Skip to content

Commit

Permalink
Build fedora-server based image
Browse files Browse the repository at this point in the history
  • Loading branch information
karuboniru committed Jan 24, 2024
1 parent ad61c4d commit 35e41ce
Show file tree
Hide file tree
Showing 2 changed files with 276 additions and 0 deletions.
53 changes: 53 additions & 0 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: Build Ostree Container Image

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

on:
schedule:
- cron: '00 9 * * 1'
push:
branches: [ '*' ]

env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}

jobs:
build:
runs-on: ubuntu-latest
container:
image: fedora:latest
options: --privileged
permissions:
contents: read
packages: write
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Build
env:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
image: ${{ env.IMAGE_NAME }}
tag: ${{ github.ref_name }}
composefile: server.yaml
run: |
dnf -y install rpm-ostree skopeo selinux-policy-targeted
skopeo login -u $username -p $password $registry
mkdir -p repo cache
ostree init --repo=repo --mode=archive
rpm-ostree compose image --initialize-mode=if-not-exists \
--format registry --layer-repo repo --cachedir=cache \
$composefile \
$registry/$image:$tag
223 changes: 223 additions & 0 deletions server.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,223 @@
include:
- fedora-common-ostree.yaml
ref: fedora/40/${basearch}/karuboniru-server

repos:
- fedora-40
- fedora-40-updates

packages:
- NetworkManager-bluetooth
- NetworkManager-l2tp
- NetworkManager-libreswan
- NetworkManager-openconnect
- NetworkManager-vpnc
- NetworkManager-wifi
- abattis-cantarell-fonts
- acl
- alsa-sof-firmware
- apcupsd
- appstream-data
- attr
- bash-color-prompt
- bat
- bear
- bind-utils
- boost-devel
- bootc
- borgbackup
- buildah
- certbot
- checksec
- chrony
- cifs-utils
- cifs-utils-info
- clang
- clang-tools-extra
- cmake
- cmake-data
- cockpit
- cockpit-file-sharing
- cockpit-kdump
- cockpit-machines
- cockpit-navigator
- cockpit-pcp
- cockpit-podman
- cockpit-selinux
- compsize
- conntrack-tools
- copr-cli
- default-editor
- dhcp-client
- dos2unix
- dracut-config-rescue
- efibootmgr
- eigen3-devel
- firewalld
- flexiblas-openblas-serial
- flexiblas-openblas-serial64
- flexiblas-openblas-threads
- flexiblas-openblas-threads64
- fpaste
- fwupd
- fwupd-plugin-flashrom
- fwupd-plugin-modem-manager
- fwupd-plugin-uefi-capsule-data
- fzf
- gawk-all-langpacks
- gcc-gdb-plugin
- gcc-gfortran
- gdb
- ghostscript
- ghostscript-tools-fonts
- ghostscript-tools-printing
- git
- perl-Git
- glances
- gnome-keyring
- grub2-tools-efi
- grub2-tools-extra
- gsl-devel
- gstreamer1-plugins-bad-free-libs
- hdparm
- htop
- hunspell-en
- iotop
- iperf3
- ipmitool
- iptraf-ng
- iptstate
- irqbalance
- iwlegacy-firmware
- iwlwifi-dvm-firmware
- iwlwifi-mvm-firmware
- jwhois
- kernel
- kernel
- kernel
- kernel-modules-extra
- kernel-modules-extra
- kernel-modules-extra
- kernel-tools
- langpacks-zh_CN
- lhapdf-devel
- libXext-devel
- libXft-devel
- libXpm-devel
- libasan
- libdovi
- libertas-firmware
- libnsl2-devel
- libtool
- libubsan
- liburing-devel
- lm_sensors
- log4cpp-devel
- lsof
- ltrace
- man-pages
- man-pages-zh-CN
- mcelog
- microcode_ctl
- mtr
- net-tools
- nginx-mod-stream
- ninja-build
- nmap
- ntfs2btrfs
- numactl
- nvme-cli
- openblas-devel
- opensc
- openssh-server
- openssl-devel
- p7zip
- pandoc
- passwdqc
- patchutils
- pciutils
- perf
- perl-FindBin
- perl-Unicode-Normalize
- perl-YAML-Tiny
- perl-sigtrap
- pipewire-alsa
- pipewire-pulseaudio
- plymouth
- plymouth-scripts
- podman-docker
- podman-plugins
- powertop
- pythia8-devel
- python3-certbot-dns-cloudflare
- python3-pwntools
- python3-rangehttpserver
- python3-root
- qemu-kvm
- radvd
- rclone
- remove-retired-packages
- root-genvector
- root-geom
- root-gui-webgui6
- root-hist-factory
- root-minuit2
- root-montecarlo-pythia8
- root-netx
- root-roofit-more
- root-smatrix
- root-spectrum
- root-tutorial
- root-unfold
- rootfiles
- rpm-ostree
- rust2rpm
- samba-client
- setools-console
- setserial
- shim-x64
- smartmontools
- softnet-stat
- sssd-kcm
- strace
- stress
- sudo
- sudo-python-plugin
- systemd-oomd-defaults
- systemd-container
- targetcli
- tbb-devel
- tcpdump
- time
- tmux
- toolbox
- tpm2-pkcs11
- tpm2-pkcs11-tools
- traceroute
- tree
- udica
- unar
- usb_modeswitch
- usb_modeswitch-data
- usbutils
- valgrind
- vim-minimal
- waypipe
- whois
- wireguard-tools
- wol
- words
- xorg-x11-xauth
- xrootd-client
- xrootd-voms
- zram-generator-defaults
- zsh

postprocess:
- |
# Enable root login with simple password, to
# make sure user can get access after applying
# image
echo "root" | passwd --stdin root
mkdir -p /etc/ssh/sshd_config.d
echo "PasswordAuthentication no" > /etc/ssh/sshd_config.d/99-password-authentication.conf

0 comments on commit 35e41ce

Please sign in to comment.