Update global matching (#311) #12
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Verifiable Build | |
on: | |
push: | |
tags: | |
- 'program-v*' | |
workflow_dispatch: | |
env: | |
MANIFEST_NAME: manifest | |
WRAPPER_NAME: wrapper | |
UI_WRAPPER_NAME: ui_wrapper | |
jobs: | |
build: | |
name: Build Verifiable Artifact | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup solana-verify | |
run: | | |
cargo install solana-verify | |
- name: Verifiable build manifest | |
run: | | |
solana-verify build --library-name ${{ env.MANIFEST_NAME }} | |
- name: Get hash manifest | |
run: | | |
solana-verify get-executable-hash target/deploy/${{ env.MANIFEST_NAME }}.so | |
- name: Generate checksum manifest | |
run: | | |
echo "MANIFEST_CHECKSUM=$(sha256sum ./target/deploy/${{ env.MANIFEST_NAME }}.so | head -c 64)" >> $GITHUB_ENV | |
- name: Generate SBOM manifest | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
format: 'cyclonedx' | |
output: '${{ env.MANIFEST_NAME }}-${{ github.ref_name }}-sbom.json' | |
- name: Verifiable build wrapper | |
run: | | |
solana-verify build --library-name ${{ env.WRAPPER_NAME }} | |
- name: Get hash wrapper | |
run: | | |
solana-verify get-executable-hash target/deploy/${{ env.WRAPPER_NAME }}.so | |
- name: Generate Checksum wrapper | |
run: | | |
echo "WRAPPER_CHECKSUM=$(sha256sum ./target/deploy/${{ env.WRAPPER_NAME }}.so | head -c 64)" >> $GITHUB_ENV | |
- name: Generate SBOM wrapper | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
format: 'cyclonedx' | |
output: '${{ env.WRAPPER_NAME }}-${{ github.ref_name }}-sbom.json' | |
- name: Verifiable build ui wrapper | |
run: | | |
solana-verify build --library-name ${{ env.UI_WRAPPER_NAME }} | |
- name: Get hash ui wrapper | |
run: | | |
solana-verify get-executable-hash target/deploy/${{ env.UI_WRAPPER_NAME }}.so | |
- name: Generate Checksum ui wrapper | |
run: | | |
echo "UI_WRAPPER_CHECKSUM=$(sha256sum ./target/deploy/${{ env.UI_WRAPPER_NAME }}.so | head -c 64)" >> $GITHUB_ENV | |
- name: Generate SBOM ui wrapper | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'fs' | |
format: 'cyclonedx' | |
output: '${{ env.UI_WRAPPER_NAME }}-${{ github.ref_name }}-sbom.json' | |
- name: Create Release | |
id: create_release | |
uses: softprops/action-gh-release@v1 | |
with: | |
tag_name: ${{ github.ref_name }} | |
name: ${{ github.ref_name }} | |
body: | | |
manifest sha256 checksum: ${{ env.MANIFEST_CHECKSUM }} | |
wrapper sha256 checksum: ${{ env.WRAPPER_CHECKSUM }} | |
ui_wrapper sha256 checksum: ${{ env.UI_WRAPPER_CHECKSUM }} | |
github commit: ${{ github.sha }} | |
files: | | |
./target/deploy/${{ env.MANIFEST_NAME }}.so | |
./${{ env.MANIFEST_NAME }}-${{ github.ref_name }}-sbom.json | |
./target/deploy/${{ env.WRAPPER_NAME }}.so | |
./${{ env.WRAPPER_NAME }}-${{ github.ref_name }}-sbom.json | |
./target/deploy/${{ env.UI_WRAPPER_NAME }}.so | |
./${{ env.UI_WRAPPER_NAME }}-${{ github.ref_name }}-sbom.json |