Skip to content

Update global matching (#311) #12

Update global matching (#311)

Update global matching (#311) #12

name: Verifiable Build
on:
push:
tags:
- 'program-v*'
workflow_dispatch:
env:
MANIFEST_NAME: manifest
WRAPPER_NAME: wrapper
UI_WRAPPER_NAME: ui_wrapper
jobs:
build:
name: Build Verifiable Artifact
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup solana-verify
run: |
cargo install solana-verify
- name: Verifiable build manifest
run: |
solana-verify build --library-name ${{ env.MANIFEST_NAME }}
- name: Get hash manifest
run: |
solana-verify get-executable-hash target/deploy/${{ env.MANIFEST_NAME }}.so
- name: Generate checksum manifest
run: |
echo "MANIFEST_CHECKSUM=$(sha256sum ./target/deploy/${{ env.MANIFEST_NAME }}.so | head -c 64)" >> $GITHUB_ENV
- name: Generate SBOM manifest
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'cyclonedx'
output: '${{ env.MANIFEST_NAME }}-${{ github.ref_name }}-sbom.json'
- name: Verifiable build wrapper
run: |
solana-verify build --library-name ${{ env.WRAPPER_NAME }}
- name: Get hash wrapper
run: |
solana-verify get-executable-hash target/deploy/${{ env.WRAPPER_NAME }}.so
- name: Generate Checksum wrapper
run: |
echo "WRAPPER_CHECKSUM=$(sha256sum ./target/deploy/${{ env.WRAPPER_NAME }}.so | head -c 64)" >> $GITHUB_ENV
- name: Generate SBOM wrapper
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'cyclonedx'
output: '${{ env.WRAPPER_NAME }}-${{ github.ref_name }}-sbom.json'
- name: Verifiable build ui wrapper
run: |
solana-verify build --library-name ${{ env.UI_WRAPPER_NAME }}
- name: Get hash ui wrapper
run: |
solana-verify get-executable-hash target/deploy/${{ env.UI_WRAPPER_NAME }}.so
- name: Generate Checksum ui wrapper
run: |
echo "UI_WRAPPER_CHECKSUM=$(sha256sum ./target/deploy/${{ env.UI_WRAPPER_NAME }}.so | head -c 64)" >> $GITHUB_ENV
- name: Generate SBOM ui wrapper
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'cyclonedx'
output: '${{ env.UI_WRAPPER_NAME }}-${{ github.ref_name }}-sbom.json'
- name: Create Release
id: create_release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ github.ref_name }}
name: ${{ github.ref_name }}
body: |
manifest sha256 checksum: ${{ env.MANIFEST_CHECKSUM }}
wrapper sha256 checksum: ${{ env.WRAPPER_CHECKSUM }}
ui_wrapper sha256 checksum: ${{ env.UI_WRAPPER_CHECKSUM }}
github commit: ${{ github.sha }}
files: |
./target/deploy/${{ env.MANIFEST_NAME }}.so
./${{ env.MANIFEST_NAME }}-${{ github.ref_name }}-sbom.json
./target/deploy/${{ env.WRAPPER_NAME }}.so
./${{ env.WRAPPER_NAME }}-${{ github.ref_name }}-sbom.json
./target/deploy/${{ env.UI_WRAPPER_NAME }}.so
./${{ env.UI_WRAPPER_NAME }}-${{ github.ref_name }}-sbom.json