Skip to content
Test PR

Merge dev branch #124

Sign in to view logs

Merge dev branch

Merge dev branch #124

Workflow file for this run

.github/workflows/pr.yml at 925369d
name: "Test PR"
on:
- pull_request
jobs:
build:
strategy:
matrix:
profiles:
- verity-full,docker-ext
- verity-full,docker
runs-on: ubuntu-latest
steps:
- name: Install cosign
uses: sigstore/[email protected]
- name: setup-mkosi
uses: sorenisanerd/mkosi@main
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: dsaltares/fetch-gh-release-asset@master
id: tools-fetch
with:
repo: ${{ github.repository_owner }}/mangos-tools
version: latest
file: 'mangos\.tools_.*\.tar\.zst.*'
regex: true
target: 'dl/'
- name: Verify tools signature
env:
tag: ${{ steps.tools-fetch.outputs.version }}
run: |
cosign verify-blob --bundle dl/mangos.tools_*.tar.zst.sigbundle \
--certificate-identity "${{ github.server_url }}/${{ github.repository_owner }}/mangos-tools/.github/workflows/build.yml@refs/tags/${tag}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
dl/mangos.tools_*.tar.zst
- name: Decompress and stage tools
run: mkdir mkosi.tools ; tar -x --zstd -f dl/mangos.tools_*.tar.zst -C mkosi.tools
- uses: dsaltares/fetch-gh-release-asset@master
id: pkgs-fetch
with:
repo: ${{ github.repository_owner }}/mangos-tools
version: latest
file: 'mangos.packages_.*\.tar\.zst.*'
regex: true
target: 'dl/'
- name: Verify packages signature
env:
tag: ${{ steps.pkgs-fetch.outputs.version }}
run: |
cosign verify-blob --bundle dl/mangos.packages_*.tar.zst.sigbundle \
--certificate-identity "${{ github.server_url }}/${{ github.repository_owner }}/mangos-tools/.github/workflows/build.yml@refs/tags/${tag}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
dl/mangos.packages_*.tar.zst
- name: Decompress and stage packages
run: mkdir mkosi.packages ; tar -x --zstd -f dl/mangos.packages_*.tar.zst -C mkosi.packages
- name: Generate key
run: |
#!/bin/sh
mkosi genkey
- name: Download Hashistack
run: |
./hashiext-download.sh
- name: Run mkosi
env:
profiles: ${{ matrix.profiles }}
MANGOS_GITHUB_URL: ${{ github.server_url }}/${{ github.repository }}
run: |
mkosi -E RUNNER_ENVIRONMENT --debug --profile= --profile="${profiles},hashistack"
mkosi -E RUNNER_ENVIRONMENT --debug --profile= --profile="${profiles},installer"
- name: List built artifacts
run: find out/
- name: Export image version for later steps
run: echo IMAGE_VERSION="$(./mkosi.version)" >> $GITHUB_ENV
- name: Test it
run: |
#!/bin/bash
set -x
set -e
sudo apt-get update -y
# mkosi doesn't pick this up from the tools dir for some reason
sudo apt-get install -y ovmf
./run_tests.sh
exit $?
- name: Remove symlinks
run: find out/ -type l -delete
- name: Compress artifacts
run: |
shopt -s nullglob
for file in out/mangos{,-installer}_${IMAGE_VERSION}.{raw,efi} out/docker*_${IMAGE_VERSION}.raw
do
zstd --rm "$file"
done
# - name: Sign artifacts
# run: for file in out/mangos* ; do cosign sign-blob -d -y --bundle "${file}.sigbundle" "${file}" > /dev/null; done
- name: Upload build artifact (disk)
id: upload-disk
uses: actions/upload-artifact@v4
with:
path: |
out/mangos_${{ env.IMAGE_VERSION }}.efi.zst
out/mangos_${{ env.IMAGE_VERSION }}.root-x86-64.*.zst
out/mangos_${{ env.IMAGE_VERSION }}.root-x86-64-verity.*.zst
out/mangos_${{ env.IMAGE_VERSION }}.root-x86-64-verity-sig.*.zst
out/mangos_${{ env.IMAGE_VERSION }}.raw.zst
out/mangos_${{ env.IMAGE_VERSION }}.cyclonedx.json
out/mangos_${{ env.IMAGE_VERSION }}.github.json
out/mangos_${{ env.IMAGE_VERSION }}.spdx.json
out/mangos_${{ env.IMAGE_VERSION }}.syft.json
out/mangos_${{ env.IMAGE_VERSION }}.manifest
out/mangosctl
out/docker*_${{ env.IMAGE_VERSION }}.raw.zst
out/mangos-installer_${{ env.IMAGE_VERSION }}.raw.zst
out/mangos-installer_${{ env.IMAGE_VERSION }}.cyclonedx.json
out/mangos-installer_${{ env.IMAGE_VERSION }}.github.json
out/mangos-installer_${{ env.IMAGE_VERSION }}.spdx.json
out/mangos-installer_${{ env.IMAGE_VERSION }}.syft.json
name: mangos.${{ matrix.profiles }}