From 5ed1989ed0e3e5561c1599627cdbf78efc2900fb Mon Sep 17 00:00:00 2001 From: okddgg blog Date: Sat, 5 Jul 2025 11:43:51 +0700 Subject: [PATCH 1/3] Create rubyonrails.dcpnp Really appreciate your time Git. --- .github/workflows/rubyonrails.dcpnp | 60 +++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/rubyonrails.dcpnp diff --git a/.github/workflows/rubyonrails.dcpnp b/.github/workflows/rubyonrails.dcpnp new file mode 100644 index 00000000..5102c6f8 --- /dev/null +++ b/.github/workflows/rubyonrails.dcpnp @@ -0,0 +1,60 @@ +# This workflow uses actions that are not certified by GitHub. They are +# provided by a third-party and are governed by separate terms of service, +# privacy policy, and support documentation. +# +# This workflow will install a prebuilt Ruby version, install dependencies, and +# run tests and linters. +name: "Ruby on Rails CI" +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] +jobs: + test: + runs-on: ubuntu-latest + services: + postgres: + image: postgres:11-alpine + ports: + - "5432:5432" + env: + POSTGRES_DB: rails_test + POSTGRES_USER: rails + POSTGRES_PASSWORD: password + env: + RAILS_ENV: test + DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test" + steps: + - name: Checkout code + uses: actions/checkout@v4 + # Add or replace dependency steps here + - name: Install Ruby and gems + uses: ruby/setup-ruby@78c01b705fd9d5ad960d432d3a0cfa341d50e410 # v1.179.1 + with: + bundler-cache: true + # Add or replace database setup steps here + - name: Set up database schema + run: bin/rails db:schema:load + # Add or replace test runners here + - name: Run tests + run: bin/rake + + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Ruby and gems + uses: ruby/setup-ruby@78c01b705fd9d5ad960d432d3a0cfa341d50e410 # v1.179.1 + with: + bundler-cache: true + - name: Generate binstubs + run: bundle binstubs bundler-audit brakeman rubocop + # Add or replace any other lints here + - name: Security audit dependencies + run: bin/bundler-audit --update + - name: Security audit application code + run: bin/brakeman -q -w2 + - name: Lint Ruby files + run: bin/rubocop --parallel From a1df073a7057b6001c2d32adf7d38c8dfcb1f16c Mon Sep 17 00:00:00 2001 From: okddgg blog Date: Sun, 6 Jul 2025 08:58:18 +0700 Subject: [PATCH 2/3] Update and rename LICENSE to LICENSE.ddpm --- LICENSE => LICENSE.ddpm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename LICENSE => LICENSE.ddpm (96%) diff --git a/LICENSE b/LICENSE.ddpm similarity index 96% rename from LICENSE rename to LICENSE.ddpm index 9b314df7..b7da3038 100644 --- a/LICENSE +++ b/LICENSE.ddpm @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2013 - 2017 GitHub, Inc. +Copyright (c) 2024 - 2025 GitHub, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in From 4357ab249f867cf854c897f44e937ffd5ea15782 Mon Sep 17 00:00:00 2001 From: okddgg blog Date: Tue, 8 Jul 2025 04:18:30 +0700 Subject: [PATCH 3/3] Create generator-generic-ossf-slsa3-publish.ppmo --- .../generator-generic-ossf-slsa3-publish.ppmo | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 .github/workflows/generator-generic-ossf-slsa3-publish.ppmo diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.ppmo b/.github/workflows/generator-generic-ossf-slsa3-publish.ppmo new file mode 100644 index 00000000..35c829b1 --- /dev/null +++ b/.github/workflows/generator-generic-ossf-slsa3-publish.ppmo @@ -0,0 +1,66 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow lets you generate SLSA provenance file for your project. +# The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements +# The project is an initiative of the OpenSSF (openssf.org) and is developed at +# https://github.com/slsa-framework/slsa-github-generator. +# The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. +# For more information about SLSA and how it improves the supply-chain, visit slsa.dev. + +name: SLSA generic generator +on: + workflow_dispatch: + release: + types: [created] + +jobs: + build: + runs-on: ubuntu-latest + outputs: + digests: ${{ steps.hash.outputs.digests }} + + steps: + - uses: actions/checkout@v4 + + # ======================================================== + # + # Step 1: Build your artifacts. + # + # ======================================================== + - name: Build artifacts + run: | + # These are some amazing artifacts. + echo "artifact1" > artifact1 + echo "artifact2" > artifact2 + + # ======================================================== + # + # Step 2: Add a step to generate the provenance subjects + # as shown below. Update the sha256 sum arguments + # to include all binaries that you generate + # provenance for. + # + # ======================================================== + - name: Generate subject for provenance + id: hash + run: | + set -euo pipefail + + # List the artifacts the provenance will refer to. + files=$(ls artifact*) + # Generate the subjects (base64 encoded). + echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}" + + provenance: + needs: [build] + permissions: + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 + with: + base64-subjects: "${{ needs.build.outputs.digests }}" + upload-assets: true # Optional: Upload to a new release