File tree Expand file tree Collapse file tree 2 files changed +20
-47
lines changed Expand file tree Collapse file tree 2 files changed +20
-47
lines changed Original file line number Diff line number Diff line change @@ -20,37 +20,12 @@ permissions:
20
20
contents : read
21
21
22
22
jobs :
23
- analyze :
23
+ codeql :
24
24
permissions :
25
25
packages : read
26
26
actions : read # for github/codeql-action/init to get workflow details
27
27
contents : read # for actions/checkout to fetch code
28
28
security-events : write # for github/codeql-action/autobuild to send a status report
29
- name : Analyze (${{ matrix.language }})
30
- runs-on : ubuntu-24.04
31
-
32
- strategy :
33
- fail-fast : false
34
- matrix :
35
- include :
36
- - language : go
37
- build-mode : autobuild
38
- - language : javascript-typescript
39
- build-mode : none
40
-
41
- steps :
42
- - name : Checkout repository
43
- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
44
-
45
- # Initializes the CodeQL tools for scanning.
46
- - name : Initialize CodeQL
47
- uses : github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
48
- with :
49
- languages : ${{ matrix.language }}
50
- build-mode : ${{ matrix.build-mode }}
51
- queries : security-and-quality
52
-
53
- - name : Perform CodeQL Analysis
54
- uses : github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
55
- with :
56
- category : " /language:${{matrix.language}}"
29
+ uses : nginxinc/compliance-rules/.github/workflows/codeql.yml@v0.1
30
+ with :
31
+ requested_languages : go,javascript-typescript
Original file line number Diff line number Diff line change 4
4
push :
5
5
branches :
6
6
- main
7
+ - release-*
7
8
tags :
8
9
- " v[0-9]+.[0-9]+.[0-9]+*"
9
10
paths-ignore :
10
11
- design/**
11
12
- deploy**
12
13
- docs/**
13
14
- examples/**
15
+ pull_request :
16
+ branches :
17
+ - main
18
+ - release-*
19
+ paths-ignore :
20
+ - design/**
21
+ - deploy**
22
+ - docs/**
23
+ - examples/**
14
24
15
25
concurrency :
16
26
group : ${{ github.ref_name }}-mend
@@ -20,22 +30,10 @@ permissions:
20
30
contents : read
21
31
22
32
jobs :
23
- scan :
24
- name : Mend
25
- runs-on : ubuntu-24.04
33
+ mend :
26
34
if : ${{ github.event.repository.fork == false }}
27
- steps :
28
- - name : Checkout Repository
29
- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
30
-
31
- - name : Download agent
32
- run : curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar
33
-
34
- - name : Verify JAR
35
- run : jarsigner -verify wss-unified-agent.jar
36
-
37
- - name : Scan and upload
38
- env :
39
- PRODUCT_NAME : nginx-gateway-fabric_${{ github.ref_name }}
40
- PROJECT_NAME : nginx-gateway-fabric
41
- run : java -jar wss-unified-agent.jar -noConfig true -wss.url ${{ secrets.WSS_URL }} -apiKey ${{ secrets.WSS_NGINX_TOKEN }} -product $PRODUCT_NAME -project $PROJECT_NAME -d .
35
+ uses : nginxinc/compliance-rules/.github/workflows/mend.yml@v0.1
36
+ secrets : inherit
37
+ with :
38
+ product_name : nginx-gateway-fabric_${{ github.ref_name }}
39
+ project_name : nginx-gateway-fabric
You can’t perform that action at this time.
0 commit comments