forked from harshsoni-harsh/SBOM-TM
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathentrypoint.sh
More file actions
91 lines (73 loc) · 2.42 KB
/
entrypoint.sh
File metadata and controls
91 lines (73 loc) · 2.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/usr/bin/env bash
set -euo pipefail
IN_ACTION="${GITHUB_ACTIONS:-false}"
if [[ "$IN_ACTION" == "true" && -n "${INPUT_MODE:-}" ]]; then
# Fix Git not trusting workspace
git config --global --add safe.directory "$GITHUB_WORKSPACE" || true
git config --global --add safe.directory /github/workspace || true
git config --global --add safe.directory /github/workspace/. || true
git config --global --add safe.directory /github/workspace/./.git || true
git config --global --add safe.directory "$(pwd)" || true
git config --global --add safe.directory "$(realpath "$GITHUB_WORKSPACE")" || true
MODE="${INPUT_MODE:-auto}"
BASE="${INPUT_BASE:-}"
PROJECT="${INPUT_PROJECT:-default}"
OFFLINE="${INPUT_OFFLINE:-false}"
REPORT_PATH="${INPUT_REPORT_PATH:-sbom-tm-report.md}"
WORKSPACE="${GITHUB_WORKSPACE:-/github/workspace}"
EVENT_NAME="${GITHUB_EVENT_NAME:-}"
cd "$WORKSPACE"
echo "[sbom-tm-action] mode=$MODE event=$EVENT_NAME base=$BASE project=$PROJECT"
OFFLINE_FLAG=()
if [ "$OFFLINE" = "true" ]; then
OFFLINE_FLAG+=(--offline)
fi
EXIT_CODE=0
run_scan() {
echo "[sbom-tm-action] running: sbom-tm scan . --project \"$PROJECT\" ${OFFLINE_FLAG[*]}"
sbom-tm scan . --project "$PROJECT" "${OFFLINE_FLAG[@]}" || EXIT_CODE=$?
}
run_diff() {
local cmd=(sbom-tm diff --git --project "$PROJECT" "${OFFLINE_FLAG[@]}")
if [ -n "$BASE" ]; then
cmd+=(--base "$BASE")
fi
echo "[sbom-tm-action] running: ${cmd[*]}"
"${cmd[@]}" || EXIT_CODE=$?
}
case "$MODE" in
scan) run_scan ;;
diff) run_diff ;;
auto)
if [ "$EVENT_NAME" = "pull_request" ]; then
run_diff
else
run_scan
fi
;;
*)
echo "::error::Unknown mode '$MODE'"
exit 1
;;
esac
REPORT_SRC=""
PY_REPORT_DIR=$(python - <<'PY'
from sbom_tm.config import get_settings
print(str(get_settings().cache_dir / 'reports'))
PY
)
if [ -n "$PY_REPORT_DIR" ]; then
REPORT_SRC=$(find "$PY_REPORT_DIR" -maxdepth 1 -name '*_sbom_diff.md' | head -n1 || true)
fi
if [ -z "$REPORT_SRC" ]; then
REPORT_SRC=$(find "$HOME/.cache/sbom-tm/reports" -maxdepth 1 -name '*_sbom_diff.md' | head -n1 || true)
fi
if [[ -n "$REPORT_SRC" && -f "$REPORT_SRC" ]]; then
cp "$REPORT_SRC" "$WORKSPACE/$REPORT_PATH"
echo "report_path=$REPORT_PATH" >> "$GITHUB_OUTPUT"
fi
exit "$EXIT_CODE"
else
echo "[entrypoint] local mode: sbom-tm $*"
exec sbom-tm "$@"
fi