Skip to content

Doc: Clarify security risks of GLX + EGL back ends #227

Doc: Clarify security risks of GLX + EGL back ends

Doc: Clarify security risks of GLX + EGL back ends #227

Workflow file for this run

name: Build
on:
push:
branches:
- '**'
tags-ignore:
- '**'
pull_request:
workflow_dispatch:
env:
LJT_VERSION: 3.0.2
LJT_GPG_KEY: https://raw.githubusercontent.com/libjpeg-turbo/repo/main/LJT-GPG-KEY
jobs:
linux:
runs-on: ubuntu-latest
steps:
- name: Set global environment variables
run: |
echo "BRANCH=${GITHUB_BASE_REF:-${GITHUB_REF#refs/heads/}}" >$GITHUB_ENV
echo "LJT_URL=https://github.com/libjpeg-turbo/libjpeg-turbo/releases/download/$LJT_VERSION" >>$GITHUB_ENV
- name: Check out code
uses: actions/checkout@v3
- name: Set up build
run: |
mkdir -p $HOME/src/vgl.nightly
docker pull dcommander/buildvgl:$BRANCH
git clone --depth=1 https://github.com/VirtualGL/buildscripts.git -b $BRANCH $HOME/src/buildscripts
mkdir $HOME/libjpeg-turbo-rpm
pushd $HOME/libjpeg-turbo-rpm
wget --no-check-certificate $LJT_URL/libjpeg-turbo-official-$LJT_VERSION.x86_64.rpm $LJT_URL/libjpeg-turbo-official-$LJT_VERSION.aarch64.rpm $LJT_URL/libjpeg-turbo-official-$LJT_VERSION.i386.rpm
popd
mkdir $HOME/rpmkeys
wget --no-check-certificate "$LJT_GPG_KEY" -O $HOME/rpmkeys/LJT-GPG-KEY
wget --no-check-certificate http://www.virtualgl.org/key/VGLPR-GPG-KEY -O $HOME/rpmkeys/VGLPR-GPG-KEY
- name: Configure GPG signing
if: ${{github.event_name != 'pull_request'}}
run: |
sudo apt install -y gnupg1
printf "${{secrets.GPG_KEY}}" | base64 --decode | gpg1 --batch --import -
chmod 600 $HOME/.gnupg/gpg.conf
echo "GPG_KEY_NAME=\"${{secrets.GPG_KEY_NAME}}\"" >$HOME/src/buildscripts/gpgsign
echo "GPG_KEY_ID=${{secrets.GPG_KEY_ID}}" >>$HOME/src/buildscripts/gpgsign
echo "GPG_KEY_PASS=${{secrets.GPG_KEY_PASS}}" >>$HOME/src/buildscripts/gpgsign
- name: Build
run: |
docker run -v $HOME/src/vgl.nightly:/root/src/vgl.nightly -v $HOME/src/buildscripts:/root/src/buildscripts -v $GITHUB_WORKSPACE:/root/src/virtualgl -v $HOME/.gnupg:/root/.gnupg -v $HOME/libjpeg-turbo-rpm:/rpms -v $HOME/rpmkeys:/rpmkeys -t dcommander/buildvgl:$BRANCH bash -c "rpm --import /rpmkeys/LJT-GPG-KEY && rpm -K /rpms/*.rpm && rpm -i /rpms/*86*.rpm && pushd /opt/arm64 && rpm2cpio /rpms/*aarch64*.rpm | cpio -id && popd && rpm --import /rpmkeys/VGLPR-GPG-KEY && ~/src/buildscripts/buildvgl -d /root/src/virtualgl -v"
sudo chown -R runner:runner $HOME/src/vgl.nightly
mv $HOME/src/vgl.nightly/latest/log-${{github.job}}.txt $HOME/src/vgl.nightly/latest/files/
- name: Configure AWS
if: ${{github.event_name != 'pull_request'}}
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}}
aws-region: ${{secrets.AWS_REGION}}
- name: Deploy
if: ${{github.event_name != 'pull_request'}}
run: |
aws s3 sync --acl public-read --delete $HOME/src/vgl.nightly/latest/files/ s3://virtualgl-pr/${{env.BRANCH}}/${{github.job}}/