Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-24 00:40:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

set -euo pipefail & use github outputs

Browse Source
This commit is contained in:
miampf 2025-02-20 14:05:09 +01:00
parent b384971232
commit 730a532cf7
No known key found for this signature in database
GPG Key ID: EF039364B5B6886C
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/check-measurements-reproducibility.yml vendored
View File

@ -31,6 +31,7 @@ jobs:
jd-diff-patch jd-diff-patch
moreutils moreutils
- name: Build images - name: Build images
id: build-images
run: | run: |
set -euo pipefail set -euo pipefail
shopt -s extglob shopt -s extglob
@ -38,7 +39,7 @@ jobs:
# Build required binaries # Build required binaries
bazel build //image/system:stable bazel build //image/system:stable
bazel build //image/measured-boot/cmd bazel build //image/measured-boot/cmd
buildPath="$PWD/bazel-bin/image" echo "buildPath=$PWD/bazel-bin/image" | tee -a "$GITHUB_OUTPUT"
cd "$(mktemp -d)" cd "$(mktemp -d)"
- name: Download measurements - name: Download measurements
@ -47,7 +48,8 @@ jobs:
- name: Cleanup release measurements and generate our own - name: Cleanup release measurements and generate our own
run: | run: |
for directory in "$buildPath"/system/!(mkosi_wrapper.sh); do set -euo pipefail
for directory in ${{ steps.build-images.outputs.buildPath }}/system/!(mkosi_wrapper.sh); do
dirname="$(basename "$directory")" dirname="$(basename "$directory")"
csp="$(echo "$dirname" | cut -d_ -f1)" csp="$(echo "$dirname" | cut -d_ -f1)"
attestationVariant="$(echo "$dirname" | cut -d_ -f2)" attestationVariant="$(echo "$dirname" | cut -d_ -f2)"
@ -74,12 +76,13 @@ jobs:
' \ ' \
measurements.json > "$attestationVariant"_their-measurements.json measurements.json > "$attestationVariant"_their-measurements.json
sudo env "PATH=$PATH" "$buildPath/measured-boot/cmd/cmd_/cmd" "$directory/constellation" ./"$attestationVariant"_own-measurements.json sudo env "PATH=$PATH" "${{ steps.build-images.outputs.buildPath }}/measured-boot/cmd/cmd_/cmd" "$directory/constellation" ./"$attestationVariant"_own-measurements.json
done done
- name: Compare measurements - name: Compare measurements
run: | run: |
for directory in "$buildPath"/system/!(mkosi_wrapper.sh); do set -euo pipefail
for directory in ${{ steps.build-images.outputs.buildPath }}/system/!(mkosi_wrapper.sh); do
dirname="$(basename "$directory")" dirname="$(basename "$directory")"
attestationVariant="$(echo "$dirname" | cut -d_ -f2)" attestationVariant="$(echo "$dirname" | cut -d_ -f2)"