From fb1c92925020bd46fbe35df87bb467c46aee4496 Mon Sep 17 00:00:00 2001 From: aleparty <70961702+aleparty@users.noreply.github.com> Date: Wed, 15 Sep 2021 14:10:29 +0200 Subject: [PATCH 01/21] Create main.yml --- .github/workflows/main.yml | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000000..1d93da4fb7a --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,39 @@ +# This is a basic workflow to help you get started with Actions + +name: CI + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the develop branch + push: + branches: [ develop ] + pull_request: + branches: [ develop ] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v2 + + # Runs a single command using the runners shell + - name: Run a one-line script + run: echo Hello, world! + + - name: Validate PR title with commitizen + uses: CashStory/commitizen-action-pr@1.0.1 + + # Runs a set of commands using the runners shell + - name: Run a multi-line script + run: | + echo Add other actions to build, + echo test, and deploy your project. From eaf71b8f3b0ba48127b008b82d9ab40fd4f8647a Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 14:13:57 +0200 Subject: [PATCH 02/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20GitHub=20Actions=20c?= =?UTF-8?q?ommit?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Initial commit with Github Actions currently with cz check and yarn audit --- .github/workflows/main.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1d93da4fb7a..a670faa6db7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -26,9 +26,13 @@ jobs: - uses: actions/checkout@v2 # Runs a single command using the runners shell - - name: Run a one-line script - run: echo Hello, world! - + - name: Run yarn install + run: yarn install + + # Runs a single command using the runners shell + - name: Run audit + run: yarn audit + - name: Validate PR title with commitizen uses: CashStory/commitizen-action-pr@1.0.1 From a79d75c0b359fe9df63d83cb60ecc3ba75aa059e Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 14:18:03 +0200 Subject: [PATCH 03/21] =?UTF-8?q?refactor:=20=F0=9F=92=A1=20Clean=20up=20C?= =?UTF-8?q?I?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/main.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a670faa6db7..5d56b57fa2f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,9 +6,9 @@ name: CI on: # Triggers the workflow on push or pull request events but only for the develop branch push: - branches: [ develop ] + branches: [ develop, stage, main ] pull_request: - branches: [ develop ] + branches: [ develop, stage, main ] # Allows you to run this workflow manually from the Actions tab workflow_dispatch: @@ -35,9 +35,3 @@ jobs: - name: Validate PR title with commitizen uses: CashStory/commitizen-action-pr@1.0.1 - - # Runs a set of commands using the runners shell - - name: Run a multi-line script - run: | - echo Add other actions to build, - echo test, and deploy your project. From f3c735b25091b65c4851133472ba6d762807b717 Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 14:26:30 +0200 Subject: [PATCH 04/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20Added=20new=20workfl?= =?UTF-8?q?ows?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR and CODEQL yml added --- .github/workflows/codeql.yml | 71 ++++++++++++++++++++++++++++++ .github/workflows/main.yml | 4 +- .github/workflows/pull-request.yml | 18 ++++++++ 3 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/pull-request.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000000..2b6856c5c0a --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,71 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +name: "CodeQL" + +on: + push: + branches: [ $default-branch, $protected-branches ] + pull_request: + # The branches below must be a subset of the branches above + branches: [$default-branch] + schedule: + - cron: '0 4 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + # Override automatic language detection + language: ['typescript'] + # CodeQL supports [ $supported-codeql-languages ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5d56b57fa2f..85a3c6950d8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -33,5 +33,5 @@ jobs: - name: Run audit run: yarn audit - - name: Validate PR title with commitizen - uses: CashStory/commitizen-action-pr@1.0.1 + #- name: Validate PR title with commitizen + # uses: CashStory/commitizen-action-pr@1.0.1 diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml new file mode 100644 index 00000000000..2185533cb79 --- /dev/null +++ b/.github/workflows/pull-request.yml @@ -0,0 +1,18 @@ +name: "Lint PR" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +jobs: + main: + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v2.1.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + requireScope: false From c3d5a911544b60ef9ea5cf99ff11a9e6710400b9 Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 14:30:03 +0200 Subject: [PATCH 05/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20Removed=20main.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/main.yml | 37 ------------------------------------- 1 file changed, 37 deletions(-) delete mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 85a3c6950d8..00000000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,37 +0,0 @@ -# This is a basic workflow to help you get started with Actions - -name: CI - -# Controls when the workflow will run -on: - # Triggers the workflow on push or pull request events but only for the develop branch - push: - branches: [ develop, stage, main ] - pull_request: - branches: [ develop, stage, main ] - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: ubuntu-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - # Runs a single command using the runners shell - - name: Run yarn install - run: yarn install - - # Runs a single command using the runners shell - - name: Run audit - run: yarn audit - - #- name: Validate PR title with commitizen - # uses: CashStory/commitizen-action-pr@1.0.1 From 7e8baeab11acd20cc24954fa19d92bc30f1b4679 Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 14:33:10 +0200 Subject: [PATCH 06/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20Add=20on=20elements?= =?UTF-8?q?=20to=20workflows?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/pull-request.yml | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2b6856c5c0a..d4e8a28b57e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -7,10 +7,10 @@ name: "CodeQL" on: push: - branches: [ $default-branch, $protected-branches ] + branches: [ $default-branch, $protected-branches, main, develop, stage ] pull_request: # The branches below must be a subset of the branches above - branches: [$default-branch] + branches: [$default-branch, main, develop, stage] schedule: - cron: '0 4 * * 1' diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 2185533cb79..5114ae803d2 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,6 +1,11 @@ name: "Lint PR" on: + push: + branches: [ $default-branch, $protected-branches, main, develop, stage ] + pull_request: + # The branches below must be a subset of the branches above + branches: [$default-branch, main, develop, stage] pull_request_target: types: - opened From 90e6a05f519be0f8902eab978104223b1df9b4e5 Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 14:51:34 +0200 Subject: [PATCH 07/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20Add=20semgrep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/semgrep.yml | 54 +++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/semgrep.yml diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml new file mode 100644 index 00000000000..c740eabe142 --- /dev/null +++ b/.github/workflows/semgrep.yml @@ -0,0 +1,54 @@ +name: Semgrep + +on: + # Scan changed files in PRs, block on new issues only (existing issues ignored) + pull_request: {} + + # Scan all files on branches, block on any issues + # push: + # branches: ["master", "main"] + +jobs: + semgrep: + name: Scan + runs-on: ubuntu-latest + # Skip any PR created by dependabot to avoid permission issues + if: (github.actor != 'dependabot[bot]') + steps: + # Fetch project source + - uses: actions/checkout@v2 + + - uses: returntocorp/semgrep-action@v1 + with: + config: >- # more at semgrep.dev/explore + p/security-audit + p/secrets + p/react + p/top-ten-owasp + p/r2c-ci + + # == Optional settings in the `with:` block + # p/top-ten-owasp + + # Instead of `config:`, use rules set in Semgrep App. + # Get your token from semgrep.dev/manage/settings. + # publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} + + # Never fail the build due to findings on pushes. + # Instead, just collect findings for semgrep.dev/manage/findings + # auditOn: push + + # Upload findings to GitHub Advanced Security Dashboard [step 1/2] + # See also the next step. + # generateSarif: "1" + + # Change job timeout (default is 1800 seconds; set to 0 to disable) + # env: + # SEMGREP_TIMEOUT: 300 + + # Upload findings to GitHub Advanced Security Dashboard [step 2/2] + # - name: Upload SARIF file for GitHub Advanced Security Dashboard + # uses: github/codeql-action/upload-sarif@v1 + # with: + # sarif_file: semgrep.sarif + # if: always() \ No newline at end of file From f2569f316c811ee548668508d67e935600fb0e8f Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 14:52:46 +0200 Subject: [PATCH 08/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20Added=20:on=20to=20s?= =?UTF-8?q?emgrep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/semgrep.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index c740eabe142..6c9eb9f1092 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -1,12 +1,11 @@ name: Semgrep on: - # Scan changed files in PRs, block on new issues only (existing issues ignored) - pull_request: {} - - # Scan all files on branches, block on any issues - # push: - # branches: ["master", "main"] + push: + branches: [ $default-branch, $protected-branches, main, develop, stage ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main, develop, stage] jobs: semgrep: From 63289cc89c55f5162ad9775db428f37207f8d6d8 Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 14:54:23 +0200 Subject: [PATCH 09/21] =?UTF-8?q?chore:=20=F0=9F=A4=96=20removed=20top-ten?= =?UTF-8?q?-owasp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/semgrep.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 6c9eb9f1092..1dc9b92cf26 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -23,7 +23,6 @@ jobs: p/security-audit p/secrets p/react - p/top-ten-owasp p/r2c-ci # == Optional settings in the `with:` block From 66f4cf295fba72a42abe35a53420830708c28abf Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 14:59:26 +0200 Subject: [PATCH 10/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20Added=20more=20confi?= =?UTF-8?q?gs=20for=20Semgrep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/semgrep.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 1dc9b92cf26..54a1321cd31 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -21,9 +21,13 @@ jobs: with: config: >- # more at semgrep.dev/explore p/security-audit + p/typescript + p/insecure-transport + p/command-injection p/secrets p/react p/r2c-ci + p/top-ten-owasp # == Optional settings in the `with:` block # p/top-ten-owasp From 85cf627fe262a03c300f3ec115bda682d65cd1fb Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 15:02:59 +0200 Subject: [PATCH 11/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20typo=20in=20one=20ru?= =?UTF-8?q?le=20fix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/semgrep.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 54a1321cd31..9a32aacfe07 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -27,10 +27,9 @@ jobs: p/secrets p/react p/r2c-ci - p/top-ten-owasp + p/owasp-top-ten # == Optional settings in the `with:` block - # p/top-ten-owasp # Instead of `config:`, use rules set in Semgrep App. # Get your token from semgrep.dev/manage/settings. From d25fcedf4dea55cdaae5e290a65944b6346f57da Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 15:04:07 +0200 Subject: [PATCH 12/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20Added=20r2c-best-pra?= =?UTF-8?q?ctices?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/semgrep.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 9a32aacfe07..bce26b085b2 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -28,6 +28,7 @@ jobs: p/react p/r2c-ci p/owasp-top-ten + p/r2c-best-practices # == Optional settings in the `with:` block From 5ac8dc4aa38c544255559defbf97c40585305b2a Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 15:10:29 +0200 Subject: [PATCH 13/21] =?UTF-8?q?chore:=20=F0=9F=A4=96=20removed=20excessi?= =?UTF-8?q?ve=20parameter=20in=20pull-request.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/pull-request.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 5114ae803d2..8864b9a2ca7 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -13,11 +13,10 @@ on: - synchronize jobs: - main: + lint: runs-on: ubuntu-latest steps: - uses: amannn/action-semantic-pull-request@v2.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - requireScope: false + From c522e530974990b8436c4e58a6a4b69a89c9b38e Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 15:16:37 +0200 Subject: [PATCH 14/21] =?UTF-8?q?chore:=20=F0=9F=A4=96=20bump=20semantic-p?= =?UTF-8?q?ull-request=20version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 8864b9a2ca7..87485bee512 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -16,7 +16,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v2.1.0 + - uses: amannn/action-semantic-pull-request@v3.4.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From ca269b41ebdc1d82fae7e6d9d0d91cc8023e88da Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 15:19:31 +0200 Subject: [PATCH 15/21] =?UTF-8?q?refactor:=20=F0=9F=92=A1=20Added=20config?= =?UTF-8?q?=20options=20for=20lint=20sem?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/pull-request.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 87485bee512..627ee8e1724 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -18,5 +18,14 @@ jobs: steps: - uses: amannn/action-semantic-pull-request@v3.4.2 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + requireScope: true + wip: true + # When using "Squash and merge" on a PR with only one commit, GitHub + # will suggest using that commit message instead of the PR title for the + # merge commit, and it's easy to commit this by mistake. Enable this option + # to also validate the commit message for one commit PRs. + validateSingleCommit: true + From 4a5188602ccd2aeea0899f67c2a6eb391c4f9fb4 Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 15:22:12 +0200 Subject: [PATCH 16/21] =?UTF-8?q?chore:=20=F0=9F=A4=96=20remove=20requireS?= =?UTF-8?q?cope=20from=20pull-request.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/pull-request.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 627ee8e1724..1a6d2b6eeb6 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -20,7 +20,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - requireScope: true wip: true # When using "Squash and merge" on a PR with only one commit, GitHub # will suggest using that commit message instead of the PR title for the From 59df49be190c4a4c4060f4170c575bcd10135dbc Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 20:55:09 +0200 Subject: [PATCH 17/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20Publish=20to=20GVSD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/semgrep.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index bce26b085b2..3af422104ab 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -19,6 +19,7 @@ jobs: - uses: returntocorp/semgrep-action@v1 with: + generateSarif: "1" config: >- # more at semgrep.dev/explore p/security-audit p/typescript @@ -42,15 +43,15 @@ jobs: # Upload findings to GitHub Advanced Security Dashboard [step 1/2] # See also the next step. - # generateSarif: "1" + # Change job timeout (default is 1800 seconds; set to 0 to disable) # env: # SEMGREP_TIMEOUT: 300 # Upload findings to GitHub Advanced Security Dashboard [step 2/2] - # - name: Upload SARIF file for GitHub Advanced Security Dashboard - # uses: github/codeql-action/upload-sarif@v1 - # with: - # sarif_file: semgrep.sarif - # if: always() \ No newline at end of file + - name: Upload SARIF file for GitHub Advanced Security Dashboard + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: semgrep.sarif + if: always() \ No newline at end of file From 79d75c47a9729d14e163bd7a94226fb0a3d3811f Mon Sep 17 00:00:00 2001 From: alepar Date: Wed, 15 Sep 2021 22:14:29 +0200 Subject: [PATCH 18/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20HEAD^2=20Alert=20rem?= =?UTF-8?q?oval?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/codeql.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d4e8a28b57e..d5cb703149d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,16 +1,11 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. name: "CodeQL" on: push: - branches: [ $default-branch, $protected-branches, main, develop, stage ] + branches: [ main, develop, stage ] pull_request: # The branches below must be a subset of the branches above - branches: [$default-branch, main, develop, stage] + branches: [ main, develop, stage] schedule: - cron: '0 4 * * 1' @@ -38,8 +33,8 @@ jobs: # If this run was triggered by a pull request event, then checkout # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} + #- run: git checkout HEAD^2 + # if: ${{ github.event_name == 'pull_request' }} # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL From 4bdeede4098fa97141f0d83f18e6ad656227b177 Mon Sep 17 00:00:00 2001 From: alepar Date: Fri, 17 Sep 2021 12:47:32 +0200 Subject: [PATCH 19/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20Remove=20best-practi?= =?UTF-8?q?ces=20from=20semgrep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/semgrep.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 3af422104ab..20171c5edcc 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -20,6 +20,7 @@ jobs: - uses: returntocorp/semgrep-action@v1 with: generateSarif: "1" + auditOn: push config: >- # more at semgrep.dev/explore p/security-audit p/typescript @@ -29,22 +30,13 @@ jobs: p/react p/r2c-ci p/owasp-top-ten - p/r2c-best-practices # == Optional settings in the `with:` block - # Instead of `config:`, use rules set in Semgrep App. - # Get your token from semgrep.dev/manage/settings. - # publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} - # Never fail the build due to findings on pushes. # Instead, just collect findings for semgrep.dev/manage/findings # auditOn: push - # Upload findings to GitHub Advanced Security Dashboard [step 1/2] - # See also the next step. - - # Change job timeout (default is 1800 seconds; set to 0 to disable) # env: # SEMGREP_TIMEOUT: 300 From d8d1c915e8ddbb768ecbf7690fea9c422e718033 Mon Sep 17 00:00:00 2001 From: alepar Date: Fri, 17 Sep 2021 13:02:44 +0200 Subject: [PATCH 20/21] =?UTF-8?q?ci:=20=F0=9F=8E=A1=20Change=20"yarn"=20to?= =?UTF-8?q?=20"npm"=20in=20dependabot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/dependabot.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000000..eb4fb05e49d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,21 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +# Basic set up for three package managers + +version: 2 +updates: + + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + + # Maintain dependencies for yarn + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" From cdf3472d8efa74f26dfce8cd93bbb2b263ff8cbf Mon Sep 17 00:00:00 2001 From: alepar Date: Thu, 23 Sep 2021 14:52:45 +0200 Subject: [PATCH 21/21] =?UTF-8?q?fix:=20=F0=9F=90=9B=20Conditional=20into?= =?UTF-8?q?=20ternary?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changed logical conditional renders into ternary renditions and adjusted pull-request.yml to ignore deendabot --- .github/workflows/pull-request.yml | 1 + App.tsx | 2 +- src/components/Chip.tsx | 2 +- src/components/Dropdown.tsx | 2 +- src/components/InputItem.tsx | 2 +- src/components/PinInput.tsx | 2 +- src/components/PinView.tsx | 2 +- src/components/TransactionItem.tsx | 2 +- src/components/WalletItem.tsx | 2 +- src/navigators/Navigator.tsx | 8 ++++---- src/screens/ExportWalletScreen.tsx | 2 +- src/screens/MessageScreen.tsx | 2 +- src/screens/Notifications/ConfirmEmailScreen.tsx | 2 +- .../SeedPhraseConfirmScreen/SeedPhraseConfirmView.tsx | 2 +- src/screens/SendCoinsConfirmScreen.tsx | 2 +- src/screens/SendCoinsScreen.tsx | 2 +- 16 files changed, 19 insertions(+), 18 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 1a6d2b6eeb6..924e16b5da2 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -15,6 +15,7 @@ on: jobs: lint: runs-on: ubuntu-latest + if: (github.actor != 'dependabot[bot]') steps: - uses: amannn/action-semantic-pull-request@v3.4.2 env: diff --git a/App.tsx b/App.tsx index fbe807923fd..da3364adf9c 100644 --- a/App.tsx +++ b/App.tsx @@ -74,7 +74,7 @@ class App extends React.PureComponent { render() { return ( <> - {!__DEV__ && } + {!__DEV__ ? : null} { {this.props.label} - {this.props.removable && } + {this.props.removable ? : null} ); } diff --git a/src/components/Dropdown.tsx b/src/components/Dropdown.tsx index 21193820aed..2a5890c3b65 100644 --- a/src/components/Dropdown.tsx +++ b/src/components/Dropdown.tsx @@ -17,7 +17,7 @@ export const Dropdown = ({ title, label, testID, onSelectPress }: Props) => { {title} - {onSelectPress && } + {onSelectPress ? : null} {label} diff --git a/src/components/InputItem.tsx b/src/components/InputItem.tsx index 2b2b05a9418..b8575124a8e 100644 --- a/src/components/InputItem.tsx +++ b/src/components/InputItem.tsx @@ -131,7 +131,7 @@ export class InputItem extends Component { return ( {label} - {!!suffix && {suffix}} + {!!suffix ? {suffix} : null} { keyboardType="number-pad" renderCell={({ index, symbol, isFocused }) => ( - {!!symbol && } + {!!symbol ? : null} )} /> diff --git a/src/components/PinView.tsx b/src/components/PinView.tsx index dcb9bf02910..8941f4fa0e1 100644 --- a/src/components/PinView.tsx +++ b/src/components/PinView.tsx @@ -28,7 +28,7 @@ export class PinView extends Component { }, ]} > - {isFilled && } + {isFilled ? : null} ); })} diff --git a/src/components/TransactionItem.tsx b/src/components/TransactionItem.tsx index 530b6cd39a6..677b313c597 100644 --- a/src/components/TransactionItem.tsx +++ b/src/components/TransactionItem.tsx @@ -43,7 +43,7 @@ export const TransactionItem = ({ item, onPress, testID }: Props) => { {item.walletLabel} - {!!item.note && {item.note}} + {!!item.note ? {item.note} : null} {item.time ? dayjs(item.received).format('LT') : i18n.transactions.details.timePending} diff --git a/src/components/WalletItem.tsx b/src/components/WalletItem.tsx index 7e0f5c8b7e5..b00c303c359 100644 --- a/src/components/WalletItem.tsx +++ b/src/components/WalletItem.tsx @@ -31,7 +31,7 @@ export const WalletItem = (props: WalletItemProps) => { - {selected && } + {selected ? : null} {i18n.formatBalance(Number(value), unit, true)} diff --git a/src/navigators/Navigator.tsx b/src/navigators/Navigator.tsx index 30a296463c8..17745a5c26a 100644 --- a/src/navigators/Navigator.tsx +++ b/src/navigators/Navigator.tsx @@ -274,10 +274,10 @@ class Navigator extends React.Component { shouldRenderNotification={this.shouldRenderNotification()} userVersion={userVersion} /> - {isAuthenticated && } - {isToast && } - {this.shouldRenderConnectionIssues() && } - {this.shouldRenderUnlockScreen() && } + {isAuthenticated ? : null} + {isToast ? : null} + {this.shouldRenderConnectionIssues() ? : null} + {this.shouldRenderUnlockScreen() ? : null} ); }; diff --git a/src/screens/ExportWalletScreen.tsx b/src/screens/ExportWalletScreen.tsx index d21c095a8bb..d826e8ede9c 100644 --- a/src/screens/ExportWalletScreen.tsx +++ b/src/screens/ExportWalletScreen.tsx @@ -30,7 +30,7 @@ export const ExportWalletScreen = ({ route }: Props) => { }> {i18n.wallets.exportWallet.title} - {secret && } + {secret ? : null} diff --git a/src/screens/MessageScreen.tsx b/src/screens/MessageScreen.tsx index dda78cacd0d..936c57ea21e 100644 --- a/src/screens/MessageScreen.tsx +++ b/src/screens/MessageScreen.tsx @@ -38,7 +38,7 @@ export const MessageScreen = (props: Props) => { {title} {description} - {buttonProps &&