From 8ae5c3a26c40237ba2ecbc1f717eca76f530fe0f Mon Sep 17 00:00:00 2001 From: David Knise Date: Wed, 14 Jun 2023 11:09:27 -0700 Subject: [PATCH 1/2] Update samples to use strategy matrix for multi-os verification --- .github/workflows/on-push-verification.yml | 14 +++++--- .../sample-workflow-windows-latest.yml | 34 ------------------- ...-ubuntu-latest.yml => sample-workflow.yml} | 7 ++-- 3 files changed, 15 insertions(+), 40 deletions(-) delete mode 100644 .github/workflows/sample-workflow-windows-latest.yml rename .github/workflows/{sample-workflow-ubuntu-latest.yml => sample-workflow.yml} (81%) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 507eacd7..6d75dd76 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -1,13 +1,19 @@ # pull request action verification -name: MSDO on-push-verification windows-latest -on: push +name: microsoft/security-devops-action sample +on: + push: + branches: + - '*' jobs: sample: - name: Microsoft Security DevOps Analysis + name: MSDO on ${{ matrix.os }} + runs-on: ${{ matrix.os }} - runs-on: windows-latest + strategy: + matrix: + os: [windows-latest, ubuntu-latest] steps: diff --git a/.github/workflows/sample-workflow-windows-latest.yml b/.github/workflows/sample-workflow-windows-latest.yml deleted file mode 100644 index 1fe2bb64..00000000 --- a/.github/workflows/sample-workflow-windows-latest.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: MSDO windows-latest -on: - push: - branches: - - main - -jobs: - sample: - name: Microsoft Security DevOps Analysis - - runs-on: windows-latest - - steps: - - # Checkout your code repository to scan - - uses: actions/checkout@v3 - - # Run analyzers - - name: Run Microsoft Security DevOps Analysis - uses: microsoft/security-devops-action@preview - id: msdo - - # Upload alerts to the Security tab - - name: Upload alerts to Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: ${{ steps.msdo.outputs.sarifFile }} - - # Upload alerts file as a workflow artifact - - name: Upload alerts file as a workflow artifact - uses: actions/upload-artifact@v3 - with: - name: alerts - path: ${{ steps.msdo.outputs.sarifFile }} \ No newline at end of file diff --git a/.github/workflows/sample-workflow-ubuntu-latest.yml b/.github/workflows/sample-workflow.yml similarity index 81% rename from .github/workflows/sample-workflow-ubuntu-latest.yml rename to .github/workflows/sample-workflow.yml index fa39ad2f..33394b4a 100644 --- a/.github/workflows/sample-workflow-ubuntu-latest.yml +++ b/.github/workflows/sample-workflow.yml @@ -6,9 +6,12 @@ on: jobs: sample: - name: Microsoft Security DevOps Analysis + name: MSDO on ${{ matrix.os }} + runs-on: ${{ matrix.os }} - runs-on: ubuntu-latest + strategy: + matrix: + os: [windows-latest, ubuntu-latest] steps: From e2acd2391b23aeebfb1463a7313146f446588a40 Mon Sep 17 00:00:00 2001 From: David Knise Date: Wed, 14 Jun 2023 11:12:22 -0700 Subject: [PATCH 2/2] Use @v1 branch in the sample repo --- .github/workflows/sample-workflow.yml | 2 +- README.md | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/sample-workflow.yml b/.github/workflows/sample-workflow.yml index 33394b4a..7f26007f 100644 --- a/.github/workflows/sample-workflow.yml +++ b/.github/workflows/sample-workflow.yml @@ -20,7 +20,7 @@ jobs: # Run analyzers - name: Run Microsoft Security DevOps Analysis - uses: microsoft/security-devops-action@preview + uses: microsoft/security-devops-action@v1 id: msdo # Upload alerts to the Security tab diff --git a/README.md b/README.md index c041d6e8..ebdf1c23 100644 --- a/README.md +++ b/README.md @@ -27,14 +27,12 @@ Run **Microsoft Security DevOps (MSDO)** with the default policy and recommended ```yaml steps: + - uses: actions/checkout@v3 + - name: Run Microsoft Security DevOps - uses: microsoft/security-devops-action@preview + uses: microsoft/security-devops-action@v1 id: msdo -- name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: ${{ steps.msdo.outputs.sarifFile }} ``` ## Upload Results to the Security tab