diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml index 43e4f7d..0698992 100644 --- a/.github/workflows/vib-build.yml +++ b/.github/workflows/vib-build.yml @@ -12,23 +12,33 @@ on: env: BUILDX_NO_DEFAULT_ATTESTATIONS: 1 -permissions: - contents: write # Allow actions to create release - packages: write # Allow pushing images to GHCR - attestations: write # To create and write attestations - id-token: write # Additional permissions for persistance of attestations - jobs: + verify-image: + runs-on: ubuntu-latest + + steps: + - name: Verify Base Image Integrity + run: + gh attestation verify oci://ghcr.io/vanilla-os/core:main --owner Vanilla-OS + env: + GH_TOKEN: ${{ github.token }} + build: runs-on: ubuntu-latest + needs: verify-image + permissions: + contents: write # Allow actions to create release + packages: write # Allow pushing images to GHCR + attestations: write # To create and write attestations + id-token: write # Additional permissions for the persistence of the attestations steps: - uses: actions/checkout@v4 - - uses: vanilla-os/vib-gh-action@v0.7.0 + - uses: vanilla-os/vib-gh-action@v0.7.4 with: recipe: 'recipe.yml' - plugins: 'Vanilla-OS/vib-fsguard:v1.4' + plugins: 'Vanilla-OS/vib-fsguard:v1.5.3' - uses: actions/upload-artifact@v4 with: diff --git a/modules/00-vanilla-system-operator.yml b/modules/00-vanilla-system-operator.yml index b51ac48..0950644 100644 --- a/modules/00-vanilla-system-operator.yml +++ b/modules/00-vanilla-system-operator.yml @@ -6,7 +6,7 @@ source: url: https://github.com/Vanilla-OS/vanilla-system-operator/releases/download/continuous/vso.tar.gz commands: - mkdir -p /usr/bin -- cp /sources/vso /usr/bin/vso +- cp /sources/vso/vso /usr/bin/vso - chmod +x /usr/bin/vso modules: - name: vso-manpage @@ -15,7 +15,7 @@ modules: type: tar url: https://github.com/Vanilla-OS/vanilla-system-operator/releases/download/continuous/vso-man.tar.gz commands: - - mv /sources/man/vso.1 /usr/share/man/man1/ + - mv /sources/vso-manpage/man/vso.1 /usr/share/man/man1/ - name: vso-os-shell type: shell commands: diff --git a/modules/03-fswarn.yml b/modules/03-fswarn.yml index 35b9727..1ce4008 100644 --- a/modules/03-fswarn.yml +++ b/modules/03-fswarn.yml @@ -2,7 +2,7 @@ name: fswarn type: shell commands: - mkdir -p /boot/ - - cp /sources/fswarn-x86_64.squash /boot/fswarn.squash + - cp /sources/fswarn/fswarn-x86_64.squash /boot/fswarn.squash source: type: tar url: https://github.com/Vanilla-OS/fswarn/releases/download/v1.0-1/fswarn.tar.xz diff --git a/recipe.yml b/recipe.yml index 49e84b1..812df67 100644 --- a/recipe.yml +++ b/recipe.yml @@ -10,7 +10,8 @@ stages: args: DEBIAN_FRONTEND: noninteractive runs: - - echo 'APT::Install-Recommends "1";' > /etc/apt/apt.conf.d/01norecommends + commands: + - echo 'APT::Install-Recommends "1";' > /etc/apt/apt.conf.d/01norecommends modules: - name: init-setup @@ -32,8 +33,8 @@ stages: url: https://github.com/Vanilla-OS/vanilla-tools/releases/download/continuous/vanilla-tools.tar.gz commands: - mkdir -p /usr/bin - - cp /sources/vanilla-tools/lpkg /usr/bin/lpkg - - cp /sources/vanilla-tools/cur-gpu /usr/bin/cur-gpu + - cp /sources/vanilla-tools/vanilla-tools/lpkg /usr/bin/lpkg + - cp /sources/vanilla-tools/vanilla-tools/cur-gpu /usr/bin/cur-gpu - chmod +x /usr/bin/lpkg - chmod +x /usr/bin/cur-gpu