-
Notifications
You must be signed in to change notification settings - Fork 412
74 lines (66 loc) · 2.2 KB
/
kernelctf-release-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
name: kernelCTF release build
on:
workflow_dispatch:
inputs:
releaseId:
description: 'Release ID'
type: string
required: true
branch:
description: 'Branch, tag or commit'
type: string
required: false
workflow_call:
inputs:
releaseId:
type: string
branch:
type: string
run-name: 'kernelCTF release: ${{inputs.releaseId}}'
permissions: {}
defaults:
run:
shell: bash
working-directory: kernelctf
jobs:
build:
runs-on: ubuntu-24.04
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Check release does not exist yet
run: curl --fail -I https://storage.googleapis.com/kernelctf-build/releases/${{inputs.releaseId}}/bzImage && exit 1 || true
- name: Install prerequisites
run: sudo apt install -yq --no-install-recommends build-essential flex bison bc ca-certificates libelf-dev libssl-dev cpio pahole
- name: Build
run: ./build_release.sh ${{inputs.releaseId}} ${{inputs.branch}}
- name: Show releases
run: find releases -type f|xargs ls -al
- name: Upload release artifact
uses: actions/upload-artifact@v4
with:
name: ${{inputs.releaseId}}
path: kernelctf/releases/${{inputs.releaseId}}
if-no-files-found: error
include-hidden-files: true
upload:
runs-on: ubuntu-24.04
needs: build
steps:
- name: Download exploit
uses: actions/download-artifact@v4
with:
name: ${{inputs.releaseId}}
path: ./kernelctf/releases/${{inputs.releaseId}}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: '${{secrets.KERNELCTF_GCS_SA_KEY}}'
- name: Upload release
uses: 'google-github-actions/upload-cloud-storage@v2'
with:
path: kernelctf/releases/${{inputs.releaseId}}
destination: kernelctf-build/releases
predefinedAcl: publicRead
gzip: false # most of the files are compressed already, do not compress them again
process_gcloudignore: false # removes warnings that .gcloudignore file does not exist