diff --git a/.github/scripts/build-image.sh b/.github/scripts/build-image.sh new file mode 100755 index 00000000..43ca736d --- /dev/null +++ b/.github/scripts/build-image.sh @@ -0,0 +1,114 @@ +#!/usr/bin/env bash + +set -euo pipefail + +# Default values +CONTAINERFILE="./Containerfile" +IMAGE_NAME="" +OS_VERSION="" +OS_EDITION="" +IS_RECHUNK=false +META_OUT_FILE="" + +# Function to show usage +usage() { + echo "Usage: $0 --image-name IMAGE_NAME --os-version OS_VERSION --os-edition OS_EDITION [options]" + echo + echo "Options:" + echo " --containerfile CONTAINERFILE Path to the Containerfile (default: './Containerfile')" + echo " --image-name IMAGE_NAME Name of the image (required)" + echo " --os-version OS_VERSION OS version (required)" + echo " --os-edition OS_EDITION OS edition (required)" + echo " --is-rechunk Flag to indicate whether to rechunk (default: false)" + echo " --meta-out-file META_OUT_FILE Path to the metadata output file" + exit 1 +} + +# Parse arguments +while [[ $# -gt 0 ]]; do + case "$1" in + --containerfile) + CONTAINERFILE="$2" + shift 2 + ;; + --image-name) + IMAGE_NAME="$2" + shift 2 + ;; + --os-version) + OS_VERSION="$2" + shift 2 + ;; + --os-edition) + OS_EDITION="$2" + shift 2 + ;; + --is-rechunk) + IS_RECHUNK=true + shift + ;; + --meta-out-file) + META_OUT_FILE="$2" + shift 2 + ;; + *) + echo "Unknown argument: $1" + usage + ;; + esac +done + +# Check required arguments (image name, os version, os edition) +if [[ -z "$IMAGE_NAME" || -z "$OS_VERSION" || -z "$OS_EDITION" ]]; then + echo "Error: Missing required arguments" + usage +fi + +# Generate tags based on OS version, edition, and rechunk flag +generate_tags() { + local os_version="$1" + local os_edition="$2" + local is_rechunk="$3" + + local tags=() + + tags+=("$IMAGE_NAME:$os_version-$os_edition") + tags+=("$IMAGE_NAME:$os_version-$os_edition-$(date +%Y%m%d%H%M%S)") + tags+=("$IMAGE_NAME:$os_version-$os_edition-$(date +%Y%m%d)") + + # If a GitHub ref is available, add a tag with the ref + if [[ -n "${GITHUB_REF:-}" ]]; then + local ref_tag="${GITHUB_REF##*/}" + tags+=("$IMAGE_NAME:$os_version-$os_edition-$ref_tag") + tags+=("$IMAGE_NAME:$os_version-$os_edition-$ref_tag-$(date +%Y%m%d%H%M%S)") + fi + + echo "${tags[@]}" +} + +# Generate image tags +tags=($(generate_tags "$OS_VERSION" "$OS_EDITION" "$IS_RECHUNK")) + +# Build the container image with the generated tags +tag_args=$(printf -- "--tag %s " "${tags[@]}") +echo "Building image with tags: ${tags[@]}" +podman build \ + -f "$CONTAINERFILE" \ + $tag_args \ + . + +# Output metadata to the specified file +if [[ -n "$META_OUT_FILE" ]]; then + echo "Writing metadata to $META_OUT_FILE..." + { + echo "IMAGE_NAME=$IMAGE_NAME" + echo "OS_VERSION=$OS_VERSION" + echo "OS_EDITION=$OS_EDITION" + echo "IS_RECHUNK=$IS_RECHUNK" + echo "TAGS=${tags[@]}" + } > "$META_OUT_FILE" +else + echo "No metadata output file specified. Skipping metadata output." +fi + +echo "Build completed successfully." diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ea481ff0..9a344eab 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,12 +20,13 @@ env: jobs: build-base: - runs-on: ubuntu-24.04 + runs-on: ${{ matrix.arch == 'x64' && 'ubuntu-latest' || format('runs-on,runner=1cpu-linux-{0},run-id={1}', matrix.arch, github.run_id) }} strategy: fail-fast: false matrix: fedora-version: [40, 41, stable] fedora-edition: [silverblue, kinoite, cosmic] + arch: [x64, arm64] include: - fedora-edition: cosmic image-registry: ghcr.io/rsturla/eternal-linux/base @@ -45,78 +46,45 @@ jobs: - name: Maximize build space uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 - with: - remove-codeql: true - - - name: Generate Image Tags - uses: ./.github/actions/generate-image-tags - id: generate-image-tags - with: - image-name: ${{ env.IMAGE_REGISTRY}}/${{ env.IMAGE_NAME }} - major-version: ${{ env.FEDORA_VERSION }} - is-release: ${{ github.event_name != 'pull_request' }} - - name: Get CoreOS Kernel Information - if: ${{ env.FEDORA_VERSION == 'stable' || env.FEDORA_VERSION == 'testing' }} - uses: ./.github/actions/get-coreos-kernel - id: get-coreos-kernel + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 with: - coreos-stream: ${{ env.FEDORA_VERSION }} - - - name: Set CoreOS Environment Variables - if: ${{ env.FEDORA_VERSION == 'stable' || env.FEDORA_VERSION == 'testing' }} - run: | - echo "COREOS_KERNEL=${{ steps.get-coreos-kernel.outputs.coreos-kernel-release }}" >> $GITHUB_ENV - echo "FEDORA_VERSION=${{ steps.get-coreos-kernel.outputs.coreos-repo-version }}" >> $GITHUB_ENV + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build Image id: build - uses: ./.github/actions/build-image - with: - builder: docker - context: . - dockerfile: Containerfile - image-name: ${{ env.IMAGE_NAME }} - image-tags: | - ${{ steps.generate-image-tags.outputs.tags }} - build-args: | - ${{ matrix.image-registry && format('IMAGE_REGISTRY={0}', matrix.image-registry) || '' }} - FEDORA_VERSION=${{ env.FEDORA_VERSION }} - FEDORA_EDITION=${{ matrix.fedora-edition }} - COREOS_KERNEL=${{ env.COREOS_KERNEL }} - - - name: Rechunk - id: rechunk - if: false - uses: ./.github/actions/rechunk - with: - builder: ${{ steps.build.outputs.builder }} - ref: ${{ steps.build.outputs.image }}:${{ steps.generate-image-tags.outputs.primary-tag }} - prev-ref: ${{ env.IMAGE_REGISTRY }}/${{ steps.build.outputs.image }}:${{ steps.generate-image-tags.outputs.primary-tag }} - tags: ${{ steps.build.outputs.tags }} + env: + IMAGE_NAME: ${{ env.IMAGE_NAME }} + FEDORA_VERSION: ${{ env.FEDORA_VERSION }} + FEDORA_EDITION: ${{ matrix.fedora-edition }} + IS_RECHUNK: ${{ github.event_name != 'pull_request' && true || false }} + IS_SIGN_IMAGE: ${{ github.event_name != 'pull_request' && true || false }} + runs: | + ./.github/scripts/build-image.sh \ + --containerfile ./Containerfile \ + --image-name $IMAGE_NAME \ + --os-version $FEDORA_VERSION \ + --os-edition $FEDORA_EDITION \ + --is-rechunk $IS_RECHUNK \ + --meta-out-file $GITHUB_OUTPUT - name: Push Image id: push - uses: ./.github/actions/push-image - with: - builder: ${{ steps.build.outputs.builder }} - image-name: ${{ steps.build.outputs.image }} - image-tags: ${{ steps.build.outputs.tags }} - image-registry: ${{ env.IMAGE_REGISTRY }} - registry-username: ${{ github.actor }} - registry-password: ${{ secrets.GITHUB_TOKEN }} - - - name: Sign Image - uses: ./.github/actions/sign-image - if: github.event_name != 'pull_request' - with: - registry: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} - registry-provider: ghcr.io - registry-username: ${{ github.actor }} - registry-password: ${{ secrets.GITHUB_TOKEN }} - digest: ${{ steps.push.outputs.digest }} - private-key: ${{ secrets.ETERNAL_LINUX_SIGNING_KEY }} - private-key-passphrase: ${{ secrets.ETERNAL_LINUX_SIGNING_KEY_PASSPHRASE }} + env: + SOURCE_IMAGE: ${{ steps.build.outputs.OUTPUT_IMAGE }} + IMAGE_NAME: ${{ env.IMAGE_NAME }} + IMAGE_REGISTRY: ${{ env.IMAGE_REGISTRY }} + IS_SIGN_IMAGE: ${{ github.event_name != 'pull_request' && true || false }} + runs: | + ./.github/scripts/push-image.sh \ + SOURCE_IMAGE=$SOURCE_IMAGE \ + IMAGE_NAME=$IMAGE_NAME \ + IMAGE_REGISTRY=$IMAGE_REGISTRY \ + IMAGE_TAG=$IMAGE_TAG \ + IS_SIGN=$IS_SIGN_IMAGE build-nvidia: runs-on: ubuntu-24.04 diff --git a/Containerfile b/Containerfile index 7fd44f7a..6474e613 100644 --- a/Containerfile +++ b/Containerfile @@ -1,6 +1,6 @@ -ARG FEDORA_VERSION=40 -ARG FEDORA_EDITION=base -ARG IMAGE_REGISTRY=quay.io/fedora-ostree-desktops +ARG FEDORA_VERSION=41 +ARG FEDORA_EDITION=silverblue +ARG IMAGE_REGISTRY=quay.io/fedora ARG FEDORA_IMAGE=${IMAGE_REGISTRY}/${FEDORA_EDITION}:${FEDORA_VERSION} ARG COREOS_KERNEL="N/A"