chore(deps): update anchore/sbom-action action to v0.17.1 #1689
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Chiselled Ubuntu .NET8 Tests" | |
on: push | |
env: | |
runtime-deps-image-name: ubuntu/dotnet-deps:test | |
runtime-image-name: ubuntu/dotnet-runtime:test | |
aspnet-image-name: ubuntu/dotnet-aspnet:test | |
dotnet-version: "8.0" | |
skopeo-image: 'quay.io/skopeo/stable:v1.15.1' | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
name: Build and Test | |
outputs: | |
build_status: ${{ steps.set-outputs.outputs.status }} | |
strategy: | |
fail-fast: true | |
matrix: | |
ubuntu-release: ["24.04"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare working environment for running and collecting test results | |
run: | | |
pip install shyaml | |
- uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: "8.0.100-rc.2.23502.2" | |
# Setup QEMU and Docker buildx | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Set up Syft | |
uses: anchore/sbom-action/[email protected] | |
with: | |
syft-version: "v0.80.0" | |
# Lint the Dockerfiles | |
- name: Lint the .NET runtime deps container image recipe | |
uses: hadolint/[email protected] | |
with: | |
dockerfile: dotnet-deps/Dockerfile.${{ matrix.ubuntu-release }} | |
ignore: DL3008,DL3015,SC3028 | |
- name: Lint the .NET runtime container image recipe | |
uses: hadolint/[email protected] | |
with: | |
dockerfile: dotnet-runtime/Dockerfile.${{ matrix.ubuntu-release }} | |
ignore: DL3008,DL3015,SC3028 | |
- name: Lint the ASP.NET Core runtime container image recipe | |
uses: hadolint/[email protected] | |
with: | |
dockerfile: dotnet-aspnet/Dockerfile.${{ matrix.ubuntu-release }} | |
ignore: DL3008,DL3015,SC3028 | |
# Build images for multiple archs | |
- name: Build the .NET runtime deps container image | |
run: | | |
set -x | |
archs=`cat rockcraft.*.dotnet-deps-8.0-${{ matrix.ubuntu-release }}.yaml | shyaml get-value platforms | shyaml keys` | |
buildx_platforms="linux/$(echo ${archs} | sed 's/ /,linux\//g')" | |
docker buildx build \ | |
--platform=${buildx_platforms} \ | |
--output type=oci,dest=dotnet-deps.tar \ | |
-f dotnet-deps/Dockerfile.${{ matrix.ubuntu-release }} \ | |
dotnet-deps | |
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ | |
-v $PWD:/workspace -w /workspace \ | |
${{ env.skopeo-image }} \ | |
copy oci-archive:dotnet-deps.tar \ | |
docker-daemon:${{ env.runtime-deps-image-name }} | |
docker buildx build \ | |
--platform=${buildx_platforms} \ | |
--output type=oci,dest=dotnet-deps-sbom.tar \ | |
-f dotnet-deps/Dockerfile.${{ matrix.ubuntu-release }} \ | |
--target sbom-prep \ | |
dotnet-deps | |
for arch in $archs; do | |
docker run --rm -v $PWD:/workspace \ | |
-w /workspace \ | |
${{ env.skopeo-image }} \ | |
copy --override-arch "$arch" \ | |
oci-archive:dotnet-deps-sbom.tar \ | |
oci-archive:"dotnet-deps-sbom.$arch.tar" | |
syft packages \ | |
-o spdx-json \ | |
--name "${{ env.runtime-deps-image-name }}" \ | |
oci-archive:"dotnet-deps-sbom.$arch.tar" > "dotnet-deps-${{ env.dotnet-version }}-${{ matrix.ubuntu-release }}-oci-$arch-root.sbom.spdx" | |
done | |
- name: Build the .NET runtime container image | |
run: | | |
set -x | |
archs=`cat rockcraft.*.dotnet-runtime-8.0-${{ matrix.ubuntu-release }}.yaml | shyaml get-value platforms | shyaml keys` | |
buildx_platforms="linux/$(echo ${archs} | sed 's/ /,linux\//g')" | |
docker buildx build \ | |
--platform=${buildx_platforms} \ | |
--output type=oci,dest=dotnet-runtime.tar \ | |
-f dotnet-runtime/Dockerfile.${{ matrix.ubuntu-release }} \ | |
dotnet-runtime | |
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ | |
-v $PWD:/workspace -w /workspace \ | |
${{ env.skopeo-image }} \ | |
copy oci-archive:dotnet-runtime.tar \ | |
docker-daemon:${{ env.runtime-image-name }} | |
docker buildx build \ | |
--platform=${buildx_platforms} \ | |
--output type=oci,dest=dotnet-runtime-sbom.tar \ | |
-f dotnet-runtime/Dockerfile.${{ matrix.ubuntu-release }} \ | |
--target sbom-prep \ | |
dotnet-runtime | |
for arch in $archs; do | |
docker run --rm -v $PWD:/workspace \ | |
-w /workspace \ | |
${{ env.skopeo-image }} \ | |
copy --override-arch "$arch" \ | |
oci-archive:dotnet-runtime-sbom.tar \ | |
oci-archive:"dotnet-runtime-sbom.$arch.tar" | |
syft packages \ | |
-o spdx-json \ | |
--name "${{ env.runtime-image-name }}" \ | |
oci-archive:"dotnet-runtime-sbom.$arch.tar" > "dotnet-runtime-${{ env.dotnet-version }}-${{ matrix.ubuntu-release }}-oci-$arch-root.sbom.spdx" | |
done | |
- name: Build the ASP.NET Core runtime container image | |
run: | | |
set -x | |
archs=`cat rockcraft.*.dotnet-aspnet-8.0-${{ matrix.ubuntu-release }}.yaml | shyaml get-value platforms | shyaml keys` | |
buildx_platforms="linux/$(echo ${archs} | sed 's/ /,linux\//g')" | |
docker buildx build \ | |
--platform=${buildx_platforms} \ | |
--output type=oci,dest=dotnet-aspnet.tar \ | |
-f dotnet-aspnet/Dockerfile.${{ matrix.ubuntu-release }} \ | |
dotnet-aspnet | |
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ | |
-v $PWD:/workspace -w /workspace \ | |
${{ env.skopeo-image }} \ | |
copy oci-archive:dotnet-aspnet.tar \ | |
docker-daemon:${{ env.aspnet-image-name }} | |
docker buildx build \ | |
--platform=${buildx_platforms} \ | |
--output type=oci,dest=dotnet-aspnet-sbom.tar \ | |
-f dotnet-aspnet/Dockerfile.${{ matrix.ubuntu-release }} \ | |
--target sbom-prep \ | |
dotnet-aspnet | |
for arch in $archs; do | |
docker run --rm -v $PWD:/workspace \ | |
-w /workspace \ | |
${{ env.skopeo-image }} \ | |
copy --override-arch "$arch" \ | |
oci-archive:dotnet-aspnet-sbom.tar \ | |
oci-archive:"dotnet-aspnet-sbom.$arch.tar" | |
syft packages \ | |
-o spdx-json \ | |
--name "${{ env.aspnet-image-name }}" \ | |
oci-archive:"dotnet-aspnet-sbom.$arch.tar" > "dotnet-aspnet-${{ env.dotnet-version }}-${{ matrix.ubuntu-release }}-oci-$arch-root.sbom.spdx" | |
done | |
- name: Upload SBOM artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: SBOMs | |
path: dotnet-*-root.sbom.spdx | |
- name: Run Tests | |
working-directory: ${{ github.workspace }}/tests | |
run: | | |
./run-all-tests ${{ env.runtime-deps-image-name }} ${{ env.runtime-image-name }} ${{ env.aspnet-image-name }} | |
- id: set-outputs | |
if: always() | |
run: | | |
echo "::set-output name=status::${{ job.status }}" | |
notify: | |
needs: | |
- build | |
if: always() | |
name: Post Workflow Status to Mattermost | |
runs-on: ubuntu-latest | |
steps: | |
- name: Create the Mattermost Message | |
run: | | |
case "${{ needs.build.outputs.build_status }}" in | |
failure) msg_icon=":x:" ;; | |
success) msg_icon=":white_check_mark:" ;; | |
cancelled) msg_icon=":no_entry_sign:" ;; | |
*) msg_icon=":grey_question:" ;; | |
esac | |
msg=$(cat << EOF | |
##### $msg_icon GitHub Workflow '${{ github.workflow }}' execution [#${{ github.run_number }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) has ended with the status \`${{ needs.build.outputs.build_status }}\`, for: | |
- Project: [${{ github.repository }}](${{ github.server_url }}/${{ github.repository }}) | |
- Branch: [${{ github.ref_name }}](${{ github.server_url }}/${{ github.repository }}/tree/${{ github.ref_name }}) | |
- Commit: [${{ github.sha }}](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}); _${{ github.event.head_commit.message }}_ | |
- Triggered by: ${{ github.triggering_actor }} | |
EOF | |
) | |
jq -n --arg message "$msg" >mattermost.json ' | |
{ | |
text: $message, | |
} | |
' | |
- uses: slackapi/[email protected] | |
with: | |
payload-file-path: "mattermost.json" | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.MATTERMOST_ROCKS_DEV_WEBHOOK_URL }} |