From 4bed487efd463311ccbcc8346a62b2091cf5d79a Mon Sep 17 00:00:00 2001
From: "K.B.Dharun Krishna" <kbdharunkrishna@gmail.com>
Date: Thu, 11 Jul 2024 14:32:08 +0530
Subject: [PATCH] test: get base image from recipe for verify step

---
 .github/workflows/vib-build.yml | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml
index d86751a..f673f86 100644
--- a/.github/workflows/vib-build.yml
+++ b/.github/workflows/vib-build.yml
@@ -17,11 +17,25 @@ env:
 jobs:
   verify_image:
     runs-on: ubuntu-latest
-
     steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install dependencies
+      run: sudo apt-get install -y libfyaml-utils
+
+    - name: Read base image name from recipe
+      id: read_base_recipe
+      run: |
+        BASE_IMAGE="$(fy-filter -f recipe.yml /stages/-1/base)"
+        echo The base image is $BASE_IMAGE
+        if [ -z $BASE_IMAGE ]; then exit 1; fi
+        echo "base_image=$BASE_IMAGE" >> "$GITHUB_OUTPUT"
+        echo "BASE_IMAGE=$BASE_IMAGE" >> "$GITHUB_ENV"
+
     - name: Verify Base Image Integrity
-      run:
-        gh attestation verify oci://ghcr.io/vanilla-os/desktop:main --owner Vanilla-OS
+      run: |
+        gh attestation verify oci://ghcr.io/${{ env.BASE_IMAGE }} --owner Vanilla-OS
       env:
         GH_TOKEN: ${{ github.token }}