Use PackageURL.fromString to properly parse npm targetName #4553
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Node CI | |
| on: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| depscan: | |
| continue-on-error: true | |
| runs-on: ["self-hosted", "ubuntu", "arm64"] | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '23' | |
| - name: Trim CI agent | |
| run: | | |
| rm -rf /tmp/docker-images-* /tmp/atom-usages-* /tmp/atom-reachables-* | |
| - name: pnpm install | |
| run: | | |
| corepack pnpm install --config.strict-dep-builds=true | |
| python3 -m pip install atom-tools blint | |
| - name: check sbom for vulns | |
| run: | | |
| node bin/cdxgen.js -t js -o reports/sbom-build-js.cdx.json --no-recurse --profile research $(pwd) | |
| node bin/cdxgen.js -t docker -o reports/sbom-container-js.cdx.json ghcr.io/cyclonedx/cdxgen:master | |
| docker rmi ghcr.io/cyclonedx/cdxgen:master | |
| docker run -q --rm -v $(pwd):/app ghcr.io/owasp-dep-scan/dep-scan:master depscan --src /app --bom-dir /app/reports --reports-dir /app/reports --reachability-analyzer SemanticReachability --explain | |
| env: | |
| COLUMNS: 140 | |
| JAVA_TOOL_OPTIONS: "-XX:UseSVE=0 -Dfile.encoding=UTF-8" | |
| build: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| node-version: ['20.x', '21.x', '22.x', '23.x', '24.x'] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '23' | |
| - name: pnpm install, build and test | |
| run: | | |
| npm install --global corepack@latest | |
| corepack enable | |
| corepack pnpm install --config.strict-dep-builds=true | |
| corepack pnpm test | |
| NPM_CONFIG_PROVENANCE=true corepack pnpm publish --access=public --dry-run --no-git-checks | |
| env: | |
| CI: true | |
| deno-build: | |
| strategy: | |
| matrix: | |
| os: [windows, macos, ubuntu] | |
| deno_version: [2.x] | |
| include: | |
| - os: windows | |
| build: | | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,osRelease,homedir --allow-write --allow-net --include=./data --include=./package.json --output cdxgenx.exe bin/cdxgen.js | |
| .\cdxgenx.exe --help | |
| (Get-FileHash .\cdxgenx.exe).hash | Out-File -FilePath .\cdxgenx.exe.sha256 | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,osRelease,homedir --allow-write --allow-net --include=./data --include=./package.json --output evinse.exe bin/evinse.js | |
| .\evinse.exe --help | |
| (Get-FileHash .\evinse.exe).hash | Out-File -FilePath .\evinse.exe.sha256 | |
| artifact: cdxgenx.exe | |
| - os: macos | |
| build: | | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --target x86_64-apple-darwin --output cdxgenx-darwin-amd64 bin/cdxgen.js | |
| ./cdxgenx-darwin-amd64 --help | |
| shasum -a 256 cdxgenx-darwin-amd64 > cdxgenx-darwin-amd64.sha256 | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --target aarch64-apple-darwin --output cdxgenx-darwin-arm64 bin/cdxgen.js | |
| shasum -a 256 cdxgenx-darwin-arm64 > cdxgenx-darwin-arm64.sha256 | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --target x86_64-apple-darwin --output evinse-darwin-amd64 bin/evinse.js | |
| ./evinse-darwin-amd64 --help | |
| shasum -a 256 evinse-darwin-amd64 > evinse-darwin-amd64.sha256 | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --target aarch64-apple-darwin --output evinse-darwin-arm64 bin/evinse.js | |
| shasum -a 256 evinse-darwin-arm64 > evinse-darwin-arm64.sha256 | |
| artifact: cdxgenx-darwin-amd64 | |
| - os: ubuntu | |
| build: | | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --output cdxgenx bin/cdxgen.js | |
| shasum -a 256 cdxgenx > cdxgenx.sha256 | |
| chmod + cdxgenx | |
| ./cdxgenx --help | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --node-modules-dir=auto --allow-ffi --allow-scripts=npm:[email protected] --include=./data --include=./package.json --include=node_modules/.deno/[email protected]/node_modules/sqlite3/build/Release --output evinse bin/evinse.js | |
| shasum -a 256 evinse > evinse.sha256 | |
| chmod + evinse | |
| ./evinse --help | |
| artifact: cdxgenx | |
| runs-on: ${{ matrix.os }}-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: denoland/setup-deno@v2 | |
| with: | |
| deno-version: v${{ matrix.deno_version }} | |
| - name: deno compile | |
| run: | | |
| deno info bin/cdxgen.js | |
| deno info bin/evinse.js | |
| mkdir build | |
| ${{ matrix.build }} | |
| continue-on-error: true |