oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 08:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
syft/.github/workflows/validations.yaml
Alex Goodman 62e54030ae add logging 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-14 13:29:20 -05:00

375 lines
14 KiB
YAML
Raw Blame History

name: "Validations"
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
permissions:
contents: read
jobs:
Static-Analysis:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
name: "Static analysis"
# Runner definition: workflows/.github/runs-on.yml
runs-on: runs-on=${{ github.run_id }}/runner=small
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
with:
persist-credentials: false
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
- name: Run static analysis
run: make static-analysis
Unit-Test:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
name: "Unit tests"
# we need more storage than what's on the default runner
# Runner definition: workflows/.github/runs-on.yml
runs-on: runs-on=${{ github.run_id }}/runner=small
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
with:
persist-credentials: false
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
download-test-fixture-cache: true
- name: Run unit tests
run: make unit
Integration-Test:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
name: "Integration tests"
# Runner definition: workflows/.github/runs-on.yml
runs-on: runs-on=${{ github.run_id }}/runner=small
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
with:
persist-credentials: false
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
download-test-fixture-cache: true
- name: Validate syft output against the CycloneDX schema
run: make validate-cyclonedx-schema
- name: Run integration tests
run: make integration
Build-Snapshot-Artifacts:
name: "Build snapshot artifacts"
# Runner definition: workflows/.github/runs-on.yml
runs-on: runs-on=${{ github.run_id }}/runner=build
steps:
# required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility)
- uses: runs-on/action@v2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
with:
persist-credentials: false
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
bootstrap-apt-packages: ""
- name: Build snapshot artifacts
run: make snapshot
- name: Smoke test snapshot build
run: make snapshot-smoke-test
- name: Upload snapshot artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #v6.0.0
with:
name: snapshot
path: snapshot/
retention-days: 30
# # upload each platform artifact individually so downstream jobs can download only what they need
# - run: npm install @actions/artifact@2.3.2
#
# - name: Upload individual platform artifacts
# uses: actions/github-script@v8
# env:
# ACTIONS_ARTIFACT_UPLOAD_CONCURRENCY: 10
# with:
# script: |
# const { readdirSync } = require('fs')
# const { DefaultArtifactClient } = require('@actions/artifact')
# const artifact = new DefaultArtifactClient()
# const ls = d => readdirSync(d, { withFileTypes: true })
# const baseDir = "./snapshot"
# const dirs = ls(baseDir).filter(f => f.isDirectory()).map(f => f.name)
# const uploads = []
#
# // filter to only amd64 and arm64 architectures
# const supportedArchs = ['amd64', 'arm64']
# const filteredDirs = dirs.filter(dir =>
# supportedArchs.some(arch => dir.includes(arch))
# )
#
# // upload platform subdirectories
# for (const dir of filteredDirs) {
# // uploadArtifact returns Promise<{id, size}>
# uploads.push(artifact.uploadArtifact(
# // name of the archive:
# `${dir}`,
# // array of all files to include:
# ls(`${baseDir}/${dir}`).map(f => `${baseDir}/${dir}/${f.name}`),
# // base directory to trim from entries:
# `${baseDir}/${dir}`,
# { retentionDays: 30 }
# ))
# }
#
# // upload RPM and DEB packages for supported architectures
# const packageFiles = ls(baseDir).filter(f =>
# f.isFile() &&
# (f.name.endsWith('.deb') || f.name.endsWith('.rpm')) &&
# supportedArchs.some(arch => f.name.includes(`_${arch}.`))
# )
# for (const file of packageFiles) {
# uploads.push(artifact.uploadArtifact(
# file.name,
# [`${baseDir}/${file.name}`],
# baseDir,
# { retentionDays: 30 }
# ))
# }
#
# // upload SBOM files for supported architectures
# const sbomFiles = ls(baseDir).filter(f =>
# f.isFile() &&
# f.name.endsWith('.sbom') &&
# supportedArchs.some(arch => f.name.includes(`_${arch}.`))
# )
# for (const file of sbomFiles) {
# uploads.push(artifact.uploadArtifact(
# file.name,
# [`${baseDir}/${file.name}`],
# baseDir,
# { retentionDays: 30 }
# ))
# }
#
# // upload checksums file (needed by install tests)
# const rootFiles = ls(baseDir).filter(f => f.isFile() && f.name.match(/syft_.*_checksums\.txt$/))
# if (rootFiles.length > 0) {
# const checksumsFile = rootFiles[0].name
# uploads.push(artifact.uploadArtifact(
# 'syft_checksums.txt',
# [`${baseDir}/${checksumsFile}`],
# baseDir,
# { retentionDays: 30 }
# ))
# }
#
# // wait for all uploads to finish
# try {
# const results = await Promise.all(uploads)
# console.log(`Successfully uploaded ${results.length} artifacts`)
# } catch (error) {
# console.error('Upload failed:', error)
# throw error
# }
Acceptance-Linux:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
name: "Acceptance tests (Linux)"
needs: [Build-Snapshot-Artifacts]
# Runner definition: workflows/.github/runs-on.yml
runs-on: runs-on=${{ github.run_id }}/runner=small
steps:
# required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility)
- uses: runs-on/action@v2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
with:
persist-credentials: false
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
download-test-fixture-cache: true
- name: Download snapshot artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with:
name: snapshot
path: snapshot
# - name: Download checksums file
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# name: syft_checksums.txt
# path: snapshot
#
# - name: Download Linux amd64 snapshot
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# name: linux-build_linux_amd64_v1
# path: snapshot/linux-build_linux_amd64_v1
#
# - name: Download Linux amd64 deb
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# pattern: syft_*_linux_amd64.deb
# path: snapshot
#
# - name: Download Linux amd64 rpm
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# pattern: syft_*_linux_amd64.rpm
# path: snapshot
#
# - name: Download Linux amd64 sbom
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# pattern: syft_*_linux_amd64.sbom
# path: snapshot
- name: Run comparison tests (Linux)
run: make compare-linux
- name: Load test image cache
if: steps.install-test-image-cache.outputs.cache-hit == 'true'
run: make install-test-cache-load
- name: Run install.sh tests (Linux)
run: make install-test
- name: (cache-miss) Create test image cache
if: steps.install-test-image-cache.outputs.cache-hit != 'true'
run: make install-test-cache-save
Acceptance-Mac:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
name: "Acceptance tests (Mac)"
needs: [Build-Snapshot-Artifacts]
# note: macos runners aren't supported yet for runs-on managed runners.
runs-on: macos-latest
steps:
- name: Install Cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
with:
persist-credentials: false
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
bootstrap-apt-packages: ""
go-dependencies: false
download-test-fixture-cache: true
- name: Download snapshot artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with:
name: snapshot
path: snapshot
- name: Debug - Check snapshot structure and binary
run: |
echo "=== Snapshot directory structure ==="
ls -la snapshot/ || echo "snapshot/ not found"
find snapshot -type f -name 'syft*' -exec ls -lh {} \;
echo -e "\n=== Binary permissions (ARM64) ==="
ls -l snapshot/darwin-build_darwin_arm64_v8.0/syft || echo "ARM64 binary not found"
echo -e "\n=== Binary permissions (AMD64) ==="
ls -l snapshot/darwin-build_darwin_amd64_v1/syft || echo "AMD64 binary not found"
echo -e "\n=== File type ==="
file snapshot/darwin-build_darwin_arm64_v8.0/syft 2>/dev/null || file snapshot/darwin-build_darwin_amd64_v1/syft 2>/dev/null || echo "Cannot check file type"
# - name: Download checksums file
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# name: syft_checksums.txt
# path: snapshot
#
# - name: Download macOS Intel snapshot
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# name: darwin-build_darwin_amd64_v1
# path: snapshot/darwin-build_darwin_amd64_v1
#
# - name: Download macOS amd64 sbom
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# pattern: syft_*_darwin_amd64.sbom
# path: snapshot
- name: Run comparison tests (Mac)
run: make compare-mac
- name: Run install.sh tests (Mac)
run: make install-test-ci-mac
Cli-Linux:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
name: "CLI tests (Linux)"
needs: [Build-Snapshot-Artifacts]
# Runner definition: workflows/.github/runs-on.yml
runs-on: runs-on=${{ github.run_id }}/runner=small
steps:
# required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility)
- uses: runs-on/action@v2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
with:
persist-credentials: false
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
download-test-fixture-cache: true
- name: Download snapshot artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
with:
name: snapshot
path: snapshot
- name: Debug - Check snapshot structure and binary
run: |
echo "=== Snapshot directory structure ==="
ls -la snapshot/ || echo "snapshot/ not found"
find snapshot -type f -name 'syft*' -exec ls -lh {} \;
echo -e "\n=== Binary permissions ==="
ls -l snapshot/linux-build_linux_amd64_v1/syft || echo "Binary not found at expected location"
echo -e "\n=== File type ==="
file snapshot/linux-build_linux_amd64_v1/syft || echo "Cannot check file type"
echo -e "\n=== Attempt to execute ==="
./snapshot/linux-build_linux_amd64_v1/syft version || echo "Binary execution failed with exit code: $?"
echo -e "\n=== Make executable and retry ==="
chmod +x snapshot/linux-build_linux_amd64_v1/syft
./snapshot/linux-build_linux_amd64_v1/syft version || echo "Still failed after chmod with exit code: $?"
# - name: Download Linux amd64 snapshot
# uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
# with:
# name: linux-build_linux_amd64_v1
# path: snapshot/linux-build_linux_amd64_v1
- name: Run CLI Tests (Linux)
run: make cli
Reference in New Issue View Git Blame Copy Permalink