From d9ed9c3b7a1e3a836230ac837544f30292c39071 Mon Sep 17 00:00:00 2001 From: Stefanni Brasil Date: Fri, 12 Jul 2024 15:32:10 -0600 Subject: [PATCH] Improvements to workflows and security workflow example --- .../workflows/dynamic-security-example.yaml | 19 ++++ .github/workflows/dynamic-security.yaml | 3 +- .../trigger-dynamic-readme-update.yaml | 1 + .../trigger-dynamic-security-update.yaml | 91 ++++++++++--------- templates/security.md | 2 +- 5 files changed, 68 insertions(+), 48 deletions(-) create mode 100644 .github/workflows/dynamic-security-example.yaml diff --git a/.github/workflows/dynamic-security-example.yaml b/.github/workflows/dynamic-security-example.yaml new file mode 100644 index 0000000..26a424d --- /dev/null +++ b/.github/workflows/dynamic-security-example.yaml @@ -0,0 +1,19 @@ +name: update-security + +on: + push: + paths: + - SECURITY.md + branches: + - main + workflow_dispatch: + +jobs: + update-security: + permissions: + contents: write + pull-requests: write + pages: write + uses: thoughtbot/templates/.github/workflows/dynamic-security.yaml@main + secrets: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/dynamic-security.yaml b/.github/workflows/dynamic-security.yaml index 2a9cdfd..1af3f67 100644 --- a/.github/workflows/dynamic-security.yaml +++ b/.github/workflows/dynamic-security.yaml @@ -9,7 +9,7 @@ on: required: true jobs: - update_security-file: + update_security: name: "Update Security file" runs-on: ubuntu-latest steps: @@ -50,4 +50,3 @@ jobs: This PR was automatically generated to update the dynamic section in the SECURITY file. Whenever SECURITY is updated, this workflow is triggered to dynamically render the snippet used in the SECURITY file. - diff --git a/.github/workflows/trigger-dynamic-readme-update.yaml b/.github/workflows/trigger-dynamic-readme-update.yaml index 901cc04..7522624 100644 --- a/.github/workflows/trigger-dynamic-readme-update.yaml +++ b/.github/workflows/trigger-dynamic-readme-update.yaml @@ -59,6 +59,7 @@ jobs: - thoughtbot/Curry - thoughtbot/croutons - thoughtbot/parity + - thoughtbot/testing-reusable-workflow steps: - name: Trigger Dynamic READMEs to be updated with templates uses: benc-uk/workflow-dispatch@v1 diff --git a/.github/workflows/trigger-dynamic-security-update.yaml b/.github/workflows/trigger-dynamic-security-update.yaml index 08e0044..6b7aa38 100644 --- a/.github/workflows/trigger-dynamic-security-update.yaml +++ b/.github/workflows/trigger-dynamic-security-update.yaml @@ -15,55 +15,56 @@ jobs: strategy: matrix: repository: - - thoughtbot/high_voltage - - thoughtbot/guides - - thoughtbot/administrate - - thoughtbot/shoulda-matchers - - thoughtbot/flightdeck - - thoughtbot/suspenders - - thoughtbot/shoulda-context - - thoughtbot/appraisal - - thoughtbot/clearance-i18n - - thoughtbot/gold_miner - - thoughtbot/capybara_accessibility_audit - - thoughtbot/upcase - - thoughtbot/ruby-science - - thoughtbot/terraform-flightdeck-aws-application - - thoughtbot/design-system - - thoughtbot/factory_bot_rails - - thoughtbot/bourbon - - thoughtbot/factory_bot - - thoughtbot/ember-cli-rails - - thoughtbot/dotfiles - - thoughtbot/terraform-ses-domain-identity - - thoughtbot/stylelint-config - - thoughtbot/cloudformation-terraform-state-backend - - thoughtbot/humid - - thoughtbot/clearance - - thoughtbot/griddler-sendgrid - - thoughtbot/terraform-aws-secrets - - thoughtbot/yuri-ita - - thoughtbot/paul_revere - - thoughtbot/terraform-eks-cicd - - thoughtbot/terraform-s3-bucket - - thoughtbot/terraform-route-53-delegated-subdomain - - thoughtbot/eslint-config - - thoughtbot/rcm - - thoughtbot/fishery - - thoughtbot/terrapin - - thoughtbot/shoulda - - thoughtbot/laptop - - thoughtbot/resolved - - thoughtbot/griddler - - thoughtbot/climate_control - - thoughtbot/Curry - - thoughtbot/croutons - - thoughtbot/parity + # - thoughtbot/high_voltage + # - thoughtbot/guides + # - thoughtbot/administrate + # - thoughtbot/shoulda-matchers + # - thoughtbot/flightdeck + # - thoughtbot/suspenders + # - thoughtbot/shoulda-context + # - thoughtbot/appraisal + # - thoughtbot/clearance-i18n + # - thoughtbot/gold_miner + # - thoughtbot/capybara_accessibility_audit + # - thoughtbot/upcase + # - thoughtbot/ruby-science + # - thoughtbot/terraform-flightdeck-aws-application + # - thoughtbot/design-system + # - thoughtbot/factory_bot_rails + # - thoughtbot/bourbon + # - thoughtbot/factory_bot + # - thoughtbot/ember-cli-rails + # - thoughtbot/dotfiles + # - thoughtbot/terraform-ses-domain-identity + # - thoughtbot/stylelint-config + # - thoughtbot/cloudformation-terraform-state-backend + # - thoughtbot/humid + # - thoughtbot/clearance + # - thoughtbot/griddler-sendgrid + # - thoughtbot/terraform-aws-secrets + # - thoughtbot/yuri-ita + # - thoughtbot/paul_revere + # - thoughtbot/terraform-eks-cicd + # - thoughtbot/terraform-s3-bucket + # - thoughtbot/terraform-route-53-delegated-subdomain + # - thoughtbot/eslint-config + # - thoughtbot/rcm + # - thoughtbot/fishery + # - thoughtbot/terrapin + # - thoughtbot/shoulda + # - thoughtbot/laptop + # - thoughtbot/resolved + # - thoughtbot/griddler + # - thoughtbot/climate_control + # - thoughtbot/Curry + # - thoughtbot/croutons + # - thoughtbot/parity + - thoughtbot/testing-reusable-workflow steps: - name: Trigger Dynamic SECURITYs to be updated with templates uses: benc-uk/workflow-dispatch@v1 with: - workflow: update_security-file + workflow: update-security repo: ${{ matrix.repository }} token: ${{ secrets.PAT_TOKEN }} ref: "main" diff --git a/templates/security.md b/templates/security.md index 2a7bc50..1002a91 100644 --- a/templates/security.md +++ b/templates/security.md @@ -14,4 +14,4 @@ your reasons so that we can have a better understanding of your situation. For security inquiries or vulnerability reports, visit . -If you have any suggestions to improve this policy, please send an email to the email address at . +If you have any suggestions to improve this policy, visit .