Adds anchore SBOM action #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: iOS starter workflow | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build and Test default scheme using any available iPhone simulator | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.ACTION_TOKEN }} | |
| - name: Print out variables | |
| run: | | |
| echo "${{ github.repository }}" | |
| echo "${{ github.event.pull_request.head.ref }}" | |
| echo "${{ github.sha }}" | |
| - name: Set paths | |
| id: set_paths | |
| run: | | |
| path_item="${{ github.workspace }}/${{ github.repository }}/${{ github.event.pull_request.head.ref }}/${{ github.sha }}/item" | |
| path_system="${{ github.workspace }}/${{ github.repository }}/${{ github.event.pull_request.head.ref }}/${{ github.sha }}/system" | |
| echo "path_item=$path_item" >> $GITHUB_ENV | |
| echo "path_system=$path_system" >> $GITHUB_ENV | |
| - name: Create Dummy Item Verification Test File | |
| run: | | |
| mkdir -p "$path_item" # Create the directory structure | |
| echo echo '{"owner": '${{ github.repository_owner }}', "repository": '${{ github.repository }}', "branch": '${{ github.event.pull_request.head.ref }}', "sha": '${{ github.sha }}', "timestamp": '$(date +%s)'}' > "$path_system/cucumber-messages.ndjson" | |
| echo "File created at: $path_item/cucumber-messages.ndjson" | |
| env: | |
| path_item: ${{ env.path_item }} | |
| - name: Show the generated file (optional) | |
| run: cat "$path_item/cucumber-messages.ndjson" | |
| env: | |
| path_item: ${{ env.path_item }} | |
| - name: Upload Item Verificaiton | |
| id: upload-item-ver | |
| uses: coauthor-app/[email protected] | |
| with: | |
| evidence: 'item-verification' | |
| type: 'bdd' | |
| format: 'cucumber+ndjson' | |
| hostname: 'nll3vb6d1l.execute-api.eu-west-2.amazonaws.com' | |
| path: '$path_item/**' | |
| env: | |
| path_item: ${{ env.path_item }} | |
| - name: Create Dummy System Verification Test File | |
| run: | | |
| mkdir -p "$path_system" # Create the directory structure | |
| echo '{"owner": '${{ github.repository_owner }}', "repository": '${{ github.repository }}', "branch": '${{ github.event.pull_request.head.ref }}', "sha": '${{ github.sha }}', "timestamp": '$(date +%s)'}' > "$path_system/cucumber-messages.ndjson" | |
| echo "File created at: $path_system/cucumber-messages.ndjson" | |
| env: | |
| path_system: ${{ env.path_system }} | |
| - name: Show the generated file (optional) | |
| run: | | |
| ls "$path_system" | |
| cat "$path_system/cucumber-messages.ndjson" | |
| env: | |
| path_system: ${{ env.path_system }} | |
| - name: Upload System Verificaiton | |
| id: upload-system-ver | |
| uses: coauthor-app/[email protected] | |
| with: | |
| evidence: 'system-verification' | |
| type: 'bdd' | |
| format: 'cucumber+ndjson' | |
| hostname: 'nll3vb6d1l.execute-api.eu-west-2.amazonaws.com' | |
| path: '${{ env.path_system }}/**' | |
| - name: Set Default Scheme | |
| run: | | |
| scheme_list=$(xcodebuild -list -json | tr -d "\n") | |
| default=$(echo $scheme_list | ruby -e "require 'json'; puts JSON.parse(STDIN.gets)['project']['targets'][0]") | |
| echo $default | cat >default | |
| echo Using default scheme: $default | |
| - name: Build | |
| env: | |
| scheme: ${{ 'default' }} | |
| platform: ${{ 'iOS Simulator' }} | |
| run: | | |
| # xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959) | |
| device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}' | sed -e "s/ Simulator$//"` | |
| if [ $scheme = default ]; then scheme=$(cat default); fi | |
| if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi | |
| file_to_build=`echo $file_to_build | awk '{$1=$1;print}'` | |
| xcodebuild build-for-testing -scheme "$scheme" -"$filetype_parameter" "$file_to_build" -destination "platform=$platform,name=$device" | |
| - name: Test | |
| env: | |
| scheme: ${{ 'default' }} | |
| platform: ${{ 'iOS Simulator' }} | |
| run: | | |
| # xcrun xctrace returns via stderr, not the expected stdout (see https://developer.apple.com/forums/thread/663959) | |
| device=`xcrun xctrace list devices 2>&1 | grep -oE 'iPhone.*?[^\(]+' | head -1 | awk '{$1=$1;print}' | sed -e "s/ Simulator$//"` | |
| if [ $scheme = default ]; then scheme=$(cat default); fi | |
| if [ "`ls -A | grep -i \\.xcworkspace\$`" ]; then filetype_parameter="workspace" && file_to_build="`ls -A | grep -i \\.xcworkspace\$`"; else filetype_parameter="project" && file_to_build="`ls -A | grep -i \\.xcodeproj\$`"; fi | |
| file_to_build=`echo $file_to_build | awk '{$1=$1;print}'` | |
| xcodebuild test-without-building -scheme "$scheme" -"$filetype_parameter" "$file_to_build" -destination "platform=$platform,name=$device" | |
| # - name: Anchore SBOM Action | |
| # uses: anchore/[email protected] | |
| # with: | |
| # path: ./build/ |