Fix for generic packages false positives #573
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: binary and nydus tests | |
on: | |
push: | |
branches: | |
- feature/* | |
paths-ignore: | |
- '**/README.md' | |
- 'dockertests.yml' | |
- 'pythonapp.yml' | |
- 'python-publish.yml' | |
pull_request: | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Trim CI agent | |
run: | | |
chmod +x contrib/free_disk_space.sh | |
./contrib/free_disk_space.sh | |
- name: setup nydus | |
run: | | |
curl -LO https://github.com/dragonflyoss/nydus/releases/download/v2.2.4/nydus-static-v2.2.4-linux-amd64.tgz | |
tar -xvf nydus-static-v2.2.4-linux-amd64.tgz | |
chmod +x nydus-static/* | |
mv nydus-static/* /usr/local/bin/ | |
rm -rf nydus-static-v2.2.4-linux-amd64.tgz nydus-static | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip setuptools | |
python3 -m pip install .[dev] | |
sudo npm install -g @cyclonedx/cdxgen | |
- name: setup nydus | |
run: | | |
mkdir -p $VDB_HOME | |
RAFS_OUT=rafs_out | |
oras pull ghcr.io/appthreat/vdb:v5-rafs -o $RAFS_OUT | |
nydus-image unpack --blob $RAFS_OUT/data.rafs --output $VDB_HOME/vdb.tar --bootstrap $RAFS_OUT/meta.rafs | |
tar -C $VDB_HOME -xf $VDB_HOME/vdb.tar | |
rm $VDB_HOME/vdb.tar | |
env: | |
VDB_HOME: vdb_data_nydus | |
- name: Test with nydus | |
run: | | |
python3 depscan/cli.py --no-banner --no-error --src ghcr.io/owasp-dep-scan/depscan:master --reports-dir ${GITHUB_WORKSPACE}/containertests -t docker | |
rm -rf vdb_data_nydus | |
env: | |
PYTHONPATH: "." | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VDB_HOME: vdb_data_nydus | |
- name: Test without nydus | |
run: | | |
python3 depscan/cli.py --no-banner --no-error --src ghcr.io/owasp-dep-scan/depscan:latest --reports-dir ${GITHUB_WORKSPACE}/containertests -t docker | |
env: | |
PYTHONPATH: "." | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Test go binaries | |
run: | | |
mkdir -p gobintests | |
cd gobintests | |
wget -q https://releases.hashicorp.com/terraform/1.0.7/terraform_1.0.7_linux_amd64.zip | |
unzip terraform_1.0.7_linux_amd64.zip | |
wget -q https://releases.hashicorp.com/consul/1.10.2/consul_1.10.2_linux_amd64.zip | |
unzip consul_1.10.2_linux_amd64.zip | |
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 | |
chmod +x minikube-linux-amd64 | |
rm *.zip | |
cd .. | |
oras pull ghcr.io/appthreat/vdb:v5 -o $VDB_HOME | |
python3 depscan/cli.py --no-error --src gobintests/terraform -o gobintests/depscan-terraform.json -t go | |
python3 depscan/cli.py --no-error --src gobintests/consul -o gobintests/depscan-consul.json -t go | |
python3 depscan/cli.py --no-error --src gobintests/minikube-linux-amd64 -o gobintests/depscan-minikube.json -t go | |
env: | |
PYTHONPATH: "." | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VDB_HOME: vdb_data |