dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,688 Commits 11 Branches 78 Tags
Commit Graph

16 Commits

Author SHA1 Message Date
neilnaveen
f3d8206a07
Set permissions for GitHub actions (#1228) 
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
 2022-04-09 12:54:32 +02:00
dependabot[bot]
56f5b0f0fa
Bump actions/cache from 2.1.7 to 3 (#1220) 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-26 14:33:06 +01:00
dependabot[bot]
984548ae88
Bump actions/checkout from 2 to 3 (#1213) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-09 14:52:49 +01:00
Nanne Baars
a42f8fcf75 No progress information for Maven 2021-12-20 16:45:06 +01:00
dependabot[bot]
48fd7f310e Bump actions/cache from 2.1.5 to 2.1.7 
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.5 to 2.1.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.5...v2.1.7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-23 13:21:52 +01:00
Nanne Baars
36bdd9b1a0 Rename master to main 2021-10-30 22:50:47 +02:00
Nanne Baars
6a92f651f8 Move to Java 17 2021-10-28 21:19:05 +02:00
Nanne Baars
e709a501cb
Remove develop from branches to build 
The PR already works on a merge commit with develop no need to build it once more afterwards
 2021-10-24 13:12:48 +02:00
Nanne Baars
76af488d16 Move Github actions to same image as Docker run on 2021-10-24 13:08:52 +02:00
Nanne Baars
541c424eb9
Ignore branch builds on our repository 2021-10-24 11:36:35 +02:00
Nanne Baars
be2a6aa0bd
Run only on branches 2021-10-24 11:25:15 +02:00
Nanne Baars
e5ab24a1fc
Revert all GH actions work 2021-10-24 10:22:30 +02:00
Nanne Baars
b0174a6b26
Revert all GH actions work 2021-10-24 10:20:27 +02:00
Nanne Baars
01d3453c41 Simplify Github actions 
Consolidate build steps to 1 script this way we don't run multiple builds for pushing a branch and create a PR.
 2021-10-24 09:30:00 +02:00
Nanne Baars
b79a9c6b2c Build should use Java 16 2021-10-02 17:49:42 +02:00
Nanne Baars
5adf1d1dd7
Renaming the actions 2021-09-30 17:11:08 +02:00