Trying out improved test.yml approach for checking SBOM contents

rudsberg · Dec 3, 2024 · da3d5c4 · da3d5c4
1 parent 2bdeaa9
commit da3d5c4
Show file tree

Hide file tree

Showing 7 changed files with 106 additions and 109 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -436,31 +436,13 @@ jobs:
         run: |
           cd __tests__/sbom/main-test-app
           mvn -Pnative package
-          cd target
-          echo "Checking for 'pkg:maven/org.json/json@20211205'"
-          grep -q 'pkg:maven/org.json/json@20211205' sbom.sbom.json || exit 1
-          echo "Checking for 'main-test-app'"
-          grep -q '"main-test-app"' sbom.sbom.json || exit 1
-          echo "Checking for 'svm'"
-          grep -q '"svm"' sbom.sbom.json || exit 1
-          echo "Checking for 'nativeimage'"
-          grep -q '"nativeimage"' sbom.sbom.json || exit 1
-          echo "SBOM was successfully generated and contained the expected contents"
+          sh verify-sbom.sh
         shell: bash
         if: runner.os != 'Windows'
       - name: Build Maven project and verify SBOM was generated (Windows)
         run: |
           cd __tests__\sbom\main-test-app
           mvn -Pnative package
-          cd target
-          echo "Checking for 'pkg:maven/org.json/json@20211205'"
-          findstr /c:"pkg:maven/org.json/json@20211205" sbom.sbom.json || exit /b 1
-          echo "Checking for 'main-test-app'"
-          findstr /c:"\"main-test-app\"" sbom.sbom.json || exit /b 1
-          echo "Checking for 'svm'"
-          findstr /c:"\"svm\"" sbom.sbom.json || exit /b 1
-          echo "Checking for 'nativeimage'"
-          findstr /c:"\"nativeimage\"" sbom.sbom.json || exit /b 1
-          echo "SBOM was successfully generated and contained the expected contents"
+          cmd /c verify-sbom.cmd
         shell: cmd
         if: runner.os == 'Windows'
diff --git a/__tests__/sbom.test.ts b/__tests__/sbom.test.ts
@@ -227,7 +227,7 @@ describe('sbom feature', () => {
 
       mockFindSBOM([])
 
-      await expect(processSBOM()).rejects.toBeInstanceOf(Error);
+      await expect(processSBOM()).rejects.toBeInstanceOf(Error)
     })
 
     it('should throw when JSON contains an invalid SBOM', async () => {
@@ -282,9 +282,11 @@ describe('sbom feature', () => {
     })
 
     it('should handle GitHub API submission errors gracefully', async () => {
-      mockGithubAPIReturnValue(new Error('API submission failed'))      
-
-      await expect(setUpAndProcessSBOM(sampleSBOM)).rejects.toBeInstanceOf(Error);
+      mockGithubAPIReturnValue(new Error('API submission failed'))
+
+      await expect(setUpAndProcessSBOM(sampleSBOM)).rejects.toBeInstanceOf(
+        Error
+      )
     })
   })
 })
diff --git a/__tests__/sbom/main-test-app/verify-sbom.cmd b/__tests__/sbom/main-test-app/verify-sbom.cmd
@@ -0,0 +1,14 @@
+@echo off
+cd target
+
+for %%p in (
+    "\"pkg:maven/org.json/json@20211205\""
+    "\"main-test-app\""
+    "\"svm\""
+    "\"nativeimage\""
+) do (
+    echo Checking for %%p
+    findstr /c:%%p sbom.sbom.json || exit /b 1
+)
+
+echo SBOM was successfully generated and contained the expected contents
diff --git a/__tests__/sbom/main-test-app/verify-sbom.sh b/__tests__/sbom/main-test-app/verify-sbom.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+cd target
+
+required_patterns=(
+    '"pkg:maven/org.json/json@20211205"'
+    '"main-test-app"'
+    '"svm"'
+    '"nativeimage"'
+)
+
+for pattern in "${required_patterns[@]}"; do
+    echo "Checking for $pattern"
+    if ! grep -q "$pattern" sbom.sbom.json; then
+        echo "Pattern not found: $pattern"
+        exit 1
+    fi
+done
+
+echo "SBOM was successfully generated and contained the expected contents"
diff --git a/dist/cleanup/index.js b/dist/cleanup/index.js