-
Notifications
You must be signed in to change notification settings - Fork 36
140 lines (123 loc) · 3.78 KB
/
test.yml
File metadata and controls
140 lines (123 loc) · 3.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: "build-test"
on: # rebuild any PRs and main branch changes
pull_request:
branches: [main]
push:
branches:
- main
release:
types:
- created
- edited
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
contents: read
jobs:
build: # make sure build/ci work properly and there is no faked build ncc built scripts
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- run: npm ci
- run: npm run package
- run: git status --porcelain
- run: git diff
- run: git diff --exit-code
test-on-fixture-dirs:
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: ./
persist-credentials: false
- uses: ./
with:
path: ./tests/fixtures/npm-project
artifact-name: ${{ matrix.os }}-1.spdx
- uses: ./
with:
path: ./tests/fixtures/yarn-project
artifact-name: ${{ matrix.os }}-2.spdx
- uses: ./
id: yarn-scan
with:
path: ./tests/fixtures/yarn-project
artifact-name: ${{ matrix.os }}-3.spdx
- uses: ./
with:
path: ./tests/fixtures/yarn-project
artifact-name: ${{ matrix.os }}-SBOM.txt
test:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version-file: package.json
- name: Build images
run: |
for distro in alpine centos debian; do
docker build -t localhost:5000/match-coverage/$distro ./tests/fixtures/image-$distro-match-coverage
docker push localhost:5000/match-coverage/${distro}:latest
done
- run: npm ci
- run: npm test
test-as-action: # make sure the action works on a clean machine without building
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: ./
persist-credentials: false
- uses: ./download-syft # anchore/sbom-action/download-syft
id: syft
- env:
SYFT_CMD: ${{ steps.syft.outputs.cmd }}
run: |
echo "$SYFT_CMD"
"$SYFT_CMD" dir:.
- uses: ./ # anchore/sbom-action
id: dirscan
with:
artifact-name: dirscan-sbom.spdx
output-file: dirscan-sbom.spdx
format: spdx
- run: |
echo DIR SCAN SBOM:
cat dirscan-sbom.spdx
- uses: ./ # anchore/sbom-action
id: imagescan
with:
image: alpine:latest
artifact-name: imagescan-sbom.spdx
output-file: my.sbom
- run: |
echo IMAGE SCAN SBOM:
cat my.sbom
- uses: ./publish-sbom # anchore/sbom-action/publish-sbom
with:
sbom-artifact-match: imagescan-sbom.spdx
- uses: ./publish-sbom # anchore/sbom-action/publish-sbom
with:
sbom-artifact-match: "^dont-match-anything$"
- uses: ./ # anchore/sbom-action with artifact retention
name: "One day artifact retention test"
id: one-day
with:
image: alpine:latest
upload-artifact-retention: 1
artifact-name: one-day.sbom.spdx
output-file: one-day-sbom.spdx
format: spdx