Create and configure your repository¶
1. Fork the repository¶
GitHub users can only create one fork per repository. You can also "Use this template", but then you'll have to manage syncing with the template yourself.
2. Change repository settings on GitHub¶
Create a new branch called
live for all your changes. You should never modify the
template branch. All branches are built to make debugging easier, but only images built from the
live branch are published.
You should periodically sync changes from
ublue-os/startingpoint:template into your repo's
template branch. Then, to get the updates into your customized
live branch, you can either rebase it on top of
template, or create a merge-commit with the latest changes from
In the "Settings" tab of your repository, uncheck "Template repository" and change the default branch to the new
In the "Actions" tab of your repository, enable the workflows.
Optionally, you can install the Semantic PRs GitHub app if you want to enforce nice commit messages.
3. Set up container signing¶
Container signing is important for end-user security and is enabled on all Universal Blue images. It is highly recommended you set this up, and by default the image builds will fail if you don't.
This part is important, as users must have a method of verifying the image. The Linux desktop must not lag behind in cloud when it comes to supply chain security, so we're starting right from the start! (Seriously don't skip this part)
Be careful to never accidentally commit
cosign.key into your git repo.
Install the cosign CLI tool
- It's recommended you use a toolbox.
inside your repo folder - Do NOT put in a password when it asks you to, just press enter. The signing key will be used in GitHub Actions and will not work if it is encrypted.
Add the private key to GitHub
This can also be done manually. Go to your repository settings, under Secrets and Variables -> Actions Add a new secret and name it
SIGNING_SECRET, then paste the contents of
cosign.keyinto the secret and save it. Make sure it's the .key file and not the .pub file. Once done, it should look like this:
(CLI instructions) If you have the
gh secret set SIGNING_SECRET < cosign.key
cosign.pubfile into your git repository
4. Initial modification¶
Change the image
name: in the recipe. This is what your image will be called when it's uploaded to your container repository. Your image should start building once the change is committed and pushed.
It is also recommended to change references of
ublue-os/startingpoint in the
README.md to your username and image name, change the main title to your images name, and add a short description like "This is my personal image based on Vauxite".