feat: initial GitHub Action (#2)

* feat: initial action definition and scripts

Signed-off-by: Jonathan Howard <[email protected]>

* fix: make script files executable

Signed-off-by: Jonathan Howard <[email protected]>

* fix: step outputs reference

Signed-off-by: Jonathan Howard <[email protected]>

* fix: powershell code

Signed-off-by: Jonathan Howard <[email protected]>

* fix: powershell code

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix install test

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix install test

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix install test

Signed-off-by: Jonathan Howard <[email protected]>

* ci: break into smaller tests

Signed-off-by: Jonathan Howard <[email protected]>

* ci: debug

Signed-off-by: Jonathan Howard <[email protected]>

* ci: remove .exe extension from windows binary

Signed-off-by: Jonathan Howard <[email protected]>

* ci: parametrized test case matrix

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix syntax

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix default install dir

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix default install dir

Signed-off-by: Jonathan Howard <[email protected]>

* ci: try relative path

Signed-off-by: Jonathan Howard <[email protected]>

* ci: debug

Signed-off-by: Jonathan Howard <[email protected]>

* ci: debug

Signed-off-by: Jonathan Howard <[email protected]>

* ci: pass input vars explicitly

Signed-off-by: Jonathan Howard <[email protected]>

* ci: try workspace path

Signed-off-by: Jonathan Howard <[email protected]>

* ci: try relative path

Signed-off-by: Jonathan Howard <[email protected]>

* ci: resolve relative install-dir paths

Signed-off-by: Jonathan Howard <[email protected]>

* ci: resolve relative install-dir paths

Signed-off-by: Jonathan Howard <[email protected]>

* ci: resolve relative install-dir paths

Signed-off-by: Jonathan Howard <[email protected]>

* ci: debug

Signed-off-by: Jonathan Howard <[email protected]>

* ci: add steps to run command and optionally export database

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix run-command.sh permissions

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix environment variable

Signed-off-by: Jonathan Howard <[email protected]>

* ci: remove supported commands check

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix shell interpolation

Signed-off-by: Jonathan Howard <[email protected]>

* ci: try to resolve relative paths for go installs

Signed-off-by: Jonathan Howard <[email protected]>

* ci: test with bomctl main branch when running commands

Signed-off-by: Jonathan Howard <[email protected]>

* ci: test with bomctl main branch when running commands

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix shell interpolation

Signed-off-by: Jonathan Howard <[email protected]>

* ci: refactor JSON export jq command

Signed-off-by: Jonathan Howard <[email protected]>

* ci: use jq streaming feature to handle large JSON inputs

Signed-off-by: Jonathan Howard <[email protected]>

* ci: try jq JSON args instead of expanding shell variables

Signed-off-by: Jonathan Howard <[email protected]>

* ci: try jq --from-file

Signed-off-by: Jonathan Howard <[email protected]>

* ci: try jq --slurp

Signed-off-by: Jonathan Howard <[email protected]>

* ci: store jq output before writing to file

Signed-off-by: Jonathan Howard <[email protected]>

* ci: tables query and upload-artifact

* ci: unique artifact names

Signed-off-by: Jonathan Howard <[email protected]>

* ci: try jq --raw-output

Signed-off-by: Jonathan Howard <[email protected]>

* ci: try setting IFS

Signed-off-by: Jonathan Howard <[email protected]>

* ci: bash array expansion

Signed-off-by: Jonathan Howard <[email protected]>

* ci: temp files for table data

Signed-off-by: Jonathan Howard <[email protected]>

* ci: revert and fix bash word splitting

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix bash word splitting

Signed-off-by: Jonathan Howard <[email protected]>

* ci: fix bash word splitting

Signed-off-by: Jonathan Howard <[email protected]>

* docs: add README.md

Signed-off-by: Jonathan Howard <[email protected]>

* docs: update README.md

Signed-off-by: Jonathan Howard <[email protected]>

* chore: remove commented code

Signed-off-by: Jonathan Howard <[email protected]>

* chore: remove debug statement

Signed-off-by: Jonathan Howard <[email protected]>

---------

Signed-off-by: Jonathan Howard <[email protected]>

.commitlint.yaml

@@ -0,0 +1,55 @@
+# ----------------------------------------------------------------------------
+# SPDX-FileCopyrightText: Copyright © 2024 bomctl a Series of LF Projects, LLC
+# SPDX-FileName: .commitlint.yaml
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: Apache-2.0
+# ----------------------------------------------------------------------------
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------
+---
+version: v0.10.1
+
+rules:
+  - body-max-line-length
+  - footer-max-line-length
+  - header-max-length
+  - header-min-length
+  - type-enum
+
+settings:
+  body-max-line-length:
+    argument: 72
+
+  footer-max-line-length:
+    argument: 72
+
+  header-max-length:
+    argument: 72
+
+  header-min-length:
+    argument: 10
+
+  type-enum:
+    argument:
+      - bug
+      - build
+      - chore
+      - ci
+      - docs
+      - feat
+      - fix
+      - perf
+      - refactor
+      - revert
+      - style
+      - test

.editorconfig

@@ -0,0 +1,26 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+max_line_length = 120
+tab_width = 4
+trim_trailing_whitespace = true
+
+[Makefile]
+indent_style = tab
+indent_size = 4
+
+[*.{code-snippets,json,yaml,yml}]
+indent_size = 2
+
+[*.{md,txt}]
+insert_final_newline = false
+
+[*.sh]
+keep_padding = true
+space_redirects = true
+switch_case_indent = true

.gitattributes

@@ -0,0 +1,2 @@
+# Normalize line endings
+* text=auto

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,33 @@
+## Description
+
+Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.
+
+Fixes # (issue)
+
+## Type of change
+
+Please delete options that are not relevant.
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] This change requires a documentation update
+
+## How Has This Been Tested?
+
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
+
+- [ ] Test A
+- [ ] Test B
+
+## Checklist
+
+- [ ] My code follows the style guidelines of this project
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
+- [ ] Any dependent changes have been merged and published in downstream modules
+- [ ] I have checked my code and corrected any misspellings

.github/dependabot.yml

@@ -1,7 +1,38 @@
+# ----------------------------------------------------------------------------
+# SPDX-FileCopyrightText: Copyright © 2024 bomctl a Series of LF Projects, LLC
+# SPDX-FileName: .github/dependabot.yml
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: Apache-2.0
+# ----------------------------------------------------------------------------
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------
+---
+# yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json
+
 version: 2
+
 updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
+  - package-ecosystem: github-actions
+    directory: /
     open-pull-requests-limit: 10
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: ":dependabot: chore(deps)"
+    labels:
+      - dependencies
+    groups:
+      actions:
+        update-types:
+          - minor
+          - patch

.github/scripts/install.sh

@@ -0,0 +1,117 @@
+#!/usr/bin/env bash
+# -----------------------------------------------------------------------------
+# SPDX-FileCopyrightText: Copyright © 2024 bomctl a Series of LF Projects, LLC
+# SPDX-FileName: .github/scripts/install.sh
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: Apache-2.0
+# -----------------------------------------------------------------------------
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -----------------------------------------------------------------------------
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]:-$0}")" &> /dev/null && pwd)"
+readonly SCRIPT_DIR
+
+# shellcheck source=/dev/null
+source "${SCRIPT_DIR}/utils.sh"
+
+archive_ext=".tar.gz"
+install_path="${INSTALL_DIR:=$HOME/.bomctl}/bomctl"
+install_version="${BOMCTL_VERSION:=latest}"
+releases_api="https://api.github.com/repos/bomctl/bomctl/releases"
+semver_pattern="^v[0-9]+(\.[0-9]+){0,2}$"
+
+[[ $RUNNER_OS =~ [Ww]indows ]] && archive_ext=".zip"
+
+function download_binary {
+  local download_url="https://github.com/bomctl/bomctl/releases/download/${install_version}/${1}"
+
+  log_info "Downloading platform-specific version '${install_version}' of bomctl...\n\t${download_url}"
+
+  case ${RUNNER_OS} in
+    [Ll]inux | mac[Oo][Ss])
+      curl_opts "${download_url}" | tar --extract --gzip --directory "${INSTALL_DIR}" bomctl
+      ;;
+    [Ww]indows)
+      curl_opts "${download_url}" --remote-name
+
+      powershell -Command "Add-Type -Assembly System.IO.Compression.FileSystem;
+        \$zip = [IO.Compression.ZipFile]::OpenRead('$(basename "${download_url}")');
+        \$entry = \$zip.Entries | Where-Object -Property Name -EQ 'bomctl.exe';
+        [IO.Compression.ZipFileExtensions]::ExtractToFile(\$entry, 'bomctl')"
+
+      mv bomctl "${install_path}"
+      ;;
+    *)
+      exit_with_error "Unsupported OS ${RUNNER_OS}."
+      ;;
+  esac
+}
+
+function resolve_arch {
+  case ${RUNNER_ARCH} in
+    X64 | amd64)   echo "amd64"                                              ;;
+    ARM64 | arm64) echo "arm64"                                              ;;
+    *)             exit_with_error "Unsupported architecture ${RUNNER_ARCH}" ;;
+  esac
+}
+
+function resolve_os {
+  case ${RUNNER_OS} in
+    [Ll]inux)    echo "linux"                                   ;;
+    mac[Oo][Ss]) echo "darwin"                                  ;;
+    [Ww]indows)  echo "windows"                                 ;;
+    *)           exit_with_error "Unsupported OS ${RUNNER_OS}." ;;
+  esac
+}
+
+function run_install {
+  # jq is needed to parse JSON data. It is included on all GitHub-hosted runners by default.
+  if ! command -v jq &> /dev/null; then
+    exit_with_error "jq is required for this action."
+  fi
+
+  mkdir -p "${INSTALL_DIR}"
+
+  # Resolve "latest" to a concrete release version.
+  if [[ $install_version == latest ]]; then
+    install_version=$(curl_opts "${releases_api}/latest" | jq --raw-output .name)
+
+    log_info "Resolved 'latest' to version ${install_version}"
+  fi
+
+  # Perform go install if requested version doesn't match tag pattern.
+  if [[ ! $install_version =~ $semver_pattern ]]; then
+    log_info "Performing go install of github.com/bomctl/bomctl@${install_version}"
+
+    GOBIN=$(readlink -f "${INSTALL_DIR}") go install "github.com/bomctl/bomctl@${install_version}"
+
+    return
+  fi
+
+  log_info "Custom bomctl version '${install_version}' requested"
+
+  download_binary "bomctl_${install_version#v}_$(resolve_os)_$(resolve_arch)${archive_ext}"
+}
+
+run_install
+
+if [[ ! -x $install_path ]]; then
+  exit_with_error "bomctl executable not found at ${install_path} or not executable"
+fi
+
+log_info "Successfully installed bomctl to\n\t${install_path}"
+
+echo "bomctl-version=${install_version}" >> "${GITHUB_OUTPUT}"
+echo "${INSTALL_DIR}" >> "${GITHUB_PATH}"

.github/scripts/run-command.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+# -----------------------------------------------------------------------------
+# SPDX-FileCopyrightText: Copyright © 2024 bomctl a Series of LF Projects, LLC
+# SPDX-FileName: .github/scripts/run-command.sh
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: Apache-2.0
+# -----------------------------------------------------------------------------
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -----------------------------------------------------------------------------
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]:-$0}")" &> /dev/null && pwd)"
+readonly SCRIPT_DIR
+
+# shellcheck source=/dev/null
+source "${SCRIPT_DIR}/utils.sh"
+
+# Convert input args string to array.
+IFS=" " read -r -a BOMCTL_ARGS <<< "${BOMCTL_ARGS:=}"
+
+if [[ -n ${DATABASE_DIR:=} ]]; then
+  BOMCTL_ARGS+=(--cache-dir "${DATABASE_DIR}")
+fi
+
+log_info "Running command: bomctl ${BOMCTL_COMMAND:=version} ${BOMCTL_ARGS[*]}..."
+
+bomctl "$BOMCTL_COMMAND" "${BOMCTL_ARGS[@]}"

.github/scripts/utils.sh

@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+# -----------------------------------------------------------------------------
+# SPDX-FileCopyrightText: Copyright © 2024 bomctl a Series of LF Projects, LLC
+# SPDX-FileName: .github/scripts/utils.sh
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: Apache-2.0
+# -----------------------------------------------------------------------------
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -----------------------------------------------------------------------------
+
+set -euo pipefail
+
+# ANSI color escape codes
+declare -xr BOLD="\x1b[1m"
+declare -xr GREEN="\x1b[32m"
+declare -xr CYAN="\x1b[1;36m"
+declare -xr RED="\x1b[1;31m"
+declare -xr RESET="\x1b[0m"
+declare -xr YELLOW="\x1b[1;33m"
+
+shopt -s expand_aliases
+
+alias curl_opts="curl --fail --silent --show-error --location --url"
+
+if [ -z "${NO_COLOR:-}" ]; then
+  alias log_error='echo -e "${RED}ERROR${RESET}:"'
+  alias log_info='echo -e "${CYAN}INFO${RESET}:"'
+  alias log_warn='echo -e "${YELLOW}WARN${RESET}:"'
+else
+  alias log_error='echo "ERROR:"'
+  alias log_info='echo "INFO:"'
+  alias log_warn='echo "WARN:"'
+fi
+
+function exit_with_error {
+  log_error "${1}"
+  exit 1
+}
+
+function export_db_json {
+  local db_file=$1
+  local objects=()
+  local rows
+
+  tables="$(
+    sqlite3 "${db_file}" \
+      "SELECT name FROM sqlite_schema
+      WHERE type == 'table'
+      AND name NOT LIKE 'sqlite_%'
+      ORDER BY name"
+  )"
+
+  for table in ${tables//$'\n'/ }; do
+    rows="$(sqlite3 "${db_file}" -json "SELECT * FROM ${table}")"
+
+    [[ -z $rows ]] && rows="[]"
+
+    objects+=("$(echo "${rows}" | jq --arg table "${table}" '{($table): .}')")
+  done
+
+  output=$(echo "${objects[*]}" | jq --slurp 'reduce .[] as $obj ({}; . += $obj)')
+  echo "$output" > bomctl-export.json
+}
+
+function export_db_sql {
+  local db_file=$1
+
+  sqlite3 "${db_file}" -cmd ".output bomctl-export.sql" ".dump"
+}