Skip to content

kernelCTF release: mitigation-v3b-6.1.55 #2

kernelCTF release: mitigation-v3b-6.1.55

kernelCTF release: mitigation-v3b-6.1.55 #2

name: kernelCTF release build
on:
workflow_dispatch:
inputs:
releaseId:
description: 'Release ID'
type: string
required: true
branch:
description: 'Branch, tag or commit'
type: string
required: false
workflow_call:
inputs:
releaseId:
type: string
branch:
type: string
run-name: 'kernelCTF release: ${{inputs.releaseId}}'
permissions: {}
defaults:
run:
shell: bash
working-directory: kernelctf
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Check release does not exist yet
run: curl --fail -I https://storage.googleapis.com/kernelctf-build/releases/${{inputs.releaseId}}/bzImage && exit 1 || true
- name: Install prerequisites
run: sudo apt install -yq --no-install-recommends build-essential flex bison bc ca-certificates libelf-dev libssl-dev cpio pahole
- name: Build
run: ./build_release.sh ${{inputs.releaseId}} ${{inputs.branch}}
- name: Show releases
run: find releases -type f|xargs ls -al
- name: Upload release artifact
uses: actions/upload-artifact@v4
with:
name: ${{inputs.releaseId}}
path: kernelctf/releases/${{inputs.releaseId}}
if-no-files-found: error
include-hidden-files: true
upload:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download exploit
uses: actions/download-artifact@v4
with:
name: ${{inputs.releaseId}}
path: ./kernelctf/releases/${{inputs.releaseId}}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v1
with:
credentials_json: '${{secrets.KERNELCTF_GCS_SA_KEY}}'
- name: Upload release
uses: 'google-github-actions/upload-cloud-storage@v1'
with:
path: kernelctf/releases/${{inputs.releaseId}}
destination: kernelctf-build/releases
predefinedAcl: publicRead
gzip: false # most of the files are compressed already, do not compress them again
process_gcloudignore: false # removes warnings that .gcloudignore file does not exist