actions/code-coverage-summary
1
0
Fork 0
mirror of https://github.com/irongut/CodeCoverageSummary.git synced 2026-05-14 14:10:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: actions/code-coverage-summary:secure-workflow-policy
Branches Tags
actions/code-coverage-summary:master actions/code-coverage-summary:dependabot/nuget/src/CodeCoverageSummary/Microsoft.Extensions.FileSystemGlobbing-10.0.8 actions/code-coverage-summary:dependabot/github_actions/docker/setup-buildx-action-4.0.0 actions/code-coverage-summary:dependabot/github_actions/actions/stale-10.2.0 actions/code-coverage-summary:dependabot/github_actions/sigstore/cosign-installer-b5e753ae2d39589c7b38850b463739151fc67f07 actions/code-coverage-summary:dependabot/github_actions/step-security/harden-runner-2.19.0 actions/code-coverage-summary:dependabot/github_actions/actions/labeler-6.0.1 actions/code-coverage-summary:secure-workflow-policy
actions/code-coverage-summary:v1.3.0 actions/code-coverage-summary:v1.3.0-beta actions/code-coverage-summary:v1.2.0 actions/code-coverage-summary:v1.2.0-beta actions/code-coverage-summary:v1.1.0 actions/code-coverage-summary:v1.1.0-beta actions/code-coverage-summary:v1.0.5 actions/code-coverage-summary:v1.0.4 actions/code-coverage-summary:v1.0.3 actions/code-coverage-summary:v1.0.2 actions/code-coverage-summary:v1.0.1 actions/code-coverage-summary:v1.0
..
compare: actions/code-coverage-summary:dependabot/nuget/src/CodeCoverageSummary/Microsoft.Extensions.FileSystemGlobbing-10.0.8
Branches Tags
actions/code-coverage-summary:dependabot/nuget/src/CodeCoverageSummary/Microsoft.Extensions.FileSystemGlobbing-10.0.8 actions/code-coverage-summary:dependabot/github_actions/docker/setup-buildx-action-4.0.0 actions/code-coverage-summary:dependabot/github_actions/actions/stale-10.2.0 actions/code-coverage-summary:dependabot/github_actions/sigstore/cosign-installer-b5e753ae2d39589c7b38850b463739151fc67f07 actions/code-coverage-summary:dependabot/github_actions/step-security/harden-runner-2.19.0 actions/code-coverage-summary:dependabot/github_actions/actions/labeler-6.0.1 actions/code-coverage-summary:master actions/code-coverage-summary:secure-workflow-policy
actions/code-coverage-summary:v1.3.0 actions/code-coverage-summary:v1.3.0-beta actions/code-coverage-summary:v1.2.0 actions/code-coverage-summary:v1.2.0-beta actions/code-coverage-summary:v1.1.0 actions/code-coverage-summary:v1.1.0-beta actions/code-coverage-summary:v1.0.5 actions/code-coverage-summary:v1.0.4 actions/code-coverage-summary:v1.0.3 actions/code-coverage-summary:v1.0.2 actions/code-coverage-summary:v1.0.1 actions/code-coverage-summary:v1.0

47 Commits
secure-workflow-policy .. dependabot/nuget/src/CodeCoverageSummary/Microsoft.Extensions.FileSystemGlobbing-10.0.8

Author SHA1 Message Date
dependabot[bot] 288db1afbd Bump Microsoft.Extensions.FileSystemGlobbing from 6.0.0 to 10.0.8 
---
updated-dependencies:
- dependency-name: Microsoft.Extensions.FileSystemGlobbing
  dependency-version: 10.0.8
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-13 01:16:02 +00:00
irongut f138489648 merge PR #101 from dependabot/actions/cosign-installer-2.8.1 
Bump sigstore/cosign-installer from 2.8.0 to 2.8.1
 2022-10-20 02:38:15 +01:00
dependabot[bot] 9986579715 Bump sigstore/cosign-installer from 2.8.0 to 2.8.1 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/7cc35d7fdbe70d4278a0c96779081e6fac665f88...9becc617647dfa20ae7b1151972e9b3a2c338a2b)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-18 23:44:08 +00:00
irongut 2b7bf99d3d merge PR #93 from dependabot/actions/cosign-installer-2.8.0 
Bump sigstore/cosign-installer from 2.5.1 to 2.8.0
 2022-10-18 23:59:20 +01:00
irongut 6381a94beb merge PR #87 from ependabot/actions/harden-runner-1.5.0 
Bump step-security/harden-runner from 1.4.5 to 1.5.0
 2022-10-18 23:57:41 +01:00
irongut 064d8225cf merge PR #98 from dependabot/actions/setup-buildx-action-2.2.1 
Bump docker/setup-buildx-action from 2.0.0 to 2.2.1
 2022-10-18 23:56:50 +01:00
irongut dc0965bfd6 merge PR #100 from dependabot/actions/build-push-action-3.2.0 
Bump docker/build-push-action from 3.1.1 to 3.2.0
 2022-10-18 23:55:53 +01:00
irongut c76d28851c merge PR #99 from dependabot/actions/metadata-action-4.1.1 
Bump docker/metadata-action from 4.0.1 to 4.1.1
 2022-10-18 23:54:52 +01:00
dependabot[bot] 249f92f672 Bump docker/build-push-action from 3.1.1 to 3.2.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/c84f38281176d4c9cdb1626ffafcd6b3911b5d94...c56af957549030174b10d6867f20e78cfd7debc5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-18 22:53:07 +00:00
dependabot[bot] f157e9605b Bump docker/setup-buildx-action from 2.0.0 to 2.2.1 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.0.0 to 2.2.1.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/dc7b9719a96d48369863986a06765841d7ea23f6...8c0edbc76e98fa90f69d9a2c020dcb50019dc325)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-18 22:52:55 +00:00
irongut e4fa71f987 merge PR #97 from dependabot/actions/labeler-4.0.2 
Bump actions/labeler from 4.0.1 to 4.0.2
 2022-10-18 23:52:45 +01:00
dependabot[bot] 6c9b394cdc Bump docker/metadata-action from 4.0.1 to 4.1.1 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4.0.1 to 4.1.1.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a...57396166ad8aefe6098280995947635806a0e6ea)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-18 22:52:24 +00:00
irongut 79572a8bdc merge PR #95 from dependabot/actions/login-action-2.1.0 
Bump docker/login-action from 2.0.0 to 2.1.0
 2022-10-18 23:52:01 +01:00
irongut 7086c364c7 merge PR #96 from dependabot/actions/codeql-action-2.1.28 
Bump github/codeql-action from 2.1.22 to 2.1.28
 2022-10-18 23:51:25 +01:00
dependabot[bot] 159f0d3f03 Bump github/codeql-action from 2.1.22 to 2.1.28 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.22 to 2.1.28.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b398f525a5587552e573b247ac661067fafa920b...cc7986c02bac29104a72998e67239bb5ee2ee110)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-18 21:36:07 +00:00
dependabot[bot] b371d8d706 Bump sigstore/cosign-installer from 2.5.1 to 2.8.0 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.5.1 to 2.8.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/b3413d484cc23cf8778c3d2aa361568d4eb54679...7cc35d7fdbe70d4278a0c96779081e6fac665f88)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-18 21:35:54 +00:00
dependabot[bot] e58ef3d225 Bump actions/labeler from 4.0.1 to 4.0.2 
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/e54e5b338fbd6e6cdb5d60f51c22335fc57c401e...5c7539237e04b714afd8ad9b4aed733815b9fab4)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-18 21:35:43 +00:00
irongut 8be1ea7dcd merge PR #91 from dependabot/actions/checkout-3.1.0 
Bump actions/checkout from 3.0.2 to 3.1.0
 2022-10-18 22:35:09 +01:00
dependabot[bot] df694edd1f Bump actions/checkout from 3.0.2 to 3.1.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/2541b1294d2704b0964813337f33b291d3f8596b...93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-18 21:23:41 +00:00
dependabot[bot] 389bb15050 Bump docker/login-action from 2.0.0 to 2.1.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/49ed152c8eca782a232dede0303416e8f356c37b...f4ef78c080cd8ba55a85445d5b36e214a81df20a)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-18 21:23:22 +00:00
irongut f9552f243d merge PR #94 from dependabot/actions/setup-dotnet-3.0.2 
Bump actions/setup-dotnet from 2.1.0 to 3.0.2
 2022-10-18 22:22:54 +01:00
dependabot[bot] 22531c6a84 Bump actions/setup-dotnet from 2.1.0 to 3.0.2 
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 2.1.0 to 3.0.2.
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](https://github.com/actions/setup-dotnet/compare/c0d4ad69d8bd405d234f1c9166d383b7a4f69ed8...4d4a70f4a5b2a5a5329f13be4ac933f2c9206ac0)

---
updated-dependencies:
- dependency-name: actions/setup-dotnet
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-13 23:39:24 +00:00
dependabot[bot] 32b97a380b Bump step-security/harden-runner from 1.4.5 to 1.5.0 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 1.4.5 to 1.5.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/dd2c410b088af7c0dc8046f3ac9a8f4148492a95...2e205a28d0e1da00c5f53b161f4067b052c61f34)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-30 00:00:38 +00:00
irongut 58d593b91d merge PR #80 from dependabot/actions/codeql-action-2.1.22 
Bump github/codeql-action from 2.1.21 to 2.1.22
 2022-09-09 20:54:51 +01:00
dependabot[bot] b7e4620db9 Bump github/codeql-action from 2.1.21 to 2.1.22 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.21 to 2.1.22.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/c7f292ea4f542c473194b33813ccd4c207a6c725...b398f525a5587552e573b247ac661067fafa920b)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-01 23:57:22 +00:00
irongut 835f52dd6d merge PR #77 from dependabot/actions/codeql-action-2.1.21 
Bump github/codeql-action from 2.1.19 to 2.1.21
 2022-08-26 20:22:53 +01:00
dependabot[bot] 57a8504803 Bump github/codeql-action from 2.1.19 to 2.1.21 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.19 to 2.1.21.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f5d217be74900c6ac8fbbe53f3c10376ba4e64da...c7f292ea4f542c473194b33813ccd4c207a6c725)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-25 23:41:40 +00:00
irongut de3bf184e8 merge PR #71 from dependabot/actions/assign-one-project-github-action 
Bump srggrs/assign-one-project-github-action from 4d59cc619499b55ca689fb13cfcc72324a8b8435 to 1.3.1
 2022-08-21 16:36:45 +01:00
irongut 0adb7a5e81 merge PR #72 from dependabot/actions/labeler 
Bump actions/labeler from 472c5d3aaacde439785e94966eb2e545627f4935 to 4.0.1
 2022-08-21 16:35:59 +01:00
irongut 193c3d52d4 merge PR #73 from dependabot/actions/cosign-installer 
Bump sigstore/cosign-installer from c68f43abf1ae5df2528c9c250088fa14ed2d0ef5 to 2.5.1
 2022-08-21 16:35:32 +01:00
irongut 4472978224 merge PR #67 from dependabot/Microsoft.VisualStudio.Azure.Containers.Tools.Targets-1.17.0 
Bump Microsoft.VisualStudio.Azure.Containers.Tools.Targets from 1.16.1 to 1.17.0 in /src
 2022-08-21 16:35:00 +01:00
irongut ad8e33903c merge PR #70 from dependabot/actions/checkout-3.0.2 
Bump actions/checkout from 2 to 3.0.2
 2022-08-21 16:34:26 +01:00
irongut b4e48dcc98 merge PR #74 from dependabot/actions/codeql-action 
Update github/codeql-action requirement to f5d217be74900c6ac8fbbe53f3c10376ba4e64da
 2022-08-21 16:33:29 +01:00
dependabot[bot] 2cba9cd8f8 Update github/codeql-action requirement to f5d217be74900c6ac8fbbe53f3c10376ba4e64da 
Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action) to permit the latest version.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/commits/f5d217be74900c6ac8fbbe53f3c10376ba4e64da)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-19 23:46:13 +00:00
dependabot[bot] 31b2f90c53 Bump sigstore/cosign-installer 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from c68f43abf1ae5df2528c9c250088fa14ed2d0ef5 to 2.5.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/c68f43abf1ae5df2528c9c250088fa14ed2d0ef5...b3413d484cc23cf8778c3d2aa361568d4eb54679)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-19 00:44:36 +00:00
dependabot[bot] 3a1aab172a Bump actions/labeler 
Bumps [actions/labeler](https://github.com/actions/labeler) from 472c5d3aaacde439785e94966eb2e545627f4935 to 4.0.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/472c5d3aaacde439785e94966eb2e545627f4935...e54e5b338fbd6e6cdb5d60f51c22335fc57c401e)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-19 00:44:33 +00:00
dependabot[bot] 80e8804405 Bump srggrs/assign-one-project-github-action 
Bumps [srggrs/assign-one-project-github-action](https://github.com/srggrs/assign-one-project-github-action) from 4d59cc619499b55ca689fb13cfcc72324a8b8435 to 1.3.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/srggrs/assign-one-project-github-action/releases)
- [Changelog](https://github.com/srggrs/assign-one-project-github-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/srggrs/assign-one-project-github-action/compare/4d59cc619499b55ca689fb13cfcc72324a8b8435...65a8ddab497df42ef268001e67bbf976f8fd39e1)

---
updated-dependencies:
- dependency-name: srggrs/assign-one-project-github-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-19 00:44:30 +00:00
dependabot[bot] be73105298 Bump actions/checkout from 2 to 3.0.2 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...2541b1294d2704b0964813337f33b291d3f8596b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-19 00:44:27 +00:00
dependabot[bot] 9dd4a48e5d Bump Microsoft.VisualStudio.Azure.Containers.Tools.Targets in /src 
Bumps Microsoft.VisualStudio.Azure.Containers.Tools.Targets from 1.16.1 to 1.17.0.

---
updated-dependencies:
- dependency-name: Microsoft.VisualStudio.Azure.Containers.Tools.Targets
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-16 23:47:20 +00:00
irongut a989a1acc2 merge PR #65 Add Dockerfile linter 
PR: Add Dockerfile linter
 2022-08-14 02:17:23 +01:00
irongut b5c414e325 add hadolint Dockerfile linter 2022-08-14 02:14:19 +01:00
irongut 3d044cdcd5 merge PR #64 from dependabot/actions/harden-runner-1.4.5 
Bump step-security/harden-runner from 1.4.4 to 1.4.5
 2022-08-13 19:23:52 +01:00
irongut 3a7e9990c1 merge PR #63 from dependabot/actions/build-push-action-3.1.1 
Bump docker/build-push-action from 3.1.0 to 3.1.1
 2022-08-13 19:22:48 +01:00
dependabot[bot] 7142272b0a Bump step-security/harden-runner from 1.4.4 to 1.4.5 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 1.4.4 to 1.4.5.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/74b568e8591fbb3115c70f3436a0c6b0909a8504...dd2c410b088af7c0dc8046f3ac9a8f4148492a95)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-12 23:37:51 +00:00
irongut 23dcb1b683 updated readme 2022-08-08 00:19:10 +01:00
dependabot[bot] d5f059c9e5 Bump docker/build-push-action from 3.1.0 to 3.1.1 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/1cb9d22b932e4832bb29793b7777ec860fc1cde0...c84f38281176d4c9cdb1626ffafcd6b3911b5d94)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-05 23:36:29 +00:00
irongut 84eac7e593 merge PR #62 Implement StepSecurity Secure Workflows (policy) 
PR: Implement StepSecurity Secure Workflows (policy)
 2022-08-05 23:57:50 +01:00
11 changed files with 84 additions and 38 deletions
Expand all files Collapse all files
.github/workflows/assign-to-project.yml
+5 -5
View File
@@ -20,35 +20,35 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
with: with:
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
api.github.com:443 api.github.com:443
- name: Assign Issues to Bugs - name: Assign Issues to Bugs
uses: srggrs/assign-one-project-github-action@4d59cc619499b55ca689fb13cfcc72324a8b8435 uses: srggrs/assign-one-project-github-action@65a8ddab497df42ef268001e67bbf976f8fd39e1
if: contains(github.event.issue.labels.*.name, 'bug') if: contains(github.event.issue.labels.*.name, 'bug')
with: with:
project: 'https://github.com/irongut/CodeCoverageSummary/projects/1' project: 'https://github.com/irongut/CodeCoverageSummary/projects/1'
column_name: 'Needs triage' column_name: 'Needs triage'
- name: Assign Issues to Enhancements - name: Assign Issues to Enhancements
uses: srggrs/assign-one-project-github-action@4d59cc619499b55ca689fb13cfcc72324a8b8435 uses: srggrs/assign-one-project-github-action@65a8ddab497df42ef268001e67bbf976f8fd39e1
if: contains(github.event.issue.labels.*.name, 'enhancement') if: contains(github.event.issue.labels.*.name, 'enhancement')
with: with:
project: 'https://github.com/irongut/CodeCoverageSummary/projects/2' project: 'https://github.com/irongut/CodeCoverageSummary/projects/2'
column_name: 'To do' column_name: 'To do'
- name: Assign PRs to Bugs - name: Assign PRs to Bugs
uses: srggrs/assign-one-project-github-action@4d59cc619499b55ca689fb13cfcc72324a8b8435 uses: srggrs/assign-one-project-github-action@65a8ddab497df42ef268001e67bbf976f8fd39e1
if: contains(github.event.pull_request.labels.*.name, 'bug') if: contains(github.event.pull_request.labels.*.name, 'bug')
with: with:
project: 'https://github.com/irongut/CodeCoverageSummary/projects/1' project: 'https://github.com/irongut/CodeCoverageSummary/projects/1'
column_name: 'In Progress' column_name: 'In Progress'
- name: Assign PRs to Enhancements - name: Assign PRs to Enhancements
uses: srggrs/assign-one-project-github-action@4d59cc619499b55ca689fb13cfcc72324a8b8435 uses: srggrs/assign-one-project-github-action@65a8ddab497df42ef268001e67bbf976f8fd39e1
if: contains(github.event.pull_request.labels.*.name, 'enhancement') if: contains(github.event.pull_request.labels.*.name, 'enhancement')
with: with:
project: 'https://github.com/irongut/CodeCoverageSummary/projects/2' project: 'https://github.com/irongut/CodeCoverageSummary/projects/2'
.github/workflows/auto-assign-pr.yml
+1 -1
View File
@@ -13,7 +13,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
with: with:
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
.github/workflows/ci-build.yml
+3 -3
View File
@@ -21,7 +21,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
with: with:
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
@@ -32,10 +32,10 @@ jobs:
github.com:443 github.com:443
- name: Checkout - name: Checkout
uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
- name: Setup .Net - name: Setup .Net
uses: actions/setup-dotnet@c0d4ad69d8bd405d234f1c9166d383b7a4f69ed8 uses: actions/setup-dotnet@4d4a70f4a5b2a5a5329f13be4ac933f2c9206ac0
with: with:
dotnet-version: 6.0.x dotnet-version: 6.0.x
.github/workflows/codeql-scan.yml
+5 -5
View File
@@ -37,7 +37,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
with: with:
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
@@ -50,16 +50,16 @@ jobs:
uploads.github.com:443 uploads.github.com:443
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28 uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@74e8f231851deb9b54c3e408f88638dd39727868 uses: github/codeql-action/init@cc7986c02bac29104a72998e67239bb5ee2ee110
with: with:
languages: ${{ matrix.language }} languages: ${{ matrix.language }}
# queries: security-extended,security-and-quality # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
- name: Setup .Net - name: Setup .Net
uses: actions/setup-dotnet@c0d4ad69d8bd405d234f1c9166d383b7a4f69ed8 uses: actions/setup-dotnet@4d4a70f4a5b2a5a5329f13be4ac933f2c9206ac0
with: with:
dotnet-version: 6.0.x dotnet-version: 6.0.x
@@ -70,4 +70,4 @@ jobs:
run: dotnet build src/CodeCoverageSummary.sln --configuration Release --no-restore /p:UseSharedCompilation=false run: dotnet build src/CodeCoverageSummary.sln --configuration Release --no-restore /p:UseSharedCompilation=false
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@74e8f231851deb9b54c3e408f88638dd39727868 uses: github/codeql-action/analyze@cc7986c02bac29104a72998e67239bb5ee2ee110
.github/workflows/docker-linter.yml
+51
View File
@@ -0,0 +1,51 @@
# hadolint is a Dockerfile linter written in Haskell
# More details at https://github.com/hadolint/hadolint
name: Docker Linter
on:
push:
branches: [ "master" ]
paths-ignore:
- '**/*.md'
- '**/*.gitignore'
- '**/*.gitattributes'
pull_request:
branches: [ "master" ]
workflow_dispatch:
schedule:
- cron: '35 11 * * 0'
permissions:
contents: read
jobs:
hadolint:
name: Run hadolint scan
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout
security-events: write # for github/codeql-action/upload-sarif
steps:
- name: Harden Runner
uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
- name: Run hadolint
uses: hadolint/hadolint-action@f988afea3da57ee48710a9795b6bb677cc901183
with:
dockerfile: ./Dockerfile
format: sarif
output-file: hadolint-results.sarif
no-fail: true
- name: Upload Results
uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110
with:
sarif_file: hadolint-results.sarif
wait-for-processing: true
.github/workflows/mark-stale.yml
+1 -1
View File
@@ -17,7 +17,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
with: with:
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
.github/workflows/pr-labeler.yml
+2 -2
View File
@@ -19,12 +19,12 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
with: with:
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
api.github.com:443 api.github.com:443
- uses: actions/labeler@472c5d3aaacde439785e94966eb2e545627f4935 - uses: actions/labeler@5c7539237e04b714afd8ad9b4aed733815b9fab4
with: with:
repo-token: "${{ secrets.GITHUB_TOKEN }}" repo-token: "${{ secrets.GITHUB_TOKEN }}"
.github/workflows/release-build.yml
+10 -10
View File
@@ -21,7 +21,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
with: with:
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
@@ -32,12 +32,12 @@ jobs:
github.com:443 github.com:443
- name: Checkout - name: Checkout
uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Setup .Net - name: Setup .Net
uses: actions/setup-dotnet@c0d4ad69d8bd405d234f1c9166d383b7a4f69ed8 uses: actions/setup-dotnet@4d4a70f4a5b2a5a5329f13be4ac933f2c9206ac0
with: with:
dotnet-version: 6.0.x dotnet-version: 6.0.x
@@ -62,7 +62,7 @@ jobs:
steps: steps:
- name: Harden Runner - name: Harden Runner
uses: step-security/harden-runner@74b568e8591fbb3115c70f3436a0c6b0909a8504 uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
with: with:
egress-policy: block egress-policy: block
allowed-endpoints: > allowed-endpoints: >
@@ -79,18 +79,18 @@ jobs:
storage.googleapis.com:443 storage.googleapis.com:443
- name: Checkout - name: Checkout
uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
- name: Install Cosign - name: Install Cosign
uses: sigstore/cosign-installer@c68f43abf1ae5df2528c9c250088fa14ed2d0ef5 uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b
with: with:
cosign-release: 'v1.9.0' cosign-release: 'v1.9.0'
- name: Setup Docker Buildx - name: Setup Docker Buildx
uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
@@ -98,13 +98,13 @@ jobs:
- name: Extract Docker metadata - name: Extract Docker metadata
id: meta id: meta
uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea
with: with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build + Push Docker image - name: Build + Push Docker image
id: build-and-push id: build-and-push
uses: docker/build-push-action@1cb9d22b932e4832bb29793b7777ec860fc1cde0 uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5
with: with:
context: . context: .
push: true push: true
.github/workflows/test-linux.yml
+1 -1
View File
@@ -12,7 +12,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
- name: Test Action - name: Test Action
uses: irongut/CodeCoverageSummary@master uses: irongut/CodeCoverageSummary@master
README.md
+3 -8
View File
@@ -20,7 +20,7 @@ Code Coverage Summary is designed for use with any test framework that outputs c
Code Coverage Summary is compatible with [StepSecurity Secure Workflows](https://github.com/step-security/secure-workflows) and uses a Docker image that is cryptographically signed using [Sigstore](https://www.sigstore.dev/). For instructions how to verify the Docker image please see the [Wiki](https://github.com/irongut/CodeCoverageSummary/wiki/Verify-the-Docker-Image). Code Coverage Summary is compatible with [StepSecurity Secure Workflows](https://github.com/step-security/secure-workflows) and uses a Docker image that is cryptographically signed using [Sigstore](https://www.sigstore.dev/). For instructions how to verify the Docker image please see the [Wiki](https://github.com/irongut/CodeCoverageSummary/wiki/Verify-the-Docker-Image).
As a Docker based action Code Coverage Summary requires a Linux runner, see [Types of Action](https://docs.github.com/en/actions/creating-actions/about-custom-actions#types-of-actions). If you need to build with a Windows or MacOS runner a workaround would be to upload the coverage file as an artifact and use a separate job with a Linux runner to generate the summary. **As a Docker based action Code Coverage Summary requires a Linux runner.**
## Inputs ## Inputs
@@ -30,8 +30,6 @@ As a Docker based action Code Coverage Summary requires a Linux runner, see [Typ
A comma separated list of code coverage files to analyse. Also supports using glob patterns to match multiple files. If there are any spaces in a path or filename this value must be in quotes. A comma separated list of code coverage files to analyse. Also supports using glob patterns to match multiple files. If there are any spaces in a path or filename this value must be in quotes.
Note: Coverlet creates the coverage file in a random named directory (guid) so you need to copy it to a predictable path before running this Action, see the [.Net Workflow Example](#net-workflow-example) below.
### `badge` ### `badge`
@@ -164,13 +162,10 @@ jobs:
- name: Test - name: Test
run: dotnet test src/Example.sln --configuration Release --no-build --verbosity normal --collect:"XPlat Code Coverage" --results-directory ./coverage run: dotnet test src/Example.sln --configuration Release --no-build --verbosity normal --collect:"XPlat Code Coverage" --results-directory ./coverage
- name: Copy Coverage To Predictable Location - name: Code Coverage Report
run: cp coverage/**/coverage.cobertura.xml coverage.cobertura.xml
- name: Code Coverage Summary Report
uses: irongut/CodeCoverageSummary@v1.3.0 uses: irongut/CodeCoverageSummary@v1.3.0
with: with:
filename: coverage.cobertura.xml filename: coverage/**/coverage.cobertura.xml
badge: true badge: true
fail_below_min: true fail_below_min: true
format: markdown format: markdown
src/CodeCoverageSummary/CodeCoverageSummary.csproj
+2 -2
View File
@@ -19,8 +19,8 @@
<ItemGroup> <ItemGroup>
<PackageReference Include="CommandLineParser" Version="2.9.1" /> <PackageReference Include="CommandLineParser" Version="2.9.1" />
<PackageReference Include="Microsoft.Extensions.FileSystemGlobbing" Version="6.0.0" /> <PackageReference Include="Microsoft.Extensions.FileSystemGlobbing" Version="10.0.8" />
<PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.16.1" /> <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.17.0" />
</ItemGroup> </ItemGroup>
</Project> </Project>