From be8fb8db11d347695a7edc23471af8ff20796da7 Mon Sep 17 00:00:00 2001
From: "K.B.Dharun Krishna" <kbdharunkrishna@gmail.com>
Date: Tue, 23 Jul 2024 00:02:44 +0530
Subject: [PATCH] cleanup: update files, use tags for modules

Signed-off-by: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
---
 .github/dependabot.yml        |  2 +-
 .github/workflows/release.yml | 57 +++++++++++++++++++++++++++++++++++
 modules/00-vanilla-abroot.yml |  5 ++-
 modules/00-vanilla-apx.yml    |  5 ++-
 modules/00-vanilla-ikaros.yml | 23 --------------
 recipe.yml                    |  1 -
 6 files changed, 62 insertions(+), 31 deletions(-)
 create mode 100644 .github/workflows/release.yml
 delete mode 100644 modules/00-vanilla-ikaros.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8ac6b8c..5ace460 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,4 +3,4 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "monthly"
+      interval: "weekly"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..c8f8877
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,57 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - '*'
+  workflow_dispatch:
+
+env:
+    REGISTRY_USER: ${{ github.actor }}
+    REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  verify-image:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Verify Base Image Integrity
+      run:
+        gh attestation verify oci://ghcr.io/vanilla-os/pico:main --owner Vanilla-OS
+      env:
+        GH_TOKEN: ${{ github.token }}
+
+  release:
+    runs-on: ubuntu-latest
+    needs: verify-image
+    permissions:
+      contents: write # Allow actions to create release
+      attestations: write # To create and write attestations
+      id-token: write # Additional permissions for the persistence of the attestations
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: vanilla-os/vib-gh-action@v0.7.4
+        with:
+            recipe: 'recipe.yml'
+            plugins: 'Vanilla-OS/vib-fsguard:v1.5.3'
+
+      - uses: actions/upload-artifact@v4
+        with:
+            name: Containerfile
+            path: Containerfile
+
+      - name: Create Release
+        env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gh release create "${{ github.ref_name }}" --generate-notes Containerfile
+
+      - name: Attest Release Files
+        id: attest
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: 'Containerfile'
diff --git a/modules/00-vanilla-abroot.yml b/modules/00-vanilla-abroot.yml
index 03a09bb..e4b552d 100644
--- a/modules/00-vanilla-abroot.yml
+++ b/modules/00-vanilla-abroot.yml
@@ -2,8 +2,7 @@ name: abroot
 type: shell
 source:
   type: tar
-  # switch to production build once in production
-  url: https://github.com/Vanilla-OS/ABRoot/releases/download/continuous/abrootv2.tar.gz
+  url: https://github.com/Vanilla-OS/ABRoot/releases/download/v2.0.0/abrootv2.tar.gz
 commands:
   - apt install -y podman golang-github-containers-common patch wget
   - mkdir -p /usr/bin
@@ -14,6 +13,6 @@ modules:
   type: shell
   source:
     type: tar
-    url: https://github.com/Vanilla-OS/ABRoot/releases/download/continuous/abroot-man.tar.gz
+    url: https://github.com/Vanilla-OS/ABRoot/releases/download/v2.0.0/abroot-man.tar.gz
   commands:
   - mv /sources/abroot-manpage/man/man1/abroot.1 /usr/share/man/man1/
diff --git a/modules/00-vanilla-apx.yml b/modules/00-vanilla-apx.yml
index bc63acd..7fa45fa 100644
--- a/modules/00-vanilla-apx.yml
+++ b/modules/00-vanilla-apx.yml
@@ -2,8 +2,7 @@ name: apx
 type: shell
 source:
   type: tar
-  # switch to production build once in production
-  url: https://github.com/Vanilla-OS/apx/releases/download/continuous/apx.tar.gz
+  url: https://github.com/Vanilla-OS/apx/releases/download/v2.4.3/apx.tar.gz
 commands:
 - mkdir -p /usr/bin
 - cp /sources/apx/apx /usr/bin/apx
@@ -23,6 +22,6 @@ modules:
   type: shell
   source:
     type: tar
-    url: https://github.com/Vanilla-OS/apx/releases/download/continuous/apx-man.tar.gz
+    url: https://github.com/Vanilla-OS/apx/releases/download/v2.4.3/apx-man.tar.gz
   commands:
   - mv /sources/apx-manpage/man/man1/apx.1 /usr/share/man/man1/
diff --git a/modules/00-vanilla-ikaros.yml b/modules/00-vanilla-ikaros.yml
deleted file mode 100644
index 9327e6a..0000000
--- a/modules/00-vanilla-ikaros.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-name: ikaros
-type: shell
-source:
-  type: tar
-  # switch to production build once in production
-  url: https://github.com/Vanilla-OS/Ikaros/releases/download/continuous/ikaros.tar.gz
-commands:
-- mkdir -p /usr/bin
-- cp /sources/ikaros/ikaros /usr/bin/ikaros
-- chmod +x /usr/bin/ikaros
-modules:
-- name: lshw
-  type: apt
-  source:
-    packages:
-    - lshw
-- name: ikaros-manpage
-  type: shell
-  source:
-    type: tar
-    url: https://github.com/Vanilla-OS/Ikaros/releases/download/continuous/ikaros-man.tar.gz
-  commands:
-  - mv /sources/ikaros-manpage/man/ikaros.1 /usr/share/man/man1/
diff --git a/recipe.yml b/recipe.yml
index 6307159..f3fb3ea 100644
--- a/recipe.yml
+++ b/recipe.yml
@@ -28,7 +28,6 @@ stages:
       - modules/00-vanilla-base-files.yml
       - modules/00-vanilla-apx.yml
       - modules/00-vanilla-apx-stacks.yml
-      - modules/00-vanilla-ikaros.yml
       - modules/03-fswarn.yml
       - modules/05-firmware.yml
       - modules/10-input-and-locale.yml