use just for create-release

.github/workflows/create-release.yml

@@ -25,24 +25,32 @@ jobs:
           merge-multiple: true
           run-id: ${{ inputs.run-id || github.run_id }}
           github-token: ${{ github.token }}
+
+      - name: Install Just
+        shell: bash
+        run: |
+          set -eoux pipefail
+          JUST_VERSION=$(curl -L https://api.github.com/repos/casey/just/releases/latest | jq -r '.tag_name')
+          curl -sSLO https://github.com/casey/just/releases/download/${JUST_VERSION}/just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz
+          tar -zxvf just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz -C /tmp just
+          sudo mv /tmp/just /usr/local/bin/just
+          rm -f just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz
+        
+      - name: Check Just Syntax
+        shell: bash
+        run: |
+          just check
         
       - name: Prepare Release
         id: prepare-release
         shell: bash
         run: |
           set -eoux pipefail
-          cat changelog*.md > changelog.md
+          output=$(just merge-changelog)
           cat changelog.md
-          last_tag=$(git tag --list m2os-* | sort -r | head -1)
-          date_extract="$(echo ${last_tag:-} | cut -d "-" -f 2 | cut -d "." -f 1)"
-          date_version="$(echo ${last_tag:-} | cut -d "." -f 2)"
-          if [[ "${date_extract:-}" == "$(date +%Y%m%d)" ]]; then
-            tag="m2os-${date_extract:-}.$(( ${date_version:-} + 1 ))"
-          else
-            tag="m2os-$(date +%Y%m%d).0"
-          fi
-          echo "title=$tag (#$(git rev-parse --short HEAD))" >> $GITHUB_OUTPUT
-          echo "tag=$tag" >> $GITHUB_OUTPUT
+          jq -r <<< $output
+          echo "title=$(jq -r '."title"' <<< $output)" >> $GITHUB_OUTPUT
+          echo "tag=$(jq -r '."tag"' <<< $output)" >> $GITHUB_OUTPUT
 
       - name: Upload Changelogs as Artifact
         uses: actions/upload-artifact@v4

Justfile

@@ -60,7 +60,7 @@ clean:
     sudoif find {{ repo_image_name }}_* -type d -exec chmod 0755 {} \;
     sudoif find {{ repo_image_name }}_* -type f -exec chmod 0644 {} \;
     find {{ repo_image_name }}_* -maxdepth 0 -exec rm -rf {} \;
-    rm -f output.env changelog.md version.txt previous.manifest.json
+    rm -f output*.env changelog*.md version.txt previous.manifest.json
 
 # Build Image
 [group('Image')]
@@ -225,7 +225,7 @@ load-image image="bluefin":
 get-tags image="bluefin":
     #!/usr/bin/bash
     set -eou pipefail
-    VERSION=$(podman inspect m2os:{{ image }} | jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]')
+    VERSION=$(podman inspect {{ repo_image_name }}:{{ image }} | jq -r '.[]["Config"]["Labels"]["org.opencontainers.image.version"]')
     echo "{{ image }} $VERSION"
 
 # Build ISO
@@ -252,6 +252,9 @@ build-iso image="bluefin" ghcr="0" clean="0":
         exit 1
     fi
 
+    # Verify ISO Build Container
+    just verify-container "build-container-installer" "ghcr.io/jasonn3" "https://raw.githubusercontent.com/JasonN3/build-container-installer/refs/heads/main/cosign.pub"
+
     mkdir -p {{ repo_image_name }}_build/{lorax_templates,flatpak-refs-{{ image }},output}
     echo 'append etc/anaconda/profile.d/fedora-kinoite.conf "\\n[User Interface]\\nhidden_spokes =\\n    PasswordSpoke"' \
          > {{ repo_image_name }}_build/lorax_templates/remove_root_password_prompt.tmpl
@@ -260,6 +263,8 @@ build-iso image="bluefin" ghcr="0" clean="0":
     if [[ "{{ ghcr }}" == "1" ]]; then
         IMAGE_FULL=ghcr.io/{{ repo_name }}/{{ repo_image_name }}:{{ image }}
         IMAGE_REPO=ghcr.io/{{ repo_name }}
+        # Verify Container for ISO
+        just verify-container "{{ repo_image_name }}:{{ image }}" "${IMAGE_REPO}" "https://raw.githubusercontent.com/{{ repo_name }}/{{ repo_image_name }}/refs/heads/main/cosign.pub"
         podman pull "${IMAGE_FULL}"
         TEMPLATES=(
             /github/workspace/{{ repo_image_name }}_build/lorax_templates/remove_root_password_prompt.tmpl
@@ -473,7 +478,7 @@ verify-container container="" registry="ghcr.io/ublue-os" key="":
 
     # Public Key for Container Verification
     key={{ key }}
-    if [[ -z "${key:-}" ]]; then
+    if [[ -z "${key:-}" && "{{ registry}}" == "ghcr.io/ublue-os" ]]; then
         key="https://raw.githubusercontent.com/ublue-os/main/main/cosign.pub"
     fi
 
@@ -527,3 +532,24 @@ secureboot image="bluefin":
         podman rm -f "${temp_name}"
     fi
     exit "$returncode"
+
+# Merge Changelogs
+merge-changelog:
+    #!/usr/bin/bash
+    set -eou pipefail
+    rm -f changelog.md
+    cat changelog*.md > changelog.md
+    last_tag=$(git tag --list {{ repo_image_name }}-* | sort -r | head -1)
+    date_extract="$(echo ${last_tag:-} | cut -d "-" -f 2 | cut -d "." -f 1)"
+    date_version="$(echo ${last_tag:-} | cut -d "." -f 2)"
+    if [[ "${date_extract:-}" == "$(date +%Y%m%d)" ]]; then
+        tag="{{ repo_image_name }}-${date_extract:-}.$(( ${date_version:-} + 1 ))"
+    else
+        tag="{{ repo_image_name }}-$(date +%Y%m%d).0"
+    fi
+    cat << EOF
+    {
+        "title": "$tag (#$(git rev-parse --short HEAD))",
+        "tag": "$tag"
+    }
+    EOF

README.md

@@ -4,18 +4,78 @@
 
 These are my customized versions of universal blue images for my needs. Everything is a tag off of m2os.
 
-Bazzite is gnome version. Bazzite Desktop version includes nvidia drivers. ISOs are built for aurora/bazzite/cosmic and are artifacts.
+Bazzite is gnome version. Bazzite Desktop version includes nvidia drivers. ISOs are built for aurora/bazzite/bluefin/cosmic and are artifacts.
 
 Note, this is also a place I use to experiment before making changes in Universal Blue.
 
+Occaisionally, I will build beta versions around Fedora Major Release time.
+
 ## Tags
+
+### Desktop Images
+These images are aimed for desktop use. All of them are based on Bluefin's stable-daily.
+
+Aurora is built from Aurora, Bluefin from Bluefin, and Cosmic from base-main.
+
+All images have zfs support. Nvidia Images have nvidia included as well.
+
+These add in the following: Docker, Incus, and Steam plus different editors. A reasonable way to think of these images as -dx images without virt-manager plus steam/lutris.
+
 - aurora
 - aurora-nvidia
-- bazzite
-- bazzite-deck
 - bluefin
 - bluefin-nvidia
 - cosmic
 - cosmic-nvidia
+
+### Bazzite Images
+These images are based on Bazzite's Gnome images. `bazzite` is based on gnome-nvidia and `bazzite-deck` is based on gnome deck image.
+
+These include several -dx like items like multiple editors, docker, and incus.
+
+- bazzite
+- bazzite-deck
+
+### Ucore Images
+These images are based on the `ucore:zfs` images. They mostly just add Docker from Docker instead of using moby-engine and incus.
+
 - ucore
 - ucore-nvidia
+
+
+## How to Install
+
+### Desktop/Bazzite Images
+ISO's for Desktop and Bazzite Images are built using an action and uploaded as an artifact. The artifacts are linked in the releases for download. They are zipped. The ISO uses the Kinoite version meaning that you will need to create a user in Anaconda. Each release has a changelog with links to the ISOs.
+
+For the Latest ISOs:
+https://github.com/m2giles/m2os/releases/latest
+
+Note artifacts are removed after 90 days though ISOs are refreshed weekly.
+
+### Ucore
+Use the coreos installer and in the ignition file switch to one of these images.
+
+### Rebasing
+You can rebase to an **m2os** image using the following:
+```console
+$ sudo bootc switch --enforce-container-sigpolicy ghcr.io/m2giles/m2os:TAG
+```
+Replace TAG with the specified image. This is also the method for switching to Ucore.
+
+
+## Verification
+All images in this repo are signed with sigstore's cosign. You can verify the signatures by running the following command
+```console
+$ cosign verify --key "https://raw.githubusercontent.com/m2Giles/m2os/refs/heads/main/cosign.pub" "ghcr.io/m2giles/m2os:TAG
+```
+Again replace the TAG with the specified image
+
+## DIY
+This repo was build on the [Universal Blue Image Template](https://github.com/ublue-os/image-template) and added to significantly.
+
+It is possible to build all images and ISOs locally using the provided `Justfile` with `just`. For example to build `m2os:bluefin` just do:
+
+```console
+$ just build bluefin
+```