Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

ci: move Syft & Grype installation into an action (#1011)

Browse Source
This commit is contained in:
Nils Hanke 2023-01-18 17:33:10 +01:00 committed by GitHub
parent 90ea35ae35
commit 4e9c49c342
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 53 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.github/actions/container_sbom/action.yml vendored
View File

@ -17,22 +17,18 @@ inputs:
runs: runs:
using: "composite" using: "composite"
steps: steps:
- name: Checkout
id: checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ inputs.ref || github.head_ref }}
- name: Install Cosign - name: Install Cosign
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # tag=v2.8.1 uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # tag=v2.8.1
- name: Download syft & grype - name: Download Syft & Grype
shell: bash uses: ./.github/actions/install_syft_grype
run: |
SYFT_VERSION=0.59.0
GRYPE_VERSION=0.51.0
curl -LO https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_linux_amd64.tar.gz
tar -xzf syft_${SYFT_VERSION}_linux_amd64.tar.gz
./syft version
curl -LO https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz
tar -xzf grype_${GRYPE_VERSION}_linux_amd64.tar.gz
./grype version
echo $(pwd) >> $GITHUB_PATH
- name: Generate SBOM - name: Generate SBOM
shell: bash shell: bash

38
.github/actions/install_syft_grype/action.yml vendored Normal file
View File

@ -0,0 +1,38 @@
name: Install Syft & Grype
description: Installs Syft & Grype.
runs:
using: "composite"
steps:
- name: Install Syft & Grype
shell: bash
working-directory: /tmp
env:
SYFT_VERSION: "0.66.2"
GRYPE_VERSION: "0.55.0"
OS: ${{ runner.os }}
ARCH: ${{ runner.arch }}
run: |
echo "::group::Download and Install Syft & Grype"
# Translate GitHub runner naming conventions to GOOS / GOARCH conventions
if [[ "${OS}" = "macOS" ]]; then
OS="darwin"
else
OS=${OS,,}
fi
if [[ "${ARCH}" = "X64" ]]; then
ARCH="amd64"
else
ARCH=${ARCH,,}
fi
echo "Downloading for ${OS}/${ARCH}"
curl -fsSLo syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz
tar -xzf syft_${SYFT_VERSION}_${OS}_${ARCH}.tar.gz
sudo install syft /usr/bin/syft
syft version
curl -fsSLo grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz
tar -xzf grype_${GRYPE_VERSION}_${OS}_${ARCH}.tar.gz
sudo install grype /usr/bin/grype
grype version

26
.github/workflows/release-cli.yml vendored
View File

@ -100,35 +100,23 @@ jobs:
signed-sbom: signed-sbom:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: Checkout
id: checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ inputs.ref || github.head_ref }}
- name: Setup Go environment - name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with: with:
go-version: "1.19.5" go-version: "1.19.5"
- name: Download Syft & Grype - name: Download Syft & Grype
shell: bash uses: ./.github/actions/install_syft_grype
working-directory: /tmp
run: |
SYFT_VERSION=0.66.1
GRYPE_VERSION=0.55.0
curl -Lo syft_${SYFT_VERSION}_linux_amd64.tar.gz https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_linux_amd64.tar.gz
tar -xzf syft_${SYFT_VERSION}_linux_amd64.tar.gz
sudo install syft /usr/bin/syft
syft version
curl -Lo grype_${GRYPE_VERSION}_linux_amd64.tar.gz https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz
tar -xzf grype_${GRYPE_VERSION}_linux_amd64.tar.gz
sudo install grype /usr/bin/grype
grype version
- name: Install Cosign - name: Install Cosign
uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # tag=v2.8.1 uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # tag=v2.8.1
- name: Checkout
id: checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ inputs.ref || github.head_ref }}
# Build one CLI since Syft's go-module catalog will default to binary parsing. # Build one CLI since Syft's go-module catalog will default to binary parsing.
# Binary parsing has the advantage that it will not include other dependencies from our repo not included in the CLI. # Binary parsing has the advantage that it will not include other dependencies from our repo not included in the CLI.
# This seems to work fine for one OS & one arch as long as we don't have OS specific imports. # This seems to work fine for one OS & one arch as long as we don't have OS specific imports.