ItzYanick/vanilla-os-image
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

removes attestation verification from the workflows

Browse source 
Attestation verification requires the base image to be owned by VanillaOS.
This should not be required.
This commit is contained in:
Tau 2024-11-07 13:40:43 +00:00
parent 4a328a31ef
commit 2b85ea16de
No known key found for this signature in database
GPG key ID: 4C6F9ED0F589A73A
2 changed files with 1 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
.github/workflows/release.yml vendored
View file

@ -11,33 +11,8 @@ env:
REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
jobs: jobs:
verify-image:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: sudo apt-get install -y libfyaml-utils
- name: Read base image name from recipe
id: read_base_recipe
run: |
BASE_IMAGE="$(fy-filter -f recipe.yml /stages/-1/base)"
echo The base image is $BASE_IMAGE
if [ -z $BASE_IMAGE ]; then exit 1; fi
echo "base_image=$BASE_IMAGE" >> "$GITHUB_OUTPUT"
echo "BASE_IMAGE=$BASE_IMAGE" >> "$GITHUB_ENV"
- name: Verify Base Image Integrity
run: |
gh attestation verify oci://ghcr.io/${{ env.BASE_IMAGE }} --owner Vanilla-OS
env:
GH_TOKEN: ${{ github.token }}
release: release:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: verify-image
permissions: permissions:
contents: write # Allow actions to create release contents: write # Allow actions to create release
attestations: write # To create and write attestations attestations: write # To create and write attestations

26
.github/workflows/vib-build.yml vendored
View file

@ -15,30 +15,6 @@ env:
BUILDX_NO_DEFAULT_ATTESTATIONS: 1 BUILDX_NO_DEFAULT_ATTESTATIONS: 1
jobs: jobs:
verify_image:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: sudo apt-get install -y libfyaml-utils
- name: Read base image name from recipe
id: read_base_recipe
run: |
BASE_IMAGE="$(fy-filter -f recipe.yml /stages/-1/base)"
echo The base image is $BASE_IMAGE
if [ -z $BASE_IMAGE ]; then exit 1; fi
echo "base_image=$BASE_IMAGE" >> "$GITHUB_OUTPUT"
echo "BASE_IMAGE=$BASE_IMAGE" >> "$GITHUB_ENV"
- name: Verify Base Image Integrity
run: |
gh attestation verify oci://ghcr.io/${{ env.BASE_IMAGE }} --owner Vanilla-OS
env:
GH_TOKEN: ${{ github.token }}
check_update: check_update:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -115,7 +91,7 @@ jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [check_update, verify_image] needs: check_update
if: ${{ needs.check_update.outputs.has_updates == 'true' }} if: ${{ needs.check_update.outputs.has_updates == 'true' }}
permissions: permissions: