name: "Validations" on: workflow_dispatch: pull_request: push: branches: - main permissions: contents: read jobs: Static-Analysis: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Static analysis" # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=small steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap - name: Run static analysis run: make static-analysis Unit-Test: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Unit tests" # we need more storage than what's on the default runner # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=small steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: download-test-fixture-cache: true - name: Run unit tests run: make unit Integration-Test: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Integration tests" # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=small steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: download-test-fixture-cache: true - name: Validate syft output against the CycloneDX schema run: make validate-cyclonedx-schema - name: Run integration tests run: make integration Build-Snapshot-Artifacts: name: "Build snapshot artifacts" # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=build steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: bootstrap-apt-packages: "" - name: Build snapshot artifacts run: make snapshot - name: Smoke test snapshot build run: make snapshot-smoke-test # upload each platform artifact individually so downstream jobs can download only what they need # using explicit upload steps instead of programmatic API for runs-on compatibility - name: Upload Linux amd64 artifact uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 with: name: linux-build_linux_amd64_v1 path: snapshot/linux-build_linux_amd64_v1 retention-days: 30 - name: Upload Linux arm64 artifact uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 with: name: linux-build_linux_arm64_v8.0 path: snapshot/linux-build_linux_arm64_v8.0 retention-days: 30 - name: Upload Linux ppc64le artifact uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 with: name: linux-build_linux_ppc64le_power8 path: snapshot/linux-build_linux_ppc64le_power8 retention-days: 30 - name: Upload Linux s390x artifact uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 with: name: linux-build_linux_s390x path: snapshot/linux-build_linux_s390x retention-days: 30 - name: Upload macOS Intel artifact uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 with: name: darwin-build_darwin_amd64_v1 path: snapshot/darwin-build_darwin_amd64_v1 retention-days: 30 - name: Upload macOS Apple Silicon artifact uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 with: name: darwin-build_darwin_arm64_v8.0 path: snapshot/darwin-build_darwin_arm64_v8.0 retention-days: 30 - name: Upload Windows amd64 artifact uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 with: name: windows-build_windows_amd64_v1 path: snapshot/windows-build_windows_amd64_v1 retention-days: 30 - name: Upload Windows arm64 artifact uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 with: name: windows-build_windows_arm64_v8.0 path: snapshot/windows-build_windows_arm64_v8.0 retention-days: 30 - name: Upload Homebrew artifact uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 with: name: homebrew path: snapshot/homebrew retention-days: 30 Acceptance-Linux: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Acceptance tests (Linux)" needs: [Build-Snapshot-Artifacts] # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=small steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: download-test-fixture-cache: true - name: Download Linux amd64 snapshot uses: actions/download-artifact@8db8e0a4fa3e65a503184c3b18cdbb9cdc646fc0 #v4.2.0 with: name: linux-build_linux_amd64_v1 path: snapshot/linux-build_linux_amd64_v1 - name: Run comparison tests (Linux) run: make compare-linux - name: Load test image cache if: steps.install-test-image-cache.outputs.cache-hit == 'true' run: make install-test-cache-load - name: Run install.sh tests (Linux) run: make install-test - name: (cache-miss) Create test image cache if: steps.install-test-image-cache.outputs.cache-hit != 'true' run: make install-test-cache-save Acceptance-Mac: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Acceptance tests (Mac)" needs: [Build-Snapshot-Artifacts] runs-on: macos-latest steps: - name: Install Cosign uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: bootstrap-apt-packages: "" go-dependencies: false download-test-fixture-cache: true - name: Download macOS Intel snapshot uses: actions/download-artifact@8db8e0a4fa3e65a503184c3b18cdbb9cdc646fc0 #v4.2.0 with: name: darwin-build_darwin_amd64_v1 path: snapshot/darwin-build_darwin_amd64_v1 - name: Run comparison tests (Mac) run: make compare-mac - name: Run install.sh tests (Mac) run: make install-test-ci-mac Cli-Linux: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "CLI tests (Linux)" needs: [Build-Snapshot-Artifacts] # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=small steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: download-test-fixture-cache: true - name: Download Linux amd64 snapshot uses: actions/download-artifact@8db8e0a4fa3e65a503184c3b18cdbb9cdc646fc0 #v4.2.0 with: name: linux-build_linux_amd64_v1 path: snapshot/linux-build_linux_amd64_v1 - name: Run CLI Tests (Linux) run: make cli