Skip to content

python: backport shutil.which fixes #1248

python: backport shutil.which fixes

python: backport shutil.which fixes #1248

name: generate-srcinfo
concurrency: ci-${{ github.ref }}
on:
push:
branches:
- master
workflow_dispatch:
jobs:
update-srcinfo-win:
runs-on: windows-2022
if: ${{ github.repository == 'msys2/MINGW-packages' || github.event_name == 'workflow_dispatch' }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
filter: tree:0
- uses: actions/setup-python@v5
id: setup-python
with:
python-version: '3.11'
cache: 'pip'
cache-dependency-path: .github/workflows/generate-srcinfo.yml
- name: Install dependencies
run: |
pipx install --python '${{ steps.setup-python.outputs.python-path }}' git+https://github.com/msys2/msys2-devtools
- uses: msys2/setup-msys2@v2
id: msys2
with:
msystem: MSYS
update: true
- name: Download srcinfo.json.gz/pypi.json.gz and set up the environment
shell: msys2 {0}
run: |
# makepkg requires strip in PATH even if it wont be used
touch /usr/bin/strip.exe
curl --fail -L --retry 5 -o srcinfo.json.gz "https://github.com/$GITHUB_REPOSITORY/releases/download/srcinfo-cache/srcinfo.json.gz"
curl --fail -L --retry 5 -o pypi.json.gz "https://github.com/$GITHUB_REPOSITORY/releases/download/srcinfo-cache/pypi.json.gz" || true
- name: Parse PKGBUILDs and update srcinfo.json.gz
run: |
msys2-srcinfo-cache --time-limit 19800 mingw '${{ steps.msys2.outputs.msys2-location }}' . srcinfo.json.gz
- name: Update the PyPI cache
run: |
msys2-pypi-cache srcinfo.json.gz pypi.json.gz
- name: Generate SBOM
run: |
msys2-sbom srcinfo.json.gz sbom.cdx.json
- uses: actions/upload-artifact@v4
with:
name: result-win
path: |
srcinfo.json.gz
pypi.json.gz
sbom.cdx.json
update-srcinfo-linux:
needs: update-srcinfo-win
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: result-win
- name: Update vulnerability database
run: |
curl --retry 5 -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s --
./bin/grype sbom:sbom.cdx.json -o cyclonedx-json --file sbom.vuln.cdx.json
- uses: actions/upload-artifact@v4
with:
name: result-linux
path: |
sbom.vuln.cdx.json
upload-srcinfo:
needs: [update-srcinfo-win, update-srcinfo-linux]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/download-artifact@v4
with:
pattern: result-*
merge-multiple: true
- name: Upload srcinfo.json.gz
run: |
gh release upload srcinfo-cache srcinfo.json.gz pypi.json.gz sbom.cdx.json sbom.vuln.cdx.json --clobber --repo "$GITHUB_REPOSITORY"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: |
curl -X POST 'https://packages.msys2.org/api/trigger_update'