scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-10-31 02:17:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: pin github actions to specific commits, following codacy suggestions

Browse Source
This commit is contained in:
RoyalOughtness
2024-11-11 13:27:14 -08:00
committed by GitHub
parent a6025e2c4b
commit fdf48b2d32
1 changed files with 7 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.github/workflows/build.yml vendored
View File

@@ -11,7 +11,7 @@ on:
jobs: jobs:
bluebuild: bluebuild:
name: Build secureblue name: Build secureblue
runs-on: ubuntu-latest runs-on: ubuntu-24.04
permissions: permissions:
contents: read contents: read
packages: write packages: write
@@ -89,10 +89,10 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Add yq (for reading recipe.yml) - name: Add yq (for reading recipe.yml)
uses: mikefarah/yq@v4.44.3 uses: mikefarah/yq@bbdd97482f2d439126582a59689eb1c855944955 # v4.44.3
- name: Gather image data from recipe - name: Gather image data from recipe
run: | run: |
@@ -103,7 +103,7 @@ jobs:
- name: Verify base image - name: Verify base image
if: ${{ contains(env.IMAGE_NAME, 'wayblue') }} if: ${{ contains(env.IMAGE_NAME, 'wayblue') }}
uses: EyeCantCU/cosign-action/verify@v0.3.0 uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0
with: with:
containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }} containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }}
registry: 'ghcr.io/wayblueorg' registry: 'ghcr.io/wayblueorg'
@@ -111,11 +111,7 @@ jobs:
- name: Validate server kernel and kmod versions - name: Validate server kernel and kmod versions
if: ${{ contains(env.IMAGE_NAME, 'securecore') }} if: ${{ contains(env.IMAGE_NAME, 'securecore') }}
uses: Wandalen/wretry.action@v3.5.0 run: |
with:
attempt_limit: 3
attempt_delay: 15000
command: |
set -eo pipefail set -eo pipefail
linux=$(skopeo inspect docker://ghcr.io/ublue-os/coreos-testing-kernel:41 | jq -r '.Labels["ostree.linux"]') linux=$(skopeo inspect docker://ghcr.io/ublue-os/coreos-testing-kernel:41 | jq -r '.Labels["ostree.linux"]')
AKMODS_KERNEL_VERSION=$(skopeo inspect docker://ghcr.io/ublue-os/akmods:coreos-testing-41 | jq -r '.Labels["ostree.linux"]') AKMODS_KERNEL_VERSION=$(skopeo inspect docker://ghcr.io/ublue-os/akmods:coreos-testing-41 | jq -r '.Labels["ostree.linux"]')
@@ -127,11 +123,7 @@ jobs:
- name: Validate desktop kernel and kmod versions - name: Validate desktop kernel and kmod versions
if: ${{ !contains(env.IMAGE_NAME, 'securecore') }} if: ${{ !contains(env.IMAGE_NAME, 'securecore') }}
uses: Wandalen/wretry.action@v3.5.0 run: |
with:
attempt_limit: 3
attempt_delay: 15000
command: |
set -eo pipefail set -eo pipefail
linux=$(skopeo inspect docker://ghcr.io/ublue-os/main-kernel:41 | jq -r '.Labels["ostree.linux"]') linux=$(skopeo inspect docker://ghcr.io/ublue-os/main-kernel:41 | jq -r '.Labels["ostree.linux"]')
AKMODS_KERNEL_VERSION=$(skopeo inspect docker://ghcr.io/ublue-os/akmods:main-41 | jq -r '.Labels["ostree.linux"]') AKMODS_KERNEL_VERSION=$(skopeo inspect docker://ghcr.io/ublue-os/akmods:main-41 | jq -r '.Labels["ostree.linux"]')
@@ -143,7 +135,7 @@ jobs:
- name: Build secureblue - name: Build secureblue
uses: blue-build/github-action@v1.6.1 uses: blue-build/github-action@33ee8cc4011b0d47666ea7026d08bb5b941ac90c # v1.7.0
with: with:
cli_version: v0.8.20 cli_version: v0.8.20
recipe: ${{ matrix.recipe }} recipe: ${{ matrix.recipe }}