Skip to content

chore(deps): pin dependencies (#14) #185

chore(deps): pin dependencies (#14)

chore(deps): pin dependencies (#14) #185

Workflow file for this run

name: Build
on:
pull_request:
push:
branches:
- main
schedule:
# Weekly on Monday at 00:00
- cron: '0 0 * * 1'
concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
cancel-in-progress: true
jobs:
build-atomic:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
env:
IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/${{ matrix.images }}-bootc
FEDORA_VERSION: 40
strategy:
fail-fast: false
matrix:
images:
- base
- budgie
- cinnamon
- deepin
- silverblue
- kinoite
- lxqt
- mate
- sway
- xfce
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
submodules: true
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7
- name: Install Just
uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1
- name: Update podman
run: |
# from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04
ubuntu_version='22.04'
key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key"
sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}"
echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list
curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
sudo apt update
sudo apt install -y podman
- name: Build Image
run: |
just build-atomic ${{ matrix.images }}
podman tag localhost/fedora-bootc-atomic-${{ matrix.images }}:latest ${{ env.IMAGE_NAME }}:${{ env.FEDORA_VERSION }}
podman tag localhost/fedora-bootc-atomic-${{ matrix.images }}:latest ${{ env.IMAGE_NAME }}:${{ github.sha }}
- name: Run Image
run: podman run --rm -it ${{ env.IMAGE_NAME }}:${{ github.sha }} bootc --help
- name: Push Image
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'schedule'
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
with:
tags: |
${{ env.IMAGE_NAME }}:${{ github.sha }}
${{ env.IMAGE_NAME }}:${{ env.FEDORA_VERSION }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Sign container
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
if: github.event_name != 'pull_request'
- name: Sign container image
if: github.event_name != 'pull_request'
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE_NAME }}@${{ github.sha }}
env:
TAGS: ${{ steps.build_image.outputs.digest }}
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}