Skip to content

pin and upgrade actions/checkout #916

pin and upgrade actions/checkout

pin and upgrade actions/checkout #916

Workflow file for this run

name: "build-test"
on: # rebuild any PRs and main branch changes
pull_request:
branches: [main]
push:
branches:
- main
release:
types:
- created
- edited
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
build: # make sure build/ci work properly and there is no faked build ncc built scripts
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- run: npm ci
- run: npm run package
- run: git status --porcelain
- run: git diff
- run: git diff --exit-code
test-on-fixture-dirs:
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
path: ./
- uses: ./
with:
path: ./tests/fixtures/npm-project
- uses: ./
with:
path: ./tests/fixtures/yarn-project
- uses: ./
id: yarn-scan
with:
path: ./tests/fixtures/yarn-project
- uses: ./
with:
path: ./tests/fixtures/yarn-project
artifact-name: SBOM.txt
test:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Build images
run: |
for distro in alpine centos debian; do
docker build -t localhost:5000/match-coverage/$distro ./tests/fixtures/image-$distro-match-coverage
docker push localhost:5000/match-coverage/${distro}:latest
done
- run: npm ci
- run: npm test
test-as-action: # make sure the action works on a clean machine without building
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
path: ./
- uses: ./download-syft # anchore/sbom-action/download-syft
id: syft
- run: |
echo "${{ steps.syft.outputs.cmd }}"
"${{ steps.syft.outputs.cmd }}" dir:.
- uses: ./ # anchore/sbom-action
id: dirscan
with:
artifact-name: sbom.spdx
output-file: dirscan-sbom.spdx
format: spdx
- run: |
echo DIR SCAN SBOM:
cat dirscan-sbom.spdx
- uses: ./ # anchore/sbom-action
id: imagescan
with:
image: alpine:latest
artifact-name: sbom.spdx
output-file: my.sbom
- run: |
echo IMAGE SCAN SBOM:
cat my.sbom
- uses: ./publish-sbom # anchore/sbom-action/publish-sbom
with:
sbom-artifact-match: sbom.spdx
- uses: ./publish-sbom # anchore/sbom-action/publish-sbom
with:
sbom-artifact-match: "^dont-match-anything$"
- uses: ./ # anchore/sbom-action with artifact retention
name: "One day artifact retention test"
id: one-day
with:
image: alpine:latest
upload-artifact-retention: 1
artifact-name: one-day.sbom.spdx
output-file: one-day-sbom.spdx
format: spdx