Skip to content
Pre-merge Tests

Feature/gh action creation #1

Sign in to view logs

Feature/gh action creation

Feature/gh action creation #1

Workflow file for this run

.github/workflows/pre-merge.yaml at d55f2f4
name: Pre-merge Tests
on:
pull_request:
branches: [main]
push:
branches: [main]
jobs:
test-sbom-upload:
runs-on: ubuntu-latest
timeout-minutes: 25
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Python 3.13
uses: actions/setup-python@v5
with:
python-version: "3.13"
cache: "pip"
- name: Install dependencies
run: |
pip install -r requirements.txt
- name: Start Dependency Track
run: |
# Start DT with the official docker compose but use host networking for easier access
cd tests/docker
docker-compose -f docker-compose.yml up -d
- name: Wait for Dependency Track
run: |
echo "⏳ Waiting for Dependency Track to be fully ready..."
# Wait for health check to pass
timeout 600 bash -c '
until curl -f http://localhost:8081/api/version >/dev/null 2>&1; do
echo "Waiting for Dependency Track API... ($(date))"
sleep 15
done
'
# Give extra time for full initialization
echo "✅ API responding, waiting for full initialization..."
sleep 60
# Verify API is really ready
curl -v http://localhost:8081/api/version
- name: Setup Test Environment
run: |
bash .github/scripts/setup-ci.sh
# Export API key to environment for subsequent steps
if [ -f /tmp/api_key.txt ]; then
API_KEY=$(cat /tmp/api_key.txt)
echo "TEST_API_KEY=$API_KEY" >> $GITHUB_ENV
echo "INPUT_API_KEY=$API_KEY" >> $GITHUB_ENV
echo "✅ API key exported to environment"
else
echo "❌ No API key file found"
exit 1
fi
# Set up other environment variables
echo "INPUT_URL=http://localhost:8081" >> $GITHUB_ENV
- name: Test CLI Help and Version Functions
run: |
echo "🧪 Testing CLI help..."
python3 src/main.py --help
echo "🧪 Testing version functions..."
python3 tests/test_version.py
- name: Test Input Validation
run: |
echo "🧪 Testing input validation..."
python3 src/main.py validate-inputs
- name: Test Connection (Expected Auth Failure)
continue-on-error: true
run: |
echo "🧪 Testing connection (expecting auth failure with test key)..."
python3 src/main.py test-connection
- name: Test Single SBOM Upload (Dry Run)
run: |
echo "🧪 Testing single SBOM upload (dry run)..."
python3 src/main.py upload-auto \
--sbom-file "tests/single_sbom/nginx_12.9.1.json" \
--project-name "test-nginx" \
--project-version "12.9.1" \
--dry-run
- name: Test Multiple SBOM Upload (Dry Run)
run: |
echo "🧪 Testing multiple SBOM upload (dry run)..."
python3 src/main.py upload-nested \
--parent-name "test-multi-app" \
--parent-version "1.0.0" \
--sbom-dir "tests/multiple_sbom/" \
--dry-run
- name: Test Hierarchy Upload (Dry Run)
run: |
echo "🧪 Testing hierarchy upload (dry run)..."
python3 src/main.py upload-hierarchy \
--config-file "tests/hierarchy-example.json" \
--dry-run
- name: Test GitHub Action Style Uploads
run: |
echo "🧪 Testing GitHub Action style upload (single)..."
export INPUT_PROJECT_SBOM="tests/single_sbom/nginx_12.9.1.json"
export INPUT_PROJECT_NAME="gh-action-test"
export INPUT_PROJECT_VERSION="1.0.0"
export INPUT_IS_LATEST="true"
python3 src/main.py upload
echo "🧪 Testing GitHub Action style upload (multiple)..."
unset INPUT_PROJECT_SBOM
export INPUT_PROJECT_SBOM_LIST="tests/sbom-list-example.txt"
export INPUT_PROJECT_PREFIX="gh-multi-"
python3 src/main.py upload
- name: Verify Project Hierarchy
run: |
echo "🔍 Verifying project hierarchy..."
python3 src/main.py show-hierarchy --project-name "meta_app" || echo "Hierarchy display completed"
- name: Test End-to-End Suite
run: |
echo "🧪 Running end-to-end test suite..."
./test-e2e.sh
- name: Check Docker Logs (Debug)
if: failure()
run: |
echo "🔍 Dependency Track logs:"
cd tests/docker
docker-compose -f docker-compose-ci.yml logs apiserver --tail=100
- name: Cleanup
if: always()
run: |
echo "🧹 Cleaning up..."
cd tests/docker
docker-compose -f docker-compose-ci.yml down -v || true
docker system prune -f || true
rm -f ../../api_key.txt