-
Notifications
You must be signed in to change notification settings - Fork 1
81 lines (68 loc) · 2.21 KB
/
vendor-dvd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
name: Vendor DVD CI
on:
pull_request: {}
push:
branches:
- main
schedule:
# Run weekly (04:45 AM UTC on Thursdays) to catch failures based on
# external changes.
- cron: '45 04 * * 4'
workflow_dispatch: {}
jobs:
main:
name: Mock inputs
runs-on: ubuntu-22.04
defaults:
run:
# Note: does not apply to actions.
working-directory: vendor-dvd
steps:
- name: Check out sources
uses: actions/checkout@v4
- name: Run shellcheck
run: |
shellcheck --version
shellcheck *.sh tests/*.sh ../boot-dvd/internal/vars.sh
- name: Make ISO using mock inputs
run: ./make-iso.sh
env:
USE_MOCK_INPUTS: '1'
- name: Check mock ISO
run: ./tests/test-mock-iso.sh
entrust:
name: Real inputs
runs-on: ubuntu-22.04
defaults:
run:
# Note: does not apply to actions.
working-directory: vendor-dvd
steps:
- name: Check out sources
uses: actions/checkout@v4
- name: Check if CI passed in prior run
uses: actions/cache@v3
id: vendor-dvd-passed
with:
path: passed
key: vendor-dvd-passed-${{ runner.os }}-${{ hashFiles('vendor-dvd/**') }}
- name: Authenticate to Google Cloud
if: steps.vendor-dvd-passed.outputs.cache-hit != 'true'
uses: google-github-actions/auth@v1
with:
credentials_json: '${{ secrets.GCP_SERVICE_ACCOUNT }}'
- name: Download inputs from Google Cloud Storage
if: steps.vendor-dvd-passed.outputs.cache-hit != 'true'
run: |
mkdir -p inputs
gcloud storage cp \
'gs://ncipher-nshield-firmware/2023-08 v13.4 codesafe firmware secworld/Codesafe_Lin64-13.4.3.iso.zip' \
'gs://ncipher-nshield-firmware/2023-08 v13.4 codesafe firmware secworld/SecWorld_Lin64-13.4.4.iso.zip' \
'gs://ncipher-nshield-firmware/2023-08 v13.4 codesafe firmware secworld/nShield_HSM_Firmware-13.4.4.iso.zip' \
inputs/
- name: Make ISO using real inputs
if: steps.vendor-dvd-passed.outputs.cache-hit != 'true'
run: ./make-iso.sh
- name: Make dummy file for cache
if: steps.vendor-dvd-passed.outputs.cache-hit != 'true'
run: echo 1 > ../passed