kernelCTF release: mitigation-v3b-6.1.55 #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: kernelCTF release build | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| releaseId: | |
| description: 'Release ID' | |
| type: string | |
| required: true | |
| branch: | |
| description: 'Branch, tag or commit' | |
| type: string | |
| required: false | |
| workflow_call: | |
| inputs: | |
| releaseId: | |
| type: string | |
| branch: | |
| type: string | |
| run-name: 'kernelCTF release: ${{inputs.releaseId}}' | |
| permissions: {} | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: kernelctf | |
| jobs: | |
| build: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Check release does not exist yet | |
| run: curl --fail -I https://storage.googleapis.com/kernelctf-build/releases/${{inputs.releaseId}}/bzImage && exit 1 || true | |
| - name: Install prerequisites | |
| run: sudo apt install -yq --no-install-recommends build-essential flex bison bc ca-certificates libelf-dev libssl-dev cpio pahole | |
| - name: Build | |
| run: ./build_release.sh ${{inputs.releaseId}} ${{inputs.branch}} | |
| - name: Show releases | |
| run: find releases -type f|xargs ls -al | |
| - name: Upload release artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{inputs.releaseId}} | |
| path: kernelctf/releases/${{inputs.releaseId}} | |
| if-no-files-found: error | |
| include-hidden-files: true | |
| upload: | |
| runs-on: ubuntu-24.04 | |
| needs: build | |
| steps: | |
| - name: Download exploit | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{inputs.releaseId}} | |
| path: ./kernelctf/releases/${{inputs.releaseId}} | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| credentials_json: '${{secrets.KERNELCTF_GCS_SA_KEY}}' | |
| - name: Upload release | |
| uses: 'google-github-actions/upload-cloud-storage@v1' | |
| with: | |
| path: kernelctf/releases/${{inputs.releaseId}} | |
| destination: kernelctf-build/releases | |
| predefinedAcl: publicRead | |
| gzip: false # most of the files are compressed already, do not compress them again | |
| process_gcloudignore: false # removes warnings that .gcloudignore file does not exist |