Open sadmananik opened 4 months ago
Hi @alexisabril, Can you please review this PR? Thanks.
Hi @sadmananik,
What is the purpose for changing this workflow from
secrets
tovars
? This would lose any security protection naturally offered in thesecrets
context.
@alexisabril URL inputs should be “vars” instead of “secrets” so that the links displayed in the console output are usable. As secrets the URL part is masked rendering the link invalid. URL's are not security concerns in this scenario. Hope it helps.
Hi @alexisabril,
If there are no other concerns with this PR, could you please merge it? Our customers are eagerly awaiting this change. Your assistance would be greatly appreciated.
Thanks.
Hi @@alexisabril,
Any update on this?
Pre-requisites
Please note that at this time we are only accepting new starter workflows for Code Scanning. Updates to existing starter workflows are fine.
Tasks
For all workflows, the workflow:
.yml
file with the language or platform as its filename, in lower, kebab-cased format (for example,docker-image.yml
). Special characters should be removed or replaced with words as appropriate (for example, "dotnet" instead of ".NET").GITHUB_TOKEN
so that the workflow runs successfully.For CI workflows, the workflow:
ci
directory.ci/properties/*.properties.json
file (for example,ci/properties/docker-publish.properties.json
).push
tobranches: [ $default-branch ]
andpull_request
tobranches: [ $default-branch ]
.release
withtypes: [ created ]
.docker-publish.yml
).For Code Scanning workflows, the workflow:
code-scanning
directory.code-scanning/properties/*.properties.json
file (for example,code-scanning/properties/codeql.properties.json
), with properties set as follows:name
: Name of the Code Scanning integration.creator
: Name of the organization/user producing the Code Scanning integration.description
: Short description of the Code Scanning integration.categories
: Array of languages supported by the Code Scanning integration.iconName
: Name of the SVG logo representing the Code Scanning integration. This SVG logo must be present in theicons
directory.push
tobranches: [ $default-branch, $protected-branches ]
andpull_request
tobranches: [ $default-branch ]
. We also recommend aschedule
trigger ofcron: $cron-weekly
(for example,codeql.yml
).Some general notes:
actions
organization, or