From 85b628fb4485a8e533ef2b3a1d746c7f49b2aad3 Mon Sep 17 00:00:00 2001 From: Satwik Sai Prakash Sahoo <57804606+satwiksps@users.noreply.github.com> Date: Thu, 16 Jan 2025 18:21:17 +0530 Subject: [PATCH] Add Linux AMD64-specific package (#28) * Add Linux AMD64-specific package Signed-off-by: Satwik Sai Prakash Sahoo * feat(build): Optimize build script for Linux AMD64 - Added dynamic handling for Trivy and Osquery plugins with validation for existing binaries. - Integrated Dosai binary download and checksum generation. - Improved error handling and added compression for binaries using UPX. - Included warnings for missing source files in plugin directories. Signed-off-by: Satwik Sai Prakash Sahoo --------- Signed-off-by: Satwik Sai Prakash Sahoo --- .github/workflows/native-builds.yml | 49 ++++++++++++++++++++++- .github/workflows/release.yml | 6 +++ build.ps1 | 13 +++--- build.sh | 7 ++++ packages/linux-amd64/build-linux-amd64.sh | 28 +++++++++++++ packages/linux-amd64/index.js | 1 + packages/linux-amd64/package.json | 17 ++++++++ packages/linux-amd64/plugins/.gitignore | 6 +++ packages/linux-amd64/plugins/.gitkeep | 0 packages/linux-amd64/plugins/.npmignore | 0 10 files changed, 120 insertions(+), 7 deletions(-) create mode 100644 packages/linux-amd64/build-linux-amd64.sh create mode 100644 packages/linux-amd64/index.js create mode 100644 packages/linux-amd64/package.json create mode 100644 packages/linux-amd64/plugins/.gitignore create mode 100644 packages/linux-amd64/plugins/.gitkeep create mode 100644 packages/linux-amd64/plugins/.npmignore diff --git a/.github/workflows/native-builds.yml b/.github/workflows/native-builds.yml index 555d46e..7bb2ab2 100644 --- a/.github/workflows/native-builds.yml +++ b/.github/workflows/native-builds.yml @@ -15,7 +15,7 @@ jobs: strategy: fail-fast: true matrix: - os: ['ubuntu-latest', 'macos-13', 'macos-15'] + os: ['ubuntu-latest', 'macos-13', 'macos-15', 'windows-latest'] runs-on: ${{ matrix.os }} permissions: contents: write @@ -28,7 +28,17 @@ jobs: - run: oras version - name: Build run: | - bash thirdparty/sourcekitten/build.sh + if [ "${{ matrix.os }}" == "ubuntu-latest" ]; then + bash thirdparty/sourcekitten/build.sh + bash packages/linux-arm64/build-linux-arm64.sh + bash packages/linux-arm/build-linux-arm.sh + bash packages/ppc64/build-ppc64.sh + elif [ "${{ matrix.os }}" == "windows-latest" ]; then + powershell ./packages/windows-amd64/build-windows-amd64.ps1 + powershell ./packages/windows-arm64/build-windows-arm64.ps1 + else + bash thirdparty/sourcekitten/build.sh + fi ls -l thirdparty/sourcekitten/SourceKitten/.build/release echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin env: @@ -42,6 +52,20 @@ jobs: ./sourcekitten:application/vnd.cyclonedx.plugins.layer.v1+tar \ ./sourcekitten.sha256:application/vnd.cyclonedx.plugins.layer.v1+tar if: matrix.os == 'ubuntu-latest' + - name: Upload linux arm64 + run: | + cd packages/linux-arm64/release/ + oras push ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-arm64 \ + --artifact-type application/vnd.oras.config.v1+json \ + ./arm64-binary:application/vnd.cyclonedx.plugins.layer.v1+tar + if: matrix.os == 'ubuntu-latest' + - name: Upload linux arm + run: | + cd packages/linux-arm/release/ + oras push ghcr.io/cyclonedx/cdxgen-plugins-bin:linux-arm \ + --artifact-type application/vnd.oras.config.v1+json \ + ./arm-binary:application/vnd.cyclonedx.plugins.layer.v1+tar + if: matrix.os == 'ubuntu-latest' - name: Upload darwin amd64 run: | cd thirdparty/sourcekitten/SourceKitten/.build/release/ @@ -58,3 +82,24 @@ jobs: ./sourcekitten:application/vnd.cyclonedx.plugins.layer.v1+tar \ ./sourcekitten.sha256:application/vnd.cyclonedx.plugins.layer.v1+tar if: matrix.os == 'macos-15' + - name: Upload windows amd64 + run: | + cd packages/windows-amd64/release/ + oras push ghcr.io/cyclonedx/cdxgen-plugins-bin:windows-amd64 \ + --artifact-type application/vnd.oras.config.v1+json \ + ./windows-binary:application/vnd.cyclonedx.plugins.layer.v1+tar + if: matrix.os == 'windows-latest' + - name: Upload windows arm64 + run: | + cd packages/windows-arm64/release/ + oras push ghcr.io/cyclonedx/cdxgen-plugins-bin:windows-arm64 \ + --artifact-type application/vnd.oras.config.v1+json \ + ./windows-arm64-binary:application/vnd.cyclonedx.plugins.layer.v1+tar + if: matrix.os == 'windows-latest' + - name: Upload ppc64 + run: | + cd packages/ppc64/release/ + oras push ghcr.io/cyclonedx/cdxgen-plugins-bin:ppc64 \ + --artifact-type application/vnd.oras.config.v1+json \ + ./ppc64-binary:application/vnd.cyclonedx.plugins.layer.v1+tar + if: matrix.os == 'ubuntu-latest' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1b4584f..3e11075 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,6 +12,12 @@ jobs: contents: read packages: write steps: + - name: Upload Linux AMD64 Package + uses: actions/upload-artifact@v3 + with: + name: linux-amd64-package + path: packages/linux-amd64/*.tgz + - uses: actions/checkout@v4 - name: Use Node.js uses: actions/setup-node@v4 diff --git a/build.ps1 b/build.ps1 index 083c4aa..be06e67 100644 --- a/build.ps1 +++ b/build.ps1 @@ -1,5 +1,6 @@ New-Item -ItemType Directory -Path plugins\osquery -Force New-Item -ItemType Directory -Path plugins\dosai -Force +New-Item -ItemType Directory -Path plugins\trivy -Force Invoke-WebRequest -Uri https://github.com/upx/upx/releases/download/v4.2.4/upx-4.2.4-win64.zip -UseBasicParsing -OutFile upx-4.2.4-win64.zip Expand-Archive -Path upx-4.2.4-win64.zip -DestinationPath . -Force @@ -12,11 +13,6 @@ plugins\osquery\osqueryi-windows-amd64.exe --help Invoke-WebRequest -Uri https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai.exe -UseBasicParsing -OutFile plugins/dosai/dosai-windows-amd64.exe -set CGO_ENABLED=0 -set GOOS=windows -set GOARCH=amd64 - -New-Item -ItemType Directory -Path plugins\trivy -Force cd thirdparty\trivy go build -ldflags "-H=windowsgui -s -w" -o build\trivy-windows-amd64.exe ..\..\upx-4.2.4-win64\upx.exe -9 --lzma build\trivy-windows-amd64.exe @@ -24,6 +20,13 @@ copy build\* ..\..\plugins\trivy\ Remove-Item build -Recurse -Force cd ..\.. +Write-Host "Building Linux AMD64 package..." +Set-Location -Path packages/linux-amd64 +Copy-Item -Path ../../plugins/* -Destination plugins/ +npm install +npm pack +Set-Location -Path ../../ + Remove-Item osquery-5.14.1.windows_x86_64 -Recurse -Force Remove-Item osquery-5.14.1.windows_x86_64.zip -Recurse -Force Remove-Item upx-4.2.4-win64 -Recurse -Force diff --git a/build.sh b/build.sh index e9d93b2..056a0c3 100755 --- a/build.sh +++ b/build.sh @@ -37,6 +37,13 @@ upx -9 --lzma ./plugins/trivy/trivy-cdxgen-linux-amd64 ./plugins/trivy/trivy-cdxgen-linux-amd64 -v ./plugins/dosai/dosai-linux-amd64 --help +echo "Building Linux AMD64 package..." +cd packages/linux-amd64 +cp ../../plugins/* plugins/ +npm install +npm pack +cd ../../ + for flavours in windows-amd64 linux-arm64 linux-arm windows-arm64 darwin-arm64 darwin-amd64 ppc64 do chmod +x packages/$flavours/build-$flavours.sh diff --git a/packages/linux-amd64/build-linux-amd64.sh b/packages/linux-amd64/build-linux-amd64.sh new file mode 100644 index 0000000..1f55bad --- /dev/null +++ b/packages/linux-amd64/build-linux-amd64.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +set -e # Exit on error + +echo "Building Linux AMD64 package..." + +# Remove old plugin directories to ensure a clean build +rm -rf plugins/trivy plugins/osquery plugins/dosai +mkdir -p plugins/trivy plugins/osquery plugins/dosai + +# Download the Dosai binary +curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai-linux-amd64 -o plugins/dosai/dosai-linux-amd64 +chmod +x plugins/dosai/dosai-linux-amd64 +sha256sum plugins/dosai/dosai-linux-amd64 > plugins/dosai/dosai-linux-amd64.sha256 + +# Handle additional plugins: Trivy and Osquery +for plug in trivy osquery; do + mkdir -p plugins/$plug + # Check if the source plugin directory exists and is not empty + if [ -d "../../plugins/$plug" ] && [ "$(ls -A ../../plugins/$plug/*linux-amd64* 2>/dev/null)" ]; then + cp ../../plugins/$plug/*linux-amd64* plugins/$plug/ + upx -9 --lzma plugins/$plug/*linux-amd64* || true # Compress files if possible + else + echo "Warning: No files found for $plug in ../../plugins/$plug/" + fi +done + +# Final output message +echo "Linux AMD64 build completed successfully!" diff --git a/packages/linux-amd64/index.js b/packages/linux-amd64/index.js new file mode 100644 index 0000000..13e1b8e --- /dev/null +++ b/packages/linux-amd64/index.js @@ -0,0 +1 @@ +console.log('Linux AMD64 package initialized.'); diff --git a/packages/linux-amd64/package.json b/packages/linux-amd64/package.json new file mode 100644 index 0000000..79ecc89 --- /dev/null +++ b/packages/linux-amd64/package.json @@ -0,0 +1,17 @@ +{ + "name": "@cyclonedx/cdxgen-plugins-bin-linux-amd64", + "version": "1.0.0", + "description": "CycloneDX plugins binary for Linux AMD64", + "main": "index.js", + "scripts": { + "build": "./build-linux-amd64.sh" + }, + "keywords": [ + "CycloneDX", + "plugins", + "linux", + "amd64" + ], + "license": "MIT" + } + \ No newline at end of file diff --git a/packages/linux-amd64/plugins/.gitignore b/packages/linux-amd64/plugins/.gitignore new file mode 100644 index 0000000..d8c2cac --- /dev/null +++ b/packages/linux-amd64/plugins/.gitignore @@ -0,0 +1,6 @@ +goversion/ +trivy/ +cargo-auditable/ +osquery/ +dosai/ +sourcekitten/ diff --git a/packages/linux-amd64/plugins/.gitkeep b/packages/linux-amd64/plugins/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/packages/linux-amd64/plugins/.npmignore b/packages/linux-amd64/plugins/.npmignore new file mode 100644 index 0000000..e69de29