Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-01-26 15:27:53 -05:00
Code Issues Packages Projects Releases Wiki Activity

mkosi pipeline: Collect hashes

Browse Source
This commit is contained in:
Malte Poll 2022-10-02 00:48:06 +02:00 committed by Malte Poll
parent 714b368a62
commit f4e69ec6ec
1 changed files with 81 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
.github/workflows/build-os-image.yml vendored
View File

@ -18,6 +18,9 @@ jobs:
permissions: permissions:
contents: read contents: read
packages: read packages: read
outputs:
bootstrapper-sha256: ${{ steps.collect-hashes.outputs.bootstrapper-sha256 }}
disk-mapper-sha256: ${{ steps.collect-hashes.outputs.disk-mapper-sha256 }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791
@ -48,15 +51,43 @@ jobs:
${{ github.workspace }}/build/disk-mapper ${{ github.workspace }}/build/disk-mapper
- name: Collect hashes - name: Collect hashes
id: collect-hashes
run: | run: |
echo "::set-output name=bootstrapper-sha256::$(sha256sum bootstrapper)" echo "bootstrapper-sha256=$(sha256sum bootstrapper | head -c 64)" >> $GITHUB_OUTPUT
echo "::set-output name=disk-mapper-sha256::$(sha256sum disk-mapper)" echo "disk-mapper-sha256=$(sha256sum disk-mapper | head -c 64)" >> $GITHUB_OUTPUT
working-directory: ${{ github.workspace }}/build working-directory: ${{ github.workspace }}/build
make-os-image: make-os-image:
name: "Build OS using mkosi" name: "Build OS using mkosi"
needs: build-dependencies needs: build-dependencies
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
# TODO: flatten outputs once possible
# https://github.com/community/community/discussions/17245
outputs:
image-raw-azure-sha256: ${{ steps.collect-hashes.outputs.image-raw-azure-sha256 }}
image-raw-gcp-sha256: ${{ steps.collect-hashes.outputs.image-raw-gcp-sha256 }}
image-raw-qemu-sha256: ${{ steps.collect-hashes.outputs.image-raw-qemu-sha256 }}
image-efi-azure-sha256: ${{ steps.collect-hashes.outputs.image-efi-azure-sha256 }}
image-efi-gcp-sha256: ${{ steps.collect-hashes.outputs.image-efi-gcp-sha256 }}
image-efi-qemu-sha256: ${{ steps.collect-hashes.outputs.image-efi-qemu-sha256 }}
image-initrd-azure-sha256: ${{ steps.collect-hashes.outputs.image-initrd-azure-sha256 }}
image-initrd-gcp-sha256: ${{ steps.collect-hashes.outputs.image-initrd-gcp-sha256 }}
image-initrd-qemu-sha256: ${{ steps.collect-hashes.outputs.image-initrd-qemu-sha256 }}
image-root-raw-azure-sha256: ${{ steps.collect-hashes.outputs.image-root-raw-azure-sha256 }}
image-root-raw-gcp-sha256: ${{ steps.collect-hashes.outputs.image-root-raw-gcp-sha256 }}
image-root-raw-qemu-sha256: ${{ steps.collect-hashes.outputs.image-root-raw-qemu-sha256 }}
image-root-verity-azure-sha256: ${{ steps.collect-hashes.outputs.image-root-verity-azure-sha256 }}
image-root-verity-gcp-sha256: ${{ steps.collect-hashes.outputs.image-root-verity-gcp-sha256 }}
image-root-verity-qemu-sha256: ${{ steps.collect-hashes.outputs.image-root-verity-qemu-sha256 }}
image-vmlinuz-azure-sha256: ${{ steps.collect-hashes.outputs.image-vmlinuz-azure-sha256 }}
image-vmlinuz-gcp-sha256: ${{ steps.collect-hashes.outputs.image-vmlinuz-gcp-sha256 }}
image-vmlinuz-qemu-sha256: ${{ steps.collect-hashes.outputs.image-vmlinuz-qemu-sha256 }}
image-raw-changelog-azure-sha256: ${{ steps.collect-hashes.outputs.image-raw-changelog-azure-sha256 }}
image-raw-changelog-gcp-sha256: ${{ steps.collect-hashes.outputs.image-raw-changelog-gcp-sha256 }}
image-raw-changelog-qemu-sha256: ${{ steps.collect-hashes.outputs.image-raw-changelog-qemu-sha256 }}
image-raw-manifest-azure-sha256: ${{ steps.collect-hashes.outputs.image-raw-manifest-azure-sha256 }}
image-raw-manifest-gcp-sha256: ${{ steps.collect-hashes.outputs.image-raw-manifest-gcp-sha256 }}
image-raw-manifest-qemu-sha256: ${{ steps.collect-hashes.outputs.image-raw-manifest-qemu-sha256 }}
strategy: strategy:
matrix: matrix:
csp: [azure, gcp, qemu] csp: [azure, gcp, qemu]
@ -101,6 +132,20 @@ jobs:
DISK_MAPPER_BINARY: ${{ github.workspace }}/build/disk-mapper DISK_MAPPER_BINARY: ${{ github.workspace }}/build/disk-mapper
CSP: ${{ matrix.csp }} CSP: ${{ matrix.csp }}
- name: Collect hashes
id: collect-hashes
run: |
echo "image-raw-${{ matrix.csp }}-sha256=$(sha256sum image.raw | head -c 64)" >> $GITHUB_OUTPUT
echo "image-efi-${{ matrix.csp }}-sha256=$(sha256sum image.efi | head -c 64)" >> $GITHUB_OUTPUT
echo "image-initrd-${{ matrix.csp }}-sha256=$(sha256sum image.initrd | head -c 64)" >> $GITHUB_OUTPUT
echo "image-root-raw-${{ matrix.csp }}-sha256=$(sha256sum image.root.raw | head -c 64)" >> $GITHUB_OUTPUT
echo "image-root-verity-${{ matrix.csp }}-sha256=$(sha256sum image.root.verity | head -c 64)" >> $GITHUB_OUTPUT
echo "image-vmlinuz-${{ matrix.csp }}-sha256=$(sha256sum image.vmlinuz | head -c 64)" >> $GITHUB_OUTPUT
echo "image-raw-changelog-${{ matrix.csp }}-sha256=$(sha256sum image.raw.changelog | head -c 64)" >> $GITHUB_OUTPUT
echo "image-raw-manifest-${{ matrix.csp }}-sha256=$(sha256sum image.raw.manifest | head -c 64)" >> $GITHUB_OUTPUT
working-directory: ${{ github.workspace }}/image/mkosi/mkosi.output.${{ matrix.csp }}/fedora~36
continue-on-error: true
- name: Upload raw OS image as artifact - name: Upload raw OS image as artifact
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
with: with:
@ -285,7 +330,7 @@ jobs:
generate-sbom: generate-sbom:
name: "Generate SBOM" name: "Generate SBOM"
needs: make-os-image needs: [build-dependencies, make-os-image]
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: Install squashfs tools - name: Install squashfs tools
@ -325,3 +370,36 @@ jobs:
path: image.root.tree path: image.root.tree
artifact-name: sbom.syft.json artifact-name: sbom.syft.json
format: syft-json format: syft-json
- name: Combine hashes
run: |
cat > SHA256SUMS <<EOF
${{ needs.build-dependencies.outputs.bootstrapper-sha256 }} bootstrapper
${{ needs.build-dependencies.outputs.disk-mapper-sha256 }} disk-mapper
${{ needs.make-os-image.outputs.image-raw-azure-sha256 }} azure/image.raw
${{ needs.make-os-image.outputs.image-raw-changelog-azure-sha256 }} azure/image.raw.changelog
${{ needs.make-os-image.outputs.image-raw-manifest-azure-sha256 }} azure/image.raw.manifest
${{ needs.make-os-image.outputs.image-efi-azure-sha256 }} azure/image.efi
${{ needs.make-os-image.outputs.image-initrd-azure-sha256 }} azure/image.initrd
${{ needs.make-os-image.outputs.image-root-raw-azure-sha256 }} azure/image.root.raw
${{ needs.make-os-image.outputs.image-root-verity-azure-sha256 }} azure/image.root.verity
${{ needs.make-os-image.outputs.image-vmlinuz-azure-sha256 }} azure/image.vmlinuz
${{ needs.make-os-image.outputs.image-raw-gcp-sha256 }} gcp/image.raw
${{ needs.make-os-image.outputs.image-raw-changelog-gcp-sha256 }} gcp/image.raw.changelog
${{ needs.make-os-image.outputs.image-raw-manifest-gcp-sha256 }} gcp/image.raw.manifest
${{ needs.make-os-image.outputs.image-efi-gcp-sha256 }} gcp/image.efi
${{ needs.make-os-image.outputs.image-initrd-gcp-sha256 }} gcp/image.initrd
${{ needs.make-os-image.outputs.image-root-raw-gcp-sha256 }} gcp/image.root.raw
${{ needs.make-os-image.outputs.image-root-verity-gcp-sha256 }} gcp/image.root.verity
${{ needs.make-os-image.outputs.image-vmlinuz-gcp-sha256 }} gcp/image.vmlinuz
${{ needs.make-os-image.outputs.image-raw-qemu-sha256 }} qemu/image.raw
${{ needs.make-os-image.outputs.image-raw-changelog-qemu-sha256 }} qemu/image.raw.changelog
${{ needs.make-os-image.outputs.image-raw-manifest-qemu-sha256 }} qemu/image.raw.manifest
${{ needs.make-os-image.outputs.image-efi-qemu-sha256 }} qemu/image.efi
${{ needs.make-os-image.outputs.image-initrd-qemu-sha256 }} qemu/image.initrd
${{ needs.make-os-image.outputs.image-root-raw-qemu-sha256 }} qemu/image.root.raw
${{ needs.make-os-image.outputs.image-root-verity-qemu-sha256 }} qemu/image.root.verity
${{ needs.make-os-image.outputs.image-vmlinuz-qemu-sha256 }} qemu/image.vmlinuz
EOF
cat SHA256SUMS
echo -e "SHA256SUMS:\n\`\`\`\n$(cat SHA256SUMS)\n\`\`\`" >> $GITHUB_STEP_SUMMARY