dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,688 Commits 11 Branches 78 Tags
Commit Graph

82 Commits

Author SHA1 Message Date
neilnaveen
f3d8206a07
Set permissions for GitHub actions (#1228) 
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
 2022-04-09 12:54:32 +02:00
dependabot[bot]
56f5b0f0fa
Bump actions/cache from 2.1.7 to 3 (#1220) 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-26 14:33:06 +01:00
dependabot[bot]
bed2eed8d8
Bump docker/build-push-action from 2.7.0 to 2.10.0 (#1218) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.7.0 to 2.10.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.7.0...v2.10.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-26 14:32:53 +01:00
dependabot[bot]
984548ae88
Bump actions/checkout from 2 to 3 (#1213) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-09 14:52:49 +01:00
dependabot[bot]
32475ea37e
Bump docker/login-action from 1.13.0 to 1.14.1 (#1214) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.13.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.13.0...v1.14.1)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-09 14:52:28 +01:00
dependabot[bot]
2332bf22a7
Bump docker/login-action from 1.12.0 to 1.13.0 (#1209) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-28 07:58:56 +01:00
dependabot[bot]
c5389f31c3 Bump docker/login-action from 1.9.0 to 1.12.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.9.0 to 1.12.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.9.0...v1.12.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-21 12:53:41 +01:00
Nanne Baars
a42f8fcf75 No progress information for Maven 2021-12-20 16:45:06 +01:00
dependabot[bot]
48fd7f310e Bump actions/cache from 2.1.5 to 2.1.7 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.5 to 2.1.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.5...v2.1.7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-23 13:21:52 +01:00
Nanne Baars
36bdd9b1a0 Rename master to main 2021-10-30 22:50:47 +02:00
Nanne Baars
6a92f651f8 Move to Java 17 2021-10-28 21:19:05 +02:00
Nanne Baars
e709a501cb
Remove develop from branches to build 
The PR already works on a merge commit with develop no need to build it once more afterwards
 2021-10-24 13:12:48 +02:00
Nanne Baars
76af488d16 Move Github actions to same image as Docker run on 2021-10-24 13:08:52 +02:00
Nanne Baars
981fcb3ebc Move to different base image for Java 
This way we can also support arm/v7
 2021-10-24 13:08:40 +02:00
Nanne Baars
cc0d0fa2a6
Ignore branch builds on main repository 2021-10-24 11:51:47 +02:00
Nanne Baars
a4104fdf8b
Ignore branch builds on our repository 2021-10-24 11:43:03 +02:00
Nanne Baars
720414eba6
Ignore branch builds on our repository 2021-10-24 11:40:13 +02:00
Nanne Baars
541c424eb9
Ignore branch builds on our repository 2021-10-24 11:36:35 +02:00
Nanne Baars
be2a6aa0bd
Run only on branches 2021-10-24 11:25:15 +02:00
Nanne Baars
e5ab24a1fc
Revert all GH actions work 2021-10-24 10:22:30 +02:00
Nanne Baars
b0174a6b26
Revert all GH actions work 2021-10-24 10:20:27 +02:00
Nanne Baars
cb8739ac06
Simplify Github actions 2021-10-24 10:16:52 +02:00
Nanne Baars
672d752e0e
Simplify Github actions 2021-10-24 10:02:36 +02:00
Nanne Baars
8241d98a38
Simplify Github actions 2021-10-24 10:01:53 +02:00
Nanne Baars
86d3868d9e
Simplify Github actions 2021-10-24 10:00:30 +02:00
Nanne Baars
2f007babec
Simplify Github actions 2021-10-24 09:59:35 +02:00
Nanne Baars
7742444a99
Simplify Github actions 2021-10-24 09:58:28 +02:00
Nanne Baars
98bcef9a5e
Simplify Github actions 2021-10-24 09:44:57 +02:00
Nanne Baars
c3f9772a27
Simplify Github actions 2021-10-24 09:39:37 +02:00
Nanne Baars
01d3453c41 Simplify Github actions 
Consolidate build steps to 1 script this way we don't run multiple builds for pushing a branch and create a PR.
 2021-10-24 09:30:00 +02:00
Nanne Baars
9e15e95001 Remove signoff action as it will not work with forked repositories 2021-10-02 17:49:42 +02:00
Nanne Baars
dc71975f27 No need to do mvn clean 2021-10-02 17:49:42 +02:00
Nanne Baars
b79a9c6b2c Build should use Java 16 2021-10-02 17:49:42 +02:00
Nanne Baars
8e6d87d429
Remove unnecessary action 2021-09-30 18:53:27 +02:00
Nanne Baars
5adf1d1dd7
Renaming the actions 2021-09-30 17:11:08 +02:00
Nanne Baars
5164514789
Remove Slack integration from build as it needs a token and will never work when PR is received from a fork. 2021-09-30 17:09:21 +02:00
Nanne Baars
f28bb09724
Remove action 2021-09-30 16:54:52 +02:00
dependabot[bot]
7602781a5b Bump actions/github-script from 0.3.0 to 5 
Bumps [actions/github-script](https://github.com/actions/github-script) from 0.3.0 to 5.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/0.3.0...v5)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-30 11:46:52 +02:00
Nanne Baars
fbf18440fb
Revert "Use CLA again and add action to recheck it" 
This reverts commit b7a1edd0
 2021-09-29 20:02:42 +02:00
Nanne Baars
b7a1edd04a
Use CLA again and add action to recheck it 2021-09-29 19:56:22 +02:00
Nanne Baars
14bb53d43a
Add action to warn against PR against master (should be develop) 2021-09-29 19:00:29 +02:00
Nanne Baars
906ab766df
Add action to warn against PR against master (should be develop) 2021-09-29 18:57:29 +02:00
Nanne Baars
902af04dd4
Add action to warn against PR against master (should be develop) 2021-09-29 18:45:00 +02:00
Nanne Baars
05bef55c80
Add action to warn against PR against master (should be develop) 2021-09-29 18:42:25 +02:00
Nanne Baars
5933d226af
Add action to warn against PR against master (should be develop) 2021-09-29 18:31:19 +02:00
Nanne Baars
b7ff89243a
Add action to warn against PR against master (should be develop) 2021-09-29 18:23:11 +02:00
Nanne Baars
835104c88f
Add action to warn against PR against master (should be develop) 2021-09-29 18:21:33 +02:00
Nanne Baars
246b4de1b8
Add action to warn against PR against master (should be develop) 2021-09-29 18:20:08 +02:00
Nanne Baars
49109154a8
Add action to warn against PR against master (should be develop) 2021-09-29 18:12:22 +02:00
Jeroen Willemsen
68a69e9b07 Updated stale to only have those that require input from a user 2021-09-29 14:56:06 +02:00