mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
277 lines
9.8 KiB
YAML
277 lines
9.8 KiB
YAML
name: "Validations"
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
Static-Analysis:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Static analysis"
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=small
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
|
|
- name: Run static analysis
|
|
run: make static-analysis
|
|
|
|
Unit-Test:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Unit tests"
|
|
# we need more storage than what's on the default runner
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=small
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Run unit tests
|
|
run: make unit
|
|
|
|
Integration-Test:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Integration tests"
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=small
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Validate syft output against the CycloneDX schema
|
|
run: make validate-cyclonedx-schema
|
|
|
|
- name: Run integration tests
|
|
run: make integration
|
|
|
|
Build-Snapshot-Artifacts:
|
|
name: "Build snapshot artifacts"
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=build
|
|
steps:
|
|
# required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility)
|
|
- uses: runs-on/action@v2
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
bootstrap-apt-packages: ""
|
|
|
|
- name: Build snapshot artifacts
|
|
run: make snapshot
|
|
|
|
- name: Smoke test snapshot build
|
|
run: make snapshot-smoke-test
|
|
|
|
# upload each platform artifact individually so downstream jobs can download only what they need
|
|
- run: npm install @actions/artifact@2.3.2
|
|
|
|
- name: Upload individual platform artifacts
|
|
uses: actions/github-script@v8
|
|
env:
|
|
ACTIONS_ARTIFACT_UPLOAD_CONCURRENCY: 10
|
|
with:
|
|
script: |
|
|
const { readdirSync } = require('fs')
|
|
const { DefaultArtifactClient } = require('@actions/artifact')
|
|
const artifact = new DefaultArtifactClient()
|
|
const ls = d => readdirSync(d, { withFileTypes: true })
|
|
const baseDir = "./snapshot"
|
|
const dirs = ls(baseDir).filter(f => f.isDirectory()).map(f => f.name)
|
|
const uploads = []
|
|
|
|
// filter to only amd64 and arm64 architectures
|
|
const supportedArchs = ['amd64', 'arm64']
|
|
const filteredDirs = dirs.filter(dir =>
|
|
supportedArchs.some(arch => dir.includes(arch))
|
|
)
|
|
|
|
// upload platform subdirectories
|
|
for (const dir of filteredDirs) {
|
|
// uploadArtifact returns Promise<{id, size}>
|
|
uploads.push(artifact.uploadArtifact(
|
|
// name of the archive:
|
|
`${dir}`,
|
|
// array of all files to include:
|
|
ls(`${baseDir}/${dir}`).map(f => `${baseDir}/${dir}/${f.name}`),
|
|
// base directory to trim from entries:
|
|
`${baseDir}/${dir}`,
|
|
{ retentionDays: 30 }
|
|
))
|
|
}
|
|
|
|
// upload RPM and DEB packages for supported architectures
|
|
const packageFiles = ls(baseDir).filter(f =>
|
|
f.isFile() &&
|
|
(f.name.endsWith('.deb') || f.name.endsWith('.rpm')) &&
|
|
supportedArchs.some(arch => f.name.includes(`_${arch}.`))
|
|
)
|
|
for (const file of packageFiles) {
|
|
uploads.push(artifact.uploadArtifact(
|
|
file.name,
|
|
[`${baseDir}/${file.name}`],
|
|
baseDir,
|
|
{ retentionDays: 30 }
|
|
))
|
|
}
|
|
|
|
// upload checksums file (needed by install tests)
|
|
const rootFiles = ls(baseDir).filter(f => f.isFile() && f.name.match(/syft_.*_checksums\.txt$/))
|
|
if (rootFiles.length > 0) {
|
|
const checksumsFile = rootFiles[0].name
|
|
uploads.push(artifact.uploadArtifact(
|
|
'syft_checksums.txt',
|
|
[`${baseDir}/${checksumsFile}`],
|
|
baseDir,
|
|
{ retentionDays: 30 }
|
|
))
|
|
}
|
|
|
|
// wait for all uploads to finish
|
|
try {
|
|
const results = await Promise.all(uploads)
|
|
console.log(`Successfully uploaded ${results.length} artifacts`)
|
|
} catch (error) {
|
|
console.error('Upload failed:', error)
|
|
throw error
|
|
}
|
|
|
|
Acceptance-Linux:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Acceptance tests (Linux)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=small
|
|
steps:
|
|
# required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility)
|
|
- uses: runs-on/action@v2
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download checksums file
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
|
|
with:
|
|
name: syft_checksums.txt
|
|
path: snapshot
|
|
|
|
- name: Download Linux amd64 snapshot
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
|
|
with:
|
|
name: linux-build_linux_amd64_v1
|
|
path: snapshot/linux-build_linux_amd64_v1
|
|
|
|
- name: Run comparison tests (Linux)
|
|
run: make compare-linux
|
|
|
|
- name: Load test image cache
|
|
if: steps.install-test-image-cache.outputs.cache-hit == 'true'
|
|
run: make install-test-cache-load
|
|
|
|
- name: Run install.sh tests (Linux)
|
|
run: make install-test
|
|
|
|
- name: (cache-miss) Create test image cache
|
|
if: steps.install-test-image-cache.outputs.cache-hit != 'true'
|
|
run: make install-test-cache-save
|
|
|
|
Acceptance-Mac:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Acceptance tests (Mac)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
# note: macos runners aren't supported yet for runs-on managed runners.
|
|
runs-on: macos-latest
|
|
steps:
|
|
- name: Install Cosign
|
|
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
bootstrap-apt-packages: ""
|
|
go-dependencies: false
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download checksums file
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
|
|
with:
|
|
name: syft_checksums.txt
|
|
path: snapshot
|
|
|
|
- name: Download macOS Intel snapshot
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
|
|
with:
|
|
name: darwin-build_darwin_amd64_v1
|
|
path: snapshot/darwin-build_darwin_amd64_v1
|
|
|
|
- name: Run comparison tests (Mac)
|
|
run: make compare-mac
|
|
|
|
- name: Run install.sh tests (Mac)
|
|
run: make install-test-ci-mac
|
|
|
|
Cli-Linux:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "CLI tests (Linux)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=small
|
|
steps:
|
|
# required for magic-cache from runs-on to function with artifact upload/download (see https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility)
|
|
- uses: runs-on/action@v2
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download Linux amd64 snapshot
|
|
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0
|
|
with:
|
|
name: linux-build_linux_amd64_v1
|
|
path: snapshot/linux-build_linux_amd64_v1
|
|
|
|
- name: Run CLI Tests (Linux)
|
|
run: make cli
|