Skip to content

try DOCKER_CONTENT_TRUST=1 #761

try DOCKER_CONTENT_TRUST=1

try DOCKER_CONTENT_TRUST=1 #761

Workflow file for this run

# Copyright (C) Viktor Szakats. See LICENSE.md
# SPDX-License-Identifier: MIT
---
# https://docs.github.com/actions/learn-github-actions
# https://github.com/actions/upload-artifact
name: build
on:
push:
branches:
- main
- dev
- test
concurrency:
group: '${{ github.workflow }}-${{ github.ref }}'
cancel-in-progress: true
permissions: {}
env:
CW_MAP: '1'
CW_JOBS: '5'
DO_NOT_TRACK: '1'
jobs:
reuse-check:
runs-on: 'ubuntu-latest'
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- name: 'REUSE compliance check'
uses: fsfe/reuse-action@v4
shellcheck:
runs-on: 'ubuntu-latest'
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- name: 'shellcheck'
run: |
shellcheck --version
shellcheck --exclude=1091 \
--enable=avoid-nullary-conditions,deprecate-which,quote-safe-variables,require-variable-braces \
./*.sh
spellcheck:
runs-on: 'ubuntu-24.04'
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- name: 'install tools'
run: pip install --break-system-packages -U codespell
- name: 'spellcheck'
run: |
codespell --version
codespell --skip='*.asc,*.patch,*.pem' \
--ignore-words '.github/workflows/codespell-ignore.txt' \
$(git ls-files)
linux-glibc-debian-testing-llvm:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux-a64-r64-x64'
export CW_REVISION='${{ github.sha }}'
. ./_versions.sh
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-glibc-debian-testing-llvm'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
linux-glibc-debian-testing-gcc:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux-a64-r64-x64-gcc'
export CW_REVISION='${{ github.sha }}'
. ./_versions.sh
export CW_GCCSUFFIX='-14'
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-glibc-debian-testing-gcc'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
linux-glibc-debian-bookworm-llvm:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux'
export CW_REVISION='${{ github.sha }}'
DOCKER_IMAGE='debian:bookworm-slim'
DOCKER_CONTENT_TRUST=1
export CW_CCSUFFIX='-15'
export CW_GCCSUFFIX='-12'
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-glibc-debian-bookworm-llvm'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
linux-glibc-debian-bookworm-gcc:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux-gcc'
export CW_REVISION='${{ github.sha }}'
DOCKER_IMAGE='debian:bookworm-slim'
DOCKER_CONTENT_TRUST=1
export CW_CCSUFFIX='-15'
export CW_GCCSUFFIX='-12'
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-glibc-debian-bookworm-gcc'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
linux-musl-debian-testing-llvm:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux-a64-r64-x64-musl'
export CW_REVISION='${{ github.sha }}'
. ./_versions.sh
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-musl-debian-testing-llvm'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
linux-musl-debian-testing-gcc:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux-a64-r64-x64-musl-gcc'
export CW_REVISION='${{ github.sha }}'
. ./_versions.sh
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-musl-debian-testing-gcc'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
linux-musl-debian-bookworm-llvm:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux-musl'
export CW_REVISION='${{ github.sha }}'
DOCKER_IMAGE='debian:bookworm-slim'
DOCKER_CONTENT_TRUST=1
export CW_CCSUFFIX='-15'
export CW_GCCSUFFIX='-12'
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-musl-debian-bookworm-llvm'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
linux-musl-debian-bookworm-gcc:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux-musl-gcc'
export CW_REVISION='${{ github.sha }}'
DOCKER_IMAGE='debian:bookworm-slim'
DOCKER_CONTENT_TRUST=1
export CW_CCSUFFIX='-15'
export CW_GCCSUFFIX='-12'
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-musl-debian-bookworm-gcc'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
linux-musl-alpine-llvm:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux'
export CW_REVISION='${{ github.sha }}'
DOCKER_IMAGE='alpine:latest'
DOCKER_CONTENT_TRUST=1
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c 'apk add --no-cache bash && ./_ci-linux-alpine.sh'
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-musl-alpine-llvm-x86_64'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
linux-musl-alpine-gcc:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux-gcc'
export CW_REVISION='${{ github.sha }}'
DOCKER_IMAGE='alpine:latest'
DOCKER_CONTENT_TRUST=1
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c 'apk add --no-cache bash && ./_ci-linux-alpine.sh'
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-musl-alpine-gcc-x86_64'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
linux-musl-from-mac:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
env:
GITHUB_TOKEN: '${{ github.token }}'
run: |
export CW_CONFIG='${{ github.ref_name }}-linux'
export CW_REVISION='${{ github.sha }}'
sh -c ./_ci-mac-homebrew.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-linux-musl-from-mac'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-linux*.*
urls.txt
mac-clang:
runs-on: 'macos-latest'
timeout-minutes: 30
env:
CW_JOBS: '4'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
env:
GITHUB_TOKEN: '${{ github.token }}'
run: |
export CW_CONFIG='${{ github.ref_name }}-mac-macuni'
export CW_REVISION='${{ github.sha }}'
sh -c ./_ci-mac-homebrew.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-macos-universal-clang'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-macos*.*
urls.txt
mac-llvm:
runs-on: 'macos-latest'
timeout-minutes: 30
env:
CW_JOBS: '4'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
env:
GITHUB_TOKEN: '${{ github.token }}'
run: |
export CW_CONFIG='${{ github.ref_name }}-mac-macuni-llvm'
export CW_REVISION='${{ github.sha }}'
sh -c ./_ci-mac-homebrew.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-macos-universal-llvm'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-macos*.*
urls.txt
mac-gcc:
runs-on: 'macos-latest'
timeout-minutes: 30
env:
CW_JOBS: '4'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
env:
GITHUB_TOKEN: '${{ github.token }}'
run: |
export CW_CCSUFFIX='-14'
export CW_CONFIG='${{ github.ref_name }}-mac-gcc-a64'
export CW_REVISION='${{ github.sha }}'
sh -c ./_ci-mac-homebrew.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-macos-gcc-arm64'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-macos*.*
urls.txt
win-llvm-from-mac:
runs-on: 'macos-latest'
timeout-minutes: 30
env:
CW_JOBS: '4'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
env:
CW_LLVM_MINGW_DL: '1'
CW_LLVM_MINGW_ONLY: '0'
run: |
export CW_CONFIG='${{ github.ref_name }}-win'
export CW_REVISION='${{ github.sha }}'
. ./_versions.sh
sh -c ./_ci-mac-homebrew.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-windows-llvm-from-mac'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-mingw*.*
urls.txt
win-llvm:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
env:
CW_LLVM_MINGW_DL: '1'
CW_LLVM_MINGW_ONLY: '0'
run: |
export CW_CONFIG='${{ github.ref_name }}-win'
export CW_REVISION='${{ github.sha }}'
. ./_versions.sh
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-windows-llvm'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-mingw*.*
urls.txt
win-gcc:
runs-on: 'ubuntu-latest'
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '300'
- name: 'build'
env:
CW_LLVM_MINGW_DL: '1'
CW_LLVM_MINGW_ONLY: '0'
run: |
export CW_CONFIG='${{ github.ref_name }}-win-gcc'
export CW_REVISION='${{ github.sha }}'
. ./_versions.sh
docker trust inspect --pretty "${DOCKER_IMAGE}"
time docker pull "${DOCKER_IMAGE}"
docker images --digests
time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_|DO_NOT_TRACK)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
- name: 'list dependencies'
run: cat urls.txt *-version-*.txt || true
- uses: actions/upload-artifact@v4
with:
name: 'curl-windows-gcc-noarm64'
retention-days: ${{ github.ref_name == 'main' && 90 || 5 }}
path: |
*-*-mingw*.*
urls.txt