msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.392.2025.11.07
Some checks failed
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Failing after 4s
Details
🔐 Generating a Private Live ISO TRIXIE. / 🔐 Generating a Private Live ISO TRIXIE. (push) Failing after 4s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-07 22:37:57 +01:00
parent 31c2a2cf6f
commit 21e18f916e
4 changed files with 19 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/trigger/t_generate_PRIVATE_trixie_1.yaml
View File

@@ -10,6 +10,6 @@
# SPDX-Security-Contact: security@coresecret.eu
build:
counter: 1023
counter: 1024
version: V8.13.392.2025.11.07
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml

7
.gitea/workflows/generate_PRIVATE_trixie_1.yaml
View File

@@ -16,6 +16,7 @@ name: 🔐 Generating a Private Live ISO TRIXIE.
defaults:
run:
shell: bash
working-directory: ${{ github.workspace }}
permissions:
contents: write
@@ -35,11 +36,6 @@ jobs:
container:
image: debian:trixie
defaults:
run:
shell: bash
working-directory: ${{ github.workspace }}
steps:
- name: 🕑 Waiting random time to desynchronize parallel workflows.
run: |
@@ -138,6 +134,7 @@ jobs:
echo "GNUPGHOME=${GNUPGHOME}" >> "${GITHUB_ENV}"
echo 'allow-loopback-pinentry' >| "${GNUPGHOME}/gpg-agent.conf"
echo 'pinentry-program /usr/bin/pinentry-tty' >> "${GNUPGHOME}/gpg-agent.conf"
echo "trust-model always" >> "${GNUPGHOME}/gpg.conf"
gpgconf --reload gpg-agent || true
- name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.

42
.gitea/workflows/linter_char_scripts.yaml
View File

@@ -23,6 +23,11 @@
name: 🛡️ Shell Script Linting
defaults:
run:
shell: bash
working-directory: ${{ github.workspace }}
on:
push:
branches:
@@ -37,14 +42,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash
- name: 🕑 Waiting random time to desynchronize parallel workflows.
run: |
set -euo pipefail
var_wait=$(( RANDOM % 33 ))
printf " Waiting %s seconds to desynchronize parallel workflows...\n" "${var_wait}"
printf "🕑 Waiting %s seconds to desynchronize parallel workflows...\n" "${var_wait}"
sleep "${var_wait}"
- name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
run: |
set +x
set -euo pipefail
rm -rf ~/.ssh && mkdir -m700 ~/.ssh
### Private Key
@@ -67,25 +75,15 @@ jobs:
chmod 0600 ~/.ssh/config
### https://github.com/actions/checkout/issues/1843
- name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
- name: 🔧 Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
env:
### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
set -euo pipefail
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: 🛠️ Cleaning the workspace.
shell: bash
run: |
set -euo pipefail
git reset --hard
git clean -fd
- name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
set -euo pipefail
### GPG-Home relative to the Runner Workspace to avoid changing global files.
@@ -98,7 +96,6 @@ jobs:
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
shell: bash
run: |
set -euo pipefail
export GNUPGHOME="$(PWD)/.gnupg"
@@ -109,22 +106,19 @@ jobs:
git config gpg.format openpgp
- name: ⚙️ Convert APT sources to HTTPS.
shell: bash
run: |
set -euo pipefail
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true
- name: 🛠️ Install dependencies.
shell: bash
- name: 🔧 Install dependencies.
run: |
### Install grep with Perl-regex support, falls noch nicht vorhanden
apt-get update
apt-get update -qq
apt-get upgrade -y
apt-get install -y grep
- name: 🔍 Lint shell scripts
shell: bash
run: |
# -------------------------------
# STEP 1: Find target files.
@@ -254,7 +248,6 @@ jobs:
fi
- name: 🚧 Stash local changes (including untracked).
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
@@ -263,7 +256,6 @@ jobs:
git stash push --include-untracked -m "ci-temp" || echo "✔️ Nothing to stash."
- name: 🔄 Sync with remote before commit using merge strategy.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
@@ -280,8 +272,7 @@ jobs:
git status
git log --oneline -n 5
- name: 🛠️ Restore stashed changes.
shell: bash
- name: 🔧 Restore stashed changes.
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
@@ -290,7 +281,6 @@ jobs:
git stash pop || echo "✔️ Nothing to pop."
- name: 📦 Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
@@ -299,7 +289,6 @@ jobs:
git add "${PRIVATE_FILE}" || echo "✔️ Nothing to add."
- name: 🔑 Commit and sign changes with CI metadata.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
@@ -335,7 +324,6 @@ jobs:
fi
- name: 🔁 Push back to repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |

1
lib/lib_gnupg.sh
View File

@@ -54,6 +54,7 @@ init_gnupg() {
cat << EOF >| "${GNUPGHOME}/gpg-agent.conf"
allow-loopback-pinentry
pinentry-program /usr/bin/pinentry-tty
trust-model always
EOF
if ! gpgconf --launch gpg-agent 2>&1; then