From 65eea7f4bd1079b81715fc9d6fd7dc84202ad8ac Mon Sep 17 00:00:00 2001
From: miampf <miampf@proton.me>
Date: Tue, 4 Mar 2025 12:09:38 +0100
Subject: [PATCH] implement more suggestions

---
 .../actions/check_measurements_reproducibility/action.yml | 8 +++-----
 .../create_measurements.sh                                | 2 +-
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/actions/check_measurements_reproducibility/action.yml b/.github/actions/check_measurements_reproducibility/action.yml
index 2a4a24a21..ea2407115 100644
--- a/.github/actions/check_measurements_reproducibility/action.yml
+++ b/.github/actions/check_measurements_reproducibility/action.yml
@@ -39,22 +39,20 @@ runs:
         # Build required binaries
         pushd release
         bazel build //image/system:stable
-        bazel build //image/measured-boot/cmd
         echo "buildPath=$PWD/bazel-bin/image" | tee -a "$GITHUB_OUTPUT"
-        cd "$(mktemp -d)"
         popd
 
     - name: Download measurements
       shell: bash
       run: |
-        curl -O https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/${{ inputs.version }}/image/measurements.json
+        curl -fsLO https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/${{ inputs.version }}/image/measurements.json
     
     - name: Cleanup release measurements and generate our own
       shell: bash
       run: |
-        ./.github/actions/check_measurements_reproducibility/create_measurements.sh "${{ steps.build-images.outputs.buildPath }}"
+        ${{ github.action_path }}/create_measurements.sh "${{ steps.build-images.outputs.buildPath }}"
         
     - name: Compare measurements
       shell: bash
       run: |
-        ./.github/actions/check_measurements_reproducibility/compare_measurements.sh "${{ steps.build-images.outputs.buildPath }}"
+        ${{ github.action_path }}/compare_measurements.sh "${{ steps.build-images.outputs.buildPath }}"
diff --git a/.github/actions/check_measurements_reproducibility/create_measurements.sh b/.github/actions/check_measurements_reproducibility/create_measurements.sh
index 6efa9862e..4cabd5df0 100755
--- a/.github/actions/check_measurements_reproducibility/create_measurements.sh
+++ b/.github/actions/check_measurements_reproducibility/create_measurements.sh
@@ -24,5 +24,5 @@ for directory in "$1"/system/!(mkosi_wrapper.sh); do
   ' \
     measurements.json > "$attestationVariant"_their-measurements.json
 
-  sudo --preserve-env "$1/measured-boot/cmd/cmd_/cmd" "$directory/constellation" /dev/stdout | jq '.measurements' > ./"$attestationVariant"_own-measurements.json
+  bazel run --run_under "sudo --preserve-env" //image/measured-boot/cmd -- "$directory/constellation" /dev/stdout | jq '.measurements' > ./"$attestationVariant"_own-measurements.json
 done