feat/ci: verify base image integrity before build
This commit is contained in:
K.B.Dharun Krishna
parent
efb571517c
commit
2269a47df7
1 changed files with 11 additions and 1 deletions
12
.github/workflows/vib-build.yml
vendored
12
.github/workflows/vib-build.yml
vendored
|
|
@ -15,6 +15,16 @@ env:
|
||||||
BUILDX_NO_DEFAULT_ATTESTATIONS: 1
|
BUILDX_NO_DEFAULT_ATTESTATIONS: 1
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
verify_image:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Verify Base Image Integrity
|
||||||
|
run:
|
||||||
|
gh attestation verify oci://ghcr.io/vanilla-os/desktop:main --owner Vanilla-OS
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ github.token }}
|
||||||
|
|
||||||
check_update:
|
check_update:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
|
@ -91,7 +101,7 @@ jobs:
|
||||||
|
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: check_update
|
needs: [check_update, verify_image]
|
||||||
if: ${{ needs.check_update.outputs.has_updates == 'true' }}
|
if: ${{ needs.check_update.outputs.has_updates == 'true' }}
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue