dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,689 Commits 11 Branches 78 Tags
Commit Graph

32 Commits

Author SHA1 Message Date
Nanne Baars
711649924b
Refactoring (#1201) 
* Some initial refactoring

* Make it one application

* Got it working

* Fix problem on Windows

* Move WebWolf

* Move first lesson

* Moved all lessons

* Fix pom.xml

* Fix tests

* Add option to initialize a lesson

This way we can create content for each user inside a lesson. The initialize method will be called when a new user is created or when a lesson reset happens

* Clean up pom.xml files

* Remove fetching labels based on language.

We only support English at the moment, all the lesson explanations are written in English which makes it very difficult to translate. If we only had labels it would make sense to support multiple languages

* Fix SonarLint issues

* And move it all to the main project

* Fix for documentation paths

* Fix pom warnings

* Remove PMD as it does not work

* Update release notes about refactoring

Update release notes about refactoring

Update release notes about refactoring

* Fix lesson template

* Update release notes

* Keep it in the same repo in Dockerhub

* Update documentation to show how the connection is obtained.

Resolves: #1180

* Rename all integration tests

* Remove command from Dockerfile

* Simplify GitHub actions

Currently, we use a separate actions for pull-requests and branch build.
This is now consolidated in one action.
The PR action triggers always, it now only trigger when the PR is
opened and not in draft.
Running all platforms on a branch build is a bit too much, it is better
 to only run all platforms when someone opens a PR.

* Remove duplicate entry from release notes

* Add explicit registry for base image

* Lesson scanner not working when fat jar

When running the fat jar we have to take into account we
are reading from the jar file and not the filesystem. In
this case you cannot use `getFile` for example.

* added info in README and fixed release docker

* changed base image and added ignore file

Co-authored-by: Zubcevic.com <rene@zubcevic.com>
 2022-04-09 14:56:12 +02:00
neilnaveen
f3d8206a07
Set permissions for GitHub actions (#1228) 
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
 2022-04-09 12:54:32 +02:00
dependabot[bot]
56f5b0f0fa
Bump actions/cache from 2.1.7 to 3 (#1220) 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-26 14:33:06 +01:00
dependabot[bot]
bed2eed8d8
Bump docker/build-push-action from 2.7.0 to 2.10.0 (#1218) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.7.0 to 2.10.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.7.0...v2.10.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-26 14:32:53 +01:00
dependabot[bot]
984548ae88
Bump actions/checkout from 2 to 3 (#1213) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-09 14:52:49 +01:00
dependabot[bot]
32475ea37e
Bump docker/login-action from 1.13.0 to 1.14.1 (#1214) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.13.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.13.0...v1.14.1)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-09 14:52:28 +01:00
dependabot[bot]
2332bf22a7
Bump docker/login-action from 1.12.0 to 1.13.0 (#1209) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-28 07:58:56 +01:00
dependabot[bot]
c5389f31c3 Bump docker/login-action from 1.9.0 to 1.12.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.9.0 to 1.12.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.9.0...v1.12.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-21 12:53:41 +01:00
Nanne Baars
a42f8fcf75 No progress information for Maven 2021-12-20 16:45:06 +01:00
dependabot[bot]
48fd7f310e Bump actions/cache from 2.1.5 to 2.1.7 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.5 to 2.1.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.5...v2.1.7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-23 13:21:52 +01:00
Nanne Baars
981fcb3ebc Move to different base image for Java 
This way we can also support arm/v7
 2021-10-24 13:08:40 +02:00
Nanne Baars
01d3453c41 Simplify Github actions 
Consolidate build steps to 1 script this way we don't run multiple builds for pushing a branch and create a PR.
 2021-10-24 09:30:00 +02:00
Jeroen Willemsen
9403bbb851 Cleaned up pom, added simple quality test action on push usable for forks of the repo 2021-09-29 11:40:33 +02:00
dependabot[bot]
8e47eac263 Bump docker/build-push-action from 2.4.0 to 2.7.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.4.0 to 2.7.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.4.0...v2.7.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-04 16:24:45 +02:00
Nanne Baars
a050fa9669
Support multiple platforms 2021-07-29 11:26:17 +03:00
Nanne Baars
486b81f8ec
Push image while releasing 2021-07-26 13:01:01 +03:00
René Zubcevic
3aa791bc1b
dependabot suggested updates (#1005) 2021-05-19 18:20:59 +02:00
Nanne Baars
d9712e7589 Add distribution tag for Java action v2 2021-04-22 20:32:57 +02:00
dependabot[bot]
cfe763f98d Bump actions/setup-java from v1 to v2 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from v1 to v2.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v1...8764a52df183aa0ccea74521dfd9d506ffc7a19a)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-22 20:32:57 +02:00
dependabot[bot]
30abcc0a1a Bump actions/cache from v2.1.4 to v2.1.5 
Bumps [actions/cache](https://github.com/actions/cache) from v2.1.4 to v2.1.5.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.4...1a9e2138d905efd099035b49d8b7a3888c653ca8)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-16 13:33:37 +02:00
Nanne Baars
721edc9985 Move WebGoat to Java 15 2021-04-03 10:58:08 +02:00
Nanne Baars
c574a6610b Make sure the release is behind approval 2021-03-31 19:31:13 +02:00
Nanne Baars
ae6d448aa0 Replace ${revision} with real version as Maven 
The CI pipeline should take care of this.
 2021-03-31 19:31:13 +02:00
Nanne Baars
3300c47c03 WIP 2021-03-30 16:03:57 +02:00
Nanne Baars
d077a76063 WIP 2021-03-30 16:02:06 +02:00
Nanne Baars
43d13dd1f9 WIP 2021-03-30 16:01:05 +02:00
Nanne Baars
072d99040f WIP 2021-03-30 15:55:18 +02:00
Nanne Baars
4d5968da1a WIP 2021-03-30 15:54:04 +02:00
Nanne Baars
5a3843cf1f WIP 2021-03-30 12:36:48 +02:00
Nanne Baars
5fd0f03fd4 WIP 2021-03-30 11:12:41 +02:00
dependabot[bot]
1cd115ace5 Bump actions/cache from v2 to v2.1.4 
Bumps [actions/cache](https://github.com/actions/cache) from v2 to v2.1.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2...26968a09c0ea4f3e233fdddbafd1166051a095f6)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-29 12:12:05 +02:00
René Zubcevic
459d9ad74c Move away from Travis to Github actions 2021-03-29 07:30:03 +02:00