fixup! release: build unsigned Ubuntu .deb package

Currently, we target whatever GitHub Actions use as `ubuntu-latest`; This, however, led to the unintentional requirement in v2.47.2.vfs.0.0 to run Ubuntu 24.04 (up from 22.04 in v2.47.1.vfs.0.1). It is important to target a wider audience, though, especially in light of CVE-2024-52005 which is only addressed in Git for Windows and `microsoft/git`, but not Git. We could now go back to 22.04; This would only be a temporary band-aid, https://github.blog/changelog/2025-01-15-github-actions-ubuntu-20-runner-image-brownout-dates-and-other-breaking-changes/ already announced that 20.04 is phased out very soon, and 22.04 will be next. Let's just use a Docker container instead that targets the oldest Ubuntu LTS that is still maintained in _some_ shape or form. We still verify in `validate-installers` that the resulting binary installs and works on the latest Ubuntu version by virtue of using `runs-on: ubuntu-latest` in _that_ matrix job. Signed-off-by: Johannes Schindelin <[email protected]>
microsoft · Jan 17, 2025 · 3162433 · 3162433
1 parent fc6ff02
commit 3162433
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/.github/workflows/build-git-installers.yml b/.github/workflows/build-git-installers.yml
@@ -493,6 +493,8 @@ jobs:
   # Build and sign Debian package
   create-linux-artifacts:
     runs-on: ubuntu-latest
+    container:
+      image: ubuntu:16.04 # expanded security maintenance until 04/02/2026, according to https://endoflife.date/ubuntu
     needs: prereqs
     environment: release
     steps: