fix: Sign images keylessly as well

shubms · Dec 12, 2024 · d14a1e9 · d14a1e9
1 parent b707057
commit d14a1e9
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -90,11 +90,12 @@ jobs:
           for tag in ${TAGS}; do
             images+="${tag}@${DIGEST} "
           done
+          cosign sign --yes ${images}
           cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
 
       - name: Cleanup old images
         uses: actions/delete-package-versions@v5
         with:
           package-name: ${{ matrix.image }}
           package-type: container
-          min-versions-to-keep: 60
+          min-versions-to-keep: 30
diff --git a/distroboxes/spotify/Dockerfile b/distroboxes/spotify/Dockerfile
@@ -5,10 +5,16 @@ LABEL com.github.containers.toolbox="true" \
 
 ARG DEBIAN_FRONTEND=noninteractive
 
-RUN curl -sS https://download.spotify.com/debian/pubkey_6224F9941A8AA6D1.gpg | \
+RUN apt-get update && \
+    apt-get -y upgrade && \
+    apt-get -y install \
+    curl gnupg2 && \
+    rm -rd /var/lib/apt/lists/* && \
+    curl -sS https://download.spotify.com/debian/pubkey_6224F9941A8AA6D1.gpg | \
     gpg --dearmor --yes -o /etc/apt/trusted.gpg.d/spotify.gpg && \
     echo "deb http://repository.spotify.com stable non-free" | \
     tee /etc/apt/sources.list.d/spotify.list && \
+    mkdir -p /usr/share/applications /usr/share/icons && \
     ln -sf /usr/share/spotify/spotify.desktop /usr/share/applications/spotify.desktop && \
     ln -sf /usr/share/spotify/icons/spotify_icon.ico /usr/share/icons/spotify.ico