ci: build for multiple os/arch (#9)

* ci: build for multiple os/arch Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * fix: enforce output cmdline var Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
project-stacker · Mar 19, 2023 · d70312b · d70312b
1 parent 3aca35c
commit d70312b
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 29 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -17,6 +17,8 @@ jobs:
     strategy:
       matrix:
         go-version: ["1.20"]
+        os: ["linux"]
+        arch: ["amd64"]
     steps:
       - uses: actions/checkout@v3
       - uses: benjlevesque/short-sha@v2.1
@@ -27,7 +29,7 @@ jobs:
           go-version: ${{ matrix.go-version }}
       - name: build
         run: |
-          make binary
+          make binary OS=${{ matrix.os }} ARCH=${{ matrix.arch }}
       - name: lint
         run: |
           make lint
@@ -36,14 +38,16 @@ jobs:
       - uses: actions/cache/save@v3
         if: always()
         with:
-          path: bin/sbom
+          file: bin/stacker-sbom-*
           key: ${{ github.sha }}
   release:
     if: github.event_name == 'release' && github.event.action== 'published'
     runs-on: ubuntu-latest
     strategy:
       matrix:
         go-version: ["1.20"]
+        os: ["linux"]
+        arch: ["amd64"]
     steps:
       - uses: actions/checkout@v3
       - name: Set up golang ${{ matrix.go-version }}
@@ -52,7 +56,7 @@ jobs:
           go-version: ${{ matrix.go-version }}
       - name: build
         run: |
-          make binary RELEASE_TAG=${{ github.event.release.tag_name }}
+          make binary RELEASE_TAG=${{ github.event.release.tag_name }} OS=${{ matrix.os }} ARCH=${{ matrix.arch }}
       - uses: actions/cache/save@v3
         if: always()
         with:
@@ -62,7 +66,7 @@ jobs:
         uses: svenstaro/upload-release-action@v2
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
-          file: bin/sbom
+          file: bin/stacker-sbom-*
           tag: ${{ github.ref }}
           overwrite: true
           file_glob: true
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -38,8 +38,7 @@ jobs:
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
     env:
-      CGO_ENABLED: 0
-      GOFLAGS: "-tags=sync,search,scrub,metrics,containers_image_openpgp"
+      CGO_ENABLED: 1
 
     steps:
     - name: Checkout repository
@@ -48,7 +47,7 @@ jobs:
     - name: Install go
       uses: actions/setup-go@v4
       with:
-        go-version: 1.19.x
+        go-version: 1.20.x
 
     - name: Install dependencies
       run: |

diff --git a/Makefile b/Makefile
@@ -7,6 +7,10 @@ TOOLSDIR := $(shell pwd)/hack/tools
 GOLINTER := $(TOOLSDIR)/bin/golangci-lint
 GOLINTER_VERSION := v1.51.2
 
+BINARY := stacker-sbom
+OS ?= linux
+ARCH ?= amd64
+
 .PHONY: all
 all: binary lint
 
@@ -18,7 +22,7 @@ $(GOLINTER):
 .PHONY: binary
 binary:
 	mkdir -p ${BINDIR}
-	go build -v -trimpath -ldflags "-X stackerbuild.io/sbom/pkg/build.ReleaseTag=${RELEASE_TAG} -X stackerbuild.io/sbom/pkg/build.Commit=${COMMIT} -s -w" -o ${BINDIR}/sbom ./cmd/sbom/...
+	GOOS=${OS} GOARCH=${ARCH} go build -v -trimpath -ldflags "-X stackerbuild.io/sbom/pkg/build.ReleaseTag=${RELEASE_TAG} -X stackerbuild.io/sbom/pkg/build.Commit=${COMMIT} -s -w" -o ${BINDIR}/${BINARY}-${OS}-${ARCH} ./cmd/sbom/...
 
 .PHONY: lint
 lint: ./golangcilint.yaml $(GOLINTER)

diff --git a/pkg/cli/cli.go b/pkg/cli/cli.go
@@ -29,7 +29,7 @@ func GenerateCmd() *cobra.Command {
 		Short: "Generate a SBOM file from a package",
 		Long:  "Generate a SBOM file from a package",
 		Run: func(cmd *cobra.Command, args []string) {
-			if err := distro.ParsePackage(input, Author, Organization, License); err != nil {
+			if err := distro.ParsePackage(input, output, Author, Organization, License); err != nil {
 				log.Error().Err(err).Msg("generate failed")
 				os.Exit(1)
 			}
@@ -39,6 +39,7 @@ func GenerateCmd() *cobra.Command {
 	cmd.Flags().StringVarP(&input, "input", "i", "", "input file")
 	_ = cmd.MarkFlagRequired("input")
 	cmd.Flags().StringVarP(&output, "output", "o", "", "output file")
+	_ = cmd.MarkFlagRequired("output")
 	cmd.Flags().StringVarP(&format, "format", "f", "spdx", "output format (spdx, default:spdx)")
 	cmd.Flags().StringVarP(&Author, "author", "", "", "set author of this SBOM document")
 	cmd.Flags().StringVarP(&Organization, "organization", "", "", "set organization of this SBOM document")
@@ -58,7 +59,7 @@ func BuildCmd() *cobra.Command {
 		Short: "Build a SBOM file from a filesystem layout",
 		Long:  "Build a SBOM file from a filesystem layout",
 		Run: func(cmd *cobra.Command, args []string) {
-			if err := fs.ParsePackage(input, Author, Organization, License, pkgname, pkgversion); err != nil {
+			if err := fs.ParsePackage(input, output, Author, Organization, License, pkgname, pkgversion); err != nil {
 				log.Error().Err(err).Msg("generate failed")
 				os.Exit(1)
 			}
@@ -68,6 +69,7 @@ func BuildCmd() *cobra.Command {
 	cmd.Flags().StringVarP(&input, "input", "i", "", "input file")
 	_ = cmd.MarkFlagRequired("input")
 	cmd.Flags().StringVarP(&output, "output", "o", "", "output file")
+	_ = cmd.MarkFlagRequired("output")
 	cmd.Flags().StringVarP(&Author, "author", "", "", "set author of this SBOM document")
 	cmd.Flags().StringVarP(&Organization, "organization", "", "", "set organization of this SBOM document")
 	cmd.Flags().StringVarP(&License, "license", "", "", "set license of this SBOM document")

diff --git a/pkg/distro/deb.go b/pkg/distro/deb.go
@@ -15,10 +15,10 @@ import (
 	"stackerbuild.io/sbom/pkg/build"
 )
 
-func ParsePackage(path, author, organization, license string) error {
-	debfile, _, err := deb.LoadFile(path)
+func ParsePackage(input, output, author, organization, license string) error {
+	debfile, _, err := deb.LoadFile(input)
 	if err != nil {
-		log.Error().Err(err).Str("path", path).Msg("unable to load package")
+		log.Error().Err(err).Str("path", input).Msg("unable to load package")
 
 		return err
 	}
@@ -106,9 +106,8 @@ func ParsePackage(path, author, organization, license string) error {
 		}
 	}
 
-	spdxfile := path + ".k8s.spdx"
-	if err := kdoc.Write(spdxfile); err != nil {
-		log.Error().Err(err).Str("path", spdxfile).Msg("unable to write output")
+	if err := kdoc.Write(output); err != nil {
+		log.Error().Err(err).Str("path", output).Msg("unable to write output")
 
 		return err
 	}

diff --git a/pkg/fs/fs.go b/pkg/fs/fs.go
@@ -14,9 +14,9 @@ import (
 	"stackerbuild.io/sbom/pkg/errors"
 )
 
-func ParsePackage(path, author, organization, license, pkgname, pkgversion string) error {
-	if _, err := os.Lstat(path); err != nil {
-		log.Error().Err(err).Str("path", path).Msg("unable to find path")
+func ParsePackage(input, output, author, organization, license, pkgname, pkgversion string) error {
+	if _, err := os.Lstat(input); err != nil {
+		log.Error().Err(err).Str("path", input).Msg("unable to find path")
 
 		return err
 	}
@@ -46,7 +46,7 @@ func ParsePackage(path, author, organization, license, pkgname, pkgversion strin
 		return err
 	}
 
-	err := filepath.Walk(path, func(path string, info os.FileInfo, err error) error {
+	err := filepath.Walk(input, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
@@ -84,33 +84,32 @@ func ParsePackage(path, author, organization, license, pkgname, pkgversion strin
 		return nil
 	})
 	if err != nil {
-		log.Error().Err(err).Str("path", path).Msg("unable to walk dir")
+		log.Error().Err(err).Str("path", input).Msg("unable to walk dir")
 
 		return err
 	}
 
-	spdxfile := path + ".k8s.spdx"
-	if err := kdoc.Write(spdxfile); err != nil {
-		log.Error().Err(err).Str("path", spdxfile).Msg("unable to write output")
+	if err := kdoc.Write(output); err != nil {
+		log.Error().Err(err).Str("path", output).Msg("unable to write output")
 
 		return err
 	}
 
 	return nil
 }
 
-func Verify(path string) error {
-	kdoc, err := k8spdx.OpenDoc(path)
+func Verify(input string) error {
+	kdoc, err := k8spdx.OpenDoc(input)
 	if err != nil {
-		log.Error().Err(err).Str("path", path).Msg("unable to open SBOM")
+		log.Error().Err(err).Str("path", input).Msg("unable to open SBOM")
 
 		return err
 	}
 
 	if kdoc == nil {
-		log.Error().Str("path", path).Msg("invalid SBOM document")
+		log.Error().Str("path", input).Msg("invalid SBOM document")
 
-		return fmt.Errorf("%s: %w", path, errors.ErrInvalidDoc)
+		return fmt.Errorf("%s: %w", input, errors.ErrInvalidDoc)
 	}
 
 	for _, pkg := range kdoc.Packages {