From 07c43b87e9fb2154e0b8d047c4219e8302a0ac92 Mon Sep 17 00:00:00 2001 From: "K.B.Dharun Krishna" Date: Thu, 11 Jul 2024 14:35:37 +0530 Subject: [PATCH] chore: bump vib version; feat: get base image from recipe for verify image step Signed-off-by: K.B.Dharun Krishna --- .github/workflows/vib-build.yml | 24 +++++++++++++++++++----- recipe.yml | 3 ++- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml index d86751a..b36efaa 100644 --- a/.github/workflows/vib-build.yml +++ b/.github/workflows/vib-build.yml @@ -17,11 +17,25 @@ env: jobs: verify_image: runs-on: ubuntu-latest - steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install dependencies + run: sudo apt-get install -y libfyaml-utils + + - name: Read base image name from recipe + id: read_base_recipe + run: | + BASE_IMAGE="$(fy-filter -f recipe.yml /stages/-1/base)" + echo The base image is $BASE_IMAGE + if [ -z $BASE_IMAGE ]; then exit 1; fi + echo "base_image=$BASE_IMAGE" >> "$GITHUB_OUTPUT" + echo "BASE_IMAGE=$BASE_IMAGE" >> "$GITHUB_ENV" + - name: Verify Base Image Integrity - run: - gh attestation verify oci://ghcr.io/vanilla-os/desktop:main --owner Vanilla-OS + run: | + gh attestation verify oci://ghcr.io/${{ env.BASE_IMAGE }} --owner Vanilla-OS env: GH_TOKEN: ${{ github.token }} @@ -112,10 +126,10 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: vanilla-os/vib-gh-action@v0.7.2 + - uses: vanilla-os/vib-gh-action@v0.7.4 with: recipe: 'recipe.yml' - plugins: 'Vanilla-OS/vib-fsguard:v1.5.1' + plugins: 'Vanilla-OS/vib-fsguard:v1.5.3' - uses: actions/upload-artifact@v4 with: diff --git a/recipe.yml b/recipe.yml index 37f042a..ac0ffd3 100644 --- a/recipe.yml +++ b/recipe.yml @@ -11,7 +11,8 @@ stages: # Commands to run first before building the modules runs: - - echo 'APT::Install-Recommends "1";' > /etc/apt/apt.conf.d/01norecommends + commands: + - echo 'APT::Install-Recommends "1";' > /etc/apt/apt.conf.d/01norecommends modules: - name: init-setup