Merge pull request #4578 from Suyun114/db-6.2.32 #2121
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: generate-srcinfo | |
| concurrency: ci-${{ github.ref }} | |
| on: | |
| push: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| jobs: | |
| update-srcinfo-win: | |
| runs-on: windows-2022 | |
| if: ${{ github.repository == 'msys2/MSYS2-packages' || github.event_name == 'workflow_dispatch' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v5 | |
| id: setup-python | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| cache-dependency-path: .github/workflows/generate-srcinfo.yml | |
| - name: Install dependencies | |
| run: | | |
| pipx install --python '${{ steps.setup-python.outputs.python-path }}' git+https://github.com/msys2/msys2-devtools | |
| - uses: msys2/setup-msys2@v2 | |
| with: | |
| msystem: MSYS | |
| update: true | |
| - name: Download srcinfo.json.gz/pypi.json.gz and set up the environment | |
| shell: msys2 {0} | |
| run: | | |
| # makepkg requires strip in PATH even if it wont be used | |
| touch /usr/bin/strip.exe | |
| curl --fail -L --retry 5 -o srcinfo.json.gz "https://github.com/$GITHUB_REPOSITORY/releases/download/srcinfo-cache/srcinfo.json.gz" | |
| curl --fail -L --retry 5 -o pypi.json.gz "https://github.com/$GITHUB_REPOSITORY/releases/download/srcinfo-cache/pypi.json.gz" || true | |
| - name: Parse PKGBUILDs and update srcinfo.json.gz | |
| run: | | |
| $MSYS2_ROOT=(msys2 -c 'cygpath -w /') | |
| msys2-srcinfo-cache --time-limit 19800 msys "$MSYS2_ROOT" . srcinfo.json.gz | |
| - name: Update the PyPI cache | |
| run: | | |
| msys2-pypi-cache srcinfo.json.gz pypi.json.gz | |
| - name: Generate SBOM | |
| run: | | |
| msys2-sbom srcinfo.json.gz sbom.cdx.json | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: result-win | |
| path: | | |
| srcinfo.json.gz | |
| pypi.json.gz | |
| sbom.cdx.json | |
| update-srcinfo-linux: | |
| needs: update-srcinfo-win | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: result-win | |
| - name: Update vulnerability database | |
| run: | | |
| curl --retry 5 -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- | |
| ./bin/grype sbom:sbom.cdx.json -o cyclonedx-json --file sbom.vuln.cdx.json | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: result-linux | |
| path: | | |
| sbom.vuln.cdx.json | |
| upload-srcinfo: | |
| needs: [update-srcinfo-win, update-srcinfo-linux] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| pattern: result-* | |
| merge-multiple: true | |
| - name: Upload srcinfo.json.gz | |
| run: | | |
| gh release upload srcinfo-cache srcinfo.json.gz pypi.json.gz sbom.cdx.json sbom.vuln.cdx.json --clobber --repo "$GITHUB_REPOSITORY" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - run: | | |
| curl -X POST 'https://packages.msys2.org/api/trigger_update' |