From 31e20eb87b71cb334a54d251e582a6be1a99f31d Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Sat, 31 May 2025 17:39:20 +0100 Subject: [PATCH 1/4] Linux musl builds Signed-off-by: Prabhu Subramanian --- .github/workflows/native-builds.yml | 29 ++++++++++++--- .github/workflows/release.yml | 18 ++++++++++ .github/workflows/test.yml | 10 ++++++ build.sh | 2 +- packages/linux-amd64/build-linux-amd64.sh | 2 ++ packages/linux-amd64/package.json | 1 + packages/linux-arm/package.json | 1 + packages/linux-arm64/build-linux-arm64.sh | 2 ++ packages/linux-arm64/package.json | 1 + .../linuxmusl-amd64/build-linuxmusl-amd64.sh | 15 ++++++++ packages/linuxmusl-amd64/index.js | 1 + packages/linuxmusl-amd64/package.json | 35 +++++++++++++++++++ packages/linuxmusl-amd64/plugins/.gitignore | 6 ++++ packages/linuxmusl-amd64/plugins/.gitkeep | 0 packages/linuxmusl-amd64/plugins/.npmignore | 0 .../linuxmusl-arm64/build-linuxmusl-arm64.sh | 15 ++++++++ packages/linuxmusl-arm64/index.js | 8 +++++ packages/linuxmusl-arm64/package.json | 35 +++++++++++++++++++ packages/linuxmusl-arm64/plugins/.gitignore | 6 ++++ packages/linuxmusl-arm64/plugins/.gitkeep | 0 packages/linuxmusl-arm64/plugins/.npmignore | 0 thirdparty/trivy/Makefile | 11 ++++++ 22 files changed, 193 insertions(+), 5 deletions(-) create mode 100755 packages/linuxmusl-amd64/build-linuxmusl-amd64.sh create mode 100644 packages/linuxmusl-amd64/index.js create mode 100644 packages/linuxmusl-amd64/package.json create mode 100644 packages/linuxmusl-amd64/plugins/.gitignore create mode 100644 packages/linuxmusl-amd64/plugins/.gitkeep create mode 100644 packages/linuxmusl-amd64/plugins/.npmignore create mode 100755 packages/linuxmusl-arm64/build-linuxmusl-arm64.sh create mode 100644 packages/linuxmusl-arm64/index.js create mode 100644 packages/linuxmusl-arm64/package.json create mode 100644 packages/linuxmusl-arm64/plugins/.gitignore create mode 100644 packages/linuxmusl-arm64/plugins/.gitkeep create mode 100644 packages/linuxmusl-arm64/plugins/.npmignore diff --git a/.github/workflows/native-builds.yml b/.github/workflows/native-builds.yml index 9afaacd..6b8a68b 100644 --- a/.github/workflows/native-builds.yml +++ b/.github/workflows/native-builds.yml @@ -43,6 +43,7 @@ jobs: - name: Build run: | bash thirdparty/sourcekitten/build.sh + ls -al thirdparty/sourcekitten/SourceKitten/.build ls -l thirdparty/sourcekitten/SourceKitten/.build/release echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin env: @@ -50,17 +51,37 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload linux amd64 run: | - cd thirdparty/sourcekitten/SourceKitten/.build/release/ - oras push ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-amd64 \ + pushd thirdparty/trivy + make build/linuxmusl_amd64 + popd + sudo chown -R $USER:$USER thirdparty/trivy/build/ + mkdir -p uploads + cp thirdparty/trivy/build/trivy* uploads/ + cp thirdparty/sourcekitten/SourceKitten/.build/release/sourcekitten uploads/ + cp thirdparty/sourcekitten/SourceKitten/.build/release/sourcekitten.sha256 uploads/ + cd uploads + oras push --verbose --disable-path-validation ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-amd64 \ --artifact-type application/vnd.oras.config.v1+json \ + ./trivy-cdxgen-linuxmusl-amd64:application/vnd.cyclonedx.plugins.layer.v1+tar \ + ./trivy-cdxgen-linuxmusl-amd64.sha256:application/vnd.cyclonedx.plugins.layer.v1+tar \ ./sourcekitten:application/vnd.cyclonedx.plugins.layer.v1+tar \ ./sourcekitten.sha256:application/vnd.cyclonedx.plugins.layer.v1+tar if: matrix.os == 'ubuntu-24.04' - name: Upload linux arm64 run: | - cd thirdparty/sourcekitten/SourceKitten/.build/release/ - oras push ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-arm64 \ + pushd thirdparty/trivy + make build/linuxmusl_arm64 + popd + sudo chown -R $USER:$USER thirdparty/trivy/build/ + mkdir -p uploads + cp thirdparty/trivy/build/trivy* uploads/ + cp thirdparty/sourcekitten/SourceKitten/.build/release/sourcekitten uploads/ + cp thirdparty/sourcekitten/SourceKitten/.build/release/sourcekitten.sha256 uploads/ + cd uploads + oras push --verbose --disable-path-validation ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-arm64 \ --artifact-type application/vnd.oras.config.v1+json \ + ./trivy-cdxgen-linuxmusl-arm64:application/vnd.cyclonedx.plugins.layer.v1+tar \ + ./trivy-cdxgen-linuxmusl-arm64.sha256:application/vnd.cyclonedx.plugins.layer.v1+tar \ ./sourcekitten:application/vnd.cyclonedx.plugins.layer.v1+tar \ ./sourcekitten.sha256:application/vnd.cyclonedx.plugins.layer.v1+tar if: matrix.os == 'ubuntu-24.04-arm' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f9560b5..a5b8831 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,6 +25,10 @@ jobs: if: matrix.os == 'ubuntu-latest' with: swift-version: '6.0' + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - uses: oras-project/setup-oras@v1 - run: oras version - name: Trim CI agent @@ -66,6 +70,20 @@ jobs: npm publish --access=public --@cyclonedx:registry='https://registry.npmjs.org' popd + pushd packages/linuxmusl-amd64 + echo "cyclonedx:registry=https://npm.pkg.github.com" > ~/.npmrc + npm publish --access=public --@cyclonedx:registry='https://npm.pkg.github.com' + echo "cyclonedx:registry=https://registry.npmjs.org" > ~/.npmrc + npm publish --access=public --@cyclonedx:registry='https://registry.npmjs.org' + popd + + pushd packages/linuxmusl-arm64 + echo "cyclonedx:registry=https://npm.pkg.github.com" > ~/.npmrc + npm publish --access=public --@cyclonedx:registry='https://npm.pkg.github.com' + echo "cyclonedx:registry=https://registry.npmjs.org" > ~/.npmrc + npm publish --access=public --@cyclonedx:registry='https://registry.npmjs.org' + popd + pushd packages/linux-riscv64 echo "cyclonedx:registry=https://npm.pkg.github.com" > ~/.npmrc npm publish --access=public --@cyclonedx:registry='https://npm.pkg.github.com' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 516a60e..52f80d7 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -29,6 +29,10 @@ jobs: if: matrix.os == 'ubuntu-latest' with: swift-version: '6.0' + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - uses: oras-project/setup-oras@v1 - run: oras version - name: Trim CI agent @@ -54,6 +58,12 @@ jobs: pushd packages/linux-arm64 npm publish --dry-run popd + pushd packages/linuxmusl-amd64 + npm publish --dry-run + popd + pushd packages/linuxmusl-arm64 + npm publish --dry-run + popd pushd packages/linux-riscv64 npm publish --dry-run popd diff --git a/build.sh b/build.sh index dd4de32..ffc0cde 100755 --- a/build.sh +++ b/build.sh @@ -21,7 +21,7 @@ done upx -9 --lzma ./plugins/trivy/trivy-cdxgen-linux-amd64 ./plugins/trivy/trivy-cdxgen-linux-amd64 -v -for flavours in windows-amd64 linux-amd64 linux-arm64 linux-riscv64 linux-arm windows-arm64 darwin-arm64 darwin-amd64 ppc64 +for flavours in windows-amd64 linux-amd64 linux-arm64 linuxmusl-amd64 linuxmusl-arm64 linux-riscv64 linux-arm windows-arm64 darwin-arm64 darwin-amd64 ppc64 do chmod +x packages/$flavours/build-$flavours.sh pushd packages/$flavours diff --git a/packages/linux-amd64/build-linux-amd64.sh b/packages/linux-amd64/build-linux-amd64.sh index 28a127a..19734f5 100755 --- a/packages/linux-amd64/build-linux-amd64.sh +++ b/packages/linux-amd64/build-linux-amd64.sh @@ -7,6 +7,8 @@ mkdir -p plugins/trivy plugins/osquery plugins/sourcekitten plugins/dosai oras pull ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-amd64 -o plugins/sourcekitten/ sha256sum plugins/sourcekitten/sourcekitten > plugins/sourcekitten/sourcekitten.sha256 +rm -f plugins/sourcekitten/trivy-cdxgen-* +ls -l plugins/sourcekitten/ wget https://github.com/osquery/osquery/releases/download/5.17.0/osquery-5.17.0_1.linux_x86_64.tar.gz tar -xf osquery-5.17.0_1.linux_x86_64.tar.gz diff --git a/packages/linux-amd64/package.json b/packages/linux-amd64/package.json index 1c5c8cb..1b5a945 100644 --- a/packages/linux-amd64/package.json +++ b/packages/linux-amd64/package.json @@ -28,6 +28,7 @@ "os": [ "linux" ], + "libc": "glibc", "cpu": [ "x64" ] diff --git a/packages/linux-arm/package.json b/packages/linux-arm/package.json index 1371e2c..2f97598 100644 --- a/packages/linux-arm/package.json +++ b/packages/linux-arm/package.json @@ -28,6 +28,7 @@ "os": [ "linux" ], + "libc": "glibc", "cpu": [ "arm" ] diff --git a/packages/linux-arm64/build-linux-arm64.sh b/packages/linux-arm64/build-linux-arm64.sh index b29ddc2..ba5f04a 100755 --- a/packages/linux-arm64/build-linux-arm64.sh +++ b/packages/linux-arm64/build-linux-arm64.sh @@ -9,6 +9,8 @@ rm -rf plugins/sourcekitten mkdir -p plugins/osquery plugins/dosai plugins/sourcekitten oras pull ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-arm64 -o plugins/sourcekitten/ +rm -f plugins/sourcekitten/trivy-cdxgen-* +ls -l plugins/sourcekitten/ wget https://github.com/osquery/osquery/releases/download/5.17.0/osquery-5.17.0_1.linux_aarch64.tar.gz tar -xf osquery-5.17.0_1.linux_aarch64.tar.gz diff --git a/packages/linux-arm64/package.json b/packages/linux-arm64/package.json index d97812e..98fb9e1 100644 --- a/packages/linux-arm64/package.json +++ b/packages/linux-arm64/package.json @@ -28,6 +28,7 @@ "os": [ "linux" ], + "libc": "glibc", "cpu": [ "arm64" ] diff --git a/packages/linuxmusl-amd64/build-linuxmusl-amd64.sh b/packages/linuxmusl-amd64/build-linuxmusl-amd64.sh new file mode 100755 index 0000000..a9e50fe --- /dev/null +++ b/packages/linuxmusl-amd64/build-linuxmusl-amd64.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +set -e # Exit on error + +# Remove old plugin directories to ensure a clean build +rm -rf plugins/trivy plugins/dosai +mkdir -p plugins/trivy plugins/dosai + +# Download the Dosai binary +curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai-linux-musl-x64 -o plugins/dosai/dosai +chmod +x plugins/dosai/dosai +sha256sum plugins/dosai/dosai > plugins/dosai/dosai.sha256 + +oras pull ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-amd64 -o plugins/trivy/ +rm -f plugins/trivy/sourcekitten* +ls -l plugins/trivy/ diff --git a/packages/linuxmusl-amd64/index.js b/packages/linuxmusl-amd64/index.js new file mode 100644 index 0000000..13e1b8e --- /dev/null +++ b/packages/linuxmusl-amd64/index.js @@ -0,0 +1 @@ +console.log('Linux AMD64 package initialized.'); diff --git a/packages/linuxmusl-amd64/package.json b/packages/linuxmusl-amd64/package.json new file mode 100644 index 0000000..7ad5981 --- /dev/null +++ b/packages/linuxmusl-amd64/package.json @@ -0,0 +1,35 @@ +{ + "name": "@cyclonedx/cdxgen-plugins-bin-linuxmusl-amd64", + "version": "1.6.12", + "description": "Linux musl amd64 binary plugins to supercharge @cyclonedx/cdxgen npm package", + "main": "index.js", + "repository": { + "type": "git", + "url": "git+https://github.com/cyclonedx/cdxgen-plugins-bin.git" + }, + "keywords": [ + "cdxgen", + "sbom", + "bom", + "plugins", + "dependency", + "appsec" + ], + "author": "Prabhu Subramanian ", + "license": "Apache-2.0", + "bugs": { + "url": "https://github.com/cyclonedx/cdxgen-plugins-bin/issues" + }, + "homepage": "https://github.com/cyclonedx/cdxgen-plugins-bin#readme", + "files": [ + "*.js", + "plugins/" + ], + "os": [ + "linux" + ], + "libc": "musl", + "cpu": [ + "x64" + ] +} diff --git a/packages/linuxmusl-amd64/plugins/.gitignore b/packages/linuxmusl-amd64/plugins/.gitignore new file mode 100644 index 0000000..d8c2cac --- /dev/null +++ b/packages/linuxmusl-amd64/plugins/.gitignore @@ -0,0 +1,6 @@ +goversion/ +trivy/ +cargo-auditable/ +osquery/ +dosai/ +sourcekitten/ diff --git a/packages/linuxmusl-amd64/plugins/.gitkeep b/packages/linuxmusl-amd64/plugins/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/packages/linuxmusl-amd64/plugins/.npmignore b/packages/linuxmusl-amd64/plugins/.npmignore new file mode 100644 index 0000000..e69de29 diff --git a/packages/linuxmusl-arm64/build-linuxmusl-arm64.sh b/packages/linuxmusl-arm64/build-linuxmusl-arm64.sh new file mode 100755 index 0000000..7feba32 --- /dev/null +++ b/packages/linuxmusl-arm64/build-linuxmusl-arm64.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +set -e # Exit on error + +# Remove old plugin directories to ensure a clean build +rm -rf plugins/trivy plugins/dosai +mkdir -p plugins/trivy plugins/dosai + +# Download the Dosai binary +curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai-linux-musl-arm64 -o plugins/dosai/dosai +chmod +x plugins/dosai/dosai +sha256sum plugins/dosai/dosai > plugins/dosai/dosai.sha256 + +oras pull ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-arm64 -o plugins/trivy/ +rm -f plugins/trivy/sourcekitten* +ls -l plugins/trivy/ diff --git a/packages/linuxmusl-arm64/index.js b/packages/linuxmusl-arm64/index.js new file mode 100644 index 0000000..8e8a0f2 --- /dev/null +++ b/packages/linuxmusl-arm64/index.js @@ -0,0 +1,8 @@ +// Debug mode flag +const DEBUG_MODE = + process.env.CDXGEN_DEBUG_MODE === "debug" || + process.env.NODE_ENV === "development"; + +if (DEBUG_MODE) { + console.log("cdxgen plugins check"); +} diff --git a/packages/linuxmusl-arm64/package.json b/packages/linuxmusl-arm64/package.json new file mode 100644 index 0000000..be17f2a --- /dev/null +++ b/packages/linuxmusl-arm64/package.json @@ -0,0 +1,35 @@ +{ + "name": "@cyclonedx/cdxgen-plugins-bin-linuxmusl-arm64", + "version": "1.6.12", + "description": "Linux musl arm64 binary plugins to supercharge @cyclonedx/cdxgen npm package", + "main": "index.js", + "repository": { + "type": "git", + "url": "git+https://github.com/cyclonedx/cdxgen-plugins-bin.git" + }, + "keywords": [ + "cdxgen", + "sbom", + "bom", + "plugins", + "dependency", + "appsec" + ], + "author": "Prabhu Subramanian ", + "license": "Apache-2.0", + "bugs": { + "url": "https://github.com/cyclonedx/cdxgen-plugins-bin/issues" + }, + "homepage": "https://github.com/cyclonedx/cdxgen-plugins-bin#readme", + "files": [ + "*.js", + "plugins/" + ], + "os": [ + "linux" + ], + "libc": "musl", + "cpu": [ + "arm64" + ] +} diff --git a/packages/linuxmusl-arm64/plugins/.gitignore b/packages/linuxmusl-arm64/plugins/.gitignore new file mode 100644 index 0000000..d8c2cac --- /dev/null +++ b/packages/linuxmusl-arm64/plugins/.gitignore @@ -0,0 +1,6 @@ +goversion/ +trivy/ +cargo-auditable/ +osquery/ +dosai/ +sourcekitten/ diff --git a/packages/linuxmusl-arm64/plugins/.gitkeep b/packages/linuxmusl-arm64/plugins/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/packages/linuxmusl-arm64/plugins/.npmignore b/packages/linuxmusl-arm64/plugins/.npmignore new file mode 100644 index 0000000..e69de29 diff --git a/thirdparty/trivy/Makefile b/thirdparty/trivy/Makefile index fe489f8..5baf1be 100644 --- a/thirdparty/trivy/Makefile +++ b/thirdparty/trivy/Makefile @@ -1,6 +1,7 @@ PATH := $(PATH):/usr/local/go/bin:$HOME/go/bin: appname := trivy-cdxgen sources := main.go +docker_cmd := docker build = CGO_ENABLED=0 GOOS=$(1) GOARCH=$(2) go build -ldflags "-s -w -extldflags=-Wl,-z,now,-z,relro" -o build/$(appname)-$(1)-$(2)$(3) sha = cd build && sha256sum $(appname)-$(1)-$(2)$(3) > $(appname)-$(1)-$(2)$(3).sha256 @@ -14,6 +15,8 @@ clean: rm -rf build/ ##### LINUX BUILDS ##### linux: build/linux_amd64 build/linux_arm64 build/linux_arm build/linux_ppc64le build/linux_riscv64 +linuxmusl: build/linuxmusl_amd64 build/linuxmusl_arm64 + build/linux_386: $(sources) $(call build,linux,386,) $(call sha,linux,386,) @@ -30,6 +33,14 @@ build/linux_arm64: $(sources) $(call build,linux,arm64,) $(call sha,linux,arm64,) +build/linuxmusl_%: $(sources) + $(docker_cmd) run --rm \ + --platform=linux/$* \ + -v "$(PWD)":/src \ + -w /src \ + golang:1.19-alpine \ + sh -c 'CGO_ENABLED=0 GOOS=linux GOARCH=$* go build -ldflags "-s -w -extldflags=-Wl,-z,now,-z,relro" -o build/$(appname)-linuxmusl-$* && cd build && sha256sum $(appname)-linuxmusl-$* > $(appname)-linuxmusl-$*.sha256' + build/linux_ppc64le: $(sources) $(call build,linux,ppc64le,) $(call sha,linux,ppc64le,) From f91f55055f33c0da3c22e36fe85eeca71ec5f9f1 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Sun, 1 Jun 2025 14:20:48 +0100 Subject: [PATCH 2/4] Linux musl builds Signed-off-by: Prabhu Subramanian --- .github/workflows/native-builds.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/native-builds.yml b/.github/workflows/native-builds.yml index 6b8a68b..edd8388 100644 --- a/.github/workflows/native-builds.yml +++ b/.github/workflows/native-builds.yml @@ -60,7 +60,7 @@ jobs: cp thirdparty/sourcekitten/SourceKitten/.build/release/sourcekitten uploads/ cp thirdparty/sourcekitten/SourceKitten/.build/release/sourcekitten.sha256 uploads/ cd uploads - oras push --verbose --disable-path-validation ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-amd64 \ + oras push ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-amd64 \ --artifact-type application/vnd.oras.config.v1+json \ ./trivy-cdxgen-linuxmusl-amd64:application/vnd.cyclonedx.plugins.layer.v1+tar \ ./trivy-cdxgen-linuxmusl-amd64.sha256:application/vnd.cyclonedx.plugins.layer.v1+tar \ @@ -78,7 +78,7 @@ jobs: cp thirdparty/sourcekitten/SourceKitten/.build/release/sourcekitten uploads/ cp thirdparty/sourcekitten/SourceKitten/.build/release/sourcekitten.sha256 uploads/ cd uploads - oras push --verbose --disable-path-validation ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-arm64 \ + oras push ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-arm64 \ --artifact-type application/vnd.oras.config.v1+json \ ./trivy-cdxgen-linuxmusl-arm64:application/vnd.cyclonedx.plugins.layer.v1+tar \ ./trivy-cdxgen-linuxmusl-arm64.sha256:application/vnd.cyclonedx.plugins.layer.v1+tar \ From 44d941e57495761d0281f6dcf2338b30af7b9e35 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Sun, 1 Jun 2025 15:10:48 +0100 Subject: [PATCH 3/4] Setup upx Signed-off-by: Prabhu Subramanian --- .github/workflows/native-builds.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/native-builds.yml b/.github/workflows/native-builds.yml index edd8388..ae72b3e 100644 --- a/.github/workflows/native-builds.yml +++ b/.github/workflows/native-builds.yml @@ -22,6 +22,20 @@ jobs: packages: write steps: - uses: actions/checkout@v4 + - name: setup upx + run: | + wget https://github.com/upx/upx/releases/download/v5.0.1/upx-5.0.1-amd64_linux.tar.xz + tar -xvf upx-5.0.1-amd64_linux.tar.xz + chmod +x upx-5.0.1-amd64_linux/upx + sudo cp upx-5.0.1-amd64_linux/upx /usr/local/bin/ + if: matrix.os == 'ubuntu-24.04' + - name: setup upx + run: | + wget https://github.com/upx/upx/releases/download/v5.0.1/upx-5.0.1-arm64_linux.tar.xz + tar -xvf upx-5.0.1-arm64_linux.tar.xz + chmod +x upx-5.0.1-arm64_linux/upx + sudo cp upx-5.0.1-arm64_linux/upx /usr/local/bin/ + if: matrix.os == 'ubuntu-24.04-arm' - name: Setup swift if: matrix.os == 'ubuntu-24.04' || matrix.os == 'ubuntu-24.04-arm' run: | @@ -53,6 +67,7 @@ jobs: run: | pushd thirdparty/trivy make build/linuxmusl_amd64 + upx -9 --lzma ./build/trivy-cdxgen-linuxmusl-amd64 popd sudo chown -R $USER:$USER thirdparty/trivy/build/ mkdir -p uploads @@ -71,6 +86,7 @@ jobs: run: | pushd thirdparty/trivy make build/linuxmusl_arm64 + upx -9 --lzma ./build/trivy-cdxgen-linuxmusl-arm64 popd sudo chown -R $USER:$USER thirdparty/trivy/build/ mkdir -p uploads From b45e7c278c0e60c53e16b7f802e5ba5b0dd294ce Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Sun, 1 Jun 2025 15:17:05 +0100 Subject: [PATCH 4/4] Setup upx Signed-off-by: Prabhu Subramanian --- .github/workflows/native-builds.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/native-builds.yml b/.github/workflows/native-builds.yml index ae72b3e..8f20ed4 100644 --- a/.github/workflows/native-builds.yml +++ b/.github/workflows/native-builds.yml @@ -67,9 +67,9 @@ jobs: run: | pushd thirdparty/trivy make build/linuxmusl_amd64 + sudo chown -R $USER:$USER build/ upx -9 --lzma ./build/trivy-cdxgen-linuxmusl-amd64 popd - sudo chown -R $USER:$USER thirdparty/trivy/build/ mkdir -p uploads cp thirdparty/trivy/build/trivy* uploads/ cp thirdparty/sourcekitten/SourceKitten/.build/release/sourcekitten uploads/ @@ -86,9 +86,9 @@ jobs: run: | pushd thirdparty/trivy make build/linuxmusl_arm64 + sudo chown -R $USER:$USER build/ upx -9 --lzma ./build/trivy-cdxgen-linuxmusl-arm64 popd - sudo chown -R $USER:$USER thirdparty/trivy/build/ mkdir -p uploads cp thirdparty/trivy/build/trivy* uploads/ cp thirdparty/sourcekitten/SourceKitten/.build/release/sourcekitten uploads/