Skip to content

Commit

Permalink
feat: Initial release in separate repository
Browse files Browse the repository at this point in the history
  • Loading branch information
rsenden committed Feb 2, 2023
0 parents commit 4b4153e
Show file tree
Hide file tree
Showing 42 changed files with 39,311 additions and 0 deletions.
21 changes: 21 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# by default use heuristics
* text=auto

# standard text files
*.java text
*.properties text
*.gradle text
*.cfg text
*.xml text
*.json text

# binary file
*.png -text
*.jpg -text
*.pdf -text

# special text files
# NB: we must undo effect of "* text=auto" here
*.bat !text eol=crlf
*.sh !text eol=lf
gradlew !text eof=lf
65 changes: 65 additions & 0 deletions .github/workflows/build-dev-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
on:
push:
branches:
- '**'

env:
DIST_DIR: ${{ github.workspace }}/build/dist

name: Build development release
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Check-out source code
uses: actions/checkout@v2

- name: Define development release info
if: startsWith(github.ref, 'refs/heads/')
run: |
branch="${GITHUB_REF#refs/heads/}"
tag="dev_${branch//[^a-zA-Z0-9_.-]/.}" # Replace all special characters by a dot
echo DO_BUILD=true >> $GITHUB_ENV # We always want to do a build if we're building a branch
echo BRANCH=${branch} >> $GITHUB_ENV
echo RELEASE_TAG=${tag} >> $GITHUB_ENV
if git ls-remote --exit-code origin refs/tags/${tag} >/dev/null 2>&1; then
echo "Found tag ${tag}, development release will be published"
echo DO_RELEASE=true >> $GITHUB_ENV
else
echo "Tag ${tag} does not exist, no development release will be published"
fi
- name: Build development release
if: env.DO_BUILD
run: ./gradlew dist distThirdParty

- name: Publish build artifacts
if: env.DO_BUILD
uses: actions/upload-artifact@v2
with:
name: build_artifacts
path: ${{ env.DIST_DIR }}

- name: Update development release tag
uses: richardsimko/update-tag@v1
if: env.DO_RELEASE
with:
tag_name: ${{ env.RELEASE_TAG }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Create pre-release
if: env.DO_RELEASE
run: |
files=$(find "${{ env.DIST_DIR }}" -type f -printf "%p ")
gh release delete ${{ env.RELEASE_TAG }} -y || true
gh release create ${{ env.RELEASE_TAG }} -p -t "Development Release - ${{ env.BRANCH }} branch" -n 'See `Assets` section below for latest build artifacts' ${files}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}






48 changes: 48 additions & 0 deletions .github/workflows/build-prod-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
on:
push:
branches:
- main

env:
DIST_DIR: ${{ github.workspace }}/build/dist

name: Build production release
jobs:
build-and-release:
runs-on: ubuntu-latest
steps:
- name: Check-out source code
uses: actions/checkout@v2

- name: Generate and process release PR
id: release_please
uses: GoogleCloudPlatform/release-please-action@v2
with:
release-type: simple
package-name: ${{ github.event.repository.name }}

- name: Define production release info
if: steps.release_please.outputs.release_created
run: |
tag=${{steps.release_please.outputs.tag_name}}
version=${{steps.release_please.outputs.version}}
major=${{steps.release_please.outputs.major}}
minor=${{steps.release_please.outputs.minor}}
patch=${{steps.release_please.outputs.patch}}
echo DO_RELEASE=true >> $GITHUB_ENV
echo RELEASE_TAG=${tag} >> $GITHUB_ENV
echo RELEASE_VERSION=${version} >> $GITHUB_ENV
- name: Build production release
if: env.DO_RELEASE
run: ./gradlew dist distThirdParty -Pversion=${{env.RELEASE_VERSION}}

- name: Upload assets to release
if: env.DO_RELEASE
run: |
tag=${{ steps.release_please.outputs.tag_name }}
files=$(find "${{ env.DIST_DIR }}" -type f -printf "%p ")
gh release upload "${tag}" $files --clobber
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

25 changes: 25 additions & 0 deletions .github/workflows/update-repo-docs.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: doc-resource-updater

on:
workflow_dispatch:
schedule:
- cron: '5 4 * * *'
push:
branches:
- main

jobs:
update-repo-doc-resources:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.head_ref }}

- name: Update documentation resources
run: bash doc-resources/update-repo-docs.sh

- uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: 'docs: Auto-update documentation resources'
17 changes: 17 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
.gradle/
.shelf/
build/
bin/
out/
dist/
*.iml
*.iws
*.ipr
.settings/
.classpath
.settings
.project
*~
rebel.xml
.idea/
/fortifyRepository
39 changes: 39 additions & 0 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# Contributor Covenant Code of Conduct

## Our Pledge
We as contributors and maintainers pledge to make participation in our project and community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity
and orientation. We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.

## Our Standards
Examples of behavior that contributes to a positive environment for our community include:

* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
* Focusing on what is best not just for us as individuals, but for the overall community

Examples of unacceptable behavior include:

* The use of sexualized language or imagery, and sexual attention or advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others’ private information, such as a physical or email address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a professional setting

## Enforcement Responsibilities
Project maintainers are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive,
or harmful. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.

## Scope
This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.

## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainers. All complaints will be reviewed and investigated promptly and fairly. The project maintainers are obligated to respect the privacy and security of the reporter of any incident.

## Attribution
This Code of Conduct is adapted from the Contributor Covenant, version 2.0, available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. Community Impact Guidelines were inspired by Mozilla’s code of conduct enforcement ladder. For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.

---

*This document was auto-generated from CODE_OF_CONDUCT.template.md; do not edit by hand*
96 changes: 96 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
# Contributing to Fortify SSC Parser Plugin for Debricked results

## Contribution Agreement

Contributions like bug fixes and enhancements may be submitted through Pull Requests on this repository. Before we can accept 3<sup>rd</sup>-party pull requests, you will first need to sign and submit the [Micro Focus Contribution Agreement](https://github.com/fortify/repo-resources/raw/main/static/Open%20Source%20Contribution%20Agreement%20Jan2020v1.pdf). Please make sure to mention your GitHub username when submitting the form, to allow us to verify that the author of a pull request has accepted this agreement.


<!-- START-INCLUDE:repo-devinfo.md -->


<!-- START-INCLUDE:devinfo/h2.standard-parser-devinfo.md -->

## Information for Developers

The following sections provide information that may be useful for developers of this parser plugin.


<!-- START-INCLUDE:devinfo/h3.release-please.md -->

### Conventional commits & versioning

Versioning is handled automatically by [`release-please-action`](https://github.com/google-github-actions/release-please-action) based on [Conventional Commits](https://www.conventionalcommits.org/). Every commit to the `main`
branch should follow the Conventional Commits convention. Following are some examples; these can be combined in a single commit message (separated by empty lines), or you can have commit messages describing just a single fix or feature.

```
chore: Won't show up in changelog
ci: Change to GitHub Actions workflow; won't show up in changelog
docs: Change to documentation; won't show up in changelog
fix: Some fix (#2)
feat: New feature (#3)
feat!: Some feature that breaks backward compatibility
feat: Some feature
BREAKING-CHANGE: No longer supports xyz
```

See the output of `git log` to view some sample commit messages.

`release-please-action` invoked from the GitHub CI workflow generates pull requests containing updated `CHANGELOG.md` and `version.txt` files based on these commit messages. Merging the pull request will result in a new release version being published; this includes publishing the image to Docker Hub, and creating a GitHub release describing the changes.

<!-- END-INCLUDE:devinfo/h3.release-please.md -->



<!-- START-INCLUDE:devinfo/h3.lombok.md -->

### Lombok

This project uses Lombok. Gradle builds will automatically handle Lombok annotations, but to have your IDE compile this project without errors, you may need to add Lombok support to your IDE. Please see https://projectlombok.org/setup/overview for more information.

<!-- END-INCLUDE:devinfo/h3.lombok.md -->



<!-- START-INCLUDE:devinfo/h3.gradle-wrapper.md -->

### Gradle Wrapper

It is strongly recommended to build this project using the included Gradle Wrapper scripts; using other Gradle versions may result in build errors and other issues.

<!-- END-INCLUDE:devinfo/h3.gradle-wrapper.md -->



<!-- START-INCLUDE:devinfo/p.gradle-helpers.md -->

The Gradle build uses various helper scripts from https://github.com/fortify-ps/shared-gradle-helpers; please refer to the documentation and comments in included scripts for more information.

<!-- END-INCLUDE:devinfo/p.gradle-helpers.md -->


### Common Commands

All commands listed below use Linux/bash notation; adjust accordingly if you are running on a different platform. All commands are to be executed from the main project directory.

* `./gradlew tasks --all`: List all available tasks
* Build: (plugin binary will be stored in `build/libs`)
* `./gradlew clean build`: Clean and build the project
* `./gradlew build`: Build the project without cleaning
* `./gradlew dist distThirdParty`: Build distribution zip and third-party information bundle
* `./fortify-scan.sh`: Run a Fortify scan; requires Fortify SCA to be installed

<!-- END-INCLUDE:devinfo/h2.standard-parser-devinfo.md -->


<!-- END-INCLUDE:repo-devinfo.md -->


---

*This document was auto-generated from CONTRIBUTING.template.md; do not edit by hand*
25 changes: 25 additions & 0 deletions LICENSE.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
MIT License

Copyright 2023 Micro Focus or one of its affiliates

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

---

*This document was auto-generated from LICENSE.MIT.template.txt; do not edit by hand*
Loading

0 comments on commit 4b4153e

Please sign in to comment.