From ee2df25d5daa552b167ae5915fbe91e5e2893d4a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 14:42:55 +0000 Subject: [PATCH 01/10] Bump github/codeql-action from 2 to 3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/shiftleft-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shiftleft-analysis.yml b/.github/workflows/shiftleft-analysis.yml index 46a4816..5e45063 100644 --- a/.github/workflows/shiftleft-analysis.yml +++ b/.github/workflows/shiftleft-analysis.yml @@ -35,6 +35,6 @@ jobs: # type: python - name: Upload report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: reports From 893c7e6927a722a0918d05d25ff1604d1d45c54c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 14:42:58 +0000 Subject: [PATCH 02/10] Bump docker/build-push-action from 4.1.1 to 5.1.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.1.1 to 5.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4.1.1...v5.1.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/dockerhub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index c5dfa6c..12fdea3 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -15,7 +15,7 @@ jobs: uses: actions/checkout@v3 - name: Build and push Docker images - uses: docker/build-push-action@v4.1.1 + uses: docker/build-push-action@v5.1.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} From 6089f4e6ab9895123582983fa2bebc06b36f5108 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Feb 2024 14:43:01 +0000 Subject: [PATCH 03/10] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/dockerhub.yml | 2 +- .github/workflows/shiftleft-analysis.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index c5dfa6c..043fdc3 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Build and push Docker images uses: docker/build-push-action@v4.1.1 diff --git a/.github/workflows/shiftleft-analysis.yml b/.github/workflows/shiftleft-analysis.yml index 46a4816..b3a60a1 100644 --- a/.github/workflows/shiftleft-analysis.yml +++ b/.github/workflows/shiftleft-analysis.yml @@ -15,7 +15,7 @@ jobs: # Scan runs on ubuntu, mac and windows runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 # Instructions # 1. Setup JDK, Node.js, Python etc depending on your project type # 2. Compile or build the project before invoking scan From 4da66a4dc4837bc54648e9e8695f09c3811d55ca Mon Sep 17 00:00:00 2001 From: Code by Ben Date: Fri, 23 Feb 2024 12:19:36 +1100 Subject: [PATCH 04/10] Update dependabot.yml From e3eb203921f7fd420f875f3661863dce047ffced Mon Sep 17 00:00:00 2001 From: Ben Garrett Date: Fri, 23 Feb 2024 12:35:56 +1100 Subject: [PATCH 05/10] GitHub repo fixes. --- .github/dependabot.yml | 7 +++++ .github/workflows/docker-hub.yml | 26 +++++++++++++++ .github/workflows/dockerhub.yml | 23 -------------- .github/workflows/shiftleft-analysis.yml | 40 ------------------------ .gitignore | 4 ++- 5 files changed, 36 insertions(+), 64 deletions(-) create mode 100644 .github/workflows/docker-hub.yml delete mode 100644 .github/workflows/dockerhub.yml delete mode 100644 .github/workflows/shiftleft-analysis.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fe405c2..df0f439 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,6 +7,13 @@ updates: directory: "/" # Location of package manifests schedule: interval: "monthly" + target-branch: "main" + open-pull-requests-limit: 10 + groups: + updates: + update-types: + - "minor" + - "patch" - package-ecosystem: github-actions directory: "/" schedule: diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml new file mode 100644 index 0000000..ebb3ed4 --- /dev/null +++ b/.github/workflows/docker-hub.yml @@ -0,0 +1,26 @@ +name: DockerHub + +on: + workflow_dispatch: + push: + tags: + - v* + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Build and push Docker images + uses: docker/build-push-action@v5.1.0 + with: + push: true + tags: bengarrett/dosee:latest diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml deleted file mode 100644 index fc35f11..0000000 --- a/.github/workflows/dockerhub.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Docker Hub - -on: - push: - # Publish `v1.2.3` tags as releases. - tags: - - v* - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Build and push Docker images - uses: docker/build-push-action@v5.1.0 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - repository: bengarrett/dosee - tags: latest diff --git a/.github/workflows/shiftleft-analysis.yml b/.github/workflows/shiftleft-analysis.yml deleted file mode 100644 index c7077b2..0000000 --- a/.github/workflows/shiftleft-analysis.yml +++ /dev/null @@ -1,40 +0,0 @@ -# This workflow integrates ShiftLeft Scan with GitHub's code scanning feature -# ShiftLeft Scan is a free open-source security tool for modern DevOps teams -# Visit https://slscan.io/en/latest/integrations/code-scan for help -name: ShiftLeft Scan - -# This section configures the trigger for the workflow. Feel free to customize depending on your convention -on: - push: - # Publish `v1.2.3` tags as releases. - tags: - - v* - -jobs: - Scan-Build: - # Scan runs on ubuntu, mac and windows - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - # Instructions - # 1. Setup JDK, Node.js, Python etc depending on your project type - # 2. Compile or build the project before invoking scan - # Example: mvn compile, or npm install or pip install goes here - # 3. Invoke ShiftLeft Scan with the github token. Leave the workspace empty to use relative url - - - name: Perform ShiftLeft Scan - uses: ShiftLeftSecurity/scan-action@master - env: - WORKSPACE: "" - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SCAN_AUTO_BUILD: true - with: - output: reports - # Scan auto-detects the languages in your project. To override uncomment the below variable and set the type - # type: credscan,java - # type: python - - - name: Upload report - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: reports diff --git a/.gitignore b/.gitignore index ed40ba8..fe62d17 100644 --- a/.gitignore +++ b/.gitignore @@ -12,4 +12,6 @@ pub *.tgz # VSCode -.vscode/tasks.json \ No newline at end of file +.vscode/tasks.json + +.DS_Store \ No newline at end of file From e053203f7cfad6eb6fac1e224a2514e02dc3149a Mon Sep 17 00:00:00 2001 From: Ben Garrett Date: Fri, 23 Feb 2024 13:15:57 +1100 Subject: [PATCH 06/10] Update bug report and pull request templates, and remove unused extension. --- .github/ISSUE_TEMPLATE/bug_report.md | 4 ++-- .github/pull_request_template.md | 2 +- .vscode/extensions.json | 1 - docs/README.md | 20 ++------------------ 4 files changed, 5 insertions(+), 22 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 91bbf48..07f1f74 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -25,8 +25,8 @@ If applicable, add screenshots to help explain your problem. **Desktop (please complete the following information):** - OS: [e.g. iOS] - - Browser [e.g. chrome, safari] - - Version [e.g. 22] + - Browser [e.g. Chrome, Safari] + - Version [e.g. 122] **Smartphone (please complete the following information):** Unfortunately not supported. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 6bfefa6..b20168f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -4,7 +4,7 @@ Is this a documentation update (if yes, please continue onto _Changes proposed_) Platforms tested or developed on: -- [ ] Windows 10 +- [ ] Windows - [ ] Linux (please include distro and version) \_ - [ ] macOS diff --git a/.vscode/extensions.json b/.vscode/extensions.json index cc76b71..854fda2 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -7,7 +7,6 @@ "dbaeumer.vscode-eslint", "esbenp.prettier-vscode", "visualstudioexptteam.vscodeintellicode", - "wix.vscode-import-cost" ], // List of extensions recommended by VS Code that should not be recommended for users of this workspace. "unwantedRecommendations": [] diff --git a/docs/README.md b/docs/README.md index d799e50..831e319 100644 --- a/docs/README.md +++ b/docs/README.md @@ -50,29 +50,13 @@ Point a web browser to http://localhost:8086 ### Docker instructions -There is a [DOSee repository at Docker Hub](https://hub.docker.com/repository/docker/bengarrett/dosee), or you can build locally using these instructions. - +There is an [image at Docker Hub](https://hub.docker.com/repository/docker/bengarrett/dosee). ```bash -# clone DOSee -git clone https://github.com/bengarrett/DOSee.git -cd DOSee - -# run the container (tap Ctrl-C to exit) -docker compose up +docker run --name dosee_app -i -p 8086:80 bengarrett/dosee ``` Point a web browser to http://localhost:8086 -```bash -# alternative manual build and run -docker build -t dosee . -docker run --name dosee_app -i -p 8086:80 dosee - -# clean up and remove -docker container rm dosee_app -docker image rm dosee -``` - ### Usage & customisations [Are in the USAGE document](USAGE.md) From 0cce8551ea59606123f4fdf5a4bf3554144dbc4b Mon Sep 17 00:00:00 2001 From: Ben Garrett Date: Fri, 23 Feb 2024 15:07:51 +1100 Subject: [PATCH 07/10] Add support for more platforms with QEMU and update Docker image tags --- .github/workflows/docker-hub.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index ebb3ed4..fc85eaf 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -12,6 +12,10 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + - # Add support for more platforms with QEMU (optional) + # https://github.com/docker/setup-qemu-action + name: Set up QEMU + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub @@ -22,5 +26,6 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5.1.0 with: + platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 push: true tags: bengarrett/dosee:latest From de31e9eca766692dee8496eae5f083fb2ae4576d Mon Sep 17 00:00:00 2001 From: Code by Ben Date: Fri, 23 Feb 2024 15:38:37 +1100 Subject: [PATCH 08/10] Update docker-hub.yml Removed legacy arm builds. --- .github/workflows/docker-hub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index fc85eaf..a196f78 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -26,6 +26,6 @@ jobs: - name: Build and push Docker images uses: docker/build-push-action@v5.1.0 with: - platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7 + platforms: linux/amd64,linux/arm64 push: true tags: bengarrett/dosee:latest From 5d481c494cf3069ccf3956b0a210b4e3b4d482f6 Mon Sep 17 00:00:00 2001 From: Ben Garrett Date: Fri, 23 Feb 2024 16:23:10 +1100 Subject: [PATCH 09/10] Fix Docker Hub image link --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 831e319..19f95af 100644 --- a/docs/README.md +++ b/docs/README.md @@ -50,7 +50,7 @@ Point a web browser to http://localhost:8086 ### Docker instructions -There is an [image at Docker Hub](https://hub.docker.com/repository/docker/bengarrett/dosee). +There is an [image at Docker Hub](https://hub.docker.com/r/bengarrett/dosee). ```bash docker run --name dosee_app -i -p 8086:80 bengarrett/dosee ``` From 01073549b071b49c6af52b7dc2474db2a429cff2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 14:32:31 +0000 Subject: [PATCH 10/10] Bump docker/build-push-action from 5.1.0 to 5.3.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.1.0 to 5.3.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5.1.0...v5.3.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-hub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml index a196f78..1f798b7 100644 --- a/.github/workflows/docker-hub.yml +++ b/.github/workflows/docker-hub.yml @@ -24,7 +24,7 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push Docker images - uses: docker/build-push-action@v5.1.0 + uses: docker/build-push-action@v5.3.0 with: platforms: linux/amd64,linux/arm64 push: true