chore(ci): move to reusable workflow #114
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bpbeatty
added a commit
to bpbeatty/ucore
that referenced
this pull request
Jan 25, 2024
* fix: enable ublue-nvctk-cdi by default for nvidia images (ublue-os#103) * fix: run depmod after installing ZFS RPMs With zfs 2.1.x, depmod ran automatically. Though unclear why, it no longer seems to occur when installing zfs 2.2.x RPMs in a container build (it does still work automatically on a non image-based Fedora system). Manually running depmod, as in this commit, ensures the 2.2.x kmods load as expected. * docs: reflect zfs 2.2 change * chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (ublue-os#104) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add package with secure boot public signing key Add the new package from `ucore-kmods` which includes the signing key. This enables a user to import the signing key as a MOK using: sudo mokutil --import /etc/pki/akmods/certs/akmods-ublue.der Closes ublue-os#82 * docs: add SecureBoot info to README * docs: update SecureBoot to include zfs Relates: ublue-os#16 * feat: enable signed images These files should enable rpm-ostreed/container tooling to validate signed images when using appropriate references. It will require signed images for ghcr.io/ublue-os images. Relates: ublue-os#101 * chore(ci): resume use of latest tag for stable image I intentionally stopped publishing a `:latest` tag back on April 1st. It was not intended to be an April Fool's joke, but rather a cleanup to best practices of not using that tag. However, the old images did not expire, so the old `:latest` continues to exist, confusing both users and our website's image discovery code. I suppose it turned out to be a long lived April Fool's joke after all! This resumes the publishing of the tag, ensuring it matches the `:stable` tag, and only on the `ucore` image. There will be no `:latest` for nvidia, zfs or testing images, nor `fedora-coreos` or `ucore-hci`. * chore(ci): bash variables only work when using proper braces * chore(ci): move to reusable workflow (ublue-os#114) Convert to a reusable workflow such that stable and testing builds can happen on separate schedules and so that stable builds are all that gate merge success, allowing testing to be more unstable. * chore(ci): use Containerfile targets for ucore-hci (ublue-os#115) This should allow faster overall builds of ucore and ucore-hci by building in parallel, and removes the need to publish ucore to GHCR even for PRs just to allow ucore-hci to build successfully. --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Benjamin Sherman <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bpbeatty
added a commit
to bpbeatty/ucore
that referenced
this pull request
Jan 25, 2024
* fix: enable ublue-nvctk-cdi by default for nvidia images (ublue-os#103) * fix: run depmod after installing ZFS RPMs With zfs 2.1.x, depmod ran automatically. Though unclear why, it no longer seems to occur when installing zfs 2.2.x RPMs in a container build (it does still work automatically on a non image-based Fedora system). Manually running depmod, as in this commit, ensures the 2.2.x kmods load as expected. * docs: reflect zfs 2.2 change * chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (ublue-os#104) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add package with secure boot public signing key Add the new package from `ucore-kmods` which includes the signing key. This enables a user to import the signing key as a MOK using: sudo mokutil --import /etc/pki/akmods/certs/akmods-ublue.der Closes ublue-os#82 * docs: add SecureBoot info to README * docs: update SecureBoot to include zfs Relates: ublue-os#16 * feat: enable signed images These files should enable rpm-ostreed/container tooling to validate signed images when using appropriate references. It will require signed images for ghcr.io/ublue-os images. Relates: ublue-os#101 * chore(ci): resume use of latest tag for stable image I intentionally stopped publishing a `:latest` tag back on April 1st. It was not intended to be an April Fool's joke, but rather a cleanup to best practices of not using that tag. However, the old images did not expire, so the old `:latest` continues to exist, confusing both users and our website's image discovery code. I suppose it turned out to be a long lived April Fool's joke after all! This resumes the publishing of the tag, ensuring it matches the `:stable` tag, and only on the `ucore` image. There will be no `:latest` for nvidia, zfs or testing images, nor `fedora-coreos` or `ucore-hci`. * chore(ci): bash variables only work when using proper braces * chore(ci): move to reusable workflow (ublue-os#114) Convert to a reusable workflow such that stable and testing builds can happen on separate schedules and so that stable builds are all that gate merge success, allowing testing to be more unstable. * chore(ci): use Containerfile targets for ucore-hci (ublue-os#115) This should allow faster overall builds of ucore and ucore-hci by building in parallel, and removes the need to publish ucore to GHCR even for PRs just to allow ucore-hci to build successfully. * feat: adds bpbeatty signature rpm * remove tailscale and nfs-utils * debug: remove freeipa-client --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Benjamin Sherman <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Convert to a reusable workflow such that
stableandtestingbuilds can happen on separate schedules and so thatstablebuilds are all that gate merge success, allowingtestingto be more unstable.Closes: #106