Generate SBOM(Software Bill of Materials) for docker image

laoshanxi · Mar 8, 2023 · 7b512cc · 7b512cc
1 parent 837343b
commit 7b512cc
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 22 deletions.
diff --git a/.github/workflows/build-push-appmesh-image.yml b/.github/workflows/build-push-appmesh-image.yml
@@ -74,6 +74,7 @@ jobs:
           context: .
           file: Dockerfile
           no-cache: true
+          attests: type=sbom
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: |

diff --git a/.github/workflows/build-ubuntu-latest.yml b/.github/workflows/build-ubuntu-latest.yml
@@ -64,7 +64,6 @@ jobs:
           context: .
           file: docker/Dockerfile.build_ubuntu
           no-cache: true
-          # attests: type=sbom,generator=image
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: |

diff --git a/.github/workflows/publish-github-release.yml b/.github/workflows/publish-github-release.yml
@@ -26,9 +26,9 @@ jobs:
     strategy:
       matrix:
         include:
+          - arch: arm64
+            variant: v8
           - arch: amd64
-            # - arch: arm64
-            # variant: v8
 
     runs-on: ubuntu-latest
     permissions:
@@ -38,9 +38,6 @@ jobs:
       # with sigstore/fulcio when running outside of PRs.
       id-token: write
 
-    env:
-      PLATFORM: linux/${{ matrix.arch }}${{ (matrix.variant != '' && format('/{0}', matrix.variant)) || '' }}
-
     steps:
       - name: Checkout Github code
         uses: actions/checkout@v3
@@ -52,21 +49,24 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          install: true
 
+      # https://www.stereolabs.com/docs/docker/building-arm-container-on-x86/
       - name: build with ubuntu22
         run: |
           build_dir=${{ matrix.arch }}
-          docker run --rm --volume ${{ github.workspace }}:/workspace --workdir /workspace laoshanxi/appmesh:build_ubuntu22  /bin/sh -c "mkdir ubuntu22_$build_dir; cd ubuntu22_$build_dir; cmake ..; make -j4; make pack; ls; make test ARGS='-V'"
+          docker run --platform ${{ matrix.arch }} --rm --volume ${{ github.workspace }}:/workspace --workdir /workspace laoshanxi/appmesh:build_ubuntu22  /bin/sh -c "mkdir ubuntu22_$build_dir; cd ubuntu22_$build_dir; cmake ..; make -j4; make pack; ls; make test ARGS='-V'"
 
       - name: build with ubuntu20
         run: |
           build_dir=${{ matrix.arch }}
-          docker run --rm --volume ${{ github.workspace }}:/workspace --workdir /workspace laoshanxi/appmesh:build_ubuntu20  /bin/sh -c "mkdir ubuntu20_$build_dir; cd ubuntu20_$build_dir; cmake ..; make -j4; make pack; ls; make test ARGS='-V'"
+          docker run --platform ${{ matrix.arch }} --rm --volume ${{ github.workspace }}:/workspace --workdir /workspace laoshanxi/appmesh:build_ubuntu20  /bin/sh -c "mkdir ubuntu20_$build_dir; cd ubuntu20_$build_dir; cmake ..; make -j4; make pack; ls; make test ARGS='-V'"
 
       - name: build with ubuntu18
         run: |
           build_dir=${{ matrix.arch }}
-          docker run --rm --volume ${{ github.workspace }}:/workspace --workdir /workspace laoshanxi/appmesh:build_ubuntu18  /bin/sh -c "mkdir ubuntu18_$build_dir; cd ubuntu18_$build_dir; cmake ..; make -j4; make pack; ls; make test ARGS='-V'"
+          docker run --platform ${{ matrix.arch }} --rm --volume ${{ github.workspace }}:/workspace --workdir /workspace laoshanxi/appmesh:build_ubuntu18  /bin/sh -c "mkdir ubuntu18_$build_dir; cd ubuntu18_$build_dir; cmake ..; make -j4; make pack; ls; make test ARGS='-V'"
 
       - name: Upload packages
         uses: actions/upload-artifact@v3
@@ -82,10 +82,10 @@ jobs:
       - build
     if: ${{ github.event_name != 'pull_request' }}
     steps:
-      #- name: Download arm64 packages
-      #  uses: actions/download-artifact@v3
-      #  with:
-      #    name: arm64
+      - name: Download arm64 packages
+        uses: actions/download-artifact@v3
+        with:
+          name: arm64
       - name: Download amd64 packages
         uses: actions/download-artifact@v3
         with:

diff --git a/src/sdk/python/setup.py b/src/sdk/python/setup.py
@@ -8,18 +8,22 @@
 with io.open(os.path.abspath(readme_path), mode="r", encoding="utf-8") as fh:
     long_description = fh.read()
 
+skip_versions = ["0.1.6"]
+start_version = "0.2.0"
+
+
 def get_version():
     resp = requests.get("https://pypi.org/pypi/appmesh/json")
     if resp.status_code == 200:
-      data = json.loads(resp.text)
-      if "info" in data and "version" in data["info"] :
-        version = data["info"]["version"]
-        version_list = list(str(int(version.replace(".", "")) + 1))
-        while len(version_list) < 3:
-            version_list = ["0"] + version_list
-        return '.'.join(version_list)
-    return "0.0.9"
-
+        data = json.loads(resp.text)
+        if "info" in data and "version" in data["info"]:
+            version = data["info"]["version"]
+            if version not in skip_versions:
+                version_list = list(str(int(version.replace(".", "")) + 1))
+                while len(version_list) < 3:
+                    version_list = ["0"] + version_list
+                return ".".join(version_list)
+    return start_version
 
 
 setuptools.setup(