CI: initial hardcoded ci

.gitea/workflows/build.yaml

@@ -0,0 +1,76 @@
+name: Build container images
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches: ["main"]
+  push:
+    branches: ["main"]
+
+jobs:
+  build_push:
+    name: Build and push image
+    runs-on: job-v2
+
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [base]
+        version: [43]
+
+    container:
+      image: "quay.io/fedora/fedora:rawhide"
+      options: "--privileged --user 0:0 --device=/dev/kvm --device=/dev/fuse --volume /:/run/host:rw"
+
+    steps:
+      - name: Install tools Fedora CI uses
+        run: |
+          dnf install -y podman skopeo nodejs
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Build OCI bootc image (Fedora CI method)
+        run: |
+          mkdir -p oci
+          podman run --rm --privileged \
+            -v $PWD:/build \
+            -w /build \
+            quay.io/centos-bootc/bootc-image-builder:latest \
+              --type oci \
+              --output oci \
+              manifests/${{ matrix.image }}.yaml
+
+      - name: Prepare Docker config directory
+        run: mkdir -p /root/.docker
+
+      - name: Login to Container Registry
+        uses: redhat-actions/podman-login@v1
+        if: github.ref == 'refs/heads/main'
+        with:
+          registry: git.plabble.org
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+          auth_file_path: /tmp/auth.json
+
+      - name: Push OCI image to registry
+        run: |
+          if [[ -f ".buildid" ]]; then
+              buildid="$(< .buildid)"
+          else
+              buildid="$(date '+%Y%m%d.0')"
+              echo "${buildid}" > .buildid
+          fi
+
+          version="${{ matrix.version }}"
+          image="${{ matrix.image }}"
+
+          skopeo copy \
+            --authfile /tmp/auth.json \
+            oci:oci \
+            docker://git.plabble.org/misthios/${image}:${version}.${buildid}
+
+          skopeo copy \
+            --authfile /tmp/auth.json \
+            docker://git.plabble.org/misthios/${image}:${version}.${buildid} \
+            docker://git.plabble.org/misthios/${image}:${version}

images/base/manifest.yaml

@@ -38,6 +38,3 @@ packages:
 repos:
    - fedora-base
    - fedora-updates
-
-labels:
-  containers.bootc: "1"

images/shared/base.yaml

@@ -150,10 +150,7 @@ postprocess:
   - |
     #!/bin/bash
     set -xeuo pipefail
-    source /usr/lib/os-release
-    if [ $ID == "fedora" ] && [ ${VERSION_ID} -ge 43 ]; then
     echo "enable bootloader-update.service" >> /usr/lib/systemd/system-preset/85-bootc.preset
-    fi
   # Undo RPM scripts enabling units; we want the presets to be canonical
   # https://github.com/projectatomic/rpm-ostree/issues/1803
   - |
@@ -179,6 +176,21 @@ packages:
  - xfsprogs e2fsprogs dosfstools
  - bootupd
 
+packages-x86_64:
+ - grub2 grub2-efi-x64 efibootmgr shim
+ - microcode_ctl
+
 exclude-packages:
  - kernel-debug-core
 
+ # The grub bits are mainly designed for desktops, and IMO haven't seen
+  # enough testing in concert with ostree. At some point we'll flesh out
+  # the full plan in https://github.com/coreos/fedora-coreos-tracker/issues/47
+
+remove-from-packages:
+- [grub2-tools, /etc/grub.d/08_fallback_counting,
+                  /etc/grub.d/10_reset_boot_success,
+                  /etc/grub.d/12_menu_auto_hide,
+                  /usr/lib/systemd/.*]
+
+