Skip to content

Commit

Permalink
Generate SBOM for generated Package
Browse files Browse the repository at this point in the history 
Closes #4770
  • Loading branch information
@FirelightFlagboy
FirelightFlagboy committed Jun 27, 2023
1 parent 38a3f53 commit 8560dda
Show file tree
Hide file tree
Showing 5 changed files with 65 additions and 30 deletions.
18 changes: 10 additions & 8 deletions .cspell/custom-words.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,6 @@ browserslistrc
Bsas
bxsalsa
cachekey
latexmk
librsvg
luatex
LATEXMKOPTS
CAFILE
camelcase
capacitorjs
Expand Down Expand Up @@ -125,6 +121,7 @@ HKCR
HKCU
HKLM
Hodi
htmlcov
hypercorn
icccm
IDCANCEL
Expand All @@ -145,6 +142,8 @@ JsonSchema
jvmargs
KeyFile
keysyms
latexmk
LATEXMKOPTS
latexpdfja
levelno
libasound
Expand Down Expand Up @@ -193,6 +192,7 @@ libqtuiotouchplugin
libqtwebview
libqvnc
libqwebgl
librsvg
libscene
LibSodium
libsqlite
Expand All @@ -214,6 +214,7 @@ lproj
lsregister
lstfiracode
lualatex
luatex
MACBYTES
MACFUSE
makensis
Expand All @@ -237,26 +238,26 @@ multibytes
mycapacitorapp
myclass
Nanos
ntns
ntics
napi
newsfragment
newsfragments
Niño
nmspc
nocapture
noserver
NONCEBYTES
noopener
noreferrer
noreply
noserver
notbase
notr
nplurals
npmkeep
NSIS
NSISDIR
NSPHINXOPTS
ntics
ntns
ntstatus
numprocesses
onboarded
Expand All @@ -271,10 +272,10 @@ oscrypto
OSXFUSE
OURCYGPATTERN
Owholemodule
Passw0rd
PAAS
packb
pagetotal
Passw0rd
pems
pgdg
PGINSTALLATION
Expand Down Expand Up @@ -399,6 +400,7 @@ stucking
subcode
subsec
swiftclient
syft
SymKey
syncer
systray
Expand Down
15 changes: 14 additions & 1 deletion .github/workflows/package-server.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,10 +49,13 @@ jobs:
matrix:
include:
- name: 🐧 Linux
platform: linux
os: ubuntu-22.04
- name: 🍎 macOS
platform: macos
os: macos-12
- name: 🏁 Windows
platform: windows
os: windows-2022
name: "${{ matrix.name }}: 📦 Packaging (build Wheel)"
runs-on: ${{ matrix.os }}
Expand Down Expand Up @@ -141,9 +144,19 @@ jobs:
- name: Generate requirements & constraints infos
run: python server/packaging/wheel/wheel_it.py ./server --output dist --skip-wheel

# Install syft
- uses: taiki-e/install-action@486baeb8af63bc3d9ec3ec66db5af6ba0ca78774 # pin v2.11.6
with:
tool: syft@0.84.0

- name: Generate SBOM
run: /usr/local/bin/syft packages --config=.syft.yaml --output=spdx-json=Parsec-Wheel-${{ matrix.platform }}.spdx.json

- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin v3.1.2
with:
name: ${{ runner.os }}-${{ runner.arch }}-wheel
path: dist/
path: |
dist/
Parsec-Wheel-${{ matrix.platform }}.spdx.json
if-no-files-found: error
timeout-minutes: 5
45 changes: 24 additions & 21 deletions .github/workflows/package-webapp.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,25 +37,10 @@ jobs:
run: npm clean-install
working-directory: client

- name: Install wasm-pack
run: |
set -eux
set -o pipefail
BASE_DIR=wasm-pack-v${{ env.wasm-pack-version }}-x86_64-unknown-linux-musl
mkdir -p ~/.local/bin
curl -sSL \
https://github.com/rustwasm/wasm-pack/releases/download/v${{ env.wasm-pack-version }}/$BASE_DIR.tar.gz \
| tar --extract --gzip --to-stdout \
$BASE_DIR/wasm-pack \
> ~/.local/bin/wasm-pack
chmod a+rx ~/.local/bin/wasm-pack
echo $HOME/.local/bin >> $GITHUB_PATH
timeout-minutes: 2
# Install syft
- uses: taiki-e/install-action@486baeb8af63bc3d9ec3ec66db5af6ba0ca78774 # pin v2.11.6
with:
tool: syft@0.84.0, wasm-pack@${{ env.wasm-pack-version }}

- name: Build web bindings
run: npm run build:release
Expand All @@ -65,10 +50,15 @@ jobs:
run: npm run web:release
working-directory: client

- name: Generate SBOM
run: /usr/local/bin/syft packages --config=.syft.yaml --output=spdx-json=Parsec-SBOM-Web.spdx.json

- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin v3.1.2
with:
name: webapp
path: client/dist/
path: |
client/dist/
Parsec-SBOM-Web.spdx.json
if-no-files-found: error

electron:
Expand All @@ -77,18 +67,21 @@ jobs:
matrix:
include:
- name: 🐧 Linux
platform: linux
os: ubuntu-20.04
paths: |
client/electron/dist/parsec_*_*.snap
client/electron/dist/parsec-*.AppImage
client/electron/dist/latest-linux.yml
- name: 🏁 Windows
platform: windows
os: windows-2022
paths: |
client/electron/dist/parsec Setup *.exe
client/electron/dist/parsec Setup *.exe.blockmap
client/electron/dist/latest.yml
- name: 🍎 macOS
platform: macos
os: macos-12
paths: |
client/electron/dist/parsec-*.dmg
Expand Down Expand Up @@ -121,9 +114,19 @@ jobs:
working-directory: client
timeout-minutes: 5

# Install syft
- uses: taiki-e/install-action@486baeb8af63bc3d9ec3ec66db5af6ba0ca78774 # pin v2.11.6
with:
tool: syft@0.84.0

- name: Generate SBOM
run: /usr/local/bin/syft packages --config=.syft.yaml --output=spdx-json=Parsec-SBOM-Electron-${{ matrix.platform }}.spdx.json

- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin v3.1.2
with:
name: ${{ runner.os }}-${{ runner.arch }}-electron-app
path: ${{ matrix.paths }}
path: |
${{ matrix.paths }}
Parsec-SBOM-Electron-${{ matrix.platform }}.spdx.json
if-no-files-found: error
timeout-minutes: 10
15 changes: 15 additions & 0 deletions .syft.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Config for syft-0.84.0
quiet: false

check-for-app-update: false

exclude:
- ./.git
# We don't ignore `target` & `node_modules` folders because they could containe additional dependencies not listed in the lock files.
# Ignoring those folder result in less entries produced.
# - ./target
# - '**/node_modules'
- '**/.mypy_cache'
- '**/.hypothesis'
- '**/.pytest_cache'
- '**/htmlcov'
2 changes: 2 additions & 0 deletions newsfragments/4770.doc.rst
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Add SBOM (Software Bills Of Materials) generation when packaging the softwares.
This provide the list of dependencies used to build the software.

0 comments on commit 8560dda

Please sign in to comment.