diff --git a/.github/workflows/example-build-deploy-dockerfile-google.yml b/.github/workflows/example-build-deploy-dockerfile-google.yml index cafd816..a369886 100644 --- a/.github/workflows/example-build-deploy-dockerfile-google.yml +++ b/.github/workflows/example-build-deploy-dockerfile-google.yml @@ -46,7 +46,6 @@ jobs: repositories: 'core' - name: Checkout core repository - id: checkout uses: actions/checkout@v4 with: repository: '3lvia/core' @@ -57,13 +56,11 @@ jobs: name: ${{ env.APPLICATION_NAME }} namespace: ${{ env.SYSTEM_NAME }} project-file: ${{ env.PROJECT_FILE }} - trivy-upload-report: 'true' + trivy-upload-report: 'false' trivy-post-comment: 'true' AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} # START REMOVE FROM EXAMPLE checkout: 'false' - trivy-results-ref: ${{ steps.checkout.outputs.ref }} - trivy-results-sha: ${{ steps.checkout.outputs.commit }} # END REMOVE FROM EXAMPLE deploy-dev: diff --git a/.github/workflows/example-build-deploy-dockerfile.yml b/.github/workflows/example-build-deploy-dockerfile.yml index 53b323d..d6df19d 100644 --- a/.github/workflows/example-build-deploy-dockerfile.yml +++ b/.github/workflows/example-build-deploy-dockerfile.yml @@ -47,7 +47,6 @@ jobs: - name: Checkout core repository uses: actions/checkout@v4 - id: checkout with: repository: '3lvia/core' token: ${{ steps.app-token.outputs.token }} @@ -57,13 +56,11 @@ jobs: name: ${{ env.APPLICATION_NAME }} namespace: ${{ env.SYSTEM_NAME }} project-file: ${{ env.PROJECT_FILE }} - trivy-upload-report: 'true' + trivy-upload-report: 'false' trivy-post-comment: 'true' AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} # START REMOVE FROM EXAMPLE checkout: 'false' - trivy-results-ref: ${{ steps.checkout.outputs.ref }} - trivy-results-sha: ${{ steps.checkout.outputs.commit }} # END REMOVE FROM EXAMPLE deploy-dev: diff --git a/.github/workflows/example-build-deploy-dotnet-google.yml b/.github/workflows/example-build-deploy-dotnet-google.yml index 9a398db..85d0df7 100644 --- a/.github/workflows/example-build-deploy-dotnet-google.yml +++ b/.github/workflows/example-build-deploy-dotnet-google.yml @@ -56,6 +56,7 @@ jobs: language: 'csharp' # START REMOVE FROM EXAMPLE checkout: 'false' + upload-results: 'false' ref: ${{ steps.checkout.outputs.ref }} sha: ${{ steps.checkout.outputs.commit }} # END REMOVE FROM EXAMPLE @@ -178,13 +179,11 @@ jobs: name: ${{ env.APPLICATION_NAME }} namespace: ${{ env.SYSTEM_NAME }} project-file: ${{ env.PROJECT_FILE }} - trivy-upload-report: 'true' + trivy-upload-report: 'false' trivy-post-comment: 'true' AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} # START REMOVE FROM EXAMPLE checkout: 'false' - trivy-results-ref: ${{ steps.checkout.outputs.ref }} - trivy-results-sha: ${{ steps.checkout.outputs.commit }} # END REMOVE FROM EXAMPLE deploy-dev: diff --git a/.github/workflows/example-build-deploy-dotnet.yml b/.github/workflows/example-build-deploy-dotnet.yml index 838b3a5..3f0dbe2 100644 --- a/.github/workflows/example-build-deploy-dotnet.yml +++ b/.github/workflows/example-build-deploy-dotnet.yml @@ -56,6 +56,7 @@ jobs: language: 'csharp' # START REMOVE FROM EXAMPLE checkout: 'false' + upload-resport: 'false' codeql-results-ref: ${{ steps.checkout.outputs.ref }} codeql-results-sha: ${{ steps.checkout.outputs.commit }} # END REMOVE FROM EXAMPLE @@ -166,7 +167,6 @@ jobs: - name: Checkout core repository uses: actions/checkout@v4 - id: checkout with: repository: '3lvia/core' token: ${{ steps.app-token.outputs.token }} @@ -176,13 +176,11 @@ jobs: name: ${{ env.APPLICATION_NAME }} namespace: ${{ env.SYSTEM_NAME }} project-file: ${{ env.PROJECT_FILE }} - trivy-upload-report: 'true' + trivy-upload-report: 'false' trivy-post-comment: 'true' AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} # START REMOVE FROM EXAMPLE checkout: 'false' - trivy-results-ref: ${{ steps.checkout.outputs.ref }} - trivy-results-sha: ${{ steps.checkout.outputs.commit }} # END REMOVE FROM EXAMPLE deploy-dev: diff --git a/.github/workflows/example-build-deploy-go-google.yml b/.github/workflows/example-build-deploy-go-google.yml index 5000041..78bb23e 100644 --- a/.github/workflows/example-build-deploy-go-google.yml +++ b/.github/workflows/example-build-deploy-go-google.yml @@ -56,6 +56,7 @@ jobs: language: 'go' # START REMOVE FROM EXAMPLE checkout: 'false' + upload-results: 'false' codeql-results-ref: ${{ steps.checkout.outputs.ref }} codeql-results-sha: ${{ steps.checkout.outputs.commit }} # END REMOVE FROM EXAMPLE @@ -87,7 +88,6 @@ jobs: - name: Checkout core repository uses: actions/checkout@v4 - id: checkout with: repository: '3lvia/core' token: ${{ steps.app-token.outputs.token }} @@ -97,13 +97,11 @@ jobs: name: ${{ env.APPLICATION_NAME }} namespace: ${{ env.SYSTEM_NAME }} project-file: ${{ env.PROJECT_FILE }} - trivy-upload-report: 'true' + trivy-upload-report: 'false' trivy-post-comment: 'true' AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} # START REMOVE FROM EXAMPLE checkout: 'false' - trivy-results-ref: ${{ steps.checkout.outputs.ref }} - trivy-results-sha: ${{ steps.checkout.outputs.commit }} # END REMOVE FROM EXAMPLE deploy-dev: diff --git a/.github/workflows/example-build-deploy-go.yml b/.github/workflows/example-build-deploy-go.yml index 06d6bc5..85cfe03 100644 --- a/.github/workflows/example-build-deploy-go.yml +++ b/.github/workflows/example-build-deploy-go.yml @@ -56,6 +56,7 @@ jobs: language: 'go' # START REMOVE FROM EXAMPLE checkout: 'false' + upload-results: 'true' codeql-results-ref: ${{ steps.checkout.outputs.ref }} codeql-results-sha: ${{ steps.checkout.outputs.commit }} # END REMOVE FROM EXAMPLE @@ -87,7 +88,6 @@ jobs: - name: Checkout core repository uses: actions/checkout@v4 - id: checkout with: repository: '3lvia/core' token: ${{ steps.app-token.outputs.token }} @@ -97,13 +97,11 @@ jobs: name: ${{ env.APPLICATION_NAME }} namespace: ${{ env.SYSTEM_NAME }} project-file: ${{ env.PROJECT_FILE }} - trivy-upload-report: 'true' + trivy-upload-report: 'false' trivy-post-comment: 'true' AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} # START REMOVE FROM EXAMPLE checkout: 'false' - trivy-results-ref: ${{ steps.checkout.outputs.ref }} - trivy-results-sha: ${{ steps.checkout.outputs.commit }} # END REMOVE FROM EXAMPLE deploy-dev: diff --git a/.github/workflows/update-starter-workflows.yml b/.github/workflows/update-starter-workflows.yml index 382475d..322f772 100644 --- a/.github/workflows/update-starter-workflows.yml +++ b/.github/workflows/update-starter-workflows.yml @@ -69,6 +69,9 @@ jobs: sed -i 's/branches: \[trunk\]/branches: \[$default-branch\]/g' "$new_workflow_path" sed -i "s/checkout: 'false'.*\$//g" "$new_workflow_path" + # We disable Trivy uploading report in testing, so reenable here. + sed -i "s/trivy-upload-report: 'false'/trivy-upload-report: 'true'/g" "$new_workflow_path" + # We checkout core repo to test on demo apps, so we remove this part from the examples. perl -0777 -i -pe 's/# START REMOVE FROM EXAMPLE.*?# END REMOVE FROM EXAMPLE\n//gms' "$new_workflow_path" diff --git a/analyze/action.yml b/analyze/action.yml index 315480a..69bca8e 100644 --- a/analyze/action.yml +++ b/analyze/action.yml @@ -19,6 +19,10 @@ inputs: description: 'Language to run CodeQL analyze on. Use a matrix strategy to run for multiple languages.' required: false default: 'csharp' + upload-results: + description: 'If `true` the action will upload CodeQL results to GitHub Security Code Scanning. If `false`, the action will not upload results.' + required: false + default: 'true' codeql-results-ref: description: | The ref where CodeQL results will be uploaded. Defaults to `github.ref`. @@ -75,3 +79,4 @@ runs: with: ref: ${{ inputs.codeql-results-ref == '' && github.ref || inputs.codeql-results-ref }} sha: ${{ inputs.codeql-results-sha == '' && github.sha || inputs.codeql-results-sha }} + upload-database: ${{ inputs.upload-results }}