---
name: Check that binaries are reproducible
on:
  push:
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  check_hashes:
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
      fail-fast: false
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v2
        with:
          submodules: "true"
      - name: Install Rust toolchain
        run: rustup show
      - uses: actions/setup-python@v1
        with:
          python-version: 3.7
      - name: Install Python dependencies
        run: python -m pip install --upgrade pip setuptools wheel
      - name: Set up OpenSK
        run: ./setup.sh

      - name: Use sample cryptographic material
        run: rm -R crypto_data/ && cp -r reproducible/sample_crypto_data crypto_data
      - name: Computing cryptographic hashes
        run: ./maintainers/reproduce_hashes.sh

      - name: Upload reproduced binaries
        uses: actions/upload-artifact@v1
        with:
          name: reproduced-${{ matrix.os }}
          path: reproducible/reproduced.tar

      - name: Comparing binary sizes
        if: always()
        run: git diff --no-index reproducible/reference_elf2tab_${{ matrix.os }}.txt reproducible/elf2tab.txt || true
      - name: Comparing cryptographic hashes
        if: always()
        run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum || true