-
Notifications
You must be signed in to change notification settings - Fork 686
68 lines (64 loc) · 2.12 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
name: Package builds
on:
- merge_group
- push
- pull_request
# Only build for latest push/PR unless it's main or release/
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith( github.ref, 'refs/heads/release/' ) }}
defaults:
run:
shell: bash
jobs:
build-debs:
strategy:
matrix:
build: [one, two]
ubuntu_version: [focal, noble]
# TODO: change this back to ubuntu-latest once it is consistently 24.04
runs-on: ubuntu-24.04
outputs:
artifact_id: ${{ steps.upload.outputs.artifact-id }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.8'
- name: Build packages
run: |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} ./builder/build-debs.sh
- name: Build OSSEC packages
run: |
UBUNTU_VERSION=${{ matrix.ubuntu_version }} WHAT=ossec ./builder/build-debs.sh
- uses: actions/upload-artifact@v4
id: upload
with:
name: ${{ matrix.ubuntu_version }}-${{ matrix.build }}
path: build/${{ matrix.ubuntu_version }}
if-no-files-found: error
reproducible-debs:
strategy:
matrix:
ubuntu_version: [focal, noble]
runs-on: ubuntu-latest
container: debian:bookworm
needs:
- build-debs
steps:
- name: Install dependencies
run: |
apt-get update && apt-get install --yes diffoscope-minimal xz-utils \
--no-install-recommends
- uses: actions/download-artifact@v4
with:
pattern: "${{ matrix.ubuntu_version }}-*"
- name: diffoscope
run: |
find . -name '*.deb' -exec sha256sum {} \;
# FIXME: securedrop-app-code isn't reproducible
for pkg in ossec-agent ossec-server securedrop-config securedrop-keyring securedrop-ossec-agent securedrop-ossec-server
do
echo "Checking ${pkg}..."
diffoscope ${{ matrix.ubuntu_version }}-one/${pkg}_*.deb ${{ matrix.ubuntu_version }}-two/${pkg}_*.deb
done