Skip to content
Validate and Test Build

Validate and Test Build #123

Sign in to view logs

Validate and Test Build

Validate and Test Build #123

Workflow file for this run

.github/workflows/build-check.yaml at 0758a32
name: Validate and Test Build
on:
pull_request:
branches:
- main
- dev
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
env:
DOCKER_BUILDKIT: 1
PACMAN_CACHE: /tmp/pacman-cache
WORKSPACE: /workdir
BUILD_DIR: /workdir/workdir
OUTPUT_DIR: /workdir/out
jobs:
validate:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Validate package list
run: |
# Check if package list exists
if [ ! -f packages.x86_64 ]; then
echo "::error::packages.x86_64 file not found"
exit 1
fi
# Check for duplicate packages
sort packages.x86_64 | uniq -d > duplicates.txt
if [ -s duplicates.txt ]; then
echo "::error::Duplicate packages found:"
cat duplicates.txt
exit 1
fi
# Validate package names exist in Arch repos
docker run --rm -v "${{ github.workspace }}/packages.x86_64:/packages.x86_64:ro" archlinux:latest bash -c "
set -euo pipefail
pacman -Syu --noconfirm
while read -r pkg; do
[[ \$pkg =~ ^# ]] && continue
[[ -z \$pkg ]] && continue
if ! pacman -Si \$pkg >/dev/null 2>&1; then
echo \"::error::Package not found: \$pkg\"
exit 1
fi
done < /packages.x86_64
"
security-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Run Security Scan
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
- name: Upload Scan Results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
test-build:
needs: [validate, security-scan]
runs-on: ubuntu-latest
timeout-minutes: 120
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Cache Pacman packages
uses: actions/cache@v4
with:
path: ${{ env.PACMAN_CACHE }}
key: pacman-${{ runner.os }}-${{ github.sha }}
restore-keys: |
pacman-${{ runner.os }}-
- name: Set up Arch Linux Container
run: |
mkdir -p ${{ env.PACMAN_CACHE }}
docker run --privileged --name arch-container -d \
-v ${{ github.workspace }}:${{ env.WORKSPACE }} \
-v ${{ env.PACMAN_CACHE }}:/var/cache/pacman/pkg \
archlinux:latest sleep infinity
- name: Install Dependencies
run: |
docker exec arch-container bash -c "
set -euo pipefail
pacman -Syu --noconfirm
pacman -S --noconfirm --needed git archiso grub
"
- name: Test Build
id: build
run: |
docker exec arch-container bash -c "
set -euo pipefail
cd ${{ env.WORKSPACE }}
rm -rf ${{ env.BUILD_DIR }} ${{ env.OUTPUT_DIR }}
mkdir -p ${{ env.BUILD_DIR }} ${{ env.OUTPUT_DIR }}
mkarchiso -v -w ${{ env.BUILD_DIR }} -o ${{ env.OUTPUT_DIR }} .
"
- name: Verify ISO
run: |
docker exec arch-container bash -c "
set -euo pipefail
cd ${{ env.OUTPUT_DIR }}
# Check if ISO exists
iso_count=\$(ls -1 *.iso 2>/dev/null | wc -l)
if [ \$iso_count -eq 0 ]; then
echo '::error::No ISO file found'
exit 1
elif [ \$iso_count -gt 1 ]; then
echo '::error::Multiple ISO files found'
exit 1
fi
iso_file=\$(ls *.iso)
# Check ISO size (minimum 500MB)
size=\$(stat -c%s \"\$iso_file\")
if [ \$size -lt 524288000 ]; then
echo \"::error::ISO file too small: \$((\$size / 1024 / 1024))MB\"
exit 1
fi
# Verify ISO checksum
sha256sum \"\$iso_file\" > checksum.sha256
sha256sum -c checksum.sha256 || {
echo '::error::ISO checksum verification failed'
exit 1
}
"
- name: Clean Up
if: always()
run: |
if docker ps -a | grep -q arch-container; then
docker stop arch-container || true
docker rm -f arch-container || true
fi
sudo rm -rf ${{ env.BUILD_DIR }} ${{ env.OUTPUT_DIR }}
- name: Report Status
if: always()
run: |
if [ "${{ job.status }}" = "success" ]; then
echo "✅ Build check passed successfully"
else
echo "❌ Build check failed"
exit 1
fi