Generate and commit SBOMs for our components #2266
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
- merge_group | |
- push | |
- pull_request | |
# Only build for latest push/PR unless it's main or release/ | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith( github.ref, 'refs/heads/release/' ) && !startsWith( github.ref, 'refs/heads/gh-readonly-queue/' ) }} | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
lint-apparmor: | |
strategy: | |
matrix: | |
debian_version: | |
- bookworm | |
runs-on: ubuntu-latest | |
container: debian:${{ matrix.debian_version }} | |
steps: | |
- run: | | |
apt-get update && apt-get install --yes git make apparmor | |
- uses: actions/checkout@v4 | |
- name: Lint AppArmor profiles | |
run: | | |
make lint-apparmor | |
lint-desktop: | |
strategy: | |
matrix: | |
debian_version: | |
- bookworm | |
runs-on: ubuntu-latest | |
container: debian:${{ matrix.debian_version }} | |
steps: | |
- run: | | |
apt-get update && apt-get install --yes git make desktop-file-utils | |
- uses: actions/checkout@v4 | |
- name: Lint .desktop files | |
run: | | |
make lint-desktop | |
lint: | |
strategy: | |
matrix: | |
debian_version: | |
- bookworm | |
runs-on: ubuntu-latest | |
container: debian:${{ matrix.debian_version }} | |
steps: | |
- run: | | |
apt-get update && apt-get install --yes git make file python3-poetry | |
- uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
poetry install | |
- name: Run lint | |
run: make lint | |
# Run `make lint` across all components | |
component-lint: | |
strategy: | |
fail-fast: false | |
matrix: | |
# proxy has no `make lint` because it is covered by `rust-lint`. | |
# qubesdb-tools has no `make lint` because it is covered by `lint`. | |
component: | |
- client | |
- export | |
- log | |
debian_version: | |
- bookworm | |
runs-on: ubuntu-latest | |
container: debian:${{ matrix.debian_version }} | |
steps: | |
- run: | | |
apt-get update && apt-get install --yes git make gnupg python3-poetry | |
- uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
poetry -C ${{ matrix.component }} install | |
if [[ "${{ matrix.component }}" == "client" || "${{ matrix.component }}" == "export" ]]; then | |
make -C ${{ matrix.component }} ci-install-deps | |
fi | |
- name: Run lint | |
run: make -C ${{ matrix.component }} lint | |
safety: | |
runs-on: ubuntu-latest | |
container: debian:bookworm | |
steps: | |
- run: | | |
apt-get update && apt-get install --yes git make python3-poetry | |
- uses: actions/checkout@v4 | |
- name: Run safety | |
run: | | |
poetry install | |
poetry update safety | |
make safety | |
rust: | |
runs-on: ubuntu-latest | |
# Keep version in sync with rust-toolchain.toml | |
container: rust:1.81.0 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure Qubes repository | |
run: | | |
cp scripts/qubes_42.sources /etc/apt/sources.list.d/ | |
source /etc/os-release | |
sed -i s/##VERSION_CODENAME##/${VERSION_CODENAME}/ /etc/apt/sources.list.d/qubes_42.sources | |
apt-get update && apt-get install --yes libclang-dev qubesdb-dev | |
- name: Install dependencies | |
run: | | |
rustup component add rustfmt | |
rustup component add clippy | |
- name: Lint and test Rust code | |
run: | | |
make rust-lint | |
make rust-test |