ci: remove the checksum CI script

This script introduces a security vulnerability where the OpenSSL github
repository can be modified which opens a window for an attacker.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reported-by: Nikita Stupin

diff --git a/.github/workflows/checksums.yml b/.github/workflows/checksums.yml
deleted file mode 100644 (file)
index 5f444b6..0000000
--- a/.github/workflows/checksums.yml
+++ /dev/null
@@ -1,71 +0,0 @@
-name: FIPS Checksums
-on: [pull_request_target]
-jobs:
-  apply-label:
-    runs-on: ubuntu-latest
-    steps:
-      - name: install unifdef
-        run: |
-            sudo apt-get update
-            sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
-      - uses: actions/checkout@v2
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-      - name: create build dirs
-        run: |
-          mkdir ./build-pristine
-          mkdir ./build
-      - name: config pristine
-        run: ../config enable-fips && perl configdata.pm --dump
-        working-directory: ./build-pristine
-      - name: make build_generated pristine
-        run: make -s build_generated
-        working-directory: ./build-pristine
-      - name: make fips-checksums pristine
-        run: make fips-checksums
-        working-directory: ./build-pristine
-      - uses: actions/checkout@v2
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          clean: false
-      - name: config
-        run: ../config enable-fips && perl configdata.pm --dump
-        working-directory: ./build
-      - name: make build_generated
-        run: make -s build_generated
-        working-directory: ./build
-      - name: make fips-checksums
-        run: make fips-checksums
-        working-directory: ./build
-      - name: update checksums pristine
-        run: touch providers/fips.checksum.new && make update-fips-checksums
-        working-directory: ./build-pristine
-      - name: make diff-fips-checksums
-        run: make diff-fips-checksums && echo "fips_unchanged=1" >> $GITHUB_ENV || echo "fips_changed=1" >> $GITHUB_ENV
-        working-directory: ./build
-      - name: set label
-        if: ${{ env.fips_changed }}
-        continue-on-error: true
-        uses: actions/github-script@v4
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            github.issues.addLabels({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              labels: ['severity: fips change']
-            })
-      - name: remove label
-        if: ${{ env.fips_unchanged }}
-        continue-on-error: true
-        uses: actions/github-script@v4
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            github.issues.removeLabel({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              name: 'severity: fips change'
-            })