diff --git a/.github/workflows/alibabacloud.yml b/.github/workflows/alibabacloud.yml
new file mode 100644
index 0000000..94a15c4
--- /dev/null
+++ b/.github/workflows/alibabacloud.yml
@@ -0,0 +1,122 @@
+# This workflow will build and push a new container image to Alibaba Cloud Container Registry (ACR),
+# and then will deploy it to Alibaba Cloud Container Service for Kubernetes (ACK), when there is a push to the "main" branch.
+#
+# To use this workflow, you will need to complete the following set-up steps:
+#
+# 1. Create an ACR repository to store your container images.
+# You can use ACR EE instance for more security and better performance.
+# For instructions see https://www.alibabacloud.com/help/doc-detail/142168.htm
+#
+# 2. Create an ACK cluster to run your containerized application.
+# You can use ACK Pro cluster for more security and better performance.
+# For instructions see https://www.alibabacloud.com/help/doc-detail/95108.htm
+#
+# 3. Store your AccessKey pair in GitHub Actions secrets named `ACCESS_KEY_ID` and `ACCESS_KEY_SECRET`.
+# For instructions on setting up secrets see: https://developer.github.com/actions/managing-workflows/storing-secrets/
+#
+# 4. Change the values for the REGION_ID, REGISTRY, NAMESPACE, IMAGE, ACK_CLUSTER_ID, and ACK_DEPLOYMENT_NAME.
+#
+
+name: Build and Deploy to ACK
+
+on:
+ push:
+ branches: [ "main" ]
+
+# Environment variables available to all jobs and steps in this workflow.
+env:
+ REGION_ID: cn-hangzhou
+ REGISTRY: registry.cn-hangzhou.aliyuncs.com
+ NAMESPACE: namespace
+ IMAGE: repo
+ TAG: ${{ github.sha }}
+ ACK_CLUSTER_ID: clusterID
+ ACK_DEPLOYMENT_NAME: nginx-deployment
+
+ ACR_EE_REGISTRY: myregistry.cn-hangzhou.cr.aliyuncs.com
+ ACR_EE_INSTANCE_ID: instanceID
+ ACR_EE_NAMESPACE: namespace
+ ACR_EE_IMAGE: repo
+ ACR_EE_TAG: ${{ github.sha }}
+
+permissions:
+ contents: read
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ environment: production
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ # 1.1 Login to ACR
+ - name: Login to ACR with the AccessKey pair
+ uses: aliyun/acr-login@v1
+ with:
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+
+ # 1.2 Build and push image to ACR
+ - name: Build and push image to ACR
+ run: |
+ docker build --tag "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" .
+ docker push "$REGISTRY/$NAMESPACE/$IMAGE:$TAG"
+
+ # 1.3 Scan image in ACR
+ - name: Scan image in ACR
+ uses: aliyun/acr-scan@v1
+ with:
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ repository: "${{ env.NAMESPACE }}/${{ env.IMAGE }}"
+ tag: "${{ env.TAG }}"
+
+ # 2.1 (Optional) Login to ACR EE
+ - uses: actions/checkout@v4
+ - name: Login to ACR EE with the AccessKey pair
+ uses: aliyun/acr-login@v1
+ with:
+ login-server: "https://${{ env.ACR_EE_REGISTRY }}"
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ instance-id: "${{ env.ACR_EE_INSTANCE_ID }}"
+
+ # 2.2 (Optional) Build and push image ACR EE
+ - name: Build and push image to ACR EE
+ run: |
+ docker build -t "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" .
+ docker push "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG"
+ # 2.3 (Optional) Scan image in ACR EE
+ - name: Scan image in ACR EE
+ uses: aliyun/acr-scan@v1
+ with:
+ region-id: "${{ env.REGION_ID }}"
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ instance-id: "${{ env.ACR_EE_INSTANCE_ID }}"
+ repository: "${{ env.ACR_EE_NAMESPACE}}/${{ env.ACR_EE_IMAGE }}"
+ tag: "${{ env.ACR_EE_TAG }}"
+
+ # 3.1 Set ACK context
+ - name: Set K8s context
+ uses: aliyun/ack-set-context@v1
+ with:
+ access-key-id: "${{ secrets.ACCESS_KEY_ID }}"
+ access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}"
+ cluster-id: "${{ env.ACK_CLUSTER_ID }}"
+
+ # 3.2 Deploy the image to the ACK cluster
+ - name: Set up Kustomize
+ run: |-
+ curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash /dev/stdin 3.8.6
+ - name: Deploy
+ run: |-
+ ./kustomize edit set image REGISTRY/NAMESPACE/IMAGE:TAG=$REGISTRY/$NAMESPACE/$IMAGE:$TAG
+ ./kustomize build . | kubectl apply -f -
+ kubectl rollout status deployment/$ACK_DEPLOYMENT_NAME
+ kubectl get services -o wide
diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml
new file mode 100644
index 0000000..2f633b6
--- /dev/null
+++ b/.github/workflows/android.yml
@@ -0,0 +1,26 @@
+name: Android CI
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: set up JDK 11
+ uses: actions/setup-java@v4
+ with:
+ java-version: '11'
+ distribution: 'temurin'
+ cache: gradle
+
+ - name: Grant execute permission for gradlew
+ run: chmod +x gradlew
+ - name: Build with Gradle
+ run: ./gradlew build
diff --git a/.github/workflows/ant.yml b/.github/workflows/ant.yml
new file mode 100644
index 0000000..06fc807
--- /dev/null
+++ b/.github/workflows/ant.yml
@@ -0,0 +1,25 @@
+# This workflow will build a Java project with Ant
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-ant
+
+name: Java CI
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: Set up JDK 11
+ uses: actions/setup-java@v4
+ with:
+ java-version: '11'
+ distribution: 'temurin'
+ - name: Build with Ant
+ run: ant -noinput -buildfile build.xml
diff --git a/.github/workflows/apisec-scan.yml b/.github/workflows/apisec-scan.yml
new file mode 100644
index 0000000..f609e4b
--- /dev/null
+++ b/.github/workflows/apisec-scan.yml
@@ -0,0 +1,71 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# APIsec addresses the critical need to secure APIs before they reach production.
+# APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.
+# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
+
+# How to Get Started with APIsec.ai
+# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
+#
+# 2. Register your account at https://cloud.apisec.ai/#/signup .
+#
+# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
+#
+# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
+#
+# apisec-run-scan
+#
+# This action triggers the on-demand scans for projects registered in APIsec.
+# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings.
+# Else you can view the scan results from the project home page in APIsec Platform.
+# The link to view the scan results is also displayed on the console on successful completion of action.
+
+# This is a starter workflow to help you get started with APIsec-Scan Actions
+
+name: APIsec
+
+# Controls when the workflow will run
+on:
+ # Triggers the workflow on push or pull request events but only for the "main" branch
+ # Customize trigger events based on your DevSecOps processes.
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+ schedule:
+ - cron: '15 11 * * 6'
+
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+
+
+permissions:
+ contents: read
+
+jobs:
+
+ Trigger_APIsec_scan:
+ permissions:
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: APIsec scan
+ uses: apisec-inc/apisec-run-scan@025432089674a28ba8fb55f8ab06c10215e772ea
+ with:
+ # The APIsec username with which the scans will be executed
+ apisec-username: ${{ secrets.apisec_username }}
+ # The Password of the APIsec user with which the scans will be executed
+ apisec-password: ${{ secrets.apisec_password}}
+ # The name of the project for security scan
+ apisec-project: "VAmPI"
+ # The name of the sarif format result file The file is written only if this property is provided.
+ sarif-result-file: "apisec-results.sarif"
+ - name: Import results
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: ./apisec-results.sarif
diff --git a/.github/workflows/appknox.yml b/.github/workflows/appknox.yml
new file mode 100644
index 0000000..ab4e3d7
--- /dev/null
+++ b/.github/workflows/appknox.yml
@@ -0,0 +1,54 @@
+# This workflow uses actions that are not certified by GitHub. They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support documentation.
+#
+# Appknox: Leader in Mobile Application Security Testing Solutions
+#
+# To use this workflow, you must be an existing Appknox customer with GitHub Advanced Security (GHAS) enabled for your
+# repository.
+#
+# If you *are not* an existing customer, click here to contact us for licensing and pricing details:
+# .
+#
+# Instructions:
+#
+# 1. In your repository settings, navigate to 'Secrets' and click on 'New repository secret.' Name the
+# secret APPKNOX_ACCESS_TOKEN and paste your appknox user token into the value field. If you don't have a appknox token
+# or need to generate a new one for GitHub, visit the Appknox Platform, go to Account Settings->Developer Settings
+# and create a token labeled GitHub
+#
+# 2. Refer to the detailed workflow below, make any required adjustments, and then save it to your repository. After the
+# action executes, check the 'Security' tab for results
+
+name: Appknox
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+jobs:
+ appknox:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout Code
+ uses: actions/checkout@v4
+
+ - name: Grant execute permission for gradlew
+ run: chmod +x gradlew
+
+ - name: Build the app
+ run: ./gradlew build # Update this to build your Android or iOS application
+
+ - name: Appknox GitHub action
+ uses: appknox/appknox-github-action@b7d2bfb2321d5544e97bffcba48557234ab953a4
+ with:
+ appknox_access_token: ${{ secrets.APPKNOX_ACCESS_TOKEN }}
+ file_path: app/build/outputs/apk/debug/app-debug.apk # Specify the path to your .ipa or .apk here
+ risk_threshold: MEDIUM # Update this to desired risk threshold [LOW, MEDIUM, HIGH, CRITICAL]
+ sarif: Enable
+
+ - name: Upload SARIF to GHAS
+ if: always()
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: report.sarif
diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml
new file mode 100644
index 0000000..a8219c4
--- /dev/null
+++ b/.github/workflows/aws.yml
@@ -0,0 +1,94 @@
+# This workflow will build and push a new container image to Amazon ECR,
+# and then will deploy a new task definition to Amazon ECS, when there is a push to the "main" branch.
+#
+# To use this workflow, you will need to complete the following set-up steps:
+#
+# 1. Create an ECR repository to store your images.
+# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`.
+# Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name.
+# Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region.
+#
+# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
+# For example, follow the Getting Started guide on the ECS console:
+# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
+# Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service.
+# Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster.
+#
+# 3. Store your ECS task definition as a JSON file in your repository.
+# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
+# Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file.
+# Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container
+# in the `containerDefinitions` section of the task definition.
+#
+# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
+# See the documentation for each action used below for the recommended IAM policies for this IAM user,
+# and best practices on handling the access key credentials.
+
+name: Deploy to Amazon ECS
+
+on:
+ push:
+ branches: [ "main" ]
+
+env:
+ AWS_REGION: MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1
+ ECR_REPOSITORY: MY_ECR_REPOSITORY # set this to your Amazon ECR repository name
+ ECS_SERVICE: MY_ECS_SERVICE # set this to your Amazon ECS service name
+ ECS_CLUSTER: MY_ECS_CLUSTER # set this to your Amazon ECS cluster name
+ ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
+ # file, e.g. .aws/task-definition.json
+ CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the
+ # containerDefinitions section of your task definition
+
+permissions:
+ contents: read
+
+jobs:
+ deploy:
+ name: Deploy
+ runs-on: ubuntu-latest
+ environment: production
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Configure AWS credentials
+ uses: aws-actions/configure-aws-credentials@v1
+ with:
+ aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ aws-region: ${{ env.AWS_REGION }}
+
+ - name: Login to Amazon ECR
+ id: login-ecr
+ uses: aws-actions/amazon-ecr-login@v1
+
+ - name: Build, tag, and push image to Amazon ECR
+ id: build-image
+ env:
+ ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+ IMAGE_TAG: ${{ github.sha }}
+ run: |
+ # Build a docker container and
+ # push it to ECR so that it can
+ # be deployed to ECS.
+ docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+ docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+ echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+ - name: Fill in the new image ID in the Amazon ECS task definition
+ id: task-def
+ uses: aws-actions/amazon-ecs-render-task-definition@v1
+ with:
+ task-definition: ${{ env.ECS_TASK_DEFINITION }}
+ container-name: ${{ env.CONTAINER_NAME }}
+ image: ${{ steps.build-image.outputs.image }}
+
+ - name: Deploy Amazon ECS task definition
+ uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+ with:
+ task-definition: ${{ steps.task-def.outputs.task-definition }}
+ service: ${{ env.ECS_SERVICE }}
+ cluster: ${{ env.ECS_CLUSTER }}
+ wait-for-service-stability: true
diff --git a/.github/workflows/azure-functions-app-java.yml b/.github/workflows/azure-functions-app-java.yml
new file mode 100644
index 0000000..260d08b
--- /dev/null
+++ b/.github/workflows/azure-functions-app-java.yml
@@ -0,0 +1,65 @@
+# This workflow will build a Java project and deploy it to an Azure Functions App on Windows or Linux when a commit is pushed to your default branch.
+#
+# This workflow assumes you have already created the target Azure Functions app.
+# For instructions see https://learn.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-java
+#
+# To configure this workflow:
+# 1. Set up the following secrets in your repository:
+# - AZURE_FUNCTIONAPP_PUBLISH_PROFILE
+# 2. Change env variables for your configuration.
+#
+# For more information on:
+# - GitHub Actions for Azure: https://github.com/Azure/Actions
+# - Azure Functions Action: https://github.com/Azure/functions-action
+# - Publish Profile: https://github.com/Azure/functions-action#using-publish-profile-as-deployment-credential-recommended
+# - Azure Service Principal for RBAC: https://github.com/Azure/functions-action#using-azure-service-principal-for-rbac-as-deployment-credential
+#
+# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples/tree/master/FunctionApp
+
+name: Deploy Java project to Azure Function App
+
+on:
+ push:
+ branches: ["main"]
+
+env:
+ AZURE_FUNCTIONAPP_NAME: 'your-app-name' # set this to your function app name on Azure
+ POM_XML_DIRECTORY: '.' # set this to the directory which contains pom.xml file
+ DISTRIBUTION: 'zulu' # set this to the java version to use (e.g. 'zulu', 'temurin', 'microsoft')
+ JAVA_VERSION: '8' # set this to the java version to use (e.g. '8', '11', '17')
+
+jobs:
+ build-and-deploy:
+ runs-on: windows-latest # For Linux, use ubuntu-latest
+ environment: dev
+ steps:
+ - name: 'Checkout GitHub Action'
+ uses: actions/checkout@v4
+
+ # If you want to use Azure RBAC instead of Publish Profile, then uncomment the task below
+ # - name: 'Login via Azure CLI'
+ # uses: azure/login@v1
+ # with:
+ # creds: ${{ secrets.AZURE_RBAC_CREDENTIALS }} # set up AZURE_RBAC_CREDENTIALS secrets in your repository
+
+ - name: Setup Java Sdk ${{ env.JAVA_VERSION }}
+ uses: actions/setup-java@v4
+ with:
+ distribution: ${{ env.DISTRIBUTION }}
+ java-version: ${{ env.JAVA_VERSION }}
+
+ - name: 'Restore Project Dependencies Using Mvn'
+ shell: pwsh # For Linux, use bash
+ run: |
+ pushd './${{ env.POM_XML_DIRECTORY }}'
+ mvn clean package
+ popd
+
+ - name: 'Run Azure Functions Action'
+ uses: Azure/functions-action@v1
+ id: fa
+ with:
+ app-name: ${{ env.AZURE_FUNCTIONAPP_NAME }}
+ package: '${{ env.POM_XML_DIRECTORY }}' # if there are multiple function apps in same project, then this path will be like './${{ env.POM_XML_DIRECTORY }}/target/azure-functions/${{ env.POM_FUNCTIONAPP_NAME }'
+ publish-profile: ${{ secrets.AZURE_FUNCTIONAPP_PUBLISH_PROFILE }} # Remove publish-profile to use Azure RBAC
+ respect-pom-xml: true
diff --git a/.github/workflows/azure-webapps-java-jar.yml b/.github/workflows/azure-webapps-java-jar.yml
new file mode 100644
index 0000000..5fd4f9a
--- /dev/null
+++ b/.github/workflows/azure-webapps-java-jar.yml
@@ -0,0 +1,79 @@
+# This workflow will build and push a Java application to an Azure Web App when a commit is pushed to your default branch.
+#
+# This workflow assumes you have already created the target Azure App Service web app.
+# For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-java?tabs=javase&pivots=platform-linux
+#
+# To configure this workflow:
+#
+# 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal.
+# For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials
+#
+# 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret.
+# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret
+#
+# 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the JAVA_VERSION environment variable below.
+#
+# For more information on GitHub Actions for Azure: https://github.com/Azure/Actions
+# For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
+# For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples
+
+name: Build and deploy JAR app to Azure Web App
+
+env:
+ AZURE_WEBAPP_NAME: your-app-name # set this to the name of your Azure Web App
+ JAVA_VERSION: '11' # set this to the Java version to use
+ DISTRIBUTION: zulu # set this to the Java distribution
+
+on:
+ push:
+ branches: [ "main" ]
+ workflow_dispatch:
+
+permissions:
+ contents: read
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Set up Java version
+ uses: actions/setup-java@v4
+ with:
+ java-version: ${{ env.JAVA_VERSION }}
+ distribution: ${{ env.DISTRIBUTION }}
+ cache: 'maven'
+
+ - name: Build with Maven
+ run: mvn clean install
+
+ - name: Upload artifact for deployment job
+ uses: actions/upload-artifact@v4
+ with:
+ name: java-app
+ path: '${{ github.workspace }}/target/*.jar'
+
+ deploy:
+ permissions:
+ contents: none
+ runs-on: ubuntu-latest
+ needs: build
+ environment:
+ name: 'Development'
+ url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
+
+ steps:
+ - name: Download artifact from build job
+ uses: actions/download-artifact@v4
+ with:
+ name: java-app
+
+ - name: Deploy to Azure Web App
+ id: deploy-to-webapp
+ uses: azure/webapps-deploy@v2
+ with:
+ app-name: ${{ env.AZURE_WEBAPP_NAME }}
+ publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
+ package: '*.jar'
diff --git a/.github/workflows/clojure.yml b/.github/workflows/clojure.yml
new file mode 100644
index 0000000..5894814
--- /dev/null
+++ b/.github/workflows/clojure.yml
@@ -0,0 +1,19 @@
+name: Clojure CI
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: Install dependencies
+ run: lein deps
+ - name: Run tests
+ run: lein test
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..6969cf3
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,100 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+ schedule:
+ - cron: '31 7 * * 0'
+
+jobs:
+ analyze:
+ name: Analyze (${{ matrix.language }})
+ # Runner size impacts CodeQL analysis time. To learn more, please see:
+ # - https://gh.io/recommended-hardware-resources-for-running-codeql
+ # - https://gh.io/supported-runners-and-hardware-resources
+ # - https://gh.io/using-larger-runners (GitHub.com only)
+ # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+ runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+ permissions:
+ # required for all workflows
+ security-events: write
+
+ # required to fetch internal or private CodeQL packs
+ packages: read
+
+ # only required for workflows in private repositories
+ actions: read
+ contents: read
+
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - language: actions
+ build-mode: none
+ - language: java-kotlin
+ build-mode: none # This mode only analyzes Java. Set this to 'autobuild' or 'manual' to analyze Kotlin too.
+ # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
+ # Use `c-cpp` to analyze code written in C, C++ or both
+ # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+ # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+ # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+ # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+ # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+ # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ # Add any setup steps before running the `github/codeql-action/init` action.
+ # This includes steps like installing compilers or runtimes (`actions/setup-node`
+ # or others). This is typically only required for manual builds.
+ # - name: Setup runtime (example)
+ # uses: actions/setup-example@v1
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v3
+ with:
+ languages: ${{ matrix.language }}
+ build-mode: ${{ matrix.build-mode }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+
+ # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # queries: security-extended,security-and-quality
+
+ # If the analyze step fails for one of the languages you are analyzing with
+ # "We were unable to automatically build your code", modify the matrix above
+ # to set the build mode to "manual" for that language. Then modify this step
+ # to build your code.
+ # ℹ️ Command-line programs to run using the OS shell.
+ # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+ - if: matrix.build-mode == 'manual'
+ shell: bash
+ run: |
+ echo 'If you are using a "manual" build mode for one or more of the' \
+ 'languages you are analyzing, replace this with the commands to build' \
+ 'your code, for example:'
+ echo ' make bootstrap'
+ echo ' make release'
+ exit 1
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v3
+ with:
+ category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 0000000..d19e21b
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,39 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable
+# packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency review'
+on:
+ pull_request:
+ branches: [ "main" ]
+
+# If using a dependency submission action in this workflow this permission will need to be set to:
+#
+# permissions:
+# contents: write
+#
+# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api
+permissions:
+ contents: read
+ # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option
+ pull-requests: write
+
+jobs:
+ dependency-review:
+ runs-on: ubuntu-latest
+ steps:
+ - name: 'Checkout repository'
+ uses: actions/checkout@v4
+ - name: 'Dependency Review'
+ uses: actions/dependency-review-action@v4
+ # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
+ with:
+ comment-summary-in-pr: always
+ # fail-on-severity: moderate
+ # deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later
+ # retry-on-snapshot-warnings: true
diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
new file mode 100644
index 0000000..35c829b
--- /dev/null
+++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
@@ -0,0 +1,66 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow lets you generate SLSA provenance file for your project.
+# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements
+# The project is an initiative of the OpenSSF (openssf.org) and is developed at
+# https://github.com/slsa-framework/slsa-github-generator.
+# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier.
+# For more information about SLSA and how it improves the supply-chain, visit slsa.dev.
+
+name: SLSA generic generator
+on:
+ workflow_dispatch:
+ release:
+ types: [created]
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ outputs:
+ digests: ${{ steps.hash.outputs.digests }}
+
+ steps:
+ - uses: actions/checkout@v4
+
+ # ========================================================
+ #
+ # Step 1: Build your artifacts.
+ #
+ # ========================================================
+ - name: Build artifacts
+ run: |
+ # These are some amazing artifacts.
+ echo "artifact1" > artifact1
+ echo "artifact2" > artifact2
+
+ # ========================================================
+ #
+ # Step 2: Add a step to generate the provenance subjects
+ # as shown below. Update the sha256 sum arguments
+ # to include all binaries that you generate
+ # provenance for.
+ #
+ # ========================================================
+ - name: Generate subject for provenance
+ id: hash
+ run: |
+ set -euo pipefail
+
+ # List the artifacts the provenance will refer to.
+ files=$(ls artifact*)
+ # Generate the subjects (base64 encoded).
+ echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}"
+
+ provenance:
+ needs: [build]
+ permissions:
+ actions: read # To read the workflow path.
+ id-token: write # To sign the provenance.
+ contents: write # To add assets to a release.
+ uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
+ with:
+ base64-subjects: "${{ needs.build.outputs.digests }}"
+ upload-assets: true # Optional: Upload to a new release
diff --git a/.github/workflows/google.yml b/.github/workflows/google.yml
new file mode 100644
index 0000000..0b5c7d1
--- /dev/null
+++ b/.github/workflows/google.yml
@@ -0,0 +1,116 @@
+# This workflow will build a docker container, publish it to Google Container
+# Registry, and deploy it to GKE when there is a push to the "main"
+# branch.
+#
+# To configure this workflow:
+#
+# 1. Enable the following Google Cloud APIs:
+#
+# - Artifact Registry (artifactregistry.googleapis.com)
+# - Google Kubernetes Engine (container.googleapis.com)
+# - IAM Credentials API (iamcredentials.googleapis.com)
+#
+# You can learn more about enabling APIs at
+# https://support.google.com/googleapi/answer/6158841.
+#
+# 2. Ensure that your repository contains the necessary configuration for your
+# Google Kubernetes Engine cluster, including deployment.yml,
+# kustomization.yml, service.yml, etc.
+#
+# 3. Create and configure a Workload Identity Provider for GitHub:
+# https://github.com/google-github-actions/auth#preferred-direct-workload-identity-federation.
+#
+# Depending on how you authenticate, you will need to grant an IAM principal
+# permissions on Google Cloud:
+#
+# - Artifact Registry Administrator (roles/artifactregistry.admin)
+# - Kubernetes Engine Developer (roles/container.developer)
+#
+# You can learn more about setting IAM permissions at
+# https://cloud.google.com/iam/docs/manage-access-other-resources
+#
+# 5. Change the values in the "env" block to match your values.
+
+name: 'Build and Deploy to GKE'
+
+on:
+ push:
+ branches:
+ - '"main"'
+
+env:
+ PROJECT_ID: 'my-project' # TODO: update to your Google Cloud project ID
+ GAR_LOCATION: 'us-central1' # TODO: update to your region
+ GKE_CLUSTER: 'cluster-1' # TODO: update to your cluster name
+ GKE_ZONE: 'us-central1-c' # TODO: update to your cluster zone
+ DEPLOYMENT_NAME: 'gke-test' # TODO: update to your deployment name
+ REPOSITORY: 'samples' # TODO: update to your Artifact Registry docker repository name
+ IMAGE: 'static-site'
+ WORKLOAD_IDENTITY_PROVIDER: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' # TODO: update to your workload identity provider
+
+jobs:
+ setup-build-publish-deploy:
+ name: 'Setup, Build, Publish, and Deploy'
+ runs-on: 'ubuntu-latest'
+ environment: 'production'
+
+ permissions:
+ contents: 'read'
+ id-token: 'write'
+
+ steps:
+ - name: 'Checkout'
+ uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # actions/checkout@v4
+
+ # Configure Workload Identity Federation and generate an access token.
+ #
+ # See https://github.com/google-github-actions/auth for more options,
+ # including authenticating via a JSON credentials file.
+ - id: 'auth'
+ name: 'Authenticate to Google Cloud'
+ uses: 'google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2' # google-github-actions/auth@v2
+ with:
+ workload_identity_provider: '${{ env.WORKLOAD_IDENTITY_PROVIDER }}'
+
+ # Authenticate Docker to Google Cloud Artifact Registry
+ - name: 'Docker Auth'
+ uses: 'docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567' # docker/login-action@v3
+ with:
+ username: 'oauth2accesstoken'
+ password: '${{ steps.auth.outputs.auth_token }}'
+ registry: '${{ env.GAR_LOCATION }}-docker.pkg.dev'
+
+ # Get the GKE credentials so we can deploy to the cluster
+ - name: 'Set up GKE credentials'
+ uses: 'google-github-actions/get-gke-credentials@6051de21ad50fbb1767bc93c11357a49082ad116' # google-github-actions/get-gke-credentials@v2
+ with:
+ cluster_name: '${{ env.GKE_CLUSTER }}'
+ location: '${{ env.GKE_ZONE }}'
+
+ # Build the Docker image
+ - name: 'Build and push Docker container'
+ run: |-
+ DOCKER_TAG="${GAR_LOCATION}-docker.pkg.dev/${PROJECT_ID}/${REPOSITORY}/${IMAGE}:${GITHUB_SHA}"
+
+ docker build \
+ --tag "${DOCKER_TAG}" \
+ --build-arg GITHUB_SHA="${GITHUB_SHA}" \
+ --build-arg GITHUB_REF="${GITHUB_REF}" \
+ .
+
+ docker push "${DOCKER_TAG}"
+
+ # Set up kustomize
+ - name: 'Set up Kustomize'
+ run: |-
+ curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.4.3/kustomize_v5.4.3_linux_amd64.tar.gz
+ chmod u+x ./kustomize
+
+ # Deploy the Docker image to the GKE cluster
+ - name: 'Deploy to GKE'
+ run: |-
+ # replacing the image name in the k8s template
+ ./kustomize edit set image LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG=$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA
+ ./kustomize build . | kubectl apply -f -
+ kubectl rollout status deployment/$DEPLOYMENT_NAME
+ kubectl get services -o wide
diff --git a/.github/workflows/gradle-publish.yml b/.github/workflows/gradle-publish.yml
new file mode 100644
index 0000000..20d17dc
--- /dev/null
+++ b/.github/workflows/gradle-publish.yml
@@ -0,0 +1,44 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
+# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
+
+name: Gradle Package
+
+on:
+ release:
+ types: [created]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: Set up JDK 17
+ uses: actions/setup-java@v4
+ with:
+ java-version: '17'
+ distribution: 'temurin'
+ server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
+ settings-path: ${{ github.workspace }} # location for the settings.xml file
+
+ - name: Setup Gradle
+ uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0
+
+ - name: Build with Gradle
+ run: ./gradlew build
+
+ # The USERNAME and TOKEN need to correspond to the credentials environment variables used in
+ # the publishing section of your build.gradle
+ - name: Publish to GitHub Packages
+ run: ./gradlew publish
+ env:
+ USERNAME: ${{ github.actor }}
+ TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml
new file mode 100644
index 0000000..4677434
--- /dev/null
+++ b/.github/workflows/greetings.yml
@@ -0,0 +1,16 @@
+name: Greetings
+
+on: [pull_request_target, issues]
+
+jobs:
+ greeting:
+ runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ pull-requests: write
+ steps:
+ - uses: actions/first-interaction@v1
+ with:
+ repo-token: ${{ secrets.GITHUB_TOKEN }}
+ issue-message: "Message that will be displayed on users' first issue"
+ pr-message: "Message that will be displayed on users' first pull request"
diff --git a/.github/workflows/hugo.yml b/.github/workflows/hugo.yml
new file mode 100644
index 0000000..a8cf471
--- /dev/null
+++ b/.github/workflows/hugo.yml
@@ -0,0 +1,74 @@
+# Sample workflow for building and deploying a Hugo site to GitHub Pages
+name: Deploy Hugo site to Pages
+
+on:
+ # Runs on pushes targeting the default branch
+ push:
+ branches: ["main"]
+
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+ contents: read
+ pages: write
+ id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+ group: "pages"
+ cancel-in-progress: false
+
+# Default to bash
+defaults:
+ run:
+ shell: bash
+
+jobs:
+ # Build job
+ build:
+ runs-on: ubuntu-latest
+ env:
+ HUGO_VERSION: 0.128.0
+ steps:
+ - name: Install Hugo CLI
+ run: |
+ wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.deb \
+ && sudo dpkg -i ${{ runner.temp }}/hugo.deb
+ - name: Install Dart Sass
+ run: sudo snap install dart-sass
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - name: Setup Pages
+ id: pages
+ uses: actions/configure-pages@v5
+ - name: Install Node.js dependencies
+ run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true"
+ - name: Build with Hugo
+ env:
+ HUGO_CACHEDIR: ${{ runner.temp }}/hugo_cache
+ HUGO_ENVIRONMENT: production
+ run: |
+ hugo \
+ --minify \
+ --baseURL "${{ steps.pages.outputs.base_url }}/"
+ - name: Upload artifact
+ uses: actions/upload-pages-artifact@v3
+ with:
+ path: ./public
+
+ # Deployment job
+ deploy:
+ environment:
+ name: github-pages
+ url: ${{ steps.deployment.outputs.page_url }}
+ runs-on: ubuntu-latest
+ needs: build
+ steps:
+ - name: Deploy to GitHub Pages
+ id: deployment
+ uses: actions/deploy-pages@v4
diff --git a/.github/workflows/ibm.yml b/.github/workflows/ibm.yml
new file mode 100644
index 0000000..f5e8cd8
--- /dev/null
+++ b/.github/workflows/ibm.yml
@@ -0,0 +1,75 @@
+# This workflow will build a docker container, publish it to IBM Container Registry, and deploy it to IKS when there is a push to the "main" branch.
+#
+# To configure this workflow:
+#
+# 1. Ensure that your repository contains a Dockerfile
+# 2. Setup secrets in your repository by going to settings: Create ICR_NAMESPACE and IBM_CLOUD_API_KEY
+# 3. Change the values for the IBM_CLOUD_REGION, REGISTRY_HOSTNAME, IMAGE_NAME, IKS_CLUSTER, DEPLOYMENT_NAME, and PORT
+
+name: Build and Deploy to IKS
+
+on:
+ push:
+ branches: [ "main" ]
+
+# Environment variables available to all jobs and steps in this workflow
+env:
+ GITHUB_SHA: ${{ github.sha }}
+ IBM_CLOUD_API_KEY: ${{ secrets.IBM_CLOUD_API_KEY }}
+ IBM_CLOUD_REGION: us-south
+ ICR_NAMESPACE: ${{ secrets.ICR_NAMESPACE }}
+ REGISTRY_HOSTNAME: us.icr.io
+ IMAGE_NAME: iks-test
+ IKS_CLUSTER: example-iks-cluster-name-or-id
+ DEPLOYMENT_NAME: iks-test
+ PORT: 5001
+
+jobs:
+ setup-build-publish-deploy:
+ name: Setup, Build, Publish, and Deploy
+ runs-on: ubuntu-latest
+ environment: production
+ steps:
+
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ # Download and Install IBM Cloud CLI
+ - name: Install IBM Cloud CLI
+ run: |
+ curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
+ ibmcloud --version
+ ibmcloud config --check-version=false
+ ibmcloud plugin install -f kubernetes-service
+ ibmcloud plugin install -f container-registry
+
+ # Authenticate with IBM Cloud CLI
+ - name: Authenticate with IBM Cloud CLI
+ run: |
+ ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" -r "${IBM_CLOUD_REGION}" -g default
+ ibmcloud cr region-set "${IBM_CLOUD_REGION}"
+ ibmcloud cr login
+
+ # Build the Docker image
+ - name: Build with Docker
+ run: |
+ docker build -t "$REGISTRY_HOSTNAME"/"$ICR_NAMESPACE"/"$IMAGE_NAME":"$GITHUB_SHA" \
+ --build-arg GITHUB_SHA="$GITHUB_SHA" \
+ --build-arg GITHUB_REF="$GITHUB_REF" .
+
+ # Push the image to IBM Container Registry
+ - name: Push the image to ICR
+ run: |
+ docker push $REGISTRY_HOSTNAME/$ICR_NAMESPACE/$IMAGE_NAME:$GITHUB_SHA
+
+ # Deploy the Docker image to the IKS cluster
+ - name: Deploy to IKS
+ run: |
+ ibmcloud ks cluster config --cluster $IKS_CLUSTER
+ kubectl config current-context
+ kubectl create deployment $DEPLOYMENT_NAME --image=$REGISTRY_HOSTNAME/$ICR_NAMESPACE/$IMAGE_NAME:$GITHUB_SHA --dry-run -o yaml > deployment.yaml
+ kubectl apply -f deployment.yaml
+ kubectl rollout status deployment/$DEPLOYMENT_NAME
+ kubectl create service loadbalancer $DEPLOYMENT_NAME --tcp=80:$PORT --dry-run -o yaml > service.yaml
+ kubectl apply -f service.yaml
+ kubectl get services -o wide
diff --git a/.github/workflows/jekyll-gh-pages.yml b/.github/workflows/jekyll-gh-pages.yml
new file mode 100644
index 0000000..e31d81c
--- /dev/null
+++ b/.github/workflows/jekyll-gh-pages.yml
@@ -0,0 +1,51 @@
+# Sample workflow for building and deploying a Jekyll site to GitHub Pages
+name: Deploy Jekyll with GitHub Pages dependencies preinstalled
+
+on:
+ # Runs on pushes targeting the default branch
+ push:
+ branches: ["main"]
+
+ # Allows you to run this workflow manually from the Actions tab
+ workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+ contents: read
+ pages: write
+ id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+ group: "pages"
+ cancel-in-progress: false
+
+jobs:
+ # Build job
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Setup Pages
+ uses: actions/configure-pages@v5
+ - name: Build with Jekyll
+ uses: actions/jekyll-build-pages@v1
+ with:
+ source: ./
+ destination: ./_site
+ - name: Upload artifact
+ uses: actions/upload-pages-artifact@v3
+
+ # Deployment job
+ deploy:
+ environment:
+ name: github-pages
+ url: ${{ steps.deployment.outputs.page_url }}
+ runs-on: ubuntu-latest
+ needs: build
+ steps:
+ - name: Deploy to GitHub Pages
+ id: deployment
+ uses: actions/deploy-pages@v4
diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
new file mode 100644
index 0000000..4613569
--- /dev/null
+++ b/.github/workflows/label.yml
@@ -0,0 +1,22 @@
+# This workflow will triage pull requests and apply a label based on the
+# paths that are modified in the pull request.
+#
+# To use this workflow, you will need to set up a .github/labeler.yml
+# file with configuration. For more information, see:
+# https://github.com/actions/labeler
+
+name: Labeler
+on: [pull_request_target]
+
+jobs:
+ label:
+
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ pull-requests: write
+
+ steps:
+ - uses: actions/labeler@v4
+ with:
+ repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml
new file mode 100644
index 0000000..11b2e35
--- /dev/null
+++ b/.github/workflows/manual.yml
@@ -0,0 +1,32 @@
+# This is a basic workflow that is manually triggered
+
+name: Manual workflow
+
+# Controls when the action will run. Workflow runs when manually triggered using the UI
+# or API.
+on:
+ workflow_dispatch:
+ # Inputs the workflow accepts.
+ inputs:
+ name:
+ # Friendly description to be shown in the UI instead of 'name'
+ description: 'Person to greet'
+ # Default value if no value is explicitly provided
+ default: 'World'
+ # Input has to be provided for the workflow to run
+ required: true
+ # The data type of the input
+ type: string
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ # This workflow contains a single job called "greet"
+ greet:
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ # Runs a single command using the runners shell
+ - name: Send greeting
+ run: echo "Hello ${{ inputs.name }}"
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
new file mode 100644
index 0000000..06b6aa0
--- /dev/null
+++ b/.github/workflows/maven.yml
@@ -0,0 +1,35 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Java CI with Maven
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: Set up JDK 17
+ uses: actions/setup-java@v4
+ with:
+ java-version: '17'
+ distribution: 'temurin'
+ cache: maven
+ - name: Build with Maven
+ run: mvn -B package --file pom.xml
+
+ # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+ - name: Update dependency graph
+ uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml
new file mode 100644
index 0000000..5d80832
--- /dev/null
+++ b/.github/workflows/ruby.yml
@@ -0,0 +1,38 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+
+permissions:
+ contents: read
+
+jobs:
+ test:
+
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ ruby-version: ['2.6', '2.7', '3.0']
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: Set up Ruby
+ # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+ # change this to (see https://github.com/ruby/setup-ruby#versioning):
+ # uses: ruby/setup-ruby@v1
+ uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
+ with:
+ ruby-version: ${{ matrix.ruby-version }}
+ bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+ - name: Run tests
+ run: bundle exec rake
diff --git a/.github/workflows/scala.yml b/.github/workflows/scala.yml
new file mode 100644
index 0000000..0a8e6a6
--- /dev/null
+++ b/.github/workflows/scala.yml
@@ -0,0 +1,34 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Scala CI
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+ branches: [ "main" ]
+
+permissions:
+ contents: read
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: Set up JDK 11
+ uses: actions/setup-java@v4
+ with:
+ java-version: '11'
+ distribution: 'temurin'
+ cache: 'sbt'
+ - name: Run tests
+ run: sbt test
+ # Optional: This step uploads information to the GitHub dependency graph and unblocking Dependabot alerts for the repository
+ - name: Upload dependency graph
+ uses: scalacenter/sbt-dependency-submission@ab086b50c947c9774b70f39fc7f6e20ca2706c91
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
new file mode 100644
index 0000000..0514ffd
--- /dev/null
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,27 @@
+# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
+#
+# You can adjust the behavior by modifying this file.
+# For more information, see:
+# https://github.com/actions/stale
+name: Mark stale issues and pull requests
+
+on:
+ schedule:
+ - cron: '34 6 * * *'
+
+jobs:
+ stale:
+
+ runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ pull-requests: write
+
+ steps:
+ - uses: actions/stale@v5
+ with:
+ repo-token: ${{ secrets.GITHUB_TOKEN }}
+ stale-issue-message: 'Stale issue message'
+ stale-pr-message: 'Stale pull request message'
+ stale-issue-label: 'no-issue-activity'
+ stale-pr-label: 'no-pr-activity'
diff --git a/.github/workflows/tencent.yml b/.github/workflows/tencent.yml
new file mode 100644
index 0000000..9032a26
--- /dev/null
+++ b/.github/workflows/tencent.yml
@@ -0,0 +1,79 @@
+# This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE) when there is a push to the "main" branch.
+#
+# To configure this workflow:
+#
+# 1. Ensure that your repository contains the necessary configuration for your Tencent Kubernetes Engine cluster,
+# including deployment.yml, kustomization.yml, service.yml, etc.
+#
+# 2. Set up secrets in your workspace:
+# - TENCENT_CLOUD_SECRET_ID with Tencent Cloud secret id
+# - TENCENT_CLOUD_SECRET_KEY with Tencent Cloud secret key
+# - TENCENT_CLOUD_ACCOUNT_ID with Tencent Cloud account id
+# - TKE_REGISTRY_PASSWORD with TKE registry password
+#
+# 3. Change the values for the TKE_IMAGE_URL, TKE_REGION, TKE_CLUSTER_ID and DEPLOYMENT_NAME environment variables (below).
+
+name: Tencent Kubernetes Engine
+
+on:
+ push:
+ branches: [ "main" ]
+
+# Environment variables available to all jobs and steps in this workflow
+env:
+ TKE_IMAGE_URL: ccr.ccs.tencentyun.com/demo/mywebapp
+ TKE_REGION: ap-guangzhou
+ TKE_CLUSTER_ID: cls-mywebapp
+ DEPLOYMENT_NAME: tke-test
+
+permissions:
+ contents: read
+
+jobs:
+ setup-build-publish-deploy:
+ name: Setup, Build, Publish, and Deploy
+ runs-on: ubuntu-latest
+ environment: production
+ steps:
+
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ # Build
+ - name: Build Docker image
+ run: |
+ docker build -t ${TKE_IMAGE_URL}:${GITHUB_SHA} .
+
+ - name: Login TKE Registry
+ run: |
+ docker login -u ${{ secrets.TENCENT_CLOUD_ACCOUNT_ID }} -p '${{ secrets.TKE_REGISTRY_PASSWORD }}' ${TKE_IMAGE_URL}
+
+ # Push the Docker image to TKE Registry
+ - name: Publish
+ run: |
+ docker push ${TKE_IMAGE_URL}:${GITHUB_SHA}
+
+ - name: Set up Kustomize
+ run: |
+ curl -o kustomize --location https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
+ chmod u+x ./kustomize
+
+ - name: Set up ~/.kube/config for connecting TKE cluster
+ uses: TencentCloud/tke-cluster-credential-action@v1
+ with:
+ secret_id: ${{ secrets.TENCENT_CLOUD_SECRET_ID }}
+ secret_key: ${{ secrets.TENCENT_CLOUD_SECRET_KEY }}
+ tke_region: ${{ env.TKE_REGION }}
+ cluster_id: ${{ env.TKE_CLUSTER_ID }}
+
+ - name: Switch to TKE context
+ run: |
+ kubectl config use-context ${TKE_CLUSTER_ID}-context-default
+
+ # Deploy the Docker image to the TKE cluster
+ - name: Deploy
+ run: |
+ ./kustomize edit set image ${TKE_IMAGE_URL}:${GITHUB_SHA}
+ ./kustomize build . | kubectl apply -f -
+ kubectl rollout status deployment/${DEPLOYMENT_NAME}
+ kubectl get services -o wide
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
new file mode 100644
index 0000000..540e804
--- /dev/null
+++ b/.github/workflows/terraform.yml
@@ -0,0 +1,93 @@
+# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file
+# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run
+# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events
+# to the "main" branch, `terraform apply` will be executed.
+#
+# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform
+#
+# To use this workflow, you will need to complete the following setup steps.
+#
+# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined.
+# Example `main.tf`:
+# # The configuration for the `remote` backend.
+# terraform {
+# backend "remote" {
+# # The name of your Terraform Cloud organization.
+# organization = "example-organization"
+#
+# # The name of the Terraform Cloud workspace to store Terraform state files in.
+# workspaces {
+# name = "example-workspace"
+# }
+# }
+# }
+#
+# # An example resource that does nothing.
+# resource "null_resource" "example" {
+# triggers = {
+# value = "A example resource that does nothing!"
+# }
+# }
+#
+#
+# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository.
+# Documentation:
+# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
+# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
+#
+# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action.
+# Example:
+# - name: Setup Terraform
+# uses: hashicorp/setup-terraform@v1
+# with:
+# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+name: 'Terraform'
+
+on:
+ push:
+ branches: [ "main" ]
+ pull_request:
+
+permissions:
+ contents: read
+
+jobs:
+ terraform:
+ name: 'Terraform'
+ runs-on: ubuntu-latest
+ environment: production
+
+ # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+ defaults:
+ run:
+ shell: bash
+
+ steps:
+ # Checkout the repository to the GitHub Actions runner
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v1
+ with:
+ cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+ # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+ - name: Terraform Init
+ run: terraform init
+
+ # Checks that all Terraform configuration files adhere to a canonical format
+ - name: Terraform Format
+ run: terraform fmt -check
+
+ # Generates an execution plan for Terraform
+ - name: Terraform Plan
+ run: terraform plan -input=false
+
+ # On push to "main", build or change infrastructure according to Terraform configuration files
+ # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
+ - name: Terraform Apply
+ if: github.ref == 'refs/heads/"main"' && github.event_name == 'push'
+ run: terraform apply -auto-approve -input=false