constellation/.github/workflows/azure-snp-reporter.yml

81 lines
2.5 KiB
YAML
Raw Normal View History

name: Fetch, validate and report SNP report data.
on:
workflow_dispatch:
schedule:
- cron: "0 14 * * 0"
jobs:
build-snp-reporter:
name: "Build SNP-reporter container"
runs-on: ubuntu-22.04
permissions:
packages: write
steps:
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Set up Go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: 1.20.2
- name: Build and upload azure SNP reporter container image
id: build-and-upload
uses: ./.github/actions/build_micro_service
with:
name: azure-snp-reporter
dockerfile: ./hack/azure-snp-report-verify/Dockerfile
githubToken: ${{ secrets.GITHUB_TOKEN }}
fetch-snp-report:
needs: build-snp-reporter
name: "Fetch SNP report"
runs-on: [self-hosted, azure-cvm]
env:
SHELL: /bin/bash
steps:
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Fetch SNP report
uses: ./.github/actions/azure_snp_reporter
with:
outputPath: ${{ github.workspace }}/maa-report.jwt
- name: Upload report JWT
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: maa-report.jwt
path: "${{ github.workspace }}/maa-report.jwt"
validate-snp-report:
needs: fetch-snp-report
name: "Validate SNP report"
runs-on: ubuntu-22.04
env:
SHELL: /bin/bash
steps:
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Set up Go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: 1.20.2
- name: Download report JWT
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: "maa-report.jwt"
path: "."
- name: Verify report
shell: bash
run: go run ./hack/azure-snp-report-verify/verify.go "$(cat ./maa-report.jwt)"