Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
Signed-off-by: RJ Trujillo <[email protected]>
  • Loading branch information
EyeCantCU committed May 27, 2024
0 parents commit 8cf044c
Show file tree
Hide file tree
Showing 10 changed files with 514 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
* @EyeCantCU
* @KyleGospo
* @castrojo
11 changes: 11 additions & 0 deletions .github/dependabot.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
2 changes: 2 additions & 0 deletions .github/semantic.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
enabled: true
titleOnly: true
15 changes: 15 additions & 0 deletions .github/workflows/build-40.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: ublue main 40
on:
pull_request:
merge_group:
schedule:
- cron: '5 15 * * *' # 3pm-ish UTC everyday (timed against official fedora container pushes)
workflow_dispatch:

jobs:
build:
name: build
uses: ./.github/workflows/reusable-build.yaml
secrets: inherit
with:
fedora_version: 40
22 changes: 22 additions & 0 deletions .github/workflows/release-please.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
on:
push:
branches:
- main
name: release-please
jobs:
release-please:
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
outputs:
releases_created: ${{ steps.release-please.outputs.releases_created }}
tag: ${{ steps.release-please.outputs.tag_name }}
upload_url: ${{ steps.release-please.outputs.upload_url }}
steps:
- uses: google-github-actions/release-please-action@v4
id: release-please
with:
release-type: simple
package-name: release-please-action

236 changes: 236 additions & 0 deletions .github/workflows/reusable-build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,236 @@
name: build-asahi
on:
workflow_call:
inputs:
fedora_version:
description: 'The Fedora release version: 39, 40, 41 etc'
required: true
type: string
env:
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}

concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.fedora_version }}
cancel-in-progress: true

jobs:
build_ublue:
name: main
runs-on: ubuntu-24.04
permissions:
contents: read
packages: write
id-token: write
strategy:
fail-fast: false
matrix:
fedora_version:
- ${{ inputs.fedora_version }}
image_name:
- silverblue
- kinoite

steps:
# Checkout GitHub repository
- name: Checkout repository
uses: actions/checkout@v4

- name: Matrix Variables
shell: bash
run: |
echo "SOURCE_IMAGE=${{ matrix.image_name }}-asahi" >> $GITHUB_ENV
echo "SOURCE_ORG=travier-redhat" >> $GITHUB_ENV
echo "IMAGE_NAME=${{ matrix.image_name }}-asahi" >> $GITHUB_ENV
- name: Generate tags
id: generate-tags
shell: bash
run: |
# Generate a timestamp for creating an image version history
TIMESTAMP="$(date +%Y%m%d)"
VARIANT="${{ matrix.fedora_version }}"
if [[ "${{ matrix.fedora_version }}" -eq "39" ]]; then
IS_LATEST_VERSION=false
IS_STABLE_VERSION=true
IS_GTS_VERSION=true
elif [[ "${{ matrix.fedora_version }}" -eq "40" ]]; then
IS_LATEST_VERSION=true
IS_STABLE_VERSION=true
IS_GTS_VERSION=false
elif [[ "${{ matrix.fedora_version }}" -eq "41" ]]; then
IS_LATEST_VERSION=false
IS_STABLE_VERSION=false
IS_GTS_VERSION=false
fi
COMMIT_TAGS=()
BUILD_TAGS=()
# Have tags for tracking builds during pull request
SHA_SHORT="${GITHUB_SHA::7}"
COMMIT_TAGS+=("pr-${{ github.event.number }}-${VARIANT}")
COMMIT_TAGS+=("${SHA_SHORT}-${VARIANT}")
if [[ "${IS_LATEST_VERSION}" == "true" ]] && \
[[ "${IS_STABLE_VERSION}" == "true" ]]; then
COMMIT_TAGS+=("pr-${{ github.event.number }}")
COMMIT_TAGS+=("${SHA_SHORT}")
fi
BUILD_TAGS=("${VARIANT}")
# Append matching timestamp tags to keep a version history
for TAG in "${BUILD_TAGS[@]}"; do
BUILD_TAGS+=("${TAG}-${TIMESTAMP}")
done
if [[ "${IS_LATEST_VERSION}" == "true" ]] && \
[[ "${IS_STABLE_VERSION}" == "true" ]]; then
BUILD_TAGS+=("${TIMESTAMP}")
BUILD_TAGS+=("latest")
elif [[ "${IS_GTS_VERSION}" == "true" ]]; then
BUILD_TAGS+=("gts-${TIMESTAMP}")
BUILD_TAGS+=("gts")
fi
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
echo "Generated the following commit tags: "
for TAG in "${COMMIT_TAGS[@]}"; do
echo "${TAG}"
done
alias_tags=("${COMMIT_TAGS[@]}")
else
alias_tags=("${BUILD_TAGS[@]}")
fi
echo "Generated the following build tags: "
for TAG in "${BUILD_TAGS[@]}"; do
echo "${TAG}"
done
echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
- name: Get current version
id: labels
uses: Wandalen/[email protected]
with:
attempt_limit: 3
attempt_delay: 15000
command: |
set -eo pipefail
ver=$(skopeo inspect docker://quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }} | jq -r '.Labels["org.opencontainers.image.version"]')
if [ -z "$ver" ] || [ "null" = "$ver" ]; then
echo "inspected image version must not be empty or null"
exit 1
fi
echo "SOURCE_IMAGE_VERSION=$ver" >> $GITHUB_ENV
# Generate image metadata
- name: Image Metadata
uses: docker/metadata-action@v5
id: meta
with:
images: |
${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.title=${{ env.IMAGE_NAME }}
org.opencontainers.image.version=${{ env.SOURCE_IMAGE_VERSION }}
org.opencontainers.image.description=A base Universal Blue ${{ matrix.image_name }} image with batteries included
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
- name: Pull base image
uses: Wandalen/[email protected]
with:
attempt_limit: 3
attempt_delay: 15000
command: |
# pull the base image used for FROM in containerfile so
# we can retry on that unfortunately common failure case
podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }}
# Build image using Buildah action
- name: Build Image
id: build_image
uses: redhat-actions/buildah-build@v2
with:
archs: "aarch64"
containerfiles: |
./Containerfile
image: ${{ env.IMAGE_NAME }}
tags: |
${{ steps.generate-tags.outputs.alias_tags }}
build-args: |
IMAGE_NAME=${{ matrix.image_name }}
SOURCE_ORG=${{ env.SOURCE_ORG }}
SOURCE_IMAGE=${{ env.SOURCE_IMAGE }}
FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }}
labels: ${{ steps.meta.outputs.labels }}
oci: false

# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
# https://github.com/macbre/push-to-ghcr/issues/12
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v6
with:
string: ${{ env.IMAGE_REGISTRY }}

- name: Push To GHCR
uses: Wandalen/[email protected]
id: push
if: github.event_name != 'pull_request'
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
with:
action: redhat-actions/push-to-registry@v2
attempt_limit: 3
attempt_delay: 15000
with: |
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# Sign container
- uses: sigstore/[email protected]
if: github.event_name != 'pull_request'

- name: Sign container image
if: github.event_name != 'pull_request'
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
env:
TAGS: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }}
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}

- name: Echo outputs
if: github.event_name != 'pull_request'
run: |
echo "${{ toJSON(steps.push.outputs) }}"
check:
name: Check all ${{ inputs.fedora_version }} builds successful
if: ${{ !cancelled() }}
runs-on: ubuntu-latest
needs: [build_ublue]
steps:
- name: Exit on failure
if: ${{ needs.build_ublue.result == 'failure' }}
shell: bash
run: exit 1
- name: Exit
shell: bash
run: exit 0
18 changes: 18 additions & 0 deletions Containerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}"
ARG SOURCE_IMAGE="${SOURCE_IMAGE:-silverblue-asahi}"
ARG SOURCE_ORG="${SOURCE_ORG:-travier-redhat}"
ARG BASE_IMAGE="quay.io/${SOURCE_ORG}/${SOURCE_IMAGE}"
ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"

FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION}

ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}"
ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"

RUN mkdir -p /var/lib/alternatives && \
mv /var/lib/alternatives /staged-alternatives && \
rm -rf /tmp/* /var/* && \
ostree container commit && \
mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \
mkdir -p /tmp /var/tmp && \
chmod -R 1777 /tmp /var/tmp
Loading

0 comments on commit 8cf044c

Please sign in to comment.