Skip to content
Phase 3 - Yocto

recomment sstate #7

Sign in to view logs

recomment sstate

recomment sstate #7

Workflow file for this run

.github/workflows/phase_3_yocto.yml at d5bbbe2
---
name: Phase 3 - Yocto
on:
push:
paths:
- .github/workflows/phase_3_yocto.yml
env:
YOCTO_TAG: styhead-5.1
PARLAY_VERSION: 0.6.0
SBOMASM_VERSION: 0.1.5
SBOMQS_VERSION: 0.1.9
TRIVY_VERSION: 0.54.1
jobs:
Generate:
runs-on: ubuntu-latest
steps:
- name: Setup Environment
run: |
sudo apt update
sudo apt install -y gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 python3-subunit zstd liblz4-tool file locales libacl1
sudo locale-gen en_US.UTF-8
- name: Checkout Yocto
run: |
git clone git://git.yoctoproject.org/poky
cd poky
git checkout ${YOCTO_TAG}
- name: Build Yocto
run: |
cd poky
source oe-init-build-env
echo "BB_NUMBER_THREADS=\"8\"" >> conf/local.conf
echo "PARALLEL_MAKE=\"-j 8\"" >> conf/local.conf
echo "INHERIT += \"rm_work\"" >> conf/local.conf
# echo "BB_HASHSERVE = \"auto\"" >> conf/site.conf
# echo "BB_HASHSERVE_UPSTREAM = \"hashserv.yoctoproject.org:8687\"" >> conf/site.conf
# echo -e "SSTATE_MIRRORS = \" \\ \nfile://.* http://sstate.yoctoproject.org/all/PATH;downloadfilename=PATH \\\n \\ \nfile://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \\\n \\ \n\"" >> conf/site.conf
bitbake core-image-minimal
# - name: Upload Generated CycloneDX SBOM
# uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
# with:
# name: generated-kubectl-sbom-cyclonedx
# path: "/tmp/generated-kubectl-sbom.cdx.json"
#
# - name: Upload Generated SPDX SBOM
# uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
# with:
# name: generated-kubectl-sbom-spdx
# path: "/tmp/generated-kubectl-sbom.spdx.json"
# Augment:
# runs-on: ubuntu-latest
# needs: Generate
# steps:
#
# - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
#
# - name: Download all workflow run artifacts
# uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
#
# - name: Install sbomasm
# run: |
# curl -L -o /tmp/sbomasm \
# "https://github.com/interlynk-io/sbomasm/releases/download/v${SBOMASM_VERSION}/sbomasm-linux-amd64"
# chmod +x /tmp/sbomasm
#
# - name: Augment Kubectl SPDX
# run: |
# # Augment the Generated SPDX with updated document information
# # - Using `--append` option to ensure the author information is appended instead
# # of replacing the tool information.
# /tmp/sbomasm edit --append --subject Document \
# --author 'CISA Tiger Group for SBOM Generation Reference Implementations' \
# --supplier 'kubernetes (https://kubernetes.io/kubectl)' \
# --repository 'https://github.com/kubernetes/kubectl' \
# --license 'Apache-2.0 (https://raw.githubusercontent.com/kubernetes/kubectl/refs/heads/master/LICENSE)' \
# generated-kubectl-sbom-spdx/generated-kubectl-sbom.spdx.json > augmented_kubectl-sbom.spdx.json
#
# # Augment the Generated SPDX with updated primary component information
# /tmp/sbomasm edit --subject primary-component \
# --supplier 'kubernetes (https://kubernetes.io/kubectl)' \
# --repository 'https://github.com/kubernetes/kubectl' \
# --license 'Apache-2.0 (https://raw.githubusercontent.com/kubernetes/kubectl/refs/heads/master/LICENSE)' \
# augmented_kubectl-sbom.spdx.json > /tmp/augmented_kubectl-sbom.spdx.json
#
# - name: Augment Kubectl CycloneDX
# run: |
# # Augment the Generated CycloneDX with updated document information
# /tmp/sbomasm edit --subject Document \
# --author 'CISA Tiger Group for SBOM Generation Reference Implementations' \
# --supplier 'kubernetes (https://kubernetes.io/kubectl)' \
# --lifecycle 'pre-build' \
# --repository 'https://github.com/kubernetes/kubectl' \
# --license 'Apache-2.0 (https://raw.githubusercontent.com/kubernetes/kubectl/refs/heads/master/LICENSE)' \
# generated-kubectl-sbom-cyclonedx/generated-kubectl-sbom.cdx.json > augmented_kubectl-sbom.cdx.json
#
# # Augment the Generated CycloneDX with updated primary component information
# /tmp/sbomasm edit --subject primary-component \
# --author 'CISA Tiger Group for SBOM Generation Reference Implementations' \
# --supplier 'kubernetes (https://kubernetes.io/kubectl)' \
# --repository 'https://github.com/kubernetes/kubectl' \
# --license 'Apache-2.0 (https://raw.githubusercontent.com/kubernetes/kubectl/refs/heads/master/LICENSE)' \
# augmented_kubectl-sbom.cdx.json > /tmp/augmented_kubectl-sbom.cdx.json
#
# - name: Upload Augmented SPDX SBOM
# uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
# with:
# name: augmented-kubectl-sbom-spdx
# path: "/tmp/augmented_kubectl-sbom.spdx.json"
#
# - name: Upload Augmented CycloneDX SBOM
# uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
# with:
# name: augmented-kubectl-sbom-cyclonedx
# path: "/tmp/augmented_kubectl-sbom.cdx.json"
#
# Enrich:
# runs-on: ubuntu-latest
# needs: Augment
# steps:
#
# - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
#
# - name: Download all workflow run artifacts
# uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
#
# - name: Install parlay
# run: |
# curl -Ls https://github.com/snyk/parlay/releases/download/v${PARLAY_VERSION}/parlay_Linux_x86_64.tar.gz | tar xvz -C /tmp
# chmod +x /tmp/parlay
#
# - name: Enrich Kubectl CycloneDX
# run: |
# /tmp/parlay ecosystems enrich \
# augmented-kubectl-sbom-cyclonedx/augmented_kubectl-sbom.cdx.json > /tmp/enriched_kubectl-sbom.cdx.json
#
# - name: Enrich Kubectl SPDX
# run: |
# /tmp/parlay ecosystems enrich \
# augmented-kubectl-sbom-spdx/augmented_kubectl-sbom.spdx.json > /tmp/enriched_kubectl-sbom.spdx.json
#
# - name: Upload Enriched SPDX SBOM
# uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
# with:
# name: enriched-kubectl-sbom-spdx
# path: "/tmp/enriched_kubectl-sbom.spdx.json"
#
# - name: Upload Enriched CycloneDX SBOM
# uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
# with:
# name: enriched-kubectl-sbom-cyclonedx
# path: "/tmp/enriched_kubectl-sbom.cdx.json"
#
# - name: Save Final SBOMs
# run: |
# cp /tmp/enriched_kubectl-sbom.spdx.json /tmp/final_kubectl-sbom.spdx.json
# cp /tmp/enriched_kubectl-sbom.cdx.json /tmp/final_kubectl-sbom.cdx.json
#
# - name: Upload Final SPDX SBOM
# uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
# with:
# name: final-kubectl-sbom-spdx
# path: "/tmp/final_kubectl-sbom.spdx.json"
#
# - name: Upload Final CycloneDX SBOM
# uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
# with:
# name: final-kubectl-sbom-cyclonedx
# path: "/tmp/final_kubectl-sbom.cdx.json"
#
# Validate:
# needs: Enrich
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
#
# - name: Download SBOMs
# uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
#
# - name: Install sbomqs
# run: |
# curl -L -o /tmp/sbomqs \
# "https://github.com/interlynk-io/sbomqs/releases/download/v${SBOMQS_VERSION}/sbomqs-linux-amd64"
# chmod +x /tmp/sbomqs
#
# - name: "Display SBOM quality score through sbomqs"
# run: |
# echo \`\`\` >> ${GITHUB_STEP_SUMMARY}
# for SBOM in $(find . -iname final*.json); do
# /tmp/sbomqs score "$SBOM" >> ${GITHUB_STEP_SUMMARY}
# done
# echo \`\`\` >> ${GITHUB_STEP_SUMMARY}