For cases where we pass "fetch-depth: 0" to get teh full history, enable a treeless clone, since we only care about old commits, and not much more. This should speed up cloning in theory.
105 lines
3.1 KiB
YAML
105 lines
3.1 KiB
YAML
name: generate-srcinfo
|
|
|
|
concurrency: ci-${{ github.ref }}
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
update-srcinfo-win:
|
|
runs-on: windows-2022
|
|
if: ${{ github.repository == 'msys2/MINGW-packages' || github.event_name == 'workflow_dispatch' }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
filter: tree:0
|
|
|
|
- uses: actions/setup-python@v5
|
|
id: setup-python
|
|
with:
|
|
python-version: '3.11'
|
|
cache: 'pip'
|
|
cache-dependency-path: .github/workflows/generate-srcinfo.yml
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
pipx install --python '${{ steps.setup-python.outputs.python-path }}' git+https://github.com/msys2/msys2-devtools
|
|
|
|
- uses: msys2/setup-msys2@v2
|
|
with:
|
|
msystem: MSYS
|
|
update: true
|
|
|
|
- name: Download srcinfo.json.gz/pypi.json.gz and set up the environment
|
|
shell: msys2 {0}
|
|
run: |
|
|
# makepkg requires strip in PATH even if it wont be used
|
|
touch /usr/bin/strip.exe
|
|
curl --fail -L --retry 5 -o srcinfo.json.gz "https://github.com/$GITHUB_REPOSITORY/releases/download/srcinfo-cache/srcinfo.json.gz"
|
|
curl --fail -L --retry 5 -o pypi.json.gz "https://github.com/$GITHUB_REPOSITORY/releases/download/srcinfo-cache/pypi.json.gz" || true
|
|
|
|
- name: Parse PKGBUILDs and update srcinfo.json.gz
|
|
run: |
|
|
$MSYS2_ROOT=(msys2 -c 'cygpath -w /')
|
|
msys2-srcinfo-cache --time-limit 19800 mingw "$MSYS2_ROOT" . srcinfo.json.gz
|
|
|
|
- name: Update the PyPI cache
|
|
run: |
|
|
msys2-pypi-cache srcinfo.json.gz pypi.json.gz
|
|
|
|
- name: Generate SBOM
|
|
run: |
|
|
msys2-sbom srcinfo.json.gz sbom.cdx.json
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: result-win
|
|
path: |
|
|
srcinfo.json.gz
|
|
pypi.json.gz
|
|
sbom.cdx.json
|
|
|
|
update-srcinfo-linux:
|
|
needs: update-srcinfo-win
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: result-win
|
|
|
|
- name: Update vulnerability database
|
|
run: |
|
|
curl --retry 5 -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s --
|
|
./bin/grype sbom:sbom.cdx.json -o cyclonedx-json --file sbom.vuln.cdx.json
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: result-linux
|
|
path: |
|
|
sbom.vuln.cdx.json
|
|
|
|
upload-srcinfo:
|
|
needs: [update-srcinfo-win, update-srcinfo-linux]
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: result-*
|
|
merge-multiple: true
|
|
|
|
- name: Upload srcinfo.json.gz
|
|
run: |
|
|
gh release upload srcinfo-cache srcinfo.json.gz pypi.json.gz sbom.cdx.json sbom.vuln.cdx.json --clobber --repo "$GITHUB_REPOSITORY"
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- run: |
|
|
curl -X POST 'https://packages.msys2.org/api/trigger_update'
|