diff --git a/.github/workflow-scripts/buildah-build-and-push-manifest.sh b/.github/workflow-scripts/buildah-build-and-push-manifest.sh new file mode 100755 index 0000000..007d49a --- /dev/null +++ b/.github/workflow-scripts/buildah-build-and-push-manifest.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +cd /bootc-images +buildah manifest create bootc-images +buildah login \ + -u "$BUILDAH_USERNAME" \ + -p "$BUILDAH_PASSWORD" \ + "$(echo $BUILDAH_URL | cut -d "/" -f 1)" + +rm buildah-build-and-push-manifest.sh +for FILE in *; do + ARCH=$(echo $FILE | cut -d "-" -f 1) + FORMAT=$(echo $FILE | cut -d "-" -f 2) + + buildah manifest add bootc-images \ + --artifact $FILE \ + --artifact-type application/vnd.diskimage+$FORMAT \ + --os $FORMAT \ + --arch $ARCH +done + +buildah manifest push --all bootc-images docker://$BUILDAH_URL diff --git a/.github/workflows/build-bootc.yaml b/.github/workflows/build-bootc.yaml index 5d5c7ae..b4714e9 100644 --- a/.github/workflows/build-bootc.yaml +++ b/.github/workflows/build-bootc.yaml @@ -3,13 +3,14 @@ on: pull_request: schedule: - cron: '0 */12 * * *' + workflow_dispatch: env: REGISTRY: quay.io REPOSITORY: flightctl jobs: - build-and-push: + build-and-push-bootstrap-images: runs-on: ubuntu-latest permissions: @@ -18,12 +19,13 @@ jobs: id-token: write strategy: + fail-fast: false matrix: flavor: [centos, fedora, rhel] steps: - - name: Checkout - uses: actions/checkout@v2 + - name: Clone repository + uses: actions/checkout@v4 - name: Modify Containerfile run: | @@ -69,6 +71,8 @@ jobs: file: images/bootc/${{ matrix.flavor }}-bootc/Containerfile load: true tags: user/flightctl-agent:test + cache-from: type=gha + cache-to: type=gha,mode=max - name: Test image run: | @@ -79,13 +83,15 @@ jobs: - name: Push image id: push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v5 with: context: images/bootc/${{ matrix.flavor }}-bootc file: images/bootc/${{ matrix.flavor }}-bootc/Containerfile platforms: linux/amd64,linux/arm64 push: true tags: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/flightctl-agent-${{ matrix.flavor }}:bootstrap + cache-from: type=gha + cache-to: type=gha,mode=max - name: Install cosign uses: sigstore/cosign-installer@v3.5.0 @@ -95,3 +101,96 @@ jobs: cosign sign \ --yes \ ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/flightctl-agent-${{ matrix.flavor }}@${{ steps.push.outputs.digest }} + + + build-bootc-images: + needs: build-and-push-bootstrap-images + + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + flavor: [rhel, centos, fedora] + arch: [amd64, arm64] + format: [qcow2, raw] + + steps: + - name: Build bootc image + run: | + mkdir output + + if [ "${{ matrix.arch }}" == "arm64" ]; then + sudo apt install -y qemu-user-static + fi + + sudo podman run \ + --rm \ + -it \ + --privileged \ + --pull=newer \ + --security-opt label=type:unconfined_t \ + -v $(pwd)/output:/output \ + quay.io/centos-bootc/bootc-image-builder:latest \ + --target-arch ${{ matrix.arch }} \ + --type ${{ matrix.format }} \ + ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/flightctl-agent-${{ matrix.flavor }}:bootstrap + + if [ "${{ matrix.format }}" == "raw" ]; then + OUTPUT=output/image/disk.raw + else + OUTPUT=output/qcow2/disk.qcow2 + fi + + + sudo mv $OUTPUT "${{ matrix.arch }}-${{ matrix.format }}" + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.flavor }}-${{ matrix.arch}}-${{ matrix.format }} + path: ${{ matrix.arch }}-${{ matrix.format }} + compression-level: 0 + + push-bootc-images: + needs: build-bootc-images + + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + flavor: [rhel, centos, fedora] + + steps: + - name: Clone repository + uses: actions/checkout@v4 + + - name: Free disk space + run: | + sudo rm -rf /usr/share/dotnet + sudo rm -rf /opt/ghc + sudo rm -rf "/usr/local/share/boost" + sudo rm -rf "$AGENT_TOOLSDIRECTORY" + sudo rm -rf /usr/local/lib/android + + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + path: bootc-images + pattern: ${{ matrix.flavor }}-* + merge-multiple: true + + - name: Build and push disk images + run: | + cp .github/workflow-scripts/buildah-build-and-push-manifest.sh bootc-images + URL=${{ env.REGISTRY }}/${{ env.REPOSITORY }}/flightctl-agent-${{ matrix.flavor }} + + podman run \ + --rm \ + -v $(pwd)/bootc-images:/bootc-images \ + -e "BUILDAH_USERNAME=${{ secrets.QUAY_FLIGHTCTL_INFRA_ROBOT_USERNAME }}" \ + -e "BUILDAH_PASSWORD=${{ secrets.QUAY_FLIGHTCTL_INFRA_ROBOT_PASSWORD }}" \ + -e "BUILDAH_URL=$URL:bootc" \ + quay.io/buildah/stable:v1.36.0 \ + /bootc-images/buildah-build-and-push-manifest.sh diff --git a/fetch-artifact.sh b/fetch-artifact.sh new file mode 100755 index 0000000..4dd5efc --- /dev/null +++ b/fetch-artifact.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +# Args: +# $1: container registry url +# $2: platform +# $3: output path + +sha=$(oras manifest fetch $1 --platform $2 | jq '.layers.[0].digest' -r) +oras blob fetch $1@$sha --output $3 diff --git a/images/bootc/fedora-bootc/00-fedora.toml b/images/bootc/fedora-bootc/00-fedora.toml index db8670a..61c053b 100644 --- a/images/bootc/fedora-bootc/00-fedora.toml +++ b/images/bootc/fedora-bootc/00-fedora.toml @@ -1,3 +1,3 @@ [install] root-fs-type = "xfs" -kargs = "audit=0" +kargs = ["audit=0"]