-
Notifications
You must be signed in to change notification settings - Fork 15
182 lines (145 loc) · 6.01 KB
/
validations.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
name: "Validations"
on:
workflow_dispatch:
pull_request:
# needed for running release pre-checks on merges to the main branch
push:
branches:
- main
env:
CGO_ENABLED: "0"
jobs:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
Static-Analysis:
name: "Static analysis"
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
- name: Run static analysis
run: make static-analysis
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
Unit-Test-Go:
name: "Unit tests (Go)"
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
python: false
- name: Run go unit tests
run: make unit
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
Unit-Test-Python:
name: "Unit tests (Python)"
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
go: false
- name: Run python unit tests
run: make unit-python
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
Build-Snapshot-Artifacts:
name: "Build snapshot artifacts"
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
# why have another build cache key? We don't want unit/integration/etc test build caches to replace
# the snapshot build cache, which includes builds for all OSs and architectures. As long as this key is
# unique from the build-cache-key-prefix in other CI jobs, we should be fine.
#
# note: ideally this value should match what is used in release (just to help with build times).
build-cache-key-prefix: "snapshot"
bootstrap-apt-packages: ""
python: false
- name: Build snapshot artifacts
run: make snapshot
# why not use actions/upload-artifact? It is very slow (3 minutes to upload ~600MB of data, vs 10 seconds with this approach).
# see https://github.com/actions/upload-artifact/issues/199 for more info
- name: Upload snapshot artifacts
uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a #v4.1.2
with:
path: snapshot
key: snapshot-build-${{ github.run_id }}
Discover-Schema-Versions:
name: "Discover supported schema versions"
runs-on: ubuntu-20.04
outputs:
schema-versions: ${{ steps.read-schema-versions.outputs.schema-versions }}
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
- name: Read supported schema versions
id: read-schema-versions
run: |
content=`cat manager/src/grype_db_manager/data/schema-info.json | jq -c '[.available[] | select(.supported == true) | .schema]'`
echo "schema-versions=$content" >> $GITHUB_OUTPUT
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
Acceptance-Test:
name: "Acceptance tests"
needs: Discover-Schema-Versions
runs-on: ubuntu-22.04-4core-16gb
strategy:
matrix:
schema-version: ${{fromJson(needs.Discover-Schema-Versions.outputs.schema-versions)}}
# set the permissions granted to the github token to read the pull cache from ghcr.io
permissions:
contents: read
packages: read
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
with:
submodules: true
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
- name: Login to ghcr.io
run: |
echo ${{ secrets.GITHUB_TOKEN }} | oras login ghcr.io --username ${{ github.actor }} --password-stdin
- name: Pull vulnerability data
run: make download-all-provider-cache
- name: Build and validate the DB
run: make db-acceptance schema=${{ matrix.schema-version }}
env:
FORCE_COLOR: true
Cli-Go-Linux:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
name: "CLI tests (Go-Linux)"
needs: [Build-Snapshot-Artifacts]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
python: false
- name: Restore CLI test-fixture cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a #v4.1.2
with:
path: ${{ github.workspace }}/test/cli/test-fixtures/cache
key: ${{ runner.os }}-cli-test-cache-${{ hashFiles('test/cli/test-fixtures/cache.fingerprint') }}
- name: Download snapshot build
uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a #v4.1.2
with:
path: snapshot
key: snapshot-build-${{ github.run_id }}
- name: Run Go CLI Tests (Linux)
run: make cli-go
Cli-Python:
# Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
name: "CLI tests (Python)"
runs-on: ubuntu-22.04-4core-16gb
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
with:
submodules: true
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
- name: Run Python CLI Tests
run: make cli-python