.branch }} + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml new file mode 100644 index 0000000..ab4ecc1 --- /dev/null +++ b/.github/workflows/dev.yml @@ -0,0 +1,93 @@ +name: Build dev branch + +on: + push: + branches: [ "dev" ] + schedule: + - cron: '24 9 * * 6' + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + IMAGE_TAG: ${{ github.sha }} + +jobs: + + flake8: + name: Code Quality + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.10.6 + uses: actions/setup-python@v1 + with: + python-version: 3.10.6 + - name: Lint with flake8 + run: | + pip install flake8 flake8-html + # stop the build if there are Python syntax errors or undefined names + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + mkdir -p reports/flake8 + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8 + - name: Archive flake8 coverage results + uses: actions/upload-artifact@v1 + with: + name: flake8-coverage-report + path: reports/flake8/ + + security_checks: + needs: pytest + runs-on: ubuntu-latest + name: Security check + steps: + - uses: actions/checkout@v2 + - name: Security Checks (PyCharm Security) + uses: tonybaloney/pycharm-security@master + with: + path: . + + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout Dockerfile + id: checkout + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + + - name: Setup QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all + + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + flavor: | + latest=${{ startsWith(github.ref, 'refs/heads/main') }} + suffix=-${{ github.sha }} + + - name: Build Docker image + id: build + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64/v8 + push: false + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/build_features.yml b/.github/workflows/features.yml similarity index 53% rename from .github/workflows/build_features.yml rename to .github/workflows/features.yml index 5634030..5879ec3 100644 --- a/.github/workflows/build_features.yml +++ b/.github/workflows/features.yml @@ -1,10 +1,10 @@ -name: Test build a feature branch +name: Build a feature branch on: workflow_dispatch: inputs: branch: - description: 'The branch to test build' + description: 'Branch' required: true default: '' @@ -14,6 +14,41 @@ env: IMAGE_TAG: ${{ github.sha }} jobs: + + flake8: + name: Code Quality + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.10 + uses: actions/setup-python@v1 + with: + python-version: 3.10 + - name: Lint with flake8 + run: | + pip install flake8 flake8-html + # stop the build if there are Python syntax errors or undefined names + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + mkdir -p reports/flake8 + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8 + - name: Archive flake8 coverage results + uses: actions/upload-artifact@v1 + with: + name: flake8-coverage-report + path: reports/flake8/ + + security_checks: + needs: pytest + runs-on: ubuntu-latest + name: Security check + steps: + - uses: actions/checkout@v2 + - name: Security Checks (PyCharm Security) + uses: tonybaloney/pycharm-security@master + with: + path: . + build: runs-on: ubuntu-latest permissions: @@ -57,9 +92,3 @@ jobs: push: false tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - - name: Upload image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: ${{ steps.meta.outputs.tags }} - retention_days: "1" \ No newline at end of file diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml new file mode 100644 index 0000000..922f009 --- /dev/null +++ b/.github/workflows/mypy.yml @@ -0,0 +1,26 @@ +name: MyPy Type Checking + +on: + push: + paths: + - '*.py' + +jobs: + mypy: + runs-on: ubuntu-latest + steps: + - name: Setup Python + uses: actions/setup-python@v1 + with: + python-version: 3.10.6 + architecture: x64 + - name: Checkout + uses: actions/checkout@v1 + - name: Install mypy + run: pip install mypy + - name: Run mypy + uses: sasanquaneuf/mypy-github-action@releases/v1 + with: + checkName: 'mypy' + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml new file mode 100644 index 0000000..5dfa49c --- /dev/null +++ b/.github/workflows/pull_requests.yml @@ -0,0 +1,89 @@ +on: + pull_request: + branches: [ "main", "dev" ] + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + IMAGE_TAG: ${{ github.sha }} + +jobs: + + flake8: + name: Code Quality + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.10.6 + uses: actions/setup-python@v1 + with: + python-version: 3.10.6 + - name: Lint with flake8 + run: | + pip install flake8 flake8-html + # stop the build if there are Python syntax errors or undefined names + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + mkdir -p reports/flake8 + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8 + - name: Archive flake8 coverage results + uses: actions/upload-artifact@v1 + with: + name: flake8-coverage-report + path: reports/flake8/ + + security_checks: + needs: pytest + runs-on: ubuntu-latest + name: Security check + steps: + - uses: actions/checkout@v2 + - name: Security Checks (PyCharm Security) + uses: tonybaloney/pycharm-security@master + with: + path: . + + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout Dockerfile + id: checkout + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + + - name: Setup QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all + + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + flavor: | + latest=${{ startsWith(github.ref, 'refs/heads/main') }} + suffix=-${{ github.sha }} + + - name: Build Docker image + id: build + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64/v8 + push: false + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} From 6625718f5ac70df6e866680f429b4d61d7b70e27 Mon Sep 17 00:00:00 2001 From: Alexandre Teles Date: Fri, 30 Sep 2022 19:44:17 -0300 Subject: [PATCH 2/7] fix: inform py version to CodeQL --- .github/workflows/dev.yml | 2 +- .github/workflows/features.yml | 2 +- .github/workflows/pull_requests.yml | 2 +- README.md | 2 +- setup.py | 3 +++ 5 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 setup.py diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index ab4ecc1..938d679 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -38,7 +38,7 @@ jobs: path: reports/flake8/ security_checks: - needs: pytest + needs: flake8 runs-on: ubuntu-latest name: Security check steps: diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index 5879ec3..d0a2df1 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -39,7 +39,7 @@ jobs: path: reports/flake8/ security_checks: - needs: pytest + needs: flake8 runs-on: ubuntu-latest name: Security check steps: diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 5dfa49c..73d3c64 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -34,7 +34,7 @@ jobs: path: reports/flake8/ security_checks: - needs: pytest + needs: flake8 runs-on: ubuntu-latest name: Security check steps: diff --git a/README.md b/README.md index 32b80c7..97d597a 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ![License: AGPLv3](https://img.shields.io/github/license/revanced/revanced-releases-api) ![GitHub last commit](https://img.shields.io/github/last-commit/revanced/revanced-releases-api) -![GitHub Workflow Status](https://img.shields.io/github/workflow/status/revanced/revanced-releases-api/Main%20build) +![GitHub Workflow Status](https://img.shields.io/github/workflow/status/revanced/revanced-releases-api/Build%20dev%20branch) This is a simple API that returns the latest ReVanced releases, patches and contributors. diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..a4ea96c --- /dev/null +++ b/setup.py @@ -0,0 +1,3 @@ +from setuptools import setup + +setup(name="revanced-releases-api", python_requires='>=3.10.6') \ No newline at end of file From 181653ad68d1c22c68f7498299e09b071e108b3c Mon Sep 17 00:00:00 2001 From: Alexandre Teles Date: Fri, 30 Sep 2022 19:52:35 -0300 Subject: [PATCH 3/7] fix: use correct py version for workflows --- .github/workflows/codeql_analysis.yml | 15 ++++++--------- .github/workflows/dev.yml | 3 ++- .github/workflows/features.yml | 3 ++- .github/workflows/mypy.yml | 2 +- .github/workflows/pull_requests.yml | 5 +++-- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml index 3d77560..eb905f0 100644 --- a/.github/workflows/codeql_analysis.yml +++ b/.github/workflows/codeql_analysis.yml @@ -2,17 +2,15 @@ name: "CodeQL" on: push: - branches: [ "main", "dev" ] + branches: [ "dev" ] pull_request: - branches: [ "main", "dev" ] + branches: [ "dev" ] schedule: - cron: '21 13 * * 3' workflow_dispatch: - inputs: - branch: - description: 'Custom branch' - required: false - default: '' + +env: + default_branch: dev jobs: analyze: @@ -31,9 +29,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v3 - if: github.event_name == 'workflow_dispatch' && github.event.inputs.branch != '' with: - ref: ${{ inputs.branch }} + ref: ${{ env.default_branch }} - name: Initialize CodeQL uses: github/codeql-action/init@v2 diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 938d679..b6e2210 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -22,7 +22,7 @@ jobs: - name: Set up Python 3.10.6 uses: actions/setup-python@v1 with: - python-version: 3.10.6 + python-version: 3.10.7 - name: Lint with flake8 run: | pip install flake8 flake8-html @@ -49,6 +49,7 @@ jobs: path: . build: + needs: security_checks runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index d0a2df1..3cc6d83 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -23,7 +23,7 @@ jobs: - name: Set up Python 3.10 uses: actions/setup-python@v1 with: - python-version: 3.10 + python-version: 3.10.7 - name: Lint with flake8 run: | pip install flake8 flake8-html @@ -50,6 +50,7 @@ jobs: path: . build: + needs: security_checks runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml index 922f009..a2eede7 100644 --- a/.github/workflows/mypy.yml +++ b/.github/workflows/mypy.yml @@ -12,7 +12,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v1 with: - python-version: 3.10.6 + python-version: 3.10.7 architecture: x64 - name: Checkout uses: actions/checkout@v1 diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 73d3c64..29cc7f0 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Set up Python 3.10.6 + - name: Set up Python 3.10.7 uses: actions/setup-python@v1 with: - python-version: 3.10.6 + python-version: 3.10.7 - name: Lint with flake8 run: | pip install flake8 flake8-html @@ -45,6 +45,7 @@ jobs: path: . build: + needs: security_checks runs-on: ubuntu-latest permissions: contents: read From 2c83789cd7c780f036be35469312eee62ebe17f1 Mon Sep 17 00:00:00 2001 From: Alexandre Teles Date: Fri, 30 Sep 2022 20:11:59 -0300 Subject: [PATCH 4/7] feat: add trivy scanner to CI --- .github/workflows/dev.yml | 37 ++++++++++------------------- .github/workflows/features.yml | 37 ++++++++++------------------- .github/workflows/main.yml | 12 ++++++++++ .github/workflows/pull_requests.yml | 37 ++++++++++------------------- 4 files changed, 48 insertions(+), 75 deletions(-) diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index b6e2210..2f4e2f6 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -13,32 +13,7 @@ env: IMAGE_TAG: ${{ github.sha }} jobs: - - flake8: - name: Code Quality - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Set up Python 3.10.6 - uses: actions/setup-python@v1 - with: - python-version: 3.10.7 - - name: Lint with flake8 - run: | - pip install flake8 flake8-html - # stop the build if there are Python syntax errors or undefined names - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide - mkdir -p reports/flake8 - flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8 - - name: Archive flake8 coverage results - uses: actions/upload-artifact@v1 - with: - name: flake8-coverage-report - path: reports/flake8/ - security_checks: - needs: flake8 runs-on: ubuntu-latest name: Security check steps: @@ -92,3 +67,15 @@ jobs: push: false tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ steps.meta.outputs.tags }} + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' \ No newline at end of file diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index 3cc6d83..b8b83b0 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -14,32 +14,7 @@ env: IMAGE_TAG: ${{ github.sha }} jobs: - - flake8: - name: Code Quality - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Set up Python 3.10 - uses: actions/setup-python@v1 - with: - python-version: 3.10.7 - - name: Lint with flake8 - run: | - pip install flake8 flake8-html - # stop the build if there are Python syntax errors or undefined names - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide - mkdir -p reports/flake8 - flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8 - - name: Archive flake8 coverage results - uses: actions/upload-artifact@v1 - with: - name: flake8-coverage-report - path: reports/flake8/ - security_checks: - needs: flake8 runs-on: ubuntu-latest name: Security check steps: @@ -93,3 +68,15 @@ jobs: push: false tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ steps.meta.outputs.tags }} + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9115554..88bfef2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -63,3 +63,15 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ steps.meta.outputs.tags }} + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' \ No newline at end of file diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 29cc7f0..de1f8f8 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -9,32 +9,7 @@ env: IMAGE_TAG: ${{ github.sha }} jobs: - - flake8: - name: Code Quality - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Set up Python 3.10.7 - uses: actions/setup-python@v1 - with: - python-version: 3.10.7 - - name: Lint with flake8 - run: | - pip install flake8 flake8-html - # stop the build if there are Python syntax errors or undefined names - flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics - # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide - mkdir -p reports/flake8 - flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8 - - name: Archive flake8 coverage results - uses: actions/upload-artifact@v1 - with: - name: flake8-coverage-report - path: reports/flake8/ - security_checks: - needs: flake8 runs-on: ubuntu-latest name: Security check steps: @@ -88,3 +63,15 @@ jobs: push: false tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ steps.meta.outputs.tags }} + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' \ No newline at end of file From 2d6ec6d5e0c5be4a603f9872c2b7e1ad303080e2 Mon Sep 17 00:00:00 2001 From: Alexandre Teles Date: Fri, 30 Sep 2022 20:42:34 -0300 Subject: [PATCH 5/7] fix: try to fix trivy scanner --- .github/workflows/codeql_analysis.yml | 13 +++++++++++++ .github/workflows/dev.yml | 5 ++--- .github/workflows/features.yml | 5 ++--- .github/workflows/pull_requests.yml | 5 ++--- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml index eb905f0..ffe8eb7 100644 --- a/.github/workflows/codeql_analysis.yml +++ b/.github/workflows/codeql_analysis.yml @@ -32,10 +32,23 @@ jobs: with: ref: ${{ env.default_branch }} + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.10.7' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + if [ -f requirements.txt ]; + then pip install -r requirements.txt; + fi + echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV + - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} + setup-python-dependencies: false - name: Autobuild uses: github/codeql-action/autobuild@v2 diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 2f4e2f6..92d9256 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -65,13 +65,12 @@ jobs: file: ./Dockerfile platforms: linux/amd64,linux/arm64/v8 push: false - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + tags: revanced/revanced-releases-api:dev - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: ${{ steps.meta.outputs.tags }} + image-ref: revanced/revanced-releases-api:dev format: 'sarif' output: 'trivy-results.sarif' diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index b8b83b0..a5e7484 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -66,13 +66,12 @@ jobs: file: ./Dockerfile platforms: linux/amd64,linux/arm64/v8 push: false - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + tags: revanced/revanced-releases-api:dev - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: ${{ steps.meta.outputs.tags }} + image-ref: revanced/revanced-releases-api:dev format: 'sarif' output: 'trivy-results.sarif' diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index de1f8f8..ee02c43 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -61,13 +61,12 @@ jobs: file: ./Dockerfile platforms: linux/amd64,linux/arm64/v8 push: false - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + tags: revanced/revanced-releases-api:dev - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: ${{ steps.meta.outputs.tags }} + image-ref: revanced/revanced-releases-api:dev format: 'sarif' output: 'trivy-results.sarif' From 073dd468c22d55865373f0e6bf40c86c6bdb9f1c Mon Sep 17 00:00:00 2001 From: Alexandre Teles Date: Fri, 30 Sep 2022 20:46:58 -0300 Subject: [PATCH 6/7] chore: remove unused files --- setup.py | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 setup.py diff --git a/setup.py b/setup.py deleted file mode 100644 index a4ea96c..0000000 --- a/setup.py +++ /dev/null @@ -1,3 +0,0 @@ -from setuptools import setup - -setup(name="revanced-releases-api", python_requires='>=3.10.6') \ No newline at end of file From c44da582e8987d03937d9477c3c3c47646cd386b Mon Sep 17 00:00:00 2001 From: Alexandre Teles Date: Fri, 30 Sep 2022 20:53:36 -0300 Subject: [PATCH 7/7] fix: remove trivy until we figure it out --- .github/workflows/dev.yml | 15 ++------------- .github/workflows/features.yml | 15 ++------------- .github/workflows/main.yml | 12 ------------ .github/workflows/pull_requests.yml | 15 ++------------- 4 files changed, 6 insertions(+), 51 deletions(-) diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 92d9256..35d507c 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -65,16 +65,5 @@ jobs: file: ./Dockerfile platforms: linux/amd64,linux/arm64/v8 push: false - tags: revanced/revanced-releases-api:dev - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: revanced/revanced-releases-api:dev - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/features.yml b/.github/workflows/features.yml index a5e7484..cc6cb90 100644 --- a/.github/workflows/features.yml +++ b/.github/workflows/features.yml @@ -66,16 +66,5 @@ jobs: file: ./Dockerfile platforms: linux/amd64,linux/arm64/v8 push: false - tags: revanced/revanced-releases-api:dev - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: revanced/revanced-releases-api:dev - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 88bfef2..9115554 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -63,15 +63,3 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ steps.meta.outputs.tags }} - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index ee02c43..c00b953 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -61,16 +61,5 @@ jobs: file: ./Dockerfile platforms: linux/amd64,linux/arm64/v8 push: false - tags: revanced/revanced-releases-api:dev - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: revanced/revanced-releases-api:dev - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }}