Skip to content

Post-vdb6 integration enhancements #629

Post-vdb6 integration enhancements

Post-vdb6 integration enhancements #629

Workflow file for this run

name: binary and nydus tests
on:
pull_request:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: false
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ['3.10', '3.11', '3.12']
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Trim CI agent
run: |
chmod +x contrib/free_disk_space.sh
./contrib/free_disk_space.sh
- name: setup nydus
run: |
curl -LO https://github.com/dragonflyoss/nydus/releases/download/v2.2.4/nydus-static-v2.2.4-linux-amd64.tgz
tar -xvf nydus-static-v2.2.4-linux-amd64.tgz
chmod +x nydus-static/*
mv nydus-static/* /usr/local/bin/
rm -rf nydus-static-v2.2.4-linux-amd64.tgz nydus-static
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip setuptools
python3 -m pip install .[dev]
sudo npm install -g @cyclonedx/cdxgen
- name: setup nydus
run: |
mkdir -p $VDB_HOME
RAFS_OUT=rafs_out
oras pull ghcr.io/appthreat/vdb:v5-rafs -o $RAFS_OUT
nydus-image unpack --blob $RAFS_OUT/data.rafs --output $VDB_HOME/vdb.tar --bootstrap $RAFS_OUT/meta.rafs
tar -C $VDB_HOME -xf $VDB_HOME/vdb.tar
rm $VDB_HOME/vdb.tar
env:
VDB_HOME: vdb_data_nydus
- name: Test with nydus
run: |
python3 depscan/cli.py --no-banner --no-error --src ghcr.io/owasp-dep-scan/depscan:master --reports-dir ${GITHUB_WORKSPACE}/containertests -t docker
rm -rf vdb_data_nydus
env:
PYTHONPATH: "."
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VDB_HOME: vdb_data_nydus
- name: Test without nydus
run: |
python3 depscan/cli.py --no-banner --no-error --src ghcr.io/owasp-dep-scan/depscan:latest --reports-dir ${GITHUB_WORKSPACE}/containertests -t docker
env:
PYTHONPATH: "."
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Test go binaries
run: |
mkdir -p gobintests
cd gobintests
wget -q https://releases.hashicorp.com/terraform/1.0.7/terraform_1.0.7_linux_amd64.zip
unzip terraform_1.0.7_linux_amd64.zip
wget -q https://releases.hashicorp.com/consul/1.10.2/consul_1.10.2_linux_amd64.zip
unzip consul_1.10.2_linux_amd64.zip
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
chmod +x minikube-linux-amd64
rm *.zip
cd ..
oras pull ghcr.io/appthreat/vdb:v5 -o $VDB_HOME
python3 depscan/cli.py --no-error --src gobintests/terraform -o gobintests/depscan-terraform.json -t go
python3 depscan/cli.py --no-error --src gobintests/consul -o gobintests/depscan-consul.json -t go
python3 depscan/cli.py --no-error --src gobintests/minikube-linux-amd64 -o gobintests/depscan-minikube.json -t go
env:
PYTHONPATH: "."
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VDB_HOME: vdb_data