kernelCTF: GHA: backup summary and artifacts

google · Nov 11, 2023 · 321bd54 · 321bd54
1 parent 92de622
commit 321bd54
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 2 deletions.
diff --git a/.github/workflows/kernelctf-submission-verification.yaml b/.github/workflows/kernelctf-submission-verification.yaml
@@ -22,6 +22,7 @@ jobs:
       targets: ${{ steps.check_submission.outputs.targets }}
       submission_dir: ${{ steps.check_submission.outputs.submission_dir }}
       exploits_info: ${{ steps.check_submission.outputs.exploits_info }}
+      artifact_backup_dir: ${{ steps.check_submission.outputs.artifact_backup_dir }}
     steps:
       - run: pip install -U jsonschema
 
@@ -217,3 +218,31 @@ jobs:
         run: |
           echo $STEPS >> steps.json
           ../repro_summary.py ${{ github.run_id }}
+
+      - name: Upload repro summary as an artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: repro_summary_${{ env.RELEASE_ID }}.txt
+          path: ./kernelctf/repro/repro_summary.md
+
+  backup_artifacts:
+    runs-on: ubuntu-latest
+    needs: [structure_check, exploit_build, exploit_repro]
+    if: always() && needs.structure_check.result == 'success'
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v3
+        with:
+          path: ./artifacts
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v1
+        with:
+          credentials_json: '${{secrets.KERNELCTF_GCS_SA_KEY}}'
+
+      - name: Upload artifacts to GCS
+        uses: 'google-github-actions/upload-cloud-storage@v1'
+        with:
+          path: ./artifacts
+          destination: kernelctf-build/artifacts/${{ needs.structure_check.outputs.artifact_backup_dir }}
+          process_gcloudignore: false # removes warnings that .gcloudignore file does not exist
diff --git a/kernelctf/check-submission.py b/kernelctf/check-submission.py
@@ -4,6 +4,7 @@
 import json
 import jsonschema
 import hashlib
+from datetime import datetime
 from utils import *
 
 PUBLIC_CSV_URL = "https://docs.google.com/spreadsheets/d/e/2PACX-1vS1REdTA29OJftst8xN5B5x8iIUcxuK6bXdzF8G1UXCmRtoNsoQ9MbebdRdFnj6qZ0Yd7LwQfvYC2oF/pub?output=csv"
@@ -148,6 +149,7 @@ def summary(success, text):
         if not exploit_info: continue
         exploits_info[target] = { key: exploit_info[key] for key in ["uses", "requires_separate_kaslr_leak"] if key in exploit_info }
 ghSet("OUTPUT", f"exploits_info={json.dumps(exploits_info)}")
+ghSet("OUTPUT", f"artifact_backup_dir={'_'.join(submissionIds)}_{datetime.utcnow().strftime('%Y%m%d_%H%M%S')}")
 
 summary(True, f"✅ The file structure verification of the PR was successful!")
 
diff --git a/kernelctf/repro_summary.py b/kernelctf/repro_summary.py
@@ -3,6 +3,7 @@
 import json
 import os
 import re
+from utils import *
 
 with open("steps.json", "rt") as f: steps = json.loads(f.read())
 
@@ -70,9 +71,10 @@ def getLastLine(pattern):
 </details>
 """
 
+result = result.strip()
 print(result)
 
-if "GITHUB_STEP_SUMMARY" in os.environ:
-    with open(os.environ["GITHUB_STEP_SUMMARY"], 'at') as f: f.write(result.strip() + "\n")
+with open("repro_summary.md", "wt") as f: f.write(result)
+ghSet("STEP_SUMMARY", result)
 
 os._exit(1 if success_count == 0 else 0)