oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

simpler artifacts

Browse Source 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
Alex Goodman 2025-11-12 08:45:35 -05:00
parent ece3179655
commit 91f612069d
1 changed files with 151 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

277
.github/workflows/validations.yaml vendored
View File

@ -90,93 +90,100 @@ jobs:
- name: Smoke test snapshot build - name: Smoke test snapshot build
run: make snapshot-smoke-test run: make snapshot-smoke-test
# upload each platform artifact individually so downstream jobs can download only what they need - name: Upload snapshot artifacts
- run: npm install @actions/artifact@2.3.2 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #v6.0.0
- name: Upload individual platform artifacts
uses: actions/github-script@v8
env:
ACTIONS_ARTIFACT_UPLOAD_CONCURRENCY: 10
with: with:
script: | name: snapshot
const { readdirSync } = require('fs') path: snapshot/
const { DefaultArtifactClient } = require('@actions/artifact') retention-days: 30
const artifact = new DefaultArtifactClient()
const ls = d => readdirSync(d, { withFileTypes: true })
const baseDir = "./snapshot"
const dirs = ls(baseDir).filter(f => f.isDirectory()).map(f => f.name)
const uploads = []
// filter to only amd64 and arm64 architectures # # upload each platform artifact individually so downstream jobs can download only what they need
const supportedArchs = ['amd64', 'arm64'] # - run: npm install @actions/artifact@2.3.2
const filteredDirs = dirs.filter(dir => #
supportedArchs.some(arch => dir.includes(arch)) # - name: Upload individual platform artifacts
) # uses: actions/github-script@v8
# env:
// upload platform subdirectories # ACTIONS_ARTIFACT_UPLOAD_CONCURRENCY: 10
for (const dir of filteredDirs) { # with:
// uploadArtifact returns Promise<{id, size}> # script: |
uploads.push(artifact.uploadArtifact( # const { readdirSync } = require('fs')
// name of the archive: # const { DefaultArtifactClient } = require('@actions/artifact')
`${dir}`, # const artifact = new DefaultArtifactClient()
// array of all files to include: # const ls = d => readdirSync(d, { withFileTypes: true })
ls(`${baseDir}/${dir}`).map(f => `${baseDir}/${dir}/${f.name}`), # const baseDir = "./snapshot"
// base directory to trim from entries: # const dirs = ls(baseDir).filter(f => f.isDirectory()).map(f => f.name)
`${baseDir}/${dir}`, # const uploads = []
{ retentionDays: 30 } #
)) # // filter to only amd64 and arm64 architectures
} # const supportedArchs = ['amd64', 'arm64']
# const filteredDirs = dirs.filter(dir =>
// upload RPM and DEB packages for supported architectures # supportedArchs.some(arch => dir.includes(arch))
const packageFiles = ls(baseDir).filter(f => # )
f.isFile() && #
(f.name.endsWith('.deb') || f.name.endsWith('.rpm')) && # // upload platform subdirectories
supportedArchs.some(arch => f.name.includes(`_${arch}.`)) # for (const dir of filteredDirs) {
) # // uploadArtifact returns Promise<{id, size}>
for (const file of packageFiles) { # uploads.push(artifact.uploadArtifact(
uploads.push(artifact.uploadArtifact( # // name of the archive:
file.name, # `${dir}`,
[`${baseDir}/${file.name}`], # // array of all files to include:
baseDir, # ls(`${baseDir}/${dir}`).map(f => `${baseDir}/${dir}/${f.name}`),
{ retentionDays: 30 } # // base directory to trim from entries:
)) # `${baseDir}/${dir}`,
} # { retentionDays: 30 }
# ))
// upload SBOM files for supported architectures # }
const sbomFiles = ls(baseDir).filter(f => #
f.isFile() && # // upload RPM and DEB packages for supported architectures
f.name.endsWith('.sbom') && # const packageFiles = ls(baseDir).filter(f =>
supportedArchs.some(arch => f.name.includes(`_${arch}.`)) # f.isFile() &&
) # (f.name.endsWith('.deb') || f.name.endsWith('.rpm')) &&
for (const file of sbomFiles) { # supportedArchs.some(arch => f.name.includes(`_${arch}.`))
uploads.push(artifact.uploadArtifact( # )
file.name, # for (const file of packageFiles) {
[`${baseDir}/${file.name}`], # uploads.push(artifact.uploadArtifact(
baseDir, # file.name,
{ retentionDays: 30 } # [`${baseDir}/${file.name}`],
)) # baseDir,
} # { retentionDays: 30 }
# ))
// upload checksums file (needed by install tests) # }
const rootFiles = ls(baseDir).filter(f => f.isFile() && f.name.match(/syft_.*_checksums\.txt$/)) #
if (rootFiles.length > 0) { # // upload SBOM files for supported architectures
const checksumsFile = rootFiles[0].name # const sbomFiles = ls(baseDir).filter(f =>
uploads.push(artifact.uploadArtifact( # f.isFile() &&
'syft_checksums.txt', # f.name.endsWith('.sbom') &&
[`${baseDir}/${checksumsFile}`], # supportedArchs.some(arch => f.name.includes(`_${arch}.`))
baseDir, # )
{ retentionDays: 30 } # for (const file of sbomFiles) {
)) # uploads.push(artifact.uploadArtifact(
} # file.name,
# [`${baseDir}/${file.name}`],
// wait for all uploads to finish # baseDir,
try { # { retentionDays: 30 }
const results = await Promise.all(uploads) # ))
console.log(`Successfully uploaded ${results.length} artifacts`) # }
} catch (error) { #
console.error('Upload failed:', error) # // upload checksums file (needed by install tests)
throw error # const rootFiles = ls(baseDir).filter(f => f.isFile() && f.name.match(/syft_.*_checksums\.txt$/))
} # if (rootFiles.length > 0) {
# const checksumsFile = rootFiles[0].name
# uploads.push(artifact.uploadArtifact(
# 'syft_checksums.txt',
# [`${baseDir}/${checksumsFile}`],
# baseDir,
# { retentionDays: 30 }
# ))
# }
#
# // wait for all uploads to finish
# try {
# const results = await Promise.all(uploads)
# console.log(`Successfully uploaded ${results.length} artifacts`)
# } catch (error) {
# console.error('Upload failed:', error)
# throw error
# }
Acceptance-Linux: Acceptance-Linux:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
@ -197,35 +204,41 @@ jobs:
with: with:
download-test-fixture-cache: true download-test-fixture-cache: true
- name: Download checksums file - name: Download snapshot artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with: with:
name: syft_checksums.txt name: snapshot
path: snapshot path: snapshot
- name: Download Linux amd64 snapshot # - name: Download checksums file
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 # uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with: # with:
name: linux-build_linux_amd64_v1 # name: syft_checksums.txt
path: snapshot/linux-build_linux_amd64_v1 # path: snapshot
#
- name: Download Linux amd64 deb # - name: Download Linux amd64 snapshot
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 # uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with: # with:
pattern: syft_*_linux_amd64.deb # name: linux-build_linux_amd64_v1
path: snapshot # path: snapshot/linux-build_linux_amd64_v1
#
- name: Download Linux amd64 rpm # - name: Download Linux amd64 deb
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 # uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with: # with:
pattern: syft_*_linux_amd64.rpm # pattern: syft_*_linux_amd64.deb
path: snapshot # path: snapshot
#
- name: Download Linux amd64 sbom # - name: Download Linux amd64 rpm
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 # uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with: # with:
pattern: syft_*_linux_amd64.sbom # pattern: syft_*_linux_amd64.rpm
path: snapshot # path: snapshot
#
# - name: Download Linux amd64 sbom
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# pattern: syft_*_linux_amd64.sbom
# path: snapshot
- name: Run comparison tests (Linux) - name: Run comparison tests (Linux)
run: make compare-linux run: make compare-linux
@ -262,23 +275,29 @@ jobs:
go-dependencies: false go-dependencies: false
download-test-fixture-cache: true download-test-fixture-cache: true
- name: Download checksums file - name: Download snapshot artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with: with:
name: syft_checksums.txt name: snapshot
path: snapshot path: snapshot
- name: Download macOS Intel snapshot # - name: Download checksums file
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 # uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with: # with:
name: darwin-build_darwin_amd64_v1 # name: syft_checksums.txt
path: snapshot/darwin-build_darwin_amd64_v1 # path: snapshot
#
- name: Download macOS amd64 sbom # - name: Download macOS Intel snapshot
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 # uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with: # with:
pattern: syft_*_darwin_amd64.sbom # name: darwin-build_darwin_amd64_v1
path: snapshot # path: snapshot/darwin-build_darwin_amd64_v1
#
# - name: Download macOS amd64 sbom
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# pattern: syft_*_darwin_amd64.sbom
# path: snapshot
- name: Run comparison tests (Mac) - name: Run comparison tests (Mac)
run: make compare-mac run: make compare-mac
@ -305,11 +324,17 @@ jobs:
with: with:
download-test-fixture-cache: true download-test-fixture-cache: true
- name: Download Linux amd64 snapshot - name: Download snapshot artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with: with:
name: linux-build_linux_amd64_v1 name: snapshot
path: snapshot/linux-build_linux_amd64_v1 path: snapshot
# - name: Download Linux amd64 snapshot
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# name: linux-build_linux_amd64_v1
# path: snapshot/linux-build_linux_amd64_v1
- name: Run CLI Tests (Linux) - name: Run CLI Tests (Linux)
run: make cli run: make cli