-
Notifications
You must be signed in to change notification settings - Fork 8
106 lines (90 loc) · 3.84 KB
/
phase_3_yocto.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
---
name: Phase 3 - Yocto
on:
push:
paths:
- .github/workflows/phase_3_yocto.yml
env:
YOCTO_TAG: styhead-5.1.1
SBOMQS_VERSION: 0.1.9
jobs:
Generate:
runs-on: ubuntu-latest
steps:
- name: Setup Environment
run: |
sudo apt update
sudo apt install -y gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 python3-subunit zstd liblz4-tool file locales libacl1
pip3 install websockets
sudo locale-gen en_US.UTF-8
- name: Checkout Yocto
run: |
git clone git://git.yoctoproject.org/poky
cd poky
git checkout ${YOCTO_TAG}
- name: Build Yocto
run: |
cd poky
source oe-init-build-env
echo "BB_NUMBER_THREADS=\"8\"" >> conf/local.conf
echo "PARALLEL_MAKE=\"-j 8\"" >> conf/local.conf
echo "INHERIT += \"rm_work\"" >> conf/local.conf
echo "BB_HASHSERVE = \"auto\"" >> conf/site.conf
echo "BB_HASHSERVE_UPSTREAM = \"wss://hashserv.yoctoproject.org/ws\"" >> conf/site.conf
echo "SPDX_PRETTY = \"1\"" >> conf/local.conf
echo -e "SSTATE_MIRRORS = \" \\ \nfile://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH \\\n \\ \nfile://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \\\n \\ \n\"" >> conf/site.conf
bitbake core-image-minimal
- name: Upload Generated SPDX SBOM
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4
with:
name: generated-yocto-sbom-spdx
path: "poky/build/tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.spdx.json"
Augment:
runs-on: ubuntu-latest
needs: Generate
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Download all workflow run artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
- name: Save Augmented SBOMs
run: |
cp generated-yocto-sbom-spdx/core-image-minimal-qemux86-64.rootfs.spdx.json /tmp/augmented_yocto-sbom.spdx.json
- name: Upload Augmented SPDX SBOM
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4
with:
name: augmented-yocto-sbom-spdx
path: "/tmp/augmented_yocto-sbom.spdx.json"
Enrich:
runs-on: ubuntu-latest
needs: Augment
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Download all workflow run artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
- name: Save Final SBOMs
run: |
cp augmented-yocto-sbom-spdx/augmented_yocto-sbom.spdx.json /tmp/final_yocto-sbom.spdx.json
- name: Upload Final SPDX SBOM
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4
with:
name: final-yocto-sbom-spdx
path: "/tmp/final_yocto-sbom.spdx.json"
Verify:
needs: Enrich
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Download SBOMs
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
- name: Install sbomqs
run: |
curl -L -o /tmp/sbomqs \
"https://github.com/interlynk-io/sbomqs/releases/download/v${SBOMQS_VERSION}/sbomqs-linux-amd64"
chmod +x /tmp/sbomqs
- name: "Display SBOM quality score through sbomqs"
run: |
echo \`\`\` >> ${GITHUB_STEP_SUMMARY}
for SBOM in $(find . -iname final*.json); do
/tmp/sbomqs score "$SBOM" >> ${GITHUB_STEP_SUMMARY}
done
echo \`\`\` >> ${GITHUB_STEP_SUMMARY}