diff --git a/.github/workflows/build-38.yml b/.github/workflows/build-38.yml new file mode 100644 index 00000000..734ee0dd --- /dev/null +++ b/.github/workflows/build-38.yml @@ -0,0 +1,14 @@ +name: ublue-38 +on: + pull_request: + merge_group: + schedule: + - cron: '0 15 * * *' # 3pm UTC everyday (timed against official fedora container pushes) + workflow_dispatch: + +jobs: + build-38: + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + with: + fedora_version: 38 \ No newline at end of file diff --git a/.github/workflows/build-39.yml b/.github/workflows/build-39.yml new file mode 100644 index 00000000..57869732 --- /dev/null +++ b/.github/workflows/build-39.yml @@ -0,0 +1,14 @@ +name: ublue-39 +on: + pull_request: + merge_group: + schedule: + - cron: '0 5 * * *' # 3pm UTC everyday (timed against official fedora container pushes) + workflow_dispatch: + +jobs: + build-39: + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + with: + fedora_version: 39 \ No newline at end of file diff --git a/.github/workflows/build-40.yml b/.github/workflows/build-40.yml new file mode 100644 index 00000000..88f81e85 --- /dev/null +++ b/.github/workflows/build-40.yml @@ -0,0 +1,14 @@ +name: ublue-40 +on: + pull_request: + merge_group: + schedule: + - cron: '0 10 * * *' # 3pm UTC everyday (timed against official fedora container pushes) + workflow_dispatch: + +jobs: + build-40: + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + with: + fedora_version: 40 \ No newline at end of file diff --git a/.github/workflows/build.yml.save b/.github/workflows/build.yml.save deleted file mode 100644 index bfddbe6b..00000000 --- a/.github/workflows/build.yml.save +++ /dev/null @@ -1,192 +0,0 @@ -name: build-ublue -on: - pull_request: - pull_request_review: - type: [submitted] - merge_group: - schedule: - - cron: '0 7 * * *' # 7 am everyday - workflow_dispatch: -env: - IMAGE_BASE_NAME: main - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} - -jobs: - push-ghcr: - name: Build and push image - if: github.event.review.state == 'approved' || github.event_name != 'pull_request_review' - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - id-token: write - strategy: - fail-fast: false - matrix: - image_name: [silverblue, kinoite, vauxite, sericea, base, lxqt, mate] - major_version: [37, 38] - include: - - major_version: 37 - is_latest_version: false - is_stable_version: true - - major_version: 38 - is_latest_version: true - is_stable_version: true - exclude: - # There is no Fedora 37 version of sericea - # When F38 is added, sericea will automatically be built too - - image_name: sericea - major_version: 37 - steps: - - name: Delete image - uses: bots-house/ghcr-delete-image-action@v1.1.0 - with: - # NOTE: at now only orgs is supported - owner: bots-house - name: some-web-service - # NOTE: using Personal Access Token - token: ${{ secrets.PAT }} - tag: pr-${{github.event.pull_request.number}} - run: - - # Checkout push-to-registry action GitHub repository - - name: Checkout Push to Registry action - uses: actions/checkout@v3 - - - name: Matrix Variables - run: | - if [[ "${{ matrix.image_name }}" == "lxqt" || "${{ matrix.image_name }}" == "mate" ]]; then - echo "SOURCE_IMAGE=base" >> $GITHUB_ENV - else - echo "SOURCE_IMAGE=${{ matrix.image_name }}" >> $GITHUB_ENV - fi - echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.image_name, env.IMAGE_BASE_NAME) }}" >> $GITHUB_ENV - - - name: Generate tags - id: generate-tags - shell: bash - run: | - # Generate a timestamp for creating an image version history - TIMESTAMP="$(date +%Y%m%d)" - MAJOR_VERSION="${{ matrix.major_version }}" - COMMIT_TAGS=() - BUILD_TAGS=() - # Have tags for tracking builds during pull request - SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}-${MAJOR_VERSION}") - COMMIT_TAGS+=("${SHA_SHORT}-${MAJOR_VERSION}") - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then - COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}") - COMMIT_TAGS+=("${SHA_SHORT}") - fi - - BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION}-${TIMESTAMP}") - - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then - BUILD_TAGS+=("latest") - fi - - if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then - echo "Generated the following commit tags: " - for TAG in "${COMMIT_TAGS[@]}"; do - echo "${TAG}" - done - alias_tags=("${COMMIT_TAGS[@]}") - else - alias_tags=("${BUILD_TAGS[@]}") - fi - echo "Generated the following build tags: " - for TAG in "${BUILD_TAGS[@]}"; do - echo "${TAG}" - done - echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - - - name: Get current version - id: labels - run: | - ver=$(skopeo inspect docker://quay.io/fedora-ostree-desktops/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]') - echo "VERSION=$ver" >> $GITHUB_OUTPUT - - # Build metadata - - name: Image Metadata - uses: docker/metadata-action@v4 - id: meta - with: - images: | - ${{ env.IMAGE_NAME }} - labels: | - org.opencontainers.image.title=${{ env.IMAGE_NAME }} - org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }} - org.opencontainers.image.description=A base ${{ env.IMAGE_NAME }} image with batteries included - io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/main/main/README.md - io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 - - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - image: ${{ env.IMAGE_NAME }} - tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - build-args: | - IMAGE_NAME=${{ matrix.image_name }} - SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} - FEDORA_MAJOR_VERSION=${{ matrix.major_version }} - labels: ${{ steps.meta.outputs.labels }} - oci: false - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v5 - with: - string: ${{ env.IMAGE_REGISTRY }} - - # Push the image to GHCR (Image Registry) - - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 - id: push - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --disable-content-trust - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Sign container - - uses: sigstore/cosign-installer@v3.1.1 - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - - - name: Sign container image - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - run: | - cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} - env: - TAGS: ${{ steps.push.outputs.digest }} - COSIGN_EXPERIMENTAL: false - COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} - - - name: Echo outputs - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - run: | - echo "${{ toJSON(steps.push.outputs) }}" diff --git a/.github/workflows/build.yml b/.github/workflows/reusable-build.yml similarity index 88% rename from .github/workflows/build.yml rename to .github/workflows/reusable-build.yml index a0e66a7d..51f4eae5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/reusable-build.yml @@ -1,15 +1,16 @@ name: build-ublue on: - pull_request: - merge_group: - schedule: - - cron: '0 15 * * *' # 3pm UTC everyday (timed against official fedora container pushes) - workflow_dispatch: + workflow_call: + inputs: + fedora_version: + description: 'The Fedora release version: 38, 39, 40, etc' + required: true + type: string env: IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} jobs: - push-ghcr: + build_ublue: name: main image runs-on: ubuntu-22.04 permissions: @@ -29,42 +30,41 @@ jobs: - lazurite - mate - vauxite - major_version: [38, 39, 40] build_target: [nokmods, kmods] include: - - major_version: 38 + - fedora_version: 38 is_latest_version: false is_stable_version: true is_gts_version: true - - major_version: 39 + - fedora_version: 39 is_latest_version: true is_stable_version: true is_gts_version: false - - major_version: 40 + - fedora_version: 40 is_latest_version: false is_stable_version: false is_gts_version: false exclude: # There is no Fedora 38 version of onyx or lazurite - image_name: onyx - major_version: 38 + fedora_version: 38 - image_name: lazurite - major_version: 38 + fedora_version: 38 # There is no Fedora 39+ version of lxqt as it was replaced by lazurite - image_name: lxqt - major_version: 39 + fedora_version: 39 - image_name: lxqt - major_version: 40 + fedora_version: 40 # There is currently no Fedora 40 version of mate - image_name: mate - major_version: 40 + fedora_version: 40 # THE FOLLOWING EXCLUDE IS MESSY BUT TEMPORARY UNTIL F38 IS GONE # see: https://github.com/ublue-os/main/issues/369 # Fedora 39+ images do not include custom kmods (legacy) - build_target: kmods - major_version: 39 + fedora_version: 39 - build_target: kmods - major_version: 40 + fedora_version: 40 steps: # Checkout push-to-registry action GitHub repository - name: Checkout Push to Registry action @@ -73,7 +73,7 @@ jobs: - name: Matrix Variables shell: bash run: | - if [[ "${{ matrix.major_version }}" -ge "41" ]] && \ + if [[ "${{ matrix.fedora_version }}" -ge "41" ]] && \ grep "${{ matrix.image_name }}" <<< "silverblue, kinoite, sericea, onyx"; then echo "SOURCE_ORG=fedora" >> $GITHUB_ENV echo "SOURCE_IMAGE=fedora-${{ matrix.image_name }}" >> $GITHUB_ENV @@ -89,14 +89,14 @@ jobs: # THE FOLLOWING IS MESSY BUT TEMPORARY UNTIL F38 IS GONE # see: https://github.com/ublue-os/main/issues/369 # Fedora 39+ images do not include custom kmods (legacy) - if [[ "${{ matrix.major_version}}" -ge "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then + if [[ "${{ matrix.fedora_version}}" -ge "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then export IMAGE_FLAVOR=main - elif [[ "${{ matrix.major_version}}" -lt "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then + elif [[ "${{ matrix.fedora_version}}" -lt "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then export IMAGE_FLAVOR=nokmods - elif [[ "${{ matrix.major_version}}" -lt "39" && "${{ matrix.build_target }}" == "kmods" ]]; then + elif [[ "${{ matrix.fedora_version}}" -lt "39" && "${{ matrix.build_target }}" == "kmods" ]]; then export IMAGE_FLAVOR=main else - echo "ERROR: invalid workflow request - ${{ matrix.major_version }} - ${{ matrix.build_target }}" + echo "ERROR: invalid workflow request - ${{ matrix.fedora_version }} - ${{ matrix.build_target }}" exit 1 fi echo "IMAGE_NAME=${{ matrix.image_name }}-${IMAGE_FLAVOR}" >> $GITHUB_ENV @@ -107,7 +107,7 @@ jobs: run: | # Generate a timestamp for creating an image version history TIMESTAMP="$(date +%Y%m%d)" - VARIANT="${{ matrix.major_version }}" + VARIANT="${{ matrix.fedora_version }}" COMMIT_TAGS=() BUILD_TAGS=() @@ -164,7 +164,7 @@ jobs: attempt_delay: 15000 command: | set -eo pipefail - ver=$(skopeo inspect docker://quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]') + ver=$(skopeo inspect docker://quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }} | jq -r '.Labels["org.opencontainers.image.version"]') if [ -z "$ver" ] || [ "null" = "$ver" ]; then echo "inspected image version must not be empty or null" exit 1 @@ -193,7 +193,7 @@ jobs: command: | # pull the base image used for FROM in containerfile so # we can retry on that unfortunately common failure case - podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} + podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }} # Build image using Buildah action - name: Build Image @@ -274,7 +274,7 @@ jobs: name: Check all builds successful if: ${{ !cancelled() }} runs-on: ubuntu-latest - needs: [push-ghcr] + needs: [build_ublue] steps: - name: Exit on failure if: ${{ needs.push-ghcr.result == 'failure' }}