clean up sbom

githedgehog · Nov 5, 2024 · d2a3059 · d2a3059
1 parent df73eaf
commit d2a3059
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 14 deletions.
diff --git a/.github/workflows/build-and-push-container.yml b/.github/workflows/build-and-push-container.yml
@@ -122,8 +122,8 @@ jobs:
           diff-store: true
       - name: confirm sources
         run: ./scripts/confirm-sources.sh
-      - name: build
-        run: just --yes debug=true max_nix_builds=1 rust=${{matrix.toolchain.key}} build
+      - name: build + push
+        run: just --yes debug=true max_nix_builds=1 rust=${{matrix.toolchain.key}} push
       - name: Install SBOM generator dependencies
         run: |
           for f in /tmp/dpdk-sys/builds/*; do
@@ -134,32 +134,29 @@ jobs:
           sudo apt-get install --yes --no-install-recommends graphviz
       - name: Generate SBOM
         run: ./scripts/sbom.sh
-      - name: push
-        run: just --yes debug=true max_nix_builds=1 rust=${{matrix.toolchain.key}} push
-      - name: remove links from /tmp/dpdk-sys/builds
-        run: |
-          for f in /tmp/dpdk-sys/builds/*; do
-              [ -h "$f" ] && rm "$f"
-          done
       - name: step summary
         continue-on-error: true # might fail due to $GITHUB_STEP_SUMMARY size limit of 1MB
         run: |
           echo "# Outdated packages:" >> "$GITHUB_STEP_SUMMARY"
           echo "" >> "$GITHUB_STEP_SUMMARY"
-          cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.release.outdated.md >> $GITHUB_STEP_SUMMARY
+          cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md >> $GITHUB_STEP_SUMMARY
           
           echo "" >> "$GITHUB_STEP_SUMMARY"
           echo "# Vuln scan (gnu64):" >> "$GITHUB_STEP_SUMMARY"
           echo "" >> "$GITHUB_STEP_SUMMARY"
-          cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.release.vulns.triage.md >> $GITHUB_STEP_SUMMARY
+          cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md >> $GITHUB_STEP_SUMMARY
           
           echo "" >> "$GITHUB_STEP_SUMMARY"
           echo "# Runtime SBOM (gnu64):" >> "$GITHUB_STEP_SUMMARY"
           echo "" >> "$GITHUB_STEP_SUMMARY"
-          cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.release.runtime.sbom.md >> $GITHUB_STEP_SUMMARY
+          cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.sbom.md >> $GITHUB_STEP_SUMMARY
           
           echo "" >> "$GITHUB_STEP_SUMMARY"
-
+      - name: remove links from /tmp/dpdk-sys/builds
+        run: |
+          for f in /tmp/dpdk-sys/builds/*; do
+              [ -h "$f" ] && rm "$f"
+          done
       - uses: actions/upload-artifact@v4
         with:
           name: builds-${{ matrix.toolchain.key }}

diff --git a/scripts/sbom.sh b/scripts/sbom.sh
@@ -4,12 +4,14 @@ set -euxo pipefail
 
 declare -r sbomnix="github:tiiuae/sbomnix"
 
-just build-sysroot
+#just build-sysroot
 
 declare -r builds="/tmp/dpdk-sys/builds"
 pushd "${builds}"
 declare -r package="env.sysroot"
 
+nix build "${sbomnix}" --out-link /tmp/sbomnix
+
 for libc in "gnu64" "musl64"; do
   nix run \
     "${sbomnix}#sbomnix" \