Reproducible Docker Builds #534
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Reproducible | |
| on: | |
| push: | |
| branches: | |
| # This is the recommended development branch for this workflow; pushing it will trigger a build. | |
| - reproducible | |
| tags: | |
| # The tag used when preparing a release. | |
| - release-candidate | |
| schedule: | |
| # Nightly test. | |
| - cron: "0 0 * * *" | |
| workflow_dispatch: | |
| inputs: | |
| jobs: | |
| docker_build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12] | |
| steps: | |
| - name: Unbork mac | |
| run: | | |
| if command -v brew ; then | |
| brew install bash | |
| brew install coreutils | |
| echo "/usr/local/bin" >> $GITHUB_PATH | |
| echo "$(brew --prefix)/opt/gnu-sed/libexec/gnubin" >> $GITHUB_PATH | |
| fi | |
| - uses: docker-practice/actions-setup-docker@master | |
| timeout-minutes: 12 | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Helps with debugging | |
| - name: Show versions | |
| run: | | |
| echo bash --version | |
| bash --version | |
| echo docker --version | |
| docker --version | |
| - name: Build | |
| run: ./scripts/docker-build | |
| - name: 'Upload nns-dapp wasm module' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: nns-dapp-mainnet-wasm-${{ matrix.os }} | |
| path: nns-dapp.wasm.gz | |
| retention-days: 3 | |
| - name: 'Upload assets' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: nns-dapp-assets-${{ matrix.os }} | |
| path: assets.tar.xz | |
| retention-days: 3 | |
| - name: 'Output the wasm hash' | |
| run: | | |
| mkdir -p hashes | |
| sha256sum nns-dapp.wasm.gz > "hashes/nns-dapp-wasm_sha256_${{ matrix.os }}_${{ matrix.time }}.txt" | |
| - name: 'Output the assets hash' | |
| run: | | |
| sha256sum assets.tar.xz > "hashes/assets_sha256_${{ matrix.os }}_${{ matrix.time }}.txt" | |
| - name: 'Upload hashes' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: hashes | |
| path: hashes/*.txt | |
| compare_hashes: | |
| runs-on: ubuntu-latest | |
| needs: [docker_build] | |
| steps: | |
| - name: Get hashes | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: hashes | |
| path: hashes | |
| - name: Print hashes | |
| run: | | |
| echo Hashes: | |
| grep -r . hashes/ | awk -F: '{printf "%s: %s\n", $2, $1}' | sort | |
| # If the assets hashes differ, the Wasm hashes will also | |
| # differ, so we only check the Wasm hashes. | |
| (( $(cat hashes/nns-dapp-wasm_*.txt | sort | uniq | wc -l) == 1 )) |