Skip to content
Build and Test

Update GitHub Actions to latest versions #15

Sign in to view logs

Update GitHub Actions to latest versions

Update GitHub Actions to latest versions #15

Workflow file for this run

.github/workflows/build-test.yml at b86fa28
name: Build and Test
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
# Set permissions explicitly for security best practices
permissions:
contents: read # For checking out code
packages: read # For pulling container images
jobs:
build-amd64:
name: Build and Test (Linux AMD64)
runs-on: ubuntu-latest # Standard x86_64 runner
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Create certificate file for build
env:
CA_BUNDLE: ${{ secrets.CA_BUNDLE }}
CA_BUNDLE_PART1: ${{ secrets.CA_BUNDLE_PART1 }}
CA_BUNDLE_PART2: ${{ secrets.CA_BUNDLE_PART2 }}
CA_BUNDLE_PART3: ${{ secrets.CA_BUNDLE_PART3 }}
CA_BUNDLE_PART4: ${{ secrets.CA_BUNDLE_PART4 }}
CA_BUNDLE_PART5: ${{ secrets.CA_BUNDLE_PART5 }}
CA_BUNDLE_PART6: ${{ secrets.CA_BUNDLE_PART6 }}
CA_BUNDLE_PART7: ${{ secrets.CA_BUNDLE_PART7 }}
CA_BUNDLE_PART8: ${{ secrets.CA_BUNDLE_PART8 }}
CA_BUNDLE_PART9: ${{ secrets.CA_BUNDLE_PART9 }}
run: |
./scripts/assemble-certificates.sh --verify
- name: Build amd64 minimal container
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile.optimized
push: false
platforms: linux/amd64
tags: cac-builder:minimal-test
cache-from: type=gha
cache-to: type=gha,mode=max
load: true
- name: Test minimal container
run: |
docker run --rm cac-builder:minimal-test -c "mkdir -p /content/build && cd /content/build && cmake .. && echo 'Build environment test: SUCCESS'"
- name: Build amd64 full container
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
push: false
platforms: linux/amd64
tags: cac-builder:full-test
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
BUILD_TYPE=full
load: true
- name: Test full container
run: |
mkdir -p output
docker run -v ${{ github.workspace }}/output:/output --rm cac-builder:full-test -c "ls /content/build/ssg-* && cp /content/build/ssg-* /output/ 2>/dev/null || echo 'No content found, checking build environment'"
- name: Collect build info
run: |
# Create a detailed build-info file
{
echo "===== AMD64 Build Information ====="
echo "Build timestamp: $(date)"
echo "Architecture: amd64"
echo "Runner: ${{ runner.os }}"
echo "Build triggered by: ${{ github.event_name }}"
echo "Job ID: ${{ github.job }}"
echo "Commit: ${{ github.sha }}"
echo "===== Output Files ====="
if [ "$(ls -A output/ 2>/dev/null)" ]; then
find output -type f -name "*.xml" | sort > output/amd64-file-list.txt
echo "File listing:"
cat output/amd64-file-list.txt
echo "File sizes:"
find output -type f -name "*.xml" -exec du -h {} \; | sort -h
else
echo "No output files found."
fi
} > output/amd64-build-info.txt
# Update to v4
- name: Upload amd64 artifacts
uses: actions/upload-artifact@v4
with:
name: cac-test-content-amd64
path: |
output/*.xml
output/*.xccdf.xml
output/*.ds.xml
output/amd64-build-info.txt
output/amd64-file-list.txt
if-no-files-found: warn
retention-days: 7
build-arm64:
name: Build and Test (Apple Silicon ARM64)
runs-on: macos-14 # macOS Sonoma with Apple Silicon
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Check system information
run: |
echo "OS: $(uname -s)"
echo "Architecture: $(uname -m)"
echo "Processor: $(sysctl -n machdep.cpu.brand_string)"
- name: Install Docker for Apple Silicon
run: |
# Install latest Docker Desktop for Apple Silicon
curl -L https://desktop.docker.com/mac/main/arm64/Docker.dmg -o Docker.dmg
sudo hdiutil attach Docker.dmg
sudo cp -R "/Volumes/Docker/Docker.app" /Applications/
sudo hdiutil detach "/Volumes/Docker"
open -a "/Applications/Docker.app" --args --unattended
# Wait for Docker to start
echo "Waiting for Docker to start..."
timeout=60
while ! docker info > /dev/null 2>&1; do
if [ "$timeout" -le 0 ]; then
echo "Docker failed to start"
exit 1
fi
sleep 1
timeout=$((timeout - 1))
done
echo "Docker is running"
# Show Docker info
docker info
- name: Create certificate file for build
env:
CA_BUNDLE: ${{ secrets.CA_BUNDLE }}
CA_BUNDLE_PART1: ${{ secrets.CA_BUNDLE_PART1 }}
CA_BUNDLE_PART2: ${{ secrets.CA_BUNDLE_PART2 }}
CA_BUNDLE_PART3: ${{ secrets.CA_BUNDLE_PART3 }}
CA_BUNDLE_PART4: ${{ secrets.CA_BUNDLE_PART4 }}
CA_BUNDLE_PART5: ${{ secrets.CA_BUNDLE_PART5 }}
CA_BUNDLE_PART6: ${{ secrets.CA_BUNDLE_PART6 }}
CA_BUNDLE_PART7: ${{ secrets.CA_BUNDLE_PART7 }}
CA_BUNDLE_PART8: ${{ secrets.CA_BUNDLE_PART8 }}
CA_BUNDLE_PART9: ${{ secrets.CA_BUNDLE_PART9 }}
run: |
./scripts/assemble-certificates.sh --verify
- name: Build arm64 minimal container
run: |
docker build -t cac-builder:minimal-test-arm64 -f Dockerfile.optimized .
- name: Test minimal container
run: |
docker run --rm cac-builder:minimal-test-arm64 -c "mkdir -p /content/build && cd /content/build && cmake .. && echo 'Build environment test: SUCCESS'"
- name: Build arm64 full container
run: |
docker build -t cac-builder:full-test-arm64 -f Dockerfile --build-arg BUILD_TYPE=full .
- name: Test full container
run: |
mkdir -p output
docker run -v ${{ github.workspace }}/output:/output --rm cac-builder:full-test-arm64 -c "ls /content/build/ssg-* && cp /content/build/ssg-* /output/ 2>/dev/null || echo 'No content found, checking build environment'"
- name: Collect build info
run: |
# Create a detailed build-info file
{
echo "===== ARM64 Build Information ====="
echo "Build timestamp: $(date)"
echo "Architecture: arm64"
echo "Runner: ${{ runner.os }} (Apple Silicon)"
echo "Build triggered by: ${{ github.event_name }}"
echo "Job ID: ${{ github.job }}"
echo "Commit: ${{ github.sha }}"
echo "===== Output Files ====="
if [ "$(ls -A output/ 2>/dev/null)" ]; then
find output -type f -name "*.xml" | sort > output/arm64-file-list.txt
echo "File listing:"
cat output/arm64-file-list.txt
echo "File sizes:"
find output -type f -name "*.xml" -exec du -h {} \; | sort -h
else
echo "No output files found."
fi
} > output/arm64-build-info.txt
# Update to v4
- name: Upload arm64 artifacts
uses: actions/upload-artifact@v4
with:
name: cac-test-content-arm64
path: |
output/*.xml
output/*.xccdf.xml
output/*.ds.xml
output/arm64-build-info.txt
output/arm64-file-list.txt
if-no-files-found: warn
retention-days: 7
summarize:
name: Generate Build Summary
needs: [build-amd64, build-arm64]
runs-on: ubuntu-latest
steps:
# Update to v4
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
- name: Prepare summary report
run: |
mkdir -p summary
echo "# CAC-Builder Test Results" > summary/README.md
echo "" >> summary/README.md
echo "## Build Summary" >> summary/README.md
echo "- Date: $(date)" >> summary/README.md
echo "- Commit: ${{ github.sha }}" >> summary/README.md
echo "- Triggered by: ${{ github.event_name }}" >> summary/README.md
echo "" >> summary/README.md
echo "## AMD64 Build" >> summary/README.md
if [ -f artifacts/cac-test-content-amd64/amd64-build-info.txt ]; then
echo '```' >> summary/README.md
cat artifacts/cac-test-content-amd64/amd64-build-info.txt >> summary/README.md
echo '```' >> summary/README.md
else
echo "No AMD64 build info available" >> summary/README.md
fi
echo "" >> summary/README.md
echo "## ARM64 Build" >> summary/README.md
if [ -f artifacts/cac-test-content-arm64/arm64-build-info.txt ]; then
echo '```' >> summary/README.md
cat artifacts/cac-test-content-arm64/arm64-build-info.txt >> summary/README.md
echo '```' >> summary/README.md
else
echo "No ARM64 build info available" >> summary/README.md
fi
# Update to v4
- name: Upload summary
uses: actions/upload-artifact@v4
with:
name: cac-builder-test-summary
path: summary/
retention-days: 14