From 73a4262e6666e392b509f0fd44e3e655635a6897 Mon Sep 17 00:00:00 2001
From: firelight flagboy <firelight.flagboy@gmail.com>
Date: Fri, 9 Jun 2023 18:28:13 +0200
Subject: [PATCH] Add `syft` tool

Closes #135
---
 .github/.cspell/project-dictionary.txt |  1 +
 .github/workflows/ci.yml               | 10 +++----
 manifests/syft.json                    | 40 ++++++++++++++++++++++++++
 tools/codegen/base/syft.json           | 20 +++++++++++++
 4 files changed, 66 insertions(+), 5 deletions(-)
 create mode 100644 manifests/syft.json
 create mode 100644 tools/codegen/base/syft.json

diff --git a/.github/.cspell/project-dictionary.txt b/.github/.cspell/project-dictionary.txt
index 7d572bc40..fb6b32c65 100644
--- a/.github/.cspell/project-dictionary.txt
+++ b/.github/.cspell/project-dictionary.txt
@@ -17,6 +17,7 @@ quickinstall
 rockylinux
 shellcheck
 shfmt
+syft
 udeps
 wasmtime
 watchexec
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 62d29cdcc..f28abfd95 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -44,19 +44,19 @@ jobs:
         tool:
           # cargo-watch/watchexec-cli is supported by cargo-binstall (through quickinstall)
           # TODO: valgrind installation sometime hangs.
-          - cargo-hack,cargo-llvm-cov,cargo-minimal-versions,cargo-no-dev-deps,parse-changelog,cargo-udeps,cargo-valgrind,cargo-deny,cross,dprint,just,nextest,protoc,shellcheck,shfmt,wasm-pack,wasmtime,mdbook,mdbook-linkcheck,cargo-watch,grcov,watchexec-cli,cargo-tarpaulin,zola
+          - cargo-hack,cargo-llvm-cov,cargo-minimal-versions,cargo-no-dev-deps,parse-changelog,cargo-udeps,cargo-valgrind,cargo-deny,cross,dprint,just,nextest,protoc,shellcheck,shfmt,wasm-pack,wasmtime,mdbook,mdbook-linkcheck,cargo-watch,grcov,watchexec-cli,cargo-tarpaulin,zola,syft
         include:
           # Note: Specifying the version of valgrind and cargo-binstall is not supported.
           - os: ubuntu-20.04
-            tool: cargo-hack@0.5.24,cargo-llvm-cov@0.5.3,cargo-minimal-versions@0.1.8,cargo-no-dev-deps@0.1.0,parse-changelog@0.5.2,cargo-udeps@0.1.35,cargo-valgrind@2.1.0,cargo-deny@0.13.5,cross@0.2.4,dprint@0.34.1,just@1.9.0,nextest@0.9.11,protoc@3.21.12,shellcheck@0.9.0,shfmt@3.6.0,wasm-pack@0.10.3,wasmtime@4.0.0,mdbook@0.4.25,mdbook-linkcheck@0.7.7,cargo-watch@8.1.1,grcov@0.8.13,watchexec-cli@1.20.5,cargo-tarpaulin@0.25.0,zola@0.16.1
+            tool: cargo-hack@0.5.24,cargo-llvm-cov@0.5.3,cargo-minimal-versions@0.1.8,cargo-no-dev-deps@0.1.0,parse-changelog@0.5.2,cargo-udeps@0.1.35,cargo-valgrind@2.1.0,cargo-deny@0.13.5,cross@0.2.4,dprint@0.34.1,just@1.9.0,nextest@0.9.11,protoc@3.21.12,shellcheck@0.9.0,shfmt@3.6.0,wasm-pack@0.10.3,wasmtime@4.0.0,mdbook@0.4.25,mdbook-linkcheck@0.7.7,cargo-watch@8.1.1,grcov@0.8.13,watchexec-cli@1.20.5,cargo-tarpaulin@0.25.0,zola@0.16.1,syft@0.83.0
           - os: ubuntu-20.04
-            tool: cargo-hack@0.5,cargo-llvm-cov@0.5,cargo-minimal-versions@0.1,cargo-no-dev-deps@0.1,parse-changelog@0.5,cargo-udeps@0.1,cargo-valgrind@2.1,cargo-deny@0.13,cross@0.2,dprint@0.34,just@1.9,nextest@0.9,protoc@3.21,shellcheck@0.9,shfmt@3.5,wasm-pack@0.10,wasmtime@6.0,mdbook@0.4,mdbook-linkcheck@0.7,cargo-watch@8.1,grcov@0.8,watchexec-cli@1.20,cargo-tarpaulin@0.25,zola@0.16
+            tool: cargo-hack@0.5,cargo-llvm-cov@0.5,cargo-minimal-versions@0.1,cargo-no-dev-deps@0.1,parse-changelog@0.5,cargo-udeps@0.1,cargo-valgrind@2.1,cargo-deny@0.13,cross@0.2,dprint@0.34,just@1.9,nextest@0.9,protoc@3.21,shellcheck@0.9,shfmt@3.5,wasm-pack@0.10,wasmtime@6.0,mdbook@0.4,mdbook-linkcheck@0.7,cargo-watch@8.1,grcov@0.8,watchexec-cli@1.20,cargo-tarpaulin@0.25,zola@0.16,syft@0.83
           - os: ubuntu-20.04
             tool: cargo-valgrind@2, just@1,protoc@3 , shfmt@3 ,wasmtime@7,cargo-watch@8,watchexec-cli@1
           - os: macos-11
-            tool: cargo-hack,cargo-llvm-cov,cargo-minimal-versions,cargo-no-dev-deps,parse-changelog,cargo-udeps,cargo-valgrind,cargo-deny,cross,dprint,just,nextest,protoc,shellcheck,shfmt,wasm-pack,wasmtime,mdbook,mdbook-linkcheck,cargo-watch,grcov,watchexec-cli,cargo-tarpaulin,zola
+            tool: cargo-hack,cargo-llvm-cov,cargo-minimal-versions,cargo-no-dev-deps,parse-changelog,cargo-udeps,cargo-valgrind,cargo-deny,cross,dprint,just,nextest,protoc,shellcheck,shfmt,wasm-pack,wasmtime,mdbook,mdbook-linkcheck,cargo-watch,grcov,watchexec-cli,cargo-tarpaulin,zola,syft
           - os: windows-2019
-            tool: cargo-hack,cargo-llvm-cov,cargo-minimal-versions,cargo-no-dev-deps,parse-changelog,cargo-udeps,cargo-valgrind,cargo-deny,cross,dprint,just,nextest,protoc,shellcheck,shfmt,wasm-pack,wasmtime,mdbook,mdbook-linkcheck,cargo-watch,grcov,watchexec-cli,cargo-tarpaulin,zola
+            tool: cargo-hack,cargo-llvm-cov,cargo-minimal-versions,cargo-no-dev-deps,parse-changelog,cargo-udeps,cargo-valgrind,cargo-deny,cross,dprint,just,nextest,protoc,shellcheck,shfmt,wasm-pack,wasmtime,mdbook,mdbook-linkcheck,cargo-watch,grcov,watchexec-cli,cargo-tarpaulin,zola,syft
     runs-on: ${{ matrix.os }}
     timeout-minutes: 60
     steps:
diff --git a/manifests/syft.json b/manifests/syft.json
new file mode 100644
index 000000000..84e5a0351
--- /dev/null
+++ b/manifests/syft.json
@@ -0,0 +1,40 @@
+{
+  "template": {
+    "x86_64_linux_gnu": {
+      "url": "https://github.com/anchore/syft/releases/download/v${version}/syft_${version}_linux_amd64.tar.gz",
+      "bin": "syft"
+    },
+    "x86_64_macos": {
+      "url": "https://github.com/anchore/syft/releases/download/v${version}/syft_${version}_darwin_amd64.tar.gz",
+      "bin": "syft"
+    },
+    "x86_64_windows": {
+      "url": "https://github.com/anchore/syft/releases/download/v${version}/syft_${version}_windows_amd64.zip",
+      "bin": "syft.exe"
+    },
+    "aarch64_linux_musl": {
+      "url": "https://github.com/anchore/syft/releases/download/v${version}/syft_${version}_linux_arm64.tar.gz",
+      "bin": "syft"
+    }
+  },
+  "latest": {
+    "version": "0.83.0"
+  },
+  "0.83": {
+    "version": "0.83.0"
+  },
+  "0.83.0": {
+    "x86_64_linux_gnu": {
+      "checksum": "694e97a454327403fb440544c41fefd83d37f88f43c4f9ae0b0d67a3562bd25c"
+    },
+    "x86_64_macos": {
+      "checksum": "211f34f2e52e842d3248bc3a72c07e534d0d7a8e40babaa7a2034a41a077b70e"
+    },
+    "x86_64_windows": {
+      "checksum": "9131f458fdbbc88fe1bd8df666721ecb95ff751d0ca3e2cffecfd5e021c65e97"
+    },
+    "aarch64_linux_musl": {
+      "checksum": "388fbea52598e44f8529e3432555c53e6e161211a83020d2b749c5d160baf593"
+    }
+  }
+}
diff --git a/tools/codegen/base/syft.json b/tools/codegen/base/syft.json
new file mode 100644
index 000000000..8a4380e00
--- /dev/null
+++ b/tools/codegen/base/syft.json
@@ -0,0 +1,20 @@
+{
+  "repository": "https://github.com/anchore/syft",
+  "tag_prefix": "v",
+  "bin": "${package}${exe}",
+  "version_range": ">= 0.83.0",
+  "platform": {
+    "x86_64_linux_gnu": {
+      "asset_name": "${package}_${version}_linux_amd64.tar.gz"
+    },
+    "x86_64_macos": {
+      "asset_name": "${package}_${version}_darwin_amd64.tar.gz"
+    },
+    "x86_64_windows": {
+      "asset_name": "${package}_${version}_windows_amd64.zip"
+    },
+    "aarch64_linux_musl": {
+      "asset_name": "${package}_${version}_linux_arm64.tar.gz"
+    }
+  }
+}