Update references of SBoM to SBOM #1388
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Repo tests | |
on: | |
push: | |
branches: | |
- feature/* | |
- release/* | |
- fix/* | |
workflow_dispatch: | |
pull_request: | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: [18.x] | |
os: ['ubuntu-latest', 'windows-latest'] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '19' | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Install bazelisk - linux | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
curl -LO "https://github.com/bazelbuild/bazelisk/releases/download/v1.15.0/bazelisk-linux-amd64" | |
sudo mv bazelisk-linux-amd64 /usr/local/bin/bazel | |
- name: Install bazelisk - windows | |
if: matrix.os == 'windows-latest' | |
run: choco install -y bazel | |
- name: npm install, build and test | |
run: | | |
npm install | |
npm run build --if-present | |
npm run lint | |
npm test | |
mkdir -p repotests | |
mkdir -p bomresults | |
mkdir -p denoresults | |
env: | |
CI: true | |
- name: Setup Android SDK | |
uses: android-actions/setup-android@v2 | |
- uses: swift-actions/setup-swift@v1 | |
if: matrix.os == 'ubuntu-latest' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'ShiftLeftSecurity/shiftleft-java-example' | |
path: 'repotests/shiftleft-java-example' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'ShiftLeftSecurity/shiftleft-ts-example' | |
path: 'repotests/shiftleft-ts-example' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'ShiftLeftSecurity/shiftleft-go-example' | |
path: 'repotests/shiftleft-go-example' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'prabhu/shiftleft-scala-example' | |
path: 'repotests/shiftleft-scala-example' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'HooliCorp/vulnerable_net_core' | |
path: 'repotests/vulnerable_net_core' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'HooliCorp/Goatly.NET' | |
path: 'repotests/Goatly.NET' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'HooliCorp/DjanGoat' | |
path: 'repotests/DjanGoat' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'prabhu/Vulnerable-Web-Application' | |
path: 'repotests/Vulnerable-Web-Application' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'prabhu/railsgoat' | |
path: 'repotests/railsgoat' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'bazelbuild/examples' | |
path: 'repotests/bazel-examples' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'flutter/gallery' | |
path: 'repotests/gallery' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'gojek/ziggurat' | |
path: 'repotests/ziggurat' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'apple/swift-markdown' | |
path: 'repotests/swift-markdown' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'GoogleCloudPlatform/microservices-demo' | |
path: 'repotests/microservices-demo' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'zoom/meetingsdk-vuejs-sample' | |
path: 'repotests/meetingsdk-vuejs-sample' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'sveltejs/examples' | |
path: 'repotests/sveltejs-examples' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'openpbs/openpbs' | |
path: 'repotests/openpbs' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'home-assistant/android' | |
path: 'repotests/ha-android' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'rust-lang/rust' | |
path: 'repotests/rs-rust' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'rust-lang/cargo' | |
path: 'repotests/rs-cargo' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'Keats/validator' | |
path: 'repotests/rs-validator' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'tokio-rs/axum' | |
path: 'repotests/rs-axum' | |
- uses: dtolnay/rust-toolchain@stable | |
- name: repotests | |
run: | | |
bin/cdxgen.js -p -r -t java repotests/shiftleft-java-example -o bomresults/bom-java.json --generate-key-and-sign | |
node bin/evinse.js -i bomresults/bom-java.json -o bomresults/bom-java.evinse.json -l java --with-data-flow -p repotests/shiftleft-java-example | |
SBOM_SIGN_ALGORITHM=RS512 SBOM_SIGN_PRIVATE_KEY=bomresults/private.key SBOM_SIGN_PUBLIC_KEY=bomresults/public.key bin/cdxgen.js -p -r -t github repotests/shiftleft-java-example -o bomresults/bom-github.json | |
FETCH_LICENSE=false bin/cdxgen.js -p -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json --validate | |
node bin/evinse.js -i bomresults/bom-ts.json -o bomresults/bom-ts.evinse.json -l javascript --with-data-flow -p repotests/shiftleft-ts-example | |
FETCH_LICENSE=false bin/cdxgen.js -p -t js repotests/meetingsdk-vuejs-sample -o bomresults/bom-vue.json | |
node bin/evinse.js -i bomresults/bom-vue.json -o bomresults/bom-vue.evinse.json -l javascript --with-data-flow -p repotests/meetingsdk-vuejs-sample | |
CDXGEN_DEBUG_MODE=debug ASTGEN_IGNORE_DIRS="" FETCH_LICENSE=false bin/cdxgen.js -p -t js repotests/sveltejs-examples -o bomresults/bom-svelte.json | |
CDXGEN_DEBUG_MODE=debug ASTGEN_IGNORE_DIRS="" node bin/evinse.js -i bomresults/bom-svelte.json -o bomresults/bom-svelte.evinse.json -l javascript --with-data-flow -p repotests/sveltejs-examples | |
FETCH_LICENSE=1 bin/cdxgen.js -p -t js repotests/shiftleft-ts-example --required-only -o bomresults/bom-ts.json --validate | |
FETCH_LICENSE=false bin/cdxgen.js -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json --validate | |
FETCH_LICENSE=true bin/cdxgen.js -p -r -t csharp repotests/vulnerable_net_core -o bomresults/bom-csharp2.json --validate | |
FETCH_LICENSE=0 bin/cdxgen.js -p -r repotests/Goatly.NET -o bomresults/bom-csharp3.json --validate | |
FETCH_LICENSE=true bin/cdxgen.js -p -r -t python repotests/DjanGoat -o bomresults/bom-python.json --validate | |
bin/cdxgen.js -p -t php repotests/Vulnerable-Web-Application -o bomresults/bom-php.json --validate | |
bin/cdxgen.js -p -t php --no-recurse repotests/Vulnerable-Web-Application -o bomresults/bom-php.json --validate | |
bin/cdxgen.js -p -r -t ruby repotests/railsgoat -o bomresults/bom-ruby.json --validate | |
bin/cdxgen.js -p -r -t java repotests/bazel-examples/java-maven -o bomresults/bom-bazel.json --validate | |
bin/cdxgen.js -p -r -t dart repotests/gallery -o bomresults/bom-pub.json --validate | |
CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t clojure repotests/ziggurat -o bomresults/bom-clj.json --validate | |
CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r -t swift repotests/swift-markdown -o bomresults/bom-swift.json --validate | |
bin/cdxgen.js --no-recurse repotests/microservices-demo -o bomresults/bom-msd.json --validate | |
bin/cdxgen.js -r repotests/microservices-demo -o bomresults/bom-msd.json --validate | |
bin/cdxgen.js -r -t yaml-manifest repotests/microservices-demo -o bomresults/bom-yaml.json --validate | |
FETCH_LICENSE=true bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json --validate | |
bin/cdxgen.js -r -t c repotests/openpbs -o bomresults/bom-openpbs.json | |
cd repotests/ha-android && ./gradlew assembleDebug || true && cd ../.. | |
bin/cdxgen.js -r -t java repotests/ha-android -o bomresults/bom-android.json | |
CDXGEN_DEBUG_MODE=debug bin/evinse.js -i bomresults/bom-android.json -o bomresults/bom-android.evinse.json -l java repotests/ha-android | |
bin/cdxgen.js -r -t rust repotests/rs-rust -o bomresults/bom-rs-rust.json --validate | |
bin/cdxgen.js -r -t rust repotests/rs-cargo -o bomresults/bom-rs-cargo.json --validate | |
cargo generate-lockfile --manifest-path repotests/rs-validator/validator/Cargo.toml | |
bin/cdxgen.js -r -t rust repotests/rs-validator -o bomresults/bom-rs-validator.json --validate | |
bin/cdxgen.js -r -t rust repotests/rs-axum -o bomresults/bom-rs-axum.json --validate | |
# mkdir -p jenkins | |
# wget https://updates.jenkins.io/download/plugins/sonar/2.14/sonar.hpi | |
# wget https://updates.jenkins.io/download/plugins/bouncycastle-api/2.26/bouncycastle-api.hpi | |
# wget https://updates.jenkins.io/download/plugins/jsch/0.1.55.61.va_e9ee26616e7/jsch.hpi | |
# wget https://updates.jenkins.io/download/plugins/momentjs/1.1.1/momentjs.hpi | |
# mv *.hpi jenkins | |
# CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t jenkins jenkins -o bomresults/bom-jenkins.json --validate | |
ls -ltr bomresults | |
shell: bash | |
- name: repotests 1.4 | |
run: | | |
bin/cdxgen.js -p -r -t java repotests/shiftleft-java-example -o bomresults/bom-java.json --generate-key-and-sign --spec-version 1.4 | |
SBOM_SIGN_ALGORITHM=RS512 SBOM_SIGN_PRIVATE_KEY=bomresults/private.key SBOM_SIGN_PUBLIC_KEY=bomresults/public.key bin/cdxgen.js -p -r -t github repotests/shiftleft-java-example -o bomresults/bom-github.json --spec-version 1.4 | |
FETCH_LICENSE=false bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json --validate --spec-version 1.4 | |
FETCH_LICENSE=1 bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example --required-only -o bomresults/bom-ts.json --validate --spec-version 1.4 | |
FETCH_LICENSE=false bin/cdxgen.js -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json --validate --spec-version 1.4 | |
FETCH_LICENSE=true bin/cdxgen.js -p -r -t csharp repotests/vulnerable_net_core -o bomresults/bom-csharp2.json --validate --spec-version 1.4 | |
FETCH_LICENSE=0 bin/cdxgen.js -p -r repotests/Goatly.NET -o bomresults/bom-csharp3.json --validate --spec-version 1.4 | |
FETCH_LICENSE=true bin/cdxgen.js -p -r -t python repotests/DjanGoat -o bomresults/bom-python.json --validate --spec-version 1.4 | |
bin/cdxgen.js -p -r -t php repotests/Vulnerable-Web-Application -o bomresults/bom-php.json --validate --spec-version 1.4 | |
shell: bash | |
- name: denotests | |
if: github.ref == 'refs/heads/master' && matrix.os == 'ubuntu-latest' | |
run: | | |
docker build -t ghcr.io/cyclonedx/cdxgen-deno -f ci/Dockerfile-deno . | |
docker run --rm -t -e "CDXGEN_DEBUG_MODE=debug" -v $(pwd):/app ghcr.io/cyclonedx/cdxgen-deno -p -r -t java /app/repotests/shiftleft-java-example -o /app/denoresults/bom-java.json | |
docker run --rm -t -e "CDXGEN_DEBUG_MODE=debug" -v $(pwd):/app ghcr.io/cyclonedx/cdxgen-deno -p -r -t python /app/repotests/DjanGoat -o /app/denoresults/bom-python.json | |
ls -ltr denoresults | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: bomresults | |
path: bomresults |