From 355d1e66ddac4ee61cca812e9854984c2a74cc0e Mon Sep 17 00:00:00 2001 From: Kreyren Date: Mon, 24 Feb 2020 00:44:01 +0000 Subject: [PATCH] sasaasgd --- .../test.yml | 0 .github/{workflows.krey => workflows}/CPP.yml | 0 .../{workflows.krey => workflows}/Jekyll.yml | 0 .../Jekyll_publish.yml | 0 .../{workflows.krey => workflows}/Vlang.yml | 0 .../{workflows.krey => workflows}/bash.yml | 0 .../{workflows.krey => workflows}/clang.yml | 0 .github/workflows/dockerfile.yml | 24 +++++ .../greetings.yml | 0 .../label-maker.yml | 0 .../{workflows.krey => workflows}/labeler.yml | 0 .../markdown.yml | 0 .../{workflows.krey => workflows}/python.yml | 88 ++++++++++++++++++- .../rustlang.yml | 0 .../{workflows.krey => workflows}/shell.yml | 0 .../{workflows.krey => workflows}/stale.yml | 0 .hadolint.yml | 5 ++ bandit.yml | 2 + 18 files changed, 117 insertions(+), 2 deletions(-) rename .github/{workflows => workflows.disabled}/test.yml (100%) rename .github/{workflows.krey => workflows}/CPP.yml (100%) rename .github/{workflows.krey => workflows}/Jekyll.yml (100%) rename .github/{workflows.krey => workflows}/Jekyll_publish.yml (100%) rename .github/{workflows.krey => workflows}/Vlang.yml (100%) rename .github/{workflows.krey => workflows}/bash.yml (100%) rename .github/{workflows.krey => workflows}/clang.yml (100%) create mode 100644 .github/workflows/dockerfile.yml rename .github/{workflows.krey => workflows}/greetings.yml (100%) rename .github/{workflows.krey => workflows}/label-maker.yml (100%) rename .github/{workflows.krey => workflows}/labeler.yml (100%) rename .github/{workflows.krey => workflows}/markdown.yml (100%) rename .github/{workflows.krey => workflows}/python.yml (80%) rename .github/{workflows.krey => workflows}/rustlang.yml (100%) rename .github/{workflows.krey => workflows}/shell.yml (100%) rename .github/{workflows.krey => workflows}/stale.yml (100%) create mode 100644 .hadolint.yml create mode 100644 bandit.yml diff --git a/.github/workflows/test.yml b/.github/workflows.disabled/test.yml similarity index 100% rename from .github/workflows/test.yml rename to .github/workflows.disabled/test.yml diff --git a/.github/workflows.krey/CPP.yml b/.github/workflows/CPP.yml similarity index 100% rename from .github/workflows.krey/CPP.yml rename to .github/workflows/CPP.yml diff --git a/.github/workflows.krey/Jekyll.yml b/.github/workflows/Jekyll.yml similarity index 100% rename from .github/workflows.krey/Jekyll.yml rename to .github/workflows/Jekyll.yml diff --git a/.github/workflows.krey/Jekyll_publish.yml b/.github/workflows/Jekyll_publish.yml similarity index 100% rename from .github/workflows.krey/Jekyll_publish.yml rename to .github/workflows/Jekyll_publish.yml diff --git a/.github/workflows.krey/Vlang.yml b/.github/workflows/Vlang.yml similarity index 100% rename from .github/workflows.krey/Vlang.yml rename to .github/workflows/Vlang.yml diff --git a/.github/workflows.krey/bash.yml b/.github/workflows/bash.yml similarity index 100% rename from .github/workflows.krey/bash.yml rename to .github/workflows/bash.yml diff --git a/.github/workflows.krey/clang.yml b/.github/workflows/clang.yml similarity index 100% rename from .github/workflows.krey/clang.yml rename to .github/workflows/clang.yml diff --git a/.github/workflows/dockerfile.yml b/.github/workflows/dockerfile.yml new file mode 100644 index 0000000..f0551eb --- /dev/null +++ b/.github/workflows/dockerfile.yml @@ -0,0 +1,24 @@ +name: Dockerfile + +# Relevant to events - https://help.github.com/en/actions/automating-your-workflow-with-github-actions/events-that-trigger-workflows +on: + pull_request: + types: [synchronize, opened, reopened, ready_for_review] + paths: + - '**.Dockerfile' + +jobs: + # Linting + lint: + runs-on: ubuntu-latest + steps: + - uses: docker://hadolint/hadolint:latest + - uses: actions/checkout@v2 + # - name: Installing dependencies.. + # run: if ! apt list --installed | grep -qP "^hadolint -"; then apt install -y hadolint; fi + - name: Linting.. + run: | + cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.Dockerfile$'); do + printf 'checking dockerfile %s using hadolint\n' "$file" + hadolint "$file" + done \ No newline at end of file diff --git a/.github/workflows.krey/greetings.yml b/.github/workflows/greetings.yml similarity index 100% rename from .github/workflows.krey/greetings.yml rename to .github/workflows/greetings.yml diff --git a/.github/workflows.krey/label-maker.yml b/.github/workflows/label-maker.yml similarity index 100% rename from .github/workflows.krey/label-maker.yml rename to .github/workflows/label-maker.yml diff --git a/.github/workflows.krey/labeler.yml b/.github/workflows/labeler.yml similarity index 100% rename from .github/workflows.krey/labeler.yml rename to .github/workflows/labeler.yml diff --git a/.github/workflows.krey/markdown.yml b/.github/workflows/markdown.yml similarity index 100% rename from .github/workflows.krey/markdown.yml rename to .github/workflows/markdown.yml diff --git a/.github/workflows.krey/python.yml b/.github/workflows/python.yml similarity index 80% rename from .github/workflows.krey/python.yml rename to .github/workflows/python.yml index 00cf785..f9be4a4 100644 --- a/.github/workflows.krey/python.yml +++ b/.github/workflows/python.yml @@ -58,7 +58,7 @@ jobs: pip install pytest # FIXME: False triggers on files which names continues after set extension cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.py$'); do pytest "$file"; done - lint-window-python-3_5: + lint-windows-python-3_5: runs-on: windows-latest steps: - uses: actions/checkout@v2 @@ -82,6 +82,27 @@ jobs: pip install pytest # FIXME: False triggers on files which names continues after set extension cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.py$'); do pytest "$file"; done + security-check-python-3_5: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Configuring backend.. + uses: actions/setup-python@v1 + with: + python-version: 3.5 + - name: Installing python dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + - name: Installing linting dependencies + run: | + if apt list --installed | grep -qP "^bandit -"; then sudo apt install -y bandit; fi + - name: Linting.. + run: | + cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.py$'); do + printf 'checking python file %s for security issues\n' "$file" + bandit "$file" + done # Linting 3.6 lint-linux-python-3_6: @@ -156,6 +177,27 @@ jobs: pip install pytest # FIXME: False triggers on files which names continues after set extension cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.py$'); do pytest "$file"; done + security-check-python-3_6: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Configuring backend.. + uses: actions/setup-python@v1 + with: + python-version: 3.6 + - name: Installing python dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + - name: Installing linting dependencies + run: | + if apt list --installed | grep -qP "^bandit -"; then sudo apt install -y bandit; fi + - name: Linting.. + run: | + cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.py$'); do + printf 'checking python file %s for security issues\n' "$file" + bandit "$file" + done # Linting 3.7 lint-linux-python-3_7: @@ -230,6 +272,27 @@ jobs: pip install pytest # FIXME: False triggers on files which names continues after set extension cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.py$'); do pytest "$file"; done + security-check-python-3_7: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Configuring backend.. + uses: actions/setup-python@v1 + with: + python-version: 3.7 + - name: Installing python dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + - name: Installing linting dependencies + run: | + if apt list --installed | grep -qP "^bandit -"; then sudo apt install -y bandit; fi + - name: Linting.. + run: | + cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.py$'); do + printf 'checking python file %s for security issues\n' "$file" + bandit "$file" + done # Linting 3.8 lint-linux-python-3_8: @@ -303,4 +366,25 @@ jobs: run: | pip install pytest # FIXME: False triggers on files which names continues after set extension - cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.py$'); do pytest "$file"; done \ No newline at end of file + cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.py$'); do pytest "$file"; done + security-check-python-3_8: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Configuring backend.. + uses: actions/setup-python@v1 + with: + python-version: 3.8 + - name: Installing python dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + - name: Installing linting dependencies + run: | + if apt list --installed | grep -qP "^bandit -"; then sudo apt install -y bandit; fi + - name: Linting.. + run: | + cd "$GITHUB_WORKSPACE" && for file in $(git ls-tree --name-only -r ${{ github.sha }} | grep '\.py$'); do + printf 'checking python file %s for security issues\n' "$file" + bandit "$file" + done \ No newline at end of file diff --git a/.github/workflows.krey/rustlang.yml b/.github/workflows/rustlang.yml similarity index 100% rename from .github/workflows.krey/rustlang.yml rename to .github/workflows/rustlang.yml diff --git a/.github/workflows.krey/shell.yml b/.github/workflows/shell.yml similarity index 100% rename from .github/workflows.krey/shell.yml rename to .github/workflows/shell.yml diff --git a/.github/workflows.krey/stale.yml b/.github/workflows/stale.yml similarity index 100% rename from .github/workflows.krey/stale.yml rename to .github/workflows/stale.yml diff --git a/.hadolint.yml b/.hadolint.yml new file mode 100644 index 0000000..5c44b0d --- /dev/null +++ b/.hadolint.yml @@ -0,0 +1,5 @@ +trustedRegistries: + - docker.io + - debian + - gitpod + - hadolint \ No newline at end of file diff --git a/bandit.yml b/bandit.yml new file mode 100644 index 0000000..0a1f880 --- /dev/null +++ b/bandit.yml @@ -0,0 +1,2 @@ +# Configuration file for bandit (security check for python) +