CI: move potentially exploitable vars to env #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Vagrant | |
on: | |
push: | |
branches: | |
- master | |
- dev | |
- 'dev/**' | |
paths: | |
- '.github/workflows/vagrant.yml' | |
- 'scripts/Vagrantfile' | |
pull_request: | |
paths: | |
- '.github/workflows/vagrant.yml' | |
- 'scripts/Vagrantfile' | |
schedule: | |
# approx biweekly | |
- cron: '0 0 7,28 * *' | |
workflow_dispatch: | |
permissions: {} # none | |
jobs: | |
build: | |
permissions: | |
contents: read | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Set up Vagrant repo | |
run: | | |
# https://developer.hashicorp.com/vagrant/downloads#linux | |
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg | |
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list | |
- name: Install packages | |
run: | | |
sudo apt update | |
sudo apt install -y vagrant virtualbox | |
- name: Install vagrant-disksize plugin | |
run: vagrant plugin install vagrant-disksize | |
- name: Run "vagrant up" in scripts directory | |
run: | | |
cd scripts | |
vagrant up | |
- name: Test build coreutils | |
run: | | |
cd scripts | |
vagrant ssh -c "cd ~/termux-packages; ./build-package.sh coreutils" | |
- name: Generate build artifacts | |
run: | | |
if [[ -z "$(find output -type f)" ]]; then | |
echo "ERROR: No files found in output dir" 1>&2 | |
exit 1 | |
fi | |
mkdir -p artifacts debs | |
find output -name "*.deb" -type f -print0 | xargs -0r mv -t debs/ | |
# Files containing certain symbols (e.g. ":") will cause failure in actions/upload-artifact. | |
# Archiving *.deb files in a tarball to avoid issues with uploading. | |
tar cf artifacts/debs-${{ github.sha }}.tar debs | |
- name: Store *.deb files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: debs-${{ github.sha }} | |
path: ./artifacts |