diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml index 769356c..3e6947b 100644 --- a/.github/workflows/vib-build.yml +++ b/.github/workflows/vib-build.yml @@ -35,10 +35,10 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: vanilla-os/vib-gh-action@v0.7.2 + - uses: vanilla-os/vib-gh-action@v0.7.4 with: recipe: 'recipe.yml' - plugins: 'Vanilla-OS/vib-fsguard:v1.5.2' + plugins: 'Vanilla-OS/vib-fsguard:v1.5.3' - uses: actions/upload-artifact@v4 with: diff --git a/LICENSE b/LICENSE.txt similarity index 100% rename from LICENSE rename to LICENSE.txt diff --git a/README.md b/README.md index 85298ec..f82d191 100644 --- a/README.md +++ b/README.md @@ -14,3 +14,11 @@ Vanilla OS Desktop experience with GNOME. vib build recipe.yml podman image build -t vanillaos/desktop . ``` + +## Verify Image Build Provenance Attestation + +All the image builds/pushes are attested for build provenance and integrity using the [attest-build-provenance`](https://github.com/actions/attest-build-provenance) action. The attestations can be verified [here](https://github.com/Vanilla-OS/desktop-image/attestations) or by having the latest version of [GitHub CLI](https://github.com/cli/cli/releases/latest) installed in your system. Then, execute the following command: + +```sh +gh attestation verify oci://ghcr.io/vanilla-os/desktop:main --owner Vanilla-OS +``` diff --git a/recipe.yml b/recipe.yml index b6d5f5e..9b558e3 100644 --- a/recipe.yml +++ b/recipe.yml @@ -10,7 +10,8 @@ stages: args: DEBIAN_FRONTEND: noninteractive runs: - - echo 'APT::Install-Recommends "1";' > /etc/apt/apt.conf.d/01norecommends + commands: + - echo 'APT::Install-Recommends "1";' > /etc/apt/apt.conf.d/01norecommends modules: - name: init-setup