ci: test changes

.gitea/workflows/build.yaml

@@ -15,19 +15,24 @@ jobs:
       fail-fast: false
       matrix:
         image: [asahi-cosmic]
-        version: [43] #Build current stable,next stable/rawhide (if not branched)
+        version: [43]
+
     container:
       image: "quay.io/fedora-ostree-desktops/buildroot:${{ matrix.version }}"
       options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw"
+
     steps:
 
       - name: Install latest rpm-ostree package from testing repos
         run: |
           dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree
-          dnf install -y nodejs
+          dnf install -y nodejs buildah tar jq
           mkdir -p ~/.docker
 
-        
+      - name: Fixup containers/storage.conf
+        run: |
+          sed -i 's/driver = "overlay"/driver = "vfs"/' /usr/share/containers/storage.conf
+
       - name: Checkout
         uses: actions/checkout@v4
 
@@ -43,23 +48,52 @@ jobs:
         run: |
           sudo ./builder.sh asahi-cosmic 43
 
-      - name: Build container
+      - name: Build container (SUID‑preserving OCI extraction)
-        id: build
+        run: |
-        uses: job79/buildah-build@65b3793a1370c1ccd74a5c0d090d70eb9637a4ef
+          set -xeuo pipefail
-        with:
+
-          image: misthios/${{ matrix.image }}
+          IMAGE_NAME="misthios/${{ matrix.image }}"
-          tags: ${{ matrix.version }}
+          IMAGE_TAG="${{ matrix.version }}"
-          containerfiles: ./Containerfile
+          OCI_DIR="images/${{ matrix.image }}/manifest.ociarchive"
-          build-args: IMAGE=${{ matrix.image }}
+
+          # Create container from scratch
+          ctr=$(buildah from scratch)
+          mnt=$(buildah mount "$ctr")
+
+          # Extract layers in correct order
+          manifest="$OCI_DIR/manifest.json"
+          layers=$(jq -r '.[0].Layers[]' "$manifest")
+
+          for layer in $layers; do
+            LAYER_PATH="$OCI_DIR/blobs/sha256/${layer#sha256:}"
+            echo "Extracting layer: $LAYER_PATH"
+            tar --numeric-owner -xpf "$LAYER_PATH" -C "$mnt"
+          done
+
+          # Add metadata
+          buildah config \
+            --label containers.bootc=1 \
+            --label org.opencontainers.image.title="${{ matrix.image }}" \
+            --label org.opencontainers.image.version="${{ matrix.version }}" \
+            --label org.opencontainers.image.revision="${{ github.sha }}" \
+            --label io.bootc.image.version="${{ matrix.version }}" \
+            --label io.bootc.image.revision="${{ github.sha }}" \
+            --env container=oci \
+            --stop-signal SIGRTMIN+3 \
+            --cmd "/sbin/init" \
+            "$ctr"
+
+          # Commit final image
+          buildah commit "$ctr" "${IMAGE_NAME}:${IMAGE_TAG}"
+
+          buildah unmount "$ctr"
+          buildah rm "$ctr"
 
       - name: Push
-        uses: redhat-actions/push-to-registry@v2
+        run: |
-        with:
+          buildah push \
-          image: ${{ steps.build.outputs.image }}
+            misthios/${{ matrix.image }}:${{ matrix.version }} \
-          tags: ${{ steps.build.outputs.tags }}
+            docker://git.plabble.org/misthios/${{ matrix.image }}:${{ matrix.version }} \
-          registry: git.plabble.org
+            --creds "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_TOKEN }}" \
-          username: ${{ secrets.REGISTRY_USERNAME }}
+            --compression-format=zstd \
-          password: ${{ secrets.REGISTRY_TOKEN }}
-          extra-args: |
-            --compression-format=zstd
             --compression-level=12