Skip to content

Commit

Permalink
fix: github correlator name when run in matrix build (#482)
Browse files Browse the repository at this point in the history
* fix: github correlator name when run in matrix build

Signed-off-by: Keith Zantow <kzantow@gmail.com>

* chore: add explicit check for correlator containing artifact-name

Signed-off-by: Keith Zantow <kzantow@gmail.com>

* test: explicitly test different correlator paths

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

* chore: commit build output

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

---------

Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
  • Loading branch information
kzantow and willmurphyscode authored Dec 4, 2024
1 parent 55dc4ee commit a5bbe18
Show file tree
Hide file tree
Showing 6 changed files with 343 additions and 9 deletions.
19 changes: 17 additions & 2 deletions dist/attachReleaseAssets/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 17 additions & 2 deletions dist/downloadSyft/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 17 additions & 2 deletions dist/runSyftAction/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 19 additions & 3 deletions src/github/SyftGithubAction.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ const exeSuffix = process.platform == "win32" ? ".exe" : "";
* Tries to get a unique artifact name or otherwise as appropriate as possible
*/
export function getArtifactName(): string {
const fileName = core.getInput("artifact-name");
const fileName = getArtifactNameInput();

// if there is an explicit filename just return it, this could cause issues
// where earlier sboms are overwritten by later ones
Expand Down Expand Up @@ -93,6 +93,13 @@ export function getArtifactName(): string {
return `${repo}-${job}${stepName}.${extension}`;
}

/**
* Returns the artifact-name input value
*/
function getArtifactNameInput() {
return core.getInput("artifact-name");
}

/**
* Gets a reference to the syft command and executes the syft action
* @param input syft input parameters
Expand Down Expand Up @@ -443,10 +450,19 @@ export async function uploadDependencySnapshot(): Promise<void> {
fs.readFileSync(githubDependencySnapshotFile).toString("utf8")
) as DependencySnapshot;

let correlator = `${workflow}_${job}`;
// if running in a matrix build, it is not possible to determine a unique value,
// so a user must explicitly specify the artifact-name input, there isn't any
// other indicator of being run within a matrix build, so we must use that
// here in order to properly correlate dependency snapshots
const artifactInput = getArtifactNameInput();
if (artifactInput) {
correlator += `_${artifactInput}`;
}

// Need to add the job and repo details
snapshot.job = {
correlator:
core.getInput("dependency-snapshot-correlator") || `${workflow}_${job}`,
correlator: core.getInput("dependency-snapshot-correlator") || correlator,
id: `${runId}`,
};
snapshot.sha = sha;
Expand Down
87 changes: 87 additions & 0 deletions tests/integration/GitHubSnapshot.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ describe("GitHub Snapshot", () => {
const data = requestArgs[1].data;
const submission = JSON.parse(data);

expect(submission.job.correlator).toEqual("my-workflow_default-import-job")
expect(submission.scanned).toBeDefined();

// redact changing data
Expand All @@ -75,4 +76,90 @@ describe("GitHub Snapshot", () => {

expect(submission).toMatchSnapshot();
});

it("runs with artifact-name input", async () => {
setData({
inputs: {
path: "tests/fixtures/npm-project",
"dependency-snapshot": "true",
"upload-artifact": "false",
"artifact-name": "my-matrix-build-1",
},
context: {
...context.push({
ref: "main",
}),
sha: "f293f09uaw90gwa09f9wea",
workflow: "my-workflow",
job: "default-import-job",
action: "__anchore_sbom-action",
},
});

await action.runSyftAction();
await action.uploadDependencySnapshot();

// validate the request was made
expect(requestArgs).toBeDefined();
expect(requestArgs).toHaveLength(2);
expect(requestArgs[0]).toBe("POST /repos/test-org/test-repo/dependency-graph/snapshots");

// check the resulting snapshot file
const data = requestArgs[1].data;
const submission = JSON.parse(data);

expect(submission.scanned).toBeDefined();

// redact changing data
submission.scanned = "";
submission.detector.version = "";

expect(submission.job).toBeDefined()
expect(submission.job.correlator).toEqual("my-workflow_default-import-job_my-matrix-build-1")

expect(submission).toMatchSnapshot();
});

it("runs with dependency-snapshot-correlator defined", async () => {
setData({
inputs: {
path: "tests/fixtures/npm-project",
"dependency-snapshot": "true",
"upload-artifact": "false",
"dependency-snapshot-correlator": "some-correlator",
},
context: {
...context.push({
ref: "main",
}),
sha: "f293f09uaw90gwa09f9wea",
workflow: "my-workflow",
job: "default-import-job",
action: "__anchore_sbom-action",
},
});

await action.runSyftAction();
await action.uploadDependencySnapshot();

// validate the request was made
expect(requestArgs).toBeDefined();
expect(requestArgs).toHaveLength(2);
expect(requestArgs[0]).toBe("POST /repos/test-org/test-repo/dependency-graph/snapshots");

// check the resulting snapshot file
const data = requestArgs[1].data;
const submission = JSON.parse(data);

expect(submission.scanned).toBeDefined();

// redact changing data
submission.scanned = "";
submission.detector.version = "";

expect(submission.job).toBeDefined()
expect(submission.job.correlator).toEqual("some-correlator")

expect(submission).toMatchSnapshot();
});
});
Loading

0 comments on commit a5bbe18

Please sign in to comment.