🎨 Use a single framework image

With changes to the packages we now generate the proper service files on the fly so we dont need to have those package separated. We now have 2 framework images, a generic one used for ALL flavors and a fips one, only provided for external consumers as we dont publish any fips enabled artifacts. We also bring both the systemd and openrc package together as they dont affect each other anymore so we can have a single framework. This patch also removes the service enablement as its not needed anymore, it done via config files Reworks the framework jobs to just build and publish the 2 different framework image (generic and fips) Signed-off-by: Itxaka <[email protected]>
kairos-io · Oct 20, 2023 · adf9e02 · adf9e02
1 parent 60b59da
commit adf9e02
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 170 deletions.
diff --git a/.github/flavors.json b/.github/flavors.json
@@ -15,10 +15,6 @@
         "flavor": "ubuntu-20-lts",
         "standard": "true"
     },
-    {
-        "flavor": "fips-systemd",
-        "frameworkonly": "true"
-    },
     {
         "flavor": "ubuntu-22-lts",
         "standard": "true"

diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
@@ -32,27 +32,6 @@ jobs:
           # end of optional handling for multi line json
           # end of optional handling for multi line json
           echo "::set-output name=matrix::{\"include\": $content }"
-
-  get-framework-matrix:
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.matrix }}
-    steps:
-    - uses: actions/checkout@v4
-    - run: |
-        git fetch --prune --unshallow
-    - id: set-matrix
-      run: |
-          content=`cat .github/flavors.json`
-          # the following lines are only required for multi line json
-          # the following lines are only required for multi line json
-          content="${content//'%'/'%25'}"
-          content="${content//$'\n'/'%0A'}"
-          content="${content//$'\r'/'%0D'}"
-          # end of optional handling for multi line json
-          # end of optional handling for multi line json
-          echo "::set-output name=matrix::{\"include\": $content }"
-
   core:
     uses: ./.github/workflows/reusable-build-flavor.yaml
     secrets: inherit
@@ -66,13 +45,12 @@ jobs:
   framework:
     uses: ./.github/workflows/reusable-build-framework-flavor.yaml
     secrets: inherit
-    with:
-      flavor: ${{ matrix.flavor }}
-    needs:
-      - get-framework-matrix
     strategy:
       fail-fast: false
-      matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}}
+      matrix:
+        flavor:
+          - "generic"
+          - "fips"
   install:
     uses: ./.github/workflows/reusable-install-test.yaml
     with:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -54,34 +54,17 @@ jobs:
           # end of optional handling for multi line json
           echo "::set-output name=matrix::{\"include\": $content }"
 
-  get-framework-matrix:
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.matrix }}
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - id: set-matrix
-      run: |
-          content=`cat .github/flavors.json`
-          # the following lines are only required for multi line json
-          content="${content//'%'/'%25'}"
-          content="${content//$'\n'/'%0A'}"
-          content="${content//$'\r'/'%0D'}"
-          # end of optional handling for multi line json
-          echo "::set-output name=matrix::{\"include\": $content }"
-
   build-framework:
     runs-on: kvm
-    needs:
-    - get-framework-matrix
     permissions:
       id-token: write  # OIDC support
       contents: write
     strategy:
       fail-fast: false
-      matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}}
+      matrix:
+        flavor:
+          - "generic"
+          - "fips"
     steps:
       - uses: actions/checkout@v4
         with:

diff --git a/Earthfile b/Earthfile
@@ -280,6 +280,11 @@ build-framework-image:
     FROM alpine
     ARG FLAVOR
 
+    # Just in case, make sure this is valid
+    IF [ "$FLAVOR" = "" ]
+        ARG FLAVOR=generic
+    END
+
     COPY +version/VERSION ./
     ARG VERSION=$(cat VERSION)
 
@@ -331,7 +336,8 @@ base-image:
     END
 
     # Includes overlay/files
-    COPY (+framework/framework --FLAVOR=$FLAVOR) /
+    # We only support non-fips for now, they are built separatedly and pushed for other to consume, not used in our workflows
+    COPY (+framework/framework --FLAVOR=generic) /
     # Avoid to accidentally push keys generated by package managers
     RUN rm -rf /etc/ssh/ssh_host_*
 
@@ -351,23 +357,6 @@ base-image:
     # Fully remove machine-id, it will be generated on first boot
     RUN rm -rf /etc/machine-id
 
-    # Enable services
-    IF [ -f /sbin/openrc ]
-      RUN mkdir -p /etc/runlevels/default && \
-        ln -sf /etc/init.d/cos-setup-boot /etc/runlevels/default/cos-setup-boot  && \
-        ln -sf /etc/init.d/cos-setup-network /etc/runlevels/default/cos-setup-network  && \
-        ln -sf /etc/init.d/cos-setup-reconcile /etc/runlevels/default/cos-setup-reconcile && \
-        ln -sf /etc/init.d/kairos-agent /etc/runlevels/default/kairos-agent
-    # Otherwise we assume systemd
-    ELSE
-      # mask systemd-firstboot dont accidentally run block booting
-      RUN systemctl mask systemd-firstboot
-      RUN systemctl enable cos-setup-reconcile.timer && \
-          systemctl enable cos-setup-fs.service && \
-          systemctl enable cos-setup-boot.service && \
-          systemctl enable cos-setup-network.service
-    END
-
     # TEST KAIROS-AGENT FROM BRANCH
     ARG KAIROS_AGENT_DEV
     ARG KAIROS_AGENT_DEV_BRANCH=main
@@ -439,7 +428,7 @@ base-image:
       END
 
       IF [ -f "/sbin/mkinitfs" ]
-        # Proper config files with immucore and custom initrd should already be in there installled by framework
+        # Proper config files with immucore and custom initrd should already be in there installed by framework
         RUN --no-cache kernel=$(ls /lib/modules | head -n1) && mkinitfs -o /boot/initrd $kernel
       END
     END

diff --git a/framework-profile.yaml b/framework-profile.yaml
@@ -3,131 +3,40 @@
 ##  - category/name@version
 #
 # Apply arbitrary images (e.g. to stub a package to a specific version)
-# These are applyied after the packages.
+# These are applied after the packages.
 # images:
 #   - quay.io/kairos/packages:k9s-utils-0.27.4
 flavors:
-  debian:
+  generic:
     - common-packages
     - kairos-toolchain
-    - systemd-base
-  debian-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-20-lts-arm-nvidia-jetson-agx-orin:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-20-lts-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-22-lts-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-22-lts:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-20-lts:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  fips-systemd:
+  fips:
     - common-packages
     - kairos-toolchain-fips
-    - systemd-base
-  fedora:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  rockylinux:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  almalinux:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  opensuse-tumbleweed:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-    - systemd-latest
-  opensuse-tumbleweed-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  opensuse-leap:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  opensuse-leap-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  alpine:
-    - common-packages
-    - kairos-toolchain
-    - openrc
-  alpine-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - openrc
-openrc:
-  packages:
-    - init-svc/openrc
-    - initrd/alpine
-systemd-base:
-  packages:
-    - init-svc/systemd
-    - dracut/kairos-network
-    - dracut/kairos-sysext
-opensuse-leap-kernel:
-  packages:
-    - distro-kernels/opensuse-leap
-    - distro-initrd/opensuse-leap
 ## Packages (cat/name@version) that are added to ALL flavors
 ## Static files, no binary
 common-packages:
   packages:
-    - static/grub-config
     - dracut/immucore
+    - dracut/kairos-network
+    - dracut/kairos-sysext
     - system/suc-upgrade
     - system/grub2-efi
+    - static/grub-config
     - static/kairos-overlay-files
+    - initrd/alpine
 kairos-toolchain-fips:
   packages:
     - fips/kcrypt
     - fips/kcrypt-challenger
     - fips/immucore
     - fips/kairos-agent
-kairos-toolchain-fips-static:
-  packages:
-    - fips-static/kcrypt
-    - fips-static/kcrypt-challenger
-    - fips-static/immucore
-    - fips-static/kairos-agent
 kairos-toolchain:
   packages:
     - system/kcrypt
     - system/kcrypt-challenger
     - system/immucore
     - system/kairos-agent
-ubuntu-kernel:
-  packages:
-    - distro-kernels/ubuntu
-    - distro-initrd/ubuntu
 repositories:
   - &kairos
     name: "kairos"
@@ -139,9 +48,9 @@ repositories:
     priority: 2
     urls:
       - "quay.io/kairos/packages"
-    reference: 20231019093159-repository.yaml
+    reference: 20231020075856-repository.yaml
   - !!merge <<: *kairos
     arch: arm64
     urls:
       - "quay.io/kairos/packages-arm64"
-    reference: 20231019092540-repository.yaml
+    reference: 20231020075759-repository.yaml