github.com/anchore/syft@v1.38.2/.github/workflows/validations.yaml (about) 1 name: "Validations" 2 3 on: 4 workflow_dispatch: 5 pull_request: 6 push: 7 branches: 8 - main 9 10 permissions: 11 contents: read 12 13 jobs: 14 15 Static-Analysis: 16 # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline 17 name: "Static analysis" 18 runs-on: ubuntu-24.04 19 steps: 20 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 21 with: 22 persist-credentials: false 23 24 - name: Bootstrap environment 25 uses: ./.github/actions/bootstrap 26 27 - name: Run static analysis 28 run: make static-analysis 29 30 31 Unit-Test: 32 # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline 33 name: "Unit tests" 34 # we need more storage than what's on the default runner 35 runs-on: ubuntu-22.04-4core-16gb 36 steps: 37 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 38 with: 39 persist-credentials: false 40 41 - name: Bootstrap environment 42 uses: ./.github/actions/bootstrap 43 with: 44 download-test-fixture-cache: true 45 46 - name: Run unit tests 47 run: make unit 48 49 50 Integration-Test: 51 # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline 52 name: "Integration tests" 53 runs-on: ubuntu-24.04 54 steps: 55 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 56 with: 57 persist-credentials: false 58 59 - name: Bootstrap environment 60 uses: ./.github/actions/bootstrap 61 with: 62 download-test-fixture-cache: true 63 64 - name: Validate syft output against the CycloneDX schema 65 run: make validate-cyclonedx-schema 66 67 - name: Run integration tests 68 run: make integration 69 70 71 Build-Snapshot-Artifacts: 72 name: "Build snapshot artifacts" 73 runs-on: ubuntu-24.04 74 steps: 75 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 76 with: 77 persist-credentials: false 78 79 - name: Bootstrap environment 80 uses: ./.github/actions/bootstrap 81 with: 82 bootstrap-apt-packages: "" 83 84 - name: Build snapshot artifacts 85 run: make snapshot 86 87 - name: Smoke test snapshot build 88 run: make snapshot-smoke-test 89 90 # why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach). 91 # see https://github.com/actions/upload-artifact/issues/199 for more info 92 - name: Upload snapshot artifacts 93 uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 94 with: 95 # we need to preserve the snapshot data itself as well as the task data that confirms if the 96 # snapshot build is stale or not. Otherwise the downstream jobs will attempt to rebuild the snapshot 97 # even though it already exists. 98 path: | 99 snapshot 100 .task 101 key: snapshot-build-${{ github.run_id }} 102 103 104 Upload-Snapshot-Artifacts: 105 # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline 106 name: "Upload snapshot artifacts" 107 needs: [Build-Snapshot-Artifacts] 108 runs-on: ubuntu-24.04 109 steps: 110 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 111 with: 112 persist-credentials: false 113 114 - name: Bootstrap environment 115 uses: ./.github/actions/bootstrap 116 with: 117 download-test-fixture-cache: true 118 119 - name: Download snapshot build 120 id: snapshot-cache 121 uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 122 with: 123 path: | 124 snapshot 125 .task 126 fail-on-cache-miss: true 127 key: snapshot-build-${{ github.run_id }} 128 129 # workaround for https://github.com/actions/cache/issues/1265 130 - name: (cache-miss) Snapshot build missing 131 if: steps.snapshot-cache.outputs.cache-hit != 'true' 132 run: echo "unable to download snapshots from previous job" && false 133 134 - run: npm install @actions/artifact@2.2.2 135 136 - uses: actions/github-script@v8 137 with: 138 script: | 139 const { readdirSync } = require('fs') 140 const { DefaultArtifactClient } = require('@actions/artifact') 141 const artifact = new DefaultArtifactClient() 142 const ls = d => readdirSync(d, { withFileTypes: true }) 143 const baseDir = "./snapshot" 144 const dirs = ls(baseDir).filter(f => f.isDirectory()).map(f => f.name) 145 const uploads = [] 146 for (const dir of dirs) { 147 // uploadArtifact returns Promise<{id, size}> 148 uploads.push(artifact.uploadArtifact( 149 // name of the archive: 150 `${dir}`, 151 // array of all files to include: 152 ls(`${baseDir}/${dir}`).map(f => `${baseDir}/${dir}/${f.name}`), 153 // base directory to trim from entries: 154 `${baseDir}/${dir}`, 155 { retentionDays: 30 } 156 )) 157 } 158 // wait for all uploads to finish 159 Promise.all(uploads) 160 161 Acceptance-Linux: 162 # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline 163 name: "Acceptance tests (Linux)" 164 needs: [Build-Snapshot-Artifacts] 165 runs-on: ubuntu-24.04 166 steps: 167 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 168 with: 169 persist-credentials: false 170 171 - name: Bootstrap environment 172 uses: ./.github/actions/bootstrap 173 with: 174 download-test-fixture-cache: true 175 176 - name: Download snapshot build 177 id: snapshot-cache 178 uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 179 with: 180 path: | 181 snapshot 182 .task 183 fail-on-cache-miss: true 184 key: snapshot-build-${{ github.run_id }} 185 186 # workaround for https://github.com/actions/cache/issues/1265 187 - name: (cache-miss) Snapshot build missing 188 if: steps.snapshot-cache.outputs.cache-hit != 'true' 189 run: echo "unable to download snapshots from previous job" && false 190 191 - name: Run comparison tests (Linux) 192 run: make compare-linux 193 194 - name: Load test image cache 195 if: steps.install-test-image-cache.outputs.cache-hit == 'true' 196 run: make install-test-cache-load 197 198 - name: Run install.sh tests (Linux) 199 run: make install-test 200 201 - name: (cache-miss) Create test image cache 202 if: steps.install-test-image-cache.outputs.cache-hit != 'true' 203 run: make install-test-cache-save 204 205 206 Acceptance-Mac: 207 # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline 208 name: "Acceptance tests (Mac)" 209 needs: [Build-Snapshot-Artifacts] 210 runs-on: macos-latest 211 steps: 212 - name: Install Cosign 213 uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 214 215 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 216 with: 217 persist-credentials: false 218 219 - name: Bootstrap environment 220 uses: ./.github/actions/bootstrap 221 with: 222 bootstrap-apt-packages: "" 223 go-dependencies: false 224 download-test-fixture-cache: true 225 226 - name: Download snapshot build 227 id: snapshot-cache 228 uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 229 with: 230 path: | 231 snapshot 232 .task 233 fail-on-cache-miss: true 234 key: snapshot-build-${{ github.run_id }} 235 236 # workaround for https://github.com/actions/cache/issues/1265 237 - name: (cache-miss) Snapshot build missing 238 if: steps.snapshot-cache.outputs.cache-hit != 'true' 239 run: echo "unable to download snapshots from previous job" && false 240 241 - name: Run comparison tests (Mac) 242 run: make compare-mac 243 244 - name: Run install.sh tests (Mac) 245 run: make install-test-ci-mac 246 247 248 Cli-Linux: 249 # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline 250 name: "CLI tests (Linux)" 251 needs: [Build-Snapshot-Artifacts] 252 runs-on: ubuntu-24.04 253 steps: 254 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 255 with: 256 persist-credentials: false 257 258 - name: Bootstrap environment 259 uses: ./.github/actions/bootstrap 260 with: 261 download-test-fixture-cache: true 262 263 - name: Download snapshot build 264 id: snapshot-cache 265 uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 266 with: 267 path: | 268 snapshot 269 .task 270 fail-on-cache-miss: true 271 key: snapshot-build-${{ github.run_id }} 272 273 # workaround for https://github.com/actions/cache/issues/1265 274 - name: (cache-miss) Snapshot build missing 275 if: steps.snapshot-cache.outputs.cache-hit != 'true' 276 run: echo "unable to download snapshots from previous job" && false 277 278 - name: Run CLI Tests (Linux) 279 run: make cli 280 281 282 Cleanup-Cache: 283 name: "Cleanup snapshot cache" 284 if: github.event.pull_request.head.repo.full_name == github.repository 285 runs-on: ubuntu-24.04 286 permissions: 287 actions: write 288 needs: 289 - Acceptance-Linux 290 - Acceptance-Mac 291 - Cli-Linux 292 - Upload-Snapshot-Artifacts 293 steps: 294 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 295 with: 296 persist-credentials: false 297 298 - name: Delete snapshot cache 299 run: gh cache delete "snapshot-build-${{ github.run_id }}" 300 env: 301 GH_TOKEN: ${{ github.token }}