build-ulxqt #333
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-ulxqt | |
| on: | |
| schedule: | |
| - cron: "00 07 * * *" # build at 07:00 UTC every day | |
| # (1 hour after minimalblue images start building) | |
| push: | |
| paths-ignore: # don't rebuild if only documentation has changed | |
| - "**.md" | |
| pull_request: | |
| workflow_dispatch: # allow manually triggering builds | |
| jobs: | |
| bluebuild: | |
| name: Build ulxqt | |
| runs-on: ubuntu-24.04 #ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false # stop GH from cancelling all matrix builds if one fails | |
| matrix: | |
| recipe: | |
| - recipe.yml | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Gather image data from recipe | |
| run: | | |
| echo "IMAGE_NAME=$(grep '^name:' ./recipes/${{ matrix.recipe }} | sed 's/^name: //')" >> $GITHUB_ENV | |
| echo "IMAGE_MAJOR_VERSION=$(grep '^image-version:' ./recipes/${{ matrix.recipe }} | sed 's/^image-version: //')" >> $GITHUB_ENV | |
| BASE_IMAGE=$(grep '^base-image:' ./recipes/${{ matrix.recipe }} | sed 's/^base-image: //') | |
| echo "BASE_IMAGE_NAME=$(echo $BASE_IMAGE | sed 's/.*\/.*\///')" >> $GITHUB_ENV | |
| - name: Verify base image | |
| if: ${{ !contains(env.IMAGE_NAME, 'minimalblue') }} | |
| uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 | |
| with: | |
| containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }} | |
| - name: Verify minimalblue base image | |
| if: ${{ contains(env.IMAGE_NAME, 'minimalblue') }} | |
| uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 | |
| with: | |
| containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }} | |
| registry: 'ghcr.io/minimalblue' | |
| pubkey: 'https://raw.githubusercontent.com/minimalblue/minimalblue/main/cosign.pub' | |
| - name: Validate kernel and kmod versions | |
| run: | | |
| set -eo pipefail | |
| linux=$(skopeo inspect docker://ghcr.io/ublue-os/main-kernel:41 | jq -r '.Labels["ostree.linux"]') | |
| AKMODS_KERNEL_VERSION=$(skopeo inspect docker://ghcr.io/ublue-os/akmods:main-41 | jq -r '.Labels["ostree.linux"]') | |
| if [[ "${linux}" != "${AKMODS_KERNEL_VERSION}" ]]; then | |
| echo "Kernel Versions do not match between AKMODS and Cached-Kernel." | |
| exit 1 | |
| fi | |
| echo "KERNEL_VERSION=$linux" >> $GITHUB_ENV | |
| # the build is fully handled by the reusable github action | |
| - name: Build ulxqt | |
| uses: blue-build/github-action@33ee8cc4011b0d47666ea7026d08bb5b941ac90c # v1.7.0 | |
| with: | |
| cli_version: v0.8.25 | |
| recipe: ${{ matrix.recipe }} | |
| cosign_private_key: ${{ secrets.SIGNING_SECRET }} | |
| registry_token: ${{ github.token }} | |
| pr_event_number: ${{ github.event.number }} | |
| # enabled by default, disable if your image is small and you want faster builds | |
| maximize_build_space: true | |
| squash: true |