Merge remote-tracking branch 'origin/dev'

2025-12-18 04:44:38 +03:00 · 2024-10-05 23:59:11 +10:00
parent b5d63799c0 ed39895c5f
commit 4ac225037e
5 changed files with 25 additions and 24 deletions
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -19,7 +19,7 @@ on:
    branches: [ "master", "dev" ]
  pull_request:
    # The branches below must be a subset of the branches above
-    branches: [ "master" ]
+    branches: [ "master", "dev" ]
  schedule:
    - cron: '34 12 * * 0'
@@ -37,17 +37,17 @@ jobs:
    steps:
      # Checkout the repository to the GitHub Actions runner
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
      - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
+        uses: codacy/codacy-analysis-cli-action@97bf5df3c09e75f5bcd72695998f96ebd701846e # v4.4.5
        with:
          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
          # You can also omit the token and run the tools that support default configurations
          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
          verbose: true
-          output: results.sarif
+          output: codacy_results.sarif
          format: sarif
          # Adjust severity of non-security issues
          gh-code-scanning-compat: true
@@ -59,4 +59,4 @@ jobs:
      - name: Upload SARIF results file
        uses: github/codeql-action/upload-sarif@v3
        with:
-          sarif_file: results.sarif
+          sarif_file: codacy_results.sarif
--- a/.github/workflows/docker-buildx-dev.yml
+++ b/.github/workflows/docker-buildx-dev.yml
@@ -7,6 +7,7 @@ on:
      - dev
    paths-ignore:
      - '**/*.md'
      - '.github/**'
 jobs:
  multi-arch-dev:
@@ -14,18 +15,18 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          ref: ${{ github.ref }}
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
        with:
          platforms: all
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
        with:
          version: latest
      -
@@ -33,13 +34,13 @@ jobs:
        run: echo ${{ steps.buildx.outputs.platforms }}
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
            username: ${{ secrets.DOCKERHUB_USERNAME }}
            password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push multi-arch dev
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
        with:
            context: .
            file: ./Dockerfile
--- a/.github/workflows/docker-buildx-latest.yml
+++ b/.github/workflows/docker-buildx-latest.yml
@@ -7,6 +7,7 @@ on:
      - master
    paths-ignore:
      - '**/*.md'
      - '.github/**'
 jobs:
  multi-arch-latest:
@@ -14,18 +15,18 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          ref: ${{ github.ref }}
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
        with:
          platforms: all
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
        with:
          version: latest
      -
@@ -33,13 +34,13 @@ jobs:
        run: echo ${{ steps.buildx.outputs.platforms }}
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
            username: ${{ secrets.DOCKERHUB_USERNAME }}
            password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push multi-arch latest
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
        with:
            context: .
            file: ./Dockerfile
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -13,12 +13,12 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          ref: ${{ github.ref }}
      -
        name: Run Trivy fs vulnerability scanner in fs mode
-        uses: aquasecurity/trivy-action@0.20.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
        with:
          scan-type: 'fs'
          ignore-unfixed: true
--- a/server-nginx.sh
+++ b/server-nginx.sh
@@ -180,13 +180,12 @@ do
        ESC_CERTFILE=$(printf '%s\n' "${fullchain}" | sed -e 's/[]\/$*.^[]/\\&/g')
        ESC_PRVKEYFILE=$(printf '%s\n' "${prvkey}" | sed -e 's/[]\/$*.^[]/\\&/g')
-        cat "${SITE_TPL}" \
+        cp -a "${SITE_TPL}"                         "${site_domain}.conf"
-            | sed "s/CERTFILE/${ESC_CERTFILE}/g" \
+        sed -i "s/CERTFILE/${ESC_CERTFILE}/g"       "${site_domain}.conf"
-            | sed "s/PRVKEYFILE/${ESC_PRVKEYFILE}/g" \
+        sed -i "s/PRVKEYFILE/${ESC_PRVKEYFILE}/g"   "${site_domain}.conf"
-            | sed "s/NGDOMAIN/${site_domain}/g" \
+        sed -i "s/NGDOMAIN/${site_domain}/g"        "${site_domain}.conf"
-            | sed "s/NGPORT/${port}/g" \
+        sed -i "s/NGPORT/${port}/g"                 "${site_domain}.conf"
-            | sed "s/NGPROTOCOL/${NGPROTOCOL}/g" \
+        sed -i "s/NGPROTOCOL/${NGPROTOCOL}/g"       "${site_domain}.conf"
            >"${site_domain}.conf"
        # Applying proxy log format instead of main format when --ng-server proxy_pass was set
        if [ -n "${NGPROTOCOL}" ]; then
            sed -i '/access_log/s/main/proxy/' "${site_domain}.conf"