forked from project-oak/oak
-
Notifications
You must be signed in to change notification settings - Fork 0
74 lines (61 loc) · 2.36 KB
/
provenance.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
name: Build Provenance
# See https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
build_provenance:
runs-on: ubuntu-20.04
permissions:
contents: write
steps:
- name: Mount main branch
uses: actions/checkout@v2
- name: Mount provenance branch
uses: actions/checkout@v2
with:
ref: provenance
path: provenance-branch
- name: Git setup
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
# Copied from https://github.com/jens-maus/RaspberryMatic/blob/ea6b8ce0dd2d53ea88b2766ba8d7f8e1d667281f/.github/workflows/ci.yml#L34-L40
- name: free disk space
run: |
df --human-readable
sudo swapoff --all
sudo rm --force /swapfile
sudo apt clean
docker rmi $(docker image ls --all --quiet)
df --human-readable
- name: Docker pull
timeout-minutes: 10
run: |
./scripts/docker_pull
df --human-readable
- name: Build Functions Server Provenance
run: |
./scripts/build_provenance \
"oak_functions" \
./target/x86_64-unknown-linux-musl/release/oak_functions_loader_base \
./scripts/xtask build-oak-functions-server-variants
- name: Move new provenance files to the provenance branch
if: github.event_name == 'push'
run: cp -r ./provenance/. ./provenance-branch/
- name: Commit new provenance files to the provenance branch
if: github.event_name == 'push'
run: |
git -C ./provenance-branch add .
git -C ./provenance-branch status
git -C ./provenance-branch diff --staged
git -C ./provenance-branch commit --allow-empty --message="Provenance files for ${GITHUB_SHA}"
git -C ./provenance-branch tag --annotate --message "record source commit" provenance-${GITHUB_SHA}
- name: Push provenance branch
if: github.event_name == 'push'
run: git -C ./provenance-branch push --follow-tags