51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
name: Verifiable Build
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'program-v*'
|
|
|
|
env:
|
|
APP_NAME: mango_v4
|
|
|
|
jobs:
|
|
build:
|
|
name: Build Verifiable Artifact
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
submodules: 'recursive'
|
|
|
|
- name: Setup Anchor
|
|
run: |
|
|
cargo install --git https://github.com/coral-xyz/anchor --rev 4e5280be46d859ba1c57fabe4c3916bec742fd69 anchor-cli --locked --force
|
|
|
|
- name: Verifiable Build
|
|
run: |
|
|
anchor build --verifiable --docker-image backpackapp/build:v0.28.0 --solana-version 1.16.14 --env GITHUB_SHA --env GITHUB_REF_NAME -- --features enable-gpl
|
|
|
|
- name: Generate Checksum
|
|
run: |
|
|
echo "CHECKSUM=$(sha256sum ./target/verifiable/${{ env.APP_NAME }}.so | head -c 64)" >> $GITHUB_ENV
|
|
|
|
- name: Generate SBOM
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
scan-type: 'fs'
|
|
format: 'cyclonedx'
|
|
output: '${{ env.APP_NAME }}-${{ github.ref_name }}-sbom.json'
|
|
|
|
- name: Create Release
|
|
id: create_release
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
tag_name: ${{ github.ref_name }}
|
|
name: ${{ github.ref_name }}
|
|
body: |
|
|
sha256 checksum: ${{ env.CHECKSUM }}
|
|
github commit: ${{ github.sha }}
|
|
files: |
|
|
./target/verifiable/${{ env.APP_NAME }}.so
|
|
./${{ env.APP_NAME }}-${{ github.ref_name }}-sbom.json
|