COMMIT

.github/workflows/alibabacloud.yml

@@ -0,0 +1,123 @@
+# This workflow will build and push a new container image to Alibaba Cloud Container Registry (ACR),
+# and then will deploy it to Alibaba Cloud Container Service for Kubernetes (ACK), when there is a push to the master branch.
+#
+# To use this workflow, you will need to complete the following set-up steps:
+#
+# 1. Create an ACR repository to store your container images. 
+# You can use ACR EE instance for more security and better performance.
+# For instructions see https://www.alibabacloud.com/help/doc-detail/142168.htm
+#
+# 2. Create an ACK cluster to run your containerized application.
+# You can use ACK Pro cluster for more security and better performance.
+# For instructions see https://www.alibabacloud.com/help/doc-detail/95108.htm
+#
+# 3. Store your AccessKey pair in GitHub Actions secrets named `ACCESS_KEY_ID` and `ACCESS_KEY_SECRET`.
+# For instructions on setting up secrets see: https://developer.github.com/actions/managing-workflows/storing-secrets/
+#
+# 4. Change the values for the REGION_ID, REGISTRY, NAMESPACE, IMAGE, ACK_CLUSTER_ID, and ACK_DEPLOYMENT_NAME. 
+#
+
+name: Build and Deploy to ACK
+
+on:
+ push:
+ branches:
+ - master
+
+# Environment variables available to all jobs and steps in this workflow.
+env:
+ REGION_ID: cn-hangzhou
+ REGISTRY: registry.cn-hangzhou.aliyuncs.com
+ NAMESPACE: namespace
+ IMAGE: repo
+ TAG: ${{ github.sha }}
+ ACK_CLUSTER_ID: clusterID
+ ACK_DEPLOYMENT_NAME: nginx-deployment
+
+ ACR_EE_REGISTRY: myregistry.cn-hangzhou.cr.aliyuncs.com
+ ACR_EE_INSTANCE_ID: instanceID
+ ACR_EE_NAMESPACE: namespace
+ ACR_EE_IMAGE: repo
+ ACR_EE_TAG: ${{ github.sha }}
+
+permissions:
+ contents: read
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ environment: production
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ # 1.1 Login to ACR 
+ - name: Login to ACR with the AccessKey pair
+ uses: aliyun/acr-login@v1
+ with:
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+
+ # 1.2 Buid and push image to ACR 
+ - name: Build and push image to ACR 
+ run: |
+ docker build --tag "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" . 
+ docker push "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" 
+ 
+ # 1.3 Scan image in ACR 
+ - name: Scan image in ACR
+ uses: aliyun/acr-scan@v1
+ with:
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ repository: "${{ env.NAMESPACE }}/${{ env.IMAGE }}"
+ tag: "${{ env.TAG }}"
+
+ # 2.1 (Optional) Login to ACR EE 
+ - uses: actions/checkout@v3
+ - name: Login to ACR EE with the AccessKey pair
+ uses: aliyun/acr-login@v1
+ with:
+ login-server: "https://${{ env.ACR_EE_REGISTRY }}"
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ instance-id: "${{ env.ACR_EE_INSTANCE_ID }}"
+
+ # 2.2 (Optional) Build and push image ACR EE 
+ - name: Build and push image to ACR EE 
+ run: |
+ docker build -t "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" .
+ docker push "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG"
+ # 2.3 (Optional) Scan image in ACR EE 
+ - name: Scan image in ACR EE
+ uses: aliyun/acr-scan@v1
+ with:
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ instance-id: "${{ env.ACR_EE_INSTANCE_ID }}"
+ repository: "${{ env.ACR_EE_NAMESPACE}}/${{ env.ACR_EE_IMAGE }}"
+ tag: "${{ env.ACR_EE_TAG }}"
+
+ # 3.1 Set ACK context 
+ - name: Set K8s context
+ uses: aliyun/ack-set-context@v1
+ with:
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ cluster-id: "${{ env.ACK_CLUSTER_ID }}"
+
+ # 3.2 Deploy the image to the ACK cluster
+ - name: Set up Kustomize
+ run: |-
+ curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash /dev/stdin 3.8.6
+ - name: Deploy
+ run: |-
+ ./kustomize edit set image REGISTRY/NAMESPACE/IMAGE:TAG=$REGISTRY/$NAMESPACE/$IMAGE:$TAG
+ ./kustomize build . | kubectl apply -f -
+ kubectl rollout status deployment/$ACK_DEPLOYMENT_NAME
+ kubectl get services -o wide

.github/workflows/anchore.yml

@@ -0,0 +1,45 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow checks out code, builds an image, performs a container image
+# vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security
+# code scanning feature. For more information on the Anchore scan action usage
+# and parameters, see https://github.com/anchore/scan-action. For more
+# information on Anchore's container image scanning tool Grype, see
+# https://github.com/anchore/grype
+name: Anchore Container Scan
+
+on:
+ push:
+ branches: [ master ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ master ]
+ schedule:
+ - cron: '22 9 * * 2'
+
+permissions:
+ contents: read
+
+jobs:
+ Anchore-Build-Scan:
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout the code
+ uses: actions/checkout@v3
+ - name: Build the Docker image
+ run: docker build . --file Dockerfile --tag localbuild/testimage:latest
+ - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
+ uses: anchore/scan-action@abdc9eb47b6c4e4f4764bc4b6cb6c1fe07472e4e
+ with:
+ image: "localbuild/testimage:latest"
+ acs-report-enable: true
+ - name: Upload Anchore Scan Report
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: results.sarif

.github/workflows/android.yml

@@ -0,0 +1,26 @@
+name: Android CI
+
+on:
+ push:
+ branches: [ "master" ]
+ pull_request:
+ branches: [ "master" ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v3
+ - name: set up JDK 11
+ uses: actions/setup-java@v3
+ with:
+ java-version: '11'
+ distribution: 'temurin'
+ cache: gradle
+
+ - name: Grant execute permission for gradlew
+ run: chmod +x gradlew
+ - name: Build with Gradle
+ run: ./gradlew build

.github/workflows/apisec-scan.yml

@@ -0,0 +1,69 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# APIsec addresses the critical need to secure APIs before they reach production. 
+# APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs. 
+# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
+
+# How to Get Started with APIsec.ai
+# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
+#
+# 2. Register your account at https://cloud.fxlabs.io/#/signup .
+#
+# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
+#
+# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
+#
+# apisec-run-scan
+#
+# This action triggers the on-demand scans for projects registered in APIsec.
+# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings.
+# Else you can view the scan results from the project home page in APIsec Platform.
+# The link to view the scan results is also displayed on the console on successful completion of action.
+
+# This is a starter workflow to help you get started with APIsec-Scan Actions
+
+name: APIsec
+
+# Controls when the workflow will run
+on:
+ # Triggers the workflow on push or pull request events but only for the master branch
+ # Customize trigger events based on your DevSecOps processes.
+ push:
+ branches: [ master ]
+ pull_request:
+ branches: [ master ]
+ schedule:
+ - cron: '32 17 * * 5'
+
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+
+
+permissions:
+ contents: read
+
+jobs:
+ Trigger APIsec scan:
+ permissions:
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: APIsec scan
+ uses: apisec-inc/apisec-run-scan@eadaedebb5b8516971299b64cea226dc9d9edb6c
+ with:
+ # The APIsec username with which the scans will be executed
+ apisec-username: ${{ secrets.apisec_username }}
+ # The Password of the APIsec user with which the scans will be executed
+ apisec-password: ${{ secrets.apisec_password}}
+ # The name of the project for security scan
+ apisec-project: "VAmPI"
+ # The name of the sarif format result file The file is written only if this property is provided.
+ sarif-result-file: "apisec-results.sarif"
+ - name: Import results
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: ./apisec-results.sarif

.github/workflows/aws.yml

@@ -0,0 +1,95 @@
+# This workflow will build and push a new container image to Amazon ECR,
+# and then will deploy a new task definition to Amazon ECS, when there is a push to the master branch.
+#
+# To use this workflow, you will need to complete the following set-up steps:
+#
+# 1. Create an ECR repository to store your images.
+# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
+# Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name.
+# Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region.
+#
+# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
+# For example, follow the Getting Started guide on the ECS console:
+# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
+# Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service.
+# Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster.
+#
+# 3. Store your ECS task definition as a JSON file in your repository.
+# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
+# Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file.
+# Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container
+# in the `containerDefinitions` section of the task definition.
+#
+# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
+# See the documentation for each action used below for the recommended IAM policies for this IAM user,
+# and best practices on handling the access key credentials.
+
+name: Deploy to Amazon ECS
+
+on:
+ push:
+ branches:
+ - master
+
+env:
+ AWS_REGION: MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1
+ ECR_REPOSITORY: MY_ECR_REPOSITORY # set this to your Amazon ECR repository name
+ ECS_SERVICE: MY_ECS_SERVICE # set this to your Amazon ECS service name
+ ECS_CLUSTER: MY_ECS_CLUSTER # set this to your Amazon ECS cluster name
+ ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
+ # file, e.g. .aws/task-definition.json
+ CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the
+ # containerDefinitions section of your task definition
+
+permissions:
+ contents: read
+
+jobs:
+ deploy:
+ name: Deploy
+ runs-on: ubuntu-latest
+ environment: production
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Configure AWS credentials
+ uses: aws-actions/configure-aws-credentials@v1
+ with:
+ aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ aws-region: ${{ env.AWS_REGION }}
+
+ - name: Login to Amazon ECR
+ id: login-ecr
+ uses: aws-actions/amazon-ecr-login@v1
+
+ - name: Build, tag, and push image to Amazon ECR
+ id: build-image
+ env:
+ ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+ IMAGE_TAG: ${{ github.sha }}
+ run: |
+ # Build a docker container and
+ # push it to ECR so that it can
+ # be deployed to ECS.
+ docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+ docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+ echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
+
+ - name: Fill in the new image ID in the Amazon ECS task definition
+ id: task-def
+ uses: aws-actions/amazon-ecs-render-task-definition@v1
+ with:
+ task-definition: ${{ env.ECS_TASK_DEFINITION }}
+ container-name: ${{ env.CONTAINER_NAME }}
+ image: ${{ steps.build-image.outputs.image }}
+
+ - name: Deploy Amazon ECS task definition
+ uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+ with:
+ task-definition: ${{ steps.task-def.outputs.task-definition }}
+ service: ${{ env.ECS_SERVICE }}
+ cluster: ${{ env.ECS_CLUSTER }}
+ wait-for-service-stability: true