Reorganize static config to top #159

	name: bluebuild
	on:
	schedule:
	- cron:
	"05 06 * * *" # build at 06:05 UTC every day
	# (25 minutes after last ublue images start building)
	push:
	paths-ignore:
	- "**.md"
	- "build-isos"
	- "**/trivy.yml"
	workflow_dispatch:
	env:
	REPO_OWNER: ${{ github.repository_owner }}
	jobs:
	bluebuild:
	name: Build Custom Image
	runs-on: ubuntu-24.04
	permissions:
	contents: write
	packages: write
	id-token: write
	strategy:
	fail-fast: false
	matrix:
	package:
	- aubertit
	- borealis
	- buttgenbachit
	- carbonatcyanotrichit
	- flaviramea
	steps:
	- name: Build Custom Image
	uses: blue-build/github-action@v1.6
	with:
	recipe: recipe-${{ matrix.package }}.yml
	cosign_private_key: ${{ secrets.SIGNING_SECRET }}
	registry_token: ${{ github.token }}
	pr_event_number: ${{ github.event.number }}
	maximize_build_space: yes

	- name: Force repository owner to lowercase
	run: echo "IMAGE_REF=ghcr.io/${REPO_OWNER@L}/${{ matrix.package }}" >> ${GITHUB_ENV}

	- name: Generate SBOM for Custom Image with Trivy
	uses: aquasecurity/trivy-action@0.24.0
	with:
	image-ref: "${{ env.IMAGE_REF }}"
	scan-type: image
	format: "github"
	output: "${{ matrix.package }}-dependency-results.sbom.json"
	github-pat: ${{ secrets.GITHUB_TOKEN }}
	severity: "MEDIUM,HIGH,CRITICAL"
	scanners: "vuln"
	env:
	TRIVY_USERNAME: ${{ github.actor }}
	TRIVY_PASSWORD: ${{ github.token }}

	- name: Upload trivy report as a Github artifact
	uses: actions/upload-artifact@v4
	with:
	name: ${{ matrix.package }}-trivy-sbom-report
	path: "${{ github.workspace }}/${{ matrix.package }}-dependency-results.sbom.json"
	retention-days: 21

Provide feedback