veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

ci(bluebuild): slim dnf list + install cosign from upstream binary
Some checks failed
Build veilor-os OCI (BlueBuild) / Build + push OCI (push) Failing after 29s
Details

Browse source 
dnf5 in Fedora 43 strict-fails when 'already installed' packages
appear in -y install. Drop git/curl/tar/sudo (shipped in
veilor-build:43 image already) and use --skip-unavailable. cosign
isn't packaged in F43 — pull v2.4.1 static binary from upstream.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
claude-veilor-bot 2026-05-06 16:51:17 +01:00
parent ebf61ab93b
commit 809ea08a57
1 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
.github/workflows/build-bluebuild.yml vendored
View file

@ -59,16 +59,26 @@ jobs:
run: | run: |
set -euxo pipefail set -euxo pipefail
dnf -y upgrade --refresh dnf -y upgrade --refresh
dnf -y install \ # veilor-build:43 already ships git, curl, tar, sudo, nodejs.
# cosign is not packaged in Fedora 43; we install it from the
# upstream release tarball below in a separate step.
dnf -y install --skip-unavailable \
podman \ podman \
buildah \ buildah \
skopeo \ skopeo \
jq \ jq
git \
curl \ - name: Install cosign binary (upstream release)
tar \ run: |
sudo \ set -euxo pipefail
cosign # Fedora 43 has no cosign rpm. Pull static x86_64 binary
# from sigstore/cosign GitHub releases. Pinned to v2.4.1.
COSIGN_VERSION="2.4.1"
curl -fsSL \
"https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-linux-amd64" \
-o /usr/local/bin/cosign
chmod +x /usr/local/bin/cosign
cosign version
- name: Install BlueBuild CLI - name: Install BlueBuild CLI
run: | run: |