Skip to content

Commit

Permalink
Merge pull request #1 from ublue-os/template
Browse files Browse the repository at this point in the history
Update to modular style
  • Loading branch information
m2Giles authored Sep 15, 2023
2 parents d04ad0f + 90a4471 commit 06ce57b
Show file tree
Hide file tree
Showing 25 changed files with 281 additions and 552 deletions.
67 changes: 32 additions & 35 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -1,42 +1,30 @@
# This workflow builds every branch of the repository daily at 20:22 UTC, one hour after ublue-os/nvidia builds.
# The images are also built after pushuing changes or pull requests.
# The builds can also be triggered manually in the Actions tab thanks to workflow dispatch.
# Only the branch called `live` is published.


name: build-ublue
on:
# Build *every* branch at 10:20pm UTC every day (1 hr delay after "nvidia" builds),
# regardless of the branch names. (Not just "live, template and main" branches.)
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
on: # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
schedule:
- cron: "20 22 * * *"
# Build automatically after pushing commits or tags to the "live", "template"
# or "main" branches, except when the commit only affects "documentation" text files.
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
push:
branches:
- live
- template
- main
paths-ignore:
paths-ignore: # don't rebuild if only documentation has changed
- "**.md"
- "**.txt"
# Build pull requests whenever they are opened or updated, to make sure they
# work. The build won't be deployed, since we filter out PRs in the deployment
# stage. Note that submitted PRs run the workflow of the *fork's* own primary
# branch, using the fork's own secrets/environment. Please be sure to sync
# your primary branch with upstream's latest workflow before submitting PRs!
# For pull requests, we build *any* branch regardless of name, to allow "build
# checks" to succeed for typical PR branch names such as "fix-something".
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
pull_request:
# Build when manually triggering this workflow for a branch. This allows you
# to build any branch, even if it's not listed in the automated triggers above.
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
workflow_dispatch:

env:
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}

# Only deploys the branch named "live". Ignores all other branches, to allow
# having "development" branches without interfering with GHCR image uploads.
jobs:
push-ghcr:
# Only deploys the branch named "live". Ignores all other branches, to allow
# having "development" branches without interfering with GHCR image uploads.
name: Build and push image
runs-on: ubuntu-22.04
permissions:
Expand All @@ -45,29 +33,34 @@ jobs:
id-token: write
strategy:
fail-fast: false

matrix:
# !!!
# Add recipes for all the images you want to build here.
# Don't add module configuration files, you will get errors.
recipe:
- recipe.yml
# !!!

steps:
# Checkout push-to-registry action GitHub repository
- name: Checkout Push to Registry action
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Add yq for reading recipe.yml
uses: mikefarah/yq@v4.34.2
- name: Add yq (for reading recipe.yml)
uses: mikefarah/yq@v4.35.1

- name: Gather image data from recipe
run: |
echo "IMAGE_NAME=$(yq '.name' ./${{ matrix.recipe }})" >> $GITHUB_ENV
echo "IMAGE_DESCRIPTION=$(yq '.description' ./${{ matrix.recipe }})" >> $GITHUB_ENV
echo "FEDORA_MAJOR_VERSION=$(yq '.fedora-version' ./${{ matrix.recipe }})" >> $GITHUB_ENV
echo "BASE_IMAGE_URL=$(yq '.base-image' ./${{ matrix.recipe }})" >> $GITHUB_ENV
echo "IMAGE_NAME=$(yq '.name' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV
echo "IMAGE_DESCRIPTION=$(yq '.description' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV
echo "IMAGE_MAJOR_VERSION=$(yq '.image-version' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV
echo "BASE_IMAGE_URL=$(yq '.base-image' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV
- name: Get current version
id: labels
run: |
ver=$(skopeo inspect docker://${{ env.BASE_IMAGE_URL }}:${{ env.FEDORA_MAJOR_VERSION }} | jq -r '.Labels["org.opencontainers.image.version"]')
ver=$(skopeo inspect docker://${{ env.BASE_IMAGE_URL }}:${{ env.IMAGE_MAJOR_VERSION }} | jq -r '.Labels["org.opencontainers.image.version"]')
echo "VERSION=$ver" >> $GITHUB_OUTPUT
- name: Generate tags
Expand All @@ -81,10 +74,14 @@ jobs:
BUILD_TAGS=()
# Have tags for tracking builds during pull request
SHA_SHORT="${GITHUB_SHA::7}"
COMMIT_TAGS+=("pr-${{ github.event.number }}-${MAJOR_VERSION}")
COMMIT_TAGS+=("${SHA_SHORT}-${MAJOR_VERSION}")
BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION}-${TIMESTAMP}")
# Using clever bash string templating, https://stackoverflow.com/q/40771781
# don't make malformed tags if $MAJOR_VERSION is empty (base-image didn't include proper labels) --
COMMIT_TAGS+=("pr-${{ github.event.number }}${MAJOR_VERSION:+-$MAJOR_VERSION}")
COMMIT_TAGS+=("${SHA_SHORT}${MAJOR_VERSION:+-$MAJOR_VERSION}")
BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION:+$MAJOR_VERSION-}${TIMESTAMP}")
# --
BUILD_TAGS+=("${TIMESTAMP}")
BUILD_TAGS+=("latest")
Expand Down Expand Up @@ -143,7 +140,7 @@ jobs:
tags: |
${{ steps.generate-tags.outputs.alias_tags }}
build-args: |
FEDORA_MAJOR_VERSION=${{ env.FEDORA_MAJOR_VERSION }}
IMAGE_MAJOR_VERSION=${{ env.IMAGE_MAJOR_VERSION }}
BASE_IMAGE_URL=${{ env.BASE_IMAGE_URL }}
RECIPE=${{ matrix.recipe }}
IMAGE_REGISTRY=${{ steps.registry_case.outputs.lowercase }}
Expand Down Expand Up @@ -176,7 +173,7 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

# Sign container
- uses: sigstore/[email protected].1
- uses: sigstore/[email protected].2
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/live'

- name: Sign container image
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-iso.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
image: fedora:38
options: --privileged
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Generate ISO
uses: ublue-os/isogenerator@main
id: isogenerator
Expand Down
46 changes: 0 additions & 46 deletions CHANGELOG.md

This file was deleted.

64 changes: 27 additions & 37 deletions Containerfile
Original file line number Diff line number Diff line change
@@ -1,57 +1,47 @@
# This is the Containerfile for your custom image.
# This is the Containerfile for your custom image.

# It takes in the recipe, version, and base image as arguments,
# Instead of adding RUN statements here, you should consider creating a script
# in `config/scripts/`. Read more in `modules/script/README.md`

# This Containerfile takes in the recipe, version, and base image as arguments,
# all of which are provided by build.yml when doing builds
# in the cloud. The ARGs have default values, but changing those
# does nothing if the image is built in the cloud.

ARG FEDORA_MAJOR_VERSION=38
# Warning: changing this might not do anything for you. Read comment above.
# !! Warning: changing these might not do anything for you. Read comment above.
ARG IMAGE_MAJOR_VERSION=38
ARG BASE_IMAGE_URL=ghcr.io/ublue-os/silverblue-main

FROM ${BASE_IMAGE_URL}:${FEDORA_MAJOR_VERSION}

# The default recipe set to the recipe's default filename
# so that `podman build` should just work for many people.
ARG RECIPE=./recipe.yml
FROM ${BASE_IMAGE_URL}:${IMAGE_MAJOR_VERSION}

# The default recipe is set to the recipe's default filename
# so that `podman build` should just work for most people.
ARG RECIPE=recipe.yml
# The default image registry to write to policy.json and cosign.yaml
ARG IMAGE_REGISTRY=ghcr.io/ublue-os

# Copy static configurations and component files.
# Warning: If you want to place anything in "/etc" of the final image, you MUST
# place them in "./usr/etc" in your repo, so that they're written to "/usr/etc"
# on the final system. That is the proper directory for "system" configuration
# templates on immutable Fedora distros, whereas the normal "/etc" is ONLY meant
# for manual overrides and editing by the machine's admin AFTER installation!
# See issue #28 (https://github.com/ublue-os/startingpoint/issues/28).
COPY usr /usr

# Copy public key
COPY cosign.pub /usr/share/ublue-os/cosign.pub

# Copy the recipe that we're building.
COPY ${RECIPE} /usr/share/ublue-os/recipe.yml
# Copy the bling from ublue-os/bling into tmp, to be installed later by the bling module
# Feel free to remove these lines if you want to speed up image builds and don't want any bling
COPY --from=ghcr.io/ublue-os/bling:latest /rpms /tmp/bling/rpms
COPY --from=ghcr.io/ublue-os/bling:latest /files /tmp/bling/files

# Copy nix install script and Universal Blue wallpapers RPM from Bling image
COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm
# Copy build scripts & configuration
COPY build.sh /tmp/build.sh
COPY config /tmp/config/

# Integrate bling justfiles onto image
COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just
# Copy modules
# The default modules are inside ublue-os/bling
COPY --from=ghcr.io/ublue-os/bling:latest /modules /tmp/modules/
# Custom modules overwrite defaults
COPY modules /tmp/modules/

# Add nix installer if you want to use it
COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin

# "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml.
# Copied from the official container image since it's not available as an RPM.
# `yq` is used for parsing the yaml configuration
# It is copied from the official container image since it's not available as an RPM.
COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq

# Copy the build script and all custom scripts.
COPY scripts /tmp/scripts

# Run the build script, then clean up temp files and finalize container build.
RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \
chmod +x /tmp/scripts/build.sh && \
/tmp/scripts/build.sh && \
rm -rf /tmp/* /var/* && \
ostree container commit
RUN chmod +x /tmp/build.sh && /tmp/build.sh && \
rm -rf /tmp/* /var/* && ostree container commit
Loading

0 comments on commit 06ce57b

Please sign in to comment.