feat: waydroid image based on desktop #32

Workflow file for this run

.github/workflows/vib-build.yml at 4803e35

	name: Vib Build

	on:
	push:
	branches:
	- 'dev'
	tags:
	- '*'
	workflow_dispatch:
	pull_request:

	env:
	BUILDX_NO_DEFAULT_ATTESTATIONS: 1

	jobs:
	verify-image:
	runs-on: ubuntu-latest

	steps:
	- name: Verify Base Image Integrity
	if: ${{ github.ref_type == 'tag' }}
	run:
	gh attestation verify oci://ghcr.io/vanilla-os/desktop:main --owner Vanilla-OS
	env:
	GH_TOKEN: ${{ github.token }}

	build:
	strategy:
	fail-fast: false
	matrix:
	include:
	- runner: ubuntu-latest
	arch: amd64
	- runner: ubuntu-24.04-arm
	arch: arm64
	runs-on: ${{ matrix.runner }}
	needs: verify-image
	permissions:
	packages: write # Allow pushing images to GHCR
	attestations: write # To create and write attestations
	id-token: write # Additional permissions for the persistence of the attestations

	steps:
	- uses: actions/checkout@v5

	- name: Change tag in recipe.
	if: ${{ github.ref_type == 'tag' }}
	run: \|
	sed 's/ghcr.io\/vanilla-os\/desktop:dev/ghcr.io\/vanilla-os\/desktop:main/' -i recipe.yml

	- uses: vanilla-os/vib-gh-action@v1.0.6
	with:
	recipe: 'recipe.yml'
	plugins: 'Vanilla-OS/vib-fsguard:v1.6.1'

	- uses: actions/upload-artifact@v4
	with:
	name: Containerfile
	path: Containerfile
	overwrite: true

	- name: Generate image name
	run: \|
	REPO_OWNER_LOWERCASE="$(echo ${{ github.repository_owner }} \| tr '[:upper:]' '[:lower:]')"
	echo "REPO_OWNER_LOWERCASE=$REPO_OWNER_LOWERCASE" >> "$GITHUB_ENV"
	echo "IMAGE_URL=ghcr.io/$REPO_OWNER_LOWERCASE/waydroid" >> "$GITHUB_ENV"

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.IMAGE_URL }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to GitHub Package Registry
	uses: docker/login-action@v3
	if: ${{ github.event_name != 'pull_request' }}
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push by digest
	id: build
	uses: docker/build-push-action@v6
	with:
	context: .
	file: Containerfile
	tags: ${{ env.IMAGE_URL }}
	labels: ${{ steps.meta.outputs.labels }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	platforms: linux/${{ matrix.arch }}
	provenance: false
	outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}

	- name: Attest pushed image
	uses: actions/attest-build-provenance@v3
	id: attest
	if: ${{ github.event_name != 'pull_request' }}
	with:
	subject-name: ${{ env.IMAGE_URL }}
	subject-digest: ${{ steps.build.outputs.digest }}
	push-to-registry: false

	- name: Export digest
	if: ${{ github.event_name != 'pull_request' }}
	run: \|
	mkdir -p ${{ runner.temp }}/digests
	digest="${{ steps.build.outputs.digest }}"
	touch "${{ runner.temp }}/digests/${digest#sha256:}"

	- name: Upload digest
	uses: actions/upload-artifact@v4
	if: ${{ github.event_name != 'pull_request' }}
	with:
	name: digests-${{ matrix.arch }}
	path: ${{ runner.temp }}/digests/*
	if-no-files-found: error
	retention-days: 1

	merge:
	runs-on: ubuntu-latest
	if: ${{ github.event_name != 'pull_request' }}
	needs: build
	permissions:
	contents: write # Allow actions to create release
	packages: write # Allow pushing images to GHCR

	steps:
	- name: Generate image name
	run: \|
	REPO_OWNER_LOWERCASE="$(echo ${{ github.repository_owner }} \| tr '[:upper:]' '[:lower:]')"
	echo "REPO_OWNER_LOWERCASE=$REPO_OWNER_LOWERCASE" >> "$GITHUB_ENV"
	echo "IMAGE_URL=ghcr.io/$REPO_OWNER_LOWERCASE/waydroid" >> "$GITHUB_ENV"

	- name: Download digests
	uses: actions/download-artifact@v4
	with:
	path: ${{ runner.temp }}/digests
	pattern: digests-*
	merge-multiple: true

	- name: Extra image tag branch
	if: ${{ github.ref_type != 'tag' }}
	run: \|
	echo "EXTRA_TAG=ref,event=branch" >> "$GITHUB_ENV"

	- name: Extra image tag release
	if: ${{ github.ref_type == 'tag' }}
	run: \|
	echo "EXTRA_TAG=raw,main" >> "$GITHUB_ENV"

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.IMAGE_URL }}
	tags: \|
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{raw}}
	type=semver,pattern=v{{major}}
	type=${{ env.EXTRA_TAG }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to GitHub Package Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Create manifest list and push
	working-directory: ${{ runner.temp }}/digests
	run: \|
	docker buildx imagetools create $(jq -cr '.tags \| map("-t " + .) \| join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
	$(printf '${{ env.IMAGE_URL }}@sha256:%s ' *)

	differ:
	runs-on: ubuntu-latest
	if: github.repository == 'vanilla-os/waydroid-image' && github.ref_type == 'tag'
	needs: merge
	container:
	image: ghcr.io/vanilla-os/waydroid:main

	steps:
	- uses: actions/checkout@v5

	- name: Generate package diff
	run: \|
	lpkg --unlock
	PACKAGE_LIST=$(.github/gen_package_list.sh)
	apt-get install -y curl
	IMAGE_DIGEST=$(curl -s -L -H "Accept: application/vnd.github+json" \
	-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
	-H "X-GitHub-Api-Version: 2022-11-28" \
	https://api.github.com/orgs/Vanilla-OS/packages/container/waydroid/versions \| grep -m1 name \| sed -E 's/^\s"name": "(.+)".$/\1/')
	curl -X POST \
	-H 'Accept:application/json' \
	-H "Authorization:Basic $(echo -n "${{ secrets.DIFFER_USER }}:${{ secrets.DIFFER_PSW }}" \| base64)" \
	-d "{\"digest\":\"${IMAGE_DIGEST}\",${PACKAGE_LIST}}" \
	${{ vars.DIFFER_URL }}/images/waydroid/new
	lpkg --lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: waydroid image based on desktop #32

Workflow file

feat: waydroid image based on desktop #32

Uh oh!

Workflow file for this run