Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
01ed653ac8 | ||
|
|
3ca6fc3a8a | ||
|
|
271a696e78 | ||
|
|
2063b36b79 | ||
|
|
44d0c2f19b | ||
|
|
26e3dc36fc | ||
|
|
e6854f2a7c | ||
|
|
a1c06b5535 | ||
|
|
e4bdac3847 | ||
|
|
00f0f13934 | ||
|
|
63ca6fe724 | ||
|
|
5b85983c0a | ||
|
|
f4c22e2c3f | ||
|
|
2ea5788b37 | ||
|
|
b5709ab80d | ||
|
|
6e1c9cebb5 | ||
|
|
601e3a4caa |
2
.github/workflows/ci.yml
vendored
2
.github/workflows/ci.yml
vendored
@@ -458,7 +458,7 @@ jobs:
|
||||
matrix:
|
||||
java-version: ['24-ea', 'latest-ea']
|
||||
distribution: ['graalvm']
|
||||
os: [macos-latest, windows-latest, ubuntu-latest]
|
||||
os: [macos-latest, windows-latest, ubuntu-latest, ubuntu-22.04-arm]
|
||||
components: ['']
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
@@ -145,6 +145,7 @@ describe('sbom feature', () => {
|
||||
writeFileSync(sbomPath, JSON.stringify(sbom, null, 2))
|
||||
|
||||
mockFindSBOM([sbomPath])
|
||||
jest.spyOn(core, 'getState').mockReturnValue(javaVersion)
|
||||
|
||||
await processSBOM()
|
||||
}
|
||||
@@ -190,6 +191,10 @@ describe('sbom feature', () => {
|
||||
]
|
||||
}
|
||||
|
||||
it('should throw an error if setUpSBOMSupport was not called before processSBOM', async () => {
|
||||
await expect(processSBOM()).rejects.toThrow('setUpSBOMSupport must be called before processSBOM')
|
||||
})
|
||||
|
||||
it('should process SBOM and display components', async () => {
|
||||
await setUpAndProcessSBOM(sampleSBOM)
|
||||
|
||||
|
||||
3162
dist/cleanup/index.js
generated
vendored
3162
dist/cleanup/index.js
generated
vendored
File diff suppressed because it is too large
Load Diff
3166
dist/main/index.js
generated
vendored
3166
dist/main/index.js
generated
vendored
File diff suppressed because it is too large
Load Diff
1570
package-lock.json
generated
1570
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
24
package.json
24
package.json
@@ -2,7 +2,7 @@
|
||||
"name": "setup-graalvm",
|
||||
"author": "GraalVM Community",
|
||||
"description": "GitHub Action for GraalVM",
|
||||
"version": "1.3.1",
|
||||
"version": "1.3.3",
|
||||
"private": true,
|
||||
"repository": {
|
||||
"type": "git",
|
||||
@@ -33,7 +33,7 @@
|
||||
},
|
||||
"license": "UPL",
|
||||
"dependencies": {
|
||||
"@actions/cache": "^4.0.0",
|
||||
"@actions/cache": "^4.0.2",
|
||||
"@actions/core": "^1.11.1",
|
||||
"@actions/exec": "^1.1.1",
|
||||
"@actions/github": "^6.0.0",
|
||||
@@ -45,20 +45,20 @@
|
||||
"@octokit/types": "^13.8.0",
|
||||
"@github/dependency-submission-toolkit": "^2.0.4",
|
||||
"semver": "^7.7.1",
|
||||
"uuid": "^11.0.5"
|
||||
"uuid": "^11.1.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@eslint/compat": "^1.2.6",
|
||||
"@eslint/compat": "^1.2.7",
|
||||
"@types/jest": "^29.5.14",
|
||||
"@types/node": "^20.17.17",
|
||||
"@types/node": "^20.17.22",
|
||||
"@types/semver": "^7.5.8",
|
||||
"@types/uuid": "^10.0.0",
|
||||
"@typescript-eslint/eslint-plugin": "^8.24.0",
|
||||
"@typescript-eslint/parser": "^8.24.0",
|
||||
"@typescript-eslint/eslint-plugin": "^8.25.0",
|
||||
"@typescript-eslint/parser": "^8.25.0",
|
||||
"@vercel/ncc": "^0.38.3",
|
||||
"eslint": "^9.20.1",
|
||||
"eslint-config-prettier": "^10.0.1",
|
||||
"eslint-import-resolver-typescript": "^3.6.3",
|
||||
"eslint": "^9.21.0",
|
||||
"eslint-config-prettier": "^10.0.2",
|
||||
"eslint-import-resolver-typescript": "^3.8.3",
|
||||
"eslint-plugin-import": "^2.31.0",
|
||||
"eslint-plugin-jest": "^28.10.0",
|
||||
"eslint-plugin-jsonc": "^2.19.1",
|
||||
@@ -66,9 +66,9 @@
|
||||
"eslint-plugin-prettier": "^5.2.3",
|
||||
"jest": "^29.7.0",
|
||||
"js-yaml": "^4.1.0",
|
||||
"prettier": "^3.5.0",
|
||||
"prettier": "^3.5.3",
|
||||
"prettier-eslint": "^16.3.0",
|
||||
"ts-jest": "^29.2.5",
|
||||
"ts-jest": "^29.2.6",
|
||||
"ts-node": "^10.9.2",
|
||||
"typescript": "^5.7.3"
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import * as otypes from '@octokit/types'
|
||||
|
||||
export const ACTION_VERSION = '1.3.1'
|
||||
export const ACTION_VERSION = '1.3.3'
|
||||
|
||||
export const INPUT_VERSION = 'version'
|
||||
export const INPUT_GDS_TOKEN = 'gds-token'
|
||||
|
||||
@@ -10,8 +10,7 @@ import { setNativeImageOption } from '../utils'
|
||||
const INPUT_NI_SBOM = 'native-image-enable-sbom'
|
||||
const SBOM_FILE_SUFFIX = '.sbom.json'
|
||||
const MIN_JAVA_VERSION = '24.0.0'
|
||||
|
||||
let javaVersionOrLatestEA: string | null = null
|
||||
const javaVersionKey = 'javaVersionKey'
|
||||
|
||||
interface SBOM {
|
||||
components: Component[]
|
||||
@@ -67,36 +66,36 @@ interface DependencySnapshot {
|
||||
>
|
||||
}
|
||||
|
||||
export function setUpSBOMSupport(javaVersionOrDev: string, distribution: string): void {
|
||||
export function setUpSBOMSupport(javaVersion: string, distribution: string): void {
|
||||
if (!isFeatureEnabled()) {
|
||||
return
|
||||
}
|
||||
|
||||
validateJavaVersionAndDistribution(javaVersionOrDev, distribution)
|
||||
javaVersionOrLatestEA = javaVersionOrDev
|
||||
setNativeImageOption(javaVersionOrLatestEA, '--enable-sbom=export')
|
||||
validateJavaVersionAndDistribution(javaVersion, distribution)
|
||||
core.saveState(javaVersionKey, javaVersion)
|
||||
setNativeImageOption(javaVersion, '--enable-sbom=export')
|
||||
core.info('Enabled SBOM generation for Native Image build')
|
||||
}
|
||||
|
||||
function validateJavaVersionAndDistribution(javaVersionOrDev: string, distribution: string): void {
|
||||
function validateJavaVersionAndDistribution(javaVersion: string, distribution: string): void {
|
||||
if (distribution !== c.DISTRIBUTION_GRAALVM) {
|
||||
throw new Error(
|
||||
`The '${INPUT_NI_SBOM}' option is only supported for Oracle GraalVM (distribution '${c.DISTRIBUTION_GRAALVM}'), but found distribution '${distribution}'.`
|
||||
)
|
||||
}
|
||||
|
||||
if (javaVersionOrDev === 'dev') {
|
||||
if (javaVersion === 'dev') {
|
||||
throw new Error(`The '${INPUT_NI_SBOM}' option is not supported for java-version 'dev'.`)
|
||||
}
|
||||
|
||||
if (javaVersionOrDev === 'latest-ea') {
|
||||
if (javaVersion === 'latest-ea') {
|
||||
return
|
||||
}
|
||||
|
||||
const coercedJavaVersion = semver.coerce(javaVersionOrDev)
|
||||
const coercedJavaVersion = semver.coerce(javaVersion)
|
||||
if (!coercedJavaVersion || semver.gt(MIN_JAVA_VERSION, coercedJavaVersion)) {
|
||||
throw new Error(
|
||||
`The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersionOrDev}'.`
|
||||
`The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersion}'.`
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -106,7 +105,8 @@ export async function processSBOM(): Promise<void> {
|
||||
return
|
||||
}
|
||||
|
||||
if (javaVersionOrLatestEA === null) {
|
||||
const javaVersion = core.getState(javaVersionKey)
|
||||
if (!javaVersion) {
|
||||
throw new Error('setUpSBOMSupport must be called before processSBOM')
|
||||
}
|
||||
|
||||
@@ -116,7 +116,7 @@ export async function processSBOM(): Promise<void> {
|
||||
const sbomData = parseSBOM(sbomContent)
|
||||
const components = mapToComponentsWithDependencies(sbomData)
|
||||
printSBOMContent(components)
|
||||
const snapshot = convertSBOMToSnapshot(sbomPath, components)
|
||||
const snapshot = convertSBOMToSnapshot(javaVersion, sbomPath, components)
|
||||
await submitDependencySnapshot(snapshot)
|
||||
} catch (error) {
|
||||
throw new Error(
|
||||
@@ -184,7 +184,7 @@ function printSBOMContent(components: Component[]): void {
|
||||
core.info('==================')
|
||||
}
|
||||
|
||||
function convertSBOMToSnapshot(sbomPath: string, components: Component[]): DependencySnapshot {
|
||||
function convertSBOMToSnapshot(javaVersion: string, sbomPath: string, components: Component[]): DependencySnapshot {
|
||||
const context = github.context
|
||||
const sbomFileName = basename(sbomPath)
|
||||
|
||||
@@ -203,7 +203,7 @@ function convertSBOMToSnapshot(sbomPath: string, components: Component[]): Depen
|
||||
},
|
||||
detector: {
|
||||
name: 'Oracle GraalVM',
|
||||
version: javaVersionOrLatestEA ?? '',
|
||||
version: javaVersion,
|
||||
url: 'https://www.graalvm.org/'
|
||||
},
|
||||
scanned: new Date().toISOString(),
|
||||
|
||||
Reference in New Issue
Block a user