mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 08:23:15 +01:00
240 lines
8.2 KiB
YAML
240 lines
8.2 KiB
YAML
name: "Validations"
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
Static-Analysis:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Static analysis"
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=small
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
|
|
- name: Run static analysis
|
|
run: make static-analysis
|
|
|
|
Unit-Test:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Unit tests"
|
|
# we need more storage than what's on the default runner
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=small
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Run unit tests
|
|
run: make unit
|
|
|
|
Integration-Test:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Integration tests"
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=small
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Validate syft output against the CycloneDX schema
|
|
run: make validate-cyclonedx-schema
|
|
|
|
- name: Run integration tests
|
|
run: make integration
|
|
|
|
Build-Snapshot-Artifacts:
|
|
name: "Build snapshot artifacts"
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=build
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
bootstrap-apt-packages: ""
|
|
|
|
- name: Build snapshot artifacts
|
|
run: make snapshot
|
|
|
|
- name: Smoke test snapshot build
|
|
run: make snapshot-smoke-test
|
|
|
|
# using artifacts instead of cache to support cross-runner sharing between runs-on and GitHub-hosted runners
|
|
# (runs-on uses S3-backed magic cache, GitHub-hosted runners use GitHub Actions cache - incompatible)
|
|
- name: Upload snapshot artifacts
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0
|
|
with:
|
|
# we need to preserve the snapshot data itself as well as the task data that confirms if the
|
|
# snapshot build is stale or not. Otherwise the downstream jobs will attempt to rebuild the snapshot
|
|
# even though it already exists.
|
|
name: snapshot-build-${{ github.run_id }}
|
|
path: |
|
|
snapshot
|
|
.task
|
|
retention-days: 1
|
|
|
|
Upload-Snapshot-Artifacts:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Upload snapshot artifacts"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download snapshot build
|
|
uses: actions/download-artifact@8db8e0a4fa3e65a503184c3b18cdbb9cdc646fc0 #v4.2.0
|
|
with:
|
|
name: snapshot-build-${{ github.run_id }}
|
|
|
|
- run: npm install @actions/artifact@2.2.2
|
|
|
|
- uses: actions/github-script@v8
|
|
with:
|
|
script: |
|
|
const { readdirSync } = require('fs')
|
|
const { DefaultArtifactClient } = require('@actions/artifact')
|
|
const artifact = new DefaultArtifactClient()
|
|
const ls = d => readdirSync(d, { withFileTypes: true })
|
|
const baseDir = "./snapshot"
|
|
const dirs = ls(baseDir).filter(f => f.isDirectory()).map(f => f.name)
|
|
const uploads = []
|
|
for (const dir of dirs) {
|
|
// uploadArtifact returns Promise<{id, size}>
|
|
uploads.push(artifact.uploadArtifact(
|
|
// name of the archive:
|
|
`${dir}`,
|
|
// array of all files to include:
|
|
ls(`${baseDir}/${dir}`).map(f => `${baseDir}/${dir}/${f.name}`),
|
|
// base directory to trim from entries:
|
|
`${baseDir}/${dir}`,
|
|
{ retentionDays: 30 }
|
|
))
|
|
}
|
|
// wait for all uploads to finish
|
|
Promise.all(uploads)
|
|
|
|
Acceptance-Linux:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Acceptance tests (Linux)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=small
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download snapshot build
|
|
uses: actions/download-artifact@8db8e0a4fa3e65a503184c3b18cdbb9cdc646fc0 #v4.2.0
|
|
with:
|
|
name: snapshot-build-${{ github.run_id }}
|
|
|
|
- name: Run comparison tests (Linux)
|
|
run: make compare-linux
|
|
|
|
- name: Load test image cache
|
|
if: steps.install-test-image-cache.outputs.cache-hit == 'true'
|
|
run: make install-test-cache-load
|
|
|
|
- name: Run install.sh tests (Linux)
|
|
run: make install-test
|
|
|
|
- name: (cache-miss) Create test image cache
|
|
if: steps.install-test-image-cache.outputs.cache-hit != 'true'
|
|
run: make install-test-cache-save
|
|
|
|
Acceptance-Mac:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "Acceptance tests (Mac)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
runs-on: macos-latest
|
|
steps:
|
|
- name: Install Cosign
|
|
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
bootstrap-apt-packages: ""
|
|
go-dependencies: false
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download snapshot build
|
|
uses: actions/download-artifact@8db8e0a4fa3e65a503184c3b18cdbb9cdc646fc0 #v4.2.0
|
|
with:
|
|
name: snapshot-build-${{ github.run_id }}
|
|
|
|
- name: Run comparison tests (Mac)
|
|
run: make compare-mac
|
|
|
|
- name: Run install.sh tests (Mac)
|
|
run: make install-test-ci-mac
|
|
|
|
Cli-Linux:
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
|
name: "CLI tests (Linux)"
|
|
needs: [Build-Snapshot-Artifacts]
|
|
# Runner definition: workflows/.github/runs-on.yml
|
|
runs-on: runs-on=${{ github.run_id }}/runner=small
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
with:
|
|
download-test-fixture-cache: true
|
|
|
|
- name: Download snapshot build
|
|
uses: actions/download-artifact@8db8e0a4fa3e65a503184c3b18cdbb9cdc646fc0 #v4.2.0
|
|
with:
|
|
name: snapshot-build-${{ github.run_id }}
|
|
|
|
- name: Run CLI Tests (Linux)
|
|
run: make cli
|