Skip to content

Update README to include bit about permissions near the top #1101

Update README to include bit about permissions near the top

Update README to include bit about permissions near the top #1101

Workflow file for this run

name: "build-test"
on: # rebuild any PRs and main branch changes
pull_request:
branches: [main]
push:
branches:
- main
release:
types:
- created
- edited
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
build: # make sure build/ci work properly and there is no faked build ncc built scripts
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- run: npm ci
- run: npm run package
- run: git status --porcelain
- run: git diff
- run: git diff --exit-code
test-on-fixture-dirs:
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
path: ./
artifact-name: ${{ matrix.os }}-1.spdx
- uses: ./
with:
path: ./tests/fixtures/npm-project
artifact-name: ${{ matrix.os }}-2.spdx
- uses: ./
with:
path: ./tests/fixtures/yarn-project
artifact-name: ${{ matrix.os }}-3.spdx
- uses: ./
id: yarn-scan
with:
path: ./tests/fixtures/yarn-project
artifact-name: ${{ matrix.os }}-4.spdx
- uses: ./
with:
path: ./tests/fixtures/yarn-project
artifact-name: ${{ matrix.os }}-SBOM.txt
test:
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Build images
run: |
for distro in alpine centos debian; do
docker build -t localhost:5000/match-coverage/$distro ./tests/fixtures/image-$distro-match-coverage
docker push localhost:5000/match-coverage/${distro}:latest
done
- run: npm ci
- run: npm test
test-as-action: # make sure the action works on a clean machine without building
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
path: ./
- uses: ./download-syft # anchore/sbom-action/download-syft
id: syft
- run: |
echo "${{ steps.syft.outputs.cmd }}"
"${{ steps.syft.outputs.cmd }}" dir:.
- uses: ./ # anchore/sbom-action
id: dirscan
with:
artifact-name: dirscan-sbom.spdx
output-file: dirscan-sbom.spdx
format: spdx
- run: |
echo DIR SCAN SBOM:
cat dirscan-sbom.spdx
- uses: ./ # anchore/sbom-action
id: imagescan
with:
image: alpine:latest
artifact-name: imagescan-sbom.spdx
output-file: my.sbom
- run: |
echo IMAGE SCAN SBOM:
cat my.sbom
- uses: ./publish-sbom # anchore/sbom-action/publish-sbom
with:
sbom-artifact-match: imagescan-sbom.spdx
- uses: ./publish-sbom # anchore/sbom-action/publish-sbom
with:
sbom-artifact-match: "^dont-match-anything$"
- uses: ./ # anchore/sbom-action with artifact retention
name: "One day artifact retention test"
id: one-day
with:
image: alpine:latest
upload-artifact-retention: 1
artifact-name: one-day.sbom.spdx
output-file: one-day-sbom.spdx
format: spdx