You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
visibility: ${{ github.event.repository.visibility }} # private, public, or internal
40
+
# go-private-modules: GOPRIVATE for Go private modules, default is 'github.com/progress-platform-services/*
41
+
42
+
# complexity-checks
43
+
perform-complexity-checks: true
44
+
# scc-output-filename: 'scc-output.txt'
45
+
perform-language-linting: false # Perform language-specific linting and pre-compilation checks
46
+
47
+
# trufflehog secret scanning
48
+
perform-trufflehog-scan: true
49
+
50
+
# BlackDuck SAST (Polaris) and SCA scans
51
+
# requires secrets POLARIS_SERVER_URL and POLARIS_ACCESS_TOKEN
52
+
perform-blackduck-polaris: false
53
+
polaris-application-name: 'Chef-Chef360'# one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services
54
+
polaris-project-name: ${{ github.event.repository.name }} # typically the application name, followed by - and the repository name, for example Chef-Chef360-chef-vault'
55
+
perform-blackduck-sca-scan: false
56
+
57
+
# perform application build and unit testing, will use custom repository properties when implemented for chef-primary-application, chef-build-profile, and chef-build-language
58
+
build: false
59
+
# ga-build-profile: $chef-ga-build-profile
60
+
# language: $chef-ga-build-language # this will be removed from stub as autodetected in central GA
61
+
unit-tests: false
62
+
63
+
# perform SonarQube scan, with or wihout unit test coverage data
64
+
# requires secrets SONAR_TOKEN and SONAR_HOST_URL (progress.sonar.com)
65
+
perform-sonarqube-scan: false
66
+
# perform-sonar-build: true
67
+
# build-profile: 'default'
68
+
# report-unit-test-coverage: true
69
+
70
+
# report to central developer dashboard
71
+
report-to-atlassian-dashboard: false
72
+
quality-product-name: ${{ github.event.repository.name }} # like 'Chef-360' - the product name for quality reporting, like Chef360, Courier, Inspec
73
+
# quality-sonar-app-name: 'YourSonarAppName'
74
+
# quality-testing-type: 'Integration' like Unit, Integration, e2e, api, Performance, Security
75
+
# quality-service-name: 'YourServiceOrRepoName'
76
+
# quality-junit-report: 'path/to/junit/report''
77
+
78
+
# perform native and Habitat packaging, publish to package repositories
publish-packages: false # Publish packages (e.g., container from Dockerfile to ECR, go-releaser binary to releases page, omnibus to artifactory, gems, choco, homebrew, other app stores)
82
+
83
+
# generate and export Software Bill of Materials (SBOM) in various formats
84
+
generate-sbom: true
85
+
export-github-sbom: true # SPDX JSON artifact on job instance
86
+
generate-blackduck-sbom: false # requires BlackDuck secrets and inputs as above for SAST scanning
87
+
generate-msft-sbom: false
88
+
license_scout: false # Run license scout for license compliance (uses .license_scout.yml)
0 commit comments