Wesley van Tilburg
5edc71da6c
Some checks failed
Build containers / Build and push image (asahi-cosmic, 43) (push) Failing after 19s
104 lines
3.1 KiB
YAML
104 lines
3.1 KiB
YAML
name: Build containers
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
branches: ["main"]
|
|
push:
|
|
branches: ["main"]
|
|
|
|
jobs:
|
|
build_push:
|
|
name: Build and push image
|
|
runs-on: coole-runner
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
image: [asahi-cosmic]
|
|
version: [43]
|
|
|
|
container:
|
|
image: "quay.io/fedora-ostree-desktops/buildroot:${{ matrix.version }}"
|
|
options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw"
|
|
|
|
steps:
|
|
|
|
- name: Install rpm-ostree + tools
|
|
run: |
|
|
dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree
|
|
dnf install -y nodejs skopeo jq
|
|
mkdir -p ~/.docker
|
|
|
|
- name: Fix containers/storage.conf
|
|
run: |
|
|
sed -i 's/driver = "overlay"/driver = "vfs"/' /usr/share/containers/storage.conf
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Log in to registry
|
|
uses: redhat-actions/podman-login@v1
|
|
with:
|
|
registry: git.plabble.org
|
|
username: ${{ secrets.REGISTRY_USERNAME }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
auth_file_path: /tmp/auth.json
|
|
|
|
- name: Debug paths
|
|
run: |
|
|
pwd
|
|
ls -l
|
|
ls -l images || echo "images/ missing"
|
|
ls -l images/asahi-cosmic || echo "image dir missing"
|
|
ls -l images/asahi-cosmic/manifest.yaml || echo "manifest missing"
|
|
|
|
- name: Build OCI archive with rpm-ostree
|
|
run: |
|
|
cd "$GITHUB_WORKSPACE"
|
|
sudo -E ./builder.sh "${{ matrix.image }}" "${{ matrix.version }}"
|
|
|
|
- name: Push OCI archive to registry
|
|
run: |
|
|
set -xeuo pipefail
|
|
|
|
IMAGE="${{ matrix.image }}"
|
|
VERSION="${{ matrix.version }}"
|
|
REGISTRY="git.plabble.org/misthios"
|
|
|
|
ARCHIVE="images/${IMAGE}/manifest.ociarchive"
|
|
|
|
# Build ID (YYYYMMDD.0)
|
|
if [[ -f ".buildid" ]]; then
|
|
buildid="$(< .buildid)"
|
|
else
|
|
buildid="$(date '+%Y%m%d.0')"
|
|
echo "${buildid}" > .buildid
|
|
fi
|
|
|
|
# Extract version from os-release mutation
|
|
version="$(rpm-ostree compose tree --print-only --repo=repo images/${IMAGE}/manifest.yaml | jq -r '."mutate-os-release"')"
|
|
|
|
full_tag="${version}.${buildid}"
|
|
|
|
echo "Pushing ${ARCHIVE} → ${REGISTRY}/${IMAGE}:${full_tag}"
|
|
|
|
# Push OCI archive directly (preserves SUID, ownership, labels)
|
|
skopeo copy \
|
|
--authfile /tmp/auth.json \
|
|
--retry-times 3 \
|
|
--dest-compress-format zstd \
|
|
oci-archive:${ARCHIVE} \
|
|
docker://${REGISTRY}/${IMAGE}:${full_tag}
|
|
|
|
# Also push version-only tag
|
|
skopeo copy \
|
|
--authfile /tmp/auth.json \
|
|
--retry-times 3 \
|
|
--dest-compress-format zstd \
|
|
docker://${REGISTRY}/${IMAGE}:${full_tag} \
|
|
docker://${REGISTRY}/${IMAGE}:${version}
|
|
|
|
echo "Pushed:"
|
|
echo " - ${REGISTRY}/${IMAGE}:${full_tag}"
|
|
echo " - ${REGISTRY}/${IMAGE}:${version}"
|