👷 add dependabot and tests #183
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "action-test" | |
| on: | |
| push: | |
| pull_request: | |
| jobs: | |
| test-as-action: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| path: ./ | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Download artifact | |
| shell: bash | |
| run: curl -o /tmp/Core-15.0.iso https://distro.ibiblio.org/tinycorelinux/15.x/x86/release/Core-15.0.iso | |
| - name: Scan repo | |
| uses: ./ | |
| with: | |
| target: ./ | |
| output-dir: "/tmp/test/sbom" | |
| vuln-report: True | |
| - name: Scan directory | |
| uses: ./ | |
| with: | |
| target: /usr/local/bin | |
| output-dir: "/tmp/test/sbom" | |
| syft-version: "1.10.0" | |
| name: "usrlocalbin" | |
| - name: Scan iso | |
| uses: ./ | |
| with: | |
| target: /tmp/Core-15.0.iso | |
| output-dir: "/tmp/test/sbom" | |
| version: "15.0" | |
| name: "tinycorelinux" | |
| vuln-report: False | |
| - name: Ensure generated sbom file for repo contains the expected content | |
| shell: bash | |
| run: | | |
| if jq -e '.components[] | select(.name == "lodash")' /tmp/test/sbom/repo_sbom_*.json > /dev/null; then | |
| echo "lodash is present in the JSON file." | |
| exit 0 | |
| else | |
| echo "lodash is NOT present in the JSON file." | |
| exit 1 | |
| fi | |
| - name: Ensure generated sbom file for iso contains the expected content | |
| shell: bash | |
| run: | | |
| if jq -e '.components[] | select(.version == "6.6.8-tinycore")' /tmp/test/sbom/iso_tinycorelinux_15.0.json > /dev/null; then | |
| echo "tinycore is present in the JSON file." | |
| exit 0 | |
| else | |
| echo "tinycore is NOT present in the JSON file." | |
| exit 1 | |
| fi | |
| - name: Ensure generated sbom file for dir contains the expected content | |
| shell: bash | |
| run: | | |
| if jq -e '.components[] | select(.purl == "pkg:golang/github.com/anchore/syft@v1.10.0")' /tmp/test/sbom/dir_bin_undefined.json > /dev/null; then | |
| echo "syft is present in the JSON file." | |
| exit 0 | |
| else | |
| echo "syft is NOT present in the JSON file." | |
| exit 1 | |
| fi | |
| - name: Print the content of generated sbom file | |
| shell: bash | |
| run: | | |
| for sbom in /tmp/test/sbom/*.json; do | |
| echo "Content of $sbom" | |
| cat $sbom | |
| done | |
| for sbom in /tmp/test/sbom/reports/*.html; do | |
| echo "Content of vulnerability result for SBOM: $sbom" | |
| cat $sbom | |
| done |