From c3be4c6046b12814955e9eec8d10e441fbd03ba6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 1 Sep 2024 23:43:38 +0000
Subject: [PATCH 1/4] chore(deps): bump vanilla-os/vib-gh-action from 0.7.4 to
 0.8.1

Bumps [vanilla-os/vib-gh-action](https://github.com/vanilla-os/vib-gh-action) from 0.7.4 to 0.8.1.
- [Release notes](https://github.com/vanilla-os/vib-gh-action/releases)
- [Commits](https://github.com/vanilla-os/vib-gh-action/compare/v0.7.4...v0.8.1)

---
updated-dependencies:
- dependency-name: vanilla-os/vib-gh-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/release.yml   | 2 +-
 .github/workflows/vib-build.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4f0ecad..70c7a69 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -35,7 +35,7 @@ jobs:
         with:
           fetch-depth: 0
 
-      - uses: vanilla-os/vib-gh-action@v0.7.4
+      - uses: vanilla-os/vib-gh-action@v0.8.1
         with:
             recipe: 'recipe.yml'
             plugins: 'Vanilla-OS/vib-fsguard:v1.5.3'
diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml
index a893375..352eaae 100644
--- a/.github/workflows/vib-build.yml
+++ b/.github/workflows/vib-build.yml
@@ -35,7 +35,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
-    - uses: vanilla-os/vib-gh-action@v0.7.4
+    - uses: vanilla-os/vib-gh-action@v0.8.1
       with:
         recipe: 'recipe.yml'
         plugins: 'Vanilla-OS/vib-fsguard:v1.5.3'

From 87915a4476b71a283252c2c9300bf4016c467b71 Mon Sep 17 00:00:00 2001
From: "K.B.Dharun Krishna" <kbdharunkrishna@gmail.com>
Date: Tue, 17 Sep 2024 22:41:59 +0530
Subject: [PATCH 2/4] fix/ci: update workflow to push to main only on tags

Signed-off-by: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
---
 .github/workflows/vib-build.yml | 41 ++++++++++++++++++++++++++++++---
 recipe.yml                      |  2 +-
 2 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml
index 352eaae..47e27d5 100644
--- a/.github/workflows/vib-build.yml
+++ b/.github/workflows/vib-build.yml
@@ -3,7 +3,7 @@ name: Vib Build
 on:
   push:
     branches:
-      - 'main'
+      - 'dev'
     tags:
       - '*'
   workflow_dispatch:
@@ -18,14 +18,34 @@ jobs:
 
     steps:
     - name: Verify Base Image Integrity
+      if: ${{ github.ref_type == 'tag' }}
       run:
         gh attestation verify oci://ghcr.io/vanilla-os/desktop:main --owner Vanilla-OS
       env:
         GH_TOKEN: ${{ github.token }}
 
+  check_base_status:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone base image
+      if: ${{ github.ref_type == 'tag' }}
+      uses: actions/checkout@v4
+      with:
+        repository: Vanilla-OS/desktop-image
+
+    - name: Check if base is up to date
+      if: ${{ github.ref_type == 'tag' }}
+      run: |
+        git fetch origin
+        main_head=$( git rev-parse origin/main )
+        dev_head=$( git rev-parse origin/dev )
+        echo main branch is at: $main_head
+        echo dev branch is at: $dev_head
+        [ "$main_head" = "$dev_head" ]
+
   build:
     runs-on: ubuntu-latest
-    needs: verify-image
+    needs: [verify-image, check_base_status]
     permissions:
       contents: write # Allow actions to create release
       packages: write # Allow pushing images to GHCR
@@ -35,6 +55,11 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
+    - name: Change tag in recipe
+      if: ${{ github.ref_type == 'tag' }}
+      run: |
+        sed 's/ghcr.io\/vanilla-os\/desktop:dev/ghcr.io\/vanilla-os\/desktop:main/' -i recipe.yml
+
     - uses: vanilla-os/vib-gh-action@v0.8.1
       with:
         recipe: 'recipe.yml'
@@ -51,6 +76,16 @@ jobs:
         echo "REPO_OWNER_LOWERCASE=$REPO_OWNER_LOWERCASE" >> "$GITHUB_ENV"
         echo "IMAGE_URL=ghcr.io/$REPO_OWNER_LOWERCASE/vm" >> "$GITHUB_ENV"
 
+    - name: Extra image tag branch
+      if: ${{ github.ref_type != 'tag' }}
+      run: |
+        echo "EXTRA_TAG=ref,event=branch" >> "$GITHUB_ENV"
+
+    - name: Extra image tag release
+      if: ${{ github.ref_type == 'tag' }}
+      run: |
+        echo "EXTRA_TAG=raw,main" >> "$GITHUB_ENV"
+
     - name: Docker meta
       id: docker_meta
       uses: docker/metadata-action@v5
@@ -62,7 +97,7 @@ jobs:
           type=semver,pattern={{major}}.{{minor}}
           type=semver,pattern={{raw}}
           type=semver,pattern=v{{major}}
-          type=ref,event=branch
+          type=${{ env.EXTRA_TAG }}
 
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
diff --git a/recipe.yml b/recipe.yml
index fe66e67..e452636 100644
--- a/recipe.yml
+++ b/recipe.yml
@@ -2,7 +2,7 @@ name: Vanilla Desktop VM
 id: vm
 stages:
 - id: build
-  base: ghcr.io/vanilla-os/desktop:main
+  base: ghcr.io/vanilla-os/desktop:dev
   singlelayer: false
   labels:
     maintainer: Vanilla OS Contributors

From 1ff65e3d3ff6289abfdeef416475a9cd4b6378c1 Mon Sep 17 00:00:00 2001
From: "K.B.Dharun Krishna" <kbdharunkrishna@gmail.com>
Date: Sat, 21 Sep 2024 00:20:28 +0530
Subject: [PATCH 3/4] cleanup: remove check_base_status job for tag instead

---
 .github/workflows/vib-build.yml | 21 +--------------------
 1 file changed, 1 insertion(+), 20 deletions(-)

diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml
index 47e27d5..b5cd345 100644
--- a/.github/workflows/vib-build.yml
+++ b/.github/workflows/vib-build.yml
@@ -24,28 +24,9 @@ jobs:
       env:
         GH_TOKEN: ${{ github.token }}
 
-  check_base_status:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Clone base image
-      if: ${{ github.ref_type == 'tag' }}
-      uses: actions/checkout@v4
-      with:
-        repository: Vanilla-OS/desktop-image
-
-    - name: Check if base is up to date
-      if: ${{ github.ref_type == 'tag' }}
-      run: |
-        git fetch origin
-        main_head=$( git rev-parse origin/main )
-        dev_head=$( git rev-parse origin/dev )
-        echo main branch is at: $main_head
-        echo dev branch is at: $dev_head
-        [ "$main_head" = "$dev_head" ]
-
   build:
     runs-on: ubuntu-latest
-    needs: [verify-image, check_base_status]
+    needs: [verify-image]
     permissions:
       contents: write # Allow actions to create release
       packages: write # Allow pushing images to GHCR

From a58469b64eb24ab6af13668f58f21be8d867fe2e Mon Sep 17 00:00:00 2001
From: "K.B.Dharun Krishna" <kbdharunkrishna@gmail.com>
Date: Fri, 8 Nov 2024 00:08:16 +0530
Subject: [PATCH 4/4] fu/ci: convert differ to job under vib-build

Signed-off-by: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
---
 .github/workflows/differ.yml    | 33 ---------------------------------
 .github/workflows/vib-build.yml | 26 ++++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 33 deletions(-)
 delete mode 100644 .github/workflows/differ.yml

diff --git a/.github/workflows/differ.yml b/.github/workflows/differ.yml
deleted file mode 100644
index 7ebc75a..0000000
--- a/.github/workflows/differ.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-name: Differ
-
-on:
-  workflow_run:
-    workflows: [Vib Build]
-    types:
-      - completed
-
-jobs:
-  differ:
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/vanilla-os/vm:main
-    if: github.repository == 'vanilla-os/vm-image'
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Generate package diff
-        run: |
-          lpkg --unlock
-          PACKAGE_LIST=$(.github/gen_package_list.sh)
-          apt-get install -y curl
-          IMAGE_DIGEST=$(curl -s -L -H "Accept: application/vnd.github+json" \
-          -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-          -H "X-GitHub-Api-Version: 2022-11-28" \
-          https://api.github.com/orgs/Vanilla-OS/packages/container/vm/versions | grep -m1 name | sed -E 's/^\s*"name": "(.+)".*$/\1/')
-          curl -X POST \
-          -H 'Accept:application/json' \
-          -H "Authorization:Basic $(echo -n "${{ secrets.DIFFER_USER }}:${{ secrets.DIFFER_PSW }}" | base64)" \
-          -d "{\"digest\":\"${IMAGE_DIGEST}\",${PACKAGE_LIST}}" \
-          ${{ vars.DIFFER_URL }}/images/vm/new
-          lpkg --lock
diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml
index b5cd345..387d5bd 100644
--- a/.github/workflows/vib-build.yml
+++ b/.github/workflows/vib-build.yml
@@ -113,3 +113,29 @@ jobs:
         subject-name: ${{ env.IMAGE_URL }}
         subject-digest: ${{ steps.push.outputs.digest }}
         push-to-registry: false
+
+  differ:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/vanilla-os/vm:main
+    if: github.repository == 'vanilla-os/vm-image' && github.ref_type == 'tag'
+    needs: build
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate package diff
+        run: |
+          lpkg --unlock
+          PACKAGE_LIST=$(.github/gen_package_list.sh)
+          apt-get install -y curl
+          IMAGE_DIGEST=$(curl -s -L -H "Accept: application/vnd.github+json" \
+          -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+          https://api.github.com/orgs/Vanilla-OS/packages/container/vm/versions | grep -m1 name | sed -E 's/^\s*"name": "(.+)".*$/\1/')
+          curl -X POST \
+          -H 'Accept:application/json' \
+          -H "Authorization:Basic $(echo -n "${{ secrets.DIFFER_USER }}:${{ secrets.DIFFER_PSW }}" | base64)" \
+          -d "{\"digest\":\"${IMAGE_DIGEST}\",${PACKAGE_LIST}}" \
+          ${{ vars.DIFFER_URL }}/images/vm/new
+          lpkg --lock