Skip to content
This repository has been archived by the owner on Nov 2, 2024. It is now read-only.

Build

Build #203

Workflow file for this run

name: Build
on:
pull_request:
push:
branches:
- main
schedule:
# Weekly on Monday at 00:00
- cron: '0 0 * * 1'
concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
cancel-in-progress: true
jobs:
build-atomic:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
env:
IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/${{ matrix.images }}-bootc
FEDORA_VERSION: 40
strategy:
fail-fast: false
matrix:
images:
- base
- budgie
- cinnamon
- deepin
- silverblue
- kinoite
- lxqt
- mate
- sway
- xfce
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
submodules: true
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7
- name: Install Just
uses: extractions/setup-just@dd310ad5a97d8e7b41793f8ef055398d51ad4de6 # v2
- name: Update podman
run: |
# from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04
ubuntu_version='22.04'
key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key"
sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}"
echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list
curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
sudo apt update
sudo apt install -y podman
- name: Build Image
run: |
just build-atomic ${{ matrix.images }}
podman tag localhost/fedora-bootc-atomic-${{ matrix.images }}:latest ${{ env.IMAGE_NAME }}:${{ env.FEDORA_VERSION }}
podman tag localhost/fedora-bootc-atomic-${{ matrix.images }}:latest ${{ env.IMAGE_NAME }}:${{ github.sha }}
- name: Run Image
run: podman run --rm -it ${{ env.IMAGE_NAME }}:${{ github.sha }} bootc --help
- name: Push Image
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'schedule'
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
with:
tags: |
${{ env.IMAGE_NAME }}:${{ github.sha }}
${{ env.IMAGE_NAME }}:${{ env.FEDORA_VERSION }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Sign container
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
if: github.event_name != 'pull_request'
- name: Sign container image
if: github.event_name != 'pull_request'
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE_NAME }}:${{ github.sha }}
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}