The option was moved the to template and an earlier commit
reintroduced/copied them back seemingly by mistake.
Cc: nl6720 <nl6720@gmail.com>
Fixes: ca9957f ("Do not use secure runners on forks")
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
We use git in the makefile to create the container revision label.
This did not have any affect outside the local containers, since the
official ones use the CI_COMMIT_TAG variable from the CI.
Fixes: 5ec09f5 ("gitlab-ci: install devtools without its dependencies")
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
The file may be useful locally, but for the other stages we don't need
it. Explicitly remove it since it tends to be 3-4x the size of
everything else.
v2
- switch from rm to artefacts:exclude:
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
The identity has been changed[1] to also include the "CI config path"
and the ref path should be the git tag of the release.
Also remove `jq` as it is only nice to have, not needed and it masks the
return code of `cosign verify`.
[1] a4b3e128c1
Fixes: 8317be4 ("Sign the images with sigstore's fulcio/rekor")
The ecosystem is moving towards sigstore and we are federated with the
public fulcio instance[1], so let's sign our images. Cosign is not used,
but the sigstore feature built into podman, which works basically the
same way as cosign.
[1] https://github.com/sigstore/fulcio/pull/1214Fix#77
Currently we use the system mirrorlist for the pacman invocation.
The system config may or may not be identical to the in-tree one - as
one of my dev machines was kind enough to remind me.
The tooling should be self-contained and leak as few builder specific as
possible.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Re-wrap the readme to about 80 columns and use standalone references for
the long URLs. Reduces the eye-bleed for casual contributors.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
The targets never had a docker/oci prefix. Update the PHONY targets in
the Makefile and the README.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
We only need devtools for the pacman.conf. While currently we install a
dozen+ of extra dependencies, weighting in at over 100M.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Had a silly moment a while back, assuming the stage is no longer needed.
That's not the case, so add a brief commit about that.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
