From b4a72478f470c916331247fd0c375dbb9fb46416 Mon Sep 17 00:00:00 2001
From: Keith Zantow <kzantow@gmail.com>
Date: Thu, 23 May 2024 11:35:46 -0400
Subject: [PATCH] fix: Windows runners (#315)

Signed-off-by: Keith Zantow <kzantow@gmail.com>
---
 .github/workflows/demo.yml      | 32 ---------------------
 .github/workflows/sarifdemo.yml | 49 ---------------------------------
 .github/workflows/test.yml      | 28 ++++++++++++++++++-
 dist/index.js                   | 11 ++++----
 index.js                        | 11 ++++----
 5 files changed, 37 insertions(+), 94 deletions(-)
 delete mode 100644 .github/workflows/demo.yml
 delete mode 100644 .github/workflows/sarifdemo.yml

diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml
deleted file mode 100644
index 19c4196f..00000000
--- a/.github/workflows/demo.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-name: "[Demo] Run Scan Action"
-
-on: [push, pull_request]
-
-jobs:
-  test-image:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-      - uses: ./
-        with:
-          image: "alpine:latest"
-          fail-build: false
-
-  test-directory:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-      - uses: ./
-        with:
-          path: "tests/fixtures/npm-project"
-          severity-cutoff: "negligible"
-          fail-build: false
-
-  sbom:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-      - uses: ./
-        with:
-          sbom: tests/fixtures/test_sbom.spdx.json
-          fail-build: false
diff --git a/.github/workflows/sarifdemo.yml b/.github/workflows/sarifdemo.yml
deleted file mode 100644
index 531fb56f..00000000
--- a/.github/workflows/sarifdemo.yml
+++ /dev/null
@@ -1,49 +0,0 @@
-name: "[SARIF] Run Scan Action"
-
-on: [push, pull_request]
-
-jobs:
-  sarif-image:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout the code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-      - name: Run the local Scan Action with SARIF generation enabled
-        id: scan
-        uses: ./
-        with:
-          image: "debian:8"
-          fail-build: false
-          #severity-cutoff: "Medium"
-
-      - name: Inspect Generated SARIF
-        run: cat ${{ steps.scan.outputs.sarif }}
-
-    # Commented out to prevent incorrect SARIF uploads for this action
-    # TODO: add functional tests that validate this
-    # - name: Upload SARIF
-    #   uses: github/codeql-action/upload-sarif@v2
-    #   with:
-    #     sarif_file: ${{ steps.scan.outputs.sarif }}
-
-  sarif-directory:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout the code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-      - name: Run the local Scan Action with SARIF generation enabled
-        id: scan
-        uses: ./
-        with:
-          path: "tests/fixtures/npm-project"
-          fail-build: false
-          #severity-cutoff: "Medium"
-
-      - name: Inspect Generated SARIF
-        run: cat ${{ steps.scan.outputs.sarif }}
-    # Commented out to prevent incorrect SARIF uploads for this action
-    # TODO: add functional tests that validate this
-    # - name: Upload SARIF
-    #   uses: github/codeql-action/upload-sarif@v2
-    #   with:
-    #     sarif_file: ${{ steps.scan.outputs.sarif }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a2f2f071..a054065a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -44,7 +44,7 @@ jobs:
       - run: npm run audit
       - run: npm test
 
-  test-as-action: # run actions to test some scenarios
+  test-download-action:
     runs-on: ubuntu-latest
 
     steps:
@@ -69,3 +69,29 @@ jobs:
 
       - name: "Check Grype version after scan-action"
         run: grype version | egrep "^Version:.*0.54.0$"
+
+  test-all:
+    strategy:
+      matrix:
+        config: [
+          {image: 'alpine:latest'},
+          {path: 'tests/fixtures/npm-project'},
+          {sbom: 'tests/fixtures/test_sbom.spdx.json'},
+        ]
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        output-format: [sarif, json, table]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: ./
+        id: scan
+        with:
+          image: ${{ matrix.config.image }}
+          path: ${{ matrix.config.path }}
+          sbom: ${{ matrix.config.sbom }}
+          output-format: ${{ matrix.output-format }}
+          fail-build: false
+
+      - name: Validate file exists
+        if: ${{ matrix.output-format != 'table' }}
+        run: test -f '${{ steps.scan.outputs[matrix.output-format] }}'
diff --git a/dist/index.js b/dist/index.js
index 110c006e..acef0acc 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -19,7 +19,8 @@ const fs = __nccwpck_require__(7147);
 const stream = __nccwpck_require__(2781);
 const { GRYPE_VERSION } = __nccwpck_require__(6244);
 
-const grypeBinary = "grype";
+const exeSuffix = process.platform == "win32" ? ".exe" : "";
+const grypeBinary = "grype" + exeSuffix;
 const grypeVersion = core.getInput("grype-version") || GRYPE_VERSION;
 
 async function downloadGrype(version) {
@@ -30,15 +31,13 @@ async function downloadGrype(version) {
   // TODO: when grype starts supporting unreleased versions, support it here
   // Download the installer, and run
   const installPath = await cache.downloadTool(url);
-  // Make sure the tool's executable bit is set
-  await exec.exec(`chmod +x ${installPath}`);
 
-  let cmd = `${installPath} -b ${installPath}_grype ${version}`;
+  let cmd = `sh ${installPath} -d -b ${installPath}_grype ${version}`;
   await exec.exec(cmd);
-  let grypePath = `${installPath}_grype/grype`;
+  let grypePath = `${installPath}_grype/${grypeBinary}`;
 
   // Cache the downloaded file
-  return cache.cacheFile(grypePath, `grype`, `grype`, version);
+  return cache.cacheFile(grypePath, grypeBinary, grypeBinary, version);
 }
 
 async function installGrype(version) {
diff --git a/index.js b/index.js
index 2428a4b6..9e12461c 100644
--- a/index.js
+++ b/index.js
@@ -5,7 +5,8 @@ const fs = require("fs");
 const stream = require("stream");
 const { GRYPE_VERSION } = require("./GrypeVersion");
 
-const grypeBinary = "grype";
+const exeSuffix = process.platform == "win32" ? ".exe" : "";
+const grypeBinary = "grype" + exeSuffix;
 const grypeVersion = core.getInput("grype-version") || GRYPE_VERSION;
 
 async function downloadGrype(version) {
@@ -16,15 +17,13 @@ async function downloadGrype(version) {
   // TODO: when grype starts supporting unreleased versions, support it here
   // Download the installer, and run
   const installPath = await cache.downloadTool(url);
-  // Make sure the tool's executable bit is set
-  await exec.exec(`chmod +x ${installPath}`);
 
-  let cmd = `${installPath} -b ${installPath}_grype ${version}`;
+  let cmd = `sh ${installPath} -d -b ${installPath}_grype ${version}`;
   await exec.exec(cmd);
-  let grypePath = `${installPath}_grype/grype`;
+  let grypePath = `${installPath}_grype/${grypeBinary}`;
 
   // Cache the downloaded file
-  return cache.cacheFile(grypePath, `grype`, `grype`, version);
+  return cache.cacheFile(grypePath, grypeBinary, grypeBinary, version);
 }
 
 async function installGrype(version) {