name: "Validations" on: workflow_dispatch: push: pull_request: env: GO_VERSION: "1.16.x" jobs: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline Static-Analysis: name: "Static analysis" runs-on: ubuntu-20.04 # run only on push event (internal PRs) or on a pull_request event that is from a fork (external PR) # skip if this is a pull_request event on an internal PR (which is already covered by push events) if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository steps: - uses: actions/setup-go@v2 with: go-version: ${{ env.GO_VERSION }} - uses: actions/checkout@v2 - name: Restore tool cache id: tool-cache uses: actions/cache@v2.1.3 with: path: ${{ github.workspace }}/.tmp key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - name: Restore go cache id: go-cache uses: actions/cache@v2.1.3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-${{ env.GO_VERSION }}- - name: (cache-miss) Bootstrap all project dependencies if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' run: make bootstrap - name: Bootstrap CI environment dependencies run: make ci-bootstrap - name: Run static analysis run: make static-analysis # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline Unit-Test: name: "Unit tests" runs-on: ubuntu-20.04 # run only on push event (internal PRs) or on a pull_request event that is from a fork (external PR) # skip if this is a pull_request event on an internal PR (which is already covered by push events) if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository steps: - uses: actions/setup-go@v2 with: go-version: ${{ env.GO_VERSION }} - uses: actions/checkout@v2 - name: Restore docker cache uses: satackey/action-docker-layer-caching@v0.0.11 continue-on-error: true - name: Restore tool cache id: tool-cache uses: actions/cache@v2.1.3 with: path: ${{ github.workspace }}/.tmp key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - name: Restore go cache id: go-cache uses: actions/cache@v2.1.3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-${{ env.GO_VERSION }}- - name: (cache-miss) Bootstrap all project dependencies if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' run: make bootstrap - name: Bootstrap CI environment dependencies run: make ci-bootstrap - name: Build cache key for java test-fixture blobs (for unit tests) run: make java-packages-fingerprint - name: Restore Java test-fixture cache id: unit-java-cache uses: actions/cache@v2.1.3 with: path: syft/pkg/cataloger/java/test-fixtures/java-builds/packages key: ${{ runner.os }}-unit-java-cache-${{ hashFiles( 'syft/pkg/cataloger/java/test-fixtures/java-builds/packages.fingerprint' ) }} - name: Run unit tests run: make unit - uses: actions/upload-artifact@v2 with: name: unit-test-results path: test/results/**/* # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline Integration-Test: name: "Integration tests" runs-on: ubuntu-20.04 # run only on push event (internal PRs) or on a pull_request event that is from a fork (external PR) # skip if this is a pull_request event on an internal PR (which is already covered by push events) if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository steps: - uses: actions/setup-go@v2 with: go-version: ${{ env.GO_VERSION }} - uses: actions/checkout@v2 - name: Restore docker cache uses: satackey/action-docker-layer-caching@v0.0.11 continue-on-error: true - name: Restore tool cache id: tool-cache uses: actions/cache@v2.1.3 with: path: ${{ github.workspace }}/.tmp key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - name: Restore go cache id: go-cache uses: actions/cache@v2.1.3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-${{ env.GO_VERSION }}- - name: (cache-miss) Bootstrap all project dependencies if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' run: make bootstrap - name: Bootstrap CI environment dependencies run: make ci-bootstrap - name: Validate syft output against the CycloneDX schema run: make validate-cyclonedx-schema - name: Build key for tar cache run: make integration-fingerprint - name: Restore integration test cache uses: actions/cache@v2.1.3 with: path: ${{ github.workspace }}/test/integration/test-fixtures/cache key: ${{ runner.os }}-integration-test-cache-${{ hashFiles('test/integration/test-fixtures/cache.fingerprint') }} - name: Run integration tests run: make integration Benchmark-Test: name: "Benchmark tests" runs-on: ubuntu-20.04 # note: we want benchmarks to run on pull_request events in order to publish results to a sticky comment, and # we also want to run on push such that merges to main are recorded to the cache. For this reason we don't filter # the job by event. steps: - uses: actions/setup-go@v2 with: go-version: ${{ env.GO_VERSION }} - uses: actions/checkout@v2 - name: Restore docker cache uses: satackey/action-docker-layer-caching@v0.0.11 continue-on-error: true - name: Restore tool cache id: tool-cache uses: actions/cache@v2.1.3 with: path: ${{ github.workspace }}/.tmp key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - name: Restore go cache id: go-cache uses: actions/cache@v2.1.3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-${{ env.GO_VERSION }}- - name: (cache-miss) Bootstrap all project dependencies if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' run: make bootstrap - name: Bootstrap CI environment dependencies run: make ci-bootstrap - name: Restore base benchmark result uses: actions/cache@v2 with: path: test/results/benchmark-main.txt # use base sha for PR or new commit hash for main push in benchmark result key key: ${{ runner.os }}-bench-${{ (github.event.pull_request.base.sha != github.event.after) && github.event.pull_request.base.sha || github.event.after }} - name: Run benchmark tests id: benchmark run: | REF_NAME=${GITHUB_REF##*/} make benchmark echo "::set-output name=result::$(make show-benchstat)" - uses: actions/upload-artifact@v2 with: name: branchmark-test-results path: test/results/**/* - name: Update PR benchmark results comment uses: marocchino/sticky-pull-request-comment@v2 with: header: benchmark message: | ### Benchmark Test Results
Benchmark results from the latest changes vs base branch ``` ${{ steps.benchmark.outputs.result }} ```
Build-Snapshot-Artifacts: name: "Build snapshot artifacts" runs-on: ubuntu-20.04 # run only on push event (internal PRs) or on a pull_request event that is from a fork (external PR) # skip if this is a pull_request event on an internal PR (which is already covered by push events) if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository steps: - uses: actions/setup-go@v2 with: go-version: ${{ env.GO_VERSION }} - uses: actions/checkout@v2 - name: Restore tool cache id: tool-cache uses: actions/cache@v2.1.3 with: path: ${{ github.workspace }}/.tmp key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} - name: Restore go cache id: go-cache uses: actions/cache@v2.1.3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-${{ env.GO_VERSION }}- - name: (cache-miss) Bootstrap all project dependencies if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' run: make bootstrap - name: Build snapshot artifacts run: make snapshot - uses: actions/upload-artifact@v2 with: name: artifacts path: snapshot/**/* # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline Acceptance-Linux: name: "Acceptance tests (Linux)" needs: [Build-Snapshot-Artifacts] runs-on: ubuntu-20.04 # run only on push event (internal PRs) or on a pull_request event that is from a fork (external PR) # skip if this is a pull_request event on an internal PR (which is already covered by push events) if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository steps: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: name: artifacts path: snapshot - name: Run Acceptance Tests (Linux) run: make acceptance-linux # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline Acceptance-Mac: name: "Acceptance tests (Mac)" needs: [Build-Snapshot-Artifacts] runs-on: macos-latest # run only on push event (internal PRs) or on a pull_request event that is from a fork (external PR) # skip if this is a pull_request event on an internal PR (which is already covered by push events) if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository steps: - uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: name: artifacts path: snapshot - name: Run Acceptance Tests (Mac) run: make acceptance-mac # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline Cli-Linux: name: "CLI tests (Linux)" needs: [Build-Snapshot-Artifacts] runs-on: ubuntu-20.04 # run only on push event (internal PRs) or on a pull_request event that is from a fork (external PR) # skip if this is a pull_request event on an internal PR (which is already covered by push events) if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository steps: - uses: actions/checkout@v2 - name: Restore docker cache uses: satackey/action-docker-layer-caching@v0.0.11 continue-on-error: true - name: Restore go cache id: go-cache uses: actions/cache@v2.1.3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-${{ env.GO_VERSION }}- - name: (cache-miss) Bootstrap go dependencies if: steps.go-cache.outputs.cache-hit != 'true' run: make bootstrap-go - name: Build key for tar cache run: make cli-fingerprint - name: Restore CLI test cache uses: actions/cache@v2.1.3 with: path: ${{ github.workspace }}/test/cli/test-fixtures/cache key: ${{ runner.os }}-cli-test-cache-${{ hashFiles('test/cli/test-fixtures/cache.fingerprint') }} - uses: actions/download-artifact@v2 with: name: artifacts path: snapshot - name: Run CLI Tests (Linux) run: make cli