CycloneDX SBOM for databroker and databroker-cli #863
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /******************************************************************************** | |
# * Copyright (c) 2022 Contributors to the Eclipse Foundation | |
# * | |
# * See the NOTICE file(s) distributed with this work for additional | |
# * information regarding copyright ownership. | |
# * | |
# * This program and the accompanying materials are made available under the | |
# * terms of the Apache License 2.0 which is available at | |
# * http://www.apache.org/licenses/LICENSE-2.0 | |
# * | |
# * SPDX-License-Identifier: Apache-2.0 | |
# ********************************************************************************/ | |
name: kuksa_databroker_build | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
paths: | |
- ".github/workflows/kuksa_databroker_build.yml" | |
- "kuksa_databroker/**" | |
- "proto/**" | |
- "Cargo.*" | |
- "Cross.toml" | |
workflow_call: | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }} | |
cancel-in-progress: true | |
jobs: | |
lint-and-test: | |
name: Linting and Testing | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# Seems not neccessary on ubuntu-latest runner | |
#- uses: dtolnay/rust-toolchain@stable | |
- name: "Install cargo modules" | |
run: cargo install cargo-tarpaulin | |
- name: Show toolchain information | |
working-directory: ${{github.workspace}} | |
run: | | |
rustup toolchain list | |
cargo --version | |
- name: cargo fmt | |
working-directory: ${{github.workspace}} | |
run: cargo fmt -- --check | |
- name: cargo clippy | |
working-directory: ${{github.workspace}} | |
run: cargo clippy --all-targets -- -W warnings -D warnings | |
- name: cargo clippy (feature viss) | |
working-directory: ${{github.workspace}} | |
run: cargo clippy --features viss --all-targets -- -W warnings -D warnings | |
- name: Run tests and report code coverage | |
run: | | |
cargo tarpaulin -o xml \ | |
--exclude-files kuksa_databroker/databroker/tests/* \ | |
--exclude-files kuksa_databroker/databroker/tests/world/* | |
- name: Upload coverage report | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Code coverage report | |
path: cobertura.xml | |
# - name: Publish coverage report as comment | |
# uses: 5monkeys/cobertura-action@v12 | |
# if: github.event_name == 'pull_request' | |
# with: | |
# path: cobertura.xml | |
# repo_token: ${{ secrets.GITHUB_TOKEN }} | |
# minimum_coverage: 40 | |
check_ghcr_push: | |
uses: eclipse-kuksa/kuksa-actions/.github/workflows/check_ghcr_push.yml@2 | |
secrets: inherit | |
build-container: | |
runs-on: ubuntu-latest | |
needs: check_ghcr_push | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Building | |
working-directory: ${{github.workspace}}/kuksa_databroker/ | |
run: | | |
cargo install cargo-license cross cargo-cyclonedx | |
./build-all-targets.sh | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
# list of Docker images to use as base name for tags | |
images: | | |
ghcr.io/eclipse/kuksa.val/databroker | |
# generate Docker tags based on the following events/attributes | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
# only needed for runners without buildx setup, will be slow | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Log in to the Container registry | |
if: needs.check_ghcr_push.outputs.push == 'true' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build kuksa.val databroker container container and push to ghcr.io (and ttl.sh) | |
id: ghcr-build | |
if: needs.check_ghcr_push.outputs.push == 'true' | |
uses: docker/build-push-action@v5 | |
with: | |
platforms: | | |
linux/amd64 | |
linux/arm64 | |
linux/riscv64 | |
file: ./kuksa_databroker/Dockerfile | |
context: . | |
push: true | |
tags: | | |
${{ steps.meta.outputs.tags }} | |
ttl.sh/kuksa.val/kuksa-databroker-${{github.sha}} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Build ephemeral KUKSA Databroker container and push to ttl.sh | |
if: needs.check_ghcr_push.outputs.push == 'false' | |
id: tmp-build | |
uses: docker/build-push-action@v5 | |
with: | |
platforms: | | |
linux/amd64 | |
linux/arm64 | |
linux/riscv64 | |
file: ./kuksa_databroker/Dockerfile | |
context: . | |
push: true | |
tags: "ttl.sh/kuksa.val/kuksa-databroker-${{github.sha}}" | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Posting message | |
uses: ./.github/actions/post-container-location | |
with: | |
image: ttl.sh/kuksa.val/kuksa-databroker-${{github.sha}} | |
- name: "Archiving AMD64 artifacts" | |
uses: actions/upload-artifact@v3 | |
with: | |
name: databroker-amd64 | |
path: ${{github.workspace}}/dist/amd64 | |
- name: "Archiving ARM64 artifacts" | |
uses: actions/upload-artifact@v3 | |
with: | |
name: databroker-arm64 | |
path: ${{github.workspace}}/dist/arm64 | |
- name: "Archiving RISCV64 artifacts" | |
uses: actions/upload-artifact@v3 | |
with: | |
name: databroker-riscv64 | |
path: ${{github.workspace}}/dist/riscv64 | |
integration-test: | |
name: Run integration test | |
runs-on: ubuntu-latest | |
needs: [build-container] | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- uses: actions/checkout@v4 | |
- name: Run integration test on AMD64 container | |
env: | |
DATABROKER_IMAGE: ttl.sh/kuksa.val/kuksa-databroker-${{github.sha}} | |
CONTAINER_PLATFORM: linux/amd64 | |
run: | | |
${{github.workspace}}/kuksa_databroker/integration_test/run.sh | |
- name: Run integration test on ARM64 container | |
env: | |
DATABROKER_IMAGE: ttl.sh/kuksa.val/kuksa-databroker-${{github.sha}} | |
CONTAINER_PLATFORM: linux/arm64 | |
run: | | |
${{github.workspace}}/kuksa_databroker/integration_test/run.sh | |
- name: Run integration test on RISCV64 container | |
env: | |
DATABROKER_IMAGE: ttl.sh/kuksa.val/kuksa-databroker-${{github.sha}} | |
CONTAINER_PLATFORM: linux/riscv64 | |
run: | | |
${{github.workspace}}/kuksa_databroker/integration_test/run.sh | |
bom: | |
name: License Compliance Check | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# Follows the pattern from | |
# https://github.com/eclipse/dash-licenses?tab=readme-ov-file#example-rustcargo | |
- name: "Using cargo to create Dash input" | |
working-directory: ${{github.workspace}}/kuksa_databroker/ | |
# target all is not really needed, and will also return i.e. wasm deps, however | |
# better safe than sorry, the alternative would be running this for each currently | |
# built target and combining the lists, but that would need adapting, when | |
# adding targets, or also when i.e. switching between MUSL/glibc. So this is safer | |
run: | | |
cargo tree -e normal --prefix none --no-dedupe -p databroker --target all --all-features > ${{github.workspace}}/cargodeps | |
cat ${{github.workspace}}/cargodeps | sort -u \ | |
| grep -v '^[[:space:]]*$' | grep -v kuksa | grep -v databroker \ | |
| sed -E 's|([^ ]+) v([^ ]+).*|crate/cratesio/-/\1/\2|' \ | |
> ${{github.workspace}}/dash-databroker-deps | |
- name: Dash license check | |
uses: eclipse-kuksa/kuksa-actions/check-dash@2 | |
with: | |
dashinput: ${{github.workspace}}/dash-databroker-deps |