Update testbench to 9.0.6 (#4390) (CP: 24.1) #1461
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: SBOM | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, edited] | |
paths: ["versions.json", "**/pom.xml", ".github/workflows/sbom.yml", "scripts/generateAndCheckSBOM.js", "scripts/generator/templates/*.xml"] | |
release: | |
types: ["published"] | |
workflow_dispatch: | |
inputs: | |
useSnapshots: | |
description: 'Use snapthots for all vaadin products' | |
required: false | |
type: boolean | |
default: false | |
useBomber: | |
description: 'Use bomber' | |
required: false | |
type: boolean | |
default: true | |
useOSV: | |
description: 'Use osv-scanner' | |
required: false | |
type: boolean | |
default: true | |
useOWASP: | |
description: 'Use owasp:dependency-check-maven' | |
required: false | |
type: boolean | |
default: true | |
useFullOWASP: | |
description: 'Use full owasp:dependency-check' | |
required: false | |
type: boolean | |
default: false | |
version: | |
description: 'Use set Platform Version to:' | |
required: false | |
type: string | |
default: '' | |
forcePushReports: | |
description: 'Push the SBOM to release note' | |
required: false | |
type: boolean | |
default: false | |
jobs: | |
run: | |
runs-on: ubuntu-latest | |
steps: | |
- run: | | |
[ -z "${{secrets.TB_LICENSE}}" ] \ | |
&& echo "🚫 **TB_LICENSE** is not defined, check that **${{github.repository}}** repo has a valid secret" \ | |
| tee -a $GITHUB_STEP_SUMMARY && exit 1 || exit 0 | |
name: Check secrets | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- uses: stCarolas/[email protected] | |
with: | |
maven-version: '3.8.2' | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: 'stable' | |
- run: go install github.com/google/osv-scanner/cmd/osv-scanner@v1 | |
- run: | | |
wget -q https://github.com/devops-kung-fu/bomber/releases/download/v0.4.4/bomber_0.4.4_linux_amd64.deb | |
sudo dpkg -i bomber_0.4.4_linux_amd64.deb | |
name: Install bomber-0.4.4 | |
- run: | | |
# Install dependency-check-8.2.1 | |
cd /tmp | |
wget -q https://github.com/jeremylong/DependencyCheck/releases/download/v8.2.1/dependency-check-8.2.1-release.zip | |
unzip dependency-check-8.2.1-release.zip | |
sudo ln -s /tmp/dependency-check/bin/dependency-check.sh /usr/bin/dependency-check | |
name: Install dependency-check-8.2.1 | |
- run: | | |
mkdir -p ~/.vaadin/ | |
echo '{"username":"'`echo ${{secrets.TB_LICENSE}} | cut -d / -f1`'","proKey":"'`echo ${{secrets.TB_LICENSE}} | cut -d / -f2`'"}' > ~/.vaadin/proKey | |
name: Install proKey | |
- run: | | |
[ false = "${{github.event.inputs.useBomber}}" ] && A="$A --disable-bomber" | |
[ false = "${{github.event.inputs.useOSV}}" ] && A="$A --disable-osv-scan" | |
[ false = "${{github.event.inputs.useOWASP}}" ] && A="$A --disable-owasp" | |
[ true = "${{github.event.inputs.useFullOWASP}}" ] && A="$A --enable-full-owasp" | |
[ true = "${{github.event.inputs.useSnapshots}}" ] && A="$A --useSnapshots" | |
V="${{ github.event.inputs.version || github.event.release.tag_name }}" | |
[ -n "$V" ] && A="--version $V" | |
cmd="scripts/generateAndCheckSBOM.js $A" | |
echo "Running: $cmd" | |
$cmd | |
name: Generate And Check SBOM | |
env: | |
OSSINDEX_USER: ${{secrets.OSSINDEX_USER}} | |
OSSINDEX_TOKEN: ${{secrets.OSSINDEX_TOKEN}} | |
- if: ${{always() && env.DEPENDENCIES_REPORT && github.event.pull_request}} | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
message: "${{env.DEPENDENCIES_REPORT}}\n[[Click for more Details](${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}})]" | |
comment_tag: dependencies_report | |
- if: ${{always()}} | |
uses: actions/[email protected] | |
with: | |
name: files | |
path: | | |
**/target/bom-vaadin.json | |
**/target/*-report.json | |
**/target/tree-*.txt | |
**/target/dependencies.html | |
if-no-files-found: error | |
retention-days: 60 | |
- if: ${{(success() || github.event.inputs.forcePushReports) && (github.event.inputs.version || github.event.release.tag_name)}} | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: vaadin-platform-sbom/target/bom-vaadin.json | |
asset_name: "Software.Bill.Of.Materials.json" | |
tag: ${{ github.event.inputs.version || github.event.release.tag_name }} | |
overwrite: true | |
- if: ${{(success() || github.event.inputs.forcePushReports) && (github.event.inputs.version || github.event.release.tag_name)}} | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: vaadin-platform-sbom/target/dependencies.html | |
asset_name: "Dependencies.Report.html" | |
tag: ${{ github.event.inputs.version || github.event.release.tag_name }} | |
overwrite: true | |