ci-reproducibility #664
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: This name appears in GitHub's Checks API and in workflow's status badge. | |
name: ci-reproducibility | |
# Trigger the workflow when: | |
on: | |
push: | |
branches: | |
- main | |
- stable/* | |
# Besides pushes on the branches above, also check every day at 00:00 UTC. | |
schedule: | |
- cron: "0 0 * * *" | |
jobs: | |
check-reproducible-build: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: check-reproducibility | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Build runtime, 1. | |
id: build-1 | |
uses: oasisprotocol/oasis-sdk/.github/actions/hash-rust@main | |
with: | |
image: oasisprotocol/runtime-builder:main | |
pkg-dirs: runtime | |
binaries: cipher-paratime | |
- name: Build runtime, 2. | |
id: build-2 | |
uses: oasisprotocol/oasis-sdk/.github/actions/hash-rust@main | |
with: | |
image: oasisprotocol/runtime-builder:main | |
pkg-dirs: runtime | |
binaries: cipher-paratime | |
- name: Check binary equality | |
run: | | |
[ "${{ steps.build-1.outputs.hashes }}" == "${{ steps.build-2.outputs.hashes }}" ] | |
check-reproducible-build-sgx: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: check-reproducibility-sgx | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Build runtime, 1. | |
id: build-1 | |
uses: oasisprotocol/oasis-sdk/.github/actions/hash-rust@main | |
with: | |
image: oasisprotocol/runtime-builder:main | |
pkg-dirs: runtime | |
binaries: cipher-paratime.sgxs | |
sgx: yes | |
- name: Build runtime, 2. | |
id: build-2 | |
uses: oasisprotocol/oasis-sdk/.github/actions/hash-rust@main | |
with: | |
image: oasisprotocol/runtime-builder:main | |
pkg-dirs: runtime | |
binaries: cipher-paratime.sgxs | |
sgx: yes | |
- name: Check binary equality | |
run: | | |
[ "${{ steps.build-1.outputs.hashes }}" == "${{ steps.build-2.outputs.hashes }}" ] |