Wesley van Tilburg
f0d45ceb94
Some checks failed
Build containers / Build and push image (asahi-cosmic, 43) (push) Failing after 3m33s
95 lines
2.9 KiB
YAML
95 lines
2.9 KiB
YAML
name: Build containers
|
||
|
||
on:
|
||
workflow_dispatch:
|
||
pull_request:
|
||
branches: ["main"]
|
||
push:
|
||
branches: ["main"]
|
||
|
||
jobs:
|
||
build_push:
|
||
name: Build and push image
|
||
runs-on: coole-runner
|
||
strategy:
|
||
fail-fast: false
|
||
matrix:
|
||
image: [asahi-cosmic]
|
||
version: [43]
|
||
|
||
container:
|
||
image: "quay.io/fedora-ostree-desktops/buildroot:${{ matrix.version }}"
|
||
options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw"
|
||
|
||
steps:
|
||
- name: Install latest rpm-ostree package from testing repos
|
||
run: |
|
||
dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree
|
||
dnf install -y nodejs buildah tar
|
||
mkdir -p ~/.docker
|
||
|
||
- name: Fixup containers/storage.conf
|
||
run: |
|
||
sed -i 's/driver = "overlay"/driver = "vfs"/' /usr/share/containers/storage.conf
|
||
|
||
- name: Checkout
|
||
uses: actions/checkout@v4
|
||
|
||
- name: Log in
|
||
uses: redhat-actions/podman-login@v1
|
||
with:
|
||
registry: git.plabble.org
|
||
username: ${{ secrets.REGISTRY_USERNAME }}
|
||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||
auth_file_path: /tmp/auth.json
|
||
|
||
- name: Build rootfs
|
||
run: |
|
||
sudo ./builder.sh asahi-cosmic 43
|
||
|
||
- name: Build container (SUID‑preserving Buildah flow)
|
||
run: |
|
||
set -xeuo pipefail
|
||
|
||
IMAGE_NAME="misthios/${{ matrix.image }}"
|
||
IMAGE_TAG="${{ matrix.version }}"
|
||
ARCHIVE="images/${{ matrix.image }}/manifest.ociarchive"
|
||
|
||
# Create container from scratch
|
||
ctr=$(buildah from scratch)
|
||
|
||
# Mount rootfs
|
||
mnt=$(buildah mount "$ctr")
|
||
|
||
# Extract OCI archive directly into rootfs (preserves SUID/SGID)
|
||
tar --numeric-owner -xpf "$ARCHIVE" -C "$mnt"
|
||
|
||
# Add metadata
|
||
buildah config \
|
||
--label containers.bootc=1 \
|
||
--label org.opencontainers.image.title="${{ matrix.image }}" \
|
||
--label org.opencontainers.image.version="${{ matrix.version }}" \
|
||
--label org.opencontainers.image.revision="${{ github.sha }}" \
|
||
--label io.bootc.image.version="${{ matrix.version }}" \
|
||
--label io.bootc.image.revision="${{ github.sha }}" \
|
||
--env container=oci \
|
||
--stop-signal SIGRTMIN+3 \
|
||
--cmd "/sbin/init" \
|
||
"$ctr"
|
||
|
||
# Commit final image
|
||
buildah commit "$ctr" "${IMAGE_NAME}:${IMAGE_TAG}"
|
||
|
||
# Cleanup
|
||
buildah unmount "$ctr"
|
||
buildah rm "$ctr"
|
||
|
||
- name: Push
|
||
run: |
|
||
buildah push \
|
||
misthios/${{ matrix.image }}:${{ matrix.version }} \
|
||
docker://git.plabble.org/misthios/${{ matrix.image }}:${{ matrix.version }} \
|
||
--creds "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_TOKEN }}" \
|
||
--compression-format=zstd \
|
||
--compression-level=12
|