Fixed & refactored loading pom.properties #1658
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Repo tests | |
on: | |
push: | |
branches: | |
- master | |
workflow_dispatch: | |
pull_request: | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
node-version: ['21.x'] | |
os: ['ubuntu-latest', 'windows-latest'] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '19' | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Install bazelisk - linux | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
curl -LO "https://github.com/bazelbuild/bazelisk/releases/download/v1.15.0/bazelisk-linux-amd64" | |
sudo mv bazelisk-linux-amd64 /usr/local/bin/bazel | |
- name: Install bazelisk - windows | |
if: matrix.os == 'windows-latest' | |
run: choco install -y bazel | |
- name: npm install, build and test | |
run: | | |
npm install | |
npm run build --if-present | |
npm run lint | |
npm test | |
mkdir -p repotests | |
mkdir -p bomresults | |
mkdir -p denoresults | |
env: | |
CI: true | |
- name: Setup Android SDK | |
uses: android-actions/setup-android@v2 | |
- uses: swift-actions/setup-swift@v1 | |
if: matrix.os == 'ubuntu-latest' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'ShiftLeftSecurity/shiftleft-java-example' | |
path: 'repotests/shiftleft-java-example' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'ShiftLeftSecurity/shiftleft-ts-example' | |
path: 'repotests/shiftleft-ts-example' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'ShiftLeftSecurity/shiftleft-go-example' | |
path: 'repotests/shiftleft-go-example' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'prabhu/shiftleft-scala-example' | |
path: 'repotests/shiftleft-scala-example' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'HooliCorp/vulnerable_net_core' | |
path: 'repotests/vulnerable_net_core' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'HooliCorp/Goatly.NET' | |
path: 'repotests/Goatly.NET' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'HooliCorp/DjanGoat' | |
path: 'repotests/DjanGoat' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'prabhu/Vulnerable-Web-Application' | |
path: 'repotests/Vulnerable-Web-Application' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'prabhu/railsgoat' | |
path: 'repotests/railsgoat' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'bazelbuild/examples' | |
path: 'repotests/bazel-examples' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'flutter/gallery' | |
path: 'repotests/gallery' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'gojek/ziggurat' | |
path: 'repotests/ziggurat' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'apple/swift-markdown' | |
path: 'repotests/swift-markdown' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'GoogleCloudPlatform/microservices-demo' | |
path: 'repotests/microservices-demo' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'zoom/meetingsdk-vuejs-sample' | |
path: 'repotests/meetingsdk-vuejs-sample' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'sveltejs/examples' | |
path: 'repotests/sveltejs-examples' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'openpbs/openpbs' | |
path: 'repotests/openpbs' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'home-assistant/android' | |
path: 'repotests/ha-android' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'rust-lang/rust' | |
path: 'repotests/rs-rust' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'rust-lang/cargo' | |
path: 'repotests/rs-cargo' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'Keats/validator' | |
path: 'repotests/rs-validator' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'tokio-rs/axum' | |
path: 'repotests/rs-axum' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'fsprojects/FAKE' | |
path: 'repotests/dotnet-paket' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'appthreat/blint' | |
path: 'repotests/blint' | |
- uses: actions/checkout@v4 | |
with: | |
repository: 'hoolicorp/java-sec-code' | |
path: 'repotests/java-sec-code' | |
- uses: actions/checkout@v3 | |
with: | |
repository: 'DefectDojo/django-DefectDojo' | |
path: 'repotests/django-DefectDojo' | |
- uses: actions/checkout@v3 | |
with: | |
repository: 'googleprojectzero/Jackalope' | |
path: 'repotests/Jackalope' | |
- uses: dtolnay/rust-toolchain@stable | |
- name: repotests | |
run: | | |
bin/cdxgen.js -p -t js --no-recurse -o bom.json --evidence . | |
bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json | |
bin/cdxgen.js -p -t java --author foo --author bar repotests/java-sec-code -o bomresults/bom-java-sec-code.json | |
bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json --required-only | |
bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json --filter postgres --filter json | |
bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json --only spring | |
bin/cdxgen.js -p -t java repotests/java-sec-code -o repotests/java-sec-code/bom.json --deep --evidence | |
bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json --profile research | |
bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json --profile license-compliance | |
bin/cdxgen.js -t python repotests/django-DefectDojo -o repotests/django-DefectDojo/bom.json --deep --evidence | |
bin/cdxgen.js -p -r -t java repotests/shiftleft-java-example -o bomresults/bom-java.json --generate-key-and-sign | |
node bin/evinse.js -i bomresults/bom-java.json -o bomresults/bom-java.evinse.json -l java --with-data-flow -p repotests/shiftleft-java-example | |
SBOM_SIGN_ALGORITHM=RS512 SBOM_SIGN_PRIVATE_KEY=bomresults/private.key SBOM_SIGN_PUBLIC_KEY=bomresults/public.key bin/cdxgen.js -p -r -t github repotests/shiftleft-java-example -o bomresults/bom-github.json | |
FETCH_LICENSE=false bin/cdxgen.js -p -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json --validate | |
node bin/evinse.js -i bomresults/bom-ts.json -o bomresults/bom-ts.evinse.json -l javascript --with-data-flow -p repotests/shiftleft-ts-example | |
FETCH_LICENSE=false bin/cdxgen.js -p -t js repotests/meetingsdk-vuejs-sample -o bomresults/bom-vue.json | |
node bin/evinse.js -i bomresults/bom-vue.json -o bomresults/bom-vue.evinse.json -l javascript --with-data-flow -p repotests/meetingsdk-vuejs-sample | |
CDXGEN_DEBUG_MODE=debug ASTGEN_IGNORE_DIRS="" FETCH_LICENSE=false bin/cdxgen.js -p -t js repotests/sveltejs-examples -o bomresults/bom-svelte.json | |
CDXGEN_DEBUG_MODE=debug ASTGEN_IGNORE_DIRS="" node bin/evinse.js -i bomresults/bom-svelte.json -o bomresults/bom-svelte.evinse.json -l javascript --with-data-flow -p repotests/sveltejs-examples | |
CDXGEN_DEBUG_MODE=debug ASTGEN_IGNORE_DIRS="" node bin/evinse.js -i bomresults/bom-svelte.json -o bomresults/bom-svelte.evinse.json -l javascript --with-reachables -p repotests/sveltejs-examples | |
FETCH_LICENSE=1 bin/cdxgen.js -p -t js repotests/shiftleft-ts-example --required-only -o bomresults/bom-ts.json --validate | |
FETCH_LICENSE=false bin/cdxgen.js -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json --validate | |
FETCH_LICENSE=true bin/cdxgen.js -p -r -t csharp repotests/vulnerable_net_core -o bomresults/bom-csharp2.json --validate | |
FETCH_LICENSE=0 bin/cdxgen.js -p -r repotests/Goatly.NET -o bomresults/bom-csharp3.json --validate | |
FETCH_LICENSE=true bin/cdxgen.js -p -r -t python repotests/DjanGoat -o bomresults/bom-python.json --validate | |
bin/cdxgen.js -p -t php repotests/Vulnerable-Web-Application -o bomresults/bom-php.json --validate | |
bin/cdxgen.js -p -t php --no-recurse repotests/Vulnerable-Web-Application -o bomresults/bom-php.json --validate | |
bin/cdxgen.js -p -r -t ruby repotests/railsgoat -o bomresults/bom-ruby.json --validate | |
bin/cdxgen.js -p -r -t java repotests/bazel-examples/java-maven -o bomresults/bom-bazel.json --validate | |
bin/cdxgen.js -p -r -t dart repotests/gallery -o bomresults/bom-pub.json --validate | |
CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t clojure repotests/ziggurat -o bomresults/bom-clj.json --validate | |
CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -r -t swift repotests/swift-markdown -o bomresults/bom-swift.json --validate | |
bin/cdxgen.js --no-recurse repotests/microservices-demo -o bomresults/bom-msd.json --validate | |
bin/cdxgen.js -r repotests/microservices-demo -o bomresults/bom-msd.json --validate | |
bin/cdxgen.js -r -t yaml-manifest repotests/microservices-demo -o bomresults/bom-yaml.json --validate | |
FETCH_LICENSE=true bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json --validate | |
bin/cdxgen.js -r -t c repotests/openpbs -o bomresults/bom-openpbs.json | |
bin/cdxgen.js -r -t c repotests/Jackalope -o bomresults/bom-Jackalope.json -p | |
cd repotests/ha-android && ./gradlew assembleDebug || true && cd ../.. | |
bin/cdxgen.js -r -t java repotests/ha-android -o bomresults/bom-android.json | |
CDXGEN_DEBUG_MODE=debug bin/evinse.js -i bomresults/bom-android.json -o bomresults/bom-android.evinse.json -l java repotests/ha-android | |
bin/cdxgen.js -r -t rust repotests/rs-rust -o bomresults/bom-rs-rust.json --validate | |
bin/cdxgen.js -r -t rust repotests/rs-cargo -o bomresults/bom-rs-cargo.json --validate | |
cargo generate-lockfile --manifest-path repotests/rs-validator/validator/Cargo.toml | |
bin/cdxgen.js -r -t rust repotests/rs-validator -o bomresults/bom-rs-validator.json --validate | |
bin/cdxgen.js -r -t rust repotests/rs-axum -o bomresults/bom-rs-axum.json --validate | |
bin/cdxgen.js -p -r -t dotnet repotests/dotnet-paket -o bomresults/bom-dotnet-paket.json --validate | |
bin/cdxgen.js -p -t python repotests/blint -o bomresults/bom-blint.json | |
bin/cdxgen.js -p -t python repotests/blint -o bomresults/bom-blint-deep.json --deep | |
ls -ltr bomresults | |
shell: bash | |
- name: jenkins plugins | |
run: | | |
mkdir -p jenkins | |
curl -LO https://updates.jenkins.io/download/plugins/sonar/2.14/sonar.hpi | |
curl -LO https://updates.jenkins.io/download/plugins/bouncycastle-api/2.26/bouncycastle-api.hpi | |
curl -LO https://updates.jenkins.io/download/plugins/jsch/0.1.55.61.va_e9ee26616e7/jsch.hpi | |
curl -LO https://updates.jenkins.io/download/plugins/momentjs/1.1.1/momentjs.hpi | |
mv *.hpi jenkins | |
CDXGEN_DEBUG_MODE=debug bin/cdxgen.js -p -r -t jenkins jenkins -o bomresults/bom-jenkins.json --validate | |
shell: bash | |
- name: standalone jar files | |
run: | | |
mkdir -p standalone-jar-files | |
curl --output-dir standalone-jar-files -LO https://repo1.maven.org/maven2/org/jacoco/org.jacoco.report/0.8.8/org.jacoco.report-0.8.8.jar | |
curl --output-dir standalone-jar-files -LO https://repo1.maven.org/maven2/org/apache/ws/xmlschema/xmlschema-core/2.2.5/xmlschema-core-2.2.5.jar | |
curl --output-dir standalone-jar-files -LO https://repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.16.0/jackson-core-2.16.0.jar | |
curl --output-dir standalone-jar-files -LO https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar | |
curl --output-dir standalone-jar-files -LO https://repo1.maven.org/maven2/wsdl4j/wsdl4j/1.6.3/wsdl4j-1.6.3.jar | |
FETCH_LICENSE=true bin/cdxgen.js -p standalone-jar-files -o bomresults/bom-standalone-jar-files.json --validate | |
shell: bash | |
- name: repotests 1.4 | |
run: | | |
bin/cdxgen.js -p -r -t java repotests/shiftleft-java-example -o bomresults/bom-java.json --generate-key-and-sign --spec-version 1.4 | |
SBOM_SIGN_ALGORITHM=RS512 SBOM_SIGN_PRIVATE_KEY=bomresults/private.key SBOM_SIGN_PUBLIC_KEY=bomresults/public.key bin/cdxgen.js -p -r -t github repotests/shiftleft-java-example -o bomresults/bom-github.json --spec-version 1.4 | |
FETCH_LICENSE=false bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example -o bomresults/bom-ts.json --validate --spec-version 1.4 | |
FETCH_LICENSE=1 bin/cdxgen.js -p -r -t js repotests/shiftleft-ts-example --required-only -o bomresults/bom-ts.json --validate --spec-version 1.4 | |
FETCH_LICENSE=false bin/cdxgen.js -p -r -t go repotests/shiftleft-go-example -o bomresults/bom-go.json --validate --spec-version 1.4 | |
FETCH_LICENSE=true bin/cdxgen.js -p -r -t csharp repotests/vulnerable_net_core -o bomresults/bom-csharp2.json --validate --spec-version 1.4 | |
FETCH_LICENSE=0 bin/cdxgen.js -p -r repotests/Goatly.NET -o bomresults/bom-csharp3.json --validate --spec-version 1.4 | |
FETCH_LICENSE=true bin/cdxgen.js -p -r -t python repotests/DjanGoat -o bomresults/bom-python.json --validate --spec-version 1.4 | |
bin/cdxgen.js -p -r -t php repotests/Vulnerable-Web-Application -o bomresults/bom-php.json --validate --spec-version 1.4 | |
shell: bash | |
- name: denotests | |
if: github.ref == 'refs/heads/master' && matrix.os == 'ubuntu-latest' | |
run: | | |
docker build -t ghcr.io/cyclonedx/cdxgen-deno -f ci/Dockerfile-deno . | |
docker run --rm -t -e "CDXGEN_DEBUG_MODE=debug" -v $(pwd):/app ghcr.io/cyclonedx/cdxgen-deno -p -r -t java /app/repotests/shiftleft-java-example -o /app/denoresults/bom-java.json | |
docker run --rm -t -e "CDXGEN_DEBUG_MODE=debug" -v $(pwd):/app ghcr.io/cyclonedx/cdxgen-deno -p -r -t python /app/repotests/DjanGoat -o /app/denoresults/bom-python.json | |
ls -ltr denoresults | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: bomresults | |
path: bomresults |