Migrate CI to runs-on #11319
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Validations" | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| Static-Analysis: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "Static analysis" | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=small | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| - name: Run static analysis | |
| run: make static-analysis | |
| Unit-Test: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "Unit tests" | |
| # we need more storage than what's on the default runner | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=small | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| download-test-fixture-cache: true | |
| - name: Run unit tests | |
| run: make unit | |
| Integration-Test: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "Integration tests" | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=small | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| download-test-fixture-cache: true | |
| - name: Validate syft output against the CycloneDX schema | |
| run: make validate-cyclonedx-schema | |
| - name: Run integration tests | |
| run: make integration | |
| Build-Snapshot-Artifacts: | |
| name: "Build snapshot artifacts" | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=build | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| bootstrap-apt-packages: "" | |
| - name: Build snapshot artifacts | |
| run: make snapshot | |
| - name: Smoke test snapshot build | |
| run: make snapshot-smoke-test | |
| # upload each platform artifact individually so downstream jobs can download only what they need | |
| # using explicit upload steps instead of programmatic API for runs-on compatibility | |
| - name: Upload Linux amd64 artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 | |
| with: | |
| name: linux-build_linux_amd64_v1 | |
| path: snapshot/linux-build_linux_amd64_v1 | |
| retention-days: 30 | |
| - name: Upload Linux arm64 artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 | |
| with: | |
| name: linux-build_linux_arm64_v8.0 | |
| path: snapshot/linux-build_linux_arm64_v8.0 | |
| retention-days: 30 | |
| - name: Upload Linux ppc64le artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 | |
| with: | |
| name: linux-build_linux_ppc64le_power8 | |
| path: snapshot/linux-build_linux_ppc64le_power8 | |
| retention-days: 30 | |
| - name: Upload Linux s390x artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 | |
| with: | |
| name: linux-build_linux_s390x | |
| path: snapshot/linux-build_linux_s390x | |
| retention-days: 30 | |
| - name: Upload macOS Intel artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 | |
| with: | |
| name: darwin-build_darwin_amd64_v1 | |
| path: snapshot/darwin-build_darwin_amd64_v1 | |
| retention-days: 30 | |
| - name: Upload macOS Apple Silicon artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 | |
| with: | |
| name: darwin-build_darwin_arm64_v8.0 | |
| path: snapshot/darwin-build_darwin_arm64_v8.0 | |
| retention-days: 30 | |
| - name: Upload Windows amd64 artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 | |
| with: | |
| name: windows-build_windows_amd64_v1 | |
| path: snapshot/windows-build_windows_amd64_v1 | |
| retention-days: 30 | |
| - name: Upload Windows arm64 artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 | |
| with: | |
| name: windows-build_windows_arm64_v8.0 | |
| path: snapshot/windows-build_windows_arm64_v8.0 | |
| retention-days: 30 | |
| - name: Upload Homebrew artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.0 | |
| with: | |
| name: homebrew | |
| path: snapshot/homebrew | |
| retention-days: 30 | |
| Acceptance-Linux: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "Acceptance tests (Linux)" | |
| needs: [Build-Snapshot-Artifacts] | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=small | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| download-test-fixture-cache: true | |
| - name: Download Linux amd64 snapshot | |
| uses: actions/download-artifact@8db8e0a4fa3e65a503184c3b18cdbb9cdc646fc0 #v4.2.0 | |
| with: | |
| name: linux-build_linux_amd64_v1 | |
| path: snapshot/linux-build_linux_amd64_v1 | |
| - name: Run comparison tests (Linux) | |
| run: make compare-linux | |
| - name: Load test image cache | |
| if: steps.install-test-image-cache.outputs.cache-hit == 'true' | |
| run: make install-test-cache-load | |
| - name: Run install.sh tests (Linux) | |
| run: make install-test | |
| - name: (cache-miss) Create test image cache | |
| if: steps.install-test-image-cache.outputs.cache-hit != 'true' | |
| run: make install-test-cache-save | |
| Acceptance-Mac: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "Acceptance tests (Mac)" | |
| needs: [Build-Snapshot-Artifacts] | |
| runs-on: macos-latest | |
| steps: | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| bootstrap-apt-packages: "" | |
| go-dependencies: false | |
| download-test-fixture-cache: true | |
| - name: Download macOS Intel snapshot | |
| uses: actions/download-artifact@8db8e0a4fa3e65a503184c3b18cdbb9cdc646fc0 #v4.2.0 | |
| with: | |
| name: darwin-build_darwin_amd64_v1 | |
| path: snapshot/darwin-build_darwin_amd64_v1 | |
| - name: Run comparison tests (Mac) | |
| run: make compare-mac | |
| - name: Run install.sh tests (Mac) | |
| run: make install-test-ci-mac | |
| Cli-Linux: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "CLI tests (Linux)" | |
| needs: [Build-Snapshot-Artifacts] | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=small | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| download-test-fixture-cache: true | |
| - name: Download Linux amd64 snapshot | |
| uses: actions/download-artifact@8db8e0a4fa3e65a503184c3b18cdbb9cdc646fc0 #v4.2.0 | |
| with: | |
| name: linux-build_linux_amd64_v1 | |
| path: snapshot/linux-build_linux_amd64_v1 | |
| - name: Run CLI Tests (Linux) | |
| run: make cli |