Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SCP-65 Ingest SBOM #8

Merged
merged 2 commits into from
Jan 25, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 6 additions & 11 deletions .github/workflows/test-action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,12 @@ on:
permissions:
contents: read
pull-requests: write
checks: write
checks: write

jobs:
test-action:
name: GitHub Actions Test
strategy:
matrix:
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
runs-on: ubuntu-latest

steps:
- name: Checkout
Expand All @@ -28,13 +25,11 @@ jobs:
id: test-action
uses: ./
with:
# sbom-ignore: 'scanoss-ignore.json'
github-token: ${{ secrets.GITHUB_TOKEN }}

- name: Print output command
run: echo "${{ steps.test-action.outputs.output-command }}"
- name: Print stdout scan command
run: echo "${{ steps.test-action.outputs.stdout-scan-command }}"

- name: Print Licenses
run: echo "${{ steps.test-action.outputs.licenses }}"

- name: Print Result
- name: Print Results
run: cat "${{ steps.test-action.outputs.result-filepath }}"
3 changes: 0 additions & 3 deletions __tests__/main.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,12 @@
// Mock the action's main function
const runMock = jest.spyOn(main, 'run');

// Other utilities
const timeRegex = /^\d{2}:\d{2}:\d{2}/;

// Mock the GitHub Actions core library
let debugMock: jest.SpyInstance;
let errorMock: jest.SpyInstance;
let getInputMock: jest.SpyInstance;
let setFailedMock: jest.SpyInstance;

Check warning on line 19 in __tests__/main.test.ts

View workflow job for this annotation

GitHub Actions / TypeScript Tests

'setFailedMock' is assigned a value but never used

Check warning on line 19 in __tests__/main.test.ts

View workflow job for this annotation

GitHub Actions / Lint Codebase

'setFailedMock' is assigned a value but never used
let setOutputMock: jest.SpyInstance;

Check warning on line 20 in __tests__/main.test.ts

View workflow job for this annotation

GitHub Actions / TypeScript Tests

'setOutputMock' is assigned a value but never used

Check warning on line 20 in __tests__/main.test.ts

View workflow job for this annotation

GitHub Actions / Lint Codebase

'setOutputMock' is assigned a value but never used

describe('action', () => {
beforeEach(() => {
Expand Down
2 changes: 0 additions & 2 deletions __tests__/report-service.test.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
import { getLicensesReport } from '../src/services/report.service';
import { ScannerResults } from '../src/services/result.interfaces';
import { getLicenses, Licenses } from '../src/services/result.service';

const licenseTableTest = [
{
Expand Down
19 changes: 16 additions & 3 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,28 @@ inputs:
github-token:
description: 'Your GitHub token'
required: true
scanner-parameters:
description: 'Parameters to run a scan'
output-path:
description: 'Output result file name'
required: false
default: 'results.json'
sbom-identify:
description: 'Scan and identify components in SBOM file'
required: false
sbom-ignore:
description: 'Ignore components specified in the SBOM file'
required: false
api-key:
description: 'SCANOSS API Key token (optional - not required for default OSSKB URL)'
required: false
api-url:
description: 'SCANOSS API URL (optional - default: https://osskb.org/api/scan/direct)'
required: false

# Define your outputs here.
outputs:
result-filepath:
description: 'Scanner results filepath'
output-command:
stdout-scan-command:
description: 'Scanner command output'

runs:
Expand Down
118 changes: 109 additions & 9 deletions dist/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,6 @@
"@actions/github": "^6.0.0"
},
"devDependencies": {
"@octokit/types": "^12.4.0",
"@types/jest": "^29.5.11",
"@types/node": "^20.11.0",
"@typescript-eslint/eslint-plugin": "^6.18.1",
Expand Down
8 changes: 8 additions & 0 deletions src/app.input.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
import * as core from '@actions/core';

export const REPO_DIR = process.env.GITHUB_WORKSPACE as string;
export const OUTPUT_PATH = core.getInput('output-path');
export const SBOM_INDENTIFY = core.getInput('sbom-identify');
export const SBOM_IGNORE = core.getInput('sbom-ignore');
export const API_KEY = core.getInput('api-key');
export const API_URL = core.getInput('api-url');
2 changes: 2 additions & 0 deletions src/app.output.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
export const RESULT_FILEPATH = 'result-filepath';
export const STDOUT_SCAN_COMMAND = 'stdout-scan-command';
24 changes: 10 additions & 14 deletions src/main.ts
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
import * as core from '@actions/core';
import * as exec from '@actions/exec';
import { getLicenses, readResult } from './services/result.service';
import { createCommentOnPR, isPullRequest } from './utils/github.utils';
import { CopyleftPolicyCheck } from './policies/copyleft-policy-check';
import { getLicensesReport } from './services/report.service';
import * as core from '@actions/core';
import * as exec from '@actions/exec';
import * as inputs from './app.input';
import * as outputs from './app.output';

import { commandBuilder } from './services/scan.service';
/**
* The main function for the action.
* @returns {Promise<void>} Resolves when the action is complete.
Expand All @@ -13,23 +16,16 @@
try {
core.debug(`SCANOSS Scan Action started...`);

const repoDir = process.env.GITHUB_WORKSPACE as string;
const outputPath = 'results.json';

// create policies
core.debug(`Creating policies`);
const policies = [new CopyleftPolicyCheck()];
policies.forEach(async policy => policy.start());

// run scan
const { stdout, stderr } = await exec.getExecOutput(
`docker run -v "${repoDir}":"/scanoss" ghcr.io/scanoss/scanoss-py:v1.9.0 scan . --output ${outputPath}`,
[]
);

const scannerResults = await readResult(outputPath);
const { stdout, stderr } = await exec.getExecOutput(commandBuilder(), []);

Check warning on line 25 in src/main.ts

View workflow job for this annotation

GitHub Actions / TypeScript Tests

'stderr' is assigned a value but never used

Check warning on line 25 in src/main.ts

View workflow job for this annotation

GitHub Actions / Lint Codebase

'stderr' is assigned a value but never used
const scannerResults = await readResult(inputs.OUTPUT_PATH);

// run policies // TODO: define run action for each policy
// run policies
policies.forEach(async policy => await policy.run(scannerResults));

if (isPullRequest()) {
Expand All @@ -40,8 +36,8 @@
}

// set outputs for other workflow steps to use
core.setOutput('output-command', stdout);
core.setOutput('result-filepath', outputPath);
core.setOutput(outputs.RESULT_FILEPATH, inputs.OUTPUT_PATH);
core.setOutput(outputs.STDOUT_SCAN_COMMAND, stdout);
} catch (error) {
// fail the workflow run if an error occurs
if (error instanceof Error) core.setFailed(error.message);
Expand Down
1 change: 0 additions & 1 deletion src/policies/policy-check.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,10 @@
import { getSHA } from '../utils/github.utils';
import { ScannerResults } from '../services/result.interfaces';
import { GitHub } from '@actions/github/lib/utils';
import { OctokitResponse } from '@octokit/types';

const UNINITIALIZED = -1;

export enum CONCLUSION {

Check warning on line 9 in src/policies/policy-check.ts

View workflow job for this annotation

GitHub Actions / TypeScript Tests

'CONCLUSION' is already declared in the upper scope on line 9 column 13

Check warning on line 9 in src/policies/policy-check.ts

View workflow job for this annotation

GitHub Actions / Lint Codebase

'CONCLUSION' is already declared in the upper scope on line 9 column 13
ActionRequired = 'action_required',
Cancelled = 'cancelled',
Failure = 'failure',
Expand All @@ -33,7 +32,7 @@
this.checkRunId = UNINITIALIZED;
}

async start(): Promise<any> {

Check warning on line 35 in src/policies/policy-check.ts

View workflow job for this annotation

GitHub Actions / TypeScript Tests

Unexpected any. Specify a different type

Check warning on line 35 in src/policies/policy-check.ts

View workflow job for this annotation

GitHub Actions / Lint Codebase

Unexpected any. Specify a different type
const result = await this.octokit.rest.checks.create({
owner: context.repo.owner,
repo: context.repo.repo,
Expand All @@ -46,7 +45,7 @@
return result.data;
}

async run(scannerResults: ScannerResults): Promise<void> {

Check warning on line 48 in src/policies/policy-check.ts

View workflow job for this annotation

GitHub Actions / TypeScript Tests

'scannerResults' is defined but never used

Check warning on line 48 in src/policies/policy-check.ts

View workflow job for this annotation

GitHub Actions / Lint Codebase

'scannerResults' is defined but never used
if (this.checkRunId === UNINITIALIZED)
throw new Error(`Error on finish. Policy "${this.checkName}" is not created.`);

Expand All @@ -64,7 +63,7 @@
protected async finish(conclusion: CONCLUSION | undefined, summary: string, text: string): Promise<void> {
core.debug(`Finish policy check: ${this.checkName}. (conclusion=${conclusion})`);

const result = await this.octokit.rest.checks.update({

Check warning on line 66 in src/policies/policy-check.ts

View workflow job for this annotation

GitHub Actions / TypeScript Tests

'result' is assigned a value but never used

Check warning on line 66 in src/policies/policy-check.ts

View workflow job for this annotation

GitHub Actions / Lint Codebase

'result' is assigned a value but never used
owner: context.repo.owner,
repo: context.repo.repo,
check_run_id: this.checkRunId,
Expand Down
11 changes: 11 additions & 0 deletions src/services/scan.service.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
import * as input from '../app.input';

export function commandBuilder(): string {
return `docker run -v "${input.REPO_DIR}":"/scanoss" ghcr.io/scanoss/scanoss-py:v1.9.0 scan .
--dependencies
--output ${input.OUTPUT_PATH}
${input.SBOM_INDENTIFY ? `--identify ${input.SBOM_INDENTIFY}` : ''}
${input.SBOM_IGNORE ? `--ignore ${input.SBOM_IGNORE}` : ''}
${input.API_URL ? `--apiurl ${input.API_URL}` : ''}
${input.API_KEY ? `--key ${input.API_KEY}` : ''}`;
}
Loading