Add build and release workflow

.github/workflows/build.yaml

@@ -0,0 +1,58 @@
+name: Build
+
+on:
+  pull_request:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/vanilla-os/pico:main
+      volumes:
+        - /proc:/proc
+        - /:/run/host
+      options: --privileged -it
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Install needed packages
+      run: |
+        DEBIAN_FRONTEND=noninteractive apt update
+        DEBIAN_FRONTEND=noninteractive apt install -y \
+          dpkg-dev \
+          build-essential \
+          debhelper-compat \
+          devscripts \
+          wget \
+          git
+        apt-get build-dep -y .
+  
+    - name: Build debian package
+      id: build-deb
+      run: |
+        dpkg-buildpackage -b -rfakeroot -us -uc
+        echo "DEB_FILE=${{ github.event.repository.name }}_$(dpkg-parsechangelog -S version)_$(dpkg-architecture -qDEB_BUILD_ARCH).deb" >> $GITHUB_OUTPUT
+    
+    # - name: Calculate and Save Checksums
+    #   run: |
+    #     sha256sum /__w/${{ github.event.repository.name }}/gnome-control-center.tar.xz >> checksums.txt
+
+    - uses: actions/upload-artifact@v4
+      with:
+        name: ${{ github.event.repository.name }}
+        path: |
+            /__w/${{ github.event.repository.name }}/${{ steps.build-deb.outputs.DEB_FILE }}
+
+    # - uses: softprops/action-gh-release@v2
+    #   if: github.ref == 'refs/heads/main'
+    #   with:
+    #     token: "${{ secrets.GITHUB_TOKEN }}"
+    #     tag_name: "continuous"
+    #     prerelease: true
+    #     name: "Continuous Build"
+    #     files: |
+    #       /__w/gnome-control-center/gnome-control-center.tar.xz
+    #       checksums.txt

.github/workflows/release.yaml

@@ -0,0 +1,140 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  build-artifacts:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/vanilla-os/pico:main
+      volumes:
+        - /proc:/proc
+        - /:/run/host
+      options: --privileged -it
+    permissions:
+      contents: read
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: De-bloat stock image
+      run: |
+        rm -r /run/host/usr/share/dotnet
+        rm -r /run/host${{ runner.tool_cache }}
+
+    - name: Install needed packages
+      run: |
+        DEBIAN_FRONTEND=noninteractive apt update
+        DEBIAN_FRONTEND=noninteractive apt install -y \
+          dpkg-dev \
+          build-essential \
+          debhelper-compat \
+          desktop-file-utils \
+          dh-sequence-gnome \
+          gnome-settings-daemon-dev \
+          gsettings-desktop-schemas-dev \
+          gtk-doc-tools \
+          libaccountsservice-dev \
+          libadwaita-1-dev \
+          libcolord-dev \
+          libcolord-gtk4-dev \
+          libcups2-dev \
+          libgcr-4-dev \
+          libgdk-pixbuf-2.0-dev \
+          libgirepository1.0-dev \
+          libglib2.0-dev \
+          libgnome-bg-4-dev \
+          libgnome-bluetooth-ui-3.0-dev \
+          libgnome-desktop-4-dev \
+          libgnome-rr-4-dev \
+          libgnutls28-dev \
+          libgoa-1.0-dev \
+          libgoa-backend-1.0-dev \
+          libgsound-dev \
+          libgtk-4-dev \
+          libgtop2-dev \
+          libgudev-1.0-dev \
+          libhandy-1-dev \
+          libibus-1.0-dev \
+          libjson-glib-dev \
+          libkrb5-dev \
+          libmalcontent-0-dev \
+          libmm-glib-dev \
+          libnm-dev \
+          libnma-gtk4-dev \
+          libpolkit-gobject-1-dev \
+          libpulse-dev \
+          libpwquality-dev \
+          libsecret-1-dev \
+          libsmbclient-dev \
+          libsoup-3.0-dev \
+          libudisks2-dev \
+          libupower-glib-dev \
+          libwacom-dev \
+          libx11-dev \
+          libxft-dev \
+          libxi-dev \
+          libxklavier-dev \
+          libxml2-dev \
+          libxml2-utils \
+          locales \
+          meson \
+          polkitd \
+          python3-dbusmock \
+          shared-mime-info \
+          tecla \
+          tzdata \
+          xvfb \
+          wget \
+          git
+  
+    - name: Build debian package
+      run: |
+        wget https://github.com/vanilla-os/gnome-control-center/tarball/main
+        mv main ../gnome-control-center_47.1.1~99-orchid-stable.orig.tar.gz
+        dpkg-buildpackage -b -uc -us
+        tar cvf ../gnome-control-center.tar.xz ../*.deb
+    
+    - name: Calculate and Save Checksums
+      run: |
+        sha256sum /__w/gnome-control-center/gnome-control-center.tar.xz >> checksums.txt
+
+    - uses: actions/upload-artifact@v4
+      with:
+        name: gnome-control-center
+        path: |
+            checksums.txt
+            /__w/gnome-control-center/gnome-control-center.tar.xz
+
+  release:
+    runs-on: ubuntu-latest
+    needs: build-artifacts
+    permissions:
+      contents: write # to create and upload assets to releases
+      attestations: write # to upload assets attestation for build provenance
+      id-token: write # grant additional permission to attestation action to mint the OIDC token permission
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Download Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: gnome-control-center
+
+      - name: Create Release
+        env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gh release create "${{ github.ref_name }}" --generate-notes *.tar.xz gnome-control-center/checksums.txt
+
+      - name: Attest Release Files
+        id: attest
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: '*.tar.xz, gnome-control-center/*.txt'