Skip to content

CI: move potentially exploitable vars to env #12

CI: move potentially exploitable vars to env

CI: move potentially exploitable vars to env #12

Workflow file for this run

name: Vagrant
on:
push:
branches:
- master
- dev
- 'dev/**'
paths:
- '.github/workflows/vagrant.yml'
- 'scripts/Vagrantfile'
pull_request:
paths:
- '.github/workflows/vagrant.yml'
- 'scripts/Vagrantfile'
schedule:
# approx biweekly
- cron: '0 0 7,28 * *'
workflow_dispatch:
permissions: {} # none
jobs:
build:
permissions:
contents: read
runs-on: ubuntu-latest
steps:
- name: Clone repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Vagrant repo
run: |
# https://developer.hashicorp.com/vagrant/downloads#linux
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
- name: Install packages
run: |
sudo apt update
sudo apt install -y vagrant virtualbox
- name: Install vagrant-disksize plugin
run: vagrant plugin install vagrant-disksize
- name: Run "vagrant up" in scripts directory
run: |
cd scripts
vagrant up
- name: Test build coreutils
run: |
cd scripts
vagrant ssh -c "cd ~/termux-packages; ./build-package.sh coreutils"
- name: Generate build artifacts
run: |
if [[ -z "$(find output -type f)" ]]; then
echo "ERROR: No files found in output dir" 1>&2
exit 1
fi
mkdir -p artifacts debs
find output -name "*.deb" -type f -print0 | xargs -0r mv -t debs/
# Files containing certain symbols (e.g. ":") will cause failure in actions/upload-artifact.
# Archiving *.deb files in a tarball to avoid issues with uploading.
tar cf artifacts/debs-${{ github.sha }}.tar debs
- name: Store *.deb files
uses: actions/upload-artifact@v4
with:
name: debs-${{ github.sha }}
path: ./artifacts