94b0beed4b
Workflows stopped running since we were on old MacOS versions. Using latest should fix this longer-term.
46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
---
|
|
name: Check that binaries are reproducible
|
|
on:
|
|
push:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
|
|
jobs:
|
|
check_hashes:
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, macos-latest]
|
|
fail-fast: false
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
submodules: "true"
|
|
- name: Install Rust toolchain
|
|
run: rustup show
|
|
- uses: actions/setup-python@v1
|
|
with:
|
|
python-version: 3.7
|
|
- name: Install Python dependencies
|
|
run: python -m pip install --upgrade pip setuptools wheel
|
|
- name: Set up OpenSK
|
|
run: ./setup.sh
|
|
|
|
- name: Use sample cryptographic material
|
|
run: rm -R crypto_data/ && cp -r reproducible/sample_crypto_data crypto_data
|
|
- name: Computing cryptographic hashes
|
|
run: ./maintainers/reproduce_hashes.sh
|
|
|
|
- name: Upload reproduced binaries
|
|
uses: actions/upload-artifact@v1
|
|
with:
|
|
name: reproduced-${{ matrix.os }}
|
|
path: reproducible/reproduced.tar
|
|
|
|
- name: Comparing binary sizes
|
|
if: always()
|
|
run: git diff --no-index reproducible/reference_elf2tab_${{ matrix.os }}.txt reproducible/elf2tab.txt || true
|
|
- name: Comparing cryptographic hashes
|
|
if: always()
|
|
run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum || true
|