mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
0a3f513f92
* slim down docker cache size Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * remove old centos images Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * troubleshoot test failure Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix wget version ref Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * refactor caching mechanisms Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add cache cleanup steps Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * simplify deleting cache Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * fix first clone issue Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> * add tool dep Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com> --------- Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
224 lines
6.9 KiB
YAML
224 lines
6.9 KiB
YAML
name: "Validations"
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
|
|
Static-Analysis:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Static analysis"
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
|
|
- name: Run static analysis
|
|
run: make static-analysis
|
|
|
|
|
|
Unit-Test:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Unit tests"
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Run unit tests
|
|
run: make unit
|
|
|
|
|
|
Integration-Test:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Integration tests"
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Validate syft output against the CycloneDX schema
|
|
run: make validate-cyclonedx-schema
|
|
|
|
- name: Run integration tests
|
|
run: make integration
|
|
|
|
|
|
Build-Snapshot-Artifacts:
|
|
name: "Build snapshot artifacts"
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
bootstrap-apt-packages: ""
|
|
|
|
- name: Build snapshot artifacts
|
|
run: make snapshot
|
|
|
|
# why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach).
|
|
# see https://github.com/actions/upload-artifact/issues/199 for more info
|
|
- name: Upload snapshot artifacts
|
|
uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
|
|
with:
|
|
# we need to preserve the snapshot data itself as well as the task data that confirms if the
|
|
# snapshot build is stale or not. Otherwise the downstream jobs will attempt to rebuild the snapshot
|
|
# even though it already exists.
|
|
path: |
|
|
snapshot
|
|
.task
|
|
key: snapshot-build-${{ github.run_id }}
|
|
|
|
|
|
Acceptance-Linux:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Acceptance tests (Linux)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download snapshot build
|
|
id: snapshot-cache
|
|
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
|
|
with:
|
|
path: |
|
|
snapshot
|
|
.task
|
|
fail-on-cache-miss: true
|
|
key: snapshot-build-${{ github.run_id }}
|
|
|
|
# workaround for https://github.com/actions/cache/issues/1265
|
|
- name: (cache-miss) Snapshot build missing
|
|
if: steps.snapshot-cache.outputs.cache-hit != 'true'
|
|
run: echo "unable to download snapshots from previous job" && false
|
|
|
|
- name: Run comparison tests (Linux)
|
|
run: make compare-linux
|
|
|
|
- name: Load test image cache
|
|
if: steps.install-test-image-cache.outputs.cache-hit == 'true'
|
|
run: make install-test-cache-load
|
|
|
|
- name: Run install.sh tests (Linux)
|
|
run: make install-test
|
|
|
|
- name: (cache-miss) Create test image cache
|
|
if: steps.install-test-image-cache.outputs.cache-hit != 'true'
|
|
run: make install-test-cache-save
|
|
|
|
|
|
Acceptance-Mac:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Acceptance tests (Mac)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
runs-on: macos-latest
|
|
steps:
|
|
- name: Install Cosign
|
|
uses: sigstore/cosign-installer@v3.6.0
|
|
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
bootstrap-apt-packages: ""
|
|
go-dependencies: false
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download snapshot build
|
|
id: snapshot-cache
|
|
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
|
|
with:
|
|
path: |
|
|
snapshot
|
|
.task
|
|
fail-on-cache-miss: true
|
|
key: snapshot-build-${{ github.run_id }}
|
|
|
|
# workaround for https://github.com/actions/cache/issues/1265
|
|
- name: (cache-miss) Snapshot build missing
|
|
if: steps.snapshot-cache.outputs.cache-hit != 'true'
|
|
run: echo "unable to download snapshots from previous job" && false
|
|
|
|
- name: Run comparison tests (Mac)
|
|
run: make compare-mac
|
|
|
|
- name: Run install.sh tests (Mac)
|
|
run: make install-test-ci-mac
|
|
|
|
|
|
Cli-Linux:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "CLI tests (Linux)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download snapshot build
|
|
id: snapshot-cache
|
|
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
|
|
with:
|
|
path: |
|
|
snapshot
|
|
.task
|
|
fail-on-cache-miss: true
|
|
key: snapshot-build-${{ github.run_id }}
|
|
|
|
# workaround for https://github.com/actions/cache/issues/1265
|
|
- name: (cache-miss) Snapshot build missing
|
|
if: steps.snapshot-cache.outputs.cache-hit != 'true'
|
|
run: echo "unable to download snapshots from previous job" && false
|
|
|
|
- name: Run CLI Tests (Linux)
|
|
run: make cli
|
|
|
|
|
|
Cleanup-Cache:
|
|
name: "Cleanup snapshot cache"
|
|
if: always()
|
|
runs-on: ubuntu-20.04
|
|
permissions:
|
|
actions: write
|
|
needs:
|
|
- Acceptance-Linux
|
|
- Acceptance-Mac
|
|
- Cli-Linux
|
|
steps:
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
|
|
|
|
- name: Delete snapshot cache
|
|
run: gh cache delete "snapshot-build-${{ github.run_id }}"
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|