chore(tests): add delta SBOM validation #820
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (C) 2025 Siemens | |
| # | |
| # SPDX-License-Identifier: MIT | |
| name: Tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| jobs: | |
| test-minimal-deps: | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| matrix: | |
| sbom-type: ["cdx", "spdx"] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.14 | |
| - name: Install required dependencies for ${{ matrix.sbom-type }} | |
| shell: bash | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install .[${{ matrix.sbom-type }}] | |
| - name: Test the generate command with minimal dependencies for ${{ matrix.sbom-type }} | |
| shell: bash | |
| run: $(which debsbom) -v generate -t ${{ matrix.sbom-type }} -o sbom --root tests/root/tree --validate | |
| - name: Install test dependencies for ${{ matrix.sbom-type }} | |
| shell: bash | |
| run: pip install .[mindev] | |
| - name: Test pytest for subset ${{ matrix.sbom-type }} | |
| shell: bash | |
| run: pytest | |
| test: | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| matrix: | |
| python-version: ["3.11", "3.12", "3.13", "3.14"] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - uses: ./.github/actions/pytest | |
| with: | |
| artifact-identifier: "${{ matrix.python-version }}" | |
| test-python-apt: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Check if python-apt is available | |
| run: python -c "import apt" | |
| - uses: ./.github/actions/pytest | |
| with: | |
| artifact-identifier: "python-apt" | |
| coverage: | |
| name: Check coverage | |
| needs: test | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.13 | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade coverage[toml] | |
| pip install .[dev] | |
| - name: Download coverage data | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: coverage-data-* | |
| merge-multiple: true | |
| - name: Check coverage and fail it it’s under 85% | |
| run: | | |
| cat >.coveragerc <<EOF | |
| [run] | |
| source = debsbom | |
| [paths] | |
| source = | |
| src/debsbom | |
| */site-packages/debsbom | |
| */runner/work/debsbom/src/debsbom | |
| EOF | |
| python -m coverage combine | |
| python -m coverage html --skip-covered --skip-empty | |
| # Report and write to summary. | |
| python -m coverage report | sed 's/^/ /' >> $GITHUB_STEP_SUMMARY | |
| # Report again and fail if under 85%. | |
| python -Im coverage report --fail-under=85 | |
| - name: Upload HTML report if check failed | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: html-report | |
| path: htmlcov | |
| if: ${{ failure() }} |