83 lines
2.4 KiB
Bash
83 lines
2.4 KiB
Bash
|
#!/usr/bin/env bash
|
|||
|
|
# scripts/ci/m017_dependency_audit.sh - M-017 依赖审计四件套主脚本
|
|||
|
|
# 功能:生成SBOM、Lockfile Diff、兼容矩阵、风险登记册
|
|||
|
|
# 输入:REPORT_DATE
|
|||
|
|
# 输出:四个报告文件
|
|||
|
|
|
|||
|
|
set -e
|
|||
|
|
|
|||
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|||
|
|
PROJECT_ROOT="${PROJECT_ROOT:-$(cd "$SCRIPT_DIR/.." && pwd)}"
|
|||
|
|
|
|||
|
|
REPORT_DATE="${1:-$(date +%Y-%m-%d)}"
|
|||
|
|
REPORT_DIR="${2:-${PROJECT_ROOT}/reports/dependency}"
|
|||
|
|
|
|||
|
|
mkdir -p "$REPORT_DIR"
|
|||
|
|
|
|||
|
|
echo "[M017] Starting dependency audit for ${REPORT_DATE}"
|
|||
|
|
echo "[M017] Report directory: ${REPORT_DIR}"
|
|||
|
|
|
|||
|
|
# 1. 生成SBOM
|
|||
|
|
echo "[M017] Step 1/4: Generating SBOM..."
|
|||
|
|
if bash "${SCRIPT_DIR}/m017_sbom.sh" "$REPORT_DATE" "$REPORT_DIR"; then
|
|||
|
|
echo "[M017] SBOM generation: SUCCESS"
|
|||
|
|
else
|
|||
|
|
echo "[M017] SBOM generation: FAILED"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
# 2. 生成Lockfile Diff
|
|||
|
|
echo "[M017] Step 2/4: Generating lockfile diff..."
|
|||
|
|
if bash "${SCRIPT_DIR}/m017_lockfile_diff.sh" "$REPORT_DATE" "$REPORT_DIR"; then
|
|||
|
|
echo "[M017] Lockfile diff generation: SUCCESS"
|
|||
|
|
else
|
|||
|
|
echo "[M017] Lockfile diff generation: FAILED"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
# 3. 生成兼容矩阵
|
|||
|
|
echo "[M017] Step 3/4: Generating compatibility matrix..."
|
|||
|
|
if bash "${SCRIPT_DIR}/m017_compat_matrix.sh" "$REPORT_DATE" "$REPORT_DIR"; then
|
|||
|
|
echo "[M017] Compatibility matrix generation: SUCCESS"
|
|||
|
|
else
|
|||
|
|
echo "[M017] Compatibility matrix generation: FAILED"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
# 4. 生成风险登记册
|
|||
|
|
echo "[M017] Step 4/4: Generating risk register..."
|
|||
|
|
if bash "${SCRIPT_DIR}/m017_risk_register.sh" "$REPORT_DATE" "$REPORT_DIR"; then
|
|||
|
|
echo "[M017] Risk register generation: SUCCESS"
|
|||
|
|
else
|
|||
|
|
echo "[M017] Risk register generation: FAILED"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
# 验证所有artifacts存在
|
|||
|
|
echo "[M017] Validating artifacts..."
|
|||
|
|
ARTIFACTS=(
|
|||
|
|
"sbom_${REPORT_DATE}.spdx.json"
|
|||
|
|
"lockfile_diff_${REPORT_DATE}.md"
|
|||
|
|
"compat_matrix_${REPORT_DATE}.md"
|
|||
|
|
"risk_register_${REPORT_DATE}.md"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
ALL_PASS=true
|
|||
|
|
for artifact in "${ARTIFACTS[@]}"; do
|
|||
|
|
if [ -f "${REPORT_DIR}/${artifact}" ] && [ -s "${REPORT_DIR}/${artifact}" ]; then
|
|||
|
|
echo "[M017] ${artifact}: OK"
|
|||
|
|
else
|
|||
|
|
echo "[M017] ${artifact}: MISSING OR EMPTY"
|
|||
|
|
ALL_PASS=false
|
|||
|
|
fi
|
|||
|
|
done
|
|||
|
|
|
|||
|
|
# 输出摘要
|
|||
|
|
echo ""
|
|||
|
|
echo "========================================"
|
|||
|
|
if [ "$ALL_PASS" = true ]; then
|
|||
|
|
echo "[M017] PASS: All 4 artifacts generated successfully"
|
|||
|
|
echo "========================================"
|
|||
|
|
exit 0
|
|||
|
|
else
|
|||
|
|
echo "[M017] FAIL: One or more artifacts missing"
|
|||
|
|
echo "========================================"
|
|||
|
|
exit 1
|
|||
|
|
fi
|