feat: Allow users to override secure boot key and password (#40)

* feat: Allow users to override secure boot key and password when using container or action * fix: follow redirects * chore: update docs * fix: added comments and removed additional \n * fix: removed defaults * fix: added conditional for adding public key * chore(ci): Added additional test for secure boot * chore(ci): fixed up workflows to match production * fix(ci): added workflow dispatch to test * fix(ci): fixed version and added IMAGE_TAG * chore(ci): changed to bluefin to test both 38 and 39 secure boot * chore(ci): added required variables to entrypoint * chore(ci): added merge_group and added paths-ignore * chore(ci): updated description * chore(ci): set to Silverblue since we are testing Bluefin * chore(ci): Fixed secure boot key not found error Received error in anaconda when check was hit, need to set as a soft failure to exit the script early without stopping anaconda installation. * chore: fixed formatting * chore: fixed whitespace * chore(ci): Removed duplicate test * chore: fix whitespace * chore(ci): fixed test and removed upload to Github Artifacts * chore: updated README * fix: set password to ublue default * fix: changed enrollment password in containerfile
2025-12-25 19:07:54 +01:00 · 2024-02-27 18:06:38 -06:00 · 2024-02-27 18:06:38 -06:00 · f70e8ea027
commit f70e8ea027
parent 3401b10c56
10 changed files with 99 additions and 39 deletions
--- a/.github/workflows/build-container-image.yml
+++ b/.github/workflows/build-container-image.yml
@ -1,9 +1,14 @@
 ---
 name: Build Container Image
 on:
+  merge_group:
  pull_request:
    branches:
      - main
+    paths-ignore:
+      - '*.md'
+      - 'LICENSE'
+      - 'CODEOWNERS'
  push:
    branches:
      - main
--- a/.github/workflows/test-iso.yml
+++ b/.github/workflows/test-iso.yml
@ -10,6 +10,7 @@ on:
      - '*.md'
      - 'LICENSE'
      - 'CODEOWNERS'
+  workflow_dispatch:

 jobs:
  build-and-push-iso:
@ -18,15 +19,30 @@ jobs:
    container:
      image: fedora:39
      options: "--privileged"
+      volumes:
+        - "/:/host"
    permissions:
      contents: read
      packages: write
    strategy:
      fail-fast: false
      matrix:
-        version: 
+        version:
          - 38
          - 39
+        secure_boot:
+          - true
+          - false
+        include:
+          - secure_boot: true
+            SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
+            ENROLLMENT_PASSWORD: 'ublue-os'
+            SECURE_BOOT_STRING: '-secure'
+          - secure_boot: false
+            SECURE_BOOT_KEY_URL: ''
+            ENROLLMENT_PASSWORD: ''
+            SECURE_BOOT_STRING: ''
+
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@ -41,6 +57,18 @@ jobs:
          VERSION: ${{ matrix.version }}
          ACTION_REPO: ${{ github.repository }}
          ACTION_REF: ${{ github.ref }}
+          SECURE_BOOT_KEY_URL: ${{ matrix.SECURE_BOOT_KEY_URL }}
+          ENROLLMENT_PASSWORD: ${{ matrix.ENROLLMENT_PASSWORD }}
+
+      - name: Upload ISO as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: base-main-${{ matrix.version }}${{ matrix.SECURE_BOOT_STRING }}.iso
+          path: end_iso/*
+          if-no-files-found: error
+          retention-days: 0
+          compression-level: 0
+          overwrite: true

  check:
    name: Check build successful
@ -55,4 +83,4 @@ jobs:
        run: exit 1
      - name: Exit
        shell: bash
-        run: exit 0
+        run: exit 0