Skip to content

Commit 6f16d53

Browse files
baprustyfmoessbauer
baprusty
authored and
fmoessbauer
committed
chore(tests): add delta SBOM validation
Add a pytest to validate delta SBOM generation from base and target SBOMs. Verify only extra packages and their relationships appear in the delta. Add GitHub Actions workflow step to run `debsbom delta` on SPDX and CycloneDX SBOMs. Collect coverage for both SPDX and CDX delta runs. Signed-off-by: Badrikesh Prusty <badrikesh.prusty@siemens.com>
1 parent bba7c08 commit 6f16d53

File tree

6 files changed

+1726
-0
lines changed

6 files changed

+1726
-0
lines changed

.github/actions/pytest/action.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,14 @@ runs:
5252
export COVERAGE_FILE=".coverage.smoke-export.${{ inputs.artifact-identifier }}"
5353
coverage run $(which debsbom) -v export sbom-rp.spdx.json
5454
55+
- name: smoke test delta
56+
shell: bash
57+
run: |
58+
export COVERAGE_FILE=".coverage.delta.spdx.${{ inputs.artifact-identifier }}"
59+
coverage run $(which debsbom) -v delta --validate tests/data/delta-base.spdx.json tests/data/delta-target.spdx.json
60+
export COVERAGE_FILE=".coverage.delta.cdx.${{ inputs.artifact-identifier }}"
61+
coverage run $(which debsbom) -v delta --validate tests/data/delta-base.cdx.json tests/data/delta-target.cdx.json
62+
5563
- name: upload smoke test SBOMs
5664
uses: actions/upload-artifact@v4
5765
with:

0 commit comments

Comments
 (0)