Prepare for 5.2.4 release #637

Workflow file for this run

	name: Build Linux Binaries

	on:
	push:
	workflow_dispatch:
	env:
	REGISTRY: ghcr.io

	jobs:
	Depscan-Linux-Build:
	runs-on: ubuntu-20.04
	permissions:
	contents: write
	packages: write
	steps:
	- uses: actions/checkout@v4
	- name: Trim CI agent
	run: \|
	chmod +x free_disk_space.sh
	./free_disk_space.sh
	- name: Checkout dep-scan
	uses: actions/checkout@v4
	with:
	repository: owasp-dep-scan/dep-scan
	path: dep-scan
	- name: Checkout cdxgen
	uses: actions/checkout@v4
	with:
	repository: CycloneDX/cdxgen
	path: cdxgen
	ref: 'v10.0.0'
	- name: Checkout cdxgen
	uses: actions/checkout@v4
	with:
	repository: CycloneDX/cdxgen-plugins-bin
	path: cdxgen-plugins-bin
	- uses: actions/setup-python@v5
	with:
	python-version: '3.11'
	- name: Use Node.js
	uses: actions/setup-node@v3
	with:
	node-version: 20.x
	- uses: actions/setup-go@v3
	with:
	go-version: '^1.19.8'
	- uses: actions/cache@v3
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-
	- name: Install pyinstaller
	run: \|
	python3 -m pip install --upgrade pip
	python3 -m pip install setuptools pyinstaller
	cd dep-scan
	python3 -m pip install ".[dev]"
	wget https://github.com/upx/upx/releases/download/v4.2.1/upx-4.2.1-amd64_linux.tar.xz
	tar -xvf upx-4.2.1-amd64_linux.tar.xz
	chmod +x upx-4.2.1-amd64_linux/upx
	sudo cp upx-4.2.1-amd64_linux/upx /usr/local/bin/
	- name: Produce cdxgen pkg
	run: \|
	cd cdxgen
	npm install
	npx caxa --input . --output "cdxgen" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js"
	chmod +x cdxgen
	./cdxgen --version
	sha256sum cdxgen > cdxgen.sha256
	- name: Build cdxgen plugins
	run: \|
	cd cdxgen-plugins-bin
	bash build.sh
	- name: Binary amd64 build
	run: \|
	cd dep-scan
	pyinstaller depscan/cli.py --noconfirm --log-level=WARN --nowindow --onefile --name depscan-linux-amd64 --add-data="vendor:vendor" --add-binary="../cdxgen/cdxgen:local_bin" --add-binary="../cdxgen-plugins-bin/plugins/osquery/osqueryi-linux-amd64:local_bin/osquery" --add-binary="../cdxgen-plugins-bin/plugins/goversion/goversion-linux-amd64:local_bin/goversion" --add-binary="../cdxgen-plugins-bin/plugins/trivy/trivy-cdxgen-linux-amd64:local_bin/trivy" --add-binary="../cdxgen-plugins-bin/plugins/cargo-auditable/cargo-auditable-cdxgen-linux-amd64:local_bin/cargo-auditable" --add-binary="../cdxgen-plugins-bin/plugins/dosai/dosai-linux-amd64:local_bin/dosai" --collect-submodules depscan --noupx
	sha256sum ./dist/depscan-linux-amd64 > ./dist/depscan-linux-amd64.sha256
	./dist/depscan-linux-amd64 --help
	- name: BLint
	run: \|
	pip3 install blint
	blint -i dep-scan/dist/depscan-linux-amd64 -o /tmp/reports
	env:
	PYTHONIOENCODING: utf-8
	LANG: en_US.utf-8
	continue-on-error: true
	- name: Upload dep-scan
	run: \|
	cd ./dep-scan/dist
	echo $GITHUB_TOKEN \| oras login ghcr.io -u $GITHUB_USERNAME --password-stdin
	oras push ghcr.io/owasp-dep-scan/depscan:v5 \
	--artifact-type application/vnd.oras.config.v1+json \
	./depscan-linux-amd64:application/vnd.owasp-dep-scan.depscan.layer.v1+tar
	oras push ghcr.io/owasp-dep-scan/dep-scan:v5 \
	--artifact-type application/vnd.oras.config.v1+json \
	./depscan-linux-amd64:application/vnd.owasp-dep-scan.depscan.layer.v1+tar
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GITHUB_USERNAME: ${{ github.actor }}
	- uses: actions/upload-artifact@v3
	if: startsWith(github.ref, 'refs/tags/') != true
	with:
	path: ./dep-scan/dist
	name: depscan-linux-amd64
	- name: Release
	uses: softprops/action-gh-release@v1
	if: startsWith(github.ref, 'refs/tags/')
	with:
	files: \|
	dep-scan/dist/depscan-linux-amd64
	dep-scan/dist/depscan-linux-amd64.sha256

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prepare for 5.2.4 release #637

Workflow file

Prepare for 5.2.4 release #637

Jobs

Run details

Workflow file for this run