forked from blue-build/legacy-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from ublue-os/template
Update to modular style
- Loading branch information
Showing
25 changed files
with
281 additions
and
552 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,42 +1,30 @@ | ||
# This workflow builds every branch of the repository daily at 20:22 UTC, one hour after ublue-os/nvidia builds. | ||
# The images are also built after pushuing changes or pull requests. | ||
# The builds can also be triggered manually in the Actions tab thanks to workflow dispatch. | ||
# Only the branch called `live` is published. | ||
|
||
|
||
name: build-ublue | ||
on: | ||
# Build *every* branch at 10:20pm UTC every day (1 hr delay after "nvidia" builds), | ||
# regardless of the branch names. (Not just "live, template and main" branches.) | ||
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule | ||
on: # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows | ||
schedule: | ||
- cron: "20 22 * * *" | ||
# Build automatically after pushing commits or tags to the "live", "template" | ||
# or "main" branches, except when the commit only affects "documentation" text files. | ||
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push | ||
push: | ||
branches: | ||
- live | ||
- template | ||
- main | ||
paths-ignore: | ||
paths-ignore: # don't rebuild if only documentation has changed | ||
- "**.md" | ||
- "**.txt" | ||
# Build pull requests whenever they are opened or updated, to make sure they | ||
# work. The build won't be deployed, since we filter out PRs in the deployment | ||
# stage. Note that submitted PRs run the workflow of the *fork's* own primary | ||
# branch, using the fork's own secrets/environment. Please be sure to sync | ||
# your primary branch with upstream's latest workflow before submitting PRs! | ||
# For pull requests, we build *any* branch regardless of name, to allow "build | ||
# checks" to succeed for typical PR branch names such as "fix-something". | ||
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request | ||
pull_request: | ||
# Build when manually triggering this workflow for a branch. This allows you | ||
# to build any branch, even if it's not listed in the automated triggers above. | ||
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch | ||
workflow_dispatch: | ||
|
||
env: | ||
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | ||
|
||
# Only deploys the branch named "live". Ignores all other branches, to allow | ||
# having "development" branches without interfering with GHCR image uploads. | ||
jobs: | ||
push-ghcr: | ||
# Only deploys the branch named "live". Ignores all other branches, to allow | ||
# having "development" branches without interfering with GHCR image uploads. | ||
name: Build and push image | ||
runs-on: ubuntu-22.04 | ||
permissions: | ||
|
@@ -45,29 +33,34 @@ jobs: | |
id-token: write | ||
strategy: | ||
fail-fast: false | ||
|
||
matrix: | ||
# !!! | ||
# Add recipes for all the images you want to build here. | ||
# Don't add module configuration files, you will get errors. | ||
recipe: | ||
- recipe.yml | ||
# !!! | ||
|
||
steps: | ||
# Checkout push-to-registry action GitHub repository | ||
- name: Checkout Push to Registry action | ||
uses: actions/checkout@v3 | ||
uses: actions/checkout@v4 | ||
|
||
- name: Add yq for reading recipe.yml | ||
uses: mikefarah/yq@v4.34.2 | ||
- name: Add yq (for reading recipe.yml) | ||
uses: mikefarah/yq@v4.35.1 | ||
|
||
- name: Gather image data from recipe | ||
run: | | ||
echo "IMAGE_NAME=$(yq '.name' ./${{ matrix.recipe }})" >> $GITHUB_ENV | ||
echo "IMAGE_DESCRIPTION=$(yq '.description' ./${{ matrix.recipe }})" >> $GITHUB_ENV | ||
echo "FEDORA_MAJOR_VERSION=$(yq '.fedora-version' ./${{ matrix.recipe }})" >> $GITHUB_ENV | ||
echo "BASE_IMAGE_URL=$(yq '.base-image' ./${{ matrix.recipe }})" >> $GITHUB_ENV | ||
echo "IMAGE_NAME=$(yq '.name' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV | ||
echo "IMAGE_DESCRIPTION=$(yq '.description' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV | ||
echo "IMAGE_MAJOR_VERSION=$(yq '.image-version' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV | ||
echo "BASE_IMAGE_URL=$(yq '.base-image' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV | ||
- name: Get current version | ||
id: labels | ||
run: | | ||
ver=$(skopeo inspect docker://${{ env.BASE_IMAGE_URL }}:${{ env.FEDORA_MAJOR_VERSION }} | jq -r '.Labels["org.opencontainers.image.version"]') | ||
ver=$(skopeo inspect docker://${{ env.BASE_IMAGE_URL }}:${{ env.IMAGE_MAJOR_VERSION }} | jq -r '.Labels["org.opencontainers.image.version"]') | ||
echo "VERSION=$ver" >> $GITHUB_OUTPUT | ||
- name: Generate tags | ||
|
@@ -81,10 +74,14 @@ jobs: | |
BUILD_TAGS=() | ||
# Have tags for tracking builds during pull request | ||
SHA_SHORT="${GITHUB_SHA::7}" | ||
COMMIT_TAGS+=("pr-${{ github.event.number }}-${MAJOR_VERSION}") | ||
COMMIT_TAGS+=("${SHA_SHORT}-${MAJOR_VERSION}") | ||
BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION}-${TIMESTAMP}") | ||
# Using clever bash string templating, https://stackoverflow.com/q/40771781 | ||
# don't make malformed tags if $MAJOR_VERSION is empty (base-image didn't include proper labels) -- | ||
COMMIT_TAGS+=("pr-${{ github.event.number }}${MAJOR_VERSION:+-$MAJOR_VERSION}") | ||
COMMIT_TAGS+=("${SHA_SHORT}${MAJOR_VERSION:+-$MAJOR_VERSION}") | ||
BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION:+$MAJOR_VERSION-}${TIMESTAMP}") | ||
# -- | ||
BUILD_TAGS+=("${TIMESTAMP}") | ||
BUILD_TAGS+=("latest") | ||
|
@@ -143,7 +140,7 @@ jobs: | |
tags: | | ||
${{ steps.generate-tags.outputs.alias_tags }} | ||
build-args: | | ||
FEDORA_MAJOR_VERSION=${{ env.FEDORA_MAJOR_VERSION }} | ||
IMAGE_MAJOR_VERSION=${{ env.IMAGE_MAJOR_VERSION }} | ||
BASE_IMAGE_URL=${{ env.BASE_IMAGE_URL }} | ||
RECIPE=${{ matrix.recipe }} | ||
IMAGE_REGISTRY=${{ steps.registry_case.outputs.lowercase }} | ||
|
@@ -176,7 +173,7 @@ jobs: | |
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
# Sign container | ||
- uses: sigstore/[email protected].1 | ||
- uses: sigstore/[email protected].2 | ||
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/live' | ||
|
||
- name: Sign container image | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,57 +1,47 @@ | ||
# This is the Containerfile for your custom image. | ||
# This is the Containerfile for your custom image. | ||
|
||
# It takes in the recipe, version, and base image as arguments, | ||
# Instead of adding RUN statements here, you should consider creating a script | ||
# in `config/scripts/`. Read more in `modules/script/README.md` | ||
|
||
# This Containerfile takes in the recipe, version, and base image as arguments, | ||
# all of which are provided by build.yml when doing builds | ||
# in the cloud. The ARGs have default values, but changing those | ||
# does nothing if the image is built in the cloud. | ||
|
||
ARG FEDORA_MAJOR_VERSION=38 | ||
# Warning: changing this might not do anything for you. Read comment above. | ||
# !! Warning: changing these might not do anything for you. Read comment above. | ||
ARG IMAGE_MAJOR_VERSION=38 | ||
ARG BASE_IMAGE_URL=ghcr.io/ublue-os/silverblue-main | ||
|
||
FROM ${BASE_IMAGE_URL}:${FEDORA_MAJOR_VERSION} | ||
|
||
# The default recipe set to the recipe's default filename | ||
# so that `podman build` should just work for many people. | ||
ARG RECIPE=./recipe.yml | ||
FROM ${BASE_IMAGE_URL}:${IMAGE_MAJOR_VERSION} | ||
|
||
# The default recipe is set to the recipe's default filename | ||
# so that `podman build` should just work for most people. | ||
ARG RECIPE=recipe.yml | ||
# The default image registry to write to policy.json and cosign.yaml | ||
ARG IMAGE_REGISTRY=ghcr.io/ublue-os | ||
|
||
# Copy static configurations and component files. | ||
# Warning: If you want to place anything in "/etc" of the final image, you MUST | ||
# place them in "./usr/etc" in your repo, so that they're written to "/usr/etc" | ||
# on the final system. That is the proper directory for "system" configuration | ||
# templates on immutable Fedora distros, whereas the normal "/etc" is ONLY meant | ||
# for manual overrides and editing by the machine's admin AFTER installation! | ||
# See issue #28 (https://github.com/ublue-os/startingpoint/issues/28). | ||
COPY usr /usr | ||
|
||
# Copy public key | ||
COPY cosign.pub /usr/share/ublue-os/cosign.pub | ||
|
||
# Copy the recipe that we're building. | ||
COPY ${RECIPE} /usr/share/ublue-os/recipe.yml | ||
# Copy the bling from ublue-os/bling into tmp, to be installed later by the bling module | ||
# Feel free to remove these lines if you want to speed up image builds and don't want any bling | ||
COPY --from=ghcr.io/ublue-os/bling:latest /rpms /tmp/bling/rpms | ||
COPY --from=ghcr.io/ublue-os/bling:latest /files /tmp/bling/files | ||
|
||
# Copy nix install script and Universal Blue wallpapers RPM from Bling image | ||
COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm | ||
# Copy build scripts & configuration | ||
COPY build.sh /tmp/build.sh | ||
COPY config /tmp/config/ | ||
|
||
# Integrate bling justfiles onto image | ||
COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just | ||
# Copy modules | ||
# The default modules are inside ublue-os/bling | ||
COPY --from=ghcr.io/ublue-os/bling:latest /modules /tmp/modules/ | ||
# Custom modules overwrite defaults | ||
COPY modules /tmp/modules/ | ||
|
||
# Add nix installer if you want to use it | ||
COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin | ||
|
||
# "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml. | ||
# Copied from the official container image since it's not available as an RPM. | ||
# `yq` is used for parsing the yaml configuration | ||
# It is copied from the official container image since it's not available as an RPM. | ||
COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq | ||
|
||
# Copy the build script and all custom scripts. | ||
COPY scripts /tmp/scripts | ||
|
||
# Run the build script, then clean up temp files and finalize container build. | ||
RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \ | ||
chmod +x /tmp/scripts/build.sh && \ | ||
/tmp/scripts/build.sh && \ | ||
rm -rf /tmp/* /var/* && \ | ||
ostree container commit | ||
RUN chmod +x /tmp/build.sh && /tmp/build.sh && \ | ||
rm -rf /tmp/* /var/* && ostree container commit |
Oops, something went wrong.