e5ba9db644
* Reworks some workflows to run a script instead Advantages are: - Only one set of tests needs maintenance. - Local results match workflows, no surprises. - Reduced reliance on GitHub actions. Fixes #50, #168, #169, #171, #507 * Adds macos to the test matrix
44 lines
1.3 KiB
YAML
44 lines
1.3 KiB
YAML
---
|
|
name: Check that binaries are reproducible
|
|
on:
|
|
push:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
|
|
jobs:
|
|
check_hashes:
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, macos-latest]
|
|
fail-fast: false
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
submodules: "true"
|
|
- name: Install Rust toolchain
|
|
run: rustup show
|
|
- uses: actions/setup-python@v1
|
|
with:
|
|
python-version: "3.10"
|
|
- name: Set up OpenSK
|
|
run: ./setup.sh
|
|
|
|
- name: Use sample cryptographic material
|
|
run: rm -R crypto_data/ && cp -r reproducible/sample_crypto_data crypto_data
|
|
- name: Computing cryptographic hashes
|
|
run: ./maintainers/reproduce_hashes.sh
|
|
|
|
- name: Upload reproduced binaries
|
|
uses: actions/upload-artifact@v1
|
|
with:
|
|
name: reproduced-${{ matrix.os }}
|
|
path: reproducible/reproduced.tar
|
|
|
|
- name: Comparing binary sizes
|
|
if: always()
|
|
run: git diff --no-index reproducible/reference_elf2tab_${{ matrix.os }}.txt reproducible/elf2tab.txt || true
|
|
- name: Comparing cryptographic hashes
|
|
if: always()
|
|
run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum || true
|