Skip to content
SBOM Action Tests

⬆️ bump scanner versions #288

Sign in to view logs

⬆️ bump scanner versions

⬆️ bump scanner versions #288

Workflow file for this run

.github/workflows/tests.yaml at d30040b
name: "SBOM Action Tests"
on:
push:
pull_request:
jobs:
test-repository:
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Test file target type (repository)
id: repo-test
uses: ./
with:
target: ${{ github.workspace }}
target_type: file
output_dir: "/tmp/sbom"
name: "repo"
output_file: "repository_sbom.json"
vuln: true
vuln_output_format: "sarif"
vuln_output_file: "repository_vuln.sarif"
- name: Validate Repository SBOM
shell: bash
run: |
echo "## File Target (Repository)" >> $GITHUB_STEP_SUMMARY
if jq -e '.components[] | select(.name == "lodash" or .name == "yaml")' /tmp/sbom/repository_sbom.json > /dev/null 2>&1; then
echo "✅ Repository SBOM contains expected packages" >> $GITHUB_STEP_SUMMARY
echo "RESULT=PASS" >> $GITHUB_ENV
else
echo "❌ Repository SBOM missing expected packages" >> $GITHUB_STEP_SUMMARY
echo "RESULT=FAIL" >> $GITHUB_ENV
exit 1
fi
test-directory:
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Test directory target type
id: dir-test
uses: ./
with:
target: /usr/local/bin
target_type: file
name: "usrlocalbin"
output_format: "spdx-json"
syft_version: "1.21.0"
- name: Validate Directory SBOM
shell: bash
run: |
echo "## Directory Target" >> $GITHUB_STEP_SUMMARY
if jq -e '(.spdxVersion != null) and (.name | contains("usrlocalbin"))' /tmp/sbom/usrlocalbin_sbom.json > /dev/null 2>&1; then
echo "✅ Directory SBOM contains correct metadata" >> $GITHUB_STEP_SUMMARY
echo "RESULT=PASS" >> $GITHUB_ENV
else
echo "❌ Directory SBOM has incorrect metadata" >> $GITHUB_STEP_SUMMARY
echo "RESULT=FAIL" >> $GITHUB_ENV
exit 1
fi
- name: List files
shell: bash
run: |
find /tmp/sbom -type f -name "*.json" | sort
test-iso:
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Download test iso
shell: bash
run: |
# Download ISO for testing
curl -o /tmp/Core-15.0.iso https://distro.ibiblio.org/tinycorelinux/15.x/x86/release/Core-15.0.iso
- name: Test ISO target type
id: iso-test
uses: ./
with:
target: /tmp/Core-15.0.iso
target_type: iso
version: "15.0"
output_dir: "/tmp/sbom"
name: "tinycorelinux"
- name: Validate ISO SBOM
shell: bash
run: |
echo "## ISO Target" >> $GITHUB_STEP_SUMMARY
if jq -e '.metadata.component.name == "tinycorelinux"' /tmp/sbom/tinycorelinux_15.0_sbom.json > /dev/null 2>&1; then
echo "✅ ISO SBOM contains correct metadata" >> $GITHUB_STEP_SUMMARY
echo "RESULT=PASS" >> $GITHUB_ENV
else
echo "❌ ISO SBOM missing expected components" >> $GITHUB_STEP_SUMMARY
echo "RESULT=FAIL" >> $GITHUB_ENV
exit 1
fi
test-image:
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Download test image
shell: bash
run: |
docker pull alpine:latest
docker save alpine:latest > /tmp/alpine.tar
- name: Test image target type (tarball)
id: image-test
uses: ./
with:
target: /tmp/alpine.tar
target_type: image
output_dir: "/tmp/sbom"
- name: Validate container image SBOM
run: |
if jq -e '.metadata.component.type == "container"' /tmp/sbom/alpine_latest_sbom.json > /dev/null 2>&1; then
echo "✅ Container image SBOM has correct type"
else
echo "❌ Container image SBOM missing expected type"
exit 1
fi
test-summary:
needs: [test-repository, test-directory, test-iso, test-image]
if: always()
runs-on: ubuntu-24.04
steps:
- name: Tests summary
run: echo "All tests completed"