archy/.gitea/workflows/build-iso.yml
Dorian 08bb2c80d4 feat: LUKS2 encryption, boot sequence fixes, onboarding auth, CI/CD
- LUKS2 full-partition encryption for /var/lib/archipelago/ (TASK-42)
  4-partition layout: BIOS + EFI + root (30GB) + encrypted data
  AES-256-XTS with AES-NI detection, ChaCha20 fallback for ARM
  Auto-unlock via crypttab + random key file

- Fix EFI boot errors: remove shim-signed, clean shim artifacts
- Fix first-boot sequence: always show boot animation before onboarding
- Fix stale localStorage causing login instead of onboarding (BUG-47)

- Add auth.setup + auth.isSetup RPC handlers for password on clean install
- Add onboarding methods to UNAUTHENTICATED_METHODS (DID sign 403 fix)

- FileBrowser bundled in unbundled ISO, fix auto-login Secure cookie (BUG-46)
- Kiosk mode: xorg/chromium in rootfs, toggle script, MOTD instructions

- Add Gitea Actions CI/CD workflow for automatic ISO builds

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 09:12:16 +00:00

48 lines
1.2 KiB
YAML

name: Build Archipelago ISO
on:
push:
branches: [main]
workflow_dispatch:
jobs:
build-iso:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Build backend (release)
run: cargo build --release --manifest-path core/Cargo.toml
- name: Install backend binary
run: |
sudo cp core/target/release/archipelago /usr/local/bin/archipelago
sudo chmod +x /usr/local/bin/archipelago
- name: Build frontend
run: |
cd neode-ui
npm ci
npm run build
- name: Build ISO
run: |
cd image-recipe
sudo DEV_SERVER=localhost BUILD_FROM_SOURCE=0 ./build-auto-installer-iso.sh
env:
DEBIAN_FRONTEND: noninteractive
- name: Upload ISO artifact
uses: actions/upload-artifact@v3
with:
name: archipelago-iso
path: image-recipe/results/*.iso
retention-days: 30