From a307a5552b033fc4de1d2e46923fe11d5a315792 Mon Sep 17 00:00:00 2001 From: Mauro Morales Date: Mon, 9 Oct 2023 14:19:02 +0200 Subject: [PATCH] Refactor flavors and dockerfiles Fixes #1898 Signed-off-by: Dimitris Karakasilis --- .github/flavors-arm.json | 43 -- .github/flavors.json | 399 +++++++++++++++- .github/workflows/image-arm-pr.yaml | 8 +- .github/workflows/image-arm.yaml | 22 +- .github/workflows/image-pr.yaml | 26 +- .github/workflows/image.yaml | 157 ++++-- .github/workflows/release-arm.yaml | 4 +- .github/workflows/release.yaml | 30 +- .github/workflows/reusable-build-flavor.yaml | 75 ++- .../reusable-build-framework-flavor.yaml | 5 +- .../workflows/reusable-build-provider.yaml | 36 +- .../workflows/reusable-docker-arm-build.yaml | 31 +- .../workflows/reusable-encryption-test.yaml | 7 +- .github/workflows/reusable-install-test.yaml | 7 +- .../workflows/reusable-provider-tests.yaml | 9 +- ...reusable-provider-upgrade-latest-test.yaml | 7 +- .../reusable-qemu-acceptance-test.yaml | 7 +- .../workflows/reusable-qemu-bundles-test.yaml | 7 +- .../workflows/reusable-qemu-netboot-test.yaml | 24 +- .../workflows/reusable-qemu-reset-test.yaml | 7 +- .../reusable-upgrade-latest-test.yaml | 7 +- .../reusable-upgrade-with-cli-test.yaml | 9 +- .github/workflows/reusable-zfs-test.yaml | 7 +- .github/workflows/uki.yaml | 14 +- Earthfile | 450 +++++++++++------- framework-profile.yaml | 56 +-- images/Dockerfile.alpine | 4 +- images/Dockerfile.debian | 5 +- ...idia-jetson-agx-orin => Dockerfile.nvidia} | 0 images/Dockerfile.opensuse-leap | 3 +- images/Dockerfile.opensuse-tumbleweed | 3 +- images/Dockerfile.ubuntu | 106 +++-- naming.sh | 107 +++++ 33 files changed, 1252 insertions(+), 430 deletions(-) delete mode 100644 .github/flavors-arm.json rename images/{Dockerfile.ubuntu-20-lts-arm-nvidia-jetson-agx-orin => Dockerfile.nvidia} (100%) create mode 100755 naming.sh diff --git a/.github/flavors-arm.json b/.github/flavors-arm.json deleted file mode 100644 index 210ee0eb8f..0000000000 --- a/.github/flavors-arm.json +++ /dev/null @@ -1,43 +0,0 @@ -[ - { - "flavor": "opensuse-leap-arm-rpi", - "model": "rpi4", - "worker": "ubuntu-latest", - "standard": "true" - }, - { - "flavor": "opensuse-tumbleweed-arm-rpi", - "model": "rpi4", - "worker": "ubuntu-latest", - "standard": "true" - }, - { - "flavor": "alpine-arm-rpi", - "model": "rpi4", - "worker": "ubuntu-latest", - "standard": "true" - }, - { - "flavor": "ubuntu-arm-rpi", - "model": "rpi4", - "worker": "ubuntu-latest", - "standard": "true" - }, - { - "flavor": "ubuntu-20-lts-arm-rpi", - "model": "rpi4", - "worker": "ubuntu-latest", - "standard": "true" - }, - { - "flavor": "ubuntu-22-lts-arm-rpi", - "model": "rpi4", - "worker": "ubuntu-latest", - "standard": "true" - }, - { - "flavor": "ubuntu-20-lts-arm-nvidia-jetson-agx-orin", - "model": "none", - "worker": "fast" - } -] diff --git a/.github/flavors.json b/.github/flavors.json index 10dbb1c9bf..06d845004a 100644 --- a/.github/flavors.json +++ b/.github/flavors.json @@ -1,49 +1,412 @@ [ { - "flavor": "opensuse-leap", - "standard": "true" + "family": "opensuse-leap", + "flavor": "opensuse", + "flavorRelease": "leap-15.5", + "variant": "standard", + "model": "generic", + "baseImage": "opensuse/leap:15.5", + "arch": "amd64", + "worker": "self-hosted" }, { - "flavor": "opensuse-tumbleweed", - "standard": "true" + "family": "opensuse-leap", + "flavor": "opensuse", + "flavorRelease": "leap-15.5", + "variant": "core", + "model": "generic", + "baseImage": "opensuse/leap:15.5", + "arch": "amd64", + "worker": "self-hosted" }, { + "family": "opensuse-leap", + "flavor": "opensuse", + "flavorRelease": "leap-15.5", + "variant": "standard", + "model": "rpi4", + "baseImage": "opensuse/leap:15.5", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "opensuse-leap", + "flavor": "opensuse", + "flavorRelease": "leap-15.5", + "variant": "core", + "model": "rpi4", + "baseImage": "opensuse/leap:15.5", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "opensuse-leap", + "flavor": "opensuse", + "flavorRelease": "leap-15.5", + "variant": "core", + "model": "generic", + "baseImage": "opensuse/leap:15.5", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "opensuse-tumbleweed", + "flavor": "opensuse", + "flavorRelease": "tumbleweed", + "variant": "standard", + "model": "generic", + "baseImage": "opensuse/tumbleweed", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "opensuse-tumbleweed", + "flavor": "opensuse", + "flavorRelease": "tumbleweed", + "variant": "core", + "model": "generic", + "baseImage": "opensuse/tumbleweed", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "opensuse-tumbleweed", + "flavor": "opensuse", + "flavorRelease": "tumbleweed", + "variant": "standard", + "model": "rpi4", + "baseImage": "opensuse/tumbleweed", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "opensuse-tumbleweed", + "flavor": "opensuse", + "flavorRelease": "tumbleweed", + "variant": "core", + "model": "rpi4", + "baseImage": "opensuse/tumbleweed", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "20.04", + "variant": "standard", + "model": "generic", + "baseImage": "ubuntu:20.04", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "20.04", + "variant": "core", + "model": "generic", + "baseImage": "ubuntu:20.04", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "20.04", + "variant": "standard", + "model": "rpi4", + "baseImage": "ubuntu:20.04", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "ubuntu", "flavor": "ubuntu", - "standard": "true" + "flavorRelease": "20.04", + "variant": "core", + "model": "rpi4", + "baseImage": "ubuntu:20.04", + "arch": "arm64", + "worker": "ubuntu-latest" }, { - "flavor": "ubuntu-20-lts", - "standard": "true" + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "22.04", + "variant": "standard", + "model": "generic", + "baseImage": "ubuntu:22.04", + "arch": "amd64", + "worker": "self-hosted" }, { - "flavor": "fips-systemd", - "frameworkonly": "true" + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "22.04", + "variant": "core", + "model": "generic", + "baseImage": "ubuntu:22.04", + "arch": "amd64", + "worker": "self-hosted" }, { - "flavor": "ubuntu-22-lts", - "standard": "true" + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "22.04", + "variant": "standard", + "model": "rpi4", + "baseImage": "ubuntu:22.04", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "22.04", + "variant": "core", + "model": "rpi4", + "baseImage": "ubuntu:22.04", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "23.04", + "variant": "standard", + "model": "generic", + "baseImage": "ubuntu:23.04", + "arch": "amd64", + "worker": "self-hosted" }, { + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "23.04", + "variant": "core", + "model": "generic", + "baseImage": "ubuntu:23.04", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "23.04", + "variant": "standard", + "model": "rpi4", + "baseImage": "ubuntu:23.04", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "23.04", + "variant": "core", + "model": "rpi4", + "baseImage": "ubuntu:23.04", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "ubuntu", + "flavor": "ubuntu", + "flavorRelease": "23.04", + "variant": "core", + "model": "generic", + "baseImage": "ubuntu:23.04", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "alpine", + "flavor": "alpine", + "flavorRelease": "3.18", + "variant": "standard", + "model": "generic", + "baseImage": "alpine:3.18", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "alpine", + "flavor": "alpine", + "flavorRelease": "3.18", + "variant": "core", + "model": "generic", + "baseImage": "alpine:3.18", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "alpine", + "flavor": "alpine", + "flavorRelease": "3.18-ubuntu", + "variant": "standard", + "model": "generic", + "baseImage": "alpine:3.18", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "alpine", "flavor": "alpine", - "standard": "true" + "flavorRelease": "3.18-ubuntu", + "variant": "core", + "model": "generic", + "baseImage": "alpine:3.18", + "arch": "amd64", + "worker": "self-hosted" }, { - "flavor": "alpine-opensuse-leap", - "standard": "true" + "family": "alpine", + "flavor": "alpine", + "flavorRelease": "3.18-opensuse-leap", + "variant": "standard", + "model": "generic", + "baseImage": "alpine:3.18", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "alpine", + "flavor": "alpine", + "flavorRelease": "3.18-opensuse-leap", + "variant": "core", + "model": "generic", + "baseImage": "alpine:3.18", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "alpine", + "flavor": "alpine", + "flavorRelease": "3.18-opensuse-leap", + "variant": "standard", + "model": "rpi4", + "baseImage": "alpine:3.18", + "arch": "arm64", + "worker": "ubuntu-latest" + }, + { + "family": "alpine", + "flavor": "alpine", + "flavorRelease": "3.18-opensuse-leap", + "variant": "core", + "model": "rpi4", + "baseImage": "alpine:3.18", + "arch": "arm64", + "worker": "ubuntu-latest" }, { + "family": "fedora", "flavor": "fedora", - "standard": "true" + "flavorRelease": "38", + "variant": "standard", + "model": "generic", + "baseImage": "fedora:38", + "arch": "amd64", + "worker": "self-hosted" }, { + "family": "fedora", + "flavor": "fedora", + "flavorRelease": "38", + "variant": "core", + "model": "generic", + "baseImage": "fedora:38", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "debian", + "flavor": "debian", + "flavorRelease": "testing", + "variant": "standard", + "model": "generic", + "baseImage": "debian:testing", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "debian", + "flavor": "debian", + "flavorRelease": "testing", + "variant": "core", + "model": "generic", + "baseImage": "debian:testing", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "debian", + "flavor": "debian", + "flavorRelease": "bookworm", + "variant": "standard", + "model": "generic", + "baseImage": "debian:bookworm-slim", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "debian", "flavor": "debian", - "standard": "true" + "flavorRelease": "bookworm", + "variant": "core", + "model": "generic", + "baseImage": "debian:bookworm-slim", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "rockylinux", + "flavor": "rockylinux", + "flavorRelease": "9", + "variant": "standard", + "model": "generic", + "baseImage": "rockylinux:9", + "arch": "amd64", + "worker": "self-hosted" }, { + "family": "rockylinux", "flavor": "rockylinux", - "standard": "true" + "flavorRelease": "9", + "variant": "core", + "model": "generic", + "baseImage": "rockylinux:9", + "arch": "amd64", + "worker": "self-hosted" }, { - "flavor": "almalinux" + "family": "almalinux", + "flavor": "almalinux", + "flavorRelease": "9", + "variant": "standard", + "model": "generic", + "baseImage": "almalinux:9", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "almalinux", + "flavor": "almalinux", + "flavorRelease": "9", + "variant": "core", + "model": "generic", + "baseImage": "almalinux:9", + "arch": "amd64", + "worker": "self-hosted" + }, + { + "family": "nvidia", + "flavor": "ubuntu", + "flavorRelease": "20.04", + "variant": "core", + "model": "nvidia-jetson-agx-orin", + "baseImage": "ubuntu:20.04", + "arch": "arm64", + "worker": "fast" } ] diff --git a/.github/workflows/image-arm-pr.yaml b/.github/workflows/image-arm-pr.yaml index 56c8feb56a..b5b54f0ef2 100644 --- a/.github/workflows/image-arm-pr.yaml +++ b/.github/workflows/image-arm-pr.yaml @@ -16,11 +16,17 @@ jobs: uses: ./.github/workflows/reusable-docker-arm-build.yaml with: flavor: ubuntu + flavor_release: "23.04" + family: ubuntu + base_image: ubuntu:23.04 model: rpi4 worker: fast docker-alpine: uses: ./.github/workflows/reusable-docker-arm-build.yaml with: - flavor: alpine-arm-rpi + flavor: alpine + flavor_release: "3.18" + family: alpine + base_image: alpine:3.28 model: rpi4 worker: fast diff --git a/.github/workflows/image-arm.yaml b/.github/workflows/image-arm.yaml index 489df53535..0a637861b0 100644 --- a/.github/workflows/image-arm.yaml +++ b/.github/workflows/image-arm.yaml @@ -22,7 +22,7 @@ jobs: git fetch --prune --unshallow - id: set-matrix run: | - content=`cat ./.github/flavors-arm.json` + content=`cat ./.github/flavors.json | jq -r 'map(select(.arch == "arm64" and .variant == "standard" and .model != "generic"))'` # the following lines are only required for multi line json content="${content//'%'/'%25'}" content="${content//$'\n'/'%0A'}" @@ -49,7 +49,7 @@ jobs: # Construct an array like this from the found versions: sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq '.packages | map(.version) | unique' > k3s_versions.json # Create a combination of flavors and k3s versions. - content=$(jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}] | map(select(.frameworkonly != "true")) | map(select(.standard == "true"))' .github/flavors-arm.json k3s_versions.json) + content=$(jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}] | map(select(.arch == "arm64" and .variant == "standard" and .model != "generic"))' .github/flavors.json k3s_versions.json) # the following lines are only required for multi line json content="${content//'%'/'%25'}" content="${content//$'\n'/'%0A'}" @@ -62,7 +62,10 @@ jobs: secrets: inherit with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} + family: ${{ matrix.family }} model: ${{ matrix.model }} + base_image: ${{ matrix.baseImage }} worker: ${{ matrix.worker }} needs: - get-core-matrix @@ -74,14 +77,13 @@ jobs: uses: ./.github/workflows/reusable-image-and-iso-arm-generic.yaml secrets: inherit with: - flavor: ${{ matrix.flavor }} - needs: - - get-core-matrix - strategy: - fail-fast: false - matrix: - flavor: - - "opensuse-leap" + flavor: "opensuse" + flavor_release: "leap-15.5" + family: opensuse + model: generic + arch: arm64 + base_image: opensuse/leap:15.5 + variant: core notify: runs-on: ubuntu-latest diff --git a/.github/workflows/image-pr.yaml b/.github/workflows/image-pr.yaml index 96c14b14e6..1775795bdf 100644 --- a/.github/workflows/image-pr.yaml +++ b/.github/workflows/image-pr.yaml @@ -1,4 +1,3 @@ -name: Build and test PRs on: pull_request: paths: @@ -14,16 +13,29 @@ jobs: uses: ./.github/workflows/reusable-build-flavor.yaml with: flavor: ubuntu + flavor_release: "23.04" + family: ubuntu + base_image: ubuntu:23.04 + model: generic + variant: core + arch: amd64 core-alpine: uses: ./.github/workflows/reusable-build-flavor.yaml with: flavor: alpine + flavor_release: "3.18" + family: alpine + base_image: alpine:3.18 + model: generic + variant: core + arch: amd64 install: uses: ./.github/workflows/reusable-install-test.yaml with: flavor: ubuntu + flavor_release: "23.04" needs: - core @@ -38,6 +50,7 @@ jobs: uses: ./.github/workflows/reusable-zfs-test.yaml with: flavor: ubuntu + flavor_release: "23.04" needs: - core @@ -45,6 +58,7 @@ jobs: uses: ./.github/workflows/reusable-qemu-acceptance-test.yaml with: flavor: ubuntu + flavor_release: "23.04" needs: - core @@ -59,6 +73,7 @@ jobs: uses: ./.github/workflows/reusable-qemu-bundles-test.yaml with: flavor: ubuntu + flavor_release: "23.04" needs: - core @@ -66,6 +81,7 @@ jobs: uses: ./.github/workflows/reusable-qemu-reset-test.yaml with: flavor: ubuntu + flavor_release: "23.04" needs: - core @@ -80,6 +96,11 @@ jobs: uses: ./.github/workflows/reusable-qemu-netboot-test.yaml with: flavor: ubuntu + flavor_release: "23.04" + family: ubuntu + base_image: ubuntu:23.04 + model: generic + variant: core needs: - core @@ -94,6 +115,7 @@ jobs: uses: ./.github/workflows/reusable-upgrade-with-cli-test.yaml with: flavor: ubuntu + flavor_release: "23.04" needs: - core @@ -108,6 +130,7 @@ jobs: uses: ./.github/workflows/reusable-upgrade-latest-test.yaml with: flavor: ubuntu + flavor_release: "23.04" needs: - core @@ -123,6 +146,7 @@ jobs: uses: ./.github/workflows/reusable-encryption-test.yaml with: flavor: ubuntu + flavor_release: "23.04" label: ${{ matrix.label }} needs: - core diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index c10cdc69ca..8951374f4c 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -1,5 +1,8 @@ name: Build and test images on: + pull_request: + paths: + - '**' push: branches: - master @@ -12,7 +15,7 @@ concurrency: env: FORCE_COLOR: 1 jobs: - get-matrix: + get-core-matrix: runs-on: ubuntu-latest outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} @@ -23,7 +26,7 @@ jobs: sudo apt update && sudo apt install -y jq - id: set-matrix run: | - content=`cat .github/flavors.json | jq 'map(select(.frameworkonly != "true"))'` + content=`cat .github/flavors.json | jq 'map(select(.variant == "core"))'` # the following lines are only required for multi line json # the following lines are only required for multi line json content="${content//'%'/'%25'}" @@ -58,11 +61,17 @@ jobs: secrets: inherit with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} + family: ${{ matrix.family }} + base_image: ${{ matrix.baseImage }} + model: ${{ matrix.model }} + variant: ${{ matrix.variant }} + arch: ${{ matrix.arch }} needs: - - get-matrix + - get-core-matrix strategy: fail-fast: false - matrix: ${{fromJson(needs.get-matrix.outputs.matrix)}} + matrix: ${{fromJson(needs.get-core-matrix.outputs.matrix)}} framework: uses: ./.github/workflows/reusable-build-framework-flavor.yaml secrets: inherit @@ -77,17 +86,20 @@ jobs: uses: ./.github/workflows/reusable-install-test.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} needs: - core strategy: fail-fast: true matrix: include: - - flavor: opensuse-leap + - flavor: opensuse + flavorRelease: leap-15.5 zfs: uses: ./.github/workflows/reusable-zfs-test.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} needs: - core strategy: @@ -95,10 +107,12 @@ jobs: matrix: include: - flavor: "ubuntu" + flavorRelease: "23.04" acceptance: uses: ./.github/workflows/reusable-qemu-acceptance-test.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} needs: - core strategy: @@ -106,27 +120,37 @@ jobs: matrix: include: - flavor: "alpine" - - flavor: "opensuse-leap" - - flavor: "opensuse-tumbleweed" + flavorRelease: "3.18" + - flavor: "opensuse" + flavorRelease: "leap-15.5" + - flavor: "opensuse" + flavorRelease: "tumbleweed" - flavor: "ubuntu" + flavorRelease: "23.04" - flavor: "debian" - - flavor: "ubuntu-20-lts" + flavorRelease: "testing" + - flavor: "ubuntu" + flavorRelease: "20.04" - flavor: "ubuntu-22-lts" + flavorRelease: "22.04" bundles: uses: ./.github/workflows/reusable-qemu-bundles-test.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} needs: - core strategy: fail-fast: false matrix: include: - - flavor: opensuse-tumbleweed # Kubo test needs systemd version 252+ which atm is not available in Leap + - flavor: opensuse # Kubo test needs systemd version 252+ which atm is not available in Leap + flavorRelease: opensuse reset: uses: ./.github/workflows/reusable-qemu-reset-test.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} needs: - core strategy: @@ -134,11 +158,26 @@ jobs: matrix: include: - flavor: alpine - - flavor: opensuse-leap + flavorRelease: "3.18" + family: alpine + base_image: alpine:3.18 + model: generic + variant: core + - flavor: opensuse + flavorRelease: leap-15.5 + family: opensuse-leap + base_image: opensuse/leap:15.5 + model: generic + variant: core netboot: uses: ./.github/workflows/reusable-qemu-netboot-test.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} + family: ${{ matrix.family }} + model: ${{ matrix.model }} + variant: ${{ matrix.variant }} + base_image: ${{ matrix.baseImage }} needs: - core strategy: @@ -146,13 +185,28 @@ jobs: matrix: include: - flavor: alpine - - flavor: opensuse-leap + flavorRelease: "3.18" + family: alpine + variant: core + model: generic + baseImage: alpine:3.18 + - flavor: opensuse + flavorRelease: leap-15.5 + family: opensuse-leap + variant: core + model: generic + baseImage: opensuse/leap:15.5 - flavor: ubuntu + flavorRelease: "23.04" + family: ubuntu + variant: core + model: generic + baseImage: ubuntu/23.04 upgrade: uses: ./.github/workflows/reusable-upgrade-with-cli-test.yaml with: flavor: ${{ matrix.flavor }} - + flavor_release: ${{ matrix.flavorRelease }} needs: - core strategy: @@ -160,11 +214,14 @@ jobs: matrix: include: - flavor: alpine - - flavor: opensuse-leap + flavorRelease: "3.18" + - flavor: opensuse + flavorRelease: leap-15.5 upgrade-latest: uses: ./.github/workflows/reusable-upgrade-latest-test.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} needs: - core strategy: @@ -172,14 +229,14 @@ jobs: matrix: include: - flavor: alpine - - flavor: opensuse-leap - # - flavor: "ubuntu" - # - flavor: "ubuntu" - # - flavor: "ubuntu" + flavorRelease: "3.18" + - flavor: opensuse + flavorRelease: leap-15.5 encryption: uses: ./.github/workflows/reusable-encryption-test.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} label: ${{ matrix.label }} needs: - core @@ -193,21 +250,37 @@ jobs: - "remote-https-pinned" - "remote-https-bad-cert" flavor: - - "opensuse-leap" + - "opensuse" + flavorRelease: + - "leap-15.5" standard: uses: ./.github/workflows/reusable-build-provider.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} + family: ${{ matrix.family }} + base_image: ${{ matrix.baseImage }} + variant: standard + model: generic + arch: amd64 strategy: fail-fast: false matrix: - flavor: - - "opensuse-leap" - - "alpine-opensuse-leap" + include: + - flavor: opensuse + flavorRelease: leap-15.5 + family: opensuse-leap + baseImage: opensuse/leap:15.5 + - flavor: alpine + flavorRelease: "3.18" + family: alpine + baseImage: alpine:3.18 + various: uses: ./.github/workflows/reusable-provider-tests.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} label: ${{ matrix.label }} needs: - standard @@ -215,32 +288,42 @@ jobs: fail-fast: false max-parallel: 2 matrix: - label: - - "provider-qrcode-install" - - "provider-upgrade" - - "provider-decentralized-k8s" - - "provider-upgrade-k8s" - flavor: - - "opensuse-leap" - - "alpine-opensuse-leap" - exclude: # looks like only the k8s stuff is tested on both flavors - - label: "provider-qrcode-install" - flavor: "alpine-opensuse-leap" - - label: "provider-upgrade" - flavor: "alpine-opensuse-leap" + include: + - flavor: "opensuse" + flavorRelease: "leap/15.5" + label: "provider-qrcode-install" + - flavor: "opensuse" + flavorRelease: "leap/15.5" + label: "provider-upgrade" + - flavor: "opensuse" + flavorRelease: "leap/15.5" + label: "provider-decentralized-k8s" + - flavor: "opensuse" + flavorRelease: "leap/15.5" + label: "provider-upgrade-k8s" + - flavor: "alpine" + flavorRelease: "3.18" + label: "provider-decentralized-k8s" + - flavor: "alpine" + flavorRelease: "3.18" + label: "provider-upgrade-k8s" standard-upgrade-latest: uses: ./.github/workflows/reusable-provider-upgrade-latest-test.yaml with: flavor: ${{ matrix.flavor }} + flavor_release: ${{ matrix.flavorRelease }} needs: - standard strategy: fail-fast: false max-parallel: 2 matrix: - flavor: - - "opensuse-leap" - - "alpine-opensuse-leap" + include: + - flavor: "opensuse" + flavorRelease: "leap-15.5" + - flavor: "alpine" + flavorRelease: "3.18" + test-uki: runs-on: kvm steps: diff --git a/.github/workflows/release-arm.yaml b/.github/workflows/release-arm.yaml index 86aa174a08..3d668476f0 100644 --- a/.github/workflows/release-arm.yaml +++ b/.github/workflows/release-arm.yaml @@ -14,7 +14,7 @@ jobs: fetch-depth: 0 - id: set-matrix run: | - content=`cat ./.github/flavors-arm.json` + content=`cat ./.github/flavors.json | map(select(.arch == "arm64"))` # the following lines are only required for multi line json content="${content//'%'/'%25'}" content="${content//$'\n'/'%0A'}" @@ -41,7 +41,7 @@ jobs: # Construct an array like this from the found versions: sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq '.packages | map(.version) | unique' > k3s_versions.json # Create a combination of flavors and k3s versions. - content=$(jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}] | map(select(.frameworkonly != "true")) | map(select(.standard == "true"))' .github/flavors-arm.json k3s_versions.json) + content=$(jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}] | map(select(.variant == "standard" and .arch == "arm64"))' .github/flavors.json k3s_versions.json) # the following lines are only required for multi line json content="${content//'%'/'%25'}" content="${content//$'\n'/'%0A'}" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3a5fab1510..40b14bfa19 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,7 +19,7 @@ jobs: sudo apt update && sudo apt install -y jq - id: set-matrix run: | - content=`cat .github/flavors.json | jq 'map(select(.frameworkonly != "true"))'` + content=`cat .github/flavors.json` # the following lines are only required for multi line json content="${content//'%'/'%25'}" content="${content//$'\n'/'%0A'}" @@ -45,7 +45,7 @@ jobs: sudo mv luet /usr/bin/luet # Construct an array like this from the found versions: sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq '.packages | map(.version) | unique' > k3s_versions.json - content=$(jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}] | map(select(.frameworkonly != "true")) | map(select(.standard == "true"))' .github/flavors.json k3s_versions.json) + content=$(jq -s '. | [combinations | .[0] + {"k3s_version": .[1]}] | map(select(.variant == "standard"))' .github/flavors.json k3s_versions.json) # the following lines are only required for multi line json content="${content//'%'/'%25'}" content="${content//$'\n'/'%0A'}" @@ -64,7 +64,9 @@ jobs: fetch-depth: 0 - id: set-matrix run: | - content=`cat .github/flavors.json` + # TODO: Decide what framework images we need to build + # https://github.com/kairos-io/kairos/issues/1896 + content=`cat .github/flavors.json | jq '. + [{"flavor":"fips","flavorRelease":"systemd"}]'` # the following lines are only required for multi line json content="${content//'%'/'%25'}" content="${content//$'\n'/'%0A'}" @@ -96,8 +98,6 @@ jobs: - name: Login to Quay Registry run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io - name: Build 🔧 - env: - FLAVOR: ${{ matrix.flavor }} run: | # Configure earthly to use the docker mirror in CI # https://docs.earthly.dev/ci-integration/pull-through-cache#configuring-earthly-to-use-the-cache @@ -111,7 +111,7 @@ jobs: insecure = true http = true EOF - earthly +build-framework-image --FLAVOR=${FLAVOR} + earthly +build-framework-image --FLAVOR=${{ matrix.flavor }} --FLAVOR_RELEASE=${{ matrix.flavorRelease }} - name: Push to quay env: COSIGN_YES: true @@ -183,8 +183,24 @@ jobs: - name: Build 🔧 env: FLAVOR: ${{ matrix.flavor }} + FLAVOR_RELEASE: ${{ matrix.flavorRelease }} + FAMILY: ${{ matrix.family }} + ARTIFACT: ${{ matrix.artifact }} + VARIANT: ${{ matrix.variant }} + MODEL: ${{ matrix.model }} + BASE_IMAGE: ${{ matrix.baseImage }} + # TODO: Create a reusable script/workflow/something that generates the artifact name + # TODO: Use the naming.sh script run: | - earthly +all --VARIANT=core --FLAVOR=$FLAVOR + earthly +all \ + --VARIANT=${{ matrix.variant }} \ + --FAMILY=${{ matrix.family }} \ + --FLAVOR=${{ matrix.flavor }} \ + --FLAVOR=${{ matrix.flavorRelease }} \ + --MODEL=${{ matrix.model }} \ + --BASE_IMAGE=${{ matrix.baseImage }} \ + --IMAGE=quay.io/kairos/${{ matrix.variant }}-${{ inputs.flavor }}-${{ matrix.model }}:latest + sudo mv build release - name: Push to quay env: diff --git a/.github/workflows/reusable-build-flavor.yaml b/.github/workflows/reusable-build-flavor.yaml index 4d48c98108..ad4078cc5e 100644 --- a/.github/workflows/reusable-build-flavor.yaml +++ b/.github/workflows/reusable-build-flavor.yaml @@ -6,6 +6,24 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string + family: + required: true + type: string + base_image: + required: true + type: string + model: + required: true + type: string + variant: + required: true + type: string + arch: + required: true + type: string jobs: build: @@ -72,19 +90,41 @@ jobs: - name: Build PR 🔧 if: ${{ github.event_name == 'pull_request' }} env: - FLAVOR: ${{ inputs.flavor }} - IMAGE: quay.io/kairos/core-${{ inputs.flavor }}:latest + VERSION: latest run: | - earthly +ci --SECURITY_SCANS=false --VARIANT=core --IMAGE=$IMAGE --FLAVOR=$FLAVOR + # Desired artifact names: + # container image: quay.io/kairos/ubuntu:22.04-core-amd64-generic-v2.4.0 + # iso: kairos-ubuntu-20.04-core-amd64-generic-v2.4.1-ipxe.iso + # + # TODO: + # - New branch: + # - Merge alma, rocky, fedora to one family dockerfile + # - Move rest of logic from Earthfile to Dockerfiles + # - Create a reusable worflow that simply calls docker build passing the required build-args + # - Delete the earthly base-image target and force the use of the above workflow anywhere needed + # - Make all remaining earthly targets to use a pre-cooked KAIROS_IMAGE rather than calling +base-image + earthly --platform=linux/${{ inputs.arch }} +ci \ + --SECURITY_SCANS=false \ + --VARIANT=${{ inputs.variant }} \ + --FLAVOR=${{ inputs.flavor }} \ + --FLAVOR_RELEASE=${{ inputs.flavor_release }} \ + --BASE_IMAGE=${{ inputs.base_image }} \ + --MODEL=${{ inputs.model }} \ + --FAMILY=${{ inputs.family }} sudo mv build/* . sudo rm -rf build - name: Build master 🔧 if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} - env: - FLAVOR: ${{ inputs.flavor }} - IMAGE: quay.io/kairos/core-${{ inputs.flavor }}:latest run: | - earthly +ci --VARIANT=core --IMAGE=$IMAGE --FLAVOR=$FLAVOR + earthly --platform=linux/${{ inputs.arch }} +ci \ + --SECURITY_SCANS=false \ + --VARIANT=${{ inputs.variant }} \ + --FLAVOR=${{ inputs.flavor }} \ + --FLAVOR_RELEASE=${{ inputs.flavor_release }} \ + --BASE_IMAGE=${{ inputs.base_image }} \ + --MODEL=${{ inputs.model }} \ + --FAMILY=${{ inputs.family }} + sudo mv build/* . sudo rm -rf build mkdir sarif @@ -94,10 +134,10 @@ jobs: uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'sarif' - category: ${{ inputs.flavor }} + category: ${{ inputs.flavor }}-${{ inputs.flavor_release }} - uses: actions/upload-artifact@v3 with: - name: kairos-${{ inputs.flavor }}.iso.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}.iso.zip path: | *.iso *.sha256 @@ -106,7 +146,7 @@ jobs: - uses: actions/upload-artifact@v3 if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} with: - name: kairos-${{ inputs.flavor }}.sbom.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}.sbom.zip path: | *.syft.json *.spdx.json @@ -114,12 +154,13 @@ jobs: - name: Push to quay if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} env: - IMAGE: "quay.io/kairos/core-${{ inputs.flavor }}" - TAG: "latest" COSIGN_YES: true run: | - docker push "$IMAGE:$TAG" - image_ref=$(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG") + IMAGE=$(cat IMAGE) + VERSION=$(cat VERSION) + IMAGE="${IMAGE/$VERSION/latest}" + docker push $IMAGE + image_ref=$(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE") spdx=$(ls *.spdx.json) cosign attach sbom --sbom $spdx $image_ref cosign sign $image_ref --attachment sbom @@ -127,5 +168,7 @@ jobs: cosign attest --type spdx --predicate $spdx $image_ref - name: Push to testing run: | - docker tag quay.io/kairos/core-${{ inputs.flavor }}:latest ttl.sh/kairos-${{ inputs.flavor }}-${{ github.sha }}:24h - docker push ttl.sh/kairos-${{ inputs.flavor }}-${{ github.sha }}:24h + _IMG=$(cat IMAGE) + TEST_IMAGE="ttl.sh/kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}-${{ github.sha }}:24h" + docker tag $_IMG $TEST_IMAGE + docker push $TEST_IMAGE diff --git a/.github/workflows/reusable-build-framework-flavor.yaml b/.github/workflows/reusable-build-framework-flavor.yaml index 266fcb46e5..74eb76c59d 100644 --- a/.github/workflows/reusable-build-framework-flavor.yaml +++ b/.github/workflows/reusable-build-framework-flavor.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string jobs: build: @@ -48,6 +51,6 @@ jobs: insecure = true http = true EOF - earthly +build-framework-image --FLAVOR=${FLAVOR} --VERSION=master + earthly +build-framework-image --FLAVOR=${FLAVOR} --FLAVOR_RELEASE=${FLAVOR_RELEASE} --VERSION=master docker push "$IMAGE:$TAG" # Otherwise .RepoDigests will be empty for some reason cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG") diff --git a/.github/workflows/reusable-build-provider.yaml b/.github/workflows/reusable-build-provider.yaml index b2515a3960..54d29df83a 100644 --- a/.github/workflows/reusable-build-provider.yaml +++ b/.github/workflows/reusable-build-provider.yaml @@ -6,6 +6,24 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string + base_image: + required: true + type: string + model: + required: true + type: string + family: + required: true + type: string + variant: + required: true + type: string + arch: + required: true + type: string jobs: build: @@ -63,16 +81,21 @@ jobs: - name: Build PR 🔧 run: | K3S_VERSION=$(sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq '.packages | map(.version) | unique | last') - earthly +ci \ + earthly --platform=linux/${{ inputs.arch }} +ci \ --SECURITY_SCANS=false \ - --IMAGE=ttl.sh/kairos-${{ inputs.flavor }}-${{ github.sha }}-provider:24h \ + --VARIANT=${{ inputs.variant }} \ --FLAVOR=${{ inputs.flavor }} \ - --VARIANT=standard -K3S_VERSION=${K3S_VERSION} + --FLAVOR_RELEASE=${{ inputs.flavor_release }} \ + --BASE_IMAGE=${{ inputs.base_image }} \ + --MODEL=${{ inputs.model }} \ + --FAMILY=${{ inputs.family }} \ + --K3S_VERSION=${K3S_VERSION} + sudo mv build/* . sudo rm -rf build - uses: actions/upload-artifact@v3 with: - name: kairos-${{ inputs.flavor }}-provider.iso.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}-provider.iso.zip path: | *.iso *.sha256 @@ -80,4 +103,7 @@ jobs: if-no-files-found: error - name: Push to testing run: | - docker push ttl.sh/kairos-${{ inputs.flavor }}-${{ github.sha }}-provider:24h + _IMG=$(cat IMAGE) + TEST_IMAGE="ttl.sh/kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}-${{ github.sha }}-provider:24h" + docker tag $_IMG $TEST_IMAGE + docker push $TEST_IMAGE diff --git a/.github/workflows/reusable-docker-arm-build.yaml b/.github/workflows/reusable-docker-arm-build.yaml index 8949bf2e21..6323151373 100644 --- a/.github/workflows/reusable-docker-arm-build.yaml +++ b/.github/workflows/reusable-docker-arm-build.yaml @@ -1,5 +1,9 @@ name: Reusable workflow - docker arm build +# TODO: Merge this workflow with the reusable-build-flavor one +# The same workflow should be able to build any combination of flavor, +# model, architecture, etc. + on: workflow_call: inputs: @@ -9,9 +13,18 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string + family: + required: true + type: string model: required: true type: string + base_image: + required: true + type: string jobs: build: @@ -87,18 +100,16 @@ jobs: run: | sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP - - name: Shared runner build 🔧 - if: ${{ inputs.worker != 'fast' }} - run: | - ./earthly.sh +all-arm --VARIANT=core --MODEL=${{ inputs.model }} \ - --FLAVOR=${{ inputs.flavor }} \ - --IMG_COMPRESSION=${{env.IMG_COMPRESSION}} - - name: fast runner Build 🔧 - if: ${{ inputs.worker == 'fast' }} + - name: Build 🔧 run: | earthly --allow-privileged +all-arm \ - --VARIANT=core --MODEL=${{ inputs.model }} \ - --FLAVOR=${{ inputs.flavor }} --IMG_COMPRESSION=${{env.IMG_COMPRESSION}} + --FAMILY=${{ inputs.family }} \ + --FLAVOR=${{ inputs.flavor }} \ + --FLAVOR_RELEASE=${{ inputs.flavor_release }} \ + --BASE_IMAGE=${{ inputs.base_image }} \ + --MODEL=${{ inputs.model }} \ + --VARIANT=core \ + --IMG_COMPRESSION=${{env.IMG_COMPRESSION}} - name: Show img sizes run: | ls -ltra build diff --git a/.github/workflows/reusable-encryption-test.yaml b/.github/workflows/reusable-encryption-test.yaml index b955a568ec..81fef0446c 100644 --- a/.github/workflows/reusable-encryption-test.yaml +++ b/.github/workflows/reusable-encryption-test.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string label: required: true type: string @@ -74,7 +77,7 @@ jobs: id: iso uses: actions/download-artifact@v3 with: - name: kairos-${{ inputs.flavor }}.iso.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}.iso.zip - name: Display structure of downloaded files run: ls -las . - name: Block all traffic to metadata ip # For cloud runners, the metadata ip can interact with our test machines @@ -87,5 +90,5 @@ jobs: EMULATE_TPM: true USE_QEMU: true run: | - export ISO=$(ls $PWD/kairos-core-*${{ inputs.flavor }}*.iso) + export ISO=$(ls $PWD/*${{ inputs.flavor }}*.iso) .github/encryption-tests.sh diff --git a/.github/workflows/reusable-install-test.yaml b/.github/workflows/reusable-install-test.yaml index 657df0f32a..6894e46777 100644 --- a/.github/workflows/reusable-install-test.yaml +++ b/.github/workflows/reusable-install-test.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string jobs: test: @@ -18,7 +21,7 @@ jobs: id: iso uses: actions/download-artifact@v3 with: - name: kairos-${{ inputs.flavor }}.iso.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release}}.iso.zip - name: Display structure of downloaded files run: ls -las . - name: Install deps @@ -31,7 +34,7 @@ jobs: cache-dependency-path: tests/go.sum - name: Ginkgo run: | - export ISO=$(ls $PWD/kairos-core-*${{ inputs.flavor }}*.iso) + export ISO=$(ls $PWD/*${{ inputs.flavor }}*.iso) export GOPATH="/Users/runner/go" export PATH=$PATH:$GOPATH/bin export CREATE_VM=true diff --git a/.github/workflows/reusable-provider-tests.yaml b/.github/workflows/reusable-provider-tests.yaml index 9459eb60bc..bbc4a30723 100644 --- a/.github/workflows/reusable-provider-tests.yaml +++ b/.github/workflows/reusable-provider-tests.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string label: required: true type: string @@ -54,7 +57,7 @@ jobs: - name: Download artifacts uses: actions/download-artifact@v3 with: - name: kairos-${{ inputs.flavor }}-provider.iso.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}-provider.iso.zip - name: Run tests env: USE_QEMU: true @@ -62,7 +65,7 @@ jobs: MEMORY: 4000 CPUS: 2 DRIVE_SIZE: 30000 - CONTAINER_IMAGE: ttl.sh/kairos-${{ inputs.flavor }}-${{ github.sha }}-provider:24h + CONTAINER_IMAGE: ttl.sh/kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}-${{ github.sha }}-provider:24h run: | ls *.iso export ISO=$PWD/$(ls *.iso) @@ -72,6 +75,6 @@ jobs: - uses: actions/upload-artifact@v3 if: failure() with: - name: ${{ inputs.flavor }}-${{ inputs.label }}-provider-test.logs.zip + name: ${{ inputs.flavor }}-${{ inputs.flavor_release }}-${{ inputs.label }}-provider-test.logs.zip path: tests/**/logs/* if-no-files-found: warn diff --git a/.github/workflows/reusable-provider-upgrade-latest-test.yaml b/.github/workflows/reusable-provider-upgrade-latest-test.yaml index 7baf23ba27..954a445394 100644 --- a/.github/workflows/reusable-provider-upgrade-latest-test.yaml +++ b/.github/workflows/reusable-provider-upgrade-latest-test.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string jobs: test: @@ -50,7 +53,7 @@ jobs: with: latest: true repository: "kairos-io/kairos" - fileName: 'kairos-standard-*${{ inputs.flavor }}-*k3s1.iso' + fileName: 'kairos-standard-*${{ inputs.flavor }}-${{ inputs.flavor_release }}.*k3s1.iso' out-file-path: "" - name: Run tests run: | @@ -59,7 +62,7 @@ jobs: export MEMORY=4000 export CPUS=2 export DRIVE_SIZE=30000 - export CONTAINER_IMAGE=ttl.sh/kairos-${{ inputs.flavor }}-${{ github.sha }}-provider:24h + export CONTAINER_IMAGE=ttl.sh/kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}-${{ github.sha }}-provider:24h K3S_VERSION=$(sudo luet --config framework-profile.yaml search -o json k8s/k3s | jq -r '.packages | map(.version) | unique | last' | cut -d+ -f1) diff --git a/.github/workflows/reusable-qemu-acceptance-test.yaml b/.github/workflows/reusable-qemu-acceptance-test.yaml index 7fc8fbcf3d..75ecf17804 100644 --- a/.github/workflows/reusable-qemu-acceptance-test.yaml +++ b/.github/workflows/reusable-qemu-acceptance-test.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string port: required: false type: string @@ -53,7 +56,7 @@ jobs: id: iso uses: actions/download-artifact@v3 with: - name: kairos-${{ inputs.flavor }}.iso.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}.iso.zip - name: Display structure of downloaded files run: ls -las . - name: Install earthly @@ -66,4 +69,4 @@ jobs: sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP - run: | - earthly +run-qemu-datasource-tests --PREBUILT_ISO=$(ls kairos-core-*${{ inputs.flavor }}*.iso) --FLAVOR=${{ inputs.flavor }} --SSH_PORT=${{ inputs.port }} + earthly +run-qemu-datasource-tests --PREBUILT_ISO=$(ls *${{ inputs.flavor }}*.iso) --FLAVOR=${{ inputs.flavor }} --SSH_PORT=${{ inputs.port }} diff --git a/.github/workflows/reusable-qemu-bundles-test.yaml b/.github/workflows/reusable-qemu-bundles-test.yaml index e6bd323526..c630772fb3 100644 --- a/.github/workflows/reusable-qemu-bundles-test.yaml +++ b/.github/workflows/reusable-qemu-bundles-test.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string jobs: test: @@ -18,7 +21,7 @@ jobs: id: iso uses: actions/download-artifact@v3 with: - name: kairos-${{ inputs.flavor }}.iso.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}.iso.zip - name: Display structure of downloaded files run: ls -las . - name: Install earthly @@ -47,4 +50,4 @@ jobs: EOF earthly -P +prepare-bundles-tests - earthly -P +run-qemu-bundles-tests --PREBUILT_ISO=$(ls kairos-core-*${{ inputs.flavor }}*.iso) --FLAVOR=${{ inputs.flavor }} + earthly -P +run-qemu-bundles-tests --PREBUILT_ISO=$(ls *${{ inputs.flavor }}*.iso) --FLAVOR=${{ inputs.flavor }} diff --git a/.github/workflows/reusable-qemu-netboot-test.yaml b/.github/workflows/reusable-qemu-netboot-test.yaml index d4c42755b5..22ea8f184f 100644 --- a/.github/workflows/reusable-qemu-netboot-test.yaml +++ b/.github/workflows/reusable-qemu-netboot-test.yaml @@ -6,6 +6,21 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string + family: + required: true + type: string + base_image: + required: true + type: string + model: + required: true + type: string + variant: + required: true + type: string jobs: test: @@ -56,4 +71,11 @@ jobs: sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP - run: | - earthly -P +run-qemu-netboot-test --TEST_SUITE=netboot-test --FLAVOR=${{ inputs.flavor }} + earthly -P +run-qemu-netboot-test \ + --TEST_SUITE=netboot-test \ + --FLAVOR=${{ inputs.flavor }} \ + --FLAVOR_RELEASE=${{ inputs.flavor_release }} \ + --FAMILY=${{ inputs.family }} \ + --BASE_IMAGE=${{ inputs.base_image}} \ + --MODEL=${{ inputs.model }} \ + --VARIANT=${{ inputs.variant }} diff --git a/.github/workflows/reusable-qemu-reset-test.yaml b/.github/workflows/reusable-qemu-reset-test.yaml index fd9f4d5b1a..613985e5af 100644 --- a/.github/workflows/reusable-qemu-reset-test.yaml +++ b/.github/workflows/reusable-qemu-reset-test.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string jobs: test: @@ -18,7 +21,7 @@ jobs: id: iso uses: actions/download-artifact@v3 with: - name: kairos-${{ inputs.flavor }}.iso.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}.iso.zip - name: Display structure of downloaded files run: ls -las . - name: Install earthly @@ -45,4 +48,4 @@ jobs: insecure = true http = true EOF - earthly -P +run-qemu-datasource-tests --PREBUILT_ISO=$(ls kairos-core-*${{ inputs.flavor }}*.iso) --TEST_SUITE=reset-test --FLAVOR=${{ inputs.flavor }} + earthly -P +run-qemu-datasource-tests --PREBUILT_ISO=$(ls *${{ inputs.flavor }}*.iso) --TEST_SUITE=reset-test --FLAVOR=${{ inputs.flavor }} diff --git a/.github/workflows/reusable-upgrade-latest-test.yaml b/.github/workflows/reusable-upgrade-latest-test.yaml index 667c05fd85..b1b4b158c4 100644 --- a/.github/workflows/reusable-upgrade-latest-test.yaml +++ b/.github/workflows/reusable-upgrade-latest-test.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string jobs: test: @@ -51,6 +54,7 @@ jobs: # A flag to set the download target as latest release # The default value is 'false' latest: true + # TODO: Until we publish with the new names, what should this be? fileName: 'kairos-core-${{ inputs.flavor }}-amd64-generic-v*.iso' out-file-path: "" - name: Display structure of downloaded files @@ -67,10 +71,11 @@ jobs: - run: | # release-downloader globing matches more than one iso. Make sure # we use the right one. + # TODO: This needs to be adapted after we release with the new artifact names ISO=$(ls kairos-core-${{ inputs.flavor }}-amd64-generic-v*.iso | grep -v ipxe) earthly +run-qemu-test --PREBUILT_ISO=$ISO \ --FLAVOR=${{ inputs.flavor }} \ - --CONTAINER_IMAGE=ttl.sh/kairos-${{ inputs.flavor }}-${{ github.sha }}:24h \ + --CONTAINER_IMAGE=ttl.sh/kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}-${{ github.sha }}:24h \ --TEST_SUITE=upgrade-latest-with-cli - uses: actions/upload-artifact@v3 if: failure() diff --git a/.github/workflows/reusable-upgrade-with-cli-test.yaml b/.github/workflows/reusable-upgrade-with-cli-test.yaml index 8c27f1208f..66310c1d6c 100644 --- a/.github/workflows/reusable-upgrade-with-cli-test.yaml +++ b/.github/workflows/reusable-upgrade-with-cli-test.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string jobs: test: @@ -55,7 +58,7 @@ jobs: id: iso uses: actions/download-artifact@v3 with: - name: kairos-${{ inputs.flavor }}.iso.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}.iso.zip - name: Display structure of downloaded files run: ls -las . - name: Block all traffic to metadata ip # For cloud runners, the metadata ip can interact with our test machines @@ -63,9 +66,9 @@ jobs: sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP - run: | - earthly +run-qemu-test --PREBUILT_ISO=$(ls kairos-core-*${{ inputs.flavor }}*.iso) \ + earthly +run-qemu-test --PREBUILT_ISO=$(ls *${{ inputs.flavor }}*.iso) \ --FLAVOR=${{ inputs.flavor }} \ - --CONTAINER_IMAGE=ttl.sh/kairos-${{ inputs.flavor }}-${{ github.sha }}:24h \ + --CONTAINER_IMAGE=ttl.sh/kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}-${{ github.sha }}:24h \ --TEST_SUITE=upgrade-with-cli - uses: actions/upload-artifact@v3 if: failure() diff --git a/.github/workflows/reusable-zfs-test.yaml b/.github/workflows/reusable-zfs-test.yaml index 7c114b6e89..149c40fd4e 100644 --- a/.github/workflows/reusable-zfs-test.yaml +++ b/.github/workflows/reusable-zfs-test.yaml @@ -6,6 +6,9 @@ on: flavor: required: true type: string + flavor_release: + required: true + type: string jobs: test: @@ -16,7 +19,7 @@ jobs: id: iso uses: actions/download-artifact@v3 with: - name: kairos-${{ inputs.flavor }}.iso.zip + name: kairos-${{ inputs.flavor }}-${{ inputs.flavor_release }}.iso.zip - name: Display structure of downloaded files run: ls -R - name: Install earthly @@ -29,4 +32,4 @@ jobs: sudo iptables -I INPUT -s 169.254.169.254 -j DROP sudo iptables -I OUTPUT -d 169.254.169.254 -j DROP - run: | - earthly +run-qemu-test --PREBUILT_ISO=$(ls kairos-core-*${{ inputs.flavor }}*.iso) --TEST_SUITE=zfs --FLAVOR=${{ inputs.flavor }} + earthly +run-qemu-test --PREBUILT_ISO=$(ls *${{ inputs.flavor }}*.iso) --TEST_SUITE=zfs --FLAVOR=${{ inputs.flavor }} diff --git a/.github/workflows/uki.yaml b/.github/workflows/uki.yaml index ee3f089d39..59958f0a1e 100644 --- a/.github/workflows/uki.yaml +++ b/.github/workflows/uki.yaml @@ -40,7 +40,17 @@ jobs: # Do fedora as its the smaller uki possible # Use immmucore master as it has patches not released for uki # Use kairos-agent main branch as it has patches not released for uki - earthly +iso-uki --FLAVOR=opensuse-leap --KAIROS_AGENT_DEV=true --KAIROS_AGENT_DEV_BRANCH=main --IMMUCORE_DEV=true --IMMUCORE_DEV_BRANCH=master + earthly +iso-uki \ + --FLAVOR=opensuse \ + --FLAVOR_RELEASE=leap-15.5 \ + --FAMILY=opensuse-leap \ + --MODEL=generic \ + --VARIANT=core \ + --BASE_IMAGE=opensuse/leap:15.5 \ + --KAIROS_AGENT_DEV=true \ + --KAIROS_AGENT_DEV_BRANCH=main \ + --IMMUCORE_DEV=true \ + --IMMUCORE_DEV_BRANCH=master - name: Run tests env: USE_QEMU: true @@ -49,7 +59,7 @@ jobs: CPUS: 2 FIRMWARE: /usr/share/OVMF/OVMF_CODE.fd run: | - export ISO=$(ls $PWD/build/kairos-core-*opensuse-leap*.iso) + export ISO=$(ls $PWD/build/kairos-*opensuse-leap*.iso) cp tests/go.* . go run github.com/onsi/ginkgo/v2/ginkgo -v --label-filter "uki" --fail-fast -r ./tests/ - uses: actions/upload-artifact@v3 diff --git a/Earthfile b/Earthfile index 90e5a1d74b..2b1081aadd 100644 --- a/Earthfile +++ b/Earthfile @@ -1,15 +1,9 @@ VERSION 0.6 FROM alpine -ARG VARIANT=core # core, lite, framework -ARG FLAVOR=opensuse-leap -ARG BASE_URL=quay.io/kairos +ARG REGISTRY_AND_ORG=quay.io/kairos ARG IMAGE -ARG MODEL=generic ARG SUPPORT=official # not using until this is defined in https://github.com/kairos-io/kairos/issues/1527 ARG GITHUB_REPO=kairos-io/kairos -ARG OS_ID=kairos -ARG OS_REPO=${BASE_URL}/${VARIANT}-${FLAVOR} -ARG OS_NAME=${OS_ID}-${VARIANT}-${FLAVOR} # renovate: datasource=docker depName=quay.io/luet/base ARG LUET_VERSION=0.35.0 # renovate: datasource=docker depName=aquasec/trivy @@ -43,6 +37,15 @@ ARG K3S_VERSION all: ARG SECURITY_SCANS=true + + ARG TARGETARCH + ARG --required FAMILY # The dockerfile to use + ARG --required FLAVOR # The distribution E.g. "ubuntu" + ARG --required FLAVOR_RELEASE # The distribution release/version E.g. "20.04" + ARG --required VARIANT + ARG --required MODEL + ARG --required BASE_IMAGE # BASE_IMAGE is the image to apply the strategy (aka FLAVOR) on. E.g. ubuntu:20.04 + BUILD +base-image IF [ "$SECURITY_SCANS" = "true" ] BUILD +image-sbom @@ -56,6 +59,14 @@ all: # For PR building, only image and iso are needed ci: ARG SECURITY_SCANS=true + + # args for base-image target + ARG --required FLAVOR + ARG --required FLAVOR_RELEASE + ARG --required BASE_IMAGE + ARG --required MODEL + ARG --required VARIANT + BUILD +base-image IF [ "$SECURITY_SCANS" = "true" ] BUILD +image-sbom @@ -66,26 +77,24 @@ ci: all-arm: ARG SECURITY_SCANS=true - ARG MODEL=rpi4 - BUILD --platform=linux/arm64 +base-image --MODEL=$MODEL + + BUILD --platform=linux/arm64 +base-image IF [ "$SECURITY_SCANS" = "true" ] - BUILD --platform=linux/arm64 +image-sbom --MODEL=$MODEL - BUILD --platform=linux/arm64 +trivy-scan --MODEL=$MODEL - BUILD --platform=linux/arm64 +grype-scan --MODEL=$MODEL + BUILD --platform=linux/arm64 +image-sbom + BUILD --platform=linux/arm64 +trivy-scan + BUILD --platform=linux/arm64 +grype-scan END - + IF [[ "$FLAVOR" = "ubuntu-20-lts-arm-nvidia-jetson-agx-orin" ]] - BUILD +prepare-arm-image --MODEL=$MODEL --FLAVOR=${FLAVOR} + BUILD +prepare-arm-image ELSE - BUILD +arm-image --MODEL=$MODEL + BUILD +arm-image END arm-container-image: - ARG MODEL - BUILD --platform=linux/arm64 +base-image --MODEL=$MODEL + BUILD --platform=linux/arm64 +base-image all-arm-generic: - BUILD --platform=linux/arm64 +base-image --MODEL=generic BUILD --platform=linux/arm64 +iso --MODEL=generic build-and-push-golang-testing: @@ -106,42 +115,30 @@ go-deps-test: SAVE ARTIFACT go.mod go.mod AS LOCAL go.mod SAVE ARTIFACT go.sum go.sum AS LOCAL go.sum -CONTAINER_IMAGE_VERSION: - COMMAND - - ARG VERSION - - # quay.io doesn't accept "+" in the repo name - ARG _VERSION=$(echo $VERSION | sed 's/+/-/') - - IF [ "$IMAGE" = "" ] - # TODO: This IF block should be deleted as soon as our repository names - # follow our conventions. - IF [ "$VARIANT" = "standard" ] - RUN echo ${BASE_URL}/kairos-${FLAVOR}:${_VERSION} > IMAGE - ELSE - RUN echo ${BASE_URL}/${VARIANT}-${FLAVOR}:${_VERSION} > IMAGE - END - ELSE - RUN echo $IMAGE > IMAGE - END - - RUN echo "${VERSION}" > VERSION OSRELEASE: COMMAND - ARG OS_ID - ARG OS_NAME - ARG OS_REPO - ARG OS_VERSION - ARG VARIANT - ARG FLAVOR ARG GITHUB_REPO ARG BUG_REPORT_URL ARG HOME_URL - COPY +version/VERSION ./ - ARG OS_LABEL=$(cat VERSION) + ARG OS_ID=kairos + + # For naming.sh + ARG TARGETARCH # Earthly built-in (not passed) + ARG --required FAMILY + ARG --required FLAVOR + ARG --required FLAVOR_RELEASE + ARG --required VARIANT + ARG --required MODEL + ARG --required KAIROS_VERSION + + COPY ./naming.sh . + ARG OS_REPO=$(./naming.sh container_artifact_name) + ARG OS_NAME=$(./naming.sh common_artifact_name) + + ARG OS_VERSION=$KAIROS_VERSION + ARG OS_LABEL=$KAIROS_VERSION # update OS-release file RUN sed -i -n '/KAIROS_/!p' /etc/os-release @@ -217,20 +214,23 @@ syft: image-sbom: ARG TARGETARCH + ARG --required FAMILY # The dockerfile to use + ARG --required FLAVOR # The distribution E.g. "ubuntu" + ARG --required FLAVOR_RELEASE # The distribution release/version E.g. "20.04" + ARG --required VARIANT + ARG --required MODEL + ARG --required BASE_IMAGE # BASE_IMAGE is the image to apply the strategy (aka FLAVOR) on. E.g. ubuntu:20.04 + # Use base-image so it can read original os-release file FROM +base-image WORKDIR /build ARG FLAVOR ARG VARIANT COPY +version/VERSION ./ - ARG VERSION=$(cat VERSION) + ARG KAIROS_VERSION=$(cat VERSION) - IF [ "$TARGETARCH" = "arm64" ] - ARG DISTRO=$(echo $FLAVOR | sed 's/-arm-.*//') - ARG ISO_NAME=${OS_ID}-${VARIANT}-${DISTRO}-${TARGETARCH}-${MODEL}-${VERSION} - ELSE - ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION} - END + COPY ./naming.sh . + ARG ISO_NAME=$(./naming.sh bootable_artifact_name) COPY +syft/syft /usr/bin/syft RUN syft / -o json=sbom.syft.json -o spdx-json=sbom.spdx.json @@ -252,6 +252,8 @@ framework: FROM golang:alpine ARG FLAVOR + ARG FLAVOR_RELEASE + WORKDIR /build COPY ./profile-build /build @@ -259,7 +261,7 @@ framework: RUN go mod download COPY framework-profile.yaml /build - RUN go run main.go ${FLAVOR} framework-profile.yaml /framework + RUN go run main.go ${FLAVOR}-${FLAVOR_RELEASE} framework-profile.yaml /framework RUN mkdir -p /framework/etc/kairos/ RUN luet database --system-target /framework get-all-installed --output /framework/etc/kairos/versions.yaml @@ -278,7 +280,9 @@ framework: build-framework-image: FROM alpine - ARG FLAVOR + + ARG --required FLAVOR + ARG --required FLAVOR_RELEASE COPY +version/VERSION ./ ARG VERSION=$(cat VERSION) @@ -290,63 +294,59 @@ build-framework-image: FROM scratch - COPY (+framework/framework --FLAVOR=$FLAVOR) / + COPY (+framework/framework --FLAVOR=$FLAVOR --FLAVOR_RELEASE=$FLAVOR_RELEASE) / SAVE IMAGE --push $IMAGE_REPOSITORY_ORG/framework:${VERSION}_${FLAVOR} base-image: - ARG MODEL - ARG FLAVOR - ARG VARIANT - ARG KAIROS_VERSION + ARG TARGETARCH # Earthly built-in (not passed) + ARG --required FAMILY # The dockerfile to use + ARG --required FLAVOR # The distribution E.g. "ubuntu" + ARG --required FLAVOR_RELEASE # The distribution release/version E.g. "20.04" + ARG --required VARIANT + ARG --required MODEL + ARG --required BASE_IMAGE # BASE_IMAGE is the image to apply the strategy (aka FLAVOR) on. E.g. ubuntu:20.04 + ARG BUILD_INITRD="true" - ARG TARGETARCH # HWE is used to determine if the HWE kernel should be installed on Ubuntu LTS. # The default value is empty, which means the HWE kernel WILL be installed # if you want to disable the HWE kernel, set HWE to "-non-hwe" ARG HWE - IF [ "$BASE_IMAGE" = "" ] - # DISTRO is used to match the Linux distribution in the Dockerfile e.g. Dockerfile.ubuntu - # This is a bit messy at the moment, but it will be sorted out when we stop including the model and the arch in - # the flavor name e.g. ubuntu-20-lts-arm-rpi - IF [[ "$FLAVOR" =~ ^alpine* ]] # TODO: only needed while we don't have a pure alpine - ARG DISTRO=alpine - ELSE IF [[ "$FLAVOR" = "ubuntu-20-lts-arm-nvidia-jetson-agx-orin" ]] # TODO: needs to still be merged on Dockerfile.ubuntu (or not?) - ARG DISTRO=ubuntu-20-lts-arm-nvidia-jetson-agx-orin - ELSE IF [[ "$FLAVOR" =~ "ubuntu" ]] # TODO: need to find a better way to match the flavor and the distro in the dockerfile for Ubuntu - ARG DISTRO=ubuntu - ELSE - ARG DISTRO=$(echo $FLAVOR | sed 's/-arm-.*//') - END - - # SIMPLE_FLAVOR is used to distinguish the flavor inside the Dockerfile, where it's important to make a distinction - # between e.g. ubuntu and ubuntu-20-lts, but we don't really need to know the model and the arch since this is - # defined using MODEL and TARGETARCH. - ARG SIMPLE_FLAVOR=$(echo $FLAVOR | sed 's/-arm-.*//') - - FROM DOCKERFILE --build-arg MODEL=$MODEL --build-arg FLAVOR=$SIMPLE_FLAVOR --build-arg HWE=$HWE -f images/Dockerfile.$DISTRO images/ - ELSE - FROM $BASE_IMAGE - END + # TODO: Pass the VARIANT here and let Dockerfiles handle it + FROM DOCKERFILE \ + --build-arg BASE_IMAGE=$BASE_IMAGE \ + --build-arg MODEL=$MODEL \ + --build-arg FLAVOR=$FLAVOR \ + --build-arg FLAVOR_RELEASE=$FLAVOR_RELEASE \ + --build-arg HWE=$HWE \ + -f images/Dockerfile.$FAMILY images/ # Includes overlay/files - COPY (+framework/framework --FLAVOR=$FLAVOR) / + COPY (+framework/framework --FLAVOR=$FLAVOR --FLAVOR_RELEASE=$FLAVOR_RELEASE) / # Avoid to accidentally push keys generated by package managers RUN rm -rf /etc/ssh/ssh_host_* # Set proper os-release file with all the info IF [ "$KAIROS_VERSION" = "" ] COPY +version/VERSION ./ - ARG VERSION=$(cat VERSION) - RUN echo "version ${VERSION}" - ARG OS_VERSION=${VERSION} - RUN rm VERSION + ARG KAIROS_VERSION=$(cat VERSION) + ARG OS_VERSION=${KAIROS_VERSION} ELSE ARG OS_VERSION=${KAIROS_VERSION} + RUN echo $OS_VERSION > ./VERSION END - DO +OSRELEASE --HOME_URL=https://github.com/kairos-io/kairos --BUG_REPORT_URL=https://github.com/kairos-io/kairos/issues --GITHUB_REPO=kairos-io/kairos --VARIANT=${VARIANT} --FLAVOR=${FLAVOR} --OS_ID=${OS_ID} --OS_LABEL=${OS_LABEL} --OS_NAME=${OS_NAME} --OS_REPO=${OS_REPO} --OS_VERSION=${OS_VERSION} + DO +OSRELEASE \ + --HOME_URL=https://github.com/kairos-io/kairos \ + --BUG_REPORT_URL=https://github.com/kairos-io/kairos/issues \ + --GITHUB_REPO=kairos-io/kairos \ + --KAIROS_VERSION=${OS_VERSION} \ + --FAMILY=${FAMILY} \ + --FLAVOR=${FLAVOR} \ + --FLAVOR_RELEASE=${FLAVOR_RELEASE} \ + --VARIANT=${VARIANT} \ + --MODEL=${MODEL} # Fully remove machine-id, it will be generated on first boot RUN rm -rf /etc/machine-id @@ -409,16 +409,19 @@ base-image: # https://docs.earthly.dev/docs/earthfile#arg # Overrides GITHUB_REPO, VARIANT, OS_REPO and OS_NAME to add the kairos name in there # which points to the provider-kairos repo - DO +OSRELEASE --HOME_URL=https://github.com/kairos-io/kairos \ - --BUG_REPORT_URL=https://github.com/kairos-io/kairos/issues \ - --GITHUB_REPO=kairos-io/provider-kairos --VARIANT=kairos \ - --OS_REPO=quay.io/kairos/kairos-${FLAVOR} \ - --FLAVOR=${FLAVOR} --OS_ID=${OS_ID} --OS_LABEL=${OS_LABEL} \ - --OS_NAME=${OS_ID}-kairos-${FLAVOR} \ - --OS_VERSION=${OS_VERSION} + DO +OSRELEASE \ + --HOME_URL=https://github.com/kairos-io/kairos \ + --BUG_REPORT_URL=https://github.com/kairos-io/kairos/issues \ + --GITHUB_REPO=kairos-io/provider-kairos \ + --KAIROS_VERSION=${OS_VERSION} \ + --FAMILY=${FAMILY} \ + --FLAVOR=${FLAVOR} \ + --FLAVOR_RELEASE=${FLAVOR_RELEASE} \ + --VARIANT=${VARIANT} \ + --MODEL=${MODEL} END - IF [[ "$FLAVOR" =~ ^ubuntu* ]] + IF expr "$FLAVOR" : '^ubuntu' > /dev/null # compress firmware RUN find /usr/lib/firmware -type f -execdir zstd --rm -9 {} \+ # compress modules @@ -430,7 +433,6 @@ base-image: RUN rm -rf /boot/initrd.img-* END - IF [ -e "/usr/bin/dracut" ] # Regenerate initrd if necessary RUN --no-cache kernel=$(ls /lib/modules | head -n1) && depmod -a "${kernel}" @@ -478,23 +480,39 @@ base-image: RUN rm -rf /tmp/* - DO +CONTAINER_IMAGE_VERSION -VERSION=${OS_VERSION} - ARG _CIMG=$(cat IMAGE) + COPY ./naming.sh . + RUN ./naming.sh container_artifact_name + RUN ./naming.sh container_artifact_name > ./IMAGE # luet cleanup RUN luet cleanup RUN rm -rf /var/luet + ARG _CIMG=$(cat ./IMAGE) SAVE IMAGE $_CIMG SAVE ARTIFACT IMAGE AS LOCAL build/IMAGE SAVE ARTIFACT VERSION AS LOCAL build/VERSION SAVE ARTIFACT /etc/kairos/versions.yaml versions.yaml AS LOCAL build/versions.yaml image-rootfs: + ARG --required FAMILY + ARG --required FLAVOR + ARG --required BASE_IMAGE + ARG --required MODEL + ARG --required VARIANT + FROM +base-image + SAVE ARTIFACT --keep-own /. rootfs uki-artifacts: + ARG --required FAMILY # The dockerfile to use + ARG --required FLAVOR # The distribution E.g. "ubuntu" + ARG --required FLAVOR_RELEASE # The distribution release/version E.g. "20.04" + ARG --required VARIANT + ARG --required MODEL + ARG --required BASE_IMAGE + FROM +base-image --BUILD_INITRD=false RUN /usr/bin/immucore version RUN ln -s /usr/bin/immucore /init @@ -533,11 +551,22 @@ uki-tools-image: # This is for easy testing SecureBoot locally for development purposes # Installing this keys in other place than a VM for testing SecureBoot is irresponsible uki: + FROM ubuntu + ARG TARGETARCH COPY +version/VERSION ./ RUN echo "version ${VERSION}" - ARG VERSION=$(cat VERSION) - ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION} + + ARG --required FAMILY # The dockerfile to use + ARG --required FLAVOR # The distribution E.g. "ubuntu" + ARG --required FLAVOR_RELEASE # The distribution release/version E.g. "20.04" + ARG --required VARIANT + ARG --required MODEL + ARG --required BASE_IMAGE + + ARG KAIROS_VERSION=$(cat VERSION) + COPY ./naming.sh . + ARG ISO_NAME=$(./naming.sh bootable_artifact_name) FROM +uki-tools-image WORKDIR build COPY +uki-artifacts/Kernel Kernel @@ -600,10 +629,23 @@ uki-local-artifacts: ### iso: + FROM ubuntu + COPY +version/VERSION ./ - ARG VERSION=$(cat VERSION) + ARG KAIROS_VERSION=$(cat VERSION) ARG TARGETARCH - ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION} + + # args for base-image target + ARG --required FAMILY + ARG --required FLAVOR + ARG --required FLAVOR_RELEASE + ARG --required BASE_IMAGE + ARG --required MODEL + ARG --required VARIANT + + COPY ./naming.sh . + ARG ISO_NAME=$(./naming.sh bootable_artifact_name) + ARG OSBUILDER_IMAGE FROM $OSBUILDER_IMAGE WORKDIR /build @@ -615,10 +657,21 @@ iso: iso-uki: + FROM ubuntu + COPY +version/VERSION ./ - ARG VERSION=$(cat VERSION) + ARG KAIROS_VERSION=$(cat VERSION) ARG TARGETARCH - ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION} + + ARG --required FAMILY # The dockerfile to use + ARG --required FLAVOR # The distribution E.g. "ubuntu" + ARG --required FLAVOR_RELEASE # The distribution release/version E.g. "20.04" + ARG --required VARIANT + ARG --required MODEL + ARG --required BASE_IMAGE + + COPY ./naming.sh . + ARG ISO_NAME=$(./naming.sh bootable_artifact_name) ARG OSBUILDER_IMAGE FROM $OSBUILDER_IMAGE WORKDIR /build @@ -663,12 +716,23 @@ iso-uki: # you can override either the full thing by setting --REMOTE_IMG=docker:REPO/IMAGE:TAG # or by --REMOTE_IMG=REPO/IMAGE:TAG iso-remote: + FROM ubuntu + ARG TARGETARCH ARG REMOTE_IMG COPY +version/VERSION ./ - ARG VERSION=$(cat VERSION) - ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION} + ARG KAIROS_VERSION=$(cat VERSION) + + ARG --required FAMILY # The dockerfile to use + ARG --required FLAVOR # The distribution E.g. "ubuntu" + ARG --required FLAVOR_RELEASE # The distribution release/version E.g. "20.04" + ARG --required VARIANT + ARG --required MODEL + ARG --required BASE_IMAGE + + COPY ./naming.sh . + ARG ISO_NAME=$(./naming.sh bootable_artifact_name) ARG OSBUILDER_IMAGE FROM $OSBUILDER_IMAGE WORKDIR /build @@ -678,12 +742,25 @@ iso-remote: SAVE ARTIFACT /build/$ISO_NAME.iso.sha256 kairos.iso.sha256 AS LOCAL build/$ISO_NAME.iso.sha256 netboot: - ARG TARGETARCH + FROM ubuntu + COPY +version/VERSION ./ RUN echo "version ${VERSION}" - ARG VERSION=$(cat VERSION) - ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION} + ARG KAIROS_VERSION=$(cat VERSION) + + ARG TARGETARCH # Earthly built-in (not passed) + ARG --required FAMILY # The dockerfile to use + ARG --required FLAVOR # The distribution E.g. "ubuntu" + ARG --required FLAVOR_RELEASE # The distribution release/version E.g. "20.04" + ARG --required VARIANT + ARG --required MODEL + ARG --required BASE_IMAGE # BASE_IMAGE is the image to apply the strategy (aka FLAVOR) on. E.g. ubuntu:20.04 + + COPY ./naming.sh . + ARG ISO_NAME=$(./naming.sh bootable_artifact_name) ARG OSBUILDER_IMAGE + + # Used here: https://github.com/kairos-io/osbuilder/blob/66e9e7a9403a413e310f462136b70d715605ab09/tools-image/ipxe.tmpl#L5 ARG RELEASE_URL=https://github.com/kairos-io/kairos/releases/download FROM $OSBUILDER_IMAGE @@ -706,14 +783,21 @@ arm-image: ARG COMPRESS_IMG=true ARG IMG_COMPRESSION=xz FROM $OSBUILDER_IMAGE - ARG MODEL=rpi4 + COPY +version/VERSION ./ RUN echo "version ${VERSION}" - ARG VERSION=$(cat VERSION) - ARG DISTRO=$(echo $FLAVOR | sed 's/-arm-.*//') - # TARGETARCH is not used here because OSBUILDER_IMAGE is not available in arm64. When this changes, then the caller - # of this target can simply pass the desired TARGETARCH. - ARG IMAGE_NAME=${OS_ID}-${VARIANT}-${DISTRO}-arm64-${MODEL}-${VERSION}.img + ARG KAIROS_VERSION=$(cat VERSION) + + ARG TARGETARCH + ARG --required FAMILY + ARG --required FLAVOR + ARG --required FLAVOR_RELEASE + ARG --required VARIANT + ARG --required MODEL + ARG --required BASE_IMAGE + + COPY ./naming.sh . + ARG IMAGE_NAME=$(./naming.sh bootable_artifact_name).img RUN echo $IMAGE_NAME WORKDIR /build # These sizes are in MB @@ -754,11 +838,24 @@ prepare-arm-image: ARG OSBUILDER_IMAGE ARG COMPRESS_IMG=true FROM $OSBUILDER_IMAGE + + COPY +version/VERSION ./ + RUN echo "version ${VERSION}" + ARG KAIROS_VERSION=$(cat VERSION) + + ARG TARGETARCH + ARG --required FAMILY + ARG --required FLAVOR + ARG --required FLAVOR_RELEASE + ARG --required VARIANT + ARG --required BASE_IMAGE ARG MODEL=rpi4 - ARG IMAGE_NAME=${FLAVOR}.img + + COPY ./naming.sh . + ARG IMAGE_NAME=$(./naming.sh bootable_artifact_name).img WORKDIR /build # These sizes are in MB - + ENV SIZE="15200" IF [[ "$FLAVOR" = "ubuntu-20-lts-arm-nvidia-jetson-agx-orin" ]] @@ -798,18 +895,28 @@ ipxe-iso: mtools syslinux isolinux gcc-arm-none-eabi git make gcc liblzma-dev mkisofs xorriso # jq docker WORKDIR /build + COPY +version/VERSION ./ - RUN echo "version ${VERSION}" - ARG VERSION=$(cat VERSION) - ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION} - COPY +version/VERSION ./ - ARG VERSION=$(cat VERSION) + ARG KAIROS_VERSION=$(cat VERSION) + ARG TARGETARCH + + # args for base-image target + ARG --required FAMILY + ARG --required FLAVOR + ARG --required FLAVOR_RELEASE + ARG --required BASE_IMAGE + ARG --required MODEL + ARG --required VARIANT + + COPY ./naming.sh . + ARG ISO_NAME=$(./naming.sh bootable_artifact_name) + + # Used here: https://github.com/kairos-io/osbuilder/blob/66e9e7a9403a413e310f462136b70d715605ab09/tools-image/ipxe.tmpl#L5 ARG RELEASE_URL - RUN echo "version ${VERSION}" RUN git clone https://github.com/ipxe/ipxe IF [ "$ipxe_script" = "" ] - COPY (+netboot/ipxe --VERSION=$VERSION --RELEASE_URL=$RELEASE_URL) /build/ipxe/script.ipxe + COPY (+netboot/ipxe --VERSION=$KAIROS_VERSION --RELEASE_URL=$RELEASE_URL) /build/ipxe/script.ipxe ELSE COPY $ipxe_script /build/ipxe/script.ipxe END @@ -824,11 +931,13 @@ ipxe-iso: # is to boot from them and do a reset to get the latest system installed # This allows us to build a raw disk image locally to test the cloud workflow easily raw-image: + FROM ubuntu ARG TARGETARCH COPY +version/VERSION ./ RUN echo "version ${VERSION}" ARG VERSION=$(cat VERSION) - ARG IMG_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION}.raw + COPY ./naming.sh . + ARG IMG_NAME=$(./naming.sh bootable_artifact_name).raw ARG OSBUILDER_IMAGE FROM $OSBUILDER_IMAGE WORKDIR /build @@ -862,6 +971,7 @@ trivy: trivy-scan: ARG TARGETARCH + # Use base-image so it can read original os-release file FROM +base-image COPY +trivy/trivy /trivy @@ -870,12 +980,8 @@ trivy-scan: ARG VERSION=$(cat VERSION) ARG FLAVOR ARG VARIANT - IF [ "$TARGETARCH" = "arm64" ] - ARG DISTRO=$(echo $FLAVOR | sed 's/-arm-.*//') - ARG ISO_NAME=${OS_ID}-${VARIANT}-${DISTRO}-${TARGETARCH}-${MODEL}-${VERSION} - ELSE - ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION} - END + ARG ISO_NAME=$(./naming.sh bootable_artifact_name) + WORKDIR /build RUN /trivy filesystem --skip-dirs /tmp --timeout 30m --format sarif -o report.sarif --no-progress / RUN /trivy filesystem --skip-dirs /tmp --timeout 30m --format template --template "@/contrib/html.tpl" -o report.html --no-progress / @@ -890,19 +996,14 @@ grype: grype-scan: ARG TARGETARCH + # Use base-image so it can read original os-release file FROM +base-image COPY +grype/grype /grype COPY +version/VERSION ./ - ARG VERSION=$(cat VERSION) - ARG FLAVOR - ARG VARIANT - IF [ "$TARGETARCH" = "arm64" ] - ARG DISTRO=$(echo $FLAVOR | sed 's/-arm-.*//') - ARG ISO_NAME=${OS_ID}-${VARIANT}-${DISTRO}-${TARGETARCH}-${MODEL}-${VERSION} - ELSE - ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION} - END + ARG KAIROS_VERSION=$(cat VERSION) + ARG ISO_NAME=$(./naming.sh bootable_artifact_name) + WORKDIR /build RUN /grype dir:/ --output sarif --add-cpes-if-none --file report.sarif RUN /grype dir:/ --output json --add-cpes-if-none --file report.json @@ -940,7 +1041,7 @@ run-qemu-datasource-tests: IF [ ! -e /test/build/datasource.iso ] COPY ( +datasource-iso/iso.iso --CLOUD_CONFIG=$CLOUD_CONFIG) datasource.iso ENV DATASOURCE=/test/datasource.iso - ELSE + ELSE ENV DATASOURCE=/test/build/datasource.iso END ENV CLOUD_INIT=/tests/tests/$CLOUD_CONFIG @@ -950,26 +1051,32 @@ run-qemu-datasource-tests: run-qemu-netboot-test: - ARG TARGETARCH FROM +go-deps-test COPY . /test WORKDIR /test COPY +version/VERSION ./ - RUN echo "version ${VERSION}" - ARG VERSION=$(cat VERSION) - ARG ISO_NAME=${OS_ID}-${VARIANT}-${FLAVOR}-${TARGETARCH}-${MODEL}-${VERSION} - COPY +version/VERSION ./ - ARG VERSION=$(cat VERSION) + ARG KAIROS_VERSION=$(cat VERSION) + + ARG TARGETARCH # Earthly built-in (not passed) + ARG --required FAMILY # The dockerfile to use + ARG --required FLAVOR # The distribution E.g. "ubuntu" + ARG --required FLAVOR_RELEASE # The distribution release/version E.g. "20.04" + ARG --required VARIANT + ARG --required MODEL + ARG --required BASE_IMAGE # BASE_IMAGE is the image to apply the strategy (aka FLAVOR) on. E.g. ubuntu:20.04 + + COPY ./naming.sh . + ARG ISO_NAME=$(./naming.sh bootable_artifact_name) # This is the IP at which qemu vm can see the host ARG IP="10.0.2.2" - COPY (+netboot/squashfs --VERSION=$VERSION --RELEASE_URL=http://$IP) ./build/$VERSION/$ISO_NAME.squashfs - COPY (+netboot/kernel --VERSION=$VERSION --RELEASE_URL=http://$IP) ./build/$VERSION/$ISO_NAME-kernel - COPY (+netboot/initrd --VERSION=$VERSION --RELEASE_URL=http://$IP) ./build/$VERSION/$ISO_NAME-initrd - COPY (+netboot/ipxe --VERSION=$VERSION --RELEASE_URL=http://$IP) ./build/$VERSION/$ISO_NAME.ipxe - COPY (+ipxe-iso/iso --VERSION=$VERSION --RELEASE_URL=http://$IP) ./build/${ISO_NAME}-ipxe.iso + COPY (+netboot/squashfs --VERSION=$KAIROS_VERSION --RELEASE_URL=http://$IP) ./build/$VERSION/$ISO_NAME.squashfs + COPY (+netboot/kernel --VERSION=$KAIROS_VERSION --RELEASE_URL=http://$IP) ./build/$VERSION/$ISO_NAME-kernel + COPY (+netboot/initrd --VERSION=$KAIROS_VERSION --RELEASE_URL=http://$IP) ./build/$VERSION/$ISO_NAME-initrd + COPY (+netboot/ipxe --VERSION=$KAIROS_VERSION --RELEASE_URL=http://$IP) ./build/$VERSION/$ISO_NAME.ipxe + COPY (+ipxe-iso/iso --VERSION=$KAIROS_VERSION --RELEASE_URL=http://$IP) ./build/${ISO_NAME}-ipxe.iso ENV ISO=/test/build/$ISO_NAME-ipxe.iso @@ -989,12 +1096,9 @@ run-qemu-netboot-test: run-qemu-test: FROM +go-deps-test WORKDIR /test - ARG FLAVOR ARG TEST_SUITE=upgrade-with-cli ARG PREBUILT_ISO ARG CONTAINER_IMAGE - ENV CONTAINER_IMAGE=$CONTAINER_IMAGE - ENV FLAVOR=$FLAVOR ENV SSH_PORT=60022 ENV CREATE_VM=true ENV USE_QEMU=true @@ -1053,7 +1157,7 @@ push-build-artifacts: RUN cd build && tar cvf ../build.tar ./ RUN luet util pack $BUNDLE_IMAGE build.tar image.tar WITH DOCKER - RUN docker load -i image.tar && docker push $BUNDLE_IMAGE + RUN docker load -i image.tar && docker push $BUNDLE_IMAGE END # bundles tests needs to run in sequence: @@ -1071,7 +1175,7 @@ prepare-bundles-tests: ARG VERSION=$(cat VERSION) RUN echo "version ${VERSION}" WITH DOCKER --load $IMG=(+examples-bundle --BUNDLE_IMAGE=$BUNDLE_IMAGE --VERSION=$VERSION) - RUN docker push $BUNDLE_IMAGE + RUN docker push $BUNDLE_IMAGE END BUILD +examples-bundle-config --BUNDLE_IMAGE=$BUNDLE_IMAGE @@ -1090,7 +1194,7 @@ examples-bundle: FROM DOCKERFILE --build-arg VERSION=$VERSION -f examples/bundle/Dockerfile . SAVE IMAGE $BUNDLE_IMAGE -## ./earthly.sh +examples-bundle-config --BUNDLE_IMAGE=ttl.sh/testfoobar:8h +## ./earthly.sh +examples-bundle-config --BUNDLE_IMAGE=ttl.sh/testfoobar:8h ## cat bundles-config.yaml examples-bundle-config: ARG BUNDLE_IMAGE @@ -1116,7 +1220,7 @@ docs: COPY . . WORKDIR ./docs - + RUN npm install postcss-cli RUN npm run prepare @@ -1124,14 +1228,14 @@ docs: SAVE ARTIFACT public /public AS LOCAL docs/public ## ./earthly.sh --push +temp-image --FLAVOR=ubuntu -## all same flags than the `docker` target plus +## all same flags than the `docker` target plus ## - the EXPIRATION time, defaults to 24h ## - the NAME of the image in ttl.sh, defaults to the branch name + short sha ## the push flag is optional -## +## ## you will have access to an image in ttl.sh e.g. ttl.sh/add-earthly-target-to-build-temp-images-339dfc7:24h temp-image: - FROM alpine + FROM alpine RUN apk add git COPY . ./ @@ -1147,6 +1251,12 @@ temp-image: ARG TTL_IMAGE = "ttl.sh/${NAME}:${EXPIRATION}" + # args for base-image target + ARG --required FLAVOR + ARG --required BASE_IMAGE + ARG --required MODEL + ARG --required VARIANT + FROM +base-image SAVE IMAGE --push $TTL_IMAGE @@ -1161,7 +1271,7 @@ generate-schema: ARG RELEASE_VERSION=$(cat VERSION) RUN mkdir "docs/static/$RELEASE_VERSION" ARG SCHEMA_FILE="docs/static/$RELEASE_VERSION/cloud-config.json" - RUN kairos-agent print-schema > $SCHEMA_FILE + RUN kairos-agent print-schema > $SCHEMA_FILE SAVE ARTIFACT ./docs/static/* AS LOCAL docs/static/ last-commit-packages: @@ -1186,6 +1296,12 @@ bump-repositories: SAVE ARTIFACT framework-profile.yaml AS LOCAL framework-profile.yaml luet-versions: + # args for base-image target + ARG --required FLAVOR + ARG --required BASE_IMAGE + ARG --required MODEL + ARG --required VARIANT + FROM +base-image SAVE ARTIFACT /framework/etc/kairos/versions.yaml versions.yaml AS LOCAL build/versions.yaml diff --git a/framework-profile.yaml b/framework-profile.yaml index 59625856d8..50bfac8e64 100755 --- a/framework-profile.yaml +++ b/framework-profile.yaml @@ -7,55 +7,35 @@ # images: # - quay.io/kairos/packages:k9s-utils-0.27.4 flavors: - debian: + debian-testing: - common-packages - kairos-toolchain - systemd-base - debian-arm-rpi: + debian-bookworm: - common-packages - kairos-toolchain - systemd-base - ubuntu: + ubuntu-20.04: - common-packages - kairos-toolchain - systemd-base - ubuntu-arm-rpi: + ubuntu-22.04: - common-packages - kairos-toolchain - systemd-base - ubuntu-20-lts-arm-nvidia-jetson-agx-orin: + ubuntu-23.04: - common-packages - kairos-toolchain - systemd-base - ubuntu-20-lts-arm-rpi: + fedora-38: - common-packages - kairos-toolchain - systemd-base - ubuntu-22-lts-arm-rpi: + rockylinux-9: - common-packages - kairos-toolchain - systemd-base - ubuntu-22-lts: - - common-packages - - kairos-toolchain - - systemd-base - ubuntu-20-lts: - - common-packages - - kairos-toolchain - - systemd-base - fips-systemd: - - common-packages - - kairos-toolchain-fips - - systemd-base - fedora: - - common-packages - - kairos-toolchain - - systemd-base - rockylinux: - - common-packages - - kairos-toolchain - - systemd-base - almalinux: + almalinux-9: - common-packages - kairos-toolchain - systemd-base @@ -63,16 +43,7 @@ flavors: - common-packages - kairos-toolchain - systemd-base - - systemd-latest - opensuse-tumbleweed-arm-rpi: - - common-packages - - kairos-toolchain - - systemd-base - opensuse-leap: - - common-packages - - kairos-toolchain - - systemd-base - opensuse-leap-arm-rpi: + opensuse-leap-15.5: - common-packages - kairos-toolchain - systemd-base @@ -81,15 +52,16 @@ flavors: - kairos-toolchain - openrc - alpine-init - alpine-arm-rpi: + fips-systemd: - common-packages - - kairos-toolchain - - openrc - - alpine-init-rpi + - kairos-toolchain-fips + - systemd-base # See https://github.com/kairos-io/packages/pull/67 for rationale alpine-init: packages: - distro-kernel/alpine +# TODO: This is a problem. We need a different kernel for rpi but we don't +# include the model name in the flavors above. Fix this. alpine-init-rpi: packages: - distro-kernel/alpine-rpi diff --git a/images/Dockerfile.alpine b/images/Dockerfile.alpine index 6b6cb5e1ff..1afc9f8033 100644 --- a/images/Dockerfile.alpine +++ b/images/Dockerfile.alpine @@ -2,12 +2,12 @@ #### ARGS #### ############################################################### ARG MODEL=generic +ARG BASE_IMAGE=alpine ############################################################### #### Common #### ############################################################### -FROM alpine AS common - +FROM $BASE_IMAGE AS common RUN apk --no-cache add \ bash \ bash-completion \ diff --git a/images/Dockerfile.debian b/images/Dockerfile.debian index 8e17f53b38..f2af6586a1 100644 --- a/images/Dockerfile.debian +++ b/images/Dockerfile.debian @@ -2,18 +2,19 @@ #### ARGS #### ############################################################### ARG MODEL=generic +ARG BASE_IMAGE=debian:testing ############################################################### #### Upstream Images #### ############################################################### # we use testing for amd64 because zfsutils-linux is not available in bookworm -FROM debian:testing AS amd64-upstream +FROM $BASE_IMAGE AS amd64-upstream RUN <> /etc/apt/sources.list.d/kairos.list EOF -FROM debian:bookworm-slim AS arm64-upstream +FROM $BASE_IMAGE AS arm64-upstream ############################################################### #### Common #### diff --git a/images/Dockerfile.ubuntu-20-lts-arm-nvidia-jetson-agx-orin b/images/Dockerfile.nvidia similarity index 100% rename from images/Dockerfile.ubuntu-20-lts-arm-nvidia-jetson-agx-orin rename to images/Dockerfile.nvidia diff --git a/images/Dockerfile.opensuse-leap b/images/Dockerfile.opensuse-leap index 1f8a57f56f..806750e8cb 100644 --- a/images/Dockerfile.opensuse-leap +++ b/images/Dockerfile.opensuse-leap @@ -2,11 +2,12 @@ #### ARGS #### ############################################################### ARG MODEL=generic +ARG BASE_IMAGE=opensuse/leap:15.5 ############################################################### #### Common #### ############################################################### -FROM opensuse/leap:15.5 AS common +FROM $BASE_IMAGE AS common RUN zypper ar -G https://download.opensuse.org/repositories/utilities/15.4/utilities.repo && \ zypper ref diff --git a/images/Dockerfile.opensuse-tumbleweed b/images/Dockerfile.opensuse-tumbleweed index ff387aa4d7..b073e4a214 100644 --- a/images/Dockerfile.opensuse-tumbleweed +++ b/images/Dockerfile.opensuse-tumbleweed @@ -2,11 +2,12 @@ #### ARGS #### ############################################################### ARG MODEL=generic +ARG BASE_IMAGE=opensuse/tumbleweed ############################################################### #### Upstream #### ############################################################### -FROM opensuse/tumbleweed AS upstream +FROM $BASE_IMAGE AS upstream ############################################################### #### Arch Config #### diff --git a/images/Dockerfile.ubuntu b/images/Dockerfile.ubuntu index dd16a24136..c5bb9bc97e 100644 --- a/images/Dockerfile.ubuntu +++ b/images/Dockerfile.ubuntu @@ -3,9 +3,11 @@ ############################################################### # Currently supported flavors are: # - ubuntu -# - ubuntu-20-lts -# - ubuntu-22-lts ARG FLAVOR +# - 20.04 +# - 22.04 +# - 23.04 +ARG FLAVOR_RELEASE # Currently supported models are: # - generic # - rpi4 @@ -15,23 +17,26 @@ ARG MODEL=generic # the default value is empty, which means the HWE kernel WILL be installed # if you want to disable the HWE kernel, set HWE to "-non-hwe" ARG HWE="" +ARG BASE_IMAGE=ubuntu:23.04 # TARGETARCH is used to determine the architecture of the image # it is already set by Docker so it doesn't need to be defined here ############################################################### #### Upstream Images #### ############################################################### -FROM ubuntu:rolling AS ubuntu-upstream +FROM ${BASE_IMAGE} AS ubuntu-23.04-upstream -FROM ubuntu:20.04 AS ubuntu-20-lts-upstream +FROM ${BASE_IMAGE} AS ubuntu-20.04-upstream + +FROM ${BASE_IMAGE} AS ubuntu-22.04-upstream -FROM ubuntu:22.04 AS ubuntu-22-lts-upstream ############################################################### #### Pre-Process Common to All #### ############################################################### -FROM ${FLAVOR}-upstream AS common +FROM ${FLAVOR}-${FLAVOR_RELEASE}-upstream AS common ENV DEBIAN_FRONTEND=noninteractive + RUN apt-get update \ && apt-get install -y --no-install-recommends \ gnupg \ @@ -126,7 +131,7 @@ RUN apt-get update \ ############################################################### #### Common to an Arch and Flavor #### ############################################################### -FROM ${TARGETARCH} AS base-20-lts +FROM ${TARGETARCH} AS base-20.04 RUN apt-get update && apt-get install -y --no-install-recommends \ file \ fuse \ @@ -134,7 +139,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ policykit-1 \ && apt-get clean && rm -rf /var/lib/apt/lists/* -FROM ${TARGETARCH} AS base-22-lts +FROM ${TARGETARCH} AS base-22.04 RUN apt-get update && apt-get install -y --no-install-recommends \ dracut-live \ firmware-sof-signed \ @@ -143,75 +148,75 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ polkitd \ && apt-get clean && rm -rf /var/lib/apt/lists/* -FROM base-22-lts AS hwe-22-lts +FROM base-22.04 AS hwe-22.04 RUN apt-get update && apt-get install -y --no-install-recommends \ linux-image-generic-hwe-22.04 \ && apt-get clean && rm -rf /var/lib/apt/lists/* -FROM base-20-lts AS hwe-20-lts +FROM base-20.04 AS hwe-20.04 RUN apt-get update && apt-get install -y --no-install-recommends \ linux-image-generic-hwe-20.04 \ && apt-get clean && rm -rf /var/lib/apt/lists/* -FROM base-22-lts AS non-hwe-20-lts +FROM base-22.04 AS non-hwe-20.04 RUN apt-get update && apt-get install -y --no-install-recommends \ linux-image-generic \ && apt-get clean && rm -rf /var/lib/apt/lists/* -FROM non-hwe-20-lts AS non-hwe-22-lts +FROM non-hwe-20.04 AS non-hwe-22.04 -FROM hwe-22-lts AS amd64-ubuntu -FROM hwe-22-lts AS amd64-ubuntu-22-lts -FROM hwe-20-lts AS amd64-ubuntu-20-lts +FROM hwe-22.04 AS amd64-ubuntu-23.04 +FROM hwe-22.04 AS amd64-ubuntu-22.04 +FROM hwe-20.04 AS amd64-ubuntu-20.04 -FROM non-hwe-22-lts AS amd64-ubuntu-22-lts-non-hwe -FROM non-hwe-20-lts AS amd64-ubuntu-20-lts-non-hwe +FROM non-hwe-22.04 AS amd64-ubuntu-22.04-non-hwe +FROM non-hwe-20.04 AS amd64-ubuntu-20.04-non-hwe -FROM base-22-lts AS arm64-ubuntu -FROM base-22-lts AS arm64-ubuntu-22-lts -FROM base-20-lts AS arm64-ubuntu-20-lts +FROM base-22.04 AS arm64-ubuntu-23.04 +FROM base-22.04 AS arm64-ubuntu-22.04 +FROM base-20.04 AS arm64-ubuntu-20.04 ############################################################### #### Common to a Single Model #### ############################################################### -FROM ${TARGETARCH}-${FLAVOR}${HWE} AS generic +FROM ${TARGETARCH}-${FLAVOR}-${FLAVOR_RELEASE}${HWE} AS generic RUN apt-get update && apt-get install -y --no-install-recommends \ linux-base \ qemu-guest-agent \ && apt-get clean && rm -rf /var/lib/apt/lists/* -FROM ${TARGETARCH}-${FLAVOR} AS rpicommon +FROM ${TARGETARCH}-${FLAVOR}-${FLAVOR_RELEASE} AS rpicommon RUN apt-get update && apt-get install -y --no-install-recommends \ linux-raspi \ && apt-get clean && rm -rf /var/lib/apt/lists/* COPY rpi/config.txt /boot/config.txt -FROM rpicommon AS ubuntu-20-lts-rpi +FROM rpicommon AS ubuntu-20.04-rpi RUN apt-get update && apt-get install -y --no-install-recommends \ linux-firmware-raspi2 \ && apt-get clean && rm -rf /var/lib/apt/lists/* -FROM rpicommon AS ubuntu-rpi +FROM rpicommon AS ubuntu-23.04-rpi RUN apt-get update && apt-get install -y --no-install-recommends \ linux-firmware-raspi \ linux-modules-extra-raspi \ && apt-get clean && rm -rf /var/lib/apt/lists/* -FROM generic AS amd64-ubuntu-generic -FROM generic AS amd64-ubuntu-22-lts-generic -FROM generic AS amd64-ubuntu-20-lts-generic -FROM generic AS arm64-ubuntu-generic -FROM ubuntu-rpi AS arm64-ubuntu-rpi3 -FROM ubuntu-rpi AS arm64-ubuntu-rpi4 -FROM ubuntu-rpi AS arm64-ubuntu-22-lts-rpi3 -FROM ubuntu-rpi AS arm64-ubuntu-22-lts-rpi4 -FROM ubuntu-20-lts-rpi AS arm64-ubuntu-20-lts-rpi3 -FROM ubuntu-20-lts-rpi AS arm64-ubuntu-20-lts-rpi4 +FROM generic AS amd64-ubuntu-23.04-generic +FROM generic AS amd64-ubuntu-22.04-generic +FROM generic AS amd64-ubuntu-20.04-generic +FROM generic AS arm64-ubuntu-23.04-generic +FROM ubuntu-23.04-rpi AS arm64-ubuntu-23.04-rpi3 +FROM ubuntu-23.04-rpi AS arm64-ubuntu-23.04-rpi4 +FROM ubuntu-23.04-rpi AS arm64-ubuntu-22.04-rpi3 +FROM ubuntu-23.04-rpi AS arm64-ubuntu-22.04-rpi4 +FROM ubuntu-20.04-rpi AS arm64-ubuntu-20.04-rpi3 +FROM ubuntu-20.04-rpi AS arm64-ubuntu-20.04-rpi4 ############################################################### #### Common to a Single Flavor #### ############################################################### -FROM ${TARGETARCH}-${FLAVOR}-${MODEL} AS ubuntu +FROM ${TARGETARCH}-${FLAVOR}-${FLAVOR_RELEASE}-${MODEL} AS ubuntu-23.04 RUN apt-get update \ && apt-get install -y --no-install-recommends \ dbus-user-session \ @@ -220,17 +225,17 @@ RUN apt-get update \ systemd-resolved \ && apt-get clean && rm -rf /var/lib/apt/lists/* -FROM ${TARGETARCH}-${FLAVOR}-${MODEL} AS ubuntu-20-lts -FROM ${TARGETARCH}-${FLAVOR}-${MODEL} AS ubuntu-20-lts-non-hwe -FROM ${TARGETARCH}-${FLAVOR}-${MODEL} AS ubuntu-22-lts-non-hwe +FROM ${TARGETARCH}-${FLAVOR}-${FLAVOR_RELEASE}-${MODEL} AS ubuntu-20.04 +FROM ${TARGETARCH}-${FLAVOR}-${FLAVOR_RELEASE}-${MODEL} AS ubuntu-20.04-non-hwe +FROM ${TARGETARCH}-${FLAVOR}-${FLAVOR_RELEASE}-${MODEL} AS ubuntu-22.04-non-hwe -FROM ubuntu-22-lts-non-hwe AS ubuntu-22-lts +FROM ubuntu-22.04-non-hwe AS ubuntu-22.04 RUN apt-get update \ && apt-get install -y --no-install-recommends \ systemd-hwe-hwdb \ && apt-get clean && rm -rf /var/lib/apt/lists/* -FROM ${FLAVOR}${HWE} AS all +FROM ${FLAVOR}-${FLAVOR_RELEASE}${HWE} AS all ############################################################### #### Post-Process Common to All #### @@ -246,3 +251,24 @@ RUN systemctl enable ssh RUN chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo RUN journalctl --vacuum-size=1K && rm /etc/machine-id && rm /var/lib/dbus/machine-id && rm /etc/hostname + +# TODO: Consider installing luet packages here and skipping framework image altogether +# +# # Setup luet +# COPY --from=quay.io/luet/base:latest /usr/bin/luet /usr/bin/luet +# COPY framework-profile.yaml /etc/luet/luet.yaml + +# # Install luet packages +# RUN luet install -y \ +# static/grub-config \ +# dracut/immucore \ +# system/suc-upgrade \ +# system/grub2-efi \ +# static/kairos-overlay-files \ +# system/kcrypt \ +# system/kcrypt-challenger \ +# system/immucore \ +# system/kairos-agent \ +# init-svc/systemd \ +# dracut/network-legacy-compat + diff --git a/naming.sh b/naming.sh new file mode 100755 index 0000000000..2ee98a90f8 --- /dev/null +++ b/naming.sh @@ -0,0 +1,107 @@ +#!/bin/bash + + +# This script accepts values as defined in .github/flavors.json +# and returns a proper artifact name for that set of values. +# It's meant to be the single point of truth for artifacts names. + +setEnvVarsFromJSON() { + export FLAVOR + export FLAVOR_RELEASE + export VARIANT + export TARGETARCH + export MODEL + FLAVOR=$(echo "$ARTIFACT_JSON" | jq -r '.flavor | select (.!=null)') + FLAVOR_RELEASE=$(echo "$ARTIFACT_JSON" | jq -r '.flavorRelease | select (.!=null)') + VARIANT=$(echo "$ARTIFACT_JSON" | jq -r '.variant | select (.!=null)') + TARGETARCH=$(echo "$ARTIFACT_JSON" | jq -r '.arch | select (.!=null)') + MODEL=$(echo "$ARTIFACT_JSON" | jq -r '.model | select (.!=null)') +} + +common_artifact_name() { + if [ -z "$FLAVOR_RELEASE" ]; then + echo 'FLAVOR_RELEASE must be defined' + exit 1 + fi + if [ -z "$VARIANT" ]; then + echo 'VARIANT must be defined' + exit 1 + fi + if [ -z "$TARGETARCH" ]; then + echo 'TARGETARCH must be defined' + exit 1 + fi + if [ -z "$MODEL" ]; then + echo 'MODEL must be defined' + exit 1 + fi + if [ -z "$KAIROS_VERSION" ]; then + echo 'KAIROS_VERSION must be defined' + exit 1 + fi + + echo "$FLAVOR_RELEASE-$VARIANT-$TARGETARCH-$MODEL-$KAIROS_VERSION" +} + + +bootable_artifact_name() { + if [ -z "$FLAVOR" ]; then + echo 'FLAVOR must be defined' + exit 1 + fi + local common + common=$(common_artifact_name) + + echo "kairos-$FLAVOR-$common" +} + +container_artifact_name() { + if [ -z "$KAIROS_VERSION" ]; then + echo 'KAIROS_VERSION must be defined' + exit 1 + fi + + if [ -z "$FLAVOR" ]; then + echo 'FLAVOR must be defined' + exit 1 + fi + + if [ -z "$REGISTRY_AND_ORG" ]; then + echo 'REGISTRY_AND_ORG must be defined' + exit 1 + fi + + # quay.io doesn't accept "+" in the repo name + export VERSION="${KAIROS_VERSION/+/-}" + local tag + tag=$(common_artifact_name) + + echo "$REGISTRY_AND_ORG/$FLAVOR:$tag" +} + + +if [ -n "$ARTIFACT_JSON" ]; then + setEnvVarsFromJSON +fi + +case "$1" in + "container_artifact_name") + container_artifact_name + ;; + "bootable_artifact_name") + bootable_artifact_name + ;; + "common_artifact_name") + common_artifact_name + ;; + *) + echo "Function not found: $1" + exit 1 + ;; +esac + +# ARTIFACT_JSON='{"flavor":"opensuse-leap","flavorRelease":"15.5","variant":"standard","model":"generic","arch":"amd64"}' +# KAIROS_VERSION=v2.4.1 +# REGISTRY_AND_ORG=quay.io/kairos +# container_artifact_name +# bootable_artifact_name