-
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathindex.js
129 lines (109 loc) · 4.37 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
// This file is part of CycloneDX GitHub Action for Go Modules
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an “AS IS” BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// SPDX-License-Identifier: Apache-2.0
// Copyright (c) OWASP Foundation. All Rights Reserved.
const core = require('@actions/core');
const exec = require('@actions/exec');
const http = require('@actions/http-client');
const io = require('@actions/io');
const os = require('os');
const path = require('path');
const semver = require('semver');
const toolCache = require('@actions/tool-cache');
const input = {
args: core.getInput('args'),
version: core.getInput('version'),
};
const baseDownloadUrl = 'https://github.com/CycloneDX/cyclonedx-gomod/releases/download';
const minimumSupportedVersion = 'v1.0.0';
function buildDownloadUrl(version) {
let fileExtension = "tar.gz";
let platform = os.platform().toString();
if (platform === 'win32') {
platform = 'windows';
fileExtension = 'zip';
}
let architecture = '';
switch (os.arch()) {
case 'x64':
architecture = 'amd64';
break;
case 'ia32':
case 'x32':
architecture = '386';
break;
default:
architecture = os.arch();
break;
}
return `${baseDownloadUrl}/v${version}/cyclonedx-gomod_${version}_${platform}_${architecture}.${fileExtension}`;
}
async function getReleaseVersionMatchingRange(httpClient, range) {
core.info(`Determining latest release version of cyclonedx-gomod satisfying "${range}"`);
const responseJson = await httpClient.getJson(
'https://api.github.com/repos/CycloneDX/cyclonedx-gomod/releases',
process.env.GITHUB_TOKEN
? { Authorization: process.env.GITHUB_TOKEN, ...{} }
: {}
);
if (responseJson === null) { // HTTP 404
throw new Error('Fetching latest release of cyclonedx-gomod failed: not found');
} else if (responseJson.statusCode !== 200) {
throw new Error(`Unexpected response status: ${responseJson.statusCode}`);
}
const matched = semver.maxSatisfying(responseJson.result.map((release) => release.tag_name), range);
core.info(`Latest release version matching "${range}" is: ${matched}`);
return matched;
}
async function install(version) {
core.info(`Installing cyclonedx-gomod ${version}`);
const downloadUrl = buildDownloadUrl(version);
core.info(`Downloading ${downloadUrl}`);
const archivePath = await toolCache.downloadTool(downloadUrl);
core.info('Extracting archive');
let installDir = "";
if (downloadUrl.endsWith('.zip')) {
installDir = await toolCache.extractZip(archivePath);
} else {
installDir = await toolCache.extractTar(archivePath);
}
core.info(`Adding ${installDir} to \$PATH`)
core.addPath(installDir);
return path.join(installDir, 'cyclonedx-gomod');
}
async function run() {
const httpClient = new http.HttpClient('gh-gomod-generate-sbom');
try {
// Make sure Go is in $PATH, throw if it isn't
await io.which('go', true);
let versionToInstall = input.version;
if (!semver.validRange(versionToInstall)) {
throw new Error('version must be a valid version range, see https://github.com/npm/node-semver#advanced-range-syntax')
}
versionToInstall = await getReleaseVersionMatchingRange(httpClient, versionToInstall);
if (semver.lt(versionToInstall, minimumSupportedVersion)) {
throw new Error(`cyclonedx-gomod versions below ${minimumSupportedVersion} are not supported`);
}
const binaryPath = await install(versionToInstall.replace(/^v/, ''));
if (input.args != '') {
await exec.exec(binaryPath, input.args.split(/\s+/));
} else {
core.info('no arguments configured, will not execute cyclonedx-gomod')
}
} catch (error) {
core.setFailed(error.message);
}
}
run();