-
-
Notifications
You must be signed in to change notification settings - Fork 260
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #964 from jkowalleck/chore/sbom_migrate-to_cyclone…
…dx-npm chore: upgrade SBOM generators
- Loading branch information
Showing
10 changed files
with
1,609 additions
and
158 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,3 +16,5 @@ utils/ | |
.vscode/ | ||
*/.vscode/ | ||
*/dist-desktop/ | ||
sbom.* | ||
*/sbom.* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -72,6 +72,15 @@ jobs: | |
- name: Unit test | ||
run: npm run test:unit | ||
|
||
- name: Create server SBOM | ||
run: npm run make-sbom | ||
|
||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms-server | ||
path: './td.server/sbom.*' | ||
|
||
site_unit_tests: | ||
name: Site unit tests | ||
runs-on: ubuntu-22.04 | ||
|
@@ -132,7 +141,7 @@ jobs: | |
|
||
- name: lint | ||
run: npm run lint | ||
|
||
- name: Unit test | ||
run: npm run test:desktop | ||
|
||
|
@@ -186,6 +195,13 @@ jobs: | |
ls -hal ./dist-desktop/linux-unpacked/ | ||
if: ${{ failure() }} | ||
|
||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms-desktop-e2e-test-site | ||
path: './td.vue/dist-desktop/bundled/.sbom/*' | ||
if-no-files-found: error | ||
|
||
build_docker_image: | ||
name: Build docker image | ||
runs-on: ubuntu-22.04 | ||
|
@@ -214,7 +230,7 @@ jobs: | |
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
||
- name: Build and push | ||
id: docker_build | ||
uses: docker/[email protected] | ||
|
@@ -228,6 +244,18 @@ jobs: | |
cache-to: type=local,dest=/tmp/.buildx-cache | ||
platforms: linux/amd64 | ||
|
||
- name: fetch app SBOM | ||
run: docker run --rm --entrypoint tar "$IMAGE_ID" -c boms | tar -xv | ||
env: | ||
IMAGE_ID: ${{ steps.docker_build.outputs.imageid }} | ||
|
||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms-container-image-app | ||
path: './boms/*' | ||
if-no-files-found: error | ||
|
||
e2e_smokes: | ||
name: Site e2e smokes | ||
runs-on: ubuntu-22.04 | ||
|
@@ -378,59 +406,31 @@ jobs: | |
format: 'table' | ||
exit-code: 1 | ||
|
||
sbom_web: | ||
name: SBOM web application | ||
sbom_combiner: | ||
name: SBOM combiner | ||
runs-on: ubuntu-22.04 | ||
needs: [e2e_smokes] | ||
needs: | ||
- server_unit_tests | ||
- desktop_e2e_tests | ||
- build_docker_image | ||
steps: | ||
- name: Check out | ||
uses: actions/[email protected] | ||
|
||
- name: Use Node.js 18.x | ||
uses: actions/[email protected] | ||
with: | ||
node-version: '18' | ||
|
||
- name: Cache NPM dir | ||
uses: actions/[email protected] | ||
- name: Fetch prepared SBOM artifacts | ||
uses: actions/[email protected] | ||
with: | ||
path: ~/.npm | ||
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | ||
restore-keys: | | ||
${{ runner.os }}-node- | ||
- name: Install packages | ||
run: npm clean-install | ||
|
||
- name: Prepare SBOM generation | ||
run: mkdir sboms | ||
|
||
- name: Create XML site SBOM | ||
uses: CycloneDX/[email protected] | ||
with: | ||
path: './td.vue/' | ||
output: './sboms/threat-dragon-site-bom.xml' | ||
|
||
- name: Create JSON site SBOM | ||
uses: CycloneDX/[email protected] | ||
with: | ||
path: './td.vue/' | ||
output: './sboms/threat-dragon-site-bom.json' | ||
|
||
- name: Create XML server SBOM | ||
uses: CycloneDX/[email protected] | ||
with: | ||
path: './td.server/' | ||
output: './sboms/threat-dragon-server-bom.xml' | ||
|
||
- name: Create JSON server SBOM | ||
uses: CycloneDX/[email protected] | ||
with: | ||
path: './td.server/' | ||
output: './sboms/threat-dragon-server-bom.json' | ||
|
||
- name: Save SBOMs artifact | ||
pattern: 'sboms-*' | ||
merge-multiple: false | ||
path: 'raw/' | ||
- name: Fetch SBOMs | ||
run: | | ||
set -eux | ||
mkdir -p sboms/threat-dragon-container-image/app/ | ||
cp raw/sboms-server/sbom.json sboms/threat-dragon-server-bom.json | ||
cp raw/sboms-server/sbom.xml sboms/threat-dragon-server-bom.xml | ||
cp raw/sboms-desktop-e2e-test-site/bom.json sboms/threat-dragon-desktop-e2e-test-site-bom.json | ||
cp raw/sboms-desktop-e2e-test-site/bom.xml sboms/threat-dragon-desktop-e2e-test-site-bom.xml | ||
cp raw/sboms-container-image-app/* sboms/threat-dragon-container-image/app/ | ||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: threat-dragon-sboms | ||
path: sboms | ||
name: sboms | ||
path: 'sboms/' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -104,6 +104,15 @@ jobs: | |
- name: Unit test | ||
run: npm run test:unit | ||
|
||
- name: Create SBOM | ||
run: npm run make-sbom | ||
|
||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms-server | ||
path: './td.server/sbom.*' | ||
|
||
site_unit_tests: | ||
name: Site unit tests | ||
runs-on: ubuntu-22.04 | ||
|
@@ -166,7 +175,7 @@ jobs: | |
|
||
- name: lint | ||
run: npm run lint | ||
|
||
- name: Unit test | ||
run: npm run test:desktop | ||
|
||
|
@@ -219,6 +228,12 @@ jobs: | |
cat ./wdio-logs/*.log | ||
if: ${{ failure() }} | ||
|
||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms-desktop-e2e-test-site | ||
path: './td.vue/dist-desktop/bundled/.sbom/*' | ||
|
||
build_docker_image: | ||
name: Build Latest docker | ||
runs-on: ubuntu-22.04 | ||
|
@@ -251,7 +266,7 @@ jobs: | |
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
||
- name: Build and push | ||
id: docker_build | ||
uses: docker/[email protected] | ||
|
@@ -265,6 +280,18 @@ jobs: | |
cache-to: type=local,dest=/tmp/.buildx-cache | ||
platforms: linux/amd64,linux/arm64 | ||
|
||
- name: fetch app SBOMs | ||
run: docker run --rm --entrypoint tar "$IMAGE_ID" -c boms | tar -xv | ||
env: | ||
IMAGE_ID: ${{ steps.docker_build.outputs.imageid }} | ||
|
||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms-container-image-app | ||
path: './boms/*' | ||
if-no-files-found: error | ||
|
||
heroku_deploy: | ||
name: Upload to Heroku | ||
runs-on: ubuntu-22.04 | ||
|
@@ -490,64 +517,6 @@ jobs: | |
format: 'table' | ||
exit-code: 1 | ||
|
||
sbom_web: | ||
name: SBOM web application | ||
runs-on: ubuntu-22.04 | ||
needs: [e2e_smokes] | ||
|
||
steps: | ||
- name: Check out | ||
uses: actions/[email protected] | ||
|
||
- name: Use Node.js 18.x | ||
uses: actions/[email protected] | ||
with: | ||
node-version: '18' | ||
|
||
- name: Cache NPM dir | ||
uses: actions/[email protected] | ||
with: | ||
path: ~/.npm | ||
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | ||
restore-keys: | | ||
${{ runner.os }}-node- | ||
- name: Install packages | ||
run: npm clean-install | ||
|
||
- name: Prepare SBOM generation | ||
run: mkdir sboms | ||
|
||
- name: Create XML site SBOM | ||
uses: CycloneDX/[email protected] | ||
with: | ||
path: './td.vue/' | ||
output: './sboms/threat-dragon-site-bom.xml' | ||
|
||
- name: Create JSON site SBOM | ||
uses: CycloneDX/[email protected] | ||
with: | ||
path: './td.vue/' | ||
output: './sboms/threat-dragon-site-bom.json' | ||
|
||
- name: Create XML server SBOM | ||
uses: CycloneDX/[email protected] | ||
with: | ||
path: './td.server/' | ||
output: './sboms/threat-dragon-server-bom.xml' | ||
|
||
- name: Create JSON server SBOM | ||
uses: CycloneDX/[email protected] | ||
with: | ||
path: './td.server/' | ||
output: './sboms/threat-dragon-server-bom.json' | ||
|
||
- name: Save SBOMs artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: threat-dragon-sboms | ||
path: sboms | ||
|
||
desktop_windows_test: | ||
name: Windows desktop build | ||
runs-on: windows-latest | ||
|
@@ -591,6 +560,13 @@ jobs: | |
if: ${{ failure() }} | ||
run: find . -name "*.log" -exec cat '{}' \; | ||
|
||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms-desktop-windows-site | ||
path: './td.vue/dist-desktop/bundled/.sbom/*' | ||
if-no-files-found: error | ||
|
||
desktop_macos_test: | ||
name: MacOS desktop build | ||
runs-on: macos-latest | ||
|
@@ -644,6 +620,13 @@ jobs: | |
if: ${{ failure() }} | ||
run: find . -name "*.log" -exec cat '{}' \; -print | ||
|
||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms-desktop-macos-site | ||
path: './td.vue/dist-desktop/bundled/.sbom/*' | ||
if-no-files-found: error | ||
|
||
desktop_linux_test: | ||
name: Linux desktop build | ||
runs-on: ubuntu-22.04 | ||
|
@@ -682,6 +665,13 @@ jobs: | |
if: ${{ failure() }} | ||
run: find . -name "*.log" -exec cat '{}' \; -print | ||
|
||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms-desktop-linux-site | ||
path: './td.vue/dist-desktop/bundled/.sbom/*' | ||
if-no-files-found: error | ||
|
||
desktop_linux_snap_test: | ||
name: Linux snap build | ||
runs-on: ubuntu-22.04 | ||
|
@@ -719,3 +709,48 @@ jobs: | |
- name: Print logs on error | ||
if: ${{ failure() }} | ||
run: find . -name "*.log" -exec cat '{}' \; -print | ||
|
||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms-desktop-linux-snap-site | ||
path: './td.vue/dist-desktop/bundled/.sbom/*' | ||
if-no-files-found: error | ||
|
||
sbom_combiner: | ||
name: SBOM combiner | ||
runs-on: ubuntu-22.04 | ||
needs: | ||
- server_unit_tests | ||
- desktop_macos_test | ||
- desktop_linux_test | ||
- desktop_linux_snap_test | ||
- desktop_windows_test | ||
- build_docker_image | ||
steps: | ||
- name: Fetch prepared SBOM artifacts | ||
uses: actions/[email protected] | ||
with: | ||
pattern: 'sboms-*' | ||
merge-multiple: false | ||
path: 'raw/' | ||
- name: Fetch SBOMs | ||
run: | | ||
set -eux | ||
mkdir -p sboms/threat-dragon-container-image/app/ | ||
cp raw/sboms-server/sbom.json sboms/threat-dragon-server-bom.json | ||
cp raw/sboms-server/sbom.xml sboms/threat-dragon-server-bom.xml | ||
cp raw/sboms-desktop-windows-site/bom.json sboms/threat-dragon-desktop-windows-site-bom.json | ||
cp raw/sboms-desktop-windows-site/bom.xml sboms/threat-dragon-desktop-windows-site-bom.xml | ||
cp raw/sboms-desktop-macos-site/bom.json sboms/threat-dragon-desktop-macos-site-bom.json | ||
cp raw/sboms-desktop-macos-site/bom.xml sboms/threat-dragon-desktop-macos-site-bom.xml | ||
cp raw/sboms-desktop-linux-site/bom.json sboms/threat-dragon-desktop-linux-site-bom.json | ||
cp raw/sboms-desktop-linux-site/bom.xml sboms/threat-dragon-desktop-linux-site-bom.xml | ||
cp raw/sboms-desktop-linux-snap-site/bom.json sboms/threat-dragon-desktop-linux-snap-site-bom.json | ||
cp raw/sboms-desktop-linux-snap-site/bom.xml sboms/threat-dragon-desktop-linux-snap-site-bom.xml | ||
cp raw/sboms-container-image-app/* sboms/threat-dragon-container-image/app/ | ||
- name: Save SBOM artifact | ||
uses: actions/[email protected] | ||
with: | ||
name: sboms | ||
path: 'sboms/' |
Oops, something went wrong.