added disable-firefox to aurora images #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-secureblue | |
| on: | |
| schedule: | |
| - cron: "00 18 * * *" # build at 18:00 UTC every day | |
| # 80 minutes after the last uBlue images start building | |
| # 60 minutes after last wayblue images start building | |
| push: | |
| paths-ignore: # don't rebuild if only documentation has changed | |
| - "**.md" | |
| pull_request: | |
| workflow_dispatch: # allow manually triggering builds | |
| jobs: | |
| bluebuild: | |
| name: Build secureblue | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false # stop GH from cancelling all matrix builds if one fails | |
| matrix: | |
| recipe: | |
| # non-userns | |
| # general | |
| - recipes/general/recipe-aurora-main.yml | |
| - recipes/general/recipe-aurora-nvidia.yml | |
| - recipes/general/recipe-aurora-surface.yml | |
| - recipes/general/recipe-aurora-surface-nvidia.yml | |
| - recipes/general/recipe-silverblue-main.yml | |
| - recipes/general/recipe-silverblue-nvidia.yml | |
| - recipes/general/recipe-kinoite-main.yml | |
| - recipes/general/recipe-kinoite-nvidia.yml | |
| - recipes/general/recipe-cinnamon-main.yml | |
| - recipes/general/recipe-cinnamon-nvidia.yml | |
| - recipes/general/recipe-bluefin-main.yml | |
| - recipes/general/recipe-bluefin-nvidia.yml | |
| - recipes/general/recipe-sericea-main.yml | |
| - recipes/general/recipe-sericea-nvidia.yml | |
| - recipes/general/recipe-wayblue-wayfire-main.yml | |
| - recipes/general/recipe-wayblue-wayfire-nvidia.yml | |
| - recipes/general/recipe-wayblue-hyprland-main.yml | |
| - recipes/general/recipe-wayblue-hyprland-nvidia.yml | |
| - recipes/general/recipe-wayblue-river-main.yml | |
| - recipes/general/recipe-wayblue-river-nvidia.yml | |
| - recipes/general/recipe-wayblue-sway-main.yml | |
| - recipes/general/recipe-wayblue-sway-nvidia.yml | |
| # asus | |
| - recipes/asus/recipe-silverblue-asus.yml | |
| - recipes/asus/recipe-silverblue-asus-nvidia.yml | |
| - recipes/asus/recipe-kinoite-asus.yml | |
| - recipes/asus/recipe-kinoite-asus-nvidia.yml | |
| - recipes/asus/recipe-aurora-asus.yml | |
| - recipes/asus/recipe-aurora-asus-nvidia.yml | |
| # server | |
| - recipes/server/recipe-server-main.yml | |
| - recipes/server/recipe-server-nvidia.yml | |
| # userns | |
| # general | |
| - recipes/general/recipe-aurora-surface-userns.yml | |
| - recipes/general/recipe-aurora-surface-nvidia-userns.yml | |
| - recipes/general/recipe-aurora-dx-main-userns.yml | |
| - recipes/general/recipe-aurora-dx-nvidia-userns.yml | |
| - recipes/general/recipe-aurora-dx-surface-nvidia-userns.yml | |
| - recipes/general/recipe-aurora-dx-surface-userns.yml | |
| - recipes/general/recipe-aurora-main-userns.yml | |
| - recipes/general/recipe-aurora-nvidia-userns.yml | |
| - recipes/general/recipe-silverblue-main-userns.yml | |
| - recipes/general/recipe-silverblue-nvidia-userns.yml | |
| - recipes/general/recipe-kinoite-main-userns.yml | |
| - recipes/general/recipe-kinoite-nvidia-userns.yml | |
| - recipes/general/recipe-cinnamon-main-userns.yml | |
| - recipes/general/recipe-cinnamon-nvidia-userns.yml | |
| - recipes/general/recipe-bluefin-main-userns.yml | |
| - recipes/general/recipe-bluefin-nvidia-userns.yml | |
| - recipes/general/recipe-bluefin-dx-main-userns.yml | |
| - recipes/general/recipe-bluefin-dx-nvidia-userns.yml | |
| - recipes/general/recipe-sericea-main-userns.yml | |
| - recipes/general/recipe-sericea-nvidia-userns.yml | |
| - recipes/general/recipe-wayblue-wayfire-main-userns.yml | |
| - recipes/general/recipe-wayblue-wayfire-nvidia-userns.yml | |
| - recipes/general/recipe-wayblue-hyprland-main-userns.yml | |
| - recipes/general/recipe-wayblue-hyprland-nvidia-userns.yml | |
| - recipes/general/recipe-wayblue-river-main-userns.yml | |
| - recipes/general/recipe-wayblue-river-nvidia-userns.yml | |
| - recipes/general/recipe-wayblue-sway-main-userns.yml | |
| - recipes/general/recipe-wayblue-sway-nvidia-userns.yml | |
| # asus | |
| - recipes/asus/recipe-silverblue-asus-userns.yml | |
| - recipes/asus/recipe-silverblue-asus-nvidia-userns.yml | |
| - recipes/asus/recipe-kinoite-asus-userns.yml | |
| - recipes/asus/recipe-kinoite-asus-nvidia-userns.yml | |
| - recipes/asus/recipe-aurora-asus-userns.yml | |
| - recipes/asus/recipe-aurora-asus-nvidia-userns.yml | |
| - recipes/asus/recipe-aurora-dx-asus-userns.yml | |
| - recipes/asus/recipe-aurora-dx-asus-nvidia-userns.yml | |
| # server | |
| - recipes/server/recipe-server-main-userns.yml | |
| - recipes/server/recipe-server-nvidia-userns.yml | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Add yq (for reading recipe.yml) | |
| uses: mikefarah/[email protected] | |
| - name: Gather image data from recipe | |
| run: | | |
| echo "IMAGE_NAME=$(yq '.name' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV | |
| echo "IMAGE_MAJOR_VERSION=$(yq '.image-version' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV | |
| BASE_IMAGE=$(yq '.base-image' ./config/${{ matrix.recipe }}) | |
| echo "BASE_IMAGE_NAME=$(echo $BASE_IMAGE | sed 's/.*\/.*\///')" >> $GITHUB_ENV | |
| - name: Verify base image | |
| if: ${{ !contains(env.IMAGE_NAME, 'aurora') && !contains(env.IMAGE_NAME, 'wayblue') }} | |
| uses: EyeCantCU/cosign-action/[email protected] | |
| with: | |
| containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }} | |
| - name: Verify base image | |
| if: ${{ contains(env.IMAGE_NAME, 'wayblue') }} | |
| uses: EyeCantCU/cosign-action/[email protected] | |
| with: | |
| containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }} | |
| registry: 'ghcr.io/wayblueorg' | |
| pubkey: 'https://raw.githubusercontent.com/wayblueorg/wayblue/live/cosign.pub' | |
| - name: Verify base image | |
| if: ${{ contains(env.IMAGE_NAME, 'aurora') }} | |
| uses: EyeCantCU/cosign-action/[email protected] | |
| with: | |
| containers: ${{ env.BASE_IMAGE_NAME }}:${{ env.IMAGE_MAJOR_VERSION }} | |
| registry: 'ghcr.io/NiHaiden' | |
| pubkey: 'https://raw.githubusercontent.com/NiHaiden/aurora/main/cosign.pub' | |
| - name: Build secureblue | |
| uses: blue-build/[email protected] | |
| with: | |
| recipe: ${{ matrix.recipe }} | |
| cosign_private_key: ${{ secrets.SIGNING_SECRET }} | |
| registry_token: ${{ github.token }} | |
| pr_event_number: ${{ github.event.number }} |