diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index dd056e3763..b736d601ed 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -198,13 +198,9 @@ jobs: ) ) runs-on: 'ubuntu-latest' - strategy: - matrix: - testgroup: ["sync", "async", "scanner", "language"] timeout-minutes: 120 env: LONG_TESTS: 1 - testgroup: $${{ matrix.testgroup }} steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -225,20 +221,6 @@ jobs: echo "sbom set to false" fi - - name: "Hack for test groups" - env: - sync: $${{ matrix.testgroup == 'sync' }} - async: $${{ matrix.testgroup == 'async' }} - scanner: $${{ matrix.testgroup == 'scanner' }} - language: $${{ matrix.testgroup == 'language' }} - run: | - if ${sync} == true; then - echo "sync=1" >> $GITHUB_ENV - echo "async=0" >> $GITHUB_ENV - echo "scanner=0" >> $GITHUB_ENV - echo "language=0" >> $GITHUB_ENV - fi - - name: Get date id: get-date run: | @@ -260,6 +242,7 @@ jobs: with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} + - name: Install cabextract if: env.sbom != 'true' run: sudo apt-get update && sudo apt-get install cabextract @@ -318,6 +301,269 @@ jobs: name: codecov-umbrella fail_ci_if_error: false + long_tests_parsers: + name: Long tests on Python 3.10 (parsers) + permissions: + contents: read + if: | + ! github.event.pull_request.user.login == 'github-actions[bot]' || + ! ( + startsWith(github.head_ref, 'chore-sbom-py') || + contains( + fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'), + github.head_ref + ) + ) + runs-on: 'ubuntu-latest' + timeout-minutes: 120 + env: + LONG_TESTS: 1 + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: '3.10' + cache: 'pip' + + - name: "Skip tests if this is an automated sbom job" + env: + COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }} + run: | + if ${COMMIT_VAR} == true; then + echo "sbom=true" >> $GITHUB_ENV + echo "sbom set to true" + else + echo "sbom=false" >> $GITHUB_ENV + echo "sbom set to false" + fi + + - name: Get date + id: get-date + run: | + echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT + echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT + - name: Print Cache Keys + run: | + echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" + echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" + - name: Get today's cached database + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + id: todays-cache + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} + - name: Get yesterday's cached database if today's is not available + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + if: steps.todays-cache.outputs.cache-hit != 'true' + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} + + - name: Install cve-bin-tool + if: env.sbom != 'true' + run: | + python -m pip install --upgrade pip + python -m pip install --upgrade setuptools + python -m pip install --upgrade wheel + python -m pip install --upgrade -r dev-requirements.txt + python -m pip install --editable . + - name: Try single CLI run of tool + if: env.sbom != 'true' + run: | + [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool + NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out + cp -r ~/.cache/cve-bin-tool cache + - name: Run language parser tests + if: env.sbom != 'true' + run: > + pytest --cov --cov-append -n 32 --cov-report=xml -v --durations=50 + test/test_language_parser.py + - name: Upload code coverage to codecov + if: env.sbom != 'true' + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 + with: + files: ./coverage.xml + flags: longtests + name: codecov-umbrella + fail_ci_if_error: false + + long_tests_scanners: + name: Long tests on Python 3.10 (scanners) + permissions: + contents: read + if: | + ! github.event.pull_request.user.login == 'github-actions[bot]' || + ! ( + startsWith(github.head_ref, 'chore-sbom-py') || + contains( + fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'), + github.head_ref + ) + ) + runs-on: 'ubuntu-latest' + timeout-minutes: 120 + env: + LONG_TESTS: 1 + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: '3.10' + cache: 'pip' + + - name: "Skip tests if this is an automated sbom job" + env: + COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }} + run: | + if ${COMMIT_VAR} == true; then + echo "sbom=true" >> $GITHUB_ENV + echo "sbom set to true" + else + echo "sbom=false" >> $GITHUB_ENV + echo "sbom set to false" + fi + + - name: Get date + id: get-date + run: | + echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT + echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT + - name: Print Cache Keys + run: | + echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" + echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" + - name: Get today's cached database + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + id: todays-cache + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} + - name: Get yesterday's cached database if today's is not available + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + if: steps.todays-cache.outputs.cache-hit != 'true' + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} + + - name: Install cve-bin-tool + if: env.sbom != 'true' + run: | + python -m pip install --upgrade pip + python -m pip install --upgrade setuptools + python -m pip install --upgrade wheel + python -m pip install --upgrade -r dev-requirements.txt + python -m pip install --editable . + - name: Try single CLI run of tool + if: env.sbom != 'true' + run: | + [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool + NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out + cp -r ~/.cache/cve-bin-tool cache + - name: Run binary scanner tests + if: env.sbom != 'true' + run: > + pytest --cov --cov-append -n 32 --cov-report=xml -v --durations=50 + test/test_scanner.py + - name: Upload code coverage to codecov + if: env.sbom != 'true' + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 + with: + files: ./coverage.xml + flags: longtests + name: codecov-umbrella + fail_ci_if_error: false + + long_tests_sync: + name: Long tests on Python 3.10 (synchronous) + permissions: + contents: read + if: | + ! github.event.pull_request.user.login == 'github-actions[bot]' || + ! ( + startsWith(github.head_ref, 'chore-sbom-py') || + contains( + fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'), + github.head_ref + ) + ) + runs-on: 'ubuntu-latest' + timeout-minutes: 120 + env: + LONG_TESTS: 1 + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: '3.10' + cache: 'pip' + + - name: "Skip tests if this is an automated sbom job" + env: + COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }} + run: | + if ${COMMIT_VAR} == true; then + echo "sbom=true" >> $GITHUB_ENV + echo "sbom set to true" + else + echo "sbom=false" >> $GITHUB_ENV + echo "sbom set to false" + fi + + - name: Get date + id: get-date + run: | + echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT + echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT + - name: Print Cache Keys + run: | + echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" + echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" + - name: Get today's cached database + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + id: todays-cache + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} + - name: Get yesterday's cached database if today's is not available + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + if: steps.todays-cache.outputs.cache-hit != 'true' + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} + + - name: Install pdftotext, reportlab and cve-bin-tool + if: env.sbom != 'true' + run: | + python -m pip install --upgrade pip + python -m pip install --upgrade setuptools + python -m pip install --upgrade wheel + python -m pip install --upgrade -r dev-requirements.txt + python -m pip install --editable . + - name: Try single CLI run of tool + if: env.sbom != 'true' + run: | + [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool + NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out + cp -r ~/.cache/cve-bin-tool cache + - name: Run synchronous tests + if: env.sbom != 'true' + run: > + pytest -v --cov --cov-append --cov-report=xml --durations=50 + test/test_cli.py + test/test_cvedb.py + - name: Upload code coverage to codecov + if: env.sbom != 'true' + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 + with: + files: ./coverage.xml + flags: longtests + name: codecov-umbrella + fail_ci_if_error: false + + linux-mayfail: name: Tests that may fail due to network or HTML permissions: