docs: add code coverage section to test README #10223

Workflow file for this run

.github/workflows/testing.yml at 29a6a21

	name: Testing

	permissions: read-all

	concurrency:
	group: testing-${{ github.ref }}
	cancel-in-progress: true

	on:
	push:
	branches: [main]
	pull_request:
	workflow_dispatch:
	inputs:
	longTests:
	description: 'Force run long tests'
	required: false
	type: boolean
	externalSystem:
	description: 'Force run tests which rely on external connectivity'
	required: false
	type: boolean

	env:
	ACTIONS: 1
	LONG_TESTS: 0
	EXTERNAL_SYSTEM: 0
	nvd_api_key: ${{ secrets.NVD_API_KEY }}

	jobs:
	docs:
	name: Documentation
	permissions:
	contents: read
	if: \|
	! github.event.pull_request.user.login == 'github-actions[bot]' \|\|
	! (
	startsWith(github.head_ref, 'chore-sbom-py') \|\|
	contains(
	fromJSON('["chore-js-dependencies","chore-precommit-config","chore-spdx-header"]'),
	github.head_ref
	)
	)
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	files.pythonhosted.org:443
	github.com:443
	pypi.org:443

	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: '3.11'
	cache: 'pip'
	cache-dependency-path: 'doc/requirements.txt'
	- name: Install doc dependencies
	run: \|
	python -m pip install --upgrade pip
	python -m pip install --upgrade setuptools
	python -m pip install --upgrade wheel
	python -m pip install --upgrade -r doc/requirements.txt
	- name: Build docs
	run: \|
	cd doc/
	sphinx-build -b html . _build

	tests:
	name: Linux tests
	permissions:
	contents: read
	runs-on: ubuntu-latest
	strategy:
	matrix:
	python: ['3.10', '3.11', '3.12'] # updated: replaced 3.13 with 3.10 in short tests
	timeout-minutes: 90
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
	with:
	egress-policy: block
	allowed-endpoints: >
	access.redhat.com:443
	archives.fedoraproject.org:443
	azure.archive.ubuntu.com:80
	curl.se:443
	epss.empiricalsecurity.com443
	esm.ubuntu.com:443
	files.pythonhosted.org:443
	ftp.fr.debian.org:80
	github.com:443
	gitlab.com:443
	mirror.cveb.in:443
	mirror.cveb.in:80
	motd.ubuntu.com:443
	nvd.nist.gov:443
	osv-vulnerabilities.storage.googleapis.com:443
	packages.microsoft.com:443
	ppa.launchpadcontent.net:443
	pypi.org:443
	raw.githubusercontent.com:443
	release-monitoring.org:443
	rpmfind.net:443
	security-tracker.debian.org:443
	services.nvd.nist.gov:443
	storage.googleapis.com:443
	www.cisa.gov:443
	www.sqlite.org:443
	*.codecov.io:443
	codecov.io:443
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: ${{ matrix.python }}
	cache: 'pip'

	- name: "Skip tests if this is an automated sbom job"
	env:
	COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
	run: \|
	if ${COMMIT_VAR} == true; then
	echo "sbom=true" >> $GITHUB_ENV
	echo "sbom set to true"
	else
	echo "sbom=false" >> $GITHUB_ENV
	echo "sbom set to false"
	fi

	- name: Get date
	id: get-date
	run: \|
	echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	- name: Print Cache Keys
	run: \|
	echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
	echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
	- name: Get today's cached database
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	id: todays-cache
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
	- name: Get yesterday's cached database if today's is not available
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	if: steps.todays-cache.outputs.cache-hit != 'true'
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
	- name: Install cabextract
	if: env.sbom != 'true'
	run: sudo apt-get update && sudo apt-get install cabextract
	- name: Install OS dependencies for testing PDF
	if: env.sbom != 'true'
	run: sudo apt-get install build-essential libpoppler-cpp-dev pkg-config python3-dev
	- name: Install pdftotext, reportlab and cve-bin-tool
	if: env.sbom != 'true'
	run: \|
	python -m pip install --upgrade pip
	python -m pip install --upgrade setuptools
	python -m pip install --upgrade wheel
	python -m pip install --upgrade pdftotext
	python -m pip install --upgrade reportlab
	python -m pip install --upgrade .[dev]
	- name: Try single CLI run of tool
	if: env.sbom != 'true'
	run: \|
	[[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
	NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
	cp -r ~/.cache/cve-bin-tool cache
	- name: Run async tests
	if: env.sbom != 'true'
	run: >
	pytest -n 8 -v --durations=50
	--ignore=test/test_cli.py
	--ignore=test/test_cvedb.py
	--ignore=test/test_html.py
	--ignore=test/test_json.py
	- name: Run synchronous tests
	if: env.sbom != 'true'
	run: >
	pytest -v --durations=50
	test/test_cli.py
	test/test_cvedb.py

	long_tests:
	name: Long tests on Python 3.13
	permissions:
	contents: read
	if: \|
	! github.event.pull_request.user.login == 'github-actions[bot]' \|\|
	! (
	startsWith(github.head_ref, 'chore-sbom-py') \|\|
	contains(
	fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
	github.head_ref
	)
	)
	runs-on: 'ubuntu-latest'
	timeout-minutes: 120
	env:
	LONG_TESTS: 1

	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: '3.13'
	cache: 'pip'

	- name: "Skip tests if this is an automated sbom job"
	env:
	COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
	run: \|
	if ${COMMIT_VAR} == true; then
	echo "sbom=true" >> $GITHUB_ENV
	echo "sbom set to true"
	else
	echo "sbom=false" >> $GITHUB_ENV
	echo "sbom set to false"
	fi

	- name: Get date
	id: get-date
	run: \|
	echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	- name: Print Cache Keys
	run: \|
	echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
	echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
	- name: Get today's cached database
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	id: todays-cache
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
	- name: Get yesterday's cached database if today's is not available
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	if: steps.todays-cache.outputs.cache-hit != 'true'
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}

	- name: Install cabextract
	if: env.sbom != 'true'
	run: sudo apt-get update && sudo apt-get install cabextract
	- name: Install OS dependencies for testing PDF
	if: env.sbom != 'true'
	run: sudo apt-get install build-essential libpoppler-cpp-dev pkg-config python3-dev
	- name: Install pdftotext, reportlab and cve-bin-tool
	if: env.sbom != 'true'
	run: \|
	python -m pip install --upgrade pip
	python -m pip install --upgrade setuptools
	python -m pip install --upgrade wheel
	python -m pip install --upgrade pdftotext
	python -m pip install --upgrade reportlab
	python -m pip install --editable .[dev]
	- name: Try single CLI run of tool
	if: env.sbom != 'true'
	run: \|
	[[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
	NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
	cp -r ~/.cache/cve-bin-tool cache
	- name: Run async tests
	if: env.sbom != 'true'
	run: >
	pytest
	--cov
	--cov-report=xml
	--cov-append -n 8
	--junitxml=junit.xml
	-o junit_family=legacy
	-v --durations=50
	--ignore=test/test_cli.py
	--ignore=test/test_cvedb.py
	--ignore=test/test_html.py
	--ignore=test/test_json.py
	--ignore=test/test_scanner.py
	--ignore=test/test_language_parser.py
	- name: Upload code coverage to codecov
	if: env.sbom != 'true'
	uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: coverage.xml
	flags: long_tests
	name: codecov-umbrella
	fail_ci_if_error: false
	- name: Upload test results to Codecov
	if: ${{ !cancelled() }}
	uses: codecov/test-results-action@v1
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	flags: long_tests
	files: junit.xml
	fail_ci_if_error: false


	long_tests_languages:
	name: Long tests on Python 3.13 (language parsers)
	permissions:
	contents: read
	if: \|
	! github.event.pull_request.user.login == 'github-actions[bot]' \|\|
	! (
	startsWith(github.head_ref, 'chore-sbom-py') \|\|
	contains(
	fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
	github.head_ref
	)
	)
	runs-on: 'ubuntu-latest'
	timeout-minutes: 120
	env:
	LONG_TESTS: 1

	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: '3.13'
	cache: 'pip'

	- name: "Skip tests if this is an automated sbom job"
	env:
	COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
	run: \|
	if ${COMMIT_VAR} == true; then
	echo "sbom=true" >> $GITHUB_ENV
	echo "sbom set to true"
	else
	echo "sbom=false" >> $GITHUB_ENV
	echo "sbom set to false"
	fi

	- name: Get date
	id: get-date
	run: \|
	echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	- name: Print Cache Keys
	run: \|
	echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
	echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
	- name: Get today's cached database
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	id: todays-cache
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
	- name: Get yesterday's cached database if today's is not available
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	if: steps.todays-cache.outputs.cache-hit != 'true'
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}

	- name: Install cve-bin-tool
	if: env.sbom != 'true'
	run: \|
	python -m pip install --upgrade pip
	python -m pip install --upgrade setuptools
	python -m pip install --upgrade wheel
	python -m pip install --editable .[dev]
	- name: Try single CLI run of tool
	if: env.sbom != 'true'
	run: \|
	[[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
	NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
	cp -r ~/.cache/cve-bin-tool cache
	- name: Run language scanner tests
	if: env.sbom != 'true'
	run: >
	pytest
	--cov
	--cov-report=xml
	--junitxml=junit.xml
	-o junit_family=legacy
	--cov-append -n 8
	-v --durations=50
	test/test_language_scanner.py
	- name: Upload code coverage to codecov
	if: env.sbom != 'true'
	uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: coverage.xml
	flags: long_tests_languages
	name: codecov-umbrella
	fail_ci_if_error: false
	- name: Upload test results to Codecov
	if: ${{ !cancelled() }}
	uses: codecov/test-results-action@v1
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	flags: long_tests_languages
	files: junit.xml
	fail_ci_if_error: false


	long_tests_scanners:
	name: Long tests on Python 3.13 (scanners)
	permissions:
	contents: read
	if: \|
	! github.event.pull_request.user.login == 'github-actions[bot]' \|\|
	! (
	startsWith(github.head_ref, 'chore-sbom-py') \|\|
	contains(
	fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
	github.head_ref
	)
	)
	runs-on: 'ubuntu-latest'
	timeout-minutes: 120
	env:
	LONG_TESTS: 1

	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: '3.13'
	cache: 'pip'

	- name: "Skip tests if this is an automated sbom job"
	env:
	COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
	run: \|
	if ${COMMIT_VAR} == true; then
	echo "sbom=true" >> $GITHUB_ENV
	echo "sbom set to true"
	else
	echo "sbom=false" >> $GITHUB_ENV
	echo "sbom set to false"
	fi

	- name: Get date
	id: get-date
	run: \|
	echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	- name: Print Cache Keys
	run: \|
	echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
	echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
	- name: Get today's cached database
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	id: todays-cache
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
	- name: Get yesterday's cached database if today's is not available
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	if: steps.todays-cache.outputs.cache-hit != 'true'
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}

	- name: Install cve-bin-tool
	if: env.sbom != 'true'
	run: \|
	python -m pip install --upgrade pip
	python -m pip install --upgrade setuptools
	python -m pip install --upgrade wheel
	python -m pip install --editable .[dev]
	- name: Try single CLI run of tool
	if: env.sbom != 'true'
	run: \|
	[[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
	NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
	cp -r ~/.cache/cve-bin-tool cache
	- name: Run binary scanner tests
	if: env.sbom != 'true'
	run: >
	pytest
	--cov
	--cov-report=xml
	--junitxml=junit.xml
	-o junit_family=legacy
	--cov-append -n 8
	-v --durations=50
	test/test_scanner.py
	- name: Upload code coverage to codecov
	if: env.sbom != 'true'
	uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: coverage.xml
	flags: long_tests_scanners
	name: codecov-umbrella
	fail_ci_if_error: false
	- name: Upload test results to Codecov
	if: ${{ !cancelled() }}
	uses: codecov/test-results-action@v1
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: junit.xml
	flags: long_tests_scanners
	fail_ci_if_error: false


	long_tests_sync:
	name: Long tests on Python 3.13 (synchronous)
	permissions:
	contents: read
	if: \|
	! github.event.pull_request.user.login == 'github-actions[bot]' \|\|
	! (
	startsWith(github.head_ref, 'chore-sbom-py') \|\|
	contains(
	fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
	github.head_ref
	)
	)
	runs-on: 'ubuntu-latest'
	timeout-minutes: 120
	env:
	LONG_TESTS: 1

	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: '3.13'
	cache: 'pip'

	- name: "Skip tests if this is an automated sbom job"
	env:
	COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
	run: \|
	if ${COMMIT_VAR} == true; then
	echo "sbom=true" >> $GITHUB_ENV
	echo "sbom set to true"
	else
	echo "sbom=false" >> $GITHUB_ENV
	echo "sbom set to false"
	fi

	- name: Get date
	id: get-date
	run: \|
	echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	- name: Print Cache Keys
	run: \|
	echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
	echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
	- name: Get today's cached database
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	id: todays-cache
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
	- name: Get yesterday's cached database if today's is not available
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	if: steps.todays-cache.outputs.cache-hit != 'true'
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}

	- name: Install pdftotext, reportlab and cve-bin-tool
	if: env.sbom != 'true'
	run: \|
	python -m pip install --upgrade pip
	python -m pip install --upgrade setuptools
	python -m pip install --upgrade wheel
	python -m pip install --editable .[dev]
	- name: Try single CLI run of tool
	if: env.sbom != 'true'
	run: \|
	[[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
	NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
	cp -r ~/.cache/cve-bin-tool cache
	- name: Run synchronous tests
	if: env.sbom != 'true'
	run: >
	pytest
	-v --cov
	--cov-report=xml
	--junitxml=junit.xml
	-o junit_family=legacy
	--cov-append
	--durations=50
	test/test_cli.py
	test/test_cvedb.py
	- name: Upload code coverage to codecov
	if: env.sbom != 'true'
	uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: coverage.xml
	flags: long_tests_sync
	name: codecov-umbrella
	fail_ci_if_error: false
	- name: Upload test results to Codecov
	if: ${{ !cancelled() }}
	uses: codecov/test-results-action@v1
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	flags: long_tests_sync
	files: junit.xml
	fail_ci_if_error: false



	linux-mayfail:
	name: Tests that may fail due to network or HTML
	permissions:
	contents: read
	if: \|
	! github.event.pull_request.user.login == 'github-actions[bot]' \|\|
	! (
	startsWith(github.head_ref, 'chore-sbom-py') \|\|
	contains(
	fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
	github.head_ref
	)
	)
	runs-on: ubuntu-latest
	timeout-minutes: 45
	env:
	EXTERNAL_SYSTEM: 1
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
	with:
	egress-policy: block
	allowed-endpoints: >
	access.redhat.com:443
	api.github.com:443
	azure.archive.ubuntu.com:80
	cdn.playwright.dev:443
	csrc.nist.gov:443
	curl.se:443
	cveb.in:443
	epss.empiricalsecurity.com:443
	errata.almalinux.org:443
	esm.ubuntu.com:443
	files.pythonhosted.org:443
	github.com:443
	gitlab.com:443
	mirror.cveb.in:443
	mirror.cveb.in:80
	motd.ubuntu.com:443
	nvd.nist.gov:443
	osv-vulnerabilities.storage.googleapis.com:443
	packages.microsoft.com:443
	playwright.azureedge.net:443
	playwright.download.prss.microsoft.com:443
	ppa.launchpadcontent.net:443
	pypi.org:443
	release-monitoring.org:443
	scap.nist.gov:443
	security-tracker.debian.org:443
	services.nvd.nist.gov:443
	storage.googleapis.com:443
	www.cisa.gov:443
	www.sqlite.org:443

	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: '3.13'
	cache: 'pip'
	- name: Get date
	id: get-date
	run: \|
	echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
	- name: Print Cache Keys
	run: \|
	echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
	echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
	- name: Get today's cached database
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	id: todays-cache
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
	- name: Get yesterday's cached database if today's is not available
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	if: steps.todays-cache.outputs.cache-hit != 'true'
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
	- uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2
	with:
	PATTERNS: \|
	cve_bin_tool/data_sources/*.py
	FILES: \|
	test_available_fix.py
	test_source_osv.py
	test_source_gad.py
	test_source_nvd.py
	test_cli.py
	test_nvd_api.py
	test_cvedb.py
	test_scanner.py
	cli.py
	nvd_api.py
	cvedb.py
	- uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1
	id: git-diff
	with:
	cond: ${{ (github.event.inputs.externalSystem == 'true') \|\| (env.GIT_DIFF != '') }}
	if_true: '1'
	if_false: '0'
	- name: Install cve-bin-tool
	run: \|
	python -m pip install --upgrade pip
	python -m pip install --upgrade setuptools
	python -m pip install --upgrade wheel
	python -m pip install --editable .[dev]
	- name: Install playwright dependencies for HTML tests
	run: \|
	python -m playwright install chromium --with-deps
	- name: Try single CLI run of tool
	run: \|
	[[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
	NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
	cp -r ~/.cache/cve-bin-tool cache
	- name: Run all tests which rely on external connectivity
	env:
	EXTERNAL_SYSTEM: ${{ steps.git-diff.outputs.value }}
	run: >
	pytest -v --durations=0
	test/test_source_osv.py
	test/test_source_gad.py
	test/test_source_nvd.py
	test/test_nvd_api.py
	test/test_cvedb.py
	test/test_available_fix.py
	- name: Run HTML tests
	run: \|
	pytest -v -n auto test/test_html.py test/test_output_engine_html.py test/test_output_engine_print_mode.py test/test_output_engine_init.py --durations=0
	- name: Run json tests as they may fail due to NVD data validation issue or download timing
	run: >
	pytest -v --durations=0
	test/test_json.py

	windows_long_tests:
	name: Windows long tests
	permissions:
	contents: read
	if: \|
	! github.event.pull_request.user.login == 'github-actions[bot]' \|\|
	! (
	startsWith(github.head_ref, 'chore-sbom-py') \|\|
	contains(
	fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
	github.head_ref
	)
	)
	runs-on: windows-latest
	timeout-minutes: 150
	env:
	LONG_TESTS: 1
	NO_EXIT_CVE_NUM: 1
	PYTHONIOENCODING: 'utf8'
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
	with:
	egress-policy: audit

	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
	with:
	python-version: '3.12'
	cache: 'pip'
	- name: Get date
	id: get-date
	run: \|
	echo "DATE=$(get-date -format "yyyyMMdd")" \| Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
	echo "YESTERDAY=$(get-date (get-date).addDays(-1) -format "yyyyMMdd")" \| Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
	- name: Print Cache Keys
	run: \|
	echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}"
	echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}"
	- name: Get today's cached database
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	id: todays-cache
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}
	enableCrossOsArchive: true
	- name: Get yesterday's cached database if today's is not available
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	if: steps.todays-cache.outputs.cache-hit != 'true'
	with:
	path: cache
	key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}
	enableCrossOsArchive: true
	- name: Move cache to ~/.cache/cve-bin-tool
	run: \|
	mkdir '~\.cache'
	if (Test-Path -Path cache) { mv cache '~\.cache\cve-bin-tool' }
	- name: Install cve-bin-tool
	run: \|
	python -m pip install --upgrade pip
	python -m pip install --upgrade setuptools
	python -m pip install --upgrade wheel
	python -m pip install --upgrade .[dev]
	- name: Try single CLI run of tool
	run: \|
	python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
	- name: Run async tests
	run: >
	pytest
	--cov
	--cov-report=xml
	--junitxml=junit.xml
	-o junit_family=legacy
	--cov-append -n 8
	-v --durations=50
	--ignore=test/test_cli.py
	--ignore=test/test_cvedb.py
	--ignore=test/test_html.py
	--ignore=test/test_json.py
	- name: Run synchronous tests
	run: >
	pytest
	-v --cov
	--cov-report=xml
	--junitxml=junit.xml
	-o junit_family=legacy
	--cov-append
	--cov-report=xml
	--durations=50
	test/test_cli.py
	test/test_cvedb.py
	- name: Cache conda
	uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
	env:
	# Increase to reset cache if dependencies have not changed
	CACHE_NUMBER: 0
	with:
	path: ~/conda_pkgs_dir
	key: ${{ runner.os }}-conda-${{ env.CACHE_NUMBER }}-${{
	hashFiles('pyproject.toml') }}
	- uses: conda-incubator/setup-miniconda@fc2d68f6413eb2d87b895e92f8584b5b94a10167 # v3.3.0
	with:
	auto-update-conda: true
	activate-environment: pdftotext
	use-only-tar-bz2: true # IMPORTANT: This needs to be set for caching to work properly!
	- name: Install pdftotext, reportlab and cve-bin-tool
	# because of the use-only-tar-bz2 flag above, the latest pdftotext version we
	# can get is 2.2.2 for Python 3.11. Newer versions with Python 3.12+ support
	# come in .conda format which doesn't work with the caching setup we have
	run: \|
	conda install -c conda-forge python=3.11 poppler pdftotext
	python -m pip install --upgrade pip
	python -m pip install --upgrade setuptools
	python -m pip install --upgrade wheel
	python -m pip install --upgrade reportlab
	python -m pip install --upgrade .[dev]
	- name: Test PDF generation on Windows
	run: >
	pytest
	test/test_output_engine.py
	-k test_output_pdf
	--cov
	--cov-append
	--cov-report=xml
	--junitxml=junit.xml
	-o junit_family=legacy
	--durations=50
	- name: Upload code coverage to codecov
	uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
	with:
	files: coverage.xml
	flags: windows_long_tests
	name: codecov-umbrella
	fail_ci_if_error: false
	token: ${{ secrets.CODECOV_TOKEN }}
	- name: Upload test results to Codecov
	if: ${{ !cancelled() }}
	uses: codecov/test-results-action@v1
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	flags: windows_long_tests
	files: junit.xml
	fail_ci_if_error: false

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs: add code coverage section to test README #10223

Workflow file

docs: add code coverage section to test README #10223

Uh oh!

Workflow file for this run