Update Workflows (#592)

* Add "package-lock.json" 🫠 * Rename to "SBOM" * Update steps * Use latest checkout action * Use official images for cdxgen and cyclonedx-cli * Remove permissions and use defaults * Remove verbose for curl * Rename job to "tests" * Update actions * Update PostgreSQL to 16 🐘 * Use job environment variables
puzzle · Feb 5, 2024 · 7d1fed0 · 7d1fed0
1 parent 6957637
commit 7d1fed0
Show file tree

Hide file tree

Showing 4 changed files with 1,729 additions and 60 deletions.
diff --git a/.github/workflows/rails.yml b/.github/workflows/rails.yml
@@ -1,51 +1,59 @@
 name: Rails
 on: [push, pull_request]
 jobs:
-  Rails-Tests:
+  tests:
     runs-on: ubuntu-latest
 
+    env:
+      PGHOST: localhost
+      POSTGRES_DB: skills_test
+      POSTGRES_USER: skills
+      POSTGRES_PASSWORD: skills
+
     services:
       postgres:
-        image: postgres:9.5
-        env:
-          POSTGRES_DB: skills_test
-          POSTGRES_USER: skills
-          POSTGRES_PASSWORD: skills
+        image: postgres:16
         ports: ["5432:5432"]
+        env:
+          POSTGRES_DB: ${{ env.POSTGRES_DB }}
+          POSTGRES_USER: ${{ env.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
         options: >-
           --health-cmd pg_isready
           --health-interval 10s
           --health-timeout 5s
           --health-retries 5
 
     steps:
-    - uses: actions/checkout@v2
-    - uses: ruby/setup-ruby@v1
-      with:
-        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-    - uses: actions/setup-node@v2
-      with:
-        node-version: '18'
-
-    - name: Setup test database
-      env:
-        RAILS_ENV: test
-        PGHOST: localhost
-        POSTGRES_DB: skills_test
-        POSTGRES_USER: skills
-        POSTGRES_PASSWORD: skills
-      run: |
-        bundle exec rake db:create db:migrate
-
-    - name: Run Tests
-      env:
-        PGHOST: localhost
-        POSTGRES_DB: skills_test
-        POSTGRES_USER: skills
-        POSTGRES_PASSWORD: skills
-        PGPORT: ${{ job.services.postgres.ports[5432] }}
-        IS_CI: true
-      run: bundle exec rake
-
-    - name: Run RuboCop
-      run: bundle exec rubocop --parallel
+      - name: 'Checkout'
+        uses: actions/checkout@v4
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: 'Run database migrations'
+        env:
+          RAILS_ENV: test
+          PGHOST: ${{ env.PGHOST }}
+          POSTGRES_DB: ${{ env.POSTGRES_DB }}
+          POSTGRES_USER: ${{ env.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
+        run: |
+          bundle exec rake db:create db:migrate
+
+      - name: 'Run tests'
+        env:
+          PGHOST: ${{ env.PGHOST }}
+          POSTGRES_DB: ${{ env.POSTGRES_DB }}
+          POSTGRES_USER: ${{ env.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
+          IS_CI: true
+        run: bundle exec rake
+
+      - name: 'Run RuboCop'
+        run: bundle exec rubocop --parallel
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -1,4 +1,4 @@
-name: SBOM Generator
+name: SBOM 
 
 on:
   push:
@@ -7,41 +7,37 @@ on:
 
   workflow_dispatch:
 
-permissions: read-all
-
 jobs:
   generate-and-push-sbom:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v3
-
-      - name: Install cdxgen
-        run: |
-          npm install -g @cyclonedx/[email protected]
+      - name: 'Checkout'
+        uses: actions/checkout@v4
 
-      - name: 'Generate SBOM for ruby dependencies'
-        run: |
-          cdxgen -o ./sbom-ruby.xml -t ruby .
+      - name: 'Generate SBOM for Ruby dependencies'
+        uses: docker://ghcr.io/cyclonedx/cdxgen:v10.0.4
+        with:
+          args: --spec-version 1.4 -p -o bom-ruby.json -t ruby .
 
-      - name: 'Generate SBOM for npm dependencies'
-        working-directory: frontend
-        run: |
-          cdxgen -o ../sbom-npm.xml -t npm .
+      - name: 'Generate SBOM for Node.js dependencies'
+        uses: docker://ghcr.io/cyclonedx/cdxgen:v10.0.4
+        with:
+          args: --spec-version 1.4 -p -o bom-npm.json -t js .
 
-      - name: 'Merge frontend and backend SBOMs'
-        run: |
-          docker run --rm -v $(pwd):/data cyclonedx/cyclonedx-cli merge --input-files data/sbom-ruby.xml data/sbom-npm.xml --output-file data/sbom.xml
+      - name: 'Merge Ruby and Node.js SBOMs'
+        uses: docker://cyclonedx/cyclonedx-cli:0.25.0
+        with:
+          args: merge --input-format json --input-files bom-ruby.json bom-npm.json --output-format json --output-file bom.json
 
       - name: 'Push merged SBOM to dependency track'
         env:
           PROJECT_NAME: skills
         run: |
-          curl --verbose -s --location --request POST ${{ secrets.DEPENDENCY_TRACK_URL }} \
+          curl -s --location --request POST ${{ secrets.DEPENDENCY_TRACK_URL }} \
           --header "X-Api-Key: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}" \
           --header "Content-Type: multipart/form-data" \
           --form "autoCreate=true" \
           --form "projectName=${PROJECT_NAME:-$GITHUB_REPOSITORY}" \
           --form "projectVersion=latest" \
-          --form "bom=@sbom.xml"
+          --form "bom=@bom.json"
diff --git a/.gitignore b/.gitignore
@@ -30,7 +30,6 @@ spec/coverage/.last_run.json
 /public/uploads
 
 /node_modules
-/yarn.lock
 
 
 # Created by https://www.gitignore.io/api/intellij
@@ -88,8 +87,6 @@ fabric.properties
 # End of https://www.gitignore.io/api/intellij
 .project
 
-package-lock.json
-
 config/settings.local.yml
 config/settings/*.local.yml
 config/environments/*.local.yml