From 6d2971081b6eb1fa7d6c374d1871edaba959b272 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 13 Apr 2024 19:37:22 -0400 Subject: [PATCH] feat: add incus distrobox --- .github/workflows/build-incus-app.yml | 108 ++++++++++++++++++++++++++ apps/incus/Containerfile.incus | 27 +++++++ 2 files changed, 135 insertions(+) create mode 100644 .github/workflows/build-incus-app.yml create mode 100644 apps/incus/Containerfile.incus diff --git a/.github/workflows/build-incus-app.yml b/.github/workflows/build-incus-app.yml new file mode 100644 index 0000000..7668738 --- /dev/null +++ b/.github/workflows/build-incus-app.yml @@ -0,0 +1,108 @@ +name: Build and Push Incus App Toolbox +on: + schedule: + - cron: '20 22 * * *' # 10:20pm everyday + pull_request: + merge_group: + workflow_dispatch: +env: + IMAGE_NAME: incus-distrobox + IMAGE_TAGS: latest + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + +concurrency: + group: ${{ github.workflow }}-${{ github.ref || github.run_id }} + cancel-in-progress: true + +jobs: + push-ghcr: + name: Build and push image + runs-on: ubuntu-22.04 + permissions: + contents: read + packages: write + id-token: write + strategy: + fail-fast: false + steps: + # Checkout push-to-registry action GitHub repository + - name: Checkout Push to Registry action + uses: actions/checkout@v4 + + - name: Verify Ublue-OS Ubuntu toolbox + uses: EyeCantCU/cosign-action/verify@v0.2.2 + with: + containers: ubuntu-toolbox:latest + pubkey: https://raw.githubusercontent.com/ublue-os/toolboxes/main/cosign.pub + registry: ghcr.io/ublue-os + + # Build metadata + - name: Image Metadata + uses: docker/metadata-action@v5 + id: meta + with: + images: | + ${{ env.IMAGE_NAME }} + labels: | + io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/boxkit/main/README.md + + # Build image using Buildah action + - name: Build Image + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: | + ./apps/incus/Containerfile.incus + image: ${{ env.IMAGE_NAME }} + tags: ${{ env.IMAGE_TAGS }} + labels: ${{ steps.meta.outputs.labels }} + oci: false + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v6 + with: + string: ${{ env.IMAGE_REGISTRY }} + + # Push the image to GHCR (Image Registry) + - name: Push To GHCR + uses: redhat-actions/push-to-registry@v2 + if: github.event_name != 'pull_request' + id: push + env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Sign container + - uses: sigstore/cosign-installer@v3.4.0 + if: github.event_name != 'pull_request' + + - name: Sign container image + if: github.event_name != 'pull_request' + run: | + echo "${{ env.COSIGN_PRIVATE_KEY }}" > cosign.key + wc -c cosign.key + cosign sign -y --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} + env: + TAGS: ${{ steps.push.outputs.digest }} + COSIGN_EXPERIMENTAL: false + COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} + + - name: Echo outputs + run: | + echo "${{ toJSON(steps.push.outputs) }}" diff --git a/apps/incus/Containerfile.incus b/apps/incus/Containerfile.incus new file mode 100644 index 0000000..66f5b37 --- /dev/null +++ b/apps/incus/Containerfile.incus @@ -0,0 +1,27 @@ +FROM ghcr.io/ublue-os/ubuntu-toolbox + +RUN apt-get update && \ + apt-get install -y \ + ca-certificates \ + curl \ + systemd && \ + mkdir -p /etc/apt/keyrings/ && \ + curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc && \ + echo "deb [signed-by=/etc/apt/keyrings/zabbly.asc] https://pkgs.zabbly.com/incus/stable $(. /etc/os-release && echo ${VERSION_CODENAME}) main" > /etc/apt/sources.list.d/zabbly-incus-stable.list && \ + apt-get update && \ + apt-get install -y \ + btrfs-progs \ + incus \ + incus-ui-canonical \ + iproute2 \ + iptables \ + kmod \ + lvm2 \ + virt-viewer && \ + apt-get clean && \ + mkdir -p /var/lib/lxcfs && \ + groupmod -g 250 incus-admin && \ + groupmod -g 251 incus && \ + systemctl enable incus.socket + +CMD ["/sbin/init"]