Feature/alpine (#2)

Prabhu Subramanian · web-flow · commit f26cbc320236 · 2022-11-19T12:12:54.000Z
* Adds alpine build

* Set go path

* Set go path

* Set go path

* Set go path
diff --git a/.github/workflows/alpine.yml b/.github/workflows/alpine.yml
@@ -0,0 +1,87 @@
+name: Build Alpine Binaries
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  Depscan-Alpine-Build:
+    runs-on: ubuntu-latest
+    container: python:3.10-alpine
+    steps:
+    - uses: actions/checkout@v3
+    - name: Install packages
+      run: |
+        apk update
+        apk add py3-pip python3-dev curl wget jq tree cmake make gcc git g++ musl-dev libffi-dev openssl-dev py3-cffi py3-twine py3-wheel py3-setuptools ca-certificates zlib-dev xz nodejs npm bash tar gcompat
+    - name: Checkout dep-scan
+      uses: actions/checkout@v3
+      with:
+        repository: AppThreat/dep-scan
+        path: dep-scan
+    - name: Checkout cdxgen
+      uses: actions/checkout@v3
+      with:
+        repository: AppThreat/cdxgen
+        path: cdxgen
+    - name: Checkout cdxgen
+      uses: actions/checkout@v3
+      with:
+        repository: ngcloudsec/cdxgen-plugins-bin
+        path: cdxgen-plugins-bin
+    - name: Install go
+      run: |
+        wget https://go.dev/dl/go1.19.3.linux-amd64.tar.gz
+        tar -xvf go1.19.3.linux-amd64.tar.gz
+        mv go /usr/local/
+    - uses: actions/cache@v3
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+    - name: Install pyinstaller
+      run: |
+        python3 -m pip install twine setuptools wheel pyinstaller
+        cd dep-scan
+        pip3 install -r requirements.txt
+        wget https://github.com/upx/upx/releases/download/v4.0.1/upx-4.0.1-amd64_linux.tar.xz
+        tar -xvf upx-4.0.1-amd64_linux.tar.xz
+        chmod +x upx-4.0.1-amd64_linux/upx
+        cp upx-4.0.1-amd64_linux/upx /usr/local/bin/
+    - name: Produce cdxgen pkg
+      run: |
+        npm install -g pkg
+        cd cdxgen
+        npm install
+        pkg -t node18-alpine --public package.json --out-path dist
+        chmod +x dist/cdxgen
+        ./dist/cdxgen --version
+    - name: Build cdxgen plugins
+      run: |
+        echo "/usr/local/go/bin" >> $GITHUB_PATH
+        cd cdxgen-plugins-bin
+        chmod +x build.sh
+        ls -lh /usr/local/go/bin
+        ./build.sh
+    - name: Binary alpine build
+      run: |
+        cd dep-scan
+        pyinstaller depscan/cli.py --noconfirm --log-level=WARN --nowindow --onefile --name depscan-linux-musl --add-data="vendor:vendor" --add-binary="../cdxgen/dist/cdxgen:local_bin" --add-binary="../cdxgen-plugins-bin/plugins/osquery/osqueryi-linux-amd64:local_bin/osquery" --add-binary="../cdxgen-plugins-bin/plugins/goversion/goversion-linux-amd64:local_bin/goversion" --add-binary="../cdxgen-plugins-bin/plugins/trivy/trivy-cdxgen-linux-amd64:local_bin/trivy" --add-binary="../cdxgen-plugins-bin/plugins/cargo-auditable/cargo-auditable-cdxgen-linux-amd64:local_bin/cargo-auditable" --collect-submodules depscan --upx-dir /usr/local/bin
+        sha256sum ./dist/depscan-linux-musl > ./dist/depscan-linux-musl.sha256
+        ./dist/depscan-linux-musl --help
+        ./dist/depscan-linux-musl -i . -o /tmp/depscan.json
+    - uses: actions/upload-artifact@v1
+      if: startsWith(github.ref, 'refs/tags/') != true
+      with:
+        path: ./dep-scan/dist
+        name: depscan-linux-musl
+    - name: Release
+      uses: softprops/action-gh-release@v1
+      if: startsWith(github.ref, 'refs/tags/')
+      with:
+        files: |
+          dep-scan/dist/depscan-linux-musl
+          dep-scan/dist/depscan-linux-musl.sha256
diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml
@@ -47,10 +47,10 @@ jobs:
         python3 -m pip install twine setuptools wheel pyinstaller
         cd dep-scan
         pip3 install -r requirements.txt
-        wget https://github.com/upx/upx/releases/download/v4.0.0/upx-4.0.0-amd64_linux.tar.xz
-        tar -xvf upx-4.0.0-amd64_linux.tar.xz
-        chmod +x upx-4.0.0-amd64_linux/upx
-        sudo cp upx-4.0.0-amd64_linux/upx /usr/local/bin/
+        wget https://github.com/upx/upx/releases/download/v4.0.1/upx-4.0.1-amd64_linux.tar.xz
+        tar -xvf upx-4.0.1-amd64_linux.tar.xz
+        chmod +x upx-4.0.1-amd64_linux/upx
+        sudo cp upx-4.0.1-amd64_linux/upx /usr/local/bin/
     - name: Produce cdxgen pkg
       run: |
         sudo npm install -g pkg
@@ -73,7 +73,7 @@ jobs:
     - name: BLint
       run: |
         pip3 install blint
-        blint -i dist -o /tmp/reports
+        blint -i dep-scan/dist -o /tmp/reports
       env:
         PYTHONIOENCODING: utf-8
         LANG: en_US.utf-8
diff --git a/.github/workflows/win.yml b/.github/workflows/win.yml
@@ -62,9 +62,9 @@ jobs:
     - name: Binary windows build
       run: |
         cd dep-scan
-        Invoke-WebRequest -Uri https://github.com/upx/upx/releases/download/v4.0.0/upx-4.0.0-win64.zip -UseBasicParsing -OutFile upx-4.0.0-win64.zip
-        Expand-Archive -Path upx-4.0.0-win64.zip -DestinationPath . -Force
-        pyinstaller depscan/cli.py --noconfirm --log-level=WARN --nowindow --onefile --name depscan --add-data="vendor;vendor" --add-binary="../cdxgen/dist/cdxgen.exe;local_bin" --add-binary="../cdxgen-plugins-bin/plugins/osquery/osqueryi-windows-amd64.exe;local_bin/osquery" --add-binary="../cdxgen-plugins-bin/plugins/goversion/goversion-windows-amd64.exe;local_bin/goversion" --add-binary="../cdxgen-plugins-bin/plugins/cargo-auditable/cargo-auditable-windows-amd64.exe;local_bin/cargo-auditable" --collect-submodules depscan --disable-windowed-traceback -i ../depscan.ico --version-file=../file_version_info.txt --upx-dir upx-4.0.0-win64
+        Invoke-WebRequest -Uri https://github.com/upx/upx/releases/download/v4.0.1/upx-4.0.1-win64.zip -UseBasicParsing -OutFile upx-4.0.1-win64.zip
+        Expand-Archive -Path upx-4.0.1-win64.zip -DestinationPath . -Force
+        pyinstaller depscan/cli.py --noconfirm --log-level=WARN --nowindow --onefile --name depscan --add-data="vendor;vendor" --add-binary="../cdxgen/dist/cdxgen.exe;local_bin" --add-binary="../cdxgen-plugins-bin/plugins/osquery/osqueryi-windows-amd64.exe;local_bin/osquery" --add-binary="../cdxgen-plugins-bin/plugins/goversion/goversion-windows-amd64.exe;local_bin/goversion" --add-binary="../cdxgen-plugins-bin/plugins/cargo-auditable/cargo-auditable-windows-amd64.exe;local_bin/cargo-auditable" --collect-submodules depscan --disable-windowed-traceback -i ../depscan.ico --version-file=../file_version_info.txt --upx-dir upx-4.0.1-win64
         .\dist\depscan.exe --help
         (Get-FileHash .\dist\depscan.exe).hash | Out-File -FilePath .\dist\depscan.exe.sha256
       env:
