Misthios/bootc-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: test changes

Browse Source
This commit is contained in:
Wesley
2026-02-27 22:21:40 +01:00
parent 5899034478
commit 2f07e2757c
1 changed files with 149 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
.gitea/workflows/build.yaml
View File

@@ -15,19 +15,97 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
image: [asahi-cosmic] image: [asahi-cosmic]
version: [43] #Build current stable,next stable/rawhide (if not branched) version: [43]
container: container:
image: "quay.io/fedora-ostree-desktops/buildroot:${{ matrix.version }}" image: "quay.io/fedora-ostree-desktops/buildroot:${{ matrix.version }}"
options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw" options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw"
steps:
- name: Install rpm-ostree + tools
run: |
dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree
dnf install -y nodejs skopeo jq
mkdir -p ~/.docker
- name: Fix containers/storage.conf
run: |
sed -i 's/driver = "overlay"/driver = "vfs"/' /usr/share/containers/storage.conf
- name: Checkout
uses: actions/checkout@v4
- name: Log in to registry
uses: redhat-actions/podman-login@v1
with:
registry: git.plabble.org
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
auth_file_path: /tmp/auth.json
- name: Build rootfs (rpm-ostree compose image)
run: |
sudo ./builder.sh "${{ matrix.image }}" "${{ matrix.version }}"
- name: Push OCI archive to registry
run: |
set -xeuo pipefail
IMAGE="${{ matrix.image }}"
VERSION="${{ matrix.version }}"
REGISTRY="git.plabble.org/misthios"
ARCHIVE="images/${IMAGE}/manifest.ociarchive"
# Build ID (YYYYMMDD.0)
if [[ -f ".buildid" ]]; then
buildid="$(< .buildid)"
else
buildid="$(date '+%Y%m%d.0')"
echo "${buildid}" > .buildid
fi
# Extract version from os-release mutation
version="$(rpm-ostree compose tree --print-only --repo=repo manifests/${IMAGE}.yaml | jq -r '."mutate-os-release"')"
# Full tag: version.buildid
full_tag="${version}.${buildid}"
name: Build containers
on:
workflow_dispatch:
pull_request:
branches: ["main"]
push:
branches: ["main"]
jobs:
build_push:
name: Build and push image
runs-on: coole-runner
strategy:
fail-fast: false
matrix:
image: [asahi-cosmic]
version: [43]
container:
image: "quay.io/fedora-ostree-desktops/buildroot:${{ matrix.version }}"
options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw"
steps: steps:
- name: Install latest rpm-ostree package from testing repos - name: Install latest rpm-ostree package from testing repos
run: | run: |
dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree
dnf install -y nodejs dnf install -y nodejs buildah tar jq
mkdir -p ~/.docker mkdir -p ~/.docker
- name: Fixup containers/storage.conf
run: |
sed -i 's/driver = "overlay"/driver = "vfs"/' /usr/share/containers/storage.conf
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -43,23 +121,74 @@ jobs:
run: | run: |
sudo ./builder.sh asahi-cosmic 43 sudo ./builder.sh asahi-cosmic 43
- name: Build container - name: Build container (SUIDpreserving OCI extraction)
id: build run: |
uses: job79/buildah-build@65b3793a1370c1ccd74a5c0d090d70eb9637a4ef set -xeuo pipefail
with:
image: misthios/${{ matrix.image }} IMAGE_NAME="misthios/${{ matrix.image }}"
tags: ${{ matrix.version }} IMAGE_TAG="${{ matrix.version }}"
containerfiles: ./Containerfile OCI_DIR="images/${{ matrix.image }}/manifest.ociarchive"
build-args: IMAGE=${{ matrix.image }}
# Create container from scratch
ctr=$(buildah from scratch)
mnt=$(buildah mount "$ctr")
# Extract layers in correct order
manifest="$OCI_DIR/manifest.json"
layers=$(jq -r '.[0].Layers[]' "$manifest")
for layer in $layers; do
LAYER_PATH="$OCI_DIR/blobs/sha256/${layer#sha256:}"
echo "Extracting layer: $LAYER_PATH"
tar --numeric-owner -xpf "$LAYER_PATH" -C "$mnt"
done
# Add metadata
buildah config \
--label containers.bootc=1 \
--label org.opencontainers.image.title="${{ matrix.image }}" \
--label org.opencontainers.image.version="${{ matrix.version }}" \
--label org.opencontainers.image.revision="${{ github.sha }}" \
--label io.bootc.image.version="${{ matrix.version }}" \
--label io.bootc.image.revision="${{ github.sha }}" \
--env container=oci \
--stop-signal SIGRTMIN+3 \
--cmd "/sbin/init" \
"$ctr"
# Commit final image
buildah commit "$ctr" "${IMAGE_NAME}:${IMAGE_TAG}"
buildah unmount "$ctr"
buildah rm "$ctr"
- name: Push - name: Push
uses: redhat-actions/push-to-registry@v2 run: |
with: buildah push \
image: ${{ steps.build.outputs.image }} misthios/${{ matrix.image }}:${{ matrix.version }} \
tags: ${{ steps.build.outputs.tags }} docker://git.plabble.org/misthios/${{ matrix.image }}:${{ matrix.version }} \
registry: git.plabble.org --creds "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_TOKEN }}" \
username: ${{ secrets.REGISTRY_USERNAME }} --compression-format=zstd \
password: ${{ secrets.REGISTRY_TOKEN }}
extra-args: |
--compression-format=zstd
--compression-level=12 --compression-level=12
echo "Pushing ${ARCHIVE} → ${REGISTRY}/${IMAGE}:${full_tag}"
# Push OCI archive directly (preserves SUID, ownership, labels)
skopeo copy \
--authfile /tmp/auth.json \
--retry-times 3 \
--dest-compress-format zstd \
oci-archive:${ARCHIVE} \
docker://${REGISTRY}/${IMAGE}:${full_tag}
# Also push version-only tag
skopeo copy \
--authfile /tmp/auth.json \
--retry-times 3 \
--dest-compress-format zstd \
docker://${REGISTRY}/${IMAGE}:${full_tag} \
docker://${REGISTRY}/${IMAGE}:${version}
echo "Pushed:"
echo " - ${REGISTRY}/${IMAGE}:${full_tag}"
echo " - ${REGISTRY}/${IMAGE}:${version}"