37 lines
973 B
YAML
37 lines
973 B
YAML
services:
|
|
build:
|
|
image: docker.io/gentoo/stage3:musl-hardened
|
|
command: /build/build-image.sh
|
|
privileged: true
|
|
environment:
|
|
DISTPATH: "/build/artifacts/dist"
|
|
IMGPATH: "/build/images"
|
|
MINOR: ${MINOR}
|
|
SECBOOT: ${SECBOOT}
|
|
TPM: ${TPM}
|
|
REQSIG: ${REQSIG}
|
|
secrets:
|
|
- signing_key_public
|
|
volumes:
|
|
- ./build:/build
|
|
sign:
|
|
image: docker.io/vladgh/gpg
|
|
command: --batch --import /run/secrets/signing_key_private --passphrase-file /run/secrets/signing_key_password
|
|
secrets:
|
|
- signing_key_password
|
|
- signing_key_private
|
|
- signing_key_public
|
|
volumes:
|
|
- ./build/images:/images
|
|
serve:
|
|
image: docker.io/halverneus/static-file-server
|
|
volumes:
|
|
- ./build/images:/images
|
|
|
|
secrets:
|
|
signing_key_password:
|
|
file: secrets/signing_key_password.txt
|
|
signing_key_private:
|
|
file: secrets/HalogenOS_private.asc
|
|
signing_key_public:
|
|
file: secrets/HalogenOS_public.asc |