name: "Validations" on: workflow_dispatch: pull_request: push: branches: - main permissions: contents: read jobs: Static-Analysis: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Static analysis" # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=small steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap - name: Run static analysis run: make static-analysis Unit-Test: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Unit tests" # we need more storage than what's on the default runner # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=small steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: download-test-fixture-cache: true - name: Run unit tests run: make unit Integration-Test: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Integration tests" # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=small steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: download-test-fixture-cache: true - name: Validate syft output against the CycloneDX schema run: make validate-cyclonedx-schema - name: Run integration tests run: make integration Build-Snapshot-Artifacts: name: "Build snapshot artifacts" # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=build steps: # required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility) - uses: runs-on/action@v2 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: bootstrap-apt-packages: "" - name: Build snapshot artifacts run: make snapshot - name: Smoke test snapshot build run: make snapshot-smoke-test - name: Upload snapshot artifacts uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #v6.0.0 with: name: snapshot path: snapshot/ retention-days: 30 Acceptance-Linux: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Acceptance tests (Linux)" needs: [Build-Snapshot-Artifacts] # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=small steps: # required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility) - uses: runs-on/action@v2 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: download-test-fixture-cache: true - name: Download snapshot artifacts uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 with: name: snapshot path: snapshot - name: Restore binary permissions run: chmod +x snapshot/*/syft snapshot/*/*.exe 2>/dev/null || true - name: Run comparison tests (Linux) run: make compare-linux - name: Load test image cache if: steps.install-test-image-cache.outputs.cache-hit == 'true' run: make install-test-cache-load - name: Run install.sh tests (Linux) run: make install-test - name: (cache-miss) Create test image cache if: steps.install-test-image-cache.outputs.cache-hit != 'true' run: make install-test-cache-save Acceptance-Mac: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Acceptance tests (Mac)" needs: [Build-Snapshot-Artifacts] # note: macos runners aren't supported yet for runs-on managed runners. runs-on: macos-latest steps: - name: Install Cosign uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: bootstrap-apt-packages: "" go-dependencies: false download-test-fixture-cache: true - name: Download snapshot artifacts uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 with: name: snapshot path: snapshot - name: Restore binary permissions run: chmod +x snapshot/*/syft 2>/dev/null || true - name: Run comparison tests (Mac) run: make compare-mac - name: Run install.sh tests (Mac) run: make install-test-ci-mac Cli-Linux: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "CLI tests (Linux)" needs: [Build-Snapshot-Artifacts] # Runner definition: workflows/.github/runs-on.yml runs-on: runs-on=${{ github.run_id }}/runner=small steps: # required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility) - uses: runs-on/action@v2 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: persist-credentials: false - name: Bootstrap environment uses: ./.github/actions/bootstrap with: download-test-fixture-cache: true - name: Download snapshot artifacts uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 with: name: snapshot path: snapshot - name: Restore binary permissions run: chmod +x snapshot/*/syft snapshot/*/*.exe 2>/dev/null || true - name: Run CLI Tests (Linux) run: make cli