From 7a119a96057da3b8766eab1f4b24258b468f8e61 Mon Sep 17 00:00:00 2001
From: ver4a <ver4a@uncontrol.me>
Date: Tue, 15 Apr 2025 23:58:49 +0200
Subject: [PATCH] Make sure oci-builder originates from current workflow run

---
 .forgejo/workflows/build-image.yaml | 8 ++++++++
 Dockerfile                          | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/.forgejo/workflows/build-image.yaml b/.forgejo/workflows/build-image.yaml
index 5df098b..92f9aaa 100644
--- a/.forgejo/workflows/build-image.yaml
+++ b/.forgejo/workflows/build-image.yaml
@@ -23,6 +23,7 @@ jobs:
           build-args: |
             REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
             NAMESPACE=${{ vars.NAMESPACE }}
+            GITHUB_RUN_ID=${GITHUB_RUN_ID}
 
       - name: 'Log in to registry'
         uses: 'actions/podman-login@v1'
@@ -45,6 +46,9 @@ jobs:
     needs: 'build-oci-builder'
 
     steps:
+      - name: Make sure oci-builder originates from current workflow run
+        run: diff <(echo $GITHUB_RUN_ID) /.github_run_id
+
       - uses: actions/checkout@v4
 
       - name: 'Build image'
@@ -61,6 +65,7 @@ jobs:
           build-args: |
             REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
             NAMESPACE=${{ vars.NAMESPACE }}
+            GITHUB_RUN_ID=${GITHUB_RUN_ID}
 
   release-oci-builder:
     name: 'Release oci-builder'
@@ -68,6 +73,9 @@ jobs:
     needs: 'test-oci-builder'
 
     steps:
+      - name: Make sure oci-builder originates from current workflow run
+        run: diff <(echo $GITHUB_RUN_ID) /.github_run_id
+
       - name: 'Log in to registry'
         uses: 'actions/podman-login@v1'
         with:
diff --git a/Dockerfile b/Dockerfile
index 34db2b6..1c0f4a1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,6 +2,10 @@ FROM registry.fedoraproject.org/fedora-minimal:41
 
 ARG RUNNER_VERSION=6.3.1
 
+ARG GITHUB_RUN_ID
+
+RUN echo $GITHUB_RUN_ID > /.github_run_id
+
 RUN dnf5 -y --setopt install_weak_deps=false install podman buildah skopeo vim setpriv git nodejs22
 
 ENV BUILDAH_ISOLATION=chroot