From 91f612069d2ae4966ed30f4ea102d4628f878298 Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Wed, 12 Nov 2025 08:45:35 -0500 Subject: [PATCH] simpler artifacts Signed-off-by: Alex Goodman --- .github/workflows/validations.yaml | 277 ++++++++++++++++------------- 1 file changed, 151 insertions(+), 126 deletions(-) diff --git a/.github/workflows/validations.yaml b/.github/workflows/validations.yaml index a0f5d4f78..0c1f081d0 100644 --- a/.github/workflows/validations.yaml +++ b/.github/workflows/validations.yaml @@ -90,93 +90,100 @@ jobs: - name: Smoke test snapshot build run: make snapshot-smoke-test - # upload each platform artifact individually so downstream jobs can download only what they need - - run: npm install @actions/artifact@2.3.2 - - - name: Upload individual platform artifacts - uses: actions/github-script@v8 - env: - ACTIONS_ARTIFACT_UPLOAD_CONCURRENCY: 10 + - name: Upload snapshot artifacts + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #v6.0.0 with: - script: | - const { readdirSync } = require('fs') - const { DefaultArtifactClient } = require('@actions/artifact') - const artifact = new DefaultArtifactClient() - const ls = d => readdirSync(d, { withFileTypes: true }) - const baseDir = "./snapshot" - const dirs = ls(baseDir).filter(f => f.isDirectory()).map(f => f.name) - const uploads = [] + name: snapshot + path: snapshot/ + retention-days: 30 - // filter to only amd64 and arm64 architectures - const supportedArchs = ['amd64', 'arm64'] - const filteredDirs = dirs.filter(dir => - supportedArchs.some(arch => dir.includes(arch)) - ) - - // upload platform subdirectories - for (const dir of filteredDirs) { - // uploadArtifact returns Promise<{id, size}> - uploads.push(artifact.uploadArtifact( - // name of the archive: - `${dir}`, - // array of all files to include: - ls(`${baseDir}/${dir}`).map(f => `${baseDir}/${dir}/${f.name}`), - // base directory to trim from entries: - `${baseDir}/${dir}`, - { retentionDays: 30 } - )) - } - - // upload RPM and DEB packages for supported architectures - const packageFiles = ls(baseDir).filter(f => - f.isFile() && - (f.name.endsWith('.deb') || f.name.endsWith('.rpm')) && - supportedArchs.some(arch => f.name.includes(`_${arch}.`)) - ) - for (const file of packageFiles) { - uploads.push(artifact.uploadArtifact( - file.name, - [`${baseDir}/${file.name}`], - baseDir, - { retentionDays: 30 } - )) - } - - // upload SBOM files for supported architectures - const sbomFiles = ls(baseDir).filter(f => - f.isFile() && - f.name.endsWith('.sbom') && - supportedArchs.some(arch => f.name.includes(`_${arch}.`)) - ) - for (const file of sbomFiles) { - uploads.push(artifact.uploadArtifact( - file.name, - [`${baseDir}/${file.name}`], - baseDir, - { retentionDays: 30 } - )) - } - - // upload checksums file (needed by install tests) - const rootFiles = ls(baseDir).filter(f => f.isFile() && f.name.match(/syft_.*_checksums\.txt$/)) - if (rootFiles.length > 0) { - const checksumsFile = rootFiles[0].name - uploads.push(artifact.uploadArtifact( - 'syft_checksums.txt', - [`${baseDir}/${checksumsFile}`], - baseDir, - { retentionDays: 30 } - )) - } - - // wait for all uploads to finish - try { - const results = await Promise.all(uploads) - console.log(`Successfully uploaded ${results.length} artifacts`) - } catch (error) { - console.error('Upload failed:', error) - throw error - } +# # upload each platform artifact individually so downstream jobs can download only what they need +# - run: npm install @actions/artifact@2.3.2 +# +# - name: Upload individual platform artifacts +# uses: actions/github-script@v8 +# env: +# ACTIONS_ARTIFACT_UPLOAD_CONCURRENCY: 10 +# with: +# script: | +# const { readdirSync } = require('fs') +# const { DefaultArtifactClient } = require('@actions/artifact') +# const artifact = new DefaultArtifactClient() +# const ls = d => readdirSync(d, { withFileTypes: true }) +# const baseDir = "./snapshot" +# const dirs = ls(baseDir).filter(f => f.isDirectory()).map(f => f.name) +# const uploads = [] +# +# // filter to only amd64 and arm64 architectures +# const supportedArchs = ['amd64', 'arm64'] +# const filteredDirs = dirs.filter(dir => +# supportedArchs.some(arch => dir.includes(arch)) +# ) +# +# // upload platform subdirectories +# for (const dir of filteredDirs) { +# // uploadArtifact returns Promise<{id, size}> +# uploads.push(artifact.uploadArtifact( +# // name of the archive: +# `${dir}`, +# // array of all files to include: +# ls(`${baseDir}/${dir}`).map(f => `${baseDir}/${dir}/${f.name}`), +# // base directory to trim from entries: +# `${baseDir}/${dir}`, +# { retentionDays: 30 } +# )) +# } +# +# // upload RPM and DEB packages for supported architectures +# const packageFiles = ls(baseDir).filter(f => +# f.isFile() && +# (f.name.endsWith('.deb') || f.name.endsWith('.rpm')) && +# supportedArchs.some(arch => f.name.includes(`_${arch}.`)) +# ) +# for (const file of packageFiles) { +# uploads.push(artifact.uploadArtifact( +# file.name, +# [`${baseDir}/${file.name}`], +# baseDir, +# { retentionDays: 30 } +# )) +# } +# +# // upload SBOM files for supported architectures +# const sbomFiles = ls(baseDir).filter(f => +# f.isFile() && +# f.name.endsWith('.sbom') && +# supportedArchs.some(arch => f.name.includes(`_${arch}.`)) +# ) +# for (const file of sbomFiles) { +# uploads.push(artifact.uploadArtifact( +# file.name, +# [`${baseDir}/${file.name}`], +# baseDir, +# { retentionDays: 30 } +# )) +# } +# +# // upload checksums file (needed by install tests) +# const rootFiles = ls(baseDir).filter(f => f.isFile() && f.name.match(/syft_.*_checksums\.txt$/)) +# if (rootFiles.length > 0) { +# const checksumsFile = rootFiles[0].name +# uploads.push(artifact.uploadArtifact( +# 'syft_checksums.txt', +# [`${baseDir}/${checksumsFile}`], +# baseDir, +# { retentionDays: 30 } +# )) +# } +# +# // wait for all uploads to finish +# try { +# const results = await Promise.all(uploads) +# console.log(`Successfully uploaded ${results.length} artifacts`) +# } catch (error) { +# console.error('Upload failed:', error) +# throw error +# } Acceptance-Linux: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline @@ -197,35 +204,41 @@ jobs: with: download-test-fixture-cache: true - - name: Download checksums file + - name: Download snapshot artifacts uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 with: - name: syft_checksums.txt + name: snapshot path: snapshot - - name: Download Linux amd64 snapshot - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 - with: - name: linux-build_linux_amd64_v1 - path: snapshot/linux-build_linux_amd64_v1 - - - name: Download Linux amd64 deb - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 - with: - pattern: syft_*_linux_amd64.deb - path: snapshot - - - name: Download Linux amd64 rpm - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 - with: - pattern: syft_*_linux_amd64.rpm - path: snapshot - - - name: Download Linux amd64 sbom - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 - with: - pattern: syft_*_linux_amd64.sbom - path: snapshot +# - name: Download checksums file +# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 +# with: +# name: syft_checksums.txt +# path: snapshot +# +# - name: Download Linux amd64 snapshot +# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 +# with: +# name: linux-build_linux_amd64_v1 +# path: snapshot/linux-build_linux_amd64_v1 +# +# - name: Download Linux amd64 deb +# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 +# with: +# pattern: syft_*_linux_amd64.deb +# path: snapshot +# +# - name: Download Linux amd64 rpm +# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 +# with: +# pattern: syft_*_linux_amd64.rpm +# path: snapshot +# +# - name: Download Linux amd64 sbom +# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 +# with: +# pattern: syft_*_linux_amd64.sbom +# path: snapshot - name: Run comparison tests (Linux) run: make compare-linux @@ -262,23 +275,29 @@ jobs: go-dependencies: false download-test-fixture-cache: true - - name: Download checksums file + - name: Download snapshot artifacts uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 with: - name: syft_checksums.txt + name: snapshot path: snapshot - - name: Download macOS Intel snapshot - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 - with: - name: darwin-build_darwin_amd64_v1 - path: snapshot/darwin-build_darwin_amd64_v1 - - - name: Download macOS amd64 sbom - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 - with: - pattern: syft_*_darwin_amd64.sbom - path: snapshot +# - name: Download checksums file +# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 +# with: +# name: syft_checksums.txt +# path: snapshot +# +# - name: Download macOS Intel snapshot +# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 +# with: +# name: darwin-build_darwin_amd64_v1 +# path: snapshot/darwin-build_darwin_amd64_v1 +# +# - name: Download macOS amd64 sbom +# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 +# with: +# pattern: syft_*_darwin_amd64.sbom +# path: snapshot - name: Run comparison tests (Mac) run: make compare-mac @@ -305,11 +324,17 @@ jobs: with: download-test-fixture-cache: true - - name: Download Linux amd64 snapshot + - name: Download snapshot artifacts uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 with: - name: linux-build_linux_amd64_v1 - path: snapshot/linux-build_linux_amd64_v1 + name: snapshot + path: snapshot + +# - name: Download Linux amd64 snapshot +# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 +# with: +# name: linux-build_linux_amd64_v1 +# path: snapshot/linux-build_linux_amd64_v1 - name: Run CLI Tests (Linux) run: make cli