Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: upgrade SBOM generators #964

Merged
merged 1 commit into from
May 23, 2024
Merged

chore: upgrade SBOM generators #964

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,5 @@ utils/
.vscode/
*/.vscode/
*/dist-desktop/
sbom.*
*/sbom.*
106 changes: 53 additions & 53 deletions .github/workflows/pull_request.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,15 @@ jobs:
- name: Unit test
run: npm run test:unit

- name: Create server SBOM
run: npm run make-sbom

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-server
path: './td.server/sbom.*'

site_unit_tests:
name: Site unit tests
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -132,7 +141,7 @@ jobs:

- name: lint
run: npm run lint

- name: Unit test
run: npm run test:desktop

Expand Down Expand Up @@ -186,6 +195,13 @@ jobs:
ls -hal ./dist-desktop/linux-unpacked/
if: ${{ failure() }}

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-e2e-test-site
path: './td.vue/dist-desktop/bundled/.sbom/*'
if-no-files-found: error

build_docker_image:
name: Build docker image
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -214,7 +230,7 @@ jobs:
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and push
id: docker_build
uses: docker/build-push-action@v5.3.0
Expand All @@ -228,6 +244,18 @@ jobs:
cache-to: type=local,dest=/tmp/.buildx-cache
platforms: linux/amd64

- name: fetch app SBOM
run: docker run --rm --entrypoint tar "$IMAGE_ID" -c boms | tar -xv
env:
IMAGE_ID: ${{ steps.docker_build.outputs.imageid }}

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-container-image-app
path: './boms/*'
if-no-files-found: error

e2e_smokes:
name: Site e2e smokes
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -378,59 +406,31 @@ jobs:
format: 'table'
exit-code: 1

sbom_web:
name: SBOM web application
sbom_combiner:
name: SBOM combiner
runs-on: ubuntu-22.04
needs: [e2e_smokes]
needs:
- server_unit_tests
- desktop_e2e_tests
- build_docker_image
steps:
- name: Check out
uses: actions/checkout@v4.1.1

- name: Use Node.js 18.x
uses: actions/setup-node@v4.0.1
with:
node-version: '18'

- name: Cache NPM dir
uses: actions/cache@v4.0.0
- name: Fetch prepared SBOM artifacts
uses: actions/download-artifact@v4.1.7
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-

- name: Install packages
run: npm clean-install

- name: Prepare SBOM generation
run: mkdir sboms

- name: Create XML site SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.vue/'
output: './sboms/threat-dragon-site-bom.xml'

- name: Create JSON site SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.vue/'
output: './sboms/threat-dragon-site-bom.json'

- name: Create XML server SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.server/'
output: './sboms/threat-dragon-server-bom.xml'

- name: Create JSON server SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.server/'
output: './sboms/threat-dragon-server-bom.json'

- name: Save SBOMs artifact
pattern: 'sboms-*'
merge-multiple: false
path: 'raw/'
- name: Fetch SBOMs
run: |
set -eux
mkdir -p sboms/threat-dragon-container-image/app/
cp raw/sboms-server/sbom.json sboms/threat-dragon-server-bom.json
cp raw/sboms-server/sbom.xml sboms/threat-dragon-server-bom.xml
cp raw/sboms-desktop-e2e-test-site/bom.json sboms/threat-dragon-desktop-e2e-test-site-bom.json
cp raw/sboms-desktop-e2e-test-site/bom.xml sboms/threat-dragon-desktop-e2e-test-site-bom.xml
cp raw/sboms-container-image-app/* sboms/threat-dragon-container-image/app/
- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: threat-dragon-sboms
path: sboms
name: sboms
path: 'sboms/'
155 changes: 95 additions & 60 deletions .github/workflows/push.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,15 @@ jobs:
- name: Unit test
run: npm run test:unit

- name: Create SBOM
run: npm run make-sbom

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-server
path: './td.server/sbom.*'

site_unit_tests:
name: Site unit tests
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -166,7 +175,7 @@ jobs:

- name: lint
run: npm run lint

- name: Unit test
run: npm run test:desktop

Expand Down Expand Up @@ -219,6 +228,12 @@ jobs:
cat ./wdio-logs/*.log
if: ${{ failure() }}

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-e2e-test-site
path: './td.vue/dist-desktop/bundled/.sbom/*'

build_docker_image:
name: Build Latest docker
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -251,7 +266,7 @@ jobs:
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and push
id: docker_build
uses: docker/build-push-action@v5.3.0
Expand All @@ -265,6 +280,18 @@ jobs:
cache-to: type=local,dest=/tmp/.buildx-cache
platforms: linux/amd64,linux/arm64

- name: fetch app SBOMs
run: docker run --rm --entrypoint tar "$IMAGE_ID" -c boms | tar -xv
env:
IMAGE_ID: ${{ steps.docker_build.outputs.imageid }}

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-container-image-app
path: './boms/*'
if-no-files-found: error

heroku_deploy:
name: Upload to Heroku
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -490,64 +517,6 @@ jobs:
format: 'table'
exit-code: 1

sbom_web:
name: SBOM web application
runs-on: ubuntu-22.04
needs: [e2e_smokes]

steps:
- name: Check out
uses: actions/checkout@v4.1.1

- name: Use Node.js 18.x
uses: actions/setup-node@v4.0.1
with:
node-version: '18'

- name: Cache NPM dir
uses: actions/cache@v4.0.0
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-

- name: Install packages
run: npm clean-install

- name: Prepare SBOM generation
run: mkdir sboms

- name: Create XML site SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.vue/'
output: './sboms/threat-dragon-site-bom.xml'

- name: Create JSON site SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.vue/'
output: './sboms/threat-dragon-site-bom.json'

- name: Create XML server SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.server/'
output: './sboms/threat-dragon-server-bom.xml'

- name: Create JSON server SBOM
uses: CycloneDX/gh-node-module-generatebom@v1.0.3
with:
path: './td.server/'
output: './sboms/threat-dragon-server-bom.json'

- name: Save SBOMs artifact
uses: actions/upload-artifact@v4.3.0
with:
name: threat-dragon-sboms
path: sboms

desktop_windows_test:
name: Windows desktop build
runs-on: windows-latest
Expand Down Expand Up @@ -591,6 +560,13 @@ jobs:
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \;

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-windows-site
path: './td.vue/dist-desktop/bundled/.sbom/*'
if-no-files-found: error

desktop_macos_test:
name: MacOS desktop build
runs-on: macos-latest
Expand Down Expand Up @@ -644,6 +620,13 @@ jobs:
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \; -print

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-macos-site
path: './td.vue/dist-desktop/bundled/.sbom/*'
if-no-files-found: error

desktop_linux_test:
name: Linux desktop build
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -682,6 +665,13 @@ jobs:
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \; -print

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-linux-site
path: './td.vue/dist-desktop/bundled/.sbom/*'
if-no-files-found: error

desktop_linux_snap_test:
name: Linux snap build
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -719,3 +709,48 @@ jobs:
- name: Print logs on error
if: ${{ failure() }}
run: find . -name "*.log" -exec cat '{}' \; -print

- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms-desktop-linux-snap-site
path: './td.vue/dist-desktop/bundled/.sbom/*'
if-no-files-found: error

sbom_combiner:
name: SBOM combiner
runs-on: ubuntu-22.04
needs:
- server_unit_tests
- desktop_macos_test
- desktop_linux_test
- desktop_linux_snap_test
- desktop_windows_test
- build_docker_image
steps:
- name: Fetch prepared SBOM artifacts
uses: actions/download-artifact@v4.1.7
with:
pattern: 'sboms-*'
merge-multiple: false
path: 'raw/'
- name: Fetch SBOMs
run: |
set -eux
mkdir -p sboms/threat-dragon-container-image/app/
cp raw/sboms-server/sbom.json sboms/threat-dragon-server-bom.json
cp raw/sboms-server/sbom.xml sboms/threat-dragon-server-bom.xml
cp raw/sboms-desktop-windows-site/bom.json sboms/threat-dragon-desktop-windows-site-bom.json
cp raw/sboms-desktop-windows-site/bom.xml sboms/threat-dragon-desktop-windows-site-bom.xml
cp raw/sboms-desktop-macos-site/bom.json sboms/threat-dragon-desktop-macos-site-bom.json
cp raw/sboms-desktop-macos-site/bom.xml sboms/threat-dragon-desktop-macos-site-bom.xml
cp raw/sboms-desktop-linux-site/bom.json sboms/threat-dragon-desktop-linux-site-bom.json
cp raw/sboms-desktop-linux-site/bom.xml sboms/threat-dragon-desktop-linux-site-bom.xml
cp raw/sboms-desktop-linux-snap-site/bom.json sboms/threat-dragon-desktop-linux-snap-site-bom.json
cp raw/sboms-desktop-linux-snap-site/bom.xml sboms/threat-dragon-desktop-linux-snap-site-bom.xml
cp raw/sboms-container-image-app/* sboms/threat-dragon-container-image/app/
- name: Save SBOM artifact
uses: actions/upload-artifact@v4.3.0
with:
name: sboms
path: 'sboms/'
Loading