2021-03-18 13:01:07 +00:00
|
|
|
name: "Validations"
|
2023-01-17 15:04:22 +00:00
|
|
|
|
2021-03-18 13:01:07 +00:00
|
|
|
on:
|
|
|
|
|
workflow_dispatch:
|
2023-01-17 15:04:22 +00:00
|
|
|
pull_request:
|
2021-03-18 13:01:07 +00:00
|
|
|
push:
|
2022-03-02 17:51:37 +00:00
|
|
|
branches:
|
|
|
|
|
- main
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-09-15 18:18:42 +00:00
|
|
|
permissions:
|
|
|
|
|
contents: read
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-09-15 18:18:42 +00:00
|
|
|
jobs:
|
2023-10-25 13:08:43 +00:00
|
|
|
|
2021-03-18 13:01:07 +00:00
|
|
|
Static-Analysis:
|
2021-04-22 20:20:21 +00:00
|
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
2021-03-18 13:01:07 +00:00
|
|
|
name: "Static analysis"
|
|
|
|
|
runs-on: ubuntu-20.04
|
|
|
|
|
steps:
|
2024-03-12 17:18:44 +00:00
|
|
|
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
- name: Bootstrap environment
|
|
|
|
|
uses: ./.github/actions/bootstrap
|
2021-03-18 13:01:07 +00:00
|
|
|
|
|
|
|
|
- name: Run static analysis
|
|
|
|
|
run: make static-analysis
|
|
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
|
2021-03-18 13:01:07 +00:00
|
|
|
Unit-Test:
|
2021-04-22 20:20:21 +00:00
|
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
2021-03-18 13:01:07 +00:00
|
|
|
name: "Unit tests"
|
|
|
|
|
runs-on: ubuntu-20.04
|
|
|
|
|
steps:
|
2024-03-12 17:18:44 +00:00
|
|
|
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
- name: Bootstrap environment
|
|
|
|
|
uses: ./.github/actions/bootstrap
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2024-02-02 16:51:18 +00:00
|
|
|
- name: Restore file executable test-fixture cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2024-02-02 16:51:18 +00:00
|
|
|
with:
|
2024-03-12 22:04:02 +00:00
|
|
|
path: syft/file/cataloger/executable/test-fixtures/elf/bin
|
|
|
|
|
key: ${{ runner.os }}-unit-file-executable-elf-cache-${{ hashFiles( 'syft/file/cataloger/executable/test-fixtures/elf/cache.fingerprint' ) }}
|
|
|
|
|
|
|
|
|
|
- name: Restore file executable shared-info test-fixture cache
|
|
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
|
|
|
|
with:
|
|
|
|
|
path: syft/file/cataloger/executable/test-fixtures/shared-info/bin
|
|
|
|
|
key: ${{ runner.os }}-unit-file-executable-shared-info-cache-${{ hashFiles( 'syft/file/cataloger/executable/test-fixtures/shared-info/cache.fingerprint' ) }}
|
2024-02-02 16:51:18 +00:00
|
|
|
|
2021-03-18 13:01:07 +00:00
|
|
|
- name: Restore Java test-fixture cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2021-03-18 13:01:07 +00:00
|
|
|
with:
|
2023-04-19 20:07:34 +00:00
|
|
|
path: syft/pkg/cataloger/java/test-fixtures/java-builds/packages
|
2023-04-19 16:17:07 +00:00
|
|
|
key: ${{ runner.os }}-unit-java-cache-${{ hashFiles( 'syft/pkg/cataloger/java/test-fixtures/java-builds/cache.fingerprint' ) }}
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2022-09-07 18:16:30 +00:00
|
|
|
- name: Restore RPM test-fixture cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2022-09-07 18:16:30 +00:00
|
|
|
with:
|
2023-11-02 12:39:42 +00:00
|
|
|
path: syft/pkg/cataloger/redhat/test-fixtures/rpms
|
|
|
|
|
key: ${{ runner.os }}-unit-rpm-cache-${{ hashFiles( 'syft/pkg/cataloger/redhat/test-fixtures/rpms.fingerprint' ) }}
|
2022-09-07 18:16:30 +00:00
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
- name: Restore go binary test-fixture cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2022-03-17 00:07:02 +00:00
|
|
|
with:
|
|
|
|
|
path: syft/pkg/cataloger/golang/test-fixtures/archs/binaries
|
|
|
|
|
key: ${{ runner.os }}-unit-go-binaries-cache-${{ hashFiles( 'syft/pkg/cataloger/golang/test-fixtures/archs/binaries.fingerprint' ) }}
|
|
|
|
|
|
2023-03-07 15:52:29 +00:00
|
|
|
- name: Restore binary cataloger test-fixture cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2023-03-07 15:52:29 +00:00
|
|
|
with:
|
2024-01-05 21:40:03 +00:00
|
|
|
path: syft/pkg/cataloger/binary/test-fixtures/classifiers/bin
|
2023-03-07 15:52:29 +00:00
|
|
|
key: ${{ runner.os }}-unit-binary-cataloger-cache-${{ hashFiles( 'syft/pkg/cataloger/binary/test-fixtures/cache.fingerprint' ) }}
|
|
|
|
|
|
2023-04-17 15:44:46 +00:00
|
|
|
- name: Restore Kernel test-fixture cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2023-04-17 15:44:46 +00:00
|
|
|
with:
|
|
|
|
|
path: syft/pkg/cataloger/kernel/test-fixtures/cache
|
|
|
|
|
key: ${{ runner.os }}-unit-kernel-cache-${{ hashFiles( 'syft/pkg/cataloger/kernel/test-fixtures/cache.fingerprint' ) }}
|
|
|
|
|
|
2021-03-18 13:01:07 +00:00
|
|
|
- name: Run unit tests
|
|
|
|
|
run: make unit
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Integration-Test:
|
2021-04-22 20:20:21 +00:00
|
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
2021-03-18 13:01:07 +00:00
|
|
|
name: "Integration tests"
|
|
|
|
|
runs-on: ubuntu-20.04
|
|
|
|
|
steps:
|
2024-03-12 17:18:44 +00:00
|
|
|
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
- name: Bootstrap environment
|
|
|
|
|
uses: ./.github/actions/bootstrap
|
2021-03-18 13:01:07 +00:00
|
|
|
|
|
|
|
|
- name: Validate syft output against the CycloneDX schema
|
|
|
|
|
run: make validate-cyclonedx-schema
|
|
|
|
|
|
|
|
|
|
- name: Restore integration test cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2021-03-18 13:01:07 +00:00
|
|
|
with:
|
2024-01-24 18:29:51 +00:00
|
|
|
path: ${{ github.workspace }}/cmd/syft/internal/test/integration/test-fixtures/cache
|
|
|
|
|
key: ${{ runner.os }}-integration-test-cache-${{ hashFiles('/cmd/syft/internal/test/integration/test-fixtures/cache.fingerprint') }}
|
2021-03-18 13:01:07 +00:00
|
|
|
|
|
|
|
|
- name: Run integration tests
|
|
|
|
|
run: make integration
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Build-Snapshot-Artifacts:
|
|
|
|
|
name: "Build snapshot artifacts"
|
2021-03-23 14:28:57 +00:00
|
|
|
runs-on: ubuntu-20.04
|
2021-03-18 13:01:07 +00:00
|
|
|
steps:
|
2024-03-12 17:18:44 +00:00
|
|
|
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
- name: Bootstrap environment
|
|
|
|
|
uses: ./.github/actions/bootstrap
|
2021-03-18 13:01:07 +00:00
|
|
|
with:
|
2023-01-17 15:04:22 +00:00
|
|
|
bootstrap-apt-packages: ""
|
2021-03-18 13:01:07 +00:00
|
|
|
|
|
|
|
|
- name: Build snapshot artifacts
|
|
|
|
|
run: make snapshot
|
|
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
# why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach).
|
|
|
|
|
# see https://github.com/actions/upload-artifact/issues/199 for more info
|
|
|
|
|
- name: Upload snapshot artifacts
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache/save@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2021-03-18 13:01:07 +00:00
|
|
|
with:
|
2023-10-25 13:08:43 +00:00
|
|
|
# we need to preserve the snapshot data itself as well as the task data that confirms if the
|
|
|
|
|
# snapshot build is stale or not. Otherwise the downstream jobs will attempt to rebuild the snapshot
|
|
|
|
|
# even though it already exists.
|
|
|
|
|
path: |
|
|
|
|
|
snapshot
|
|
|
|
|
.task
|
2023-01-17 15:04:22 +00:00
|
|
|
key: snapshot-build-${{ github.run_id }}
|
|
|
|
|
|
2021-03-18 13:01:07 +00:00
|
|
|
|
|
|
|
|
Acceptance-Linux:
|
2021-04-22 20:20:21 +00:00
|
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
2021-03-18 13:01:07 +00:00
|
|
|
name: "Acceptance tests (Linux)"
|
|
|
|
|
needs: [Build-Snapshot-Artifacts]
|
|
|
|
|
runs-on: ubuntu-20.04
|
|
|
|
|
steps:
|
2024-03-12 17:18:44 +00:00
|
|
|
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-10-25 13:08:43 +00:00
|
|
|
- name: Bootstrap environment
|
|
|
|
|
uses: ./.github/actions/bootstrap
|
|
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
- name: Download snapshot build
|
2023-10-25 13:08:43 +00:00
|
|
|
id: snapshot-cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache/restore@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2021-03-18 13:01:07 +00:00
|
|
|
with:
|
2023-10-25 13:08:43 +00:00
|
|
|
path: |
|
|
|
|
|
snapshot
|
|
|
|
|
.task
|
|
|
|
|
fail-on-cache-miss: true
|
2023-01-17 15:04:22 +00:00
|
|
|
key: snapshot-build-${{ github.run_id }}
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-10-25 13:08:43 +00:00
|
|
|
# workaround for https://github.com/actions/cache/issues/1265
|
|
|
|
|
- name: (cache-miss) Snapshot build missing
|
|
|
|
|
if: steps.snapshot-cache.outputs.cache-hit != 'true'
|
|
|
|
|
run: echo "unable to download snapshots from previous job" && false
|
|
|
|
|
|
2022-02-01 21:58:47 +00:00
|
|
|
- name: Run comparison tests (Linux)
|
|
|
|
|
run: make compare-linux
|
|
|
|
|
|
|
|
|
|
- name: Restore install.sh test image cache
|
|
|
|
|
id: install-test-image-cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2022-02-01 21:58:47 +00:00
|
|
|
with:
|
|
|
|
|
path: ${{ github.workspace }}/test/install/cache
|
|
|
|
|
key: ${{ runner.os }}-install-test-image-cache-${{ hashFiles('test/install/cache.fingerprint') }}
|
|
|
|
|
|
|
|
|
|
- name: Load test image cache
|
|
|
|
|
if: steps.install-test-image-cache.outputs.cache-hit == 'true'
|
|
|
|
|
run: make install-test-cache-load
|
|
|
|
|
|
|
|
|
|
- name: Run install.sh tests (Linux)
|
|
|
|
|
run: make install-test
|
|
|
|
|
|
|
|
|
|
- name: (cache-miss) Create test image cache
|
|
|
|
|
if: steps.install-test-image-cache.outputs.cache-hit != 'true'
|
|
|
|
|
run: make install-test-cache-save
|
|
|
|
|
|
2021-03-18 13:01:07 +00:00
|
|
|
|
|
|
|
|
Acceptance-Mac:
|
2021-04-22 20:20:21 +00:00
|
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
2021-03-18 13:01:07 +00:00
|
|
|
name: "Acceptance tests (Mac)"
|
|
|
|
|
needs: [Build-Snapshot-Artifacts]
|
|
|
|
|
runs-on: macos-latest
|
|
|
|
|
steps:
|
2024-03-12 17:18:44 +00:00
|
|
|
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-10-25 13:08:43 +00:00
|
|
|
- name: Bootstrap environment
|
|
|
|
|
uses: ./.github/actions/bootstrap
|
|
|
|
|
with:
|
|
|
|
|
bootstrap-apt-packages: ""
|
|
|
|
|
compute-fingerprints: "false"
|
|
|
|
|
go-dependencies: false
|
|
|
|
|
go-version: ""
|
|
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
- name: Download snapshot build
|
2023-10-25 13:08:43 +00:00
|
|
|
id: snapshot-cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache/restore@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2021-03-18 13:01:07 +00:00
|
|
|
with:
|
2023-10-25 13:08:43 +00:00
|
|
|
path: |
|
|
|
|
|
snapshot
|
|
|
|
|
.task
|
|
|
|
|
fail-on-cache-miss: true
|
2023-01-17 15:04:22 +00:00
|
|
|
key: snapshot-build-${{ github.run_id }}
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-10-25 13:08:43 +00:00
|
|
|
# workaround for https://github.com/actions/cache/issues/1265
|
|
|
|
|
- name: (cache-miss) Snapshot build missing
|
|
|
|
|
if: steps.snapshot-cache.outputs.cache-hit != 'true'
|
|
|
|
|
run: echo "unable to download snapshots from previous job" && false
|
|
|
|
|
|
2022-02-01 21:58:47 +00:00
|
|
|
- name: Restore docker image cache for compare testing
|
|
|
|
|
id: mac-compare-testing-cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2021-03-23 19:03:25 +00:00
|
|
|
with:
|
2021-04-16 13:20:07 +00:00
|
|
|
path: image.tar
|
2022-02-01 21:58:47 +00:00
|
|
|
key: ${{ runner.os }}-${{ hashFiles('test/compare/mac.sh') }}
|
|
|
|
|
|
|
|
|
|
- name: Run comparison tests (Mac)
|
|
|
|
|
run: make compare-mac
|
2021-03-23 19:03:25 +00:00
|
|
|
|
2022-02-01 21:58:47 +00:00
|
|
|
- name: Run install.sh tests (Mac)
|
|
|
|
|
run: make install-test-ci-mac
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
|
2021-03-18 13:01:07 +00:00
|
|
|
Cli-Linux:
|
2021-04-22 20:20:21 +00:00
|
|
|
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
|
2021-03-18 13:01:07 +00:00
|
|
|
name: "CLI tests (Linux)"
|
|
|
|
|
needs: [Build-Snapshot-Artifacts]
|
|
|
|
|
runs-on: ubuntu-20.04
|
|
|
|
|
steps:
|
2024-03-12 17:18:44 +00:00
|
|
|
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
- name: Bootstrap environment
|
|
|
|
|
uses: ./.github/actions/bootstrap
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
- name: Restore CLI test-fixture cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2021-03-18 13:01:07 +00:00
|
|
|
with:
|
|
|
|
|
path: ${{ github.workspace }}/test/cli/test-fixtures/cache
|
|
|
|
|
key: ${{ runner.os }}-cli-test-cache-${{ hashFiles('test/cli/test-fixtures/cache.fingerprint') }}
|
|
|
|
|
|
2023-01-17 15:04:22 +00:00
|
|
|
- name: Download snapshot build
|
2023-10-25 13:08:43 +00:00
|
|
|
id: snapshot-cache
|
2024-03-01 18:50:49 +00:00
|
|
|
uses: actions/cache/restore@ab5e6d0c87105b4c9c2047343972218f562e4319 #v4.0.1
|
2021-03-18 13:01:07 +00:00
|
|
|
with:
|
2023-10-25 13:08:43 +00:00
|
|
|
path: |
|
|
|
|
|
snapshot
|
|
|
|
|
.task
|
|
|
|
|
fail-on-cache-miss: true
|
2023-01-17 15:04:22 +00:00
|
|
|
key: snapshot-build-${{ github.run_id }}
|
2021-03-18 13:01:07 +00:00
|
|
|
|
2023-10-25 13:08:43 +00:00
|
|
|
# workaround for https://github.com/actions/cache/issues/1265
|
|
|
|
|
- name: (cache-miss) Snapshot build missing
|
|
|
|
|
if: steps.snapshot-cache.outputs.cache-hit != 'true'
|
|
|
|
|
run: echo "unable to download snapshots from previous job" && false
|
|
|
|
|
|
2021-03-18 13:01:07 +00:00
|
|
|
- name: Run CLI Tests (Linux)
|
2021-03-20 11:33:13 +00:00
|
|
|
run: make cli
|
