Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

init attest sbom #3

Merged
merged 12 commits into from
Feb 23, 2024
Merged

init attest sbom #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
21c8450
init attest sbom
ejahnGithub Feb 22, 2024
da02709
update ci
ejahnGithub Feb 22, 2024
2a70a04
update ci
ejahnGithub Feb 23, 2024
6246c41
ci update
ejahnGithub Feb 23, 2024
dbe6e39
ci update
ejahnGithub Feb 23, 2024
169a8ea
ci update
ejahnGithub Feb 23, 2024
2b3fc04
move generateSBOMStatement logic
ejahnGithub Feb 23, 2024
541c5ce
regenerate dist
ejahnGithub Feb 23, 2024
5e05628
remove attest lib
ejahnGithub Feb 23, 2024
44419f1
clean eslint
ejahnGithub Feb 23, 2024
ca0027b
fixed ci
ejahnGithub Feb 23, 2024
9a8656b
fix package.json
ejahnGithub Feb 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 50 additions & 19 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,25 +5,27 @@ on:
push:
branches:
- main
- 'releases/*'

permissions:
contents: read
permissions: {}

jobs:
test-typescript:
name: TypeScript Tests
runs-on: ubuntu-latest
permissions:
contents: read

steps:
- name: Checkout
id: checkout
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Setup Node.js
id: setup-node
uses: actions/setup-node@v4
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
with:
node-version-file: .node-version
node-version: 18
cache: npm

- name: Install Dependencies
Expand All @@ -37,26 +39,55 @@ jobs:
- name: Lint
id: npm-lint
run: npm run lint
# - name: Test
# id: npm-ci-test
# run: npm run ci-test

- name: Test
id: npm-ci-test
run: npm run ci-test

test-action:
name: GitHub Actions Test
test-attest-sbom-with-local-sbom-file:
name: Test attest-sbom action with local sbom file
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write

steps:
- name: Checkout
id: checkout
uses: actions/checkout@v4

- name: Test Local Action
id: test-action
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run attest-sbom
id: attest-sbom
uses: ./
with:
milliseconds: 2000
subject-digest: 'sha256:7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32'
subject-name: 'subject'
sbom-path: '__tests__/data/sbom.json'
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Dump output
run: jq < ${{ steps.attest-sbom.outputs.bundle-path }}
test-attest-sbom:
name: Test attest-sbom action
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write

- name: Print Output
id: output
run: echo "${{ steps.test-action.outputs.time }}"
steps:
- name: Checkout
id: checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run attest-sbom with spdx format
uses: ./
with:
subject-digest: 'sha256:7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32'
subject-name: 'subject'
github-token: ${{ secrets.GITHUB_TOKEN }}
format: 'spdx'
- name: Run attest-sbom with cyclonedx format
uses: ./
with:
subject-digest: 'sha256:7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32'
subject-name: 'subject'
github-token: ${{ secrets.GITHUB_TOKEN }}
format: 'cyclonedx'
2 changes: 1 addition & 1 deletion .github/workflows/linter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
- name: Install Dependencies
id: install
run: npm ci

- name: Lint Codebase
id: super-linter
uses: super-linter/super-linter/slim@v5
Expand Down
2 changes: 1 addition & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,4 +100,4 @@ __tests__/runner/*
# IDE files
.idea
.vscode
*.code-workspace
*.code-workspace
41 changes: 41 additions & 0 deletions __tests__/data/sbom.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "./",
"documentNamespace": "https://anchore.com/syft/dir/80b363b6-87f4-4162-853f-60d402537d20",
"creationInfo": {
"licenseListVersion": "3.22",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-0.103.1"
],
"created": "2024-01-31T18:22:50Z"
},
"packages": [
{
"name": "@ampproject/remapping",
"SPDXID": "SPDXRef-Package-npm--ampproject-remapping-5266573ba4f24a42",
"versionInfo": "2.2.1",
"supplier": "NOASSERTION",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"sourceInfo": "acquired package info from installed node module manifest file: /yarn.lock",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "Apache-2.0",
"copyrightText": "NOASSERTION",
"externalRefs": [
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:\\@ampproject\\/remapping:\\@ampproject\\/remapping:2.2.1:*:*:*:*:*:*:*"
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:npm/%40ampproject/[email protected]"
}
]
}
]
}
17 changes: 0 additions & 17 deletions __tests__/index.test.ts
View file
Open in desktop

This file was deleted.

89 changes: 0 additions & 89 deletions __tests__/main.test.ts
View file
Open in desktop

This file was deleted.

25 changes: 0 additions & 25 deletions __tests__/wait.test.ts
View file
Open in desktop

This file was deleted.

Loading
Loading