Skip to content

Commit

Permalink
Merge pull request #964 from jkowalleck/chore/sbom_migrate-to_cyclone…
Browse files Browse the repository at this point in the history 
…dx-npm

chore: upgrade SBOM generators
  • Loading branch information
@jgadsden
jgadsden authored May 23, 2024
2 parents f6c371c + dd9627d commit d61d7e8
Show file tree
Hide file tree
Showing 10 changed files with 1,609 additions and 158 deletions.
2 changes: 2 additions & 0 deletions .dockerignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,5 @@ utils/
.vscode/
*/.vscode/
*/dist-desktop/
sbom.*
*/sbom.*
106 changes: 53 additions & 53 deletions .github/workflows/pull_request.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,15 @@ jobs:
- name: Unit test
run: npm run test:unit

- name: Create server SBOM
run: npm run make-sbom

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-server
path: './td.server/sbom.*'

site_unit_tests:
name: Site unit tests
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -132,7 +141,7 @@ jobs:

- name: lint
run: npm run lint

- name: Unit test
run: npm run test:desktop

Expand Down Expand Up @@ -186,6 +195,13 @@ jobs:
ls -hal ./dist-desktop/linux-unpacked/
if: ${{ failure() }}

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-e2e-test-site
path: './td.vue/dist-desktop/bundled/.sbom/*'
if-no-files-found: error

build_docker_image:
name: Build docker image
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -214,7 +230,7 @@ jobs:
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and push
id: docker_build
uses: docker/build-push-action@v5.3.0
Expand All @@ -228,6 +244,18 @@ jobs:
cache-to: type=local,dest=/tmp/.buildx-cache
platforms: linux/amd64

- name: fetch app SBOM
run: docker run --rm --entrypoint tar "$IMAGE_ID" -c boms | tar -xv
env:
IMAGE_ID: ${{ steps.docker_build.outputs.imageid }}

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-container-image-app
path: './boms/*'
if-no-files-found: error

e2e_smokes:
name: Site e2e smokes
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -378,59 +406,31 @@ jobs:
format: 'table'
exit-code: 1

sbom_web:
name: SBOM web application
sbom_combiner:
name: SBOM combiner
runs-on: ubuntu-22.04
needs: [e2e_smokes]
needs:
- server_unit_tests
- desktop_e2e_tests
- build_docker_image
steps:
- name: Check out
uses: actions/checkout@v4.1.1

- name: Use Node.js 18.x
uses: actions/setup-node@v4.0.1
with:
node-version: '18'

- name: Cache NPM dir
uses: actions/cache@v4.0.0
- name: Fetch prepared SBOM artifacts
uses: actions/download-artifact@v4.1.7
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install packages
run: npm clean-install

- name: Prepare SBOM generation
run: mkdir sboms

- name: Create XML site SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.vue/'
output: './sboms/threat-dragon-site-bom.xml'

- name: Create JSON site SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.vue/'
output: './sboms/threat-dragon-site-bom.json'

- name: Create XML server SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.server/'
output: './sboms/threat-dragon-server-bom.xml'

- name: Create JSON server SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.server/'
output: './sboms/threat-dragon-server-bom.json'

- name: Save SBOMs artifact
pattern: 'sboms-*'
merge-multiple: false
path: 'raw/'
- name: Fetch SBOMs
run: |
set -eux
mkdir -p sboms/threat-dragon-container-image/app/
cp raw/sboms-server/sbom.json sboms/threat-dragon-server-bom.json
cp raw/sboms-server/sbom.xml sboms/threat-dragon-server-bom.xml
cp raw/sboms-desktop-e2e-test-site/bom.json sboms/threat-dragon-desktop-e2e-test-site-bom.json
cp raw/sboms-desktop-e2e-test-site/bom.xml sboms/threat-dragon-desktop-e2e-test-site-bom.xml
cp raw/sboms-container-image-app/* sboms/threat-dragon-container-image/app/
- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: threat-dragon-sboms
path: sboms
name: sboms
path: 'sboms/'
155 changes: 95 additions & 60 deletions .github/workflows/push.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,15 @@ jobs:
- name: Unit test
run: npm run test:unit

- name: Create SBOM
run: npm run make-sbom

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-server
path: './td.server/sbom.*'

site_unit_tests:
name: Site unit tests
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -166,7 +175,7 @@ jobs:

- name: lint
run: npm run lint

- name: Unit test
run: npm run test:desktop

Expand Down Expand Up @@ -219,6 +228,12 @@ jobs:
cat ./wdio-logs/*.log
if: ${{ failure() }}

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-e2e-test-site
path: './td.vue/dist-desktop/bundled/.sbom/*'

build_docker_image:
name: Build Latest docker
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -251,7 +266,7 @@ jobs:
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and push
id: docker_build
uses: docker/build-push-action@v5.3.0
Expand All @@ -265,6 +280,18 @@ jobs:
cache-to: type=local,dest=/tmp/.buildx-cache
platforms: linux/amd64,linux/arm64

- name: fetch app SBOMs
run: docker run --rm --entrypoint tar "$IMAGE_ID" -c boms | tar -xv
env:
IMAGE_ID: ${{ steps.docker_build.outputs.imageid }}

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-container-image-app
path: './boms/*'
if-no-files-found: error

heroku_deploy:
name: Upload to Heroku
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -490,64 +517,6 @@ jobs:
format: 'table'
exit-code: 1

sbom_web:
name: SBOM web application
runs-on: ubuntu-22.04
needs: [e2e_smokes]

steps:
- name: Check out
uses: actions/checkout@v4.1.1

- name: Use Node.js 18.x
uses: actions/setup-node@v4.0.1
with:
node-version: '18'

- name: Cache NPM dir
uses: actions/cache@v4.0.0
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install packages
run: npm clean-install

- name: Prepare SBOM generation
run: mkdir sboms

- name: Create XML site SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.vue/'
output: './sboms/threat-dragon-site-bom.xml'

- name: Create JSON site SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.vue/'
output: './sboms/threat-dragon-site-bom.json'

- name: Create XML server SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.server/'
output: './sboms/threat-dragon-server-bom.xml'

- name: Create JSON server SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.server/'
output: './sboms/threat-dragon-server-bom.json'

- name: Save SBOMs artifact
uses: actions/upload-artifact@v4.3.0
with:
name: threat-dragon-sboms
path: sboms

desktop_windows_test:
name: Windows desktop build
runs-on: windows-latest
Expand Down Expand Up @@ -591,6 +560,13 @@ jobs:
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \;

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-windows-site
path: './td.vue/dist-desktop/bundled/.sbom/*'
if-no-files-found: error

desktop_macos_test:
name: MacOS desktop build
runs-on: macos-latest
Expand Down Expand Up @@ -644,6 +620,13 @@ jobs:
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \; -print

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-macos-site
path: './td.vue/dist-desktop/bundled/.sbom/*'
if-no-files-found: error

desktop_linux_test:
name: Linux desktop build
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -682,6 +665,13 @@ jobs:
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \; -print

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-linux-site
path: './td.vue/dist-desktop/bundled/.sbom/*'
if-no-files-found: error

desktop_linux_snap_test:
name: Linux snap build
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -719,3 +709,48 @@ jobs:
- name: Print logs on error
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \; -print

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-linux-snap-site
path: './td.vue/dist-desktop/bundled/.sbom/*'
if-no-files-found: error

sbom_combiner:
name: SBOM combiner
runs-on: ubuntu-22.04
needs:
- server_unit_tests
- desktop_macos_test
- desktop_linux_test
- desktop_linux_snap_test
- desktop_windows_test
- build_docker_image
steps:
- name: Fetch prepared SBOM artifacts
uses: actions/download-artifact@v4.1.7
with:
pattern: 'sboms-*'
merge-multiple: false
path: 'raw/'
- name: Fetch SBOMs
run: |
set -eux
mkdir -p sboms/threat-dragon-container-image/app/
cp raw/sboms-server/sbom.json sboms/threat-dragon-server-bom.json
cp raw/sboms-server/sbom.xml sboms/threat-dragon-server-bom.xml
cp raw/sboms-desktop-windows-site/bom.json sboms/threat-dragon-desktop-windows-site-bom.json
cp raw/sboms-desktop-windows-site/bom.xml sboms/threat-dragon-desktop-windows-site-bom.xml
cp raw/sboms-desktop-macos-site/bom.json sboms/threat-dragon-desktop-macos-site-bom.json
cp raw/sboms-desktop-macos-site/bom.xml sboms/threat-dragon-desktop-macos-site-bom.xml
cp raw/sboms-desktop-linux-site/bom.json sboms/threat-dragon-desktop-linux-site-bom.json
cp raw/sboms-desktop-linux-site/bom.xml sboms/threat-dragon-desktop-linux-site-bom.xml
cp raw/sboms-desktop-linux-snap-site/bom.json sboms/threat-dragon-desktop-linux-snap-site-bom.json
cp raw/sboms-desktop-linux-snap-site/bom.xml sboms/threat-dragon-desktop-linux-snap-site-bom.xml
cp raw/sboms-container-image-app/* sboms/threat-dragon-container-image/app/
- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms
path: 'sboms/'
Loading

0 comments on commit d61d7e8

Please sign in to comment.