jordangov · jordangov · Jul 3, 2024 · Jul 3, 2024 · Jul 3, 2024 · Jul 3, 2024
diff --git a/.github/workflows/hero-check.yml b/.github/workflows/hero-check.yml
@@ -3,37 +3,45 @@ name: Hero Check
 on:
   pull_request:
     branches: [ "main" ]
+    paths:
+      - 'open-source-heroes.md'
 
 jobs:
   check-for-hero:
     runs-on: ubuntu-latest
     permissions:
       pull-requests: write
+
     steps:
-      - name: Checkout Code
+      - name: Checkout Target
         uses: actions/checkout@v4
         with:
           repository: jordangov/defcon-poc
-          # token needss to be able read repo contents, write to PRs, and read secrets
-          token: ${{secrets.GH_TOKEN}}
-          fetch-depth: 0
+          ref: main
+          path: target
+
+      - name: Checkout Source
+        uses: actions/checkout@v4
+        with:
+          path: source
+
       - name: Check Submission
         id: check_sub
         run: >-
-          git fetch origin main;
-          SUBMISSION=`git diff origin/main..HEAD open-source-heroes.md | awk '/\* @${{github.actor}}/{ print $3 }'`;
-          echo -n "${{github.actor}}-${{secrets.SALT}}" | openssl dgst -${{secrets.ALGO}};
-          CHECKSUM=`echo -n "${{github.actor}}-${{secrets.SALT}}" | openssl dgst -${{secrets.ALGO}} | awk '/[a-z0-9]+/{ print $2 }'`;
-          echo "Confirming submission ($SUBMISSION) equals checksum...";
-          if [[ "$SUBMISSION" = "$CHECKSUM" ]]; then
-            echo "Submissions match, they're an open source hero!"
+          SUBMISSION=`(diff target/open-source-heroes.md source/open-source-heroes.md || true) | awk '/\* @${{github.actor}}/{ print $4 }'`;
+          CHECK=`echo -n "${{github.actor}}-${{secrets.SALT}}" | openssl dgst -${{secrets.ALGO}} | awk '/[a-z0-9]+/{ print $2 }'`;
+          echo "Confirming submission ($SUBMISSION) equals check...";
+
+          if [[ "$SUBMISSION" = "$CHECK" ]]; then
+            echo "Submissions match"
             echo "RESULT=pass" >> "$GITHUB_OUTPUT";
             echo "MESSAGE='🤩 Wow, you are an open source hero! Find a volunteer with the special White House badge to claim your fame!'" >> "$GITHUB_OUTPUT";
           else
-            echo "Submissions do not match, need to try again."
+            echo "Submissions do not match"
             echo "RESULT=fail" >> "$GITHUB_OUTPUT";
             echo "MESSAGE='😔 Sorry, but that is not the right hash. Have you found all of the clues?'" >> "$GITHUB_OUTPUT";
           fi
+
       - name: Post Message
         uses: actions/github-script@v7
         with:

diff --git a/open-source-heroes.md b/open-source-heroes.md
@@ -2,10 +2,12 @@
 
 This is the list of heroes. Add your name to the list below with your GitHub handle and the correct hash.
 
-> **INSTRUCTIONS**: You must open a Pull Request to this repository, correctly adding your name to the list below along with the correct hash per the hints you have found elsewhere during DEF CON 32.  
->   
-> PRs will be evaluated automatically by our CI pipeline. In order to be added to the list, your PR **must pass the CI checks**.  
->   
+## INSTRUCTIONS
+
+Fork this repository, add your name to the list below (**along with the correct hash**), and open a Pull Request to the upstream repository. Your hash is unique to you. Exactly how to generate the hash is the puzzle! Use hints found around DEF CON 32 and on social media to solve it.
+
+> PRs will be evaluated automatically by our CI pipeline. In order to be added to the list, your PR **must pass the CI check**.  
+> 
 > Example format:
 > `* @whitehouse 7e2aac5579f5e3fb61c2ba63f95cfb7a87cb3da8`