github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/githubactions/parse_workflow_test.go

github.com/noqcks/syft@v0.0.0-20230920222752-a9e2c4e288e5/syft/pkg/cataloger/githubactions/parse_workflow_test.go (about)

     1  package githubactions
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/anchore/syft/syft/artifact"
     7  	"github.com/anchore/syft/syft/file"
     8  	"github.com/anchore/syft/syft/pkg"
     9  	"github.com/anchore/syft/syft/pkg/cataloger/internal/pkgtest"
    10  )
    11  
    12  func Test_parseWorkflowForActionUsage(t *testing.T) {
    13  	fixture := "test-fixtures/workflow-multi-job.yaml"
    14  	fixtureLocationSet := file.NewLocationSet(file.NewLocation(fixture).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation))
    15  
    16  	expected := []pkg.Package{
    17  		{
    18  			Name:      "./.github/actions/bootstrap",
    19  			Version:   "",
    20  			Type:      pkg.GithubActionPkg,
    21  			Locations: fixtureLocationSet,
    22  			PURL:      "", // don't have enough context without parsing the git origin, which still may not be accurate
    23  		},
    24  		{
    25  			Name:      "actions/cache",
    26  			Version:   "v3",
    27  			Type:      pkg.GithubActionPkg,
    28  			Locations: fixtureLocationSet,
    29  			PURL:      "pkg:github/actions/cache@v3",
    30  		},
    31  		{
    32  			Name:      "actions/cache/restore",
    33  			Version:   "v3",
    34  			Type:      pkg.GithubActionPkg,
    35  			Locations: fixtureLocationSet,
    36  			PURL:      "pkg:github/actions/cache@v3#restore",
    37  		},
    38  		{
    39  			Name:      "actions/cache/save",
    40  			Version:   "v3",
    41  			Type:      pkg.GithubActionPkg,
    42  			Locations: fixtureLocationSet,
    43  			PURL:      "pkg:github/actions/cache@v3#save",
    44  		},
    45  		{
    46  			Name:      "actions/checkout",
    47  			Version:   "v4",
    48  			Type:      pkg.GithubActionPkg,
    49  			Locations: fixtureLocationSet,
    50  			PURL:      "pkg:github/actions/checkout@v4",
    51  		},
    52  	}
    53  
    54  	var expectedRelationships []artifact.Relationship
    55  	pkgtest.TestFileParser(t, fixture, parseWorkflowForActionUsage, expected, expectedRelationships)
    56  }
    57  
    58  func Test_parseWorkflowForWorkflowUsage(t *testing.T) {
    59  	fixture := "test-fixtures/call-shared-workflow.yaml"
    60  	fixtureLocationSet := file.NewLocationSet(file.NewLocation(fixture).WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation))
    61  
    62  	expected := []pkg.Package{
    63  		{
    64  			Name:      "octo-org/this-repo/.github/workflows/workflow-1.yml",
    65  			Version:   "172239021f7ba04fe7327647b213799853a9eb89",
    66  			Type:      pkg.GithubActionWorkflowPkg,
    67  			Locations: fixtureLocationSet,
    68  			PURL:      "pkg:github/octo-org/this-repo@172239021f7ba04fe7327647b213799853a9eb89#.github/workflows/workflow-1.yml",
    69  		},
    70  		{
    71  			Name:      "./.github/workflows/workflow-2.yml",
    72  			Version:   "",
    73  			Type:      pkg.GithubActionWorkflowPkg,
    74  			Locations: fixtureLocationSet,
    75  			PURL:      "", // don't have enough context without parsing the git origin, which still may not be accurate
    76  		},
    77  		{
    78  			Name:      "octo-org/another-repo/.github/workflows/workflow.yml",
    79  			Version:   "v1",
    80  			Type:      pkg.GithubActionWorkflowPkg,
    81  			Locations: fixtureLocationSet,
    82  			PURL:      "pkg:github/octo-org/another-repo@v1#.github/workflows/workflow.yml",
    83  		},
    84  	}
    85  
    86  	var expectedRelationships []artifact.Relationship
    87  	pkgtest.TestFileParser(t, fixture, parseWorkflowForWorkflowUsage, expected, expectedRelationships)
    88  }