Trim cli args #940

Workflow file for this run

.github/workflows/dockertests.yml at 631820e

	name: docker tests

	on:
	pull_request:
	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: false
	jobs:
	ubuntu_version_tests:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest]
	python-version: ['3.10', '3.11', '3.12', '3.13']
	fail-fast: false
	steps:
	- uses: actions/checkout@v4
	- name: Install uv
	uses: astral-sh/setup-uv@v5
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Display Python version
	run: python -c "import sys; print(sys.version)"
	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip setuptools
	uv sync --all-extras --dev
	npm install -g @cyclonedx/cdxgen
	mkdir -p repotests
	python3 -m pip install -r contrib/requirements.txt
	- name: Test container images
	run: \|
	mkdir -p containertests_${{ matrix.os }}_python${{ matrix.python-version }} containertests_${{ matrix.os }}_python${{ matrix.python-version }}/slim containertests_${{ matrix.os }}_python${{ matrix.python-version }}/redmine
	# uv run depscan --no-banner --no-error --src ghcr.io/owasp-dep-scan/dep-scan -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan -t docker
	uv run depscan --no-banner --no-error --src shiftleft/scan-slim -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/slim -t docker,license --no-vuln-table
	uv run depscan --no-banner --no-error --src redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/redmine -t docker --no-vuln-table
	env:
	PYTHONPATH: "."
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- uses: actions/upload-artifact@v4
	with:
	name: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	path: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	reachable_tests:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest]
	python-version: ['3.12']
	fail-fast: false
	steps:
	- uses: actions/checkout@v4
	- name: Install uv
	uses: astral-sh/setup-uv@v5
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Trim CI agent
	run: \|
	chmod +x contrib/free_disk_space.sh
	./contrib/free_disk_space.sh
	- name: Set up JDK
	uses: actions/setup-java@v4
	with:
	distribution: 'zulu'
	java-version: '21'
	- name: Display Python version
	run: python -c "import sys; print(sys.version)"
	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip
	uv sync --all-extras --dev
	npm install -g @cyclonedx/cdxgen
	mkdir -p repotests
	- uses: actions/checkout@v4
	with:
	repository: 'ngcloudsec/java-sec-code'
	path: 'repotests/java-sec-code'
	- name: Reachables tests
	run: \|
	mkdir -p ${GITHUB_WORKSPACE}/rtests_ubuntu
	cd ${GITHUB_WORKSPACE}/repotests/java-sec-code
	mvn clean compile -DskipTests
	cd ${GITHUB_WORKSPACE}
	uv run depscan --no-banner --no-error --src ${GITHUB_WORKSPACE}/repotests/java-sec-code --reports-dir ${GITHUB_WORKSPACE}/rtests_ubuntu -t java --profile research --explain
	env:
	PYTHONPATH: "."
	PYTHONUTF8: 1
	AT_DEBUG_MODE: "debug"
	- uses: actions/upload-artifact@v4
	with:
	name: rtests_ubuntu
	path: rtests_ubuntu
	ubuntu_version_tests2:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest]
	python-version: ['3.12']
	fail-fast: false
	steps:
	- uses: actions/checkout@v4
	- name: Install uv
	uses: astral-sh/setup-uv@v5
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Trim CI agent
	run: \|
	chmod +x contrib/free_disk_space.sh
	./contrib/free_disk_space.sh
	- name: Display Python version
	run: python -c "import sys; print(sys.version)"
	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip
	uv sync --all-extras --dev
	npm install -g @cyclonedx/cdxgen
	mkdir -p repotests
	- uses: actions/checkout@v4
	with:
	repository: 'GoogleCloudPlatform/microservices-demo'
	path: 'repotests/microservices-demo'
	- uses: actions/checkout@v4
	with:
	repository: 'OWASP/NodeGoat'
	path: 'repotests/NodeGoat'
	- name: Test container images
	run: \|
	mkdir -p containertests_${{ matrix.os }}
	python3 -m pip install -r contrib/requirements.txt
	cp contrib/csaf.toml repotests/microservices-demo/csaf.toml
	cp contrib/csaf.toml repotests/NodeGoat/csaf.toml
	uv run depscan --no-banner --no-error --bom ./test/data/bom-yaml-manifest.json -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }} --no-vuln-table
	uv run depscan --no-banner --no-error -t docker --src ubuntu:latest -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }} --no-vuln-table
	uv run depscan --csaf --no-banner --no-error -t go --src ${GITHUB_WORKSPACE}/repotests/microservices-demo -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }} --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/msd
	uv run depscan --csaf --no-banner --no-error -t js --src ${GITHUB_WORKSPACE}/repotests/NodeGoat --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
	env:
	PYTHONPATH: "."
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PYTHONUTF8: 1
	- uses: actions/upload-artifact@v4
	with:
	name: containertests_${{ matrix.os }}
	path: containertests_${{ matrix.os }}
	version_tests_mac_win:
	needs: ubuntu_version_tests
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ macos-latest, windows-latest ]
	python-version: [ '3.10', '3.11', '3.12', '3.13' ]
	fail-fast: false
	steps:
	- uses: actions/checkout@v4
	- name: Install uv
	uses: astral-sh/setup-uv@v5
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Trim CI agent
	run: \|
	chmod +x contrib/free_disk_space.sh
	./contrib/free_disk_space.sh
	- name: Display Python version
	run: python -c "import sys; print(sys.version)"
	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip setuptools
	uv sync --all-extras --dev
	python3 -m pip install -r contrib/requirements.txt
	- name: Get boms generated earlier
	uses: actions/download-artifact@v4
	with:
	name: containertests_ubuntu-latest_python3.11
	path: containertests_ubuntu-latest_python3.11
	- name: Test container images
	run: \|
	mkdir -p containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	uv run depscan --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/slim/sbom-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }} --no-vuln-table
	uv run depscan --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/redmine/sbom-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }} --no-vuln-table
	env:
	PYTHONPATH: "."
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PYTHONUTF8: 1
	AT_DEBUG_MODE: "debug"
	- uses: actions/upload-artifact@v4
	with:
	name: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	path: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	version_tests2_mac_win:
	needs: ubuntu_version_tests2
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ macos-latest, windows-latest ]
	python-version: [ '3.12' ]
	steps:
	- uses: actions/checkout@v4
	- name: Install uv
	uses: astral-sh/setup-uv@v5
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Trim CI agent
	run: \|
	chmod +x contrib/free_disk_space.sh
	./contrib/free_disk_space.sh
	- name: Display Python version
	run: python -c "import sys; print(sys.version)"
	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip
	uv sync --all-extras --dev
	python3 -m pip install -r contrib/requirements.txt
	- name: Get boms generated earlier
	uses: actions/download-artifact@v4
	with:
	name: containertests_ubuntu-latest
	path: containertests_ubuntu-latest
	- name: Test container images
	shell: bash
	run: \|
	mkdir -p containertests_${{ matrix.os }}
	mkdir -p containertests_ubuntu-latest/microservices
	mkdir -p containertests_ubuntu-latest/NodeGoat
	mv containertests_ubuntu-latest/msd/sbom-go.json containertests_ubuntu-latest/microservices/sbom-msd-go.json
	mv containertests_ubuntu-latest/ng-reports/sbom-js.json containertests_ubuntu-latest/nodegoat/sbom-js.json
	cp contrib/csaf.toml containertests_ubuntu-latest/microservices/csaf.toml
	cp contrib/csaf.toml containertests_ubuntu-latest/nodegoat/csaf.toml
	uv run depscan --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/sbom-rocket-docker.json -o containertests_${{ matrix.os }}/reports --no-vuln-table
	uv run depscan --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/microservices/sbom-msd-go.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/reports
	uv run depscan --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/nodegoat/sbom-js.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
	env:
	PYTHONPATH: "."
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PYTHONUTF8: 1
	AT_DEBUG_MODE: "debug"
	- uses: actions/upload-artifact@v4
	with:
	name: containertests_${{ matrix.os }}
	path: containertests_${{ matrix.os }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trim cli args #940

Workflow file

Trim cli args #940

Jobs

Run details

Workflow file for this run