forked from fusioninventory/dmidecode
-
Notifications
You must be signed in to change notification settings - Fork 1
142 lines (137 loc) · 5.18 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: Build
on:
push:
paths:
- '**.c'
- '**.h'
- 'Makefile'
- '.github/workflows/build.yml'
jobs:
mingw32-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install build requirements
run: |
sudo apt -y install gcc-mingw-w64
- name: Build dmidecode
id: build
run: |
if [ -z "${GITHUB_REF##*refs/tags/*}" ]; then
VERSION="${GITHUB_REF#*refs/tags/}"
# Also remove any postfix tag from the version
VTAG="${VERSION#*-}"
[ "$VTAG" == "$VERSION" ] && unset VTAG
VERSION="${VERSION%%-*}"
else
read A B V < version.h
VERSION=$( echo $V | tr -d '"' )-git${GITHUB_SHA:0:8}
# Disable code-signing as not releasing
unset CODESIGN_COMMAND
fi
sed -ri -e 's/VERSION.*/VERSION "'$VERSION'"/' version.h
echo "VERSION: $VERSION"
make
make strip
if [ -n "$CODESIGN_COMMAND" -a "${{ vars.WIN32_SIGNING }}" != "no" ]; then
read SHA1 XXX <<<$(sha1sum dmidecode.exe)
printf "Before signing %6s: %s\n" SHA1 $SHA1
read SHA256 XXX <<<$(sha256sum dmidecode.exe)
printf "Before signing %6s: %s\n" SHA256 $SHA256
umask 0077
mkdir ~/.ssh
echo "$CODESIGN_KNOWNHOST" > ~/.ssh/known_hosts
echo "$CODESIGN_PRIVATE" > private.key
umask 0002
cat dmidecode.exe | \
$CODESIGN_COMMAND codesign dmidecode.exe > dmidecode-signed.exe
if [ ! -s dmidecode-signed.exe ]; then
echo "Failed to get signed version of dmidecode.exe" >&2
exit 1
fi
mv -vf dmidecode-signed.exe dmidecode.exe
rm -f ~/.ssh/known_hosts private.key
fi
ls -l dmidecode.exe
read SHA1 XXX <<<$(sha1sum dmidecode.exe)
printf "%6s: %s\n" SHA1 $SHA1
sha256sum dmidecode.exe >dmidecode.exe.sha256
read SHA256 XXX < dmidecode.exe.sha256
printf "%6s: %s\n" SHA256 $SHA256
echo "version=$VERSION" >>$GITHUB_OUTPUT
echo "vtag=$VTAG" >>$GITHUB_OUTPUT
echo "sha256=$SHA256" >>$GITHUB_OUTPUT
shell: bash
env:
CODESIGN_KNOWNHOST: ${{ secrets.CODESIGN_KNOWNHOST }}
CODESIGN_COMMAND: ${{ secrets.CODESIGN_COMMAND }}
CODESIGN_PRIVATE: ${{ secrets.CODESIGN_PRIVATE }}
- name: Upload built artifacts
uses: actions/upload-artifact@v4
with:
name: Dmidecode-Build
path: |
dmidecode.exe
dmidecode.exe.sha256
- name: VirusTotal Scan
id: vt-scan
if: startsWith(github.ref, 'refs/tags/')
uses: crazy-max/ghaction-virustotal@v4
with:
vt_api_key: ${{ secrets.VT_API_KEY }}
files: |
dmidecode.exe
- name: Request first VirusTotal Analysis report
if: startsWith(github.ref, 'refs/tags/') && env.VT_API_KEY
run: |
let TRY=20
while curl -s --request GET --url https://www.virustotal.com/api/v3/files/${{ steps.build.outputs.sha256 }} --header "x-apikey: $VT_API_KEY" >vt.json
do
ERRCODE=$(jq .error.code vt.json 2>&1)
if [ "$ERRCODE" == "null" ]; then
if [ "$(jq .data.attributes.last_analysis_results.VBA32 vt.json)" != "null" ]; then
echo "$(date): Current analysis stats:"
jq .data.attributes.last_analysis_stats vt.json
break
else
echo "$(date): Analysis is running"
fi
else
echo "$(date): $ERRCODE"
if [ "$TRY" -lt 15 -a "$ERRCODE" != '"NotFoundError"' ]; then
echo "$(date): Failing to access VT reporting"
break
fi
fi
rm -f vt.json
if (( --TRY < 0 )); then
echo "$(date): Nothing to report"
break
fi
sleep 15
done
exit 0
shell: bash
env:
VT_API_KEY: ${{ secrets.VT_API_KEY }}
- name: Release
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
draft: ${{ contains(steps.build.outputs.vtag, 'test') }}
prerelease: ${{ contains(steps.build.outputs.vtag, 'beta') }}
name: dmidecode v${{ steps.build.outputs.version }} for windows
body: |
# Description
Stripped dmidecode binary to be included in GLPI Agent MSI packages for Windows
# Download
[dmidecode.exe](https://github.com/glpi-project/dmidecode/releases/download/${{ github.ref_name }}/dmidecode.exe)
# Footprint
SHA256: [${{ steps.build.outputs.sha256 }}](https://github.com/glpi-project/dmidecode/releases/download/${{ github.ref_name }}/dmidecode.exe.sha256)
# VirusTotal report
See: [dmidecode.exe VT analysis](https://www.virustotal.com/gui/file/${{ steps.build.outputs.sha256 }})
files: |
dmidecode.exe
dmidecode.exe.sha256