Skip to content

Commit

Permalink
Add simple PR CI action
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlCutter
AlCutter committed May 10, 2023
1 parent 7139e99 commit 84a4c20
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions .github/workflows/pr_build.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: PR CI

on: [push, pull_request]

permissions: # added using https://github.com/step-security/secure-repo
contents: read

jobs:
build:
env:
TAMAGO_VERSION: 1.20.4
TAMAGO: /usr/local/tamago-go/bin/go
APPLET_PRIVATE_KEY: /tmp/applet.sec
APPLET_PUBLIC_KEY: /tmp/applet.pub
OS_PRIVATE_KEY1: /tmp/os1.sec
OS_PUBLIC_KEY1: /tmp/os1.pub
OS_PRIVATE_KEY2: /tmp/os2.sec
OS_PUBLIC_KEY2: /tmp/os2.pub
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Install tools
run: |
wget -q https://github.com/usbarmory/tamago-go/releases/download/tamago-go${TAMAGO_VERSION}/tamago-go${TAMAGO_VERSION}.linux-amd64.tar.gz
sudo tar -xf tamago-go${TAMAGO_VERSION}.linux-amd64.tar.gz -C /
sudo apt install protobuf-compiler signify-openbsd
go install google.golang.org/protobuf/cmd/[email protected]
echo "${HOME}/go/bin" >> $GITHUB_PATH
- name: Create throwaway keys & fake embed
run: |
signify-openbsd -G -n -p ${APPLET_PUBLIC_KEY} -s ${APPLET_PRIVATE_KEY}
signify-openbsd -G -n -p ${OS_PUBLIC_KEY1} -s ${OS_PRIVATE_KEY1}
signify-openbsd -G -n -p ${OS_PUBLIC_KEY2} -s ${OS_PRIVATE_KEY2}
# Now create a fake applet to embed, and sign it
mkdir -p trusted_os/assets
echo "When I grow up, I want to be an applet" > trusted_os/assets/trusted_applet.elf
signify-openbsd -S -s ${APPLET_PRIVATE_KEY} -m trusted_os/assets/trusted_applet.elf -x trusted_os/assets/trusted_applet.sig
- name: Make
run: |
DEBUG=1 make trusted_os

0 comments on commit 84a4c20

Please sign in to comment.