V8.13.008.2025.08.22

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
2025-08-22 11:40:13 +02:00
parent 5c16a5a097
commit 82b9f7395c
2 changed files with 7 additions and 14 deletions
--- a/.gitea/trigger/t_generate_PRIVATE_trixie.yaml
+++ b/.gitea/trigger/t_generate_PRIVATE_trixie.yaml
@@ -10,6 +10,6 @@
 # SPDX-Security-Contact: security@coresecret.eu

 build:
-  counter: 1023
+  counter: 1024
  version: V8.13.008.2025.08.22
 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml
--- a/.gitea/workflows/generate_PRIVATE_trixie.yaml
+++ b/.gitea/workflows/generate_PRIVATE_trixie.yaml
@@ -13,6 +13,10 @@

 name: 🔐 Generating a Private Live ISO TRIXIE.

+defaults:
+  run:
+    shell: bash
+
 permissions:
  contents: write

@@ -31,12 +35,9 @@ jobs:
    ### Run all steps inside Debian Trixie
    container:
      image: debian:trixie
-      options: >-
-        --mount type=bind,src=/mnt/secure,dst=/work

    steps:
      - name: 🛠️ Basic Image Setup.
-        shell: bash
        run: |
          export DEBIAN_FRONTEND=noninteractive
          apt-get update -y
@@ -53,7 +54,6 @@ jobs:
            util-linux

      - name: 🔎 Verify /work mount & space
-        shell: bash
        run: |
          set -euxo pipefail
          df -h /work
@@ -61,7 +61,6 @@ jobs:
          touch /work/.bind-ok && ls -l /work/.bind-ok

      - name: 🔎 Show workspace & mounts
-        shell: bash
        run: |
          set -euo pipefail
          echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE"
@@ -73,7 +72,6 @@ jobs:
          df -h .

      - name: ⚙️ Space guards (workspace + LB_PARENTDIR)
-        shell: bash
        env:
          LB_PARENTDIR: /work
        run: |
@@ -90,7 +88,6 @@ jobs:
          done

      - name: ⚙️ Is there sufficient space available?
-        shell: bash
        run: |
          set -euo pipefail
          need_mb=8192
@@ -103,12 +100,10 @@ jobs:
          fi

      - name: ⚙️ Check GnuPG Version.
-        shell: bash
        run: |
          gpg --version

      - name: ⚙️ Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
-        shell: bash
        run: |
          rm -rf ~/.ssh && mkdir -m700 ~/.ssh

@@ -133,7 +128,6 @@ jobs:

      ### https://github.com/actions/checkout/issues/1843
      - name: 🛠️ Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
-        shell: bash
        env:
          ### GITHUB_REF_NAME contains the branch name from the push event.
          GITHUB_REF_NAME: ${{ github.ref_name }}
@@ -142,13 +136,11 @@ jobs:
          git fetch --unshallow || echo "Nothing to fetch - already full clone."

      - name: 🛠️ Cleaning the workspace.
-        shell: bash
        run: |
          git reset --hard
          git clean -fd

      - name: ⚙️ Importing the 'CI PGP DEPLOY ONLY' key.
-        shell: bash
        run: |
          set -euo pipefail
          ### GPG-Home relative to the Runner Workspace to avoid changing global files.
@@ -163,7 +155,6 @@ jobs:
          echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"

      - name: ⚙️ Configuring Git for signed CI/DEPLOY commits.
-        shell: bash
        run: |
          set -euo pipefail
          export GNUPGHOME="$(pwd)/.gnupg"
@@ -188,6 +179,8 @@ jobs:
        shell: bash
        run: |
          set -euo pipefail
+          export LB_PARENTDIR=/work
+          export LB_CACHE_DIR=/work/.cache
          chmod 0755 ciss_live_builder.sh
          timestamp=$(date -u +"%Y_%m_%dT%H_%M_%SZ")
          ### Change "--autobuild=" to the specific kernel version you need: '6.12.41+deb13-amd64'.