From 6300a0fc6f693fc4ff47cb2360ec95d6c10f461e Mon Sep 17 00:00:00 2001 From: Wesley van Tilburg Date: Sun, 22 Feb 2026 15:37:25 +0100 Subject: [PATCH] ci: rework build --- .gitea/workflows/build.yaml | 72 ++++++------------- Containerfile | 27 +++++++ builder.sh | 32 ++++----- images/asahi-cosmic/packages.yaml | 22 +++--- .../group_asahi-fedora-remix-branding.repo | 2 +- .../asahi-cosmic/{postprocess.sh => test.sh} | 0 6 files changed, 77 insertions(+), 78 deletions(-) create mode 100644 Containerfile rename images/asahi-cosmic/{postprocess.sh => test.sh} (100%) mode change 100644 => 100755 diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index d8bfeee..81eee80 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -17,27 +17,12 @@ jobs: matrix: image: [asahi-cosmic] version: [43] #Build current stable,next stable/rawhide (if not branched) - - container: - image: "quay.io/fedora-ostree-desktops/buildroot:43" - options: "--security-opt apparmor=unconfined --privileged --user 0:0 --device=/dev/kvm --device=/dev/fuse --volume /:/run/host:rw --arch arm64" + arch: [linux/arm64] #todo fix steps: - - name: Install dependencies - run: | - dnf install -y nodejs - dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree - - name: Checkout uses: actions/checkout@v4 - - name: Build Bootable Container image - run: | - ./builder.sh "${{ matrix.image }}" "${{ matrix.version }}" - - - name: Prepare Docker config directory - run: mkdir -p /root/.docker - - name: Login to Container Registry uses: redhat-actions/podman-login@v1 if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' @@ -45,39 +30,28 @@ jobs: registry: git.plabble.org username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_TOKEN }} - auth_file_path: /tmp/auth.json - - - name: Push container image to container registry - id: push + - name: test run: | - # Determine buildid (same logic as upstream) - if [[ -f ".buildid" ]]; then - buildid="$(< .buildid)" - else - buildid="$(date '+%Y%m%d.0')" - echo "${buildid}" > .buildid - fi + sudo apt install -y bwrap + bwrap --unshare-user --unshare-ipc --unshare-pid --unshare-net true - version="${{ matrix.version }}" - image="${{ matrix.image }}" + - name: Build + id: build + uses: job79/buildah-build@58fa3e218f800e67fc91a4d109bcaeddd6cf2101 + with: + sudo: true + image: misthios/${{ matrix.image}} + tags: ${{ matrix.version }} + context: ./ + containerfiles: ./Containerfile + platforms: ${{ matrix.arch }} + build-args : | + VERSION=${{ matrix.version }} + IMAGE=${{ matrix.image }} + extra-args: | + --cap-add=all + --device=/dev/fuse + --security-opt=label=disable + --isolation=chroot + --device=/dev/kvm - # Path to the OCI archive produced by builder.sh - archive="images/${image}/manifest.ociarchive" - - echo "Pushing ${archive} as ${image}:${version}.${buildid}" - - # Push version.buildid - skopeo copy \ - --authfile /tmp/auth.json \ - --retry-times 3 \ - --dest-compress-format zstd \ - oci-archive:${archive} \ - docker://git.plabble.org/misthios/${image}:${version}.${buildid} - - # Push version - skopeo copy \ - --authfile /tmp/auth.json \ - --retry-times 3 \ - --dest-compress-format zstd \ - docker://git.plabble.org/misthios/${image}:${version}.${buildid} \ - docker://git.plabble.org/misthios/${image}:${version} diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..32de818 --- /dev/null +++ b/Containerfile @@ -0,0 +1,27 @@ +ARG IMAGE=asahi-cosmic +ARG VERSION=43 + +FROM quay.io/fedora/fedora:${VERSION} as builder + +ARG IMAGE +ARG VERSION + +#Install deps and the latest rpm-ostree +RUN dnf -y install rpm-ostree selinux-policy-targeted python3 && dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree + +#Copy all files into the container and set permissions +COPY . /src +RUN chmod -R a=rX,u+w /src +WORKDIR /src + +#Build the wanted image and version +RUN ./builder.sh ${IMAGE} ${VERSION} + +# Create the container and set the labels +FROM scratch +COPY --from=builder /src/images/${IMAGE}/manifest.ociarchive / +LABEL containers.bootc 1 +ENV container=oci +# Make systemd the default +STOPSIGNAL SIGRTMIN+3 +CMD ["/sbin/init"] diff --git a/builder.sh b/builder.sh index 652d867..a6475c5 100755 --- a/builder.sh +++ b/builder.sh @@ -43,34 +43,34 @@ echo "${buildid}" > .buildid echo "Composing ${VERSION}.${buildid} ..." -# repos import -cp images/shared/*.repo "${IMAGE_DIR}" -cp "${IMAGE_DIR}"/{$IMAGE}/repos/*.repo "${IMAGE_DIR}" +# --- REPOS IMPORT --- +cp images/shared/*.repo "${IMAGE_DIR}/" +cp "${IMAGE_DIR}"/repos/*.repo "${IMAGE_DIR}/" -# Ensure manifest has correct ref and releasever -sed -i '/^ref:/d' "$MANIFEST" -sed -i '/^releasever:/d' "$MANIFEST" -sed -i "1i releasever: ${VERSION}" "$MANIFEST" +# --- MANIFEST FIXUPS --- +# Remove existing ref: and releasever: +sed -i '/^ref:/d' "$MANIFEST" +sed -i '/^releasever:/d' "$MANIFEST" + +# Insert new values at top +sed -i "1i releasever: ${VERSION}" "$MANIFEST" sed -i "1i ref: ${REF}" "$MANIFEST" -#Run a optional per image script to do image specific things -POSTPROCESS="${IMAGE_DIR}/${IMAGE}"/postprocess.sh" -if [[ -x "${POSTPROCESS}" ]]; then - echo "Running postprocess script: ${POSTPROCESS}" - "${POSTPROCESS}" +# --- OPTIONAL POSTPROCESS --- +POSTPROCESS="$IMAGE_DIR/test.sh" +if [[ -x "$POSTPROCESS" ]]; then + echo "Running postprocess script: $POSTPROCESS" + "$POSTPROCESS" else echo "No postprocess.sh found in ${IMAGE_DIR}, skipping." fi - # --- COMPOSE IMAGE --- ARGS=( "--cachedir=cache" - "--initialize" - "--max-layers=96" ) -rpm-ostree compose image \ +rpm-ostree compose rootfs \ "${ARGS[@]}" \ "$MANIFEST" \ "$OUTPUT" diff --git a/images/asahi-cosmic/packages.yaml b/images/asahi-cosmic/packages.yaml index 64de5ab..e4fabee 100644 --- a/images/asahi-cosmic/packages.yaml +++ b/images/asahi-cosmic/packages.yaml @@ -1,4 +1,13 @@ -#Cosmic related packages + +# System packages (boot) +packages-aarch64: + - grub2-efi + - efibootmgr + - shim + +#System packages (common) + +# Core packages (common.yaml upstream) packages: - cosmic-edit - cosmic-files @@ -16,17 +25,6 @@ packages: - plymouth-system-theme - system-config-printer - xdg-desktop-portal-gtk - -# System packages (boot) -packages-aarch64: - - grub2-efi - - efibootmgr - - shim - -#System packages (common) - -# Core packages (common.yaml upstream) -packages: # Ensure that we have a kernel. Kernel packages are not in any comps group # - kernel # - kernel-modules diff --git a/images/asahi-cosmic/repos/group_asahi-fedora-remix-branding.repo b/images/asahi-cosmic/repos/group_asahi-fedora-remix-branding.repo index 39b004c..2186935 100644 --- a/images/asahi-cosmic/repos/group_asahi-fedora-remix-branding.repo +++ b/images/asahi-cosmic/repos/group_asahi-fedora-remix-branding.repo @@ -1,4 +1,4 @@ -copr:copr.fedorainfracloud.org:group_asahi:fedora-remix-branding] +[copr:copr.fedorainfracloud.org:group_asahi:fedora-remix-branding] name=Copr repo for fedora-remix-branding owned by @asahi baseurl=https://download.copr.fedorainfracloud.org/results/@asahi/fedora-remix-branding/fedora-$releasever-$basearch/ type=rpm-md diff --git a/images/asahi-cosmic/postprocess.sh b/images/asahi-cosmic/test.sh old mode 100644 new mode 100755 similarity index 100% rename from images/asahi-cosmic/postprocess.sh rename to images/asahi-cosmic/test.sh