Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

chore: add workflow to update quality test db (#1961)

Browse source 
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
This commit is contained in:
Christopher Angelo Phillips 2024-06-25 10:38:37 -04:00 committed by GitHub
parent cbd6346527
commit 84cbf10b9c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 48 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
.github/workflows/update-quality-gate-db.yml vendored Normal file
View file

@ -0,0 +1,38 @@
name: PR for upgrading quality gate test DB
on:
schedule:
- cron: "0 16 1 * *" # first day of each month @ 11 AM EST
workflow_dispatch:
permissions:
contents: read
jobs:
update-test-db-url:
runs-on: ubuntu-latest
if: github.repository == 'anchore/grype' # only run for main repo
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
- name: "Update quality DB"
run: |
make update-quality-gate-db
- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
id: generate-token
with:
app_id: ${{ secrets.TOKEN_APP_ID }}
private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}
- uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6.1.0
with:
signoff: true
delete-branch: true
branch: auto/update-quality-test-db
labels: test, changelog-ignore
commit-message: 'test: update quality gate db to latest version'
title: 'test: update quality gate db to latest version'
body: |
This is an auto-generated pull request to update the quality gate db to latest version
token: ${{ steps.generate-token.outputs.token }}

6
Taskfile.yaml
View file

@ -100,6 +100,12 @@ tasks:
cmd: "{{ .TOOL_DIR }}/binny update -v" cmd: "{{ .TOOL_DIR }}/binny update -v"
silent: true silent: true
update-quality-gate-db:
desc: Update pinned version of quality gate database
cmds:
- cmd: "go run cmd/grype/main.go db list -o json | jq -r .[0].url > test/quality/test-db-url"
silent: true
list-tools: list-tools:
desc: List all tools needed for CI and local development desc: List all tools needed for CI and local development
deps: [binny] deps: [binny]

5
test/quality/Makefile
View file

@ -8,7 +8,8 @@ VULNERABILITY_LABELS = ./vulnerability-labels
RESULT_SET = pr_vs_latest_via_sbom RESULT_SET = pr_vs_latest_via_sbom
# update periodically with values from "grype db list" # update periodically with values from "grype db list"
TEST_DB_URL = https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v5_2024-06-24T01:29:58Z_1719202889.tar.gz TEST_DB_URL_FILE = ./test-db-url
TEST_DB_URL = $(shell cat $(TEST_DB_URL_FILE))
TEST_DB = db.tar.gz TEST_DB = db.tar.gz
LISTING_FILE = https://toolbox-data.anchore.io/grype/databases/listing.json LISTING_FILE = https://toolbox-data.anchore.io/grype/databases/listing.json
@ -43,7 +44,7 @@ check-db:
@echo "DB is fresh enough to be used for testing!" @echo "DB is fresh enough to be used for testing!"
$(TEST_DB): $(TEST_DB):
curl -o $(TEST_DB) -SsL $(TEST_DB_URL) @curl -o $(TEST_DB) -SsL $(TEST_DB_URL)
.PHONY: sboms .PHONY: sboms
sboms: $(YARDSTICK_RESULT_DIR) venv clear-results ## Collect and store all syft results (deletes all existing results) sboms: $(YARDSTICK_RESULT_DIR) venv clear-results ## Collect and store all syft results (deletes all existing results)

1
test/quality/test-db-url Normal file
View file

@ -0,0 +1 @@
https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v5_2024-06-24T01:29:58Z_1719202889.tar.gz