Adding checks while downloading the rafs-based VDB image and refactor… #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: docker tests | |
on: | |
push: | |
branches: | |
- master | |
- feature/* | |
paths-ignore: | |
- '**/README.md' | |
- 'gobintests.yml' | |
- 'pythonapp.yml' | |
- 'python-publish.yml' | |
pull_request: | |
jobs: | |
ubuntu_version_tests: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip setuptools | |
python3 -m pip install .[dev] | |
npm install -g @cyclonedx/cdxgen | |
mkdir -p repotests | |
- name: Run pytest tests | |
run: | | |
python3 -m pip install -r contrib/requirements.txt | |
python3 -m pytest test | |
env: | |
PYTHONPATH: "." | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VDB_HOME: "vdb_data" | |
- name: Test container images | |
run: | | |
mkdir -p containertests_${{ matrix.os }}_python${{ matrix.python-version }} | |
# python3 depscan/cli.py --no-banner --cache --no-error --src ghcr.io/owasp-dep-scan/dep-scan -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-scan.json -t docker | |
python3 depscan/cli.py --no-banner --no-error --src shiftleft/scan-slim -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-slim.json -t docker,license --no-vuln-table | |
python3 depscan/cli.py --no-banner --no-error --src redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-redmine.json -t docker --no-vuln-table | |
env: | |
PYTHONPATH: "." | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VDB_HOME: "vdb_data" | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: containertests_${{ matrix.os }}_python${{ matrix.python-version }} | |
path: containertests_${{ matrix.os }}_python${{ matrix.python-version }} | |
reachable_tests: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
python-version: ['3.11'] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Trim CI agent | |
run: | | |
chmod +x contrib/free_disk_space.sh | |
./contrib/free_disk_space.sh | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'zulu' | |
java-version: '19' | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
python3 -m pip install .[dev] | |
npm install -g @cyclonedx/cdxgen | |
mkdir -p repotests | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'HooliCorp/java-sec-code' | |
path: 'repotests/java-sec-code' | |
- name: Reachables tests | |
run: | | |
mkdir -p ${GITHUB_WORKSPACE}/rtests_ubuntu | |
cd ${GITHUB_WORKSPACE}/repotests/java-sec-code | |
mvn clean compile -DskipTests | |
cd ${GITHUB_WORKSPACE} | |
python3 depscan/cli.py --no-banner --no-error --src ${GITHUB_WORKSPACE}/repotests/java-sec-code --reports-dir ${GITHUB_WORKSPACE}/rtests_ubuntu -t java --profile research --explain | |
env: | |
PYTHONPATH: "." | |
VDB_HOME: "vdb_data" | |
PYTHONUTF8: 1 | |
AT_DEBUG_MODE: "debug" | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: rtests_ubuntu | |
path: rtests_ubuntu | |
ubuntu_version_tests2: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
python-version: ['3.11'] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Trim CI agent | |
run: | | |
chmod +x contrib/free_disk_space.sh | |
./contrib/free_disk_space.sh | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
python3 -m pip install .[dev] | |
npm install -g @cyclonedx/cdxgen | |
mkdir -p repotests | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'GoogleCloudPlatform/microservices-demo' | |
path: 'repotests/microservices-demo' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'OWASP/NodeGoat' | |
path: 'repotests/NodeGoat' | |
- name: Test container images | |
run: | | |
mkdir -p containertests_${{ matrix.os }} | |
python3 -m pip install -r contrib/requirements.txt | |
cp contrib/csaf.toml repotests/microservices-demo/csaf.toml | |
cp contrib/csaf.toml repotests/NodeGoat/csaf.toml | |
python3 depscan/cli.py --no-banner --no-error --src rocket.chat@sha256:379f7afa0e67497c363ac9a9b3e7e6a6d31deee228233307c987e4a0c68b28e6 -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-rocket.json --no-vuln-table | |
python3 depscan/cli.py --no-banner --no-error --src ./test/data/bom-yaml-manifest.json -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-yaml.json --no-vuln-table | |
python3 depscan/cli.py --csaf --no-banner --no-error --src ${GITHUB_WORKSPACE}/repotests/microservices-demo -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-msd.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports | |
python3 depscan/cli.py --csaf --no-banner --no-error --src ${GITHUB_WORKSPACE}/repotests/NodeGoat --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports | |
env: | |
PYTHONPATH: "." | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VDB_HOME: "vdb_data" | |
PYTHONUTF8: 1 | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: containertests_${{ matrix.os }} | |
path: containertests_${{ matrix.os }} | |
version_tests_mac_win: | |
needs: ubuntu_version_tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ macos-latest, windows-latest ] | |
python-version: [ '3.8', '3.9', '3.10', '3.11', '3.12' ] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Trim CI agent | |
run: | | |
chmod +x contrib/free_disk_space.sh | |
./contrib/free_disk_space.sh | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip setuptools | |
python3 -m pip install .[dev] | |
- name: Run pytest tests | |
run: | | |
python3 -m pip install -r contrib/requirements.txt | |
python3 -m pytest test | |
env: | |
PYTHONPATH: "." | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VDB_HOME: "vdb_data" | |
- name: Get boms generated earlier | |
uses: actions/download-artifact@v3 | |
with: | |
name: containertests_ubuntu-latest_python3.11 | |
path: containertests_ubuntu-latest_python3.11 | |
- name: Test container images | |
run: | | |
mkdir -p containertests_${{ matrix.os }}_python${{ matrix.python-version }} | |
python3 depscan/cli.py --no-banner --cache --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/sbom-slim-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-slim.json --no-vuln-table | |
python3 depscan/cli.py --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/sbom-redmine-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-redmine.json --no-vuln-table | |
env: | |
PYTHONPATH: "." | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VDB_HOME: "vdb_data" | |
PYTHONUTF8: 1 | |
AT_DEBUG_MODE: "debug" | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: containertests_${{ matrix.os }}_python${{ matrix.python-version }} | |
path: containertests_${{ matrix.os }}_python${{ matrix.python-version }} | |
version_tests2_mac_win: | |
needs: ubuntu_version_tests2 | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ macos-latest, windows-latest ] | |
python-version: [ '3.11' ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Trim CI agent | |
run: | | |
chmod +x contrib/free_disk_space.sh | |
./contrib/free_disk_space.sh | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
python3 -m pip install .[dev] | |
- name: Get boms generated earlier | |
uses: actions/download-artifact@v3 | |
with: | |
name: containertests_ubuntu-latest | |
path: containertests_ubuntu-latest | |
- name: Test container images | |
shell: bash | |
run: | | |
mkdir -p containertests_${{ matrix.os }} | |
python3 -m pip install -r contrib/requirements.txt | |
mkdir -p containertests_ubuntu-latest/microservices | |
mkdir -p containertests_ubuntu-latest/NodeGoat | |
mv containertests_ubuntu-latest/sbom-msd-universal.json containertests_ubuntu-latest/microservices/sbom-msd-universal.json | |
mv containertests_ubuntu-latest/ng-reports/sbom-universal.json containertests_ubuntu-latest/nodegoat/sbom-universal.json | |
cp contrib/csaf.toml containertests_ubuntu-latest/microservices/csaf.toml | |
cp contrib/csaf.toml containertests_ubuntu-latest/nodegoat/csaf.toml | |
python3 depscan/cli.py --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/sbom-rocket-universal.json -o containertests_${{ matrix.os }}/depscan-rocket.json --no-vuln-table | |
python3 depscan/cli.py --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/microservices/sbom-msd-universal.json -o containertests_${{ matrix.os }}/depscan-msd.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/reports | |
python3 depscan/cli.py --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/nodegoat/sbom-universal.json -o containertests_${{ matrix.os }}/depscan-ng.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports | |
env: | |
PYTHONPATH: "." | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PYTHONUTF8: 1 | |
AT_DEBUG_MODE: "debug" | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: containertests_${{ matrix.os }} | |
path: containertests_${{ matrix.os }} |