Skip to content
This repository has been archived by the owner on Dec 25, 2024. It is now read-only.
Build Atomic Studio

fix: signing does not work because of typo #145

Sign in to view logs

fix: signing does not work because of typo

fix: signing does not work because of typo #145

Workflow file for this run

.github/workflows/build.yml at 3e6642c
---
name: Build Atomic Studio
on: # yamllint disable-line rule:truthy
schedule:
- cron: "00 17 * * *" # build at 17:00 UTC every day
push:
paths:
- config/**
- modules/**
- templates/**
- .github/workflows/build.yml
pull_request:
workflow_dispatch:
env:
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
jobs:
bluebuild:
name: Build Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
strategy:
fail-fast: false
matrix:
recipe:
- ".yml"
- "-nvidia.yml"
- "-gnome.yml"
- "-gnome-nvidia.yml"
- "-hardened.yml"
- "-nvidia-hardened.yml"
- "-gnome-hardened.yml"
- "-gnome-nvidia-hardened.yml"
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
with:
remove-codeql: 'true'
- name: Additional cleanup
run: |
sudo rm -rf /home/linuxbrew /usr/share/miniconda /usr/local/share/vcpkg
sudo apt purge imagemagick imagemagick xorriso sqlite3 sphinxsearch shellcheck
- name: Checkout repository
uses: actions/checkout@v4
- name: Generate recipes
id: recipes_meta
run: |
sudo apt install -y jsonnet
mkdir config/recipes
jsonnet templates/recipe-std.jsonnet -m config/recipes -y
echo "IMAGE_NAME=$(yq '.name' config/recipes/recipe${{matrix.recipe}} )" >> $GITHUB_OUTPUT
echo "IMAGE_DESCRIPTION=$(yq '.description' config/recipes/recipe${{matrix.recipe}} )" >> $GITHUB_OUTPUT
echo "VERSION=39" >> $GITHUB_OUTPUT
echo "tags=$(yq '."image-version"' config/recipes/recipe${{matrix.recipe}} )" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
install: true
driver: docker
- name: Image Metadata
uses: docker/metadata-action@v5
id: meta
with:
images: |
${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.title=${{ steps.recipes_meta.outputs.IMAGE_NAME }}
org.opencontainers.image.version=${{ steps.recipes_meta.outputs.VERSION }}
org.opencontainers.image.description=${{ steps.recipes_meta.outputs.IMAGE_DESCRIPTION }}
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/atomic-studio-org/Atomic-Studio/main/README.md
io.artifacthub.package.logo-url=https://raw.githubusercontent.com/atomic-studio-org/Atomic-Studio/main/assets/studio-blob.png
- name: Generate Containerfile with Bluebuild
shell: bash
run: |
docker run \
--detach \
--rm \
--name blue-build-installer \
ghcr.io/blue-build/cli:main-installer \
tail -f /dev/null
docker cp blue-build-installer:/out/bluebuild /usr/local/bin/bluebuild
docker stop -t 0 blue-build-installer
/usr/local/bin/bluebuild template -v ./config/recipes/recipe${{matrix.recipe}} -o /tmp/Containerfile
- name: Build
uses: docker/build-push-action@v5
with:
context: .
push: false
file: /tmp/Containerfile
tags: ${{env.IMAGE_REGISTRY}}/${{ steps.recipes_meta.outputs.IMAGE_NAME }}:latest
labels: ${{ steps.meta.outputs.labels }}
# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
# https://github.com/macbre/push-to-ghcr/issues/12
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v6
with:
string: ${{ env.IMAGE_REGISTRY }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Push To GHCR Image Registry
run: docker push --disable-content-trust ${{ env.IMAGE_REGISTRY }}/${{ steps.recipes_meta.outputs.IMAGE_NAME }}
- name: Sign container image
uses: EyeCantCU/cosign-action/[email protected]
if: github.event_name != 'pull_request'
with:
containers: ${{ steps.recipes_meta.outputs.IMAGE_NAME }}
registry: ${{env.IMAGE_REGISTRY}}
registry-token: ${{ secrets.GITHUB_TOKEN }}
signing-secret: ${{ secrets.SIGNING_SECRET }}
tags: latest