From 0b664c870cf3d7721a5a842374a10cd880e2ecac Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 13:56:45 +0100 Subject: [PATCH 01/46] Create test.yaml --- .github/workflows/test.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 00000000..09b386ba --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,17 @@ +name: test-action +run-name: ${{ github.actor }} is learning GitHub Actions +on: [pull_request] +jobs: + check-bats-version: + runs-on: ubuntu-latest + steps: + - name: Check PR title + run: | + title="${{ github.event.pull_request.title }}" + if [[ $title =~ ^test ]]; then + echo $title + exit 0 + else + echo "Pas content" + exit 1 + fi From 791b87e22db6f7cd0de71ba74de4ba6f820d90c1 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 14:01:59 +0100 Subject: [PATCH 02/46] Delete test.yaml --- .github/workflows/test.yaml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml deleted file mode 100644 index 09b386ba..00000000 --- a/.github/workflows/test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: test-action -run-name: ${{ github.actor }} is learning GitHub Actions -on: [pull_request] -jobs: - check-bats-version: - runs-on: ubuntu-latest - steps: - - name: Check PR title - run: | - title="${{ github.event.pull_request.title }}" - if [[ $title =~ ^test ]]; then - echo $title - exit 0 - else - echo "Pas content" - exit 1 - fi From 4d6f691d58ed2d5ae8fa3d55435862fd2935f4f5 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 14:02:58 +0100 Subject: [PATCH 03/46] Create test.yaml --- .github/workflows/test.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 00000000..09b386ba --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,17 @@ +name: test-action +run-name: ${{ github.actor }} is learning GitHub Actions +on: [pull_request] +jobs: + check-bats-version: + runs-on: ubuntu-latest + steps: + - name: Check PR title + run: | + title="${{ github.event.pull_request.title }}" + if [[ $title =~ ^test ]]; then + echo $title + exit 0 + else + echo "Pas content" + exit 1 + fi From 5976a6f900f7acdb497ddbe3524b28afd4643ff4 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 14:25:30 +0100 Subject: [PATCH 04/46] Update test.yaml --- .github/workflows/test.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 09b386ba..dfbdbb7b 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,3 +1,4 @@ +#Vérifie le titre des pull request de façon non sécurisé (sensible aux injections de codes) name: test-action run-name: ${{ github.actor }} is learning GitHub Actions on: [pull_request] @@ -7,7 +8,7 @@ jobs: steps: - name: Check PR title run: | - title="${{ github.event.pull_request.title }}" + title="${{ github.event.pull_request.title }}" if [[ $title =~ ^test ]]; then echo $title exit 0 From adf7512d95ebdfad52c03d18745fc4708e8cd99d Mon Sep 17 00:00:00 2001 From: cc-ca <90457794+cc-ca@users.noreply.github.com> Date: Mon, 6 Feb 2023 14:29:19 +0100 Subject: [PATCH 05/46] v1 --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 09b386ba..0ae70963 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -7,7 +7,7 @@ jobs: steps: - name: Check PR title run: | - title="${{ github.event.pull_request.title }}" + title="${{ github.event.pull_request.title }}" #detecte l'event pull request if [[ $title =~ ^test ]]; then echo $title exit 0 From 15ba1deb9e6b9c0832ad59ee49029e5832491828 Mon Sep 17 00:00:00 2001 From: cc-ca <90457794+cc-ca@users.noreply.github.com> Date: Mon, 6 Feb 2023 14:54:29 +0100 Subject: [PATCH 06/46] v2 --- .github/workflows/test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 20fbb20d..56dd609b 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,4 +1,3 @@ -#Vérifie le titre des pull request de façon non sécurisé (sensible aux injections de codes) name: test-action run-name: ${{ github.actor }} is learning GitHub Actions on: [pull_request] @@ -7,8 +6,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Check PR title + env : + title: "${{ github.event.pull_request.title }}" #detecte l'event pull request run: | - title="${{ github.event.pull_request.title }}" #detecte l'event pull request if [[ $title =~ ^test ]]; then echo $title exit 0 From 3264ba448babf9496eadd9bd9c38f5eea7539418 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 14:55:28 +0100 Subject: [PATCH 07/46] Create CODEOWNERS --- .github/CODEOWNERS | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..edc6f1cc --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,4 @@ +#Define code owners for the branches +#Approval from code owners should be requested before each pull request not made by a code owner + +* @Giraud-Pierre From fe747a6cf139569a7e77cb75b60511bece4c36aa Mon Sep 17 00:00:00 2001 From: cc-ca <90457794+cc-ca@users.noreply.github.com> Date: Mon, 6 Feb 2023 14:55:46 +0100 Subject: [PATCH 08/46] v2 --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 56dd609b..d62228ca 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -7,7 +7,7 @@ jobs: steps: - name: Check PR title env : - title: "${{ github.event.pull_request.title }}" #detecte l'event pull request + title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'env run: | if [[ $title =~ ^test ]]; then echo $title From c4f0cd0f27d0de9c7da512b56f5a1adc4267407f Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 14:55:47 +0100 Subject: [PATCH 09/46] Update CODEOWNERS --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index edc6f1cc..3722779f 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,4 +1,4 @@ #Define code owners for the branches #Approval from code owners should be requested before each pull request not made by a code owner -* @Giraud-Pierre +* @Giraud-Pierre From e73f508c06e81e22d8d4ab94124ae5fb74cdc392 Mon Sep 17 00:00:00 2001 From: cc-ca <90457794+cc-ca@users.noreply.github.com> Date: Mon, 6 Feb 2023 15:27:01 +0100 Subject: [PATCH 10/46] v2 --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index d62228ca..9278752d 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -7,7 +7,7 @@ jobs: steps: - name: Check PR title env : - title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'env + title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'env! run: | if [[ $title =~ ^test ]]; then echo $title From 8916896f807e392ffcf3df1914999cb7614e62bc Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 15:39:07 +0100 Subject: [PATCH 11/46] Update test.yaml --- .github/workflows/test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9278752d..bbda9b2d 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -6,8 +6,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Check PR title - env : - title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'env! + env: + title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'env! run: | if [[ $title =~ ^test ]]; then echo $title From 92f5b89cc5adb341bc1c6fd745873ea2fb327c4c Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Mon, 6 Feb 2023 14:44:57 +0000 Subject: [PATCH 12/46] [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot --- .github/dependabot.yml | 116 ++++++++++++++++++++++ .github/workflows/codeql.yml | 78 +++++++++++++++ .github/workflows/deploy-pages-action.yml | 14 ++- 3 files changed, 206 insertions(+), 2 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/codeql.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..e1054960 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,116 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + + - package-ecosystem: npm + directory: / + schedule: + interval: daily + + - package-ecosystem: npm + directory: /pw/pw-csp-nonce/client + schedule: + interval: daily + + - package-ecosystem: maven + directory: /pw/pw-csp-nonce/server + schedule: + interval: daily + + - package-ecosystem: docker + directory: /pw/pw-csp-nonce/server/src/main/docker + schedule: + interval: daily + + - package-ecosystem: npm + directory: /pw/pw-csp/client + schedule: + interval: daily + + - package-ecosystem: maven + directory: /pw/pw-csp/server + schedule: + interval: daily + + - package-ecosystem: docker + directory: /pw/pw-csp/server/src/main/docker + schedule: + interval: daily + + - package-ecosystem: npm + directory: /pw/pw-csrf/client + schedule: + interval: daily + + - package-ecosystem: maven + directory: /pw/pw-csrf/server + schedule: + interval: daily + + - package-ecosystem: docker + directory: /pw/pw-csrf/server/src/main/docker + schedule: + interval: daily + + - package-ecosystem: npm + directory: /pw/pw-jsonp/client + schedule: + interval: daily + + - package-ecosystem: maven + directory: /pw/pw-jsonp/server + schedule: + interval: daily + + - package-ecosystem: docker + directory: /pw/pw-jsonp/server/src/main/docker + schedule: + interval: daily + + - package-ecosystem: npm + directory: /pw/pw-jwt-oauth/client + schedule: + interval: daily + + - package-ecosystem: maven + directory: /pw/pw-jwt-oauth/server + schedule: + interval: daily + + - package-ecosystem: docker + directory: /pw/pw-jwt-oauth/server/src/main/docker + schedule: + interval: daily + + - package-ecosystem: npm + directory: /pw/pw-sca/client + schedule: + interval: daily + + - package-ecosystem: maven + directory: /pw/pw-sca/server + schedule: + interval: daily + + - package-ecosystem: docker + directory: /pw/pw-sca/server/src/main/docker + schedule: + interval: daily + + - package-ecosystem: npm + directory: /pw/pw-xss/client + schedule: + interval: daily + + - package-ecosystem: maven + directory: /pw/pw-xss/server + schedule: + interval: daily + + - package-ecosystem: docker + directory: /pw/pw-xss/server/src/main/docker + schedule: + interval: daily diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..5165064c --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,78 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: ["main"] + pull_request: + # The branches below must be a subset of the branches above + branches: ["main"] + schedule: + - cron: "0 0 * * 1" + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["java", "javascript", "typescript"] + # CodeQL supports [ $supported-codeql-languages ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: Checkout repository + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/deploy-pages-action.yml b/.github/workflows/deploy-pages-action.yml index 78bdc7a9..202758db 100644 --- a/.github/workflows/deploy-pages-action.yml +++ b/.github/workflows/deploy-pages-action.yml @@ -4,12 +4,22 @@ on: push: branches: - main +permissions: + contents: read + jobs: build-and-deploy: + permissions: + contents: write # for JamesIves/github-pages-deploy-action to push changes in repo runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + - name: Checkout 🛎️ - uses: actions/checkout@v3.0.0 + uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - name: Install and Build 🔧 # This example project is built using npm and outputs the result to the 'build' folder. Replace with the commands required to build your project, or remove this step entirely if your site is pre-built. run: | @@ -18,7 +28,7 @@ jobs: npm run docs:build - name: Deploy 🚀 - uses: JamesIves/github-pages-deploy-action@v4.2.5 + uses: JamesIves/github-pages-deploy-action@830e6a4f7c81743c52f3fed0ac67428feff9620a # v4.2.5 with: branch: gh-pages # The branch the action should deploy to. folder: docs/.vuepress/dist # The folder the action should deploy. From 49a0a68b452269f8b258637b35438e0c27bd01c2 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 16:25:22 +0100 Subject: [PATCH 13/46] Create scorecard.yml --- .github/workflows/scorecard.yml | 72 +++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 .github/workflows/scorecard.yml diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 00000000..08cbec7c --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,72 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '28 10 * * 0' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27 + with: + sarif_file: results.sarif From 937c561f8bb201ec6fc285e9643f74140094d4aa Mon Sep 17 00:00:00 2001 From: cc-ca <90457794+cc-ca@users.noreply.github.com> Date: Mon, 6 Feb 2023 16:45:43 +0100 Subject: [PATCH 14/46] v2 --- .github/workflows/test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9278752d..4f4b2d28 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -6,8 +6,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Check PR title - env : - title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'env! + env: + title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'environement run: | if [[ $title =~ ^test ]]; then echo $title From 02c224f478aa894d984e4d6790b2d294c90faecd Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 17:21:22 +0100 Subject: [PATCH 15/46] Delete codeql.yml --- .github/workflows/codeql.yml | 78 ------------------------------------ 1 file changed, 78 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 5165064c..00000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,78 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: ["main"] - pull_request: - # The branches below must be a subset of the branches above - branches: ["main"] - schedule: - - cron: "0 0 * * 1" - -permissions: - contents: read - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ["java", "javascript", "typescript"] - # CodeQL supports [ $supported-codeql-languages ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Checkout repository - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1 - - # ℹ️ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1 - with: - category: "/language:${{matrix.language}}" From 3dfc9689e63fcdf0919f83ce7f1152ffd3eb22a9 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 17:22:29 +0100 Subject: [PATCH 16/46] Delete deploy-pages-action.yml --- .github/workflows/deploy-pages-action.yml | 35 ----------------------- 1 file changed, 35 deletions(-) delete mode 100644 .github/workflows/deploy-pages-action.yml diff --git a/.github/workflows/deploy-pages-action.yml b/.github/workflows/deploy-pages-action.yml deleted file mode 100644 index 202758db..00000000 --- a/.github/workflows/deploy-pages-action.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: Build and Deploy to github pages - -on: - push: - branches: - - main -permissions: - contents: read - -jobs: - build-and-deploy: - permissions: - contents: write # for JamesIves/github-pages-deploy-action to push changes in repo - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Checkout 🛎️ - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 - - - name: Install and Build 🔧 # This example project is built using npm and outputs the result to the 'build' folder. Replace with the commands required to build your project, or remove this step entirely if your site is pre-built. - run: | - cd docs - npm ci - npm run docs:build - - - name: Deploy 🚀 - uses: JamesIves/github-pages-deploy-action@830e6a4f7c81743c52f3fed0ac67428feff9620a # v4.2.5 - with: - branch: gh-pages # The branch the action should deploy to. - folder: docs/.vuepress/dist # The folder the action should deploy. - single-commit: true From eacd73635304b679018431d5f189426068e944a5 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 6 Feb 2023 17:25:15 +0100 Subject: [PATCH 17/46] Delete codeql.yml --- .github/workflows/codeql.yml | 78 ------------------------------------ 1 file changed, 78 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 5165064c..00000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,78 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: ["main"] - pull_request: - # The branches below must be a subset of the branches above - branches: ["main"] - schedule: - - cron: "0 0 * * 1" - -permissions: - contents: read - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ["java", "javascript", "typescript"] - # CodeQL supports [ $supported-codeql-languages ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Checkout repository - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1 - - # ℹ️ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1 - with: - category: "/language:${{matrix.language}}" From b0649ce1fa6d34e81a508b3378d265749cf0ab97 Mon Sep 17 00:00:00 2001 From: cc-ca <90457794+cc-ca@users.noreply.github.com> Date: Mon, 6 Feb 2023 17:31:14 +0100 Subject: [PATCH 18/46] Update test.yaml --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index fd38420b..a54431a0 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -7,7 +7,7 @@ jobs: steps: - name: Check PR title env: - title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'environement + title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'environement !! run: | if [[ $title =~ ^test ]]; then echo $title From ae23f696a4e0f285cf87297442dcb7a6e9eca7df Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 15:25:39 +0100 Subject: [PATCH 19/46] injectioncCorrectedCorrected --- .github/workflows/{test.yaml => injection_corrected.yaml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{test.yaml => injection_corrected.yaml} (74%) diff --git a/.github/workflows/test.yaml b/.github/workflows/injection_corrected.yaml similarity index 74% rename from .github/workflows/test.yaml rename to .github/workflows/injection_corrected.yaml index 9278752d..f0e1ea69 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/injection_corrected.yaml @@ -6,8 +6,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Check PR title - env : - title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'env! + env : + title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'env! run: | if [[ $title =~ ^test ]]; then echo $title From db47763698cfb936618291a9b66624ada8a4c0e1 Mon Sep 17 00:00:00 2001 From: cc-ca <90457794+cc-ca@users.noreply.github.com> Date: Mon, 13 Feb 2023 15:29:43 +0100 Subject: [PATCH 20/46] Create injection.yaml --- .github/injection.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/injection.yaml diff --git a/.github/injection.yaml b/.github/injection.yaml new file mode 100644 index 00000000..09b386ba --- /dev/null +++ b/.github/injection.yaml @@ -0,0 +1,17 @@ +name: test-action +run-name: ${{ github.actor }} is learning GitHub Actions +on: [pull_request] +jobs: + check-bats-version: + runs-on: ubuntu-latest + steps: + - name: Check PR title + run: | + title="${{ github.event.pull_request.title }}" + if [[ $title =~ ^test ]]; then + echo $title + exit 0 + else + echo "Pas content" + exit 1 + fi From 7668de2be545d9c8d6b0585aec5194c0e2121ca9 Mon Sep 17 00:00:00 2001 From: cc-ca <90457794+cc-ca@users.noreply.github.com> Date: Mon, 13 Feb 2023 15:30:08 +0100 Subject: [PATCH 21/46] Rename injection.yaml to injection.yml --- .github/{injection.yaml => injection.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{injection.yaml => injection.yml} (100%) diff --git a/.github/injection.yaml b/.github/injection.yml similarity index 100% rename from .github/injection.yaml rename to .github/injection.yml From 2894d48d7f1a12edad4d43fa2d600a196ba019d1 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Mon, 13 Feb 2023 14:57:15 +0000 Subject: [PATCH 22/46] [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot --- .github/workflows/codeql.yml | 78 +++++++++++++++++++ .github/workflows/dependency-review.yml | 25 ++++++ .github/workflows/scorecard.yml | 5 ++ .github/workflows/test.yaml | 8 ++ .../server/src/main/docker/Dockerfile | 2 +- pw/pw-csp/server/src/main/docker/Dockerfile | 2 +- pw/pw-csrf/server/src/main/docker/Dockerfile | 2 +- pw/pw-jsonp/server/src/main/docker/Dockerfile | 2 +- .../server/src/main/docker/Dockerfile | 2 +- pw/pw-sca/server/src/main/docker/Dockerfile | 2 +- pw/pw-xss/server/src/main/docker/Dockerfile | 2 +- 11 files changed, 123 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..985b5f0d --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,78 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: ["main"] + pull_request: + # The branches below must be a subset of the branches above + branches: ["main"] + schedule: + - cron: "0 0 * * 1" + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["java", "javascript", "typescript"] + # CodeQL supports [ $supported-codeql-languages ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: Checkout repository + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 00000000..adaecc2e --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,25 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: 'Checkout Repository' + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - name: 'Dependency Review' + uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 08cbec7c..f6fa25a7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -31,6 +31,11 @@ jobs: # actions: read steps: + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + - name: "Checkout code" uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 with: diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index a54431a0..4bfbb929 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,10 +1,18 @@ name: test-action run-name: ${{ github.actor }} is learning GitHub Actions on: [pull_request] +permissions: + contents: read + jobs: check-bats-version: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + - name: Check PR title env: title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'environement !! diff --git a/pw/pw-csp-nonce/server/src/main/docker/Dockerfile b/pw/pw-csp-nonce/server/src/main/docker/Dockerfile index 66991b29..adef4e67 100644 --- a/pw/pw-csp-nonce/server/src/main/docker/Dockerfile +++ b/pw/pw-csp-nonce/server/src/main/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM openjdk:8-jre-alpine +FROM openjdk:8-jre-alpine@sha256:f362b165b870ef129cbe730f29065ff37399c0aa8bcab3e44b51c302938c9193 ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ JHIPSTER_SLEEP=0 diff --git a/pw/pw-csp/server/src/main/docker/Dockerfile b/pw/pw-csp/server/src/main/docker/Dockerfile index 66991b29..adef4e67 100644 --- a/pw/pw-csp/server/src/main/docker/Dockerfile +++ b/pw/pw-csp/server/src/main/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM openjdk:8-jre-alpine +FROM openjdk:8-jre-alpine@sha256:f362b165b870ef129cbe730f29065ff37399c0aa8bcab3e44b51c302938c9193 ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ JHIPSTER_SLEEP=0 diff --git a/pw/pw-csrf/server/src/main/docker/Dockerfile b/pw/pw-csrf/server/src/main/docker/Dockerfile index 66991b29..adef4e67 100644 --- a/pw/pw-csrf/server/src/main/docker/Dockerfile +++ b/pw/pw-csrf/server/src/main/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM openjdk:8-jre-alpine +FROM openjdk:8-jre-alpine@sha256:f362b165b870ef129cbe730f29065ff37399c0aa8bcab3e44b51c302938c9193 ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ JHIPSTER_SLEEP=0 diff --git a/pw/pw-jsonp/server/src/main/docker/Dockerfile b/pw/pw-jsonp/server/src/main/docker/Dockerfile index 66991b29..adef4e67 100644 --- a/pw/pw-jsonp/server/src/main/docker/Dockerfile +++ b/pw/pw-jsonp/server/src/main/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM openjdk:8-jre-alpine +FROM openjdk:8-jre-alpine@sha256:f362b165b870ef129cbe730f29065ff37399c0aa8bcab3e44b51c302938c9193 ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ JHIPSTER_SLEEP=0 diff --git a/pw/pw-jwt-oauth/server/src/main/docker/Dockerfile b/pw/pw-jwt-oauth/server/src/main/docker/Dockerfile index 66991b29..adef4e67 100644 --- a/pw/pw-jwt-oauth/server/src/main/docker/Dockerfile +++ b/pw/pw-jwt-oauth/server/src/main/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM openjdk:8-jre-alpine +FROM openjdk:8-jre-alpine@sha256:f362b165b870ef129cbe730f29065ff37399c0aa8bcab3e44b51c302938c9193 ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ JHIPSTER_SLEEP=0 diff --git a/pw/pw-sca/server/src/main/docker/Dockerfile b/pw/pw-sca/server/src/main/docker/Dockerfile index 66991b29..adef4e67 100644 --- a/pw/pw-sca/server/src/main/docker/Dockerfile +++ b/pw/pw-sca/server/src/main/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM openjdk:8-jre-alpine +FROM openjdk:8-jre-alpine@sha256:f362b165b870ef129cbe730f29065ff37399c0aa8bcab3e44b51c302938c9193 ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ JHIPSTER_SLEEP=0 diff --git a/pw/pw-xss/server/src/main/docker/Dockerfile b/pw/pw-xss/server/src/main/docker/Dockerfile index 66991b29..adef4e67 100644 --- a/pw/pw-xss/server/src/main/docker/Dockerfile +++ b/pw/pw-xss/server/src/main/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM openjdk:8-jre-alpine +FROM openjdk:8-jre-alpine@sha256:f362b165b870ef129cbe730f29065ff37399c0aa8bcab3e44b51c302938c9193 ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \ JHIPSTER_SLEEP=0 From f1b08e0dfc27724ae9df1b9d2556b23838d3e2eb Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 16:34:59 +0100 Subject: [PATCH 23/46] Create SecretTest.yaml --- .github/SecretTest.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/SecretTest.yaml diff --git a/.github/SecretTest.yaml b/.github/SecretTest.yaml new file mode 100644 index 00000000..2f161115 --- /dev/null +++ b/.github/SecretTest.yaml @@ -0,0 +1,20 @@ +name: SecretTest. +run-name: ${{ github.actor }} is learning GitHub Actions +on: [pull_request] +jobs: + check-bats-version: + runs-on: ubuntu-latest + steps: + - name: Test secret + env : + title: "${{ github.event.pull_request.title }}" + secret: ${{secrets.MYSECRET}} #Get the secret in an environement variable + run: | + echo "$secret" #try to show the secret but you can't because it is encrypted + if [[ $title = secret ]]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + echo "You got the secret !" + exit 0 + else + echo "Secret error!" + exit 1 + fi From e5bdbea6a694006f4c75df9ef1b3f3317ce303b9 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 16:49:32 +0100 Subject: [PATCH 24/46] Delete test.yaml --- .github/workflows/test.yaml | 26 -------------------------- 1 file changed, 26 deletions(-) delete mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml deleted file mode 100644 index 4bfbb929..00000000 --- a/.github/workflows/test.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: test-action -run-name: ${{ github.actor }} is learning GitHub Actions -on: [pull_request] -permissions: - contents: read - -jobs: - check-bats-version: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Check PR title - env: - title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'environement !! - run: | - if [[ $title =~ ^test ]]; then - echo $title - exit 0 - else - echo "Pas content" - exit 1 - fi From 35854ce0fe3b3467c6d5878581340fff9bce9eb8 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 16:52:35 +0100 Subject: [PATCH 25/46] injectionCorrectedName --- .github/workflows/injection_corrected.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/injection_corrected.yaml b/.github/workflows/injection_corrected.yaml index f0e1ea69..40359e2e 100644 --- a/.github/workflows/injection_corrected.yaml +++ b/.github/workflows/injection_corrected.yaml @@ -1,11 +1,11 @@ -name: test-action +name: injection_corrected run-name: ${{ github.actor }} is learning GitHub Actions on: [pull_request] jobs: check-bats-version: runs-on: ubuntu-latest steps: - - name: Check PR title + - name: injection_corrected env : title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'env! run: | From 83e1697e1b9283931500f9ceb717619c30c5f227 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 16:53:41 +0100 Subject: [PATCH 26/46] Delete SecretTest.yaml --- .github/SecretTest.yaml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/SecretTest.yaml diff --git a/.github/SecretTest.yaml b/.github/SecretTest.yaml deleted file mode 100644 index 2f161115..00000000 --- a/.github/SecretTest.yaml +++ /dev/null @@ -1,20 +0,0 @@ -name: SecretTest. -run-name: ${{ github.actor }} is learning GitHub Actions -on: [pull_request] -jobs: - check-bats-version: - runs-on: ubuntu-latest - steps: - - name: Test secret - env : - title: "${{ github.event.pull_request.title }}" - secret: ${{secrets.MYSECRET}} #Get the secret in an environement variable - run: | - echo "$secret" #try to show the secret but you can't because it is encrypted - if [[ $title = secret ]]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. - echo "You got the secret !" - exit 0 - else - echo "Secret error!" - exit 1 - fi From b58e3c20ad19f6cb7b760f23b2048b487bae73c6 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 16:54:15 +0100 Subject: [PATCH 27/46] MovingSecretTest --- .github/workflows/SecretTest.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/SecretTest.yaml diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml new file mode 100644 index 00000000..2f161115 --- /dev/null +++ b/.github/workflows/SecretTest.yaml @@ -0,0 +1,20 @@ +name: SecretTest. +run-name: ${{ github.actor }} is learning GitHub Actions +on: [pull_request] +jobs: + check-bats-version: + runs-on: ubuntu-latest + steps: + - name: Test secret + env : + title: "${{ github.event.pull_request.title }}" + secret: ${{secrets.MYSECRET}} #Get the secret in an environement variable + run: | + echo "$secret" #try to show the secret but you can't because it is encrypted + if [[ $title = secret ]]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + echo "You got the secret !" + exit 0 + else + echo "Secret error!" + exit 1 + fi From 1893e543dc991c1644cd11ed63f834ada645d252 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 16:57:08 +0100 Subject: [PATCH 28/46] modificationForPR --- .github/workflows/injection_corrected.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/injection_corrected.yaml b/.github/workflows/injection_corrected.yaml index f0e1ea69..d9f0d52e 100644 --- a/.github/workflows/injection_corrected.yaml +++ b/.github/workflows/injection_corrected.yaml @@ -7,7 +7,7 @@ jobs: steps: - name: Check PR title env : - title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'env! + title: "${{ github.event.pull_request.title }}" #le titre est mis en tant que variable d'environement! run: | if [[ $title =~ ^test ]]; then echo $title From 7cbfd24420900d72fa152b1f714d8aecd7480bb7 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:03:12 +0100 Subject: [PATCH 29/46] FixSecretTest --- .github/workflows/SecretTest.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 2f161115..43719fab 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -6,15 +6,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Test secret - env : - title: "${{ github.event.pull_request.title }}" - secret: ${{secrets.MYSECRET}} #Get the secret in an environement variable run: | - echo "$secret" #try to show the secret but you can't because it is encrypted - if [[ $title = secret ]]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + echo "$DEVOPS" #try to show the secret but you can't because it is encrypted + if [[ $title = "$DEVOPS" ]]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else echo "Secret error!" exit 1 fi + env : + title: "${{ github.event.pull_request.title }}" + DEVOPS: ${{secrets.MYSECRET}} #Get the secret in an environement variable From 5241da23ce9a30bfaca258ef4b815308262abec7 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:07:00 +0100 Subject: [PATCH 30/46] SecretTestFix2 --- .github/workflows/SecretTest.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 43719fab..9e36ea6e 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -2,13 +2,13 @@ name: SecretTest. run-name: ${{ github.actor }} is learning GitHub Actions on: [pull_request] jobs: - check-bats-version: + default-env-variables: runs-on: ubuntu-latest steps: - name: Test secret run: | echo "$DEVOPS" #try to show the secret but you can't because it is encrypted - if [[ $title = "$DEVOPS" ]]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + if [ $title = "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else From a29c6522ab5785b2027338fcbc08c2b7280bc048 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:09:05 +0100 Subject: [PATCH 31/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 9e36ea6e..bb8d1f26 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -7,7 +7,7 @@ jobs: steps: - name: Test secret run: | - echo "$DEVOPS" #try to show the secret but you can't because it is encrypted + echo $title #try to show the secret but you can't because it is encrypted if [ $title = "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 From b89cfd1f974644d57137e3807de93af54931901d Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:11:46 +0100 Subject: [PATCH 32/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index bb8d1f26..c6afebf5 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -8,7 +8,7 @@ jobs: - name: Test secret run: | echo $title #try to show the secret but you can't because it is encrypted - if [ $title = "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + if [ $title = $DEVOPS ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else @@ -17,4 +17,4 @@ jobs: fi env : title: "${{ github.event.pull_request.title }}" - DEVOPS: ${{secrets.MYSECRET}} #Get the secret in an environement variable + DEVOPS: "${{secrets.MYSECRET}}" #Get the secret in an environement variable From d8a8c1e16c9436f343a885cfaa355cd1b2d75531 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:13:19 +0100 Subject: [PATCH 33/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index c6afebf5..7be18627 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -7,8 +7,8 @@ jobs: steps: - name: Test secret run: | - echo $title #try to show the secret but you can't because it is encrypted - if [ $title = $DEVOPS ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + echo $DEVOPS #try to show the secret but you can't because it is encrypted + if [ $title == $DEVOPS ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else From e2e499127a757a9fa346603c347c0d36aae8d3b3 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:18:22 +0100 Subject: [PATCH 34/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 7be18627..f6ba269a 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -8,7 +8,7 @@ jobs: - name: Test secret run: | echo $DEVOPS #try to show the secret but you can't because it is encrypted - if [ $title == $DEVOPS ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + if [ "NoneOfYourBusiness" = "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else @@ -16,5 +16,5 @@ jobs: exit 1 fi env : - title: "${{ github.event.pull_request.title }}" - DEVOPS: "${{secrets.MYSECRET}}" #Get the secret in an environement variable + title: ${{ github.event.pull_request.title }} + DEVOPS: ${{secrets.MYSECRET}} #Get the secret in an environement variable From e7944a6f65f8c317b1eab15e638705782c37020a Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:19:11 +0100 Subject: [PATCH 35/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index f6ba269a..765bafad 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -8,7 +8,7 @@ jobs: - name: Test secret run: | echo $DEVOPS #try to show the secret but you can't because it is encrypted - if [ "NoneOfYourBusiness" = "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + if [ "NoneOfYourBusiness" == "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else From e45d0c3d44e27bfee0115578daf8bd4134eeda33 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:29:20 +0100 Subject: [PATCH 36/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 765bafad..64d44eed 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -6,6 +6,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Test secret + env : + title: ${{ github.event.pull_request.title }} + DEVOPS: ${{secrets.MYSECRET}} #Get the secret in an environement variable run: | echo $DEVOPS #try to show the secret but you can't because it is encrypted if [ "NoneOfYourBusiness" == "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. @@ -15,6 +18,3 @@ jobs: echo "Secret error!" exit 1 fi - env : - title: ${{ github.event.pull_request.title }} - DEVOPS: ${{secrets.MYSECRET}} #Get the secret in an environement variable From 76396984d3a7947e3a18ab68d3c67dd7fa40c30e Mon Sep 17 00:00:00 2001 From: cc-ca <90457794+cc-ca@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:35:23 +0100 Subject: [PATCH 37/46] Delete injection.yml --- .github/injection.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/injection.yml diff --git a/.github/injection.yml b/.github/injection.yml deleted file mode 100644 index 09b386ba..00000000 --- a/.github/injection.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: test-action -run-name: ${{ github.actor }} is learning GitHub Actions -on: [pull_request] -jobs: - check-bats-version: - runs-on: ubuntu-latest - steps: - - name: Check PR title - run: | - title="${{ github.event.pull_request.title }}" - if [[ $title =~ ^test ]]; then - echo $title - exit 0 - else - echo "Pas content" - exit 1 - fi From c0102d959f04ae40835267b694367e571c4969d3 Mon Sep 17 00:00:00 2001 From: cc-ca <90457794+cc-ca@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:36:11 +0100 Subject: [PATCH 38/46] Create injection.yml --- .github/workflows/injection.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/injection.yml diff --git a/.github/workflows/injection.yml b/.github/workflows/injection.yml new file mode 100644 index 00000000..09b386ba --- /dev/null +++ b/.github/workflows/injection.yml @@ -0,0 +1,17 @@ +name: test-action +run-name: ${{ github.actor }} is learning GitHub Actions +on: [pull_request] +jobs: + check-bats-version: + runs-on: ubuntu-latest + steps: + - name: Check PR title + run: | + title="${{ github.event.pull_request.title }}" + if [[ $title =~ ^test ]]; then + echo $title + exit 0 + else + echo "Pas content" + exit 1 + fi From 1ce810ff8145ff4de0ee6d3209cbf77d9db019b4 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:46:47 +0100 Subject: [PATCH 39/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 64d44eed..cddbc0a5 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -8,8 +8,8 @@ jobs: - name: Test secret env : title: ${{ github.event.pull_request.title }} - DEVOPS: ${{secrets.MYSECRET}} #Get the secret in an environement variable run: | + DEVOPS = ${{secrets.MYFIRSTSECRET}} #Get the secret in an environement variable echo $DEVOPS #try to show the secret but you can't because it is encrypted if [ "NoneOfYourBusiness" == "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" From 37829e3b9e771f6e9b38c31194b40ebfd5502560 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 17:49:20 +0100 Subject: [PATCH 40/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index cddbc0a5..33137f6b 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -9,7 +9,7 @@ jobs: env : title: ${{ github.event.pull_request.title }} run: | - DEVOPS = ${{secrets.MYFIRSTSECRET}} #Get the secret in an environement variable + $DEVOPS = ${{secrets.MYFIRSTSECRET}} #Get the secret in an environement variable echo $DEVOPS #try to show the secret but you can't because it is encrypted if [ "NoneOfYourBusiness" == "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" From dc0d66d5ce657631c2a8824bfda060dcfd7e8bee Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 18:00:10 +0100 Subject: [PATCH 41/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 33137f6b..3857c5ed 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -9,7 +9,7 @@ jobs: env : title: ${{ github.event.pull_request.title }} run: | - $DEVOPS = ${{secrets.MYFIRSTSECRET}} #Get the secret in an environement variable + DEVOPS = "${{secrets.MYFIRSTSECRET}}" #Get the secret in an environement variable echo $DEVOPS #try to show the secret but you can't because it is encrypted if [ "NoneOfYourBusiness" == "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" From 9fa1a9e0a7b7a460ef3cb53c3e91a1cbf9a06434 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 18:04:10 +0100 Subject: [PATCH 42/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 3857c5ed..61e9f948 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -8,10 +8,11 @@ jobs: - name: Test secret env : title: ${{ github.event.pull_request.title }} + DEVOPS: ${{secrets.MYFIRSTSECRET}} #Get the secret in an environement variable run: | - DEVOPS = "${{secrets.MYFIRSTSECRET}}" #Get the secret in an environement variable - echo $DEVOPS #try to show the secret but you can't because it is encrypted - if [ "NoneOfYourBusiness" == "$DEVOPS" ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + secret = "DEVOPS" + echo $secret #try to show the secret but you can't because it is encrypted + if [ "NoneOfYourBusiness" == $secret ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else From 8e5f172a046192aef40f999b1d5b86a1771495e5 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 18:06:22 +0100 Subject: [PATCH 43/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 61e9f948..3c65c1ab 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -8,11 +8,10 @@ jobs: - name: Test secret env : title: ${{ github.event.pull_request.title }} - DEVOPS: ${{secrets.MYFIRSTSECRET}} #Get the secret in an environement variable + #Get the secret in an environement variable run: | - secret = "DEVOPS" - echo $secret #try to show the secret but you can't because it is encrypted - if [ "NoneOfYourBusiness" == $secret ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + echo ${{secrets.MYFIRSTSECRET}} #try to show the secret but you can't because it is encrypted + if [ "NoneOfYourBusiness" == ${{secrets.MYFIRSTSECRET}} ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else From fd894623415f466f28f7ad6d7e0d6863c81fd445 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 18:10:00 +0100 Subject: [PATCH 44/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 3c65c1ab..4f4bdbcc 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -8,10 +8,11 @@ jobs: - name: Test secret env : title: ${{ github.event.pull_request.title }} - #Get the secret in an environement variable + run: | - echo ${{secrets.MYFIRSTSECRET}} #try to show the secret but you can't because it is encrypted - if [ "NoneOfYourBusiness" == ${{secrets.MYFIRSTSECRET}} ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + + echo ${{secrets.MYFIRSTSECRET}} #Get the secret and try to show it but you can't because it is encrypted + if [ title == ${{secrets.MYFIRSTSECRET}} ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else From 421881ecb8f0172cc24b509b9fdcd920310f900c Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 18:11:02 +0100 Subject: [PATCH 45/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 4f4bdbcc..0635fe5d 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -12,7 +12,7 @@ jobs: run: | echo ${{secrets.MYFIRSTSECRET}} #Get the secret and try to show it but you can't because it is encrypted - if [ title == ${{secrets.MYFIRSTSECRET}} ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + if [ "title" == ${{secrets.MYFIRSTSECRET}} ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else From 57180e50c9aeaf8f8eadfa0819b00a9d9aab9b58 Mon Sep 17 00:00:00 2001 From: Giraud-Pierre <90455112+Giraud-Pierre@users.noreply.github.com> Date: Mon, 13 Feb 2023 18:12:16 +0100 Subject: [PATCH 46/46] Update SecretTest.yaml --- .github/workflows/SecretTest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/SecretTest.yaml b/.github/workflows/SecretTest.yaml index 0635fe5d..7685b442 100644 --- a/.github/workflows/SecretTest.yaml +++ b/.github/workflows/SecretTest.yaml @@ -12,7 +12,7 @@ jobs: run: | echo ${{secrets.MYFIRSTSECRET}} #Get the secret and try to show it but you can't because it is encrypted - if [ "title" == ${{secrets.MYFIRSTSECRET}} ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. + if [ $title == ${{secrets.MYFIRSTSECRET}} ]; then #compare the secret to the pull request title. It is not supposed to be used like that but just to show what you can do. echo "You got the secret !" exit 0 else