Merge pull request #18 from ciq-rocky-fips/collect_rpms #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build OpenSSL FIPS module | |
| on: | |
| push: | |
| pull_request: | |
| branches: [dist-git] | |
| jobs: | |
| mockBuild: | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name | |
| container: | |
| image: quay.io/rockylinux/rockylinux:9 | |
| options: --privileged | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build openssl rpm | |
| run: | | |
| unset DEBUG | |
| mkdir -p RESULTS | |
| if [ -z "$DEBUG" ]; then | |
| echo "Installing mock" | |
| dnf -y install epel-release | |
| dnf -y install mock rpm-build | |
| echo "Running mock build" | |
| echo "config_opts['macros']['provider'] = 'provider'" >> .mock-config/rocky-lts92-x86_64.cfg | |
| mock -v -r .mock-config/rocky-lts92-x86_64.cfg \ | |
| --spec="./SPECS/openssl.spec" \ | |
| --sources="./SOURCES" \ | |
| --resultdir="./RESULTS" | |
| else | |
| set -x | |
| set +e | |
| touch RESULTS/openssl-libs-3.0.7-27.el9_2.ciqfips.0.2.1.x86_64.rpm | |
| echo "Fake build log for your sprog" > RESULTS/build.log | |
| fi | |
| echo "Contents of result directory" | |
| ls -l ./RESULTS | |
| # Extract the FIPS module | |
| #mkdir RESULTS/{tmp,fips_module} | |
| #cd RESULTS/tmp | |
| #if [ -z "$DEBUG" ]; then | |
| # echo "Extracting FIPS module" | |
| # rpm2cpio ../openssl-libs-3*ciqfips*.x86_64.rpm | cpio -idmv ./usr/lib64/\*/fips.so | |
| #else | |
| # mkdir -p usr/lib64/ossl-modules | |
| # echo Creating fake fips module | |
| # touch usr/lib64/ossl-modules/fips.so | |
| #fi | |
| #mv ./usr/lib64/ossl-modules/fips.so ../fips_module/fips.so.x86_64 | |
| cd RESULTS | |
| RPMVERSION=$(ls ./openssl-libs-3*ciqfips*.x86_64.rpm | sed -e 's/.*openssl-libs-\(3.*\)\.x86_64\.rpm/\1/') | |
| echo "Creating fips provider tarball" | |
| #tar -czf fips_module-${RPMVERSION}.tar.gz fips_module | |
| #sha256sum fips_module-${RPMVERSION}.tar.gz > fips_module-${RPMVERSION}.tar.gz.sha256 | |
| tar -czf openssl-fips-provider-${RPMVERSION}.tar.gz *.rpm | |
| sha256sum openssl-fips-provider-${RPMVERSION}.tar.gz > openssl-fips-provider-${RPMVERSION}.tar.gz.sha256 | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: fips_module_RESULTS | |
| path: | | |
| RESULTS/*.log | |
| RESULTS/*.rpm | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: fips_tarball | |
| path: | | |
| RESULTS/*.tar.gz | |
| RESULTS/*.tar.gz.sha256 |