Experiment with Wolfi as a container for dev.
If you use distrobox:
distrobox create -i ghcr.io/ublue-os/boxkit -n boxkit
distrobox enter boxkit
If you use toolbx:
toolbox create -i ghcr.io/ublue-os/boxkit -c boxkit
toolbox enter boxkit
Use chezmoi to pull down your dotfiles and set up git sync.
These images are signed with sisgstore's cosign. You can verify the signature by downloading the cosign.pub key from this repo and running the following command:
cosign verify --key cosign.pub ghcr.io/ublue-os/boxkit
If you're forking this repo you should read the docs on keeping secrets in github. You need to generate a new keypair with cosign. The public key can be in your public repo (your users need it to check the signatures), and you can paste the private key in Settings -> Secrets -> Actions.