diff --git a/.github/quy trình làm việc/chủ yếu b/.github/quy trình làm việc/chủ yếu new file mode 100644 index 0000000..0db011b --- /dev/null +++ b/.github/quy trình làm việc/chủ yếu @@ -0,0 +1,49 @@ +# This workflow checks out code, performs a Codacy security scan +# and integrates the results with the +# GitHub Advanced Security code scanning feature. For more information on +# the Codacy security scan action usage and parameters, see +# https://github.com/codacy/codacy-analysis-cli-action. +# For more information on Codacy Analysis CLI in general, see +# https://github.com/codacy/codacy-analysis-cli. + +name: Codacy Security Scan + +on: + push: + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + schedule: + - cron: '17 12 * * 3' + +jobs: + codacy-security-scan: + name: Codacy Security Scan + runs-on: ubuntu-latest + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout code + uses: actions/checkout@v2 + + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis + - name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@1.1.0 + with: + # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository + # You can also omit the token and run the tools that support default configurations + project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + verbose: true + output: results.sarif + format: sarif + # Adjust severity of non-security issues + gh-code-scanning-compat: true + # Force 0 exit code to allow SARIF file generation + # This will handover control about PR rejection to the GitHub side + max-allowed-issues: 2147483647 + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: results.sarif diff --git a/.github/stale.yml b/.github/stale.yml new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/.github/stale.yml @@ -0,0 +1 @@ + diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml new file mode 100644 index 0000000..8b10116 --- /dev/null +++ b/.github/workflows/aws.yml @@ -0,0 +1,81 @@ +# This workflow will build and push a new container image to Amazon ECR, +# and then will deploy a new task definition to Amazon ECS, when a release is created +# +# To use this workflow, you will need to complete the following set-up steps: +# +# 1. Create an ECR repository to store your images. +# For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`. +# Replace the value of `ECR_REPOSITORY` in the workflow below with your repository's name. +# Replace the value of `aws-region` in the workflow below with your repository's region. +# +# 2. Create an ECS task definition, an ECS cluster, and an ECS service. +# For example, follow the Getting Started guide on the ECS console: +# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun +# Replace the values for `service` and `cluster` in the workflow below with your service and cluster names. +# +# 3. Store your ECS task definition as a JSON file in your repository. +# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`. +# Replace the value of `task-definition` in the workflow below with your JSON file's name. +# Replace the value of `container-name` in the workflow below with the name of the container +# in the `containerDefinitions` section of the task definition. +# +# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`. +# See the documentation for each action used below for the recommended IAM policies for this IAM user, +# and best practices on handling the access key credentials. + +on: + release: + types: [created] + +name: Deploy to Amazon ECS + +jobs: + deploy: + name: Deploy + runs-on: ubuntu-latest + environment: production + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-2 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: my-ecr-repo + IMAGE_TAG: ${{ github.sha }} + run: | + # Build a docker container and + # push it to ECR so that it can + # be deployed to ECS. + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" + + - name: Fill in the new image ID in the Amazon ECS task definition + id: task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: task-definition.json + container-name: sample-app + image: ${{ steps.build-image.outputs.image }} + + - name: Deploy Amazon ECS task definition + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.task-def.outputs.task-definition }} + service: sample-app-service + cluster: default + wait-for-service-stability: true diff --git a/.github/workflows/azure.yml b/.github/workflows/azure.yml new file mode 100644 index 0000000..0262b49 --- /dev/null +++ b/.github/workflows/azure.yml @@ -0,0 +1,50 @@ +# This workflow will build and push a node.js application to an Azure Web App when a release is created. +# +# This workflow assumes you have already created the target Azure App Service web app. +# For instructions see https://docs.microsoft.com/azure/app-service/app-service-plan-manage#create-an-app-service-plan +# +# To configure this workflow: +# +# 1. For Linux apps, add an app setting called WEBSITE_WEBDEPLOY_USE_SCM and set it to true in your app **before downloading the file**. +# For more instructions see: https://docs.microsoft.com/azure/app-service/configure-common#configure-app-settings +# +# 2. Set up a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE with the value of your Azure publish profile. +# For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret +# +# 3. Change the values for the AZURE_WEBAPP_NAME, AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables (below). +# +# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions +# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples +on: + release: + types: [created] + +env: + AZURE_WEBAPP_NAME: your-app-name # set this to your application's name + AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root + NODE_VERSION: '10.x' # set this to the node version to use + +jobs: + build-and-deploy: + name: Build and Deploy + runs-on: ubuntu-latest + environment: production + steps: + - uses: actions/checkout@v2 + - name: Use Node.js ${{ env.NODE_VERSION }} + uses: actions/setup-node@v2 + with: + node-version: ${{ env.NODE_VERSION }} + - name: npm install, build, and test + run: | + # Build and test the project, then + # deploy to Azure Web App. + npm install + npm run build --if-present + npm run test --if-present + - name: 'Deploy to Azure WebApp' + uses: azure/webapps-deploy@v2 + with: + app-name: ${{ env.AZURE_WEBAPP_NAME }} + publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} + package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} diff --git a/.github/workflows/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml new file mode 100644 index 0000000..0db011b --- /dev/null +++ b/.github/workflows/codacy-analysis.yml @@ -0,0 +1,49 @@ +# This workflow checks out code, performs a Codacy security scan +# and integrates the results with the +# GitHub Advanced Security code scanning feature. For more information on +# the Codacy security scan action usage and parameters, see +# https://github.com/codacy/codacy-analysis-cli-action. +# For more information on Codacy Analysis CLI in general, see +# https://github.com/codacy/codacy-analysis-cli. + +name: Codacy Security Scan + +on: + push: + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + schedule: + - cron: '17 12 * * 3' + +jobs: + codacy-security-scan: + name: Codacy Security Scan + runs-on: ubuntu-latest + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout code + uses: actions/checkout@v2 + + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis + - name: Run Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@1.1.0 + with: + # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository + # You can also omit the token and run the tools that support default configurations + project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} + verbose: true + output: results.sarif + format: sarif + # Adjust severity of non-security issues + gh-code-scanning-compat: true + # Force 0 exit code to allow SARIF file generation + # This will handover control about PR rejection to the GitHub side + max-allowed-issues: 2147483647 + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: results.sarif diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..8376e3f --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,71 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + schedule: + - cron: '16 16 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'javascript' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/deno.yml b/.github/workflows/deno.yml new file mode 100644 index 0000000..37ef568 --- /dev/null +++ b/.github/workflows/deno.yml @@ -0,0 +1,47 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow will install Deno and run tests across stable and canary builds on Windows, Ubuntu and macOS. +# For more information see: https://github.com/denoland/setup-deno + +name: Deno + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + test: + runs-on: ${{ matrix.os }} # runs a test on Ubuntu, Windows and macOS + + strategy: + matrix: + deno: ["v1.x", "canary"] + os: [macOS-latest, windows-latest, ubuntu-latest] + + steps: + - name: Setup repo + uses: actions/checkout@v2 + + - name: Setup Deno + # uses: denoland/setup-deno@v1 + uses: denoland/setup-deno@4a4e59637fa62bd6c086a216c7e4c5b457ea9e79 + with: + deno-version: ${{ matrix.deno }} # tests across multiple Deno versions + + # Uncomment this step to verify the use of 'deno fmt' on each commit. + # - name: Verify formatting + # run: deno fmt --check + + - name: Run linter + run: deno lint + + - name: Cache dependencies + run: deno cache deps.ts + + - name: Run tests + run: deno test -A --unstable diff --git a/.github/workflows/openshift.yml b/.github/workflows/openshift.yml new file mode 100644 index 0000000..f9475d7 --- /dev/null +++ b/.github/workflows/openshift.yml @@ -0,0 +1,180 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +### The OpenShift Starter workflow will: +# - Checkout your repository +# - Perform a Docker build +# - Push the built image to an image registry +# - Log in to your OpenShift cluster +# - Create an OpenShift app from the image and expose it to the internet. + +### Before you begin: +# - Have write access to a container image registry such as quay.io or Dockerhub. +# - Have access to an OpenShift cluster. +# - For instructions to get started with OpenShift see https://www.openshift.com/try +# - The project you wish to add this workflow to should have a Dockerfile. +# - If you don't have a Dockerfile at the repository root, see the buildah-build step. +# - Builds from scratch are also available, but require more configuration. + +### To get the workflow running: +# 1. Add this workflow to your repository. +# 2. Edit the top-level 'env' section, which contains a list of environment variables that must be configured. +# 3. Create the secrets referenced in the 'env' section under your repository Settings. +# 4. Edit the 'branches' in the 'on' section to trigger the workflow on a push to your branch. +# 5. Commit and push your changes. + +# For a more sophisticated example, see https://github.com/redhat-actions/spring-petclinic/blob/main/.github/workflows/petclinic-sample.yaml +# Also see our GitHub organization, https://github.com/redhat-actions/ +# ▶️ See a video of how to set up this workflow at https://www.youtube.com/watch?v=6hgBO-1pKho + +name: OpenShift + +# ⬇️ Modify the fields marked with ⬇️ to fit your project, and create any secrets that are referenced. +# https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets +env: + # ⬇️ EDIT with your registry and registry path. + REGISTRY: quay.io/ + # ⬇️ EDIT with your registry username. + REGISTRY_USER: + REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} + + # ⬇️ EDIT to log into your OpenShift cluster and set up the context. + # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. + OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} + + # ⬇️ EDIT with any additional port your application should expose. + # By default, oc new-app action creates a service to the image's lowest numeric exposed port. + APP_PORT: "" + + # ⬇️ EDIT if you wish to set the kube context's namespace after login. Leave blank to use the default namespace. + OPENSHIFT_NAMESPACE: "" + + # If you wish to manually provide the APP_NAME and TAG, set them here, otherwise they will be auto-detected. + APP_NAME: "" + TAG: "" + +on: + # https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows + push: + # Edit to the branch(es) you want to build and deploy on each push. + branches: [ main ] + +jobs: + openshift-ci-cd: + name: Build and deploy to OpenShift + runs-on: ubuntu-18.04 + environment: production + + outputs: + ROUTE: ${{ steps.deploy-and-expose.outputs.route }} + SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} + + steps: + - name: Check if secrets exists + uses: actions/github-script@v3 + with: + script: | + const secrets = { + REGISTRY_PASSWORD: `${{ secrets.REGISTRY_PASSWORD }}`, + OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`, + OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`, + }; + + const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => { + if (value.length === 0) { + core.warning(`Secret "${name}" is not set`); + return true; + } + core.info(`✔️ Secret "${name}" is set`); + return false; + + }); + + if (missingSecrets.length > 0) { + core.setFailed(`❌ At least one required secret is not set in the repository. \n` + + "You can add it using:\n" + + "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + + "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + + "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); + } + else { + core.info(`✅ All the required secrets are set`); + } + + - uses: actions/checkout@v2 + + - name: Determine app name + if: env.APP_NAME == '' + run: | + echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV + + - name: Determine tag + if: env.TAG == '' + run: | + echo "TAG=${GITHUB_SHA::7}" | tee -a $GITHUB_ENV + + # https://github.com/redhat-actions/buildah-build#readme + - name: Build from Dockerfile + id: image-build + uses: redhat-actions/buildah-build@v2 + with: + image: ${{ env.APP_NAME }} + tags: ${{ env.TAG }} + # If you don't have a dockerfile, see: + # https://github.com/redhat-actions/buildah-build#scratch-build-inputs + # Otherwise, point this to your Dockerfile relative to the repository root. + dockerfiles: | + ./Dockerfile + + # https://github.com/redhat-actions/push-to-registry#readme + - name: Push to registry + id: push-to-registry + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.image-build.outputs.image }} + tags: ${{ steps.image-build.outputs.tags }} + registry: ${{ env.REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + # The path the image was pushed to is now stored in ${{ steps.push-to-registry.outputs.registry-path }} + + # oc-login works on all platforms, but oc must be installed first. + # The GitHub Ubuntu runner already includes oc. + # Otherwise, https://github.com/redhat-actions/openshift-tools-installer can be used to install oc, + # as well as many other tools. + + # https://github.com/redhat-actions/oc-login#readme + - name: Log in to OpenShift + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ env.OPENSHIFT_SERVER }} + openshift_token: ${{ env.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.OPENSHIFT_NAMESPACE }} + + # This step should create a deployment, service, and route to run your app and expose it to the internet. + # https://github.com/redhat-actions/oc-new-app#readme + - name: Create and expose app + id: deploy-and-expose + uses: redhat-actions/oc-new-app@v1 + with: + app_name: ${{ env.APP_NAME }} + image: ${{ steps.push-to-registry.outputs.registry-path }} + namespace: ${{ env.OPENSHIFT_NAMESPACE }} + port: ${{ env.APP_PORT }} + + - name: View application route + run: | + [[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1) + echo "======================== Your application is available at: ========================" + echo ${{ env.ROUTE }} + echo "===================================================================================" + echo + echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\"" + env: + ROUTE: ${{ steps.deploy-and-expose.outputs.route }} + SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml new file mode 100644 index 0000000..23f51f8 --- /dev/null +++ b/.github/workflows/ossar-analysis.yml @@ -0,0 +1,44 @@ +# This workflow integrates a collection of open source static analysis tools +# with GitHub code scanning. For documentation, or to provide feedback, visit +# https://github.com/github/ossar-action +name: OSSAR + +on: + push: + branches: [ main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ main ] + schedule: + - cron: '22 11 * * 3' + +jobs: + OSSAR-Scan: + # OSSAR runs on windows-latest. + # ubuntu-latest and macos-latest support coming soon + runs-on: windows-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Ensure a compatible version of dotnet is installed. + # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. + # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. + # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. + # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: + # - name: Install .NET + # uses: actions/setup-dotnet@v1 + # with: + # dotnet-version: '3.1.x' + + # Run open source static analysis tools + - name: Run OSSAR + uses: github/ossar-action@v1 + id: ossar + + # Upload results to the Security tab + - name: Upload OSSAR results + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/Thiết lập-bắt đầu/chủ yếu b/Thiết lập-bắt đầu/chủ yếu new file mode 100644 index 0000000..95ca975 --- /dev/null +++ b/Thiết lập-bắt đầu/chủ yếu @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" diff --git a/action.yml b/chủ yếu similarity index 100% rename from action.yml rename to chủ yếu diff --git a/file:/codacy/dist/index.js b/file:/codacy/dist/index.js new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/file:/codacy/dist/index.js @@ -0,0 +1 @@ + diff --git a/văn bản.txt b/văn bản.txt new file mode 100644 index 0000000..110be47 --- /dev/null +++ b/văn bản.txt @@ -0,0 +1 @@ +f30255525624b054218954b6ca1c1a41daa01be7 \ No newline at end of file