-
Notifications
You must be signed in to change notification settings - Fork 0
262 lines (232 loc) Β· 10.5 KB
/
Copy pathpre-merge.yaml
File metadata and controls
262 lines (232 loc) Β· 10.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
name: Pre-merge Tests
on:
pull_request:
branches: []
env:
INPUT_URL: "http://localhost:8081"
jobs:
test-sbom-upload:
runs-on: ubuntu-24.04
timeout-minutes: 25
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Set up Python 3.13
uses: actions/setup-python@v6
with:
python-version: "3.13"
cache: "pip"
- name: Install Python dependencies
run: |
pip install -r requirements.txt
- name: Install Docker Compose
run: |
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli docker-compose-plugin jq
- name: Start Dependency Track
run: |
# Start DT with the official docker compose but use host networking for easier access
cd tests/docker
docker compose -f docker-compose.yml up -d
- name: Wait for Dependency Track
run: |
echo "β³ Waiting for Dependency Track to be fully ready..."
# Wait for health check to pass
timeout 600 bash -c '
until curl -f $INPUT_URL/api/version >/dev/null 2>&1; do
echo "Waiting for Dependency Track API... ($(date))"
sleep 15
done
'
# Give extra time for full initialization
echo "β
API responding, waiting for full initialization..."
sleep 60
# Verify API is ready
curl -v $INPUT_URL/api/version
- name: Setup Test Environment
run: |
bash .github/scripts/setup-ci.sh
# Export API key to environment for subsequent steps
if [ -f /tmp/api_key.txt ]; then
API_KEY=$(cat /tmp/api_key.txt)
echo "INPUT_API_KEY=$API_KEY" >> $GITHUB_ENV
echo "β
API key exported to environment"
else
echo "β No API key file found"
exit 1
fi
- name: Test CLI Help
run: |
echo "π§ Testing CLI help..."
python3 src/main.py --help
- name: Test Input Validation
run: |
echo "β
Testing input validation..."
python3 src/main.py validate-inputs
- name: Test Version Functions
run: |
echo "π’ Testing version functions..."
python3 tests/test_version.py
- name: Test Single SBOM Upload
env:
INPUT_PROJECT_SBOM: "tests/single_sbom/nginx_12.9.1.json"
INPUT_PROJECT_NAME: "test-nginx"
INPUT_PROJECT_VERSION: "12.9.1"
INPUT_IS_LATEST: "true"
run: |
echo "π Testing single SBOM upload..."
python3 src/main.py upload
- name: Verify Single SBOM Upload
env:
INPUT_PROJECT_NAME: "test-nginx"
INPUT_PROJECT_VERSION: "12.9.1"
run: |
echo "π Verifying single SBOM upload..."
response=$(curl -s -H "X-API-Key: $INPUT_API_KEY" "$INPUT_URL/api/v1/project/lookup?name=$INPUT_PROJECT_NAME&version=$INPUT_PROJECT_VERSION")
if echo "$response" | jq -e . >/dev/null 2>&1; then
name=$(echo "$response" | jq -r '.name // "NOT FOUND"')
version=$(echo "$response" | jq -r '.version // "NO VERSION"')
echo " β
Found: $name v$version"
else
echo " β Failed - Response: $response"
exit 1
fi
- name: Test Multiple SBOM Upload with Parent Project
env:
INPUT_PROJECT_SBOM_DIR: "tests/multiple_sbom"
INPUT_PROJECT_PREFIX: "test-multi-"
INPUT_PARENT_PROJECT_NAME: "test-multi-parent"
INPUT_PARENT_PROJECT_VERSION: "6.6.6"
INPUT_PARENT_PROJECT_CLASSIFIER: "MACHINE_LEARNING_MODEL"
INPUT_PARENT_PROJECT_COLLECTION_LOGIC: "AGGREGATE_DIRECT_CHILDREN"
NGINX_VERSION: "1.29.1"
PROMETHEUS_VERSION: "v3.5.0"
PROMETHEUS_OPERATOR_VERSION: "v0.85.0"
run: |
echo "π Testing multiple SBOM upload with parent project..."
python3 src/main.py upload
- name: Verify Multiple SBOM Uploads with Parent Project
env:
NGINX_VERSION: "1.29.1"
PROMETHEUS_VERSION: "v3.5.0"
PROMETHEUS_OPERATOR_VERSION: "v0.85.0"
run: |
echo "π Verifying multiple SBOM uploads..."
echo " Checking parent project test-multi-parent..."
response=$(curl -s -H "X-API-Key: $INPUT_API_KEY" "$INPUT_URL/api/v1/project/lookup?name=test-multi-parent&version=6.6.6")
if echo "$response" | jq -e . >/dev/null 2>&1; then
name=$(echo "$response" | jq -r '.name // "NOT FOUND"')
version=$(echo "$response" | jq -r '.version // "NO VERSION"')
classifier=$(echo "$response" | jq -r '.classifier // "NO CLASSIFIER"')
collection_logic=$(echo "$response" | jq -r '.collectionLogic // "NO COLLECTION LOGIC"')
echo " β
Found parent: $name v$version ($classifier, $collection_logic)"
else
echo " β Failed - Response: $response"
exit 1
fi
echo " Checking test-multi-nginx..."
response=$(curl -s -H "X-API-Key: $INPUT_API_KEY" "$INPUT_URL/api/v1/project/lookup?name=test-multi-nginx&version=$NGINX_VERSION")
if echo "$response" | jq -e . >/dev/null 2>&1; then
name=$(echo "$response" | jq -r '.name // "NOT FOUND"')
version=$(echo "$response" | jq -r '.version // "NO VERSION"')
echo " β
Found: $name v$version"
else
echo " β Failed - Response: $response"
exit 1
fi
echo " Checking test-multi-quay.io/prometheus/prometheus..."
response=$(curl -s -H "X-API-Key: $INPUT_API_KEY" "$INPUT_URL/api/v1/project/lookup?name=test-multi-quay.io/prometheus/prometheus&version=$PROMETHEUS_VERSION")
if echo "$response" | jq -e . >/dev/null 2>&1; then
name=$(echo "$response" | jq -r '.name // "NOT FOUND"')
version=$(echo "$response" | jq -r '.version // "NO VERSION"')
echo " β
Found: $name v$version"
else
echo " β Failed - Response: $response"
exit 1
fi
echo " Checking test-multi-quay.io/prometheus-operator/prometheus-operator..."
response=$(curl -s -H "X-API-Key: $INPUT_API_KEY" "$INPUT_URL/api/v1/project/lookup?name=test-multi-quay.io/prometheus-operator/prometheus-operator&version=$PROMETHEUS_OPERATOR_VERSION")
if echo "$response" | jq -e . >/dev/null 2>&1; then
name=$(echo "$response" | jq -r '.name // "NOT FOUND"')
version=$(echo "$response" | jq -r '.version // "NO VERSION"')
echo " β
Found: $name v$version"
else
echo " β Failed - Response: $response"
exit 1
fi
- name: Test Nested Hierarchy Upload
env:
INPUT_PROJECT_SBOM_DIR: "tests/multiple_sbom"
INPUT_PARENT_PROJECT_NAME: "test-multi-app"
INPUT_PARENT_PROJECT_VERSION: "1.0.0"
INPUT_PARENT_PROJECT_CLASSIFIER: "APPLICATION"
INPUT_PARENT_PROJECT_COLLECTION_LOGIC: "AGGREGATE_LATEST_VERSION_CHILDREN"
run: |
echo "π Testing nested hierarchy upload..."
# Clear any prefix from previous test
unset INPUT_PROJECT_PREFIX
python3 src/main.py upload
- name: Verify Nested Hierarchy Upload
run: |
echo "π Verifying nested hierarchy upload..."
echo " Checking parent project test-multi-app..."
response=$(curl -s -H "X-API-Key: $INPUT_API_KEY" "$INPUT_URL/api/v1/project/lookup?name=test-multi-app&version=1.0.0")
if echo "$response" | jq -e . >/dev/null 2>&1; then
name=$(echo "$response" | jq -r '.name // "NOT FOUND"')
version=$(echo "$response" | jq -r '.version // "NO VERSION"')
echo " β
Found parent: $name v$version"
# Get parent UUID for checking children
parent_uuid=$(echo "$response" | jq -r '.uuid // ""')
if [ -n "$parent_uuid" ] && [ "$parent_uuid" != "null" ]; then
echo " Parent UUID: $parent_uuid"
echo " Checking child projects..."
children_response=$(curl -s -H "X-API-Key: $INPUT_API_KEY" "$INPUT_URL/api/v1/project/$parent_uuid/children")
if echo "$children_response" | jq -e . >/dev/null 2>&1; then
child_count=$(echo "$children_response" | jq 'length')
echo " β
Found $child_count child projects:"
echo "$children_response" | jq -r '.[].name' | sed 's/^/ - /'
else
echo " β Failed to get children - Response: $children_response"
exit 1
fi
else
echo " β Invalid parent UUID"
exit 1
fi
else
echo " β Parent not found - Response: $response"
exit 1
fi
- name: Test Summary
run: |
echo ""
echo "π Test Summary:"
echo " Single SBOM Upload: β
"
echo " Multiple SBOM Upload with Parent: β
"
echo " Nested Hierarchy Upload: β
"
echo ""
echo "β
All workflow components tested successfully!"
echo "π Ready for CI/CD pipeline"
- name: Check Docker Logs (Debug)
if: failure()
run: |
echo "π Dependency Track logs:"
cd tests/docker
docker compose -f docker-compose.yml logs apiserver --tail=100
- name: Cleanup
if: always()
run: |
echo "π§Ή Cleaning up..."
cd tests/docker
docker compose -f docker-compose.yml down -v || true