Skip to content

Commit

Permalink
Add workflow examples using the d2d and docker pipelines #4 (#5)
Browse files Browse the repository at this point in the history
Signed-off-by: tdruez <[email protected]>
  • Loading branch information
tdruez authored Feb 8, 2024
1 parent 4828c60 commit 6cebf8d
Show file tree
Hide file tree
Showing 6 changed files with 98 additions and 17 deletions.
12 changes: 12 additions & 0 deletions .github/workflows/analyze-docker-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
on: [push]

jobs:
scan-codebase:
runs-on: ubuntu-22.04
name: Analyze a Docker image with ScanCode.io
steps:
- uses: nexB/scancode-action@alpha
with:
pipelines: "analyze_docker_image"
input-urls:
https://github.com/nexB/scancode.io-tutorial/releases/download/sample-images/30-alpine-nickolashkraus-staticbox-latest.tar
15 changes: 15 additions & 0 deletions .github/workflows/map-deploy-to-develop.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
on: [push]

jobs:
scan-codebase:
runs-on: ubuntu-22.04
name: Map deploy to develop with ScanCode.io
steps:
- uses: nexB/scancode-action@alpha
with:
pipelines: "map_deploy_to_develop"
input-urls:
https://github.com/nexB/scancode.io/raw/main/scanpipe/tests/data/d2d/jars/from-flume-ng-node-1.9.0.zip#from
https://github.com/nexB/scancode.io/raw/main/scanpipe/tests/data/d2d/jars/to-flume-ng-node-1.9.0.zip#to
env:
PURLDB_URL: https://public.purldb.io/
2 changes: 1 addition & 1 deletion .github/workflows/scan-codebase.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ on: [push]

jobs:
scan-codebase:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
name: Scan codebase with ScanCode.io
steps:
- uses: actions/checkout@v4
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@ on: [push]

jobs:
scan-codebase:
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
name: Scan package with ScanCode.io
steps:
- name: Download repository archive to scancode-inputs/ directory
run: |
wget --directory-prefix=scancode-inputs https://github.com/${GITHUB_REPOSITORY}/archive/${GITHUB_REF}.zip
- uses: nexB/scancode-action@alpha
with:
pipelines: "scan_package"
pipelines: "scan_single_package"
26 changes: 24 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Run [ScanCode.io](https://github.com/nexB/scancode.io) pipelines from your Workf
- [Run a specific pipeline](#run-a-specific-pipeline)
- [Run multiple pipelines](#run-multiple-pipelines)
- [Choose the output formats](#choose-the-output-formats)
- [Provide download URLs inputs](#provide-download-urls-inputs)
- [Fetch pipelines inputs](#fetch-pipelines-inputs)
- [Define a custom project name](#define-a-custom-project-name)
- [Where does the scan results go?](#where-does-the-scan-results-go)
Expand Down Expand Up @@ -49,22 +50,32 @@ steps:
# The list of output formats to generate.
# Default is 'json xlsx spdx cyclonedx'
output-formats:

# Relative path within the $GITHUB_WORKSPACE for pipeline inputs.
# Default is 'scancode-inputs'
inputs-path:

# Provide one or more URLs to download for the pipeline run execution
input-urls:

# Name of the project.
# Default is 'scancode-action'
project-name:

# Name of the outputs archive.
# Default is 'scancode-outputs'
outputs-archive-name:

# Python version that will be installed to run ScanCode.io
# Default is '3.11'
python-version:
```
## Examples
See https://github.com/nexB/scancode-action/tree/main/.github/workflows for Workflows
examples.
### Scan repo codebase
```yaml
Expand Down Expand Up @@ -113,6 +124,17 @@ For details on setting up and configuring your own instance, please refer to the
output-formats: "json xlsx spdx cyclonedx"
```

### Provide download URLs inputs

```yaml
- uses: nexB/scancode-action@alpha
with:
pipelines: "map_deploy_to_develop"
input-urls:
https://domain.url/source.zip#from
https://domain.url/binaries.zip#to
```

### Fetch pipelines inputs

```yaml
Expand All @@ -136,5 +158,5 @@ For details on setting up and configuring your own instance, please refer to the

Upon completion of the workflow, you can **find the scan results** in the dedicated
**artifacts section** at the bottom of the workflow summary page.
Look for a file named `scanpipe-outputs` in that section.
Look for a file named `scancode-outputs` in that section.
This file contains the outputs generated by the `scancode-action`.
56 changes: 44 additions & 12 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,16 @@ inputs:
inputs-path:
description: "Relative path within the $GITHUB_WORKSPACE for pipeline inputs"
default: "${{ github.workspace }}/scancode-inputs"
input-urls:
description: 'Provide one or more URLs to download for the pipeline run execution'
required: false
default: ""
project-name:
description: "Name of the project"
default: "scancode-action"
outputs-archive-name:
description: "Name of the outputs archive"
default: "scancode-outputs"
python-version:
description: "Python version"
default: "3.11"
Expand All @@ -28,29 +35,49 @@ runs:
shell: bash
run: |
echo "SECRET_KEY=$(openssl rand -base64 32)" >> $GITHUB_ENV
echo "SCANCODEIO_DB_ENGINE=django.db.backends.sqlite3" >> $GITHUB_ENV
echo "SCANCODEIO_DB_NAME=sqlite3.db" >> $GITHUB_ENV
echo "SCANCODEIO_DB_NAME=scancodeio" >> $GITHUB_ENV
echo "SCANCODEIO_DB_USER=scancodeio" >> $GITHUB_ENV
echo "SCANCODEIO_DB_PASSWORD=scancodeio" >> $GITHUB_ENV
- name: Start and setup the PostgreSQL service
shell: bash
run: |
sudo systemctl start postgresql.service
sudo -u postgres createuser --no-createrole --no-superuser --login --inherit --createdb ${{ env.SCANCODEIO_DB_USER }}
sudo -u postgres psql -c "ALTER USER ${{ env.SCANCODEIO_DB_USER }} WITH encrypted password '${{ env.SCANCODEIO_DB_PASSWORD }}'"
sudo -u postgres createdb --owner=scancodeio --encoding=UTF-8 ${{ env.SCANCODEIO_DB_NAME }}
- name: Install ScanCode.io
shell: bash
run: |
pip install scancodeio
pip install --upgrade scancodeio
scanpipe migrate
- name: Generate pipelines CLI arguments
- name: Generate `--pipeline` CLI arguments
shell: bash
run: |
IFS=',' read -ra PIPELINES <<< "${{ inputs.pipelines }}"
options=""
PIPELINE_CLI_ARGS=""
for pipeline in "${PIPELINES[@]}"; do
options+="--pipeline $pipeline "
PIPELINE_CLI_ARGS+=" --pipeline $pipeline"
done
echo "PIPELINE_CLI_ARGS=${PIPELINE_CLI_ARGS}" >> $GITHUB_ENV
- name: Generate `--input-url` CLI arguments
shell: bash
run: |
INPUT_URL_CLI_ARGS=""
for url in ${{ inputs.input-urls }}; do
INPUT_URL_CLI_ARGS+=" --input-url $url"
done
echo "PIPELINE_CLI_ARGS=${options}" >> $GITHUB_ENV
echo "INPUT_URL_CLI_ARGS=${INPUT_URL_CLI_ARGS}" >> $GITHUB_ENV
- name: Create project with ${{ inputs.pipelines }} pipelines
- name: Create project
shell: bash
run: |
scanpipe create-project ${{ inputs.project-name }} ${{ env.PIPELINE_CLI_ARGS }}
scanpipe create-project ${{ inputs.project-name }} \
${{ env.PIPELINE_CLI_ARGS }} \
${{ env.INPUT_URL_CLI_ARGS }}
- name: Set project work directory in the environment
shell: bash
Expand All @@ -61,7 +88,12 @@ runs:
- name: Copy input files to project work directory
shell: bash
run: cp -r ${{ inputs.inputs-path }}/* ${{ env.PROJECT_WORK_DIRECTORY }}/input/
run: |
SOURCE_PATH="${{ inputs.inputs-path }}"
DESTINATION_PATH="${{ env.PROJECT_WORK_DIRECTORY }}/input/"
if [ -d "$SOURCE_PATH" ]; then
cp -r "$SOURCE_PATH"/* "$DESTINATION_PATH"
fi
- name: Run the pipelines
shell: bash
Expand All @@ -70,7 +102,7 @@ runs:
- name: Generate outputs
id: scanpipe
shell: bash
run: scanpipe output
run: scanpipe output
--project ${{ inputs.project-name }}
--format ${{ inputs.output-formats }}
--no-color
Expand All @@ -79,5 +111,5 @@ runs:
uses: actions/upload-artifact@v4
id: artifact-upload-step
with:
name: scanpipe-outputs
name: ${{ inputs.outputs-archive-name }}
path: ${{ env.PROJECT_WORK_DIRECTORY }}/output/*

0 comments on commit 6cebf8d

Please sign in to comment.