name: "Validations" on: workflow_dispatch: pull_request: push: branches: - main permissions: contents: read jobs: Static-Analysis: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Static analysis" runs-on: ubuntu-20.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - name: Bootstrap environment uses: ./.github/actions/bootstrap - name: Run static analysis run: make static-analysis Unit-Test: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Unit tests" runs-on: ubuntu-20.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - name: Bootstrap environment uses: ./.github/actions/bootstrap - name: Restore file executable test-fixture cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: syft/file/cataloger/executable/test-fixtures/elf/bin key: ${{ runner.os }}-unit-file-executable-elf-cache-${{ hashFiles( 'syft/file/cataloger/executable/test-fixtures/elf/cache.fingerprint' ) }} - name: Restore file executable shared-info test-fixture cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: syft/file/cataloger/executable/test-fixtures/shared-info/bin key: ${{ runner.os }}-unit-file-executable-shared-info-cache-${{ hashFiles( 'syft/file/cataloger/executable/test-fixtures/shared-info/cache.fingerprint' ) }} - name: Restore Java test-fixture cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: syft/pkg/cataloger/java/test-fixtures/java-builds/packages key: ${{ runner.os }}-unit-java-cache-${{ hashFiles( 'syft/pkg/cataloger/java/test-fixtures/java-builds/cache.fingerprint' ) }} - name: Restore RPM test-fixture cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: syft/pkg/cataloger/redhat/test-fixtures/rpms key: ${{ runner.os }}-unit-rpm-cache-${{ hashFiles( 'syft/pkg/cataloger/redhat/test-fixtures/rpms.fingerprint' ) }} - name: Restore go binary test-fixture cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: syft/pkg/cataloger/golang/test-fixtures/archs/binaries key: ${{ runner.os }}-unit-go-binaries-cache-${{ hashFiles( 'syft/pkg/cataloger/golang/test-fixtures/archs/binaries.fingerprint' ) }} - name: Restore binary cataloger test-fixture cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: syft/pkg/cataloger/binary/test-fixtures/classifiers/bin key: ${{ runner.os }}-unit-binary-cataloger-cache-${{ hashFiles( 'syft/pkg/cataloger/binary/test-fixtures/cache.fingerprint' ) }} - name: Restore Kernel test-fixture cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: syft/pkg/cataloger/kernel/test-fixtures/cache key: ${{ runner.os }}-unit-kernel-cache-${{ hashFiles( 'syft/pkg/cataloger/kernel/test-fixtures/cache.fingerprint' ) }} - name: Run unit tests run: make unit Integration-Test: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Integration tests" runs-on: ubuntu-20.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - name: Bootstrap environment uses: ./.github/actions/bootstrap - name: Validate syft output against the CycloneDX schema run: make validate-cyclonedx-schema - name: Restore integration test cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: ${{ github.workspace }}/cmd/syft/internal/test/integration/test-fixtures/cache key: ${{ runner.os }}-integration-test-cache-${{ hashFiles('/cmd/syft/internal/test/integration/test-fixtures/cache.fingerprint') }} - name: Run integration tests run: make integration Build-Snapshot-Artifacts: name: "Build snapshot artifacts" runs-on: ubuntu-20.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - name: Bootstrap environment uses: ./.github/actions/bootstrap with: bootstrap-apt-packages: "" - name: Build snapshot artifacts run: make snapshot # why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach). # see https://github.com/actions/upload-artifact/issues/199 for more info - name: Upload snapshot artifacts uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: # we need to preserve the snapshot data itself as well as the task data that confirms if the # snapshot build is stale or not. Otherwise the downstream jobs will attempt to rebuild the snapshot # even though it already exists. path: | snapshot .task key: snapshot-build-${{ github.run_id }} Acceptance-Linux: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Acceptance tests (Linux)" needs: [Build-Snapshot-Artifacts] runs-on: ubuntu-20.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - name: Bootstrap environment uses: ./.github/actions/bootstrap - name: Download snapshot build id: snapshot-cache uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: | snapshot .task fail-on-cache-miss: true key: snapshot-build-${{ github.run_id }} # workaround for https://github.com/actions/cache/issues/1265 - name: (cache-miss) Snapshot build missing if: steps.snapshot-cache.outputs.cache-hit != 'true' run: echo "unable to download snapshots from previous job" && false - name: Run comparison tests (Linux) run: make compare-linux - name: Restore install.sh test image cache id: install-test-image-cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: ${{ github.workspace }}/test/install/cache key: ${{ runner.os }}-install-test-image-cache-${{ hashFiles('test/install/cache.fingerprint') }} - name: Load test image cache if: steps.install-test-image-cache.outputs.cache-hit == 'true' run: make install-test-cache-load - name: Run install.sh tests (Linux) run: make install-test - name: (cache-miss) Create test image cache if: steps.install-test-image-cache.outputs.cache-hit != 'true' run: make install-test-cache-save Acceptance-Mac: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "Acceptance tests (Mac)" needs: [Build-Snapshot-Artifacts] runs-on: macos-latest steps: - name: Install Cosign uses: sigstore/cosign-installer@v3.6.0 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - name: Bootstrap environment uses: ./.github/actions/bootstrap with: bootstrap-apt-packages: "" compute-fingerprints: "false" go-dependencies: false - name: Download snapshot build id: snapshot-cache uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: | snapshot .task fail-on-cache-miss: true key: snapshot-build-${{ github.run_id }} # workaround for https://github.com/actions/cache/issues/1265 - name: (cache-miss) Snapshot build missing if: steps.snapshot-cache.outputs.cache-hit != 'true' run: echo "unable to download snapshots from previous job" && false - name: Restore docker image cache for compare testing id: mac-compare-testing-cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: image.tar key: ${{ runner.os }}-${{ hashFiles('test/compare/mac.sh') }} - name: Run comparison tests (Mac) run: make compare-mac - name: Run install.sh tests (Mac) run: make install-test-ci-mac Cli-Linux: # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline name: "CLI tests (Linux)" needs: [Build-Snapshot-Artifacts] runs-on: ubuntu-20.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7 - name: Bootstrap environment uses: ./.github/actions/bootstrap - name: Restore CLI test-fixture cache uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: ${{ github.workspace }}/test/cli/test-fixtures/cache key: ${{ runner.os }}-cli-test-cache-${{ hashFiles('test/cli/test-fixtures/cache.fingerprint') }} - name: Download snapshot build id: snapshot-cache uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2 with: path: | snapshot .task fail-on-cache-miss: true key: snapshot-build-${{ github.run_id }} # workaround for https://github.com/actions/cache/issues/1265 - name: (cache-miss) Snapshot build missing if: steps.snapshot-cache.outputs.cache-hit != 'true' run: echo "unable to download snapshots from previous job" && false - name: Run CLI Tests (Linux) run: make cli