mirror of
https://github.com/anchore/syft.git
synced 2025-11-21 18:33:18 +01:00
6ef3e45ffc
* initial working version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * added build settings to pkg metadata wip - unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle mach-O FatFiles Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support to mod replace fixed golang catalger tests trying GH Actions with go 1.18rc1 Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * log error Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * use go-macholibre for extraction Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleaner tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add version to main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * check macho file with macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * run golangci in its own workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci workflow Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix golangci wf yml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip - golangci wf Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get arch from bin file headers upgrade macholibre Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * test new stereoscope lazy reader interface Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove devel version from golang cataloger Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * switch github workflows to go1.18 stable Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add union reader interface in golang cataloger update stereoscope Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * simpler golangci validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix makefile Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * get archs refactor Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for golang version Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix go bin tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * golangci nolint needs a \n before package Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * cleanup Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * move golangci-lint to its own jobs again Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix ci yaml Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add support for xcoff files add arch assets to test bin file types Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * clean up golangci-lint config Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * nolint for xcoff Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain nolints Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove unused xcoff testdata assets Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * make go bin test-fixtures in docker Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix make clean with -f Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update json output schema Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * update schema version in test fixture Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * explain possible empty main module Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com>
174 lines
7.1 KiB
YAML
174 lines
7.1 KiB
YAML
name: "Release"
|
|
on:
|
|
push:
|
|
# take no actions on push to any branch...
|
|
branches-ignore:
|
|
- "**"
|
|
# ... only act on release tags
|
|
tags:
|
|
- "v*"
|
|
|
|
env:
|
|
GO_VERSION: "1.18.x"
|
|
|
|
jobs:
|
|
quality-gate:
|
|
environment: release
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
# we don't want to release commits that have been pushed and tagged, but not necessarily merged onto main
|
|
- name: Ensure tagged commit is on main
|
|
run: |
|
|
echo "Tag: ${GITHUB_REF##*/}"
|
|
git fetch origin main
|
|
git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!"
|
|
|
|
- name: Check static analysis results
|
|
uses: fountainhead/action-wait-for-check@v1.0.0
|
|
id: static-analysis
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Static analysis"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Check static analysis results - golangci-lint
|
|
uses: fountainhead/action-wait-for-check@v1.0.0
|
|
id: static-analysis-golangci-lint
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Static analysis - golangci-lint"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
|
|
- name: Check unit test results
|
|
uses: fountainhead/action-wait-for-check@v1.0.0
|
|
id: unit
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Unit tests"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Check integration test results
|
|
uses: fountainhead/action-wait-for-check@v1.0.0
|
|
id: integration
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Integration tests"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Check acceptance test results (linux)
|
|
uses: fountainhead/action-wait-for-check@v1.0.0
|
|
id: acceptance-linux
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Acceptance tests (Linux)"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Check acceptance test results (mac)
|
|
uses: fountainhead/action-wait-for-check@v1.0.0
|
|
id: acceptance-mac
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Acceptance tests (Mac)"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Check cli test results (linux)
|
|
uses: fountainhead/action-wait-for-check@v1.0.0
|
|
id: cli-linux
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "CLI tests (Linux)"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Quality gate
|
|
if: steps.static-analysis.outputs.conclusion != 'success' || steps.static-analysis-golangci-lint.outputs.conclusion != 'success' || steps.unit.outputs.conclusion != 'success' || steps.integration.outputs.conclusion != 'success' || steps.cli-linux.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success'
|
|
run: |
|
|
echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}"
|
|
echo "Static Analysis Status - Golangci-Lint: ${{ steps.static-analysis-golangci-lint.conclusion }}"
|
|
echo "Unit Test Status: ${{ steps.unit.outputs.conclusion }}"
|
|
echo "Integration Test Status: ${{ steps.integration.outputs.conclusion }}"
|
|
echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}"
|
|
echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}"
|
|
echo "CLI Test (Linux) Status: ${{ steps.cli-linux.outputs.conclusion }}"
|
|
false
|
|
|
|
release:
|
|
needs: [quality-gate]
|
|
# due to our code signing process, it's vital that we run our release steps on macOS
|
|
runs-on: macos-latest
|
|
steps:
|
|
- uses: docker-practice/actions-setup-docker@v1
|
|
|
|
- uses: actions/setup-go@v2
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Restore tool cache
|
|
id: tool-cache
|
|
uses: actions/cache@v2.1.3
|
|
with:
|
|
path: ${{ github.workspace }}/.tmp
|
|
key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }}
|
|
|
|
- name: Restore go cache
|
|
id: go-cache
|
|
uses: actions/cache@v2.1.3
|
|
with:
|
|
path: ~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-${{ env.GO_VERSION }}-
|
|
|
|
- name: (cache-miss) Bootstrap all project dependencies
|
|
if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true'
|
|
run: make bootstrap
|
|
|
|
- name: Build & publish release artifacts
|
|
run: make release
|
|
env:
|
|
DOCKER_USERNAME: ${{ secrets.TOOLBOX_DOCKER_USER }}
|
|
DOCKER_PASSWORD: ${{ secrets.TOOLBOX_DOCKER_PASS }}
|
|
# we use a different token than GITHUB_SECRETS to additionally allow updating the homebrew repos
|
|
GITHUB_TOKEN: ${{ secrets.ANCHORE_GIT_READ_TOKEN }}
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }}
|
|
# used during macOS code signing
|
|
APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }}
|
|
APPLE_DEVELOPER_ID_CERT_PASS: ${{ secrets.APPLE_DEVELOPER_ID_CERT_PASS }}
|
|
# used during macOS notarization
|
|
AC_USERNAME: ${{ secrets.ENG_CI_APPLE_ID }}
|
|
AC_PASSWORD: ${{ secrets.ENG_CI_APPLE_ID_PASS }}
|
|
|
|
- uses: anchore/sbom-action@v0
|
|
continue-on-error: true
|
|
with:
|
|
artifact-name: sbom.spdx.json
|
|
|
|
- uses: 8398a7/action-slack@v3
|
|
continue-on-error: true
|
|
with:
|
|
status: ${{ job.status }}
|
|
fields: repo,workflow,action,eventName
|
|
text: "A new Syft release is ready to be manually published: https://github.com/anchore/syft/releases"
|
|
env:
|
|
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
|
|
if: ${{ success() }}
|
|
|
|
- uses: actions/upload-artifact@v2
|
|
with:
|
|
name: artifacts
|
|
path: dist/**/*
|