From 1350a0b6516d3dbf567cc6ba9ce464e5e4ee89e2 Mon Sep 17 00:00:00 2001
From: Nil <nilgallego@pm.me>
Date: Sat, 22 Jun 2024 23:54:05 +0200
Subject: [PATCH 1/3] chore: Update AWS VPC Terraform templates and workflows

---
 .github/workflows/cypress.yml                 | 27 ++---------------
 .github/workflows/deploy_aws_vpc.yml          |  4 +--
 .github/workflows/deploy_azure_vpc.yml        |  4 +--
 .../workflows/\360\237\216\255_nodejs.yml"    | 29 ++-----------------
 ...0\237\216\255_nodejs_\360\237\223\246.yml" |  4 +--
 ...\237\216\255_\342\230\225\357\270\217.yml" |  4 +--
 .../\360\237\216\255_\360\237\220\215.yml"    |  4 +--
 ...255_\360\237\220\215_\360\237\223\246.yml" |  4 +--
 8 files changed, 18 insertions(+), 62 deletions(-)

diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml
index 5394593..a883c70 100644
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -2,9 +2,9 @@ name: Run Cypress
 
 on:
   push:
-    branches: ["main"]
+    branches: [main, develop]
   pull_request:
-    branches: ["main"]
+    branches: [main, develop]
 
   workflow_dispatch:
 
@@ -32,6 +32,7 @@ jobs:
           path: test/cypress/mochawesome-report
 
   upload:
+    if: ${{ !cancelled() && github.ref == 'refs/heads/main'}}
     needs: build
     runs-on: ubuntu-latest
     steps:
@@ -49,25 +50,3 @@ jobs:
           aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY}}
           aws_bucket: ${{ secrets.AWS_BUCKET }}
           source_dir: "test/cypress/mochawesome-report"
-# update-readme:
-#   needs: build
-#   runs-on: ubuntu-latest
-#   steps:
-#     - name: Checkout repo
-#       uses: actions/checkout@v3
-
-#     - name: Update README
-#       run: |
-#         echo "Adding new content to README" >> README.md
-
-#     - name: Commit and push if changed
-#       run: |
-#         git config --global user.email "githubautomat.pr1bp@passmail.net"
-#         git config --global user.name "Nil Gallego"
-#         git add README.md
-#         # Check for changes
-#         git diff --exit-code --cached || (
-#           # Only commit and push if there are changes
-#           git commit -m "Update README [skip ci]"
-#           git push
-#         )
diff --git a/.github/workflows/deploy_aws_vpc.yml b/.github/workflows/deploy_aws_vpc.yml
index 00f0ab5..8a9c2d4 100644
--- a/.github/workflows/deploy_aws_vpc.yml
+++ b/.github/workflows/deploy_aws_vpc.yml
@@ -2,9 +2,9 @@ name: Validate AWS Terraform templates
 
 on:
   push:
-    branches: ["main"]
+    branches: [main, develop]
   pull_request:
-    branches: ["main"]
+    branches: [main, develop]
 
   workflow_dispatch:
 
diff --git a/.github/workflows/deploy_azure_vpc.yml b/.github/workflows/deploy_azure_vpc.yml
index f769c8d..aeed498 100644
--- a/.github/workflows/deploy_azure_vpc.yml
+++ b/.github/workflows/deploy_azure_vpc.yml
@@ -2,9 +2,9 @@ name: Validate Azure Terraform templates
 
 on:
   push:
-    branches: ["main"]
+    branches: [main, develop]
   pull_request:
-    branches: ["main"]
+    branches: [main, develop]
 
   workflow_dispatch:
 
diff --git "a/.github/workflows/\360\237\216\255_nodejs.yml" "b/.github/workflows/\360\237\216\255_nodejs.yml"
index 644c7b6..48dd856 100644
--- "a/.github/workflows/\360\237\216\255_nodejs.yml"
+++ "b/.github/workflows/\360\237\216\255_nodejs.yml"
@@ -2,9 +2,9 @@ name: Run 🎭 Nodejs
 
 on:
   push:
-    branches: ["main"]
+    branches: [main, develop]
   pull_request:
-    branches: ["main"]
+    branches: [main, develop]
 
   workflow_dispatch:
 
@@ -34,6 +34,7 @@ jobs:
           path: test/playwright/nodejs/playwright-report
 
   upload:
+    if: ${{ !cancelled() && github.ref == 'refs/heads/main'}}
     needs: build
     runs-on: ubuntu-latest
     steps:
@@ -51,28 +52,4 @@ jobs:
           container_name: ${{ vars.CONTAINER_NAME }}
           connection_string: ${{ secrets.ConnectionString }}
           extra_args: "--pattern *.html"
-          # WARNING: this will overwrite existing blobs in your blob storage
           overwrite: "true"
-
-  # update-readme:
-  #   needs: build
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Checkout repo
-  #       uses: actions/checkout@v3
-
-  #     - name: Update README
-  #       run: |
-  #         echo "Adding new content to README" >> README.md
-
-  #     - name: Commit and push if changed
-  #       run: |
-  #         git config --global user.email "githubautomat.pr1bp@passmail.net"
-  #         git config --global user.name "Nil Gallego"
-  #         git add README.md
-  #         # Check for changes
-  #         git diff --exit-code --cached || (
-  #           # Only commit and push if there are changes
-  #           git commit -m "Update README [skip ci]"
-  #           git push
-  #         )
diff --git "a/.github/workflows/\360\237\216\255_nodejs_\360\237\223\246.yml" "b/.github/workflows/\360\237\216\255_nodejs_\360\237\223\246.yml"
index 264d1c3..9972fac 100644
--- "a/.github/workflows/\360\237\216\255_nodejs_\360\237\223\246.yml"
+++ "b/.github/workflows/\360\237\216\255_nodejs_\360\237\223\246.yml"
@@ -1,9 +1,9 @@
 name: Run 🎭 Nodejs 📦
 on:
   push:
-    branches: [main]
+    branches: [main, develop]
   pull_request:
-    branches: [main]
+    branches: [main, develop]
 jobs:
   playwright:
     name: "Playwright Tests"
diff --git "a/.github/workflows/\360\237\216\255_\342\230\225\357\270\217.yml" "b/.github/workflows/\360\237\216\255_\342\230\225\357\270\217.yml"
index 63ede9d..a95c565 100644
--- "a/.github/workflows/\360\237\216\255_\342\230\225\357\270\217.yml"
+++ "b/.github/workflows/\360\237\216\255_\342\230\225\357\270\217.yml"
@@ -2,9 +2,9 @@ name: Run 🎭 ☕️
 
 on:
   push:
-    branches: ["main"]
+    branches: [main, develop]
   pull_request:
-    branches: ["main"]
+    branches: [main, develop]
 
   workflow_dispatch:
 
diff --git "a/.github/workflows/\360\237\216\255_\360\237\220\215.yml" "b/.github/workflows/\360\237\216\255_\360\237\220\215.yml"
index 9bfa5bb..0872334 100644
--- "a/.github/workflows/\360\237\216\255_\360\237\220\215.yml"
+++ "b/.github/workflows/\360\237\216\255_\360\237\220\215.yml"
@@ -1,9 +1,9 @@
 name: Run 🎭 🐍
 on:
   push:
-    branches: [main]
+    branches: [main, develop]
   pull_request:
-    branches: [main]
+    branches: [main, develop]
 jobs:
   test:
     timeout-minutes: 60
diff --git "a/.github/workflows/\360\237\216\255_\360\237\220\215_\360\237\223\246.yml" "b/.github/workflows/\360\237\216\255_\360\237\220\215_\360\237\223\246.yml"
index b3a44db..dc2d561 100644
--- "a/.github/workflows/\360\237\216\255_\360\237\220\215_\360\237\223\246.yml"
+++ "b/.github/workflows/\360\237\216\255_\360\237\220\215_\360\237\223\246.yml"
@@ -1,9 +1,9 @@
 name: Run 🎭 🐍 📦
 on:
   push:
-    branches: [main]
+    branches: [main, develop]
   pull_request:
-    branches: [main]
+    branches: [main, develop]
 jobs:
   playwright:
     name: "Playwright Tests"

From 8f9827b18265e269db74cb8f35d780840a416400 Mon Sep 17 00:00:00 2001
From: Nil <nilgallego@pm.me>
Date: Sun, 23 Jun 2024 00:08:24 +0200
Subject: [PATCH 2/3] chore: Update CodeQL workflow to analyze multiple
 languages

---
 .github/workflows/codeql.yml | 46 ++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..655648e
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,46 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: ["main", "develop"]
+  pull_request:
+    branches: ["main", "develop"]
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ${{ 'ubuntu-latest' }}
+    timeout-minutes: ${{ 360 }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: java-kotlin
+            build-mode: none
+          - language: javascript-typescript
+            build-mode: none
+          - language: python
+            build-mode: none
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

From 3811cd11fb6e850d50b3a8b14fb21968244d12ad Mon Sep 17 00:00:00 2001
From: Nil <nilgallego@pm.me>
Date: Sun, 23 Jun 2024 00:11:14 +0200
Subject: [PATCH 3/3] Add CodeQL badge

---
 readme.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/readme.md b/readme.md
index 8cfb333..a37e97c 100644
--- a/readme.md
+++ b/readme.md
@@ -12,6 +12,10 @@
 | [![Run 🎭 🐍](https://github.com/nilgaar/DevOpsMaker/actions/workflows/%F0%9F%8E%AD_%F0%9F%90%8D.yml/badge.svg)](https://github.com/nilgaar/DevOpsMaker/actions/workflows/%F0%9F%8E%AD_%F0%9F%90%8D.yml)                              |
 | [![Run 🎭 🐍 📦](https://github.com/nilgaar/DevOpsMaker/actions/workflows/%F0%9F%8E%AD_%F0%9F%90%8D_%F0%9F%93%A6.yml/badge.svg)](https://github.com/nilgaar/DevOpsMaker/actions/workflows/%F0%9F%8E%AD_%F0%9F%90%8D_%F0%9F%93%A6.yml) |
 
+| Security                                                                                                                                                        |
+| --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [![CodeQL](https://github.com/nilgaar/DevOpsMaker/actions/workflows/codeql.yml/badge.svg)](https://github.com/nilgaar/DevOpsMaker/actions/workflows/codeql.yml) |
+
 > [!WARNING]
 > This repos is WIP