mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-02-24 17:00:21 -05:00
36 lines
1.2 KiB
YAML
36 lines
1.2 KiB
YAML
name: Check measurements reproducibility
|
|
on:
|
|
release:
|
|
types: [created]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
check-reproducibility:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
ref: ${{ github.event.release.tag_name }}
|
|
- name: Set up bazel
|
|
uses: ./.github/actions/setup_bazel_nix
|
|
with:
|
|
useCache: "false"
|
|
nixTools: |
|
|
systemdUkify
|
|
jd-diff-patch
|
|
- name: Build images and produce measurements
|
|
run: |
|
|
# Build required binaries
|
|
bazel build //image/system:stable
|
|
bazel build //image/measured-boot/cmd
|
|
buildPath="$PWD/bazel-bin/image"
|
|
|
|
# create measurements
|
|
cd $(mktemp -d)
|
|
sudo env "PATH=$PATH" "$buildPath/measured-boot/cmd/cmd_/cmd" "$buildPath/system/qemu_qemu-vtpm_stable/constellation" ./own-measurements.json
|
|
|
|
# download release measurements and compare
|
|
curl -O https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.20.0/image/measurements.json
|
|
jd -set ./own-measurements.json ./measurements.json
|