mirror of
https://github.com/anchore/syft.git
synced 2026-02-12 10:36:45 +01:00
27b1219e98
Bumps the actions-minor-patch group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-go](https://github.com/actions/setup-go) and [github/codeql-action](https://github.com/github/codeql-action). Bumps the actions-minor-patch group with 1 update in the /.github/actions/bootstrap directory: [actions/setup-go](https://github.com/actions/setup-go). Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](8e8c483db8...de0fac2e45) Updates `actions/setup-go` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](4dc6199c7b...7a3fe6cf4c) Updates `github/codeql-action` from 4.31.9 to 4.31.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](5d4e8d1aca...cdefb33c0f) Updates `actions/setup-go` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](4dc6199c7b...7a3fe6cf4c) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor-patch - dependency-name: actions/setup-go dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: github/codeql-action dependency-version: 4.31.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor-patch - dependency-name: actions/setup-go dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
221 lines
7.8 KiB
YAML
221 lines
7.8 KiB
YAML
name: "Validations"
|
|
|
|
# we should cancel any in-progress runs for the same workflow + PR/ref
|
|
# so that we can avoid redundant work / save on CI minutes
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
Static-Analysis:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Static analysis"
|
|
# runs-on.com: memory & general purpose instances for testing
|
|
# spot enabled: ok to interrupt non-production workloads
|
|
# s3-cache: faster actions cache
|
|
# tmpfs: faster io-intensive workflows
|
|
runs-on: &test-runner "runs-on=${{ github.run_id }}/cpu=4+8/ram=32+128/family=r5+r6+r7+r8+m4+m5+m6+m7+m8/spot=price-capacity-optimized/extras=s3-cache+tmpfs"
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
# the self-consistency tests for the output of the capabilities code generation depends on unit test
|
|
# output from ./syft/pkg/... packages. Therefore we need to download the test fixture cache here
|
|
# so that running the few unit tests as part of static analysis works correctly.
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Run static analysis
|
|
run: make static-analysis
|
|
|
|
Unit-Test:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Unit tests"
|
|
runs-on: *test-runner
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Run unit tests
|
|
run: make unit
|
|
|
|
Integration-Test:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Integration tests"
|
|
runs-on: *test-runner
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Validate syft output against the CycloneDX schema
|
|
run: make validate-cyclonedx-schema
|
|
|
|
- name: Run integration tests
|
|
run: make integration
|
|
|
|
Build-Snapshot-Artifacts:
|
|
name: "Build snapshot artifacts"
|
|
# runs-on.com: compute instances for parallel builds
|
|
# spot disabled: reliability for build workflows (used for releases too)
|
|
# goreleaser uses parallelism of 12, so we need more CPUs
|
|
# s3-cache: faster actions cache
|
|
# tmpfs: faster io-intensive workflows
|
|
runs-on: "runs-on=${{ github.run_id }}/cpu=16+32/ram=32+128/family=c5+c6+c7+c8/spot=false/extras=s3-cache+tmpfs"
|
|
steps:
|
|
# required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility)
|
|
- uses: runs-on/action@cd2b598b0515d39d78c38a02d529db87d2196d1e # v2.0.3
|
|
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
bootstrap-apt-packages: ""
|
|
|
|
- name: Build snapshot artifacts
|
|
run: make snapshot
|
|
|
|
- name: Smoke test snapshot build
|
|
run: make snapshot-smoke-test
|
|
|
|
- name: Upload snapshot artifacts
|
|
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0
|
|
with:
|
|
name: snapshot
|
|
path: snapshot/
|
|
retention-days: 30
|
|
|
|
Acceptance-Linux:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Acceptance tests (Linux)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
runs-on: *test-runner
|
|
steps:
|
|
# required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility)
|
|
- uses: runs-on/action@cd2b598b0515d39d78c38a02d529db87d2196d1e # v2.0.3
|
|
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download snapshot artifacts
|
|
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0
|
|
with:
|
|
name: snapshot
|
|
path: snapshot
|
|
|
|
- name: Restore binary permissions
|
|
run: chmod +x snapshot/*/syft snapshot/*/*.exe 2>/dev/null || true
|
|
|
|
- name: Run comparison tests (Linux)
|
|
run: make compare-linux
|
|
|
|
- name: Load test image cache
|
|
if: steps.install-test-image-cache.outputs.cache-hit == 'true'
|
|
run: make install-test-cache-load
|
|
|
|
- name: Run install.sh tests (Linux)
|
|
run: make install-test
|
|
|
|
- name: (cache-miss) Create test image cache
|
|
if: steps.install-test-image-cache.outputs.cache-hit != 'true'
|
|
run: make install-test-cache-save
|
|
|
|
Acceptance-Mac:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Acceptance tests (Mac)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
# note: macos runners aren't supported yet for runs-on managed runners.
|
|
runs-on: macos-latest
|
|
steps:
|
|
- name: Install Cosign
|
|
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
|
|
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
bootstrap-apt-packages: ""
|
|
go-dependencies: false
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download snapshot artifacts
|
|
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0
|
|
with:
|
|
name: snapshot
|
|
path: snapshot
|
|
|
|
- name: Restore binary permissions
|
|
run: chmod +x snapshot/*/syft 2>/dev/null || true
|
|
|
|
- name: Run comparison tests (Mac)
|
|
run: make compare-mac
|
|
|
|
- name: Run install.sh tests (Mac)
|
|
run: make install-test-ci-mac
|
|
|
|
Cli-Linux:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "CLI tests (Linux)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
runs-on: *test-runner
|
|
steps:
|
|
# required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility)
|
|
- uses: runs-on/action@cd2b598b0515d39d78c38a02d529db87d2196d1e # v2.0.3
|
|
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download snapshot artifacts
|
|
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0
|
|
with:
|
|
name: snapshot
|
|
path: snapshot
|
|
|
|
- name: Restore binary permissions
|
|
run: chmod +x snapshot/*/syft snapshot/*/*.exe 2>/dev/null || true
|
|
|
|
- name: Run CLI Tests (Linux)
|
|
run: make cli
|