fix: github correlator name when run in matrix build (#482)

* fix: github correlator name when run in matrix build Signed-off-by: Keith Zantow <[email protected]> * chore: add explicit check for correlator containing artifact-name Signed-off-by: Keith Zantow <[email protected]> * test: explicitly test different correlator paths Signed-off-by: Will Murphy <[email protected]> * chore: commit build output Signed-off-by: Will Murphy <[email protected]> --------- Signed-off-by: Keith Zantow <[email protected]> Signed-off-by: Will Murphy <[email protected]> Co-authored-by: Will Murphy <[email protected]>
anchore · Dec 4, 2024 · a5bbe18 · a5bbe18
1 parent 55dc4ee
commit a5bbe18
Show file tree

Hide file tree

Showing 6 changed files with 343 additions and 9 deletions.
diff --git a/dist/attachReleaseAssets/index.js b/dist/attachReleaseAssets/index.js
diff --git a/dist/downloadSyft/index.js b/dist/downloadSyft/index.js
diff --git a/dist/runSyftAction/index.js b/dist/runSyftAction/index.js
diff --git a/src/github/SyftGithubAction.ts b/src/github/SyftGithubAction.ts
@@ -36,7 +36,7 @@ const exeSuffix = process.platform == "win32" ? ".exe" : "";
  * Tries to get a unique artifact name or otherwise as appropriate as possible
  */
 export function getArtifactName(): string {
-  const fileName = core.getInput("artifact-name");
+  const fileName = getArtifactNameInput();
 
   // if there is an explicit filename just return it, this could cause issues
   // where earlier sboms are overwritten by later ones
@@ -93,6 +93,13 @@ export function getArtifactName(): string {
   return `${repo}-${job}${stepName}.${extension}`;
 }
 
+/**
+ * Returns the artifact-name input value
+ */
+function getArtifactNameInput() {
+  return core.getInput("artifact-name");
+}
+
 /**
  * Gets a reference to the syft command and executes the syft action
  * @param input syft input parameters
@@ -443,10 +450,19 @@ export async function uploadDependencySnapshot(): Promise<void> {
     fs.readFileSync(githubDependencySnapshotFile).toString("utf8")
   ) as DependencySnapshot;
 
+  let correlator = `${workflow}_${job}`;
+  // if running in a matrix build, it is not possible to determine a unique value,
+  // so a user must explicitly specify the artifact-name input, there isn't any
+  // other indicator of being run within a matrix build, so we must use that
+  // here in order to properly correlate dependency snapshots
+  const artifactInput = getArtifactNameInput();
+  if (artifactInput) {
+    correlator += `_${artifactInput}`;
+  }
+
   // Need to add the job and repo details
   snapshot.job = {
-    correlator:
-      core.getInput("dependency-snapshot-correlator") || `${workflow}_${job}`,
+    correlator: core.getInput("dependency-snapshot-correlator") || correlator,
     id: `${runId}`,
   };
   snapshot.sha = sha;

diff --git a/tests/integration/GitHubSnapshot.test.ts b/tests/integration/GitHubSnapshot.test.ts
@@ -67,6 +67,7 @@ describe("GitHub Snapshot", () => {
     const data = requestArgs[1].data;
     const submission = JSON.parse(data);
 
+    expect(submission.job.correlator).toEqual("my-workflow_default-import-job")
     expect(submission.scanned).toBeDefined();
 
     // redact changing data
@@ -75,4 +76,90 @@ describe("GitHub Snapshot", () => {
 
     expect(submission).toMatchSnapshot();
   });
+
+  it("runs with artifact-name input", async () => {
+    setData({
+      inputs: {
+        path: "tests/fixtures/npm-project",
+        "dependency-snapshot": "true",
+        "upload-artifact": "false",
+        "artifact-name": "my-matrix-build-1",
+      },
+      context: {
+        ...context.push({
+          ref: "main",
+        }),
+        sha: "f293f09uaw90gwa09f9wea",
+        workflow: "my-workflow",
+        job: "default-import-job",
+        action: "__anchore_sbom-action",
+      },
+    });
+
+    await action.runSyftAction();
+    await action.uploadDependencySnapshot();
+
+    // validate the request was made
+    expect(requestArgs).toBeDefined();
+    expect(requestArgs).toHaveLength(2);
+    expect(requestArgs[0]).toBe("POST /repos/test-org/test-repo/dependency-graph/snapshots");
+
+    // check the resulting snapshot file
+    const data = requestArgs[1].data;
+    const submission = JSON.parse(data);
+
+    expect(submission.scanned).toBeDefined();
+
+    // redact changing data
+    submission.scanned = "";
+    submission.detector.version = "";
+
+    expect(submission.job).toBeDefined()
+    expect(submission.job.correlator).toEqual("my-workflow_default-import-job_my-matrix-build-1")
+
+    expect(submission).toMatchSnapshot();
+  });
+
+  it("runs with dependency-snapshot-correlator defined", async () => {
+    setData({
+      inputs: {
+        path: "tests/fixtures/npm-project",
+        "dependency-snapshot": "true",
+        "upload-artifact": "false",
+        "dependency-snapshot-correlator": "some-correlator",
+      },
+      context: {
+        ...context.push({
+          ref: "main",
+        }),
+        sha: "f293f09uaw90gwa09f9wea",
+        workflow: "my-workflow",
+        job: "default-import-job",
+        action: "__anchore_sbom-action",
+      },
+    });
+
+    await action.runSyftAction();
+    await action.uploadDependencySnapshot();
+
+    // validate the request was made
+    expect(requestArgs).toBeDefined();
+    expect(requestArgs).toHaveLength(2);
+    expect(requestArgs[0]).toBe("POST /repos/test-org/test-repo/dependency-graph/snapshots");
+
+    // check the resulting snapshot file
+    const data = requestArgs[1].data;
+    const submission = JSON.parse(data);
+
+    expect(submission.scanned).toBeDefined();
+
+    // redact changing data
+    submission.scanned = "";
+    submission.detector.version = "";
+
+    expect(submission.job).toBeDefined()
+    expect(submission.job.correlator).toEqual("some-correlator")
+
+    expect(submission).toMatchSnapshot();
+  });
 });