Add crates.io enichment option for rust audit binary, json schema and spdx license updates. #9423
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Validations" | |
on: | |
workflow_dispatch: | |
pull_request: | |
push: | |
branches: | |
- main | |
permissions: | |
contents: read | |
jobs: | |
Static-Analysis: | |
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
name: "Static analysis" | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
- name: Run static analysis | |
run: make static-analysis | |
Unit-Test: | |
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
name: "Unit tests" | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
with: | |
download-test-fixture-cache: true | |
- name: Run unit tests | |
run: make unit | |
Integration-Test: | |
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
name: "Integration tests" | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
with: | |
download-test-fixture-cache: true | |
- name: Validate syft output against the CycloneDX schema | |
run: make validate-cyclonedx-schema | |
- name: Run integration tests | |
run: make integration | |
Build-Snapshot-Artifacts: | |
name: "Build snapshot artifacts" | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
with: | |
bootstrap-apt-packages: "" | |
- name: Build snapshot artifacts | |
run: make snapshot | |
# why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach). | |
# see https://github.com/actions/upload-artifact/issues/199 for more info | |
- name: Upload snapshot artifacts | |
uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0 | |
with: | |
# we need to preserve the snapshot data itself as well as the task data that confirms if the | |
# snapshot build is stale or not. Otherwise the downstream jobs will attempt to rebuild the snapshot | |
# even though it already exists. | |
path: | | |
snapshot | |
.task | |
key: snapshot-build-${{ github.run_id }} | |
Acceptance-Linux: | |
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
name: "Acceptance tests (Linux)" | |
needs: [Build-Snapshot-Artifacts] | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
with: | |
download-test-fixture-cache: true | |
- name: Download snapshot build | |
id: snapshot-cache | |
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0 | |
with: | |
path: | | |
snapshot | |
.task | |
fail-on-cache-miss: true | |
key: snapshot-build-${{ github.run_id }} | |
# workaround for https://github.com/actions/cache/issues/1265 | |
- name: (cache-miss) Snapshot build missing | |
if: steps.snapshot-cache.outputs.cache-hit != 'true' | |
run: echo "unable to download snapshots from previous job" && false | |
- name: Run comparison tests (Linux) | |
run: make compare-linux | |
- name: Load test image cache | |
if: steps.install-test-image-cache.outputs.cache-hit == 'true' | |
run: make install-test-cache-load | |
- name: Run install.sh tests (Linux) | |
run: make install-test | |
- name: (cache-miss) Create test image cache | |
if: steps.install-test-image-cache.outputs.cache-hit != 'true' | |
run: make install-test-cache-save | |
Acceptance-Mac: | |
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
name: "Acceptance tests (Mac)" | |
needs: [Build-Snapshot-Artifacts] | |
runs-on: macos-latest | |
steps: | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@v3.7.0 | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
with: | |
bootstrap-apt-packages: "" | |
go-dependencies: false | |
download-test-fixture-cache: true | |
- name: Download snapshot build | |
id: snapshot-cache | |
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0 | |
with: | |
path: | | |
snapshot | |
.task | |
fail-on-cache-miss: true | |
key: snapshot-build-${{ github.run_id }} | |
# workaround for https://github.com/actions/cache/issues/1265 | |
- name: (cache-miss) Snapshot build missing | |
if: steps.snapshot-cache.outputs.cache-hit != 'true' | |
run: echo "unable to download snapshots from previous job" && false | |
- name: Run comparison tests (Mac) | |
run: make compare-mac | |
- name: Run install.sh tests (Mac) | |
run: make install-test-ci-mac | |
Cli-Linux: | |
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
name: "CLI tests (Linux)" | |
needs: [Build-Snapshot-Artifacts] | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
with: | |
download-test-fixture-cache: true | |
- name: Download snapshot build | |
id: snapshot-cache | |
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0 | |
with: | |
path: | | |
snapshot | |
.task | |
fail-on-cache-miss: true | |
key: snapshot-build-${{ github.run_id }} | |
# workaround for https://github.com/actions/cache/issues/1265 | |
- name: (cache-miss) Snapshot build missing | |
if: steps.snapshot-cache.outputs.cache-hit != 'true' | |
run: echo "unable to download snapshots from previous job" && false | |
- name: Run CLI Tests (Linux) | |
run: make cli | |
Cleanup-Cache: | |
name: "Cleanup snapshot cache" | |
if: github.event.pull_request.head.repo.full_name == github.repository | |
runs-on: ubuntu-20.04 | |
permissions: | |
actions: write | |
needs: | |
- Acceptance-Linux | |
- Acceptance-Mac | |
- Cli-Linux | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 | |
- name: Delete snapshot cache | |
run: gh cache delete "snapshot-build-${{ github.run_id }}" | |
env: | |
GH_TOKEN: ${{ github.token }} |