diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml index 7167c3f83..eb79db411 100644 --- a/.github/workflows/dockertests.yml +++ b/.github/workflows/dockertests.yml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: true matrix: - os: [ubuntu-latest] + os: ['ubuntu-24.04', 'ubuntu-24.04-arm'] node-version: ['23.x'] java-version: ['23'] runs-on: ${{ matrix.os }} @@ -51,6 +51,7 @@ jobs: repository: 'grafana-operator/grafana-operator' path: 'repotests/grafana-operator' - name: dockertests + if: matrix.os == 'ubuntu-24.04' run: | bin/cdxgen.js ubuntu:latest -t docker -o bomresults/bom-ubuntu.json --fail-on-error docker rmi ubuntu:latest @@ -82,10 +83,26 @@ jobs: ls -ltr bomresults env: CDXGEN_DEBUG_MODE: debug + - name: dockertests arm + if: matrix.os == 'ubuntu-24.04-arm' + run: | + bin/cdxgen.js ubuntu:latest -t docker -o bomresults/bom-ubuntu.json --fail-on-error + docker rmi ubuntu:latest + bin/cdxgen.js alpine:latest -t docker -o bomresults/bom-alpine.json --fail-on-error + docker rmi alpine:latest + bin/cdxgen.js almalinux:9.4-minimal -t docker -o bomresults/bom-almalinux.json --fail-on-error + docker rmi almalinux:9.4-minimal + bin/cdxgen.js centos:latest -t oci -o bomresults/bom-centos.json --fail-on-error + docker rmi centos:latest + bin/cdxgen.js -t docker-compose test/data -o bomresults/bom-dc.json --fail-on-error + bin/cdxgen.js -t operator repotests/grafana-operator -o bomresults/bom-op.json --fail-on-error + ls -ltr bomresults + env: + CDXGEN_DEBUG_MODE: debug linux-dockertar-tests: strategy: matrix: - os: [ubuntu-latest] + os: ['ubuntu-24.04', 'ubuntu-24.04-arm'] node-version: ['23.x'] java-version: ['23'] runs-on: ${{ matrix.os }} @@ -121,6 +138,7 @@ jobs: repository: 'grafana-operator/grafana-operator' path: 'repotests/grafana-operator' - name: dockertests + if: matrix.os == 'ubuntu-24.04' run: | docker pull elasticsearch@sha256:3686a5757ed46c9dbcf00f6f71fce48ffc5413b193a80d1c46a21e7aad4c53ad docker save -o /tmp/elastic.tar elasticsearch@sha256:3686a5757ed46c9dbcf00f6f71fce48ffc5413b193a80d1c46a21e7aad4c53ad @@ -134,12 +152,12 @@ jobs: env: CDXGEN_DEBUG_MODE: debug os-tests: - runs-on: ubuntu-latest - strategy: matrix: node-version: ['23.x'] java-version: ['23'] + os: [ubuntu-24.04, ubuntu-24.04-arm] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} @@ -172,6 +190,7 @@ jobs: env: CDXGEN_DEBUG_MODE: debug - uses: actions/upload-artifact@v4 + if: matrix.os == 'ubuntu-24.04-arm' with: name: bomresults-os path: bomresults diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9e2f96e5b..5ee5a3aa2 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ on: pull_request: jobs: lint: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 4e7bf2622..f589245d0 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -13,7 +13,7 @@ concurrency: cancel-in-progress: true jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: contents: read strategy: diff --git a/.github/workflows/python-atom-tests.yml b/.github/workflows/python-atom-tests.yml index 48ae473d0..e7b6b1b3b 100644 --- a/.github/workflows/python-atom-tests.yml +++ b/.github/workflows/python-atom-tests.yml @@ -8,7 +8,7 @@ concurrency: cancel-in-progress: true jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: matrix: node-version: ['23.x'] diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index 6f6016a67..3884eb7ea 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -15,7 +15,7 @@ jobs: fail-fast: true matrix: node-version: ['23.x'] - os: ['ubuntu-latest', 'windows-latest'] + os: ['ubuntu-24.04', 'ubuntu-24.04-arm', 'windows-latest', 'macos-15'] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -33,17 +33,27 @@ jobs: deno-version: v2.x - uses: oven-sh/setup-bun@v1 - name: Trim CI agent - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-24.04' || matrix.os == 'ubuntu-24.04-arm' run: | chmod +x contrib/free_disk_space.sh ./contrib/free_disk_space.sh - uses: sbt/setup-sbt@v1 - name: Install bazelisk - linux - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-24.04' run: | curl -LO "https://github.com/bazelbuild/bazelisk/releases/download/v1.20.0/bazelisk-linux-amd64" sudo mv bazelisk-linux-amd64 /usr/local/bin/bazel chmod +x /usr/local/bin/bazel + - name: Install bazelisk - linux arm + if: matrix.os == 'ubuntu-24.04-arm' + run: | + curl -LO "https://github.com/bazelbuild/bazelisk/releases/download/v1.20.0/bazelisk-linux-arm64" + sudo mv bazelisk-linux-arm64 /usr/local/bin/bazel + chmod +x /usr/local/bin/bazel + - name: Install bazelisk - mac + if: matrix.os == 'macos-15' + run: | + brew install bazelisk - name: Install bazelisk - windows if: matrix.os == 'windows-latest' run: choco install -y bazel @@ -60,9 +70,13 @@ jobs: CDXGEN_TEMP_DIR: ${{ runner.temp }}/cdxgen-repotests - name: Setup Android SDK uses: android-actions/setup-android@v3 - if: matrix.os != 'self-hosted' + with: + packages: 'platform-tools' + - run: sdkmanager --uninstall "build-tools;30.0.3" - uses: swift-actions/setup-swift@v2 - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-24.04' || matrix.os == 'macos-15' + with: + swift-version: '6.0' - name: Set up Python uses: actions/setup-python@v5 with: @@ -324,7 +338,7 @@ jobs: bin/cdxgen.js -p -t java -exclude-type js repotests/java-sec-code -o bomresults/bom-java-sec-code-10.json shell: bash - name: repotests greyhound - if: matrix.os == 'ubuntu-latest' + if: matrix.os == 'ubuntu-24.04' run: | bin/cdxgen.js -p -r -t java11 repotests/greyhound -o bomresults/bom-greyhound-java.json bin/cdxgen.js -p -r -t gradle repotests/greyhound -o bomresults/bom-greyhound-gradle.json @@ -399,6 +413,7 @@ jobs: CDXGEN_DEBUG_MODE=debug ASTGEN_IGNORE_DIRS="" node bin/evinse.js -i bomresults/bom-svelte.json -o bomresults/bom-svelte.evinse.json -l javascript --with-reachables -p repotests/sveltejs-examples shell: bash - name: repotests shiftleft-go-example + if: matrix.os != 'macos-15' run: | FETCH_LICENSE=false bin/cdxgen.js -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json --fail-on-error --export-proto shell: bash @@ -448,6 +463,7 @@ jobs: CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t clojure repotests/ziggurat -o bomresults/bom-clj.json --fail-on-error shell: bash - name: repotests swift-markdown + if: matrix.os == 'ubuntu-24.04' || matrix.os == 'macos-15' run: | CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t swift repotests/swift-markdown -o bomresults/bom-swift.json CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t swift repotests/swift-markdown -o bomresults/bom-swift.json --profile research @@ -567,7 +583,6 @@ jobs: SBOM_SIGN_ALGORITHM=RS512 SBOM_SIGN_PRIVATE_KEY=bomresults/private.key SBOM_SIGN_PUBLIC_KEY=bomresults/public.key bin/cdxgen.js -p -r -t github repotests/shiftleft-java-example -o bomresults/1.6-bom-github.json --spec-version 1.6 FETCH_LICENSE=0 bin/cdxgen.js -r -t js repotests/shiftleft-ts-example -o bomresults/1.6-bom-ts-1.json --fail-on-error --spec-version 1.6 FETCH_LICENSE=1 bin/cdxgen.js -r -t js repotests/shiftleft-ts-example --required-only -o bomresults/1.6-bom-ts-2.json --fail-on-error --spec-version 1.6 - FETCH_LICENSE=false bin/cdxgen.js -r -t go repotests/shiftleft-go-example -o bomresults/1.6-bom-go.json --fail-on-error --spec-version 1.6 FETCH_LICENSE=true bin/cdxgen.js -r -t csharp repotests/vulnerable_net_core -o bomresults/1.6-bom-csharp2.json --spec-version 1.6 FETCH_LICENSE=false bin/cdxgen.js -r repotests/Goatly.NET -o bomresults/1.6-bom-csharp3.json --spec-version 1.6 FETCH_LICENSE=true bin/cdxgen.js -r -t python repotests/DjanGoat -o bomresults/1.6-bom-python.json --fail-on-error --spec-version 1.6 @@ -579,7 +594,6 @@ jobs: SBOM_SIGN_ALGORITHM=RS512 SBOM_SIGN_PRIVATE_KEY=bomresults/private.key SBOM_SIGN_PUBLIC_KEY=bomresults/public.key bin/cdxgen.js -p -r -t github repotests/shiftleft-java-example -o bomresults/1.4-bom-github.json --spec-version 1.4 FETCH_LICENSE=0 bin/cdxgen.js -r -t js repotests/shiftleft-ts-example -o bomresults/1.4-bom-ts-1.json --fail-on-error --spec-version 1.4 FETCH_LICENSE=1 bin/cdxgen.js -r -t js repotests/shiftleft-ts-example --required-only -o bomresults/1.4-bom-ts-2.json --fail-on-error --spec-version 1.4 - FETCH_LICENSE=false bin/cdxgen.js -r -t go repotests/shiftleft-go-example -o bomresults/1.4-bom-go.json --fail-on-error --spec-version 1.4 FETCH_LICENSE=true bin/cdxgen.js -r -t csharp repotests/vulnerable_net_core -o bomresults/1.4-bom-csharp2.json --spec-version 1.4 FETCH_LICENSE=false bin/cdxgen.js -r repotests/Goatly.NET -o bomresults/1.4-bom-csharp3.json --spec-version 1.4 FETCH_LICENSE=true bin/cdxgen.js -r -t python repotests/DjanGoat -o bomresults/1.4-bom-python.json --fail-on-error --spec-version 1.4 @@ -607,7 +621,7 @@ jobs: continue-on-error: true shell: bash - uses: actions/upload-artifact@v4 - if: github.ref == 'refs/heads/master' && matrix.os == 'ubuntu-latest' + if: github.ref == 'refs/heads/master' && matrix.os == 'ubuntu-24.04-arm' with: name: bomresults path: bomresults