mirror of
https://github.com/optim-enterprises-bv/secureblue.git
synced 2026-01-08 21:21:36 +00:00
139 lines
6.4 KiB
YAML
139 lines
6.4 KiB
YAML
name: build-secureblue
|
|
on:
|
|
schedule:
|
|
- cron: "00 17 * * *" # build at 17:00 UTC every day
|
|
# (20 minutes after last ublue images start building)
|
|
push:
|
|
paths-ignore: # don't rebuild if only documentation has changed
|
|
- "**.md"
|
|
|
|
pull_request:
|
|
workflow_dispatch: # allow manually triggering builds
|
|
jobs:
|
|
bluebuild:
|
|
name: Build secureblue
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
strategy:
|
|
fail-fast: false # stop GH from cancelling all matrix builds if one fails
|
|
matrix:
|
|
recipe:
|
|
# non-userns
|
|
# desktop
|
|
- recipes/desktop/recipe-silverblue-main.yml
|
|
- recipes/desktop/recipe-silverblue-nvidia.yml
|
|
- recipes/desktop/recipe-kinoite-main.yml
|
|
- recipes/desktop/recipe-kinoite-nvidia.yml
|
|
- recipes/desktop/recipe-cinnamon-main.yml
|
|
- recipes/desktop/recipe-cinnamon-nvidia.yml
|
|
- recipes/desktop/recipe-bluefin-main.yml
|
|
- recipes/desktop/recipe-bluefin-nvidia.yml
|
|
- recipes/desktop/recipe-sericea-main.yml
|
|
- recipes/desktop/recipe-sericea-nvidia.yml
|
|
- recipes/desktop/recipe-wayblue-wayfire-main.yml
|
|
- recipes/desktop/recipe-wayblue-wayfire-nvidia.yml
|
|
# laptop
|
|
- recipes/laptop/recipe-silverblue-main-laptop.yml
|
|
- recipes/laptop/recipe-silverblue-nvidia-laptop.yml
|
|
- recipes/laptop/recipe-silverblue-asus.yml
|
|
- recipes/laptop/recipe-silverblue-asus-nvidia.yml
|
|
- recipes/laptop/recipe-kinoite-main-laptop.yml
|
|
- recipes/laptop/recipe-kinoite-nvidia-laptop.yml
|
|
- recipes/laptop/recipe-cinnamon-main-laptop.yml
|
|
- recipes/laptop/recipe-cinnamon-nvidia-laptop.yml
|
|
- recipes/laptop/recipe-bluefin-main-laptop.yml
|
|
- recipes/laptop/recipe-bluefin-nvidia-laptop.yml
|
|
- recipes/laptop/recipe-sericea-main-laptop.yml
|
|
- recipes/laptop/recipe-sericea-nvidia-laptop.yml
|
|
- recipes/laptop/recipe-wayblue-wayfire-main-laptop.yml
|
|
- recipes/laptop/recipe-wayblue-wayfire-nvidia-laptop.yml
|
|
# framework
|
|
- recipes/laptop/recipe-silverblue-framework.yml
|
|
- recipes/laptop/recipe-kinoite-framework.yml
|
|
- recipes/laptop/recipe-bluefin-framework.yml
|
|
- recipes/laptop/recipe-sericea-framework.yml
|
|
# server
|
|
- recipes/server/recipe-server-main.yml
|
|
- recipes/server/recipe-server-nvidia.yml
|
|
# userns
|
|
# desktop
|
|
- recipes/desktop/recipe-silverblue-main-userns.yml
|
|
- recipes/desktop/recipe-silverblue-nvidia-userns.yml
|
|
- recipes/desktop/recipe-kinoite-main-userns.yml
|
|
- recipes/desktop/recipe-kinoite-nvidia-userns.yml
|
|
- recipes/desktop/recipe-cinnamon-main-userns.yml
|
|
- recipes/desktop/recipe-cinnamon-nvidia-userns.yml
|
|
- recipes/desktop/recipe-bluefin-main-userns.yml
|
|
- recipes/desktop/recipe-bluefin-nvidia-userns.yml
|
|
- recipes/desktop/recipe-bluefin-dx-main-userns.yml
|
|
- recipes/desktop/recipe-bluefin-dx-nvidia-userns.yml
|
|
- recipes/desktop/recipe-sericea-main-userns.yml
|
|
- recipes/desktop/recipe-sericea-nvidia-userns.yml
|
|
- recipes/desktop/recipe-wayblue-wayfire-main-userns.yml
|
|
- recipes/desktop/recipe-wayblue-wayfire-nvidia-userns.yml
|
|
# laptop
|
|
- recipes/laptop/recipe-silverblue-main-laptop-userns.yml
|
|
- recipes/laptop/recipe-silverblue-nvidia-laptop-userns.yml
|
|
- recipes/laptop/recipe-silverblue-asus-userns.yml
|
|
- recipes/laptop/recipe-silverblue-asus-nvidia-userns.yml
|
|
- recipes/laptop/recipe-kinoite-main-laptop-userns.yml
|
|
- recipes/laptop/recipe-kinoite-nvidia-laptop-userns.yml
|
|
- recipes/laptop/recipe-cinnamon-main-laptop-userns.yml
|
|
- recipes/laptop/recipe-cinnamon-nvidia-laptop-userns.yml
|
|
- recipes/laptop/recipe-bluefin-main-laptop-userns.yml
|
|
- recipes/laptop/recipe-bluefin-nvidia-laptop-userns.yml
|
|
- recipes/laptop/recipe-bluefin-dx-main-laptop-userns.yml
|
|
- recipes/laptop/recipe-bluefin-dx-nvidia-laptop-userns.yml
|
|
- recipes/laptop/recipe-sericea-main-laptop-userns.yml
|
|
- recipes/laptop/recipe-sericea-nvidia-laptop-userns.yml
|
|
- recipes/laptop/recipe-wayblue-wayfire-main-laptop-userns.yml
|
|
- recipes/laptop/recipe-wayblue-wayfire-nvidia-laptop-userns.yml
|
|
# framework
|
|
- recipes/laptop/recipe-silverblue-framework-userns.yml
|
|
- recipes/laptop/recipe-kinoite-framework-userns.yml
|
|
- recipes/laptop/recipe-bluefin-framework-userns.yml
|
|
- recipes/laptop/recipe-bluefin-dx-framework-userns.yml
|
|
- recipes/laptop/recipe-sericea-framework-userns.yml
|
|
# server
|
|
- recipes/server/recipe-server-main-userns.yml
|
|
- recipes/server/recipe-server-nvidia-userns.yml
|
|
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Add yq (for reading recipe.yml)
|
|
uses: mikefarah/yq@v4.40.5
|
|
|
|
- name: Gather image data from recipe
|
|
run: |
|
|
echo "IMAGE_NAME=$(yq '.name' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV
|
|
echo "IMAGE_MAJOR_VERSION=$(yq '.image-version' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV
|
|
BASE_IMAGE=$(yq '.base-image' ./config/${{ matrix.recipe }})
|
|
echo "BASE_IMAGE_NAME=$(echo $BASE_IMAGE | sed 's/.*\/.*\///')" >> $GITHUB_ENV
|
|
|
|
- name: Verify base image
|
|
if: ${{ ! contains(env.IMAGE_NAME, 'wayblue') }}
|
|
uses: EyeCantCU/cosign-action/verify@v0.2.2
|
|
with:
|
|
containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }}
|
|
|
|
- name: Verify base image
|
|
if: ${{ contains(env.IMAGE_NAME, 'wayblue') }}
|
|
uses: EyeCantCU/cosign-action/verify@v0.2.2
|
|
with:
|
|
containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }}
|
|
registry: 'ghcr.io/wayblueorg'
|
|
pubkey: 'https://raw.githubusercontent.com/wayblueorg/wayblue/live/cosign.pub'
|
|
|
|
- name: Build secureblue
|
|
uses: blue-build/github-action@v1.0.2
|
|
with:
|
|
recipe: ${{ matrix.recipe }}
|
|
cosign_private_key: ${{ secrets.SIGNING_SECRET }}
|
|
registry_token: ${{ github.token }}
|
|
pr_event_number: ${{ github.event.number }}
|