Update to Ubuntu 24.04.3 LTS (Noble Numbat) #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build SecureOS ISO | |
| on: | |
| push: | |
| branches: [ master, main ] | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: # Allow manual trigger | |
| env: | |
| ISO_NAME: SecureOS-1.0.0-amd64.iso | |
| jobs: | |
| build-iso: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Maximize build space | |
| uses: easimon/maximize-build-space@master | |
| with: | |
| root-reserve-mb: 4096 | |
| swap-size-mb: 1024 | |
| remove-dotnet: 'true' | |
| remove-android: 'true' | |
| remove-haskell: 'true' | |
| remove-codeql: 'true' | |
| remove-docker-images: 'true' | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install build dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| debootstrap \ | |
| squashfs-tools \ | |
| xorriso \ | |
| isolinux \ | |
| syslinux-efi \ | |
| grub-pc-bin \ | |
| grub-efi-amd64-bin \ | |
| mtools \ | |
| dosfstools | |
| - name: Build SecureOS ISO | |
| run: | | |
| sudo bash scripts/build_iso.sh | |
| - name: Verify ISO was created | |
| run: | | |
| if [ ! -f "iso-build/${{ env.ISO_NAME }}" ]; then | |
| echo "Error: ISO file not found!" | |
| exit 1 | |
| fi | |
| ls -lh iso-build/ | |
| echo "ISO Size: $(du -h iso-build/${{ env.ISO_NAME }} | cut -f1)" | |
| - name: Generate checksums | |
| run: | | |
| cd iso-build | |
| sha256sum ${{ env.ISO_NAME }} > ${{ env.ISO_NAME }}.sha256 | |
| md5sum ${{ env.ISO_NAME }} > ${{ env.ISO_NAME }}.md5 | |
| cat ${{ env.ISO_NAME }}.sha256 | |
| - name: Upload ISO as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: SecureOS-ISO | |
| path: | | |
| iso-build/${{ env.ISO_NAME }} | |
| iso-build/${{ env.ISO_NAME }}.sha256 | |
| iso-build/${{ env.ISO_NAME }}.md5 | |
| retention-days: 30 | |
| compression-level: 0 # ISO is already compressed | |
| - name: Create Release (on tag) | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: | | |
| iso-build/${{ env.ISO_NAME }} | |
| iso-build/${{ env.ISO_NAME }}.sha256 | |
| iso-build/${{ env.ISO_NAME }}.md5 | |
| body: | | |
| # SecureOS Release ${{ github.ref_name }} | |
| ## Download | |
| Download the ISO file below and verify the checksum before use. | |
| ## Verification | |
| ```bash | |
| sha256sum -c ${{ env.ISO_NAME }}.sha256 | |
| ``` | |
| ## Installation | |
| See [README.md](https://github.com/${{ github.repository }}/blob/master/README.md) for installation instructions. | |
| ## Features | |
| - Full disk encryption (LUKS2) | |
| - Hardened kernel | |
| - AppArmor, UFW firewall, auditd | |
| - Privacy tools: Tor, encrypted DNS | |
| - Automatic security updates | |
| - No telemetry | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |