From 143259d91b58bba85a80d7702d85a21cf81cbb91 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Sun, 24 Mar 2024 14:07:12 -0500 Subject: [PATCH] chore(ci): split build workflows by fedora version (#525) force merge since the build can't pass expected checks due to workflow changes --- .github/workflows/build-38.yml | 15 ++ .github/workflows/build-39.yml | 15 ++ .github/workflows/build-40.yml | 15 ++ .github/workflows/build.yml.save | 192 ------------------ .../{build.yml => reusable-build.yml} | 93 +++++---- README.md | 2 +- 6 files changed, 94 insertions(+), 238 deletions(-) create mode 100644 .github/workflows/build-38.yml create mode 100644 .github/workflows/build-39.yml create mode 100644 .github/workflows/build-40.yml delete mode 100644 .github/workflows/build.yml.save rename .github/workflows/{build.yml => reusable-build.yml} (79%) diff --git a/.github/workflows/build-38.yml b/.github/workflows/build-38.yml new file mode 100644 index 00000000..7cc1dfe0 --- /dev/null +++ b/.github/workflows/build-38.yml @@ -0,0 +1,15 @@ +name: ublue main 38 +on: + pull_request: + merge_group: + schedule: + - cron: '15 15 * * *' # 3pm-ish UTC everyday (timed against official fedora container pushes) + workflow_dispatch: + +jobs: + ublue-38: + name: "build ublue-os/*-main:38" + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + with: + fedora_version: 38 \ No newline at end of file diff --git a/.github/workflows/build-39.yml b/.github/workflows/build-39.yml new file mode 100644 index 00000000..94e579fc --- /dev/null +++ b/.github/workflows/build-39.yml @@ -0,0 +1,15 @@ +name: ublue main 39 +on: + pull_request: + merge_group: + schedule: + - cron: '0 15 * * *' # 3pm-ish UTC everyday (timed against official fedora container pushes) + workflow_dispatch: + +jobs: + ublue-39: + name: "build ublue-os/*-main:39" + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + with: + fedora_version: 39 \ No newline at end of file diff --git a/.github/workflows/build-40.yml b/.github/workflows/build-40.yml new file mode 100644 index 00000000..f5890ae3 --- /dev/null +++ b/.github/workflows/build-40.yml @@ -0,0 +1,15 @@ +name: ublue main 40 +on: + pull_request: + merge_group: + schedule: + - cron: '5 15 * * *' # 3pm-ish UTC everyday (timed against official fedora container pushes) + workflow_dispatch: + +jobs: + ublue-40: + name: "build ublue-os/*-main:40" + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + with: + fedora_version: 40 \ No newline at end of file diff --git a/.github/workflows/build.yml.save b/.github/workflows/build.yml.save deleted file mode 100644 index bfddbe6b..00000000 --- a/.github/workflows/build.yml.save +++ /dev/null @@ -1,192 +0,0 @@ -name: build-ublue -on: - pull_request: - pull_request_review: - type: [submitted] - merge_group: - schedule: - - cron: '0 7 * * *' # 7 am everyday - workflow_dispatch: -env: - IMAGE_BASE_NAME: main - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} - -jobs: - push-ghcr: - name: Build and push image - if: github.event.review.state == 'approved' || github.event_name != 'pull_request_review' - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - id-token: write - strategy: - fail-fast: false - matrix: - image_name: [silverblue, kinoite, vauxite, sericea, base, lxqt, mate] - major_version: [37, 38] - include: - - major_version: 37 - is_latest_version: false - is_stable_version: true - - major_version: 38 - is_latest_version: true - is_stable_version: true - exclude: - # There is no Fedora 37 version of sericea - # When F38 is added, sericea will automatically be built too - - image_name: sericea - major_version: 37 - steps: - - name: Delete image - uses: bots-house/ghcr-delete-image-action@v1.1.0 - with: - # NOTE: at now only orgs is supported - owner: bots-house - name: some-web-service - # NOTE: using Personal Access Token - token: ${{ secrets.PAT }} - tag: pr-${{github.event.pull_request.number}} - run: - - # Checkout push-to-registry action GitHub repository - - name: Checkout Push to Registry action - uses: actions/checkout@v3 - - - name: Matrix Variables - run: | - if [[ "${{ matrix.image_name }}" == "lxqt" || "${{ matrix.image_name }}" == "mate" ]]; then - echo "SOURCE_IMAGE=base" >> $GITHUB_ENV - else - echo "SOURCE_IMAGE=${{ matrix.image_name }}" >> $GITHUB_ENV - fi - echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.image_name, env.IMAGE_BASE_NAME) }}" >> $GITHUB_ENV - - - name: Generate tags - id: generate-tags - shell: bash - run: | - # Generate a timestamp for creating an image version history - TIMESTAMP="$(date +%Y%m%d)" - MAJOR_VERSION="${{ matrix.major_version }}" - COMMIT_TAGS=() - BUILD_TAGS=() - # Have tags for tracking builds during pull request - SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}-${MAJOR_VERSION}") - COMMIT_TAGS+=("${SHA_SHORT}-${MAJOR_VERSION}") - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then - COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}") - COMMIT_TAGS+=("${SHA_SHORT}") - fi - - BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION}-${TIMESTAMP}") - - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then - BUILD_TAGS+=("latest") - fi - - if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then - echo "Generated the following commit tags: " - for TAG in "${COMMIT_TAGS[@]}"; do - echo "${TAG}" - done - alias_tags=("${COMMIT_TAGS[@]}") - else - alias_tags=("${BUILD_TAGS[@]}") - fi - echo "Generated the following build tags: " - for TAG in "${BUILD_TAGS[@]}"; do - echo "${TAG}" - done - echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - - - name: Get current version - id: labels - run: | - ver=$(skopeo inspect docker://quay.io/fedora-ostree-desktops/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]') - echo "VERSION=$ver" >> $GITHUB_OUTPUT - - # Build metadata - - name: Image Metadata - uses: docker/metadata-action@v4 - id: meta - with: - images: | - ${{ env.IMAGE_NAME }} - labels: | - org.opencontainers.image.title=${{ env.IMAGE_NAME }} - org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }} - org.opencontainers.image.description=A base ${{ env.IMAGE_NAME }} image with batteries included - io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/main/main/README.md - io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 - - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - image: ${{ env.IMAGE_NAME }} - tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - build-args: | - IMAGE_NAME=${{ matrix.image_name }} - SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} - FEDORA_MAJOR_VERSION=${{ matrix.major_version }} - labels: ${{ steps.meta.outputs.labels }} - oci: false - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v5 - with: - string: ${{ env.IMAGE_REGISTRY }} - - # Push the image to GHCR (Image Registry) - - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 - id: push - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --disable-content-trust - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Sign container - - uses: sigstore/cosign-installer@v3.1.1 - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - - - name: Sign container image - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - run: | - cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} - env: - TAGS: ${{ steps.push.outputs.digest }} - COSIGN_EXPERIMENTAL: false - COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} - - - name: Echo outputs - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - run: | - echo "${{ toJSON(steps.push.outputs) }}" diff --git a/.github/workflows/build.yml b/.github/workflows/reusable-build.yml similarity index 79% rename from .github/workflows/build.yml rename to .github/workflows/reusable-build.yml index a0e66a7d..fac2928f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/reusable-build.yml @@ -1,16 +1,17 @@ name: build-ublue on: - pull_request: - merge_group: - schedule: - - cron: '0 15 * * *' # 3pm UTC everyday (timed against official fedora container pushes) - workflow_dispatch: + workflow_call: + inputs: + fedora_version: + description: 'The Fedora release version: 38, 39, 40, etc' + required: true + type: string env: IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} jobs: - push-ghcr: - name: main image + build_ublue: + name: image runs-on: ubuntu-22.04 permissions: contents: read @@ -19,6 +20,8 @@ jobs: strategy: fail-fast: false matrix: + fedora_version: + - ${{ inputs.fedora_version }} image_name: - silverblue - kinoite @@ -29,42 +32,28 @@ jobs: - lazurite - mate - vauxite - major_version: [38, 39, 40] build_target: [nokmods, kmods] - include: - - major_version: 38 - is_latest_version: false - is_stable_version: true - is_gts_version: true - - major_version: 39 - is_latest_version: true - is_stable_version: true - is_gts_version: false - - major_version: 40 - is_latest_version: false - is_stable_version: false - is_gts_version: false exclude: # There is no Fedora 38 version of onyx or lazurite - image_name: onyx - major_version: 38 + fedora_version: 38 - image_name: lazurite - major_version: 38 + fedora_version: 38 # There is no Fedora 39+ version of lxqt as it was replaced by lazurite - image_name: lxqt - major_version: 39 + fedora_version: 39 - image_name: lxqt - major_version: 40 + fedora_version: 40 # There is currently no Fedora 40 version of mate - image_name: mate - major_version: 40 + fedora_version: 40 # THE FOLLOWING EXCLUDE IS MESSY BUT TEMPORARY UNTIL F38 IS GONE # see: https://github.com/ublue-os/main/issues/369 # Fedora 39+ images do not include custom kmods (legacy) - build_target: kmods - major_version: 39 + fedora_version: 39 - build_target: kmods - major_version: 40 + fedora_version: 40 steps: # Checkout push-to-registry action GitHub repository - name: Checkout Push to Registry action @@ -73,7 +62,7 @@ jobs: - name: Matrix Variables shell: bash run: | - if [[ "${{ matrix.major_version }}" -ge "41" ]] && \ + if [[ "${{ matrix.fedora_version }}" -ge "41" ]] && \ grep "${{ matrix.image_name }}" <<< "silverblue, kinoite, sericea, onyx"; then echo "SOURCE_ORG=fedora" >> $GITHUB_ENV echo "SOURCE_IMAGE=fedora-${{ matrix.image_name }}" >> $GITHUB_ENV @@ -89,14 +78,14 @@ jobs: # THE FOLLOWING IS MESSY BUT TEMPORARY UNTIL F38 IS GONE # see: https://github.com/ublue-os/main/issues/369 # Fedora 39+ images do not include custom kmods (legacy) - if [[ "${{ matrix.major_version}}" -ge "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then + if [[ "${{ matrix.fedora_version}}" -ge "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then export IMAGE_FLAVOR=main - elif [[ "${{ matrix.major_version}}" -lt "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then + elif [[ "${{ matrix.fedora_version}}" -lt "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then export IMAGE_FLAVOR=nokmods - elif [[ "${{ matrix.major_version}}" -lt "39" && "${{ matrix.build_target }}" == "kmods" ]]; then + elif [[ "${{ matrix.fedora_version}}" -lt "39" && "${{ matrix.build_target }}" == "kmods" ]]; then export IMAGE_FLAVOR=main else - echo "ERROR: invalid workflow request - ${{ matrix.major_version }} - ${{ matrix.build_target }}" + echo "ERROR: invalid workflow request - ${{ matrix.fedora_version }} - ${{ matrix.build_target }}" exit 1 fi echo "IMAGE_NAME=${{ matrix.image_name }}-${IMAGE_FLAVOR}" >> $GITHUB_ENV @@ -107,7 +96,21 @@ jobs: run: | # Generate a timestamp for creating an image version history TIMESTAMP="$(date +%Y%m%d)" - VARIANT="${{ matrix.major_version }}" + VARIANT="${{ matrix.fedora_version }}" + + if [[ "${{ matrix.fedora_version }}" -eq "38" ]]; then + IS_LATEST_VERSION=false + IS_STABLE_VERSION=true + IS_GTS_VERSION=true + elif [[ "${{ matrix.fedora_version }}" -eq "39" ]]; then + IS_LATEST_VERSION=true + IS_STABLE_VERSION=true + IS_GTS_VERSION=false + elif [[ "${{ matrix.fedora_version }}" -eq "40" ]]; then + IS_LATEST_VERSION=false + IS_STABLE_VERSION=false + IS_GTS_VERSION=false + fi COMMIT_TAGS=() BUILD_TAGS=() @@ -117,8 +120,8 @@ jobs: COMMIT_TAGS+=("pr-${{ github.event.number }}-${VARIANT}") COMMIT_TAGS+=("${SHA_SHORT}-${VARIANT}") - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then + if [[ "${IS_LATEST_VERSION}" == "true" ]] && \ + [[ "${IS_STABLE_VERSION}" == "true" ]]; then COMMIT_TAGS+=("pr-${{ github.event.number }}") COMMIT_TAGS+=("${SHA_SHORT}") fi @@ -130,11 +133,11 @@ jobs: BUILD_TAGS+=("${TAG}-${TIMESTAMP}") done - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then + if [[ "${IS_LATEST_VERSION}" == "true" ]] && \ + [[ "${IS_STABLE_VERSION}" == "true" ]]; then BUILD_TAGS+=("${TIMESTAMP}") BUILD_TAGS+=("latest") - elif [[ "${{ matrix.is_gts_version }}" == "true" ]]; then + elif [[ "${IS_GTS_VERSION}" == "true" ]]; then BUILD_TAGS+=("gts-${TIMESTAMP}") BUILD_TAGS+=("gts") fi @@ -164,7 +167,7 @@ jobs: attempt_delay: 15000 command: | set -eo pipefail - ver=$(skopeo inspect docker://quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]') + ver=$(skopeo inspect docker://quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }} | jq -r '.Labels["org.opencontainers.image.version"]') if [ -z "$ver" ] || [ "null" = "$ver" ]; then echo "inspected image version must not be empty or null" exit 1 @@ -193,7 +196,7 @@ jobs: command: | # pull the base image used for FROM in containerfile so # we can retry on that unfortunately common failure case - podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} + podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }} # Build image using Buildah action - name: Build Image @@ -209,7 +212,7 @@ jobs: IMAGE_NAME=${{ matrix.image_name }} SOURCE_ORG=${{ env.SOURCE_ORG }} SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} - FEDORA_MAJOR_VERSION=${{ matrix.major_version }} + FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }} RPMFUSION_MIRROR=${{ vars.RPMFUSION_MIRROR }} labels: ${{ steps.meta.outputs.labels }} oci: false @@ -271,13 +274,13 @@ jobs: echo "${{ toJSON(steps.push.outputs) }}" check: - name: Check all builds successful + name: Check all ${{ inputs.fedora_version }} builds successful if: ${{ !cancelled() }} runs-on: ubuntu-latest - needs: [push-ghcr] + needs: [build_ublue] steps: - name: Exit on failure - if: ${{ needs.push-ghcr.result == 'failure' }} + if: ${{ needs.build_ublue.result == 'failure' }} shell: bash run: exit 1 - name: Exit diff --git a/README.md b/README.md index 76669aaa..0183996d 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Main -[![build-ublue](https://github.com/ublue-os/main/actions/workflows/build.yml/badge.svg)](https://github.com/ublue-os/main/actions/workflows/build.yml) +[![ublue-38](https://github.com/ublue-os/main/actions/workflows/build-38.yml/badge.svg)](https://github.com/ublue-os/main/actions/workflows/build-38.yml) [![ublue-39](https://github.com/ublue-os/main/actions/workflows/build-39.yml/badge.svg)](https://github.com/ublue-os/main/actions/workflows/build-39.yml) [![ublue-40](https://github.com/ublue-os/main/actions/workflows/build-40.yml/badge.svg)](https://github.com/ublue-os/main/actions/workflows/build-40.yml) A common main image for all other uBlue images, with minimal (but important) adjustments to Fedora. <3