always pull guest kernel but don't build

intel / ccc-linux-guest-hardening

Linux Security Hardening for Confidential Compute

https://intel.github.io/ccc-linux-guest-hardening-docs

MIT License

65 stars 13 forks source link

always pull guest kernel but don't build #20

Closed il-steffen closed 2 years ago

il-steffen commented 2 years ago

Always pull linux-guest so we have something to work with. Only leave configure/build to the user workflow.

Wenzel commented 2 years ago

I would propose to conditionaly include build.yml

- name: Clone linux-guest repo
  git:
    repo: "{{ guest_url }}"
    dest: "{{ guest_root }}"
    version: "{{ guest_revision | default(omit) }}"
    depth: "{{ git_clone_depth | default(omit) }}"
    force: yes

- name: Build the TDX guest kernel
  include_tasks: build.yml
  tags:
    - guest-build
    - never