mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-28 17:09:30 -05:00
ci: move Syft & Grype installation into an action (#1011)
This commit is contained in:
parent
90ea35ae35
commit
4e9c49c342
20
.github/actions/container_sbom/action.yml
vendored
20
.github/actions/container_sbom/action.yml
vendored
@ -17,22 +17,18 @@ inputs:
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
- name: Install Cosign
|
||||
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
|
||||
uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # tag=v2.8.1
|
||||
|
||||
- name: Download syft & grype
|
||||
shell: bash
|
||||
run: |
|
||||
SYFT_VERSION=0.59.0
|
||||
GRYPE_VERSION=0.51.0
|
||||
curl -LO https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_linux_amd64.tar.gz
|
||||
tar -xzf syft_${SYFT_VERSION}_linux_amd64.tar.gz
|
||||
./syft version
|
||||
curl -LO https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz
|
||||
tar -xzf grype_${GRYPE_VERSION}_linux_amd64.tar.gz
|
||||
./grype version
|
||||
echo $(pwd) >> $GITHUB_PATH
|
||||
- name: Download Syft & Grype
|
||||
uses: ./.github/actions/install_syft_grype
|
||||
|
||||
- name: Generate SBOM
|
||||
shell: bash
|
||||
|
38
.github/actions/install_syft_grype/action.yml
vendored
Normal file
38
.github/actions/install_syft_grype/action.yml
vendored
Normal file
@ -0,0 +1,38 @@
|
||||
name: Install Syft & Grype
|
||||
description: Installs Syft & Grype.
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Install Syft & Grype
|
||||
shell: bash
|
||||
working-directory: /tmp
|
||||
env:
|
||||
SYFT_VERSION: "0.66.2"
|
||||
GRYPE_VERSION: "0.55.0"
|
||||
OS: ${{ runner.os }}
|
||||
ARCH: ${{ runner.arch }}
|
||||
run: |
|
||||
echo "::group::Download and Install Syft & Grype"
|
||||
# Translate GitHub runner naming conventions to GOOS / GOARCH conventions
|
||||
if [[ "${OS}" = "macOS" ]]; then
|
||||
OS="darwin"
|
||||
else
|
||||
OS=${OS,,}
|
||||
fi
|
||||
|
||||
if [[ "${ARCH}" = "X64" ]]; then
|
||||
ARCH="amd64"
|
||||
else
|
||||
ARCH=${ARCH,,}
|
||||
fi
|
||||
|
||||
echo "Downloading for ${OS}/${ARCH}"
|
||||
|
||||
curl -fsSLo syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz
|
||||
tar -xzf syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz
|
||||
sudo install syft /usr/bin/syft
|
||||
syft version
|
||||
curl -fsSLo grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz
|
||||
tar -xzf grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz
|
||||
sudo install grype /usr/bin/grype
|
||||
grype version
|
26
.github/workflows/release-cli.yml
vendored
26
.github/workflows/release-cli.yml
vendored
@ -100,35 +100,23 @@ jobs:
|
||||
signed-sbom:
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
|
||||
with:
|
||||
go-version: "1.19.5"
|
||||
|
||||
- name: Download Syft & Grype
|
||||
shell: bash
|
||||
working-directory: /tmp
|
||||
run: |
|
||||
SYFT_VERSION=0.66.1
|
||||
GRYPE_VERSION=0.55.0
|
||||
curl -Lo syft_${SYFT_VERSION}_linux_amd64.tar.gz https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_linux_amd64.tar.gz
|
||||
tar -xzf syft_${SYFT_VERSION}_linux_amd64.tar.gz
|
||||
sudo install syft /usr/bin/syft
|
||||
syft version
|
||||
curl -Lo grype_${GRYPE_VERSION}_linux_amd64.tar.gz https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz
|
||||
tar -xzf grype_${GRYPE_VERSION}_linux_amd64.tar.gz
|
||||
sudo install grype /usr/bin/grype
|
||||
grype version
|
||||
uses: ./.github/actions/install_syft_grype
|
||||
|
||||
- name: Install Cosign
|
||||
uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # tag=v2.8.1
|
||||
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
# Build one CLI since Syft's go-module catalog will default to binary parsing.
|
||||
# Binary parsing has the advantage that it will not include other dependencies from our repo not included in the CLI.
|
||||
# This seems to work fine for one OS & one arch as long as we don't have OS specific imports.
|
||||
|
Loading…
Reference in New Issue
Block a user