-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathJustfile
More file actions
165 lines (148 loc) · 4.72 KB
/
Justfile
File metadata and controls
165 lines (148 loc) · 4.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
repo_organization := "ublue-os"
common_image := "ghcr.io/get-aurora-dev/common:latest"
images := '(
[aurora]=aurora
)'
flavors := '(
[main]=main
[nvidia-open]=nvidia-open
)'
tags := '(
[stable]=stable
[latest]=latest
[beta]=beta
)'
export SUDO_DISPLAY := if `if [ -n "${DISPLAY:-}" ] || [ -n "${WAYLAND_DISPLAY:-}" ]; then echo true; fi` == "true" { "true" } else { "false" }
export SUDOIF := if `id -u` == "0" { "" } else if SUDO_DISPLAY == "true" { "sudo --askpass" } else { "sudo" }
export PODMAN := if path_exists("/usr/bin/podman") == "true" { env("PODMAN", "/usr/bin/podman") } else if path_exists("/usr/bin/docker") == "true" { env("PODMAN", "docker") } else { env("PODMAN", "exit 1 ; ") }
just := just_executable()
[private]
default:
@{{ just }} --list
# Check Just Syntax
[group('Just')]
check:
#!/usr/bin/bash
find . -type f -name "*.just" | while read -r file; do
echo "Checking syntax: $file"
{{ just }} --unstable --fmt --check -f $file
done
echo "Checking syntax: Justfile"
{{ just }} --unstable --fmt --check -f Justfile
# Fix Just Syntax
[group('Just')]
fix:
#!/usr/bin/bash
find . -type f -name "*.just" | while read -r file; do
echo "Checking syntax: $file"
{{ just }} --unstable --fmt -f $file
done
echo "Checking syntax: Justfile"
{{ just }} --unstable --fmt -f Justfile || { exit 1; }
# Clean Repo
[group('Utility')]
clean:
#!/usr/bin/bash
set -eoux pipefail
rm -rf output/
rm -rf common/
rm -f *.iso*
rm -f flatpaks.list
# Check if valid combo
[group('Utility')]
[private]
validate $image $tag $flavor:
#!/usr/bin/bash
set -eou pipefail
declare -A images={{ images }}
declare -A tags={{ tags }}
declare -A flavors={{ flavors }}
# Handle Stable Daily
if [[ "${tag}" == "stable-daily" ]]; then
tag="stable"
fi
checkimage="${images[${image}]-}"
checktag="${tags[${tag}]-}"
checkflavor="${flavors[${flavor}]-}"
# Validity Checks
if [[ -z "$checkimage" ]]; then
echo "Invalid Image..."
exit 1
fi
if [[ -z "$checktag" ]]; then
echo "Invalid tag..."
exit 1
fi
if [[ -z "$checkflavor" ]]; then
echo "Invalid flavor..."
exit 1
fi
# Image Name
[group('Utility')]
image_name image="aurora" tag="stable" flavor="main":
#!/usr/bin/bash
set -eou pipefail
{{ just }} validate {{ image }} {{ tag }} {{ flavor }}
if [[ "{{ flavor }}" =~ main ]]; then
image_name={{ image }}
else
image_name="{{ image }}-{{ flavor }}"
fi
echo "${image_name}"
# Clone Common Repository
[group('ISO')]
clone-common:
#!/usr/bin/bash
set -eoux pipefail
if [[ ! -d "common" ]]; then
git clone https://github.com/get-aurora-dev/common.git common
else
echo "Common repository already cloned"
fi
# Generate Flatpak List
[group('ISO')]
generate-flatpak-list:
#!/usr/bin/bash
set -eoux pipefail
{{ just }} clone-common
find common -iname "*system-flatpaks.Brewfile" -exec cat '{}' ';' | \
grep -v '#' | \
grep -F -e "flatpak" | \
sed 's/flatpak //' | \
tr -d '"' | \
tee flatpaks.list
# Verify Container with Cosign
[group('Utility')]
verify-container container="" registry="ghcr.io/ublue-os" key="":
#!/usr/bin/bash
set -eou pipefail
# Get Cosign if Needed
if [[ ! $(command -v cosign) ]]; then
COSIGN_CONTAINER_ID=$(${SUDOIF} ${PODMAN} create cgr.dev/chainguard/cosign:latest bash)
${SUDOIF} ${PODMAN} cp "${COSIGN_CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign
${SUDOIF} ${PODMAN} rm -f "${COSIGN_CONTAINER_ID}"
fi
# Verify Cosign Image Signatures if needed
if [[ -n "${COSIGN_CONTAINER_ID:-}" ]]; then
if ! cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity=https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main cgr.dev/chainguard/cosign >/dev/null; then
echo "NOTICE: Failed to verify cosign image signatures."
exit 1
fi
fi
# Public Key for Container Verification
key={{ key }}
if [[ -z "${key:-}" ]]; then
key="https://raw.githubusercontent.com/ublue-os/main/main/cosign.pub"
fi
# Verify Container using cosign public key
if ! cosign verify --key "${key}" "{{ registry }}"/"{{ container }}" >/dev/null; then
echo "NOTICE: Verification failed. Please ensure your public key is correct."
exit 1
fi
# Test ISO Configuration Script
[group('ISO')]
test-iso-config:
#!/usr/bin/bash
set -eoux pipefail
bash -n iso_files/configure_iso_anaconda-webui.sh
echo "ISO configuration script syntax is valid"