diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index d8bfeee..19cc0a1 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -17,27 +17,12 @@ jobs: matrix: image: [asahi-cosmic] version: [43] #Build current stable,next stable/rawhide (if not branched) - - container: - image: "quay.io/fedora-ostree-desktops/buildroot:43" - options: "--security-opt apparmor=unconfined --privileged --user 0:0 --device=/dev/kvm --device=/dev/fuse --volume /:/run/host:rw --arch arm64" + arch: [linux/arm64] #todo fix steps: - - name: Install dependencies - run: | - dnf install -y nodejs - dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree - - name: Checkout uses: actions/checkout@v4 - - name: Build Bootable Container image - run: | - ./builder.sh "${{ matrix.image }}" "${{ matrix.version }}" - - - name: Prepare Docker config directory - run: mkdir -p /root/.docker - - name: Login to Container Registry uses: redhat-actions/podman-login@v1 if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' @@ -45,39 +30,20 @@ jobs: registry: git.plabble.org username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_TOKEN }} - auth_file_path: /tmp/auth.json - - name: Push container image to container registry - id: push - run: | - # Determine buildid (same logic as upstream) - if [[ -f ".buildid" ]]; then - buildid="$(< .buildid)" - else - buildid="$(date '+%Y%m%d.0')" - echo "${buildid}" > .buildid - fi - - version="${{ matrix.version }}" - image="${{ matrix.image }}" - - # Path to the OCI archive produced by builder.sh - archive="images/${image}/manifest.ociarchive" - - echo "Pushing ${archive} as ${image}:${version}.${buildid}" - - # Push version.buildid - skopeo copy \ - --authfile /tmp/auth.json \ - --retry-times 3 \ - --dest-compress-format zstd \ - oci-archive:${archive} \ - docker://git.plabble.org/misthios/${image}:${version}.${buildid} - - # Push version - skopeo copy \ - --authfile /tmp/auth.json \ - --retry-times 3 \ - --dest-compress-format zstd \ - docker://git.plabble.org/misthios/${image}:${version}.${buildid} \ - docker://git.plabble.org/misthios/${image}:${version} + - name: Build + id: build + uses: job79/buildah-build@65b3793a1370c1ccd74a5c0d090d70eb9637a4ef + with: + image: misthios/${{ matrix.image}} + tags: ${{ matrix.version }} + context: ./ + containerfiles: ./Containerfile + platforms: ${{ matrix.arch }} + build-args : | + VERSION=${{ matrix.version }} + IMAGE=${{ matrix.image }} + extra-args: | + --cap-add=all + --device /dev/fuse + --security-opt=label=disable diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..22c1d8d --- /dev/null +++ b/Containerfile @@ -0,0 +1,24 @@ +ARG IMAGE=base +ARG VERSION=44 + +FROM quay.io/fedora/fedora:${VERSION} as builder + +#Install deps and the latest rpm-ostree +RUN dnf -y install rpm-ostree selinux-policy-targeted python3 && dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree + +#Copy all files into the container and set permissions +COPY . /src +RUN chmod -R a=rX,u+w /src +WORKDIR /src + +#Build the wanted image and version +RUN ./builder.sh ${IMAGE} ${VERSION} + +# Create the container and set the labels +FROM scratch +COPY --from=builder /src/images/${IMAGE}/manifest.ociarchive / +LABEL containers.bootc 1 +ENV container=oci +# Make systemd the default +STOPSIGNAL SIGRTMIN+3 +CMD ["/sbin/init"] diff --git a/builder.sh b/builder.sh index 652d867..4a3c2bf 100755 --- a/builder.sh +++ b/builder.sh @@ -62,7 +62,6 @@ else echo "No postprocess.sh found in ${IMAGE_DIR}, skipping." fi - # --- COMPOSE IMAGE --- ARGS=( "--cachedir=cache" @@ -70,7 +69,7 @@ ARGS=( "--max-layers=96" ) -rpm-ostree compose image \ +rpm-ostree compose rootfs \ "${ARGS[@]}" \ "$MANIFEST" \ - "$OUTPUT" + "$OUTPUT" \ No newline at end of file