Misthios/bootc-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2f07e2757cbe2ef5d2a9147a7b0962845cd4d326
bootc-images/.gitea/workflows/build.yaml
Workflow config file is invalid. Please check your config file: yaml: unmarshal errors: line 74: mapping key "name" already defined at line 1 line 76: mapping key "on" already defined at line 3 line 83: mapping key "jobs" already defined at line 10
Wesley van Tilburg 2f07e2757c ci: test changes
2026-02-28 15:53:54 +01:00

195 lines
5.9 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Build containers
on:
workflow_dispatch:
pull_request:
branches: ["main"]
push:
branches: ["main"]
jobs:
build_push:
name: Build and push image
runs-on: coole-runner
strategy:
fail-fast: false
matrix:
image: [asahi-cosmic]
version: [43]
container:
image: "quay.io/fedora-ostree-desktops/buildroot:${{ matrix.version }}"
options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw"
steps:
- name: Install rpm-ostree + tools
run: |
dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree
dnf install -y nodejs skopeo jq
mkdir -p ~/.docker
- name: Fix containers/storage.conf
run: |
sed -i 's/driver = "overlay"/driver = "vfs"/' /usr/share/containers/storage.conf
- name: Checkout
uses: actions/checkout@v4
- name: Log in to registry
uses: redhat-actions/podman-login@v1
with:
registry: git.plabble.org
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
auth_file_path: /tmp/auth.json
- name: Build rootfs (rpm-ostree compose image)
run: |
sudo ./builder.sh "${{ matrix.image }}" "${{ matrix.version }}"
- name: Push OCI archive to registry
run: |
set -xeuo pipefail
IMAGE="${{ matrix.image }}"
VERSION="${{ matrix.version }}"
REGISTRY="git.plabble.org/misthios"
ARCHIVE="images/${IMAGE}/manifest.ociarchive"
# Build ID (YYYYMMDD.0)
if [[ -f ".buildid" ]]; then
buildid="$(< .buildid)"
else
buildid="$(date '+%Y%m%d.0')"
echo "${buildid}" > .buildid
fi
# Extract version from os-release mutation
version="$(rpm-ostree compose tree --print-only --repo=repo manifests/${IMAGE}.yaml | jq -r '."mutate-os-release"')"
# Full tag: version.buildid
full_tag="${version}.${buildid}"
name: Build containers
on:
workflow_dispatch:
pull_request:
branches: ["main"]
push:
branches: ["main"]
jobs:
build_push:
name: Build and push image
runs-on: coole-runner
strategy:
fail-fast: false
matrix:
image: [asahi-cosmic]
version: [43]
container:
image: "quay.io/fedora-ostree-desktops/buildroot:${{ matrix.version }}"
options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw"
steps:
- name: Install latest rpm-ostree package from testing repos
run: |
dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree
dnf install -y nodejs buildah tar jq
mkdir -p ~/.docker
- name: Fixup containers/storage.conf
run: |
sed -i 's/driver = "overlay"/driver = "vfs"/' /usr/share/containers/storage.conf
- name: Checkout
uses: actions/checkout@v4
- name: Log in
uses: redhat-actions/podman-login@v1
with:
registry: git.plabble.org
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
auth_file_path: /tmp/auth.json
- name: Build rootfs
run: |
sudo ./builder.sh asahi-cosmic 43
- name: Build container (SUIDpreserving OCI extraction)
run: |
set -xeuo pipefail
IMAGE_NAME="misthios/${{ matrix.image }}"
IMAGE_TAG="${{ matrix.version }}"
OCI_DIR="images/${{ matrix.image }}/manifest.ociarchive"
# Create container from scratch
ctr=$(buildah from scratch)
mnt=$(buildah mount "$ctr")
# Extract layers in correct order
manifest="$OCI_DIR/manifest.json"
layers=$(jq -r '.[0].Layers[]' "$manifest")
for layer in $layers; do
LAYER_PATH="$OCI_DIR/blobs/sha256/${layer#sha256:}"
echo "Extracting layer: $LAYER_PATH"
tar --numeric-owner -xpf "$LAYER_PATH" -C "$mnt"
done
# Add metadata
buildah config \
--label containers.bootc=1 \
--label org.opencontainers.image.title="${{ matrix.image }}" \
--label org.opencontainers.image.version="${{ matrix.version }}" \
--label org.opencontainers.image.revision="${{ github.sha }}" \
--label io.bootc.image.version="${{ matrix.version }}" \
--label io.bootc.image.revision="${{ github.sha }}" \
--env container=oci \
--stop-signal SIGRTMIN+3 \
--cmd "/sbin/init" \
"$ctr"
# Commit final image
buildah commit "$ctr" "${IMAGE_NAME}:${IMAGE_TAG}"
buildah unmount "$ctr"
buildah rm "$ctr"
- name: Push
run: |
buildah push \
misthios/${{ matrix.image }}:${{ matrix.version }} \
docker://git.plabble.org/misthios/${{ matrix.image }}:${{ matrix.version }} \
--creds "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_TOKEN }}" \
--compression-format=zstd \
--compression-level=12
echo "Pushing ${ARCHIVE} → ${REGISTRY}/${IMAGE}:${full_tag}"
# Push OCI archive directly (preserves SUID, ownership, labels)
skopeo copy \
--authfile /tmp/auth.json \
--retry-times 3 \
--dest-compress-format zstd \
oci-archive:${ARCHIVE} \
docker://${REGISTRY}/${IMAGE}:${full_tag}
# Also push version-only tag
skopeo copy \
--authfile /tmp/auth.json \
--retry-times 3 \
--dest-compress-format zstd \
docker://${REGISTRY}/${IMAGE}:${full_tag} \
docker://${REGISTRY}/${IMAGE}:${version}
echo "Pushed:"
echo " - ${REGISTRY}/${IMAGE}:${full_tag}"
echo " - ${REGISTRY}/${IMAGE}:${version}"
Reference in New Issue View Git Blame Copy Permalink