This repository has been archived by the owner on Sep 1, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathconfig.yml
188 lines (182 loc) · 6.41 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
title: Securing your workflows
tagline: Keep your code safe, sound, and secure in GitHub repositories
description: Learn security best practices and keep your project’s contributions—and contributors—safe.
tags:
- Git
- GitHub
template:
name: security-on-github
repo: security-template
preferences:
- type: dropdown
name: language
label: Language
description: Choose your preferred language.
options:
- label: English
value: en
- label: 日本語
value: ja
before:
- type: updateBranchProtection
- type: createPullRequest
title: Update the vulnerable dependency
body: 03_update-dependency.md
head: update-dependency
- type: octokit
method: 'repos.get'
owner: '%payload.repository.owner.login%'
repo: '%payload.repository.name%'
action_id: gotten_repo
- type: createIssue
title: Welcome
body: 01a_class-introduction-issue.md
data:
private: '%actions.gotten_repo.data.private%'
- type: createPullRequest
title: Add a `.gitignore` file
body: 04b_add-gitignore.md
head: add-gitignore
steps:
- title: Enable repository settings
description: Enable settings in your repository for the next activities.
translations:
ja:
title: リポジトリの設定を有効化しよう
description: 次のステップのためにリポジトリの設定を有効化しましょう。
event: page_build
link: '{{ repoUrl }}/issues/2'
actions:
- type: createIssue
title: Find repository vulnerabilities
body: 02_find-vulnerabilities.md
action_id: issue
- type: closeIssue
issue: Welcome
- type: octokit
method: repos.getPages
owner: '%payload.repository.owner.login%'
repo: '%payload.repository.name%'
action_id: pagesUrl
- type: respond
issue: Welcome
with: 02_closed-issue.md
data:
url: '%actions.issue.data.html_url%'
pages: '%actions.pagesUrl.data.html_url%'
- title: Find the vulnerable dependency
description: Find the vulnerable dependency, and comment with the suggested update version.
translations:
ja:
title: 脆弱性のある依存関係を見つけよう
description: 脆弱性のある依存関係と、推奨バージョンのコメントを見つけましょう。
event: issue_comment.created
link: '{{ repoUrl }}/issues/4'
actions:
- type: respond
with: 03_found-vulnerability.md
- type: closeIssue
issue: Find repository vulnerabilities
- title: Update the dependency version
description: Edit the file in the pull request to update the dependency.
translations:
ja:
title: 依存関係のバージョンを更新しよう
description: 依存関係のバージョンを更新するためにプルリクエストを使ってファイルを編集しましょう。
event: pull_request.synchronize
link: '{{ repoUrl }}/pull/1'
actions:
- type: getFileContents
action_id: fileContents
filename: package.json
- type: gate
left: '/"debug": "[\^\~\>]?\=?\d+\.\d+\.\d+"/g'
operator: test
right: '%actions.fileContents%'
else:
- type: respond
issue: 3
with: 03_adding-bad-changes.md
- type: removeBranchProtection
- type: respond
with: 03_good-pr.md
- title: Merge your pull request
description: Merge the pull request you've opened to update the vulnerability dependency.
translations:
ja:
title: プルリクエストをマージしよう
description: 脆弱性のある依存関係を更新するためにオープンしたプルリクエストをマージしましょう。
event: pull_request.closed
link: '{{ repoUrl }}/pull/1'
actions:
- type: gate
left: '%payload.pull_request.merged%'
else:
- type: octokit
method: issues.edit
state: open
owner: '%payload.repository.owner.login%'
repo: '%payload.repository.name%'
number: '%payload.repository.pull_request.number%'
- type: respond
with: 03_accidental-close.md
- type: updateBranchProtection
- type: respond
with: 04a_good-merge.md
- title: Add to the `.gitignore` file
description: The `.gitignore` file is ready to be edited in an open pull request. Add the `.env` file to the `.gitignore` file.
translations:
ja:
title: プルリクエストで `.gitignore` ファイルに追記しよう
description: オープンしたプルリクエストを使って `.gitignore` ファイルを更新する準備ができました。 .env` ファイルを `.gitignore` に追加しましょう。
event: pull_request.synchronize
link: '{{ repoUrl }}/pull/3'
actions:
- type: getFileContents
action_id: fileContents
filename: .gitignore
- type: gate
left: '/\.env/m'
operator: test
right: '%actions.fileContents%'
else:
- type: respond
with: 05_fail-ignore.md
- type: removeBranchProtection
- type: respond
with: 05_good-ignore.md
- title: Merge the pull request
description: Merge the second pull request with updates to the `.gitignore` file.
translations:
ja:
title: プルリクエストをマージしよう
description: 2つ目のプルリクエストをマージして `.gitignore` ファイルを更新しよう
event: pull_request.closed
link: '{{ repoUrl }}/pull/3'
actions:
- type: gate
left: '%payload.pull_request.merged%'
else:
- type: octokit
method: issues.edit
state: open
owner: '%payload.repository.owner.login%'
repo: '%payload.repository.name%'
number: '%payload.repository.pull_request.number%'
- type: respond
with: 05_early-close.md
- type: octokit
method: repos.getPages
owner: '%payload.repository.owner.login%'
repo: '%payload.repository.name%'
action_id: pagesUrl
- type: createIssue
title: Congratulations!
body: 06b_final-issue.md
data:
url: '%actions.pagesUrl.data.html_url%'
action_id: finalIssue
- type: respond
with: 06a_nice-merge.md
data:
url: '%actions.finalIssue.data.html_url%'