@@ -34,50 +34,45 @@ jobs:
3434name : pnpm install
3535 run : |
3636 corepack pnpm install --config.strict-dep-builds=true
37- python3 -m pip install atom-tools blint
37+ python3 -m pip install --pre owasp-depscan atom-tools
3838name : check sbom for vulns
3939 run : |
40- node bin/cdxgen.js -t js -o reports/sbom-build-js.cdx.json --no-recurse --profile research $(pwd)
41- node bin/cdxgen.js -t docker -o reports/sbom-container-js.cdx.json ghcr.io/cyclonedx/cdxgen:master
42- docker rmi ghcr.io/cyclonedx/cdxgen:master
43- docker run -q --rm -v $(pwd):/app ghcr.io/owasp-dep-scan/dep-scan:master depscan --src /app -- bom-dir /app/ reports --reports-dir /app /reports --reachability-analyzer SemanticReachability --explain
40+ node bin/cdxgen.js -t js -o $(pwd)/ reports/sbom-build-js.cdx.json --no-recurse --profile research $(pwd)
41+ docker pull ghcr.io/cyclonedx/cdxgen:master
42+ node bin/cdxgen.js -t docker -o $(pwd)/reports/sbom-container-js.cdx.json ghcr.io/cyclonedx/cdxgen:master
43+ depscan --src $(pwd) -- bom-dir $(pwd)/ reports --reports-dir $(pwd) /reports --reachability-analyzer SemanticReachability --explain
4444env :
4545 COLUMNS : 140
46+ CDXGEN_DEBUG_MODE : debug
4647 JAVA_TOOL_OPTIONS : " -XX:UseSVE=0 -Dfile.encoding=UTF-8"
47- build :
48- runs-on : ubuntu-24.04
48+ matrix-unit-test :
4949 permissions :
5050 contents : read
5151 strategy :
52+ fail-fast : false
5253 matrix :
5354 node-version : ['20.x', '21.x', '22.x', '23.x', '24.x']
54-
55+ os : ['ubuntu-22.04', 'ubuntu-24.04', 'windows-latest', 'windows-11-arm', 'ubuntu-22.04-arm', 'ubuntu-24.04-arm', 'macos-latest', 'macos-13']
56+ runs-on : ${{ matrix.os }}
5557 steps :
5658 - uses : actions/checkout@v4
5759 - name : Use Node.js ${{ matrix.node-version }}
5860 uses : actions/setup-node@v4
5961 with :
6062 node-version : ${{ matrix.node-version }}
61- - name : Set up Python
62- uses : actions/setup-python@v5
63- with :
64- python-version : 3.12
65- - name : Set up JDK
66- uses : actions/setup-java@v4
67- with :
68- distribution : ' temurin'
69- java-version : ' 23'
7063 - name : pnpm install, build and test
7164 run : |
72- npm install --global corepack@latest
73- corepack enable pnpm
74- corepack pnpm install --config.strict-dep-builds=true
75- corepack pnpm test
76- NPM_CONFIG_PROVENANCE=true corepack pnpm publish --access=public --dry-run --no-git-checks
65+ npm install -g pnpm@latest
66+ pnpm install --config.strict-dep-builds=true
67+ pnpm test
68+ pnpm publish --access=public --dry-run --no-git-checks
7769env :
7870 CI : true
71+ NPM_CONFIG_PROVENANCE : true
72+
7973 deno-build :
8074 strategy :
75+ fail-fast : true
8176 matrix :
8277 os : [windows, macos, ubuntu]
8378 deno_version : [2.x]
@@ -87,23 +82,24 @@ jobs:
8782 deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,osRelease,homedir --allow-write --allow-net --include=./data --include=./package.json --output cdxgenx.exe bin/cdxgen.js
8883 .\cdxgenx.exe --help
8984 (Get-FileHash .\cdxgenx.exe).hash | Out-File -FilePath .\cdxgenx.exe.sha256
90- deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,osRelease,homedir --allow-write --allow-net --include=./data --include=./package.json --output evinse.exe bin/evinse.js
85+ deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,osRelease,homedir --allow-write --allow-net --node-modules-dir=auto --allow-ffi --allow-scripts=npm:[email protected] -- include=./data --include=./package.json --include=node_modules/.deno/[email protected] /node_modules/sqlite3/build/Release --output evinse.exe bin/evinse.js 9186 .\evinse.exe --help
9287 (Get-FileHash .\evinse.exe).hash | Out-File -FilePath .\evinse.exe.sha256
9388artifact : cdxgenx.exe
9489 - os : macos
9590 build : |
91+ rm -rf node_modules
9692 deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --target x86_64-apple-darwin --output cdxgenx-darwin-amd64 bin/cdxgen.js
9793 ./cdxgenx-darwin-amd64 --help
9894 shasum -a 256 cdxgenx-darwin-amd64 > cdxgenx-darwin-amd64.sha256
95+ rm -rf node_modules
9996 deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --target aarch64-apple-darwin --output cdxgenx-darwin-arm64 bin/cdxgen.js
10097 shasum -a 256 cdxgenx-darwin-arm64 > cdxgenx-darwin-arm64.sha256
101- deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --target x86_64-apple-darwin --output evinse-darwin-amd64 bin/evinse.js
102- ./evinse-darwin-amd64 --help
103- shasum -a 256 evinse-darwin-amd64 > evinse-darwin-amd64.sha256
104- deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --target aarch64-apple-darwin --output evinse-darwin-arm64 bin/evinse.js
98+ rm -rf node_modules
99+ deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --node-modules-dir=auto --allow-ffi --allow-scripts=npm:[email protected] --include=./data --include=./package.json --include=node_modules/.deno/[email protected] /node_modules/sqlite3/build/Release --target aarch64-apple-darwin --output evinse-darwin-arm64 bin/evinse.js 105100 shasum -a 256 evinse-darwin-arm64 > evinse-darwin-arm64.sha256
106- artifact : cdxgenx-darwin-amd64
101+ ./evinse-darwin-arm64 --help
102+ artifact : cdxgenx-darwin-arm64
107103 - os : ubuntu
108104 build : |
109105 deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --output cdxgenx bin/cdxgen.js
0 commit comments