Ldd check linter #4925

Workflow file for this run

	name: e2e tests

	on:
	push:
	branches: ["main"]
	pull_request:
	branches: ["main"]

	env:
	SOURCE_DATE_EPOCH: 1669683910

	jobs:
	examples:
	name: build examples
	runs-on: ubuntu-22.04

	permissions:
	contents: read

	strategy:
	fail-fast: false
	matrix:
	example:
	- git-checkout.yaml
	- gnu-hello.yaml
	- mbedtls.yaml
	- minimal.yaml
	- sshfs.yaml

	steps:
	- uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
	with:
	egress-policy: audit

	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version-file: "go.mod"
	- name: Build package
	run: \|
	sudo apt-get update -y
	sudo apt-get install -y bubblewrap

	make melange
	./melange keygen
	./melange build --pipeline-dir=pipelines examples/${{matrix.example}} --arch=x86_64 --empty-workspace --repository-append=https://apk.cgr.dev/chainguard

	- name: Check SBOM Conformance
	run: \|
	set -euxo pipefail
	for f in packages/x86_64/*.apk; do
	tar -Oxf "$f" var/lib/db/sbom > sbom.json
	echo ::group::sbom.json
	cat sbom.json
	echo ::endgroup::

	docker run --rm -v $(pwd)/sbom.json:/sbom.json --entrypoint "sh" cgr.dev/chainguard/wolfi-base -c "apk add spdx-tools-java && tools-java Verify /sbom.json"
	done

	rebuild:
	name: rebuild
	runs-on: ubuntu-latest
	permissions:
	contents: read

	strategy:
	fail-fast: false
	matrix:
	cfg:
	- examples/minimal.yaml
	- melange.yaml

	container:
	image: alpine:latest
	options: \|
	--cap-add NET_ADMIN --cap-add SYS_ADMIN --security-opt seccomp=unconfined --security-opt apparmor:unconfined

	steps:
	- uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
	with:
	egress-policy: audit

	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version-file: "go.mod"

	- name: Fetch dependencies
	run: \|
	apk upgrade -Ua
	apk add go build-base git bubblewrap jq

	- name: Build and rebuild
	run: \|
	make melange
	./melange keygen

	./melange build ${{matrix.cfg}} --arch=x86_64 --namespace=wolfi
	mv packages/x86_64/*.apk original.apk

	./melange rebuild original.apk --arch=x86_64
	mv packages/x86_64/*.apk rebuilt.apk

	- name: Diff filesystem
	if: always()
	run: \|
	echo ::group::original
	tar -tvf original.apk \| sort
	echo ::endgroup::
	echo ::group::rebuilt
	tar -tvf rebuilt.apk \| sort
	echo ::endgroup::
	diff \
	<(tar -tvf original.apk \| sort) \
	<(tar -tvf rebuilt.apk \| sort) && echo "No diff!"

	- name: Diff SBOM
	if: always()
	run: \|
	echo ::group::original
	tar -Oxf original.apk var/lib/db/sbom/ \| jq
	echo ::endgroup::
	echo ::group::rebuilt
	tar -Oxf rebuilt.apk var/lib/db/sbom/ \| jq
	echo ::endgroup::
	diff \
	<(tar -Oxf original.apk var/lib/db/sbom/ \| jq) \
	<(tar -Oxf rebuilt.apk var/lib/db/sbom/ \| jq) && echo "No diff!"

	- name: Diff .melange.yaml
	if: always()
	run: \|
	echo ::group::original
	tar -Oxf original.apk .melange.yaml
	echo ::endgroup::
	echo ::group::rebuilt
	tar -Oxf rebuilt.apk .melange.yaml
	echo ::endgroup::
	diff \
	<(tar -Oxf original.apk .melange.yaml) \
	<(tar -Oxf rebuilt.apk .melange.yaml) && echo "No diff!"

	- name: Diff .PKGINFO
	if: always()
	run: \|
	echo ::group::original
	tar -Oxf original.apk .PKGINFO
	echo ::endgroup::
	echo ::group::rebuilt
	tar -Oxf rebuilt.apk .PKGINFO
	echo ::endgroup::
	diff \
	<(tar -Oxf original.apk .PKGINFO) \
	<(tar -Oxf rebuilt.apk .PKGINFO) && echo "No diff!"

	- name: Diff digest
	if: always()
	run: \|
	diff \
	<(sha256sum original.apk \| cut -d' ' -f1) \
	<(sha256sum rebuilt.apk \| cut -d' ' -f1) && echo "No diff!"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ldd check linter #4925

Workflow file

Ldd check linter #4925

Jobs

Run details

Workflow file for this run