- LUKS2 full-partition encryption for /var/lib/archipelago/ (TASK-42) 4-partition layout: BIOS + EFI + root (30GB) + encrypted data AES-256-XTS with AES-NI detection, ChaCha20 fallback for ARM Auto-unlock via crypttab + random key file - Fix EFI boot errors: remove shim-signed, clean shim artifacts - Fix first-boot sequence: always show boot animation before onboarding - Fix stale localStorage causing login instead of onboarding (BUG-47) - Add auth.setup + auth.isSetup RPC handlers for password on clean install - Add onboarding methods to UNAUTHENTICATED_METHODS (DID sign 403 fix) - FileBrowser bundled in unbundled ISO, fix auto-login Secure cookie (BUG-46) - Kiosk mode: xorg/chromium in rootfs, toggle script, MOTD instructions - Add Gitea Actions CI/CD workflow for automatic ISO builds Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
48 lines
1.2 KiB
YAML
48 lines
1.2 KiB
YAML
name: Build Archipelago ISO
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build-iso:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 60
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Rust toolchain
|
|
run: |
|
|
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
|
|
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
|
|
|
|
- name: Build backend (release)
|
|
run: cargo build --release --manifest-path core/Cargo.toml
|
|
|
|
- name: Install backend binary
|
|
run: |
|
|
sudo cp core/target/release/archipelago /usr/local/bin/archipelago
|
|
sudo chmod +x /usr/local/bin/archipelago
|
|
|
|
- name: Build frontend
|
|
run: |
|
|
cd neode-ui
|
|
npm ci
|
|
npm run build
|
|
|
|
- name: Build ISO
|
|
run: |
|
|
cd image-recipe
|
|
sudo DEV_SERVER=localhost BUILD_FROM_SOURCE=0 ./build-auto-installer-iso.sh
|
|
env:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
|
|
- name: Upload ISO artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: archipelago-iso
|
|
path: image-recipe/results/*.iso
|
|
retention-days: 30
|