From 4e70c08c3ca881f67a2be55039812b27bd25774c Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Wed, 10 Jul 2024 20:07:24 +0100 Subject: [PATCH 1/5] chore: test push-to-registry fork --- .github/actions/push-image/action.yml | 6 +++++- .github/workflows/build.yml | 5 +++-- Containerfile | 14 +++++++------- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/actions/push-image/action.yml b/.github/actions/push-image/action.yml index f277de3d..b6c85423 100644 --- a/.github/actions/push-image/action.yml +++ b/.github/actions/push-image/action.yml @@ -22,6 +22,9 @@ inputs: description: 'The password to authenticate with the registry' required: false default: ${{ github.token }} + compression-formats: + required: true + default: gzip outputs: registry-path: @@ -37,13 +40,14 @@ runs: - name: Push (Podman) if: ${{ inputs.builder == 'podman' }} id: push-podman - uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2 + uses: p5/push-to-registry@support-multiple-compression-formats with: image: ${{ inputs.image-name }} tags: ${{ inputs.image-tags }} registry: ${{ inputs.image-registry }} username: ${{ inputs.registry-username }} password: ${{ inputs.registry-password }} + compression-formats: ${{ inputs.compression-formats }} - name: Login (Docker) if: ${{ inputs.builder == 'docker' }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b7fe7943..c20dff77 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -64,7 +64,7 @@ jobs: id: build uses: ./.github/actions/build-image with: - builder: docker + builder: podman context: . dockerfile: Containerfile image-name: ${{ env.IMAGE_NAME }} @@ -85,6 +85,7 @@ jobs: image-registry: ${{ env.IMAGE_REGISTRY }} registry-username: ${{ github.actor }} registry-password: ${{ secrets.GITHUB_TOKEN }} + compression-formats: gzip zstd:chunked - name: Sign Image uses: ./.github/actions/sign-image @@ -164,7 +165,7 @@ jobs: id: build uses: ./.github/actions/build-image with: - builder: docker + builder: podman context: . dockerfile: Containerfile.nvidia image-name: ${{ env.IMAGE_NAME }} diff --git a/Containerfile b/Containerfile index 3ce2e5d5..9014e0ff 100644 --- a/Containerfile +++ b/Containerfile @@ -14,10 +14,10 @@ COPY files/_${FEDORA_EDITION} / COPY scripts/ /tmp/scripts -RUN chmod +x /tmp/scripts/*.sh /tmp/scripts/_${FEDORA_EDITION}/*.sh && \ - /tmp/scripts/setup.sh --version ${FEDORA_VERSION} --base ${FEDORA_EDITION} --coreos-kernel ${COREOS_KERNEL} && \ - /tmp/scripts/cleanup.sh --version ${FEDORA_VERSION} --base ${FEDORA_EDITION} \ - && \ - rpm-ostree cleanup -m && \ - rm -rf /tmp/* /var/* && \ - ostree container commit +# RUN chmod +x /tmp/scripts/*.sh /tmp/scripts/_${FEDORA_EDITION}/*.sh && \ +# /tmp/scripts/setup.sh --version ${FEDORA_VERSION} --base ${FEDORA_EDITION} --coreos-kernel ${COREOS_KERNEL} && \ +# /tmp/scripts/cleanup.sh --version ${FEDORA_VERSION} --base ${FEDORA_EDITION} \ +# && \ +# rpm-ostree cleanup -m && \ +# rm -rf /tmp/* /var/* && \ +# ostree container commit From b52e5f57296b0997e0153488c1788372a93307ac Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Wed, 10 Jul 2024 20:11:41 +0100 Subject: [PATCH 2/5] Do not optimize storage --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c20dff77..8cf4c9dc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,8 +36,8 @@ jobs: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - name: Optimize GHA Storage - uses: ./.github/actions/optimise-gha-storage + # - name: Optimize GHA Storage + # uses: ./.github/actions/optimise-gha-storage - name: Generate Image Tags uses: ./.github/actions/generate-image-tags From d0fad6de16f8d3f7b4590b5a16b9ab13693141aa Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Wed, 10 Jul 2024 20:31:12 +0100 Subject: [PATCH 3/5] Use 24.04 runner --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8cf4c9dc..af69d374 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,7 +16,7 @@ env: jobs: build-base: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -101,7 +101,7 @@ jobs: build-nvidia: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: build-base if: ${{ !cancelled() }} strategy: From e30a497792af50ed9ecf7da365778a8e86c0c5b2 Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Wed, 10 Jul 2024 20:34:32 +0100 Subject: [PATCH 4/5] Make build-image podman only --- .github/actions/build-image/action.yml | 55 ++++---------------------- .github/workflows/build.yml | 6 +-- 2 files changed, 10 insertions(+), 51 deletions(-) diff --git a/.github/actions/build-image/action.yml b/.github/actions/build-image/action.yml index 7a07dcdd..8d318c50 100644 --- a/.github/actions/build-image/action.yml +++ b/.github/actions/build-image/action.yml @@ -1,4 +1,4 @@ -name: Build Image +name: Build Image (Podman) inputs: context: @@ -19,10 +19,6 @@ inputs: description: 'Build arguments to pass to the Docker build' required: false default: '' - builder: - description: 'The name of the builder to use (docker or podman)' - required: false - default: 'podman' outputs: image: @@ -34,51 +30,20 @@ outputs: digest: description: 'The digest of the built image' value: ${{ steps.set-outputs.outputs.digest }} - builder: - description: 'The builder used to build the image' - value: ${{ inputs.builder }} runs: using: 'composite' steps: - - name: Build (Podman) - if: ${{ inputs.builder == 'podman' }} + - name: Build id: build-podman uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2 with: context: ${{ inputs.context }} containerfiles: ${{ inputs.dockerfile }} - image: ${{ inputs.image-name }} + image: localhost/${{ inputs.image-name }} tags: ${{ inputs.image-tags }} build-args: ${{ inputs.build-args }} - - - name: Generate Tags (Docker) - if: ${{ inputs.builder == 'docker' }} - id: generate-image-tags-docker - shell: bash - run: | - # Reading space-separated list into an array - IFS=' ' read -r -a tag_array <<< "${{ inputs.image-tags }}" - - # Iterate over all tag inputs and prepend the image name - tags="" - for tag in "${tag_array[@]}"; do - tags+="${{ inputs.image-name }}:$tag, " - done - # Remove trailing comma and space - tags="${tags%, }" - echo "tags=$tags" >> $GITHUB_OUTPUT - - - name: Build (Docker) - if: ${{ inputs.builder == 'docker' }} - id: build-docker - uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6 - with: - context: ${{ inputs.context }} - file: ${{ inputs.dockerfile }} - tags: ${{ steps.generate-image-tags-docker.outputs.tags }} - build-args: ${{ inputs.build-args }} - push: false + oci: false - name: Set Outputs id: set-outputs @@ -86,12 +51,8 @@ runs: env: BUILDER: ${{ inputs.builder }} run: | + podman image ls echo "image=${{ inputs.image-name }}" >> $GITHUB_OUTPUT - if [ "$BUILDER" == "podman" ]; then - echo "tags=${{ inputs.image-tags }}" >> $GITHUB_OUTPUT - digest=$(podman image inspect ${{ inputs.image-name }} --format '{{.Digest}}') - echo "digest=$digest" >> $GITHUB_OUTPUT - else - echo "tags=${{ inputs.image-tags }}" >> $GITHUB_OUTPUT - echo "digest=${{ steps.build-docker.outputs.digest }}" >> $GITHUB_OUTPUT - fi + echo "tags=${{ inputs.image-tags }}" >> $GITHUB_OUTPUT + digest=$(podman image inspect ${{ steps.build-podman.outputs.image-with-tag }} --format '{{.Digest}}') + echo "digest=$digest" >> $GITHUB_OUTPUT diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index af69d374..af6f9a01 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -64,7 +64,6 @@ jobs: id: build uses: ./.github/actions/build-image with: - builder: podman context: . dockerfile: Containerfile image-name: ${{ env.IMAGE_NAME }} @@ -79,7 +78,7 @@ jobs: id: push uses: ./.github/actions/push-image with: - builder: ${{ steps.build.outputs.builder }} + builder: podman image-name: ${{ steps.build.outputs.image }} image-tags: ${{ steps.build.outputs.tags }} image-registry: ${{ env.IMAGE_REGISTRY }} @@ -165,7 +164,6 @@ jobs: id: build uses: ./.github/actions/build-image with: - builder: podman context: . dockerfile: Containerfile.nvidia image-name: ${{ env.IMAGE_NAME }} @@ -181,7 +179,7 @@ jobs: id: push uses: ./.github/actions/push-image with: - builder: ${{ steps.build.outputs.builder }} + builder: podman image-name: ${{ steps.build.outputs.image }} image-tags: ${{ steps.build.outputs.tags }} image-registry: ${{ env.IMAGE_REGISTRY }} From 2fda2a1237bab2dc7db529021555ba66f060a7ee Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Wed, 10 Jul 2024 21:00:57 +0100 Subject: [PATCH 5/5] Only build base --- .github/workflows/build.yml | 198 ++++++++++++++++++------------------ 1 file changed, 99 insertions(+), 99 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index af6f9a01..b35fe7ec 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -99,108 +99,108 @@ jobs: private-key-passphrase: ${{ secrets.ETERNAL_LINUX_SIGNING_KEY_PASSPHRASE }} - build-nvidia: - runs-on: ubuntu-24.04 - needs: build-base - if: ${{ !cancelled() }} - strategy: - fail-fast: false - matrix: - fedora-version: [39, 40, stable] - fedora-edition: [base, silverblue, kinoite] - permissions: - contents: read - packages: write - id-token: write - env: - IMAGE_NAME: eternal-linux/main/${{ matrix.fedora-edition }} - FEDORA_VERSION: ${{ matrix.fedora-version }} - COREOS_KERNEL: "N/A" - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - - name: Optimize GHA Storage - uses: ./.github/actions/optimise-gha-storage - - - name: Generate Image Tags - uses: ./.github/actions/generate-image-tags - id: generate-image-tags - with: - image-name: ${{ env.IMAGE_REGISTRY}}/${{ env.IMAGE_NAME }} - major-version: ${{ env.FEDORA_VERSION }} - is-release: ${{ github.event_name != 'pull_request' }} - is-nvidia: true - - - name: Get CoreOS Kernel Information - if: ${{ env.FEDORA_VERSION == 'stable' || env.FEDORA_VERSION == 'testing' }} - uses: ./.github/actions/get-coreos-kernel - id: get-coreos-kernel - with: - coreos-stream: ${{ env.FEDORA_VERSION }} - - - name: Set CoreOS Environment Variables - if: ${{ env.FEDORA_VERSION == 'stable' || env.FEDORA_VERSION == 'testing' }} - run: | - echo "COREOS_KERNEL=${{ steps.get-coreos-kernel.outputs.coreos-kernel-release }}" >> $GITHUB_ENV - echo "FEDORA_VERSION=${{ steps.get-coreos-kernel.outputs.coreos-repo-version }}" >> $GITHUB_ENV - - - name: Generate Base Image Tag - id: generate-base-image-tag - env: - BASE_FEDORA_VERSION: ${{ matrix.fedora-version }} - PR_NUMBER: ${{ github.event.number }} - IS_PR: ${{ github.event_name == 'pull_request' }} - run: | - GIT_SHA=$(git rev-parse --short HEAD) - if [ $IS_PR == 'true' ]; then - BASE_TAG="pr${PR_NUMBER}-${GIT_SHA}-${BASE_FEDORA_VERSION}" - else - BASE_TAG="${GIT_SHA}-${BASE_FEDORA_VERSION}" - fi - echo "base-tag=${BASE_TAG}" >> $GITHUB_OUTPUT - - - name: Build Image - id: build - uses: ./.github/actions/build-image - with: - context: . - dockerfile: Containerfile.nvidia - image-name: ${{ env.IMAGE_NAME }} - image-tags: | - ${{ steps.generate-image-tags.outputs.tags }} - build-args: | - FEDORA_VERSION=${{ env.FEDORA_VERSION }} - FEDORA_EDITION=${{ matrix.fedora-edition }} - BASE_TAG=${{ steps.generate-base-image-tag.outputs.base-tag }} - NVIDIA_AKMODS_TAG=${{ matrix.fedora-version }} - - - name: Push Image - id: push - uses: ./.github/actions/push-image - with: - builder: podman - image-name: ${{ steps.build.outputs.image }} - image-tags: ${{ steps.build.outputs.tags }} - image-registry: ${{ env.IMAGE_REGISTRY }} - registry-username: ${{ github.actor }} - registry-password: ${{ secrets.GITHUB_TOKEN }} - - - name: Sign Image - uses: ./.github/actions/sign-image - if: github.event_name != 'pull_request' - with: - registry: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} - registry-provider: ghcr.io - registry-username: ${{ github.actor }} - registry-password: ${{ secrets.GITHUB_TOKEN }} - digest: ${{ steps.push.outputs.digest }} - private-key: ${{ secrets.ETERNAL_LINUX_SIGNING_KEY }} - private-key-passphrase: ${{ secrets.ETERNAL_LINUX_SIGNING_KEY_PASSPHRASE }} + # build-nvidia: + # runs-on: ubuntu-24.04 + # needs: build-base + # if: ${{ !cancelled() }} + # strategy: + # fail-fast: false + # matrix: + # fedora-version: [39, 40, stable] + # fedora-edition: [base, silverblue, kinoite] + # permissions: + # contents: read + # packages: write + # id-token: write + # env: + # IMAGE_NAME: eternal-linux/main/${{ matrix.fedora-edition }} + # FEDORA_VERSION: ${{ matrix.fedora-version }} + # COREOS_KERNEL: "N/A" + # steps: + # - name: Checkout + # uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + # - name: Optimize GHA Storage + # uses: ./.github/actions/optimise-gha-storage + + # - name: Generate Image Tags + # uses: ./.github/actions/generate-image-tags + # id: generate-image-tags + # with: + # image-name: ${{ env.IMAGE_REGISTRY}}/${{ env.IMAGE_NAME }} + # major-version: ${{ env.FEDORA_VERSION }} + # is-release: ${{ github.event_name != 'pull_request' }} + # is-nvidia: true + + # - name: Get CoreOS Kernel Information + # if: ${{ env.FEDORA_VERSION == 'stable' || env.FEDORA_VERSION == 'testing' }} + # uses: ./.github/actions/get-coreos-kernel + # id: get-coreos-kernel + # with: + # coreos-stream: ${{ env.FEDORA_VERSION }} + + # - name: Set CoreOS Environment Variables + # if: ${{ env.FEDORA_VERSION == 'stable' || env.FEDORA_VERSION == 'testing' }} + # run: | + # echo "COREOS_KERNEL=${{ steps.get-coreos-kernel.outputs.coreos-kernel-release }}" >> $GITHUB_ENV + # echo "FEDORA_VERSION=${{ steps.get-coreos-kernel.outputs.coreos-repo-version }}" >> $GITHUB_ENV + + # - name: Generate Base Image Tag + # id: generate-base-image-tag + # env: + # BASE_FEDORA_VERSION: ${{ matrix.fedora-version }} + # PR_NUMBER: ${{ github.event.number }} + # IS_PR: ${{ github.event_name == 'pull_request' }} + # run: | + # GIT_SHA=$(git rev-parse --short HEAD) + # if [ $IS_PR == 'true' ]; then + # BASE_TAG="pr${PR_NUMBER}-${GIT_SHA}-${BASE_FEDORA_VERSION}" + # else + # BASE_TAG="${GIT_SHA}-${BASE_FEDORA_VERSION}" + # fi + # echo "base-tag=${BASE_TAG}" >> $GITHUB_OUTPUT + + # - name: Build Image + # id: build + # uses: ./.github/actions/build-image + # with: + # context: . + # dockerfile: Containerfile.nvidia + # image-name: ${{ env.IMAGE_NAME }} + # image-tags: | + # ${{ steps.generate-image-tags.outputs.tags }} + # build-args: | + # FEDORA_VERSION=${{ env.FEDORA_VERSION }} + # FEDORA_EDITION=${{ matrix.fedora-edition }} + # BASE_TAG=${{ steps.generate-base-image-tag.outputs.base-tag }} + # NVIDIA_AKMODS_TAG=${{ matrix.fedora-version }} + + # - name: Push Image + # id: push + # uses: ./.github/actions/push-image + # with: + # builder: podman + # image-name: ${{ steps.build.outputs.image }} + # image-tags: ${{ steps.build.outputs.tags }} + # image-registry: ${{ env.IMAGE_REGISTRY }} + # registry-username: ${{ github.actor }} + # registry-password: ${{ secrets.GITHUB_TOKEN }} + + # - name: Sign Image + # uses: ./.github/actions/sign-image + # if: github.event_name != 'pull_request' + # with: + # registry: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} + # registry-provider: ghcr.io + # registry-username: ${{ github.actor }} + # registry-password: ${{ secrets.GITHUB_TOKEN }} + # digest: ${{ steps.push.outputs.digest }} + # private-key: ${{ secrets.ETERNAL_LINUX_SIGNING_KEY }} + # private-key-passphrase: ${{ secrets.ETERNAL_LINUX_SIGNING_KEY_PASSPHRASE }} check: - needs: [build-base, build-nvidia] + needs: [build-base] if: always() runs-on: ubuntu-latest steps: