1# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
2#
3# Licensed under the Apache License 2.0 (the "License").  You may not use
4# this file except in compliance with the License.  You can obtain a copy
5# in the file LICENSE in the source distribution or at
6# https://www.openssl.org/source/license.html
7
8name: FIPS Checksums
9on: [pull_request]
10
11permissions:
12  contents: read
13
14jobs:
15  compute-checksums:
16    runs-on: ubuntu-latest
17    steps:
18      - name: install unifdef
19        run: |
20            sudo apt-get update
21            sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
22      - name: create build dirs
23        run: |
24          mkdir ./build-pristine
25          mkdir ./source-pristine
26          mkdir ./build
27          mkdir ./source
28          mkdir ./artifact
29      - uses: actions/checkout@v2
30        with:
31          repository: ${{ github.event.pull_request.base.repo.full_name }}
32          ref: ${{ github.event.pull_request.base.ref }}
33          path: source-pristine
34      - name: config pristine
35        run: ../source-pristine/config enable-fips
36        working-directory: ./build-pristine
37      - name: config pristine dump
38        run: ./configdata.pm --dump
39        working-directory: ./build-pristine
40      - name: make build_generated pristine
41        run: make -s build_generated
42        working-directory: ./build-pristine
43      - name: make fips-checksums pristine
44        run: make fips-checksums
45        working-directory: ./build-pristine
46      - uses: actions/checkout@v2
47        with:
48          path: source
49      - name: config
50        run: ../source/config enable-fips
51        working-directory: ./build
52      - name: config dump
53        run: ./configdata.pm --dump
54        working-directory: ./build
55      - name: make build_generated
56        run: make -s build_generated
57        working-directory: ./build
58      - name: make fips-checksums
59        run: make fips-checksums
60        working-directory: ./build
61      - name: update checksums
62        run: |
63          cp -a build-pristine/providers/fips.module.sources.new source/providers/fips.module.sources
64          cp -a build-pristine/providers/fips-sources.checksums.new source/providers/fips-sources.checksums
65          cp -a build-pristine/providers/fips.checksum.new source/providers/fips.checksum
66      - name: make diff-fips-checksums
67        run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED )
68        working-directory: ./build
69      - name: save PR number
70        run: echo ${{ github.event.number }} > ./artifact/pr_num
71      - name: save artifact
72        uses: actions/upload-artifact@v2
73        with:
74          name: fips_checksum
75          path: artifact/
76