Temp commit #153

Workflow file for this run

	name: Build Alpine Binaries

	on:
	push:
	workflow_dispatch:

	jobs:
	Depscan-Alpine-Build:
	runs-on: ubuntu-latest
	permissions:
	contents: write
	packages: write
	container: python:3.10-alpine
	steps:
	- uses: actions/checkout@v4
	- name: Install packages
	run: \|
	apk update
	apk add py3-pip python3-dev curl wget jq tree cmake make gcc git g++ musl-dev libffi-dev openssl-dev py3-cffi py3-twine py3-wheel py3-setuptools ca-certificates zlib-dev xz nodejs npm bash tar gcompat
	- name: Checkout dep-scan
	uses: actions/checkout@v4
	with:
	repository: owasp-dep-scan/dep-scan
	path: dep-scan
	- name: Checkout cdxgen
	uses: actions/checkout@v4
	with:
	repository: CycloneDX/cdxgen
	path: cdxgen
	- name: Checkout cdxgen
	uses: actions/checkout@v4
	with:
	repository: CycloneDX/cdxgen-plugins-bin
	path: cdxgen-plugins-bin
	- name: Install go
	run: \|
	wget https://go.dev/dl/go1.19.3.linux-amd64.tar.gz
	tar -xvf go1.19.3.linux-amd64.tar.gz
	mv go /usr/local/
	- uses: actions/cache@v4
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-
	- name: Install pyinstaller
	run: \|
	python3 -m pip install --upgrade pip
	python3 -m pip install setuptools pyinstaller
	cd dep-scan
	python3 -m pip install ".[dev]"
	wget https://github.com/upx/upx/releases/download/v4.0.1/upx-4.0.1-amd64_linux.tar.xz
	tar -xvf upx-4.0.1-amd64_linux.tar.xz
	chmod +x upx-4.0.1-amd64_linux/upx
	cp upx-4.0.1-amd64_linux/upx /usr/local/bin/
	- name: Produce cdxgen pkg
	run: \|
	cd cdxgen
	npm install
	npx caxa --input . --output "cdxgen" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js"
	chmod +x cdxgen
	./cdxgen --version
	sha256sum cdxgen > cdxgen.sha256
	- name: Build cdxgen plugins
	run: \|
	echo "/usr/local/go/bin" >> $GITHUB_PATH
	cd cdxgen-plugins-bin
	chmod +x build.sh
	./build.sh
	- name: Binary alpine build
	run: \|
	cd dep-scan
	pyinstaller depscan/cli.py --noconfirm --log-level=WARN --nowindow --onefile --name depscan-linux-musl --add-data="vendor:vendor" --add-binary="../cdxgen/cdxgen:local_bin" --add-binary="../cdxgen-plugins-bin/plugins/osquery/osqueryi-linux-amd64:local_bin/osquery" --add-binary="../cdxgen-plugins-bin/plugins/goversion/goversion-linux-amd64:local_bin/goversion" --add-binary="../cdxgen-plugins-bin/plugins/trivy/trivy-cdxgen-linux-amd64:local_bin/trivy" --add-binary="../cdxgen-plugins-bin/plugins/cargo-auditable/cargo-auditable-cdxgen-linux-amd64:local_bin/cargo-auditable" --collect-submodules depscan --noupx
	sha256sum ./dist/depscan-linux-musl > ./dist/depscan-linux-musl.sha256
	./dist/depscan-linux-musl --help
	- uses: actions/upload-artifact@v3
	if: startsWith(github.ref, 'refs/tags/') != true
	with:
	path: ./dep-scan/dist
	name: depscan-linux-musl
	- name: Release
	uses: softprops/action-gh-release@v1
	if: startsWith(github.ref, 'refs/tags/')
	with:
	files: \|
	dep-scan/dist/depscan-linux-musl
	dep-scan/dist/depscan-linux-musl.sha256

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Temp commit #153

Workflow file

Temp commit #153

Jobs

Run details

Workflow file for this run