From 90faeb3eb1e11e3a61824edfa113c01f02c61617 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sun, 21 Jul 2024 13:04:26 -0400 Subject: [PATCH] chore(ci): Reduce copy layers (#612) Signed-off-by: m2Giles <69128853+m2Giles@users.noreply.github.com> --- .github/workflows/reusable-build.yml | 2 +- Containerfile | 30 +++++++++++++--------------- cleanup.sh | 8 ++++++++ initramfs.sh | 7 +++++++ install.sh | 18 ++++++++++++----- packages.sh | 6 +++--- post-install.sh | 2 +- 7 files changed, 47 insertions(+), 26 deletions(-) create mode 100755 cleanup.sh create mode 100755 initramfs.sh diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 93c23388..86089a68 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -16,7 +16,7 @@ concurrency: jobs: build_ublue: name: main - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write diff --git a/Containerfile b/Containerfile index 98e36283..73ea353c 100644 --- a/Containerfile +++ b/Containerfile @@ -9,6 +9,9 @@ FROM ghcr.io/ublue-os/config:latest AS config FROM ghcr.io/ublue-os/akmods:main-${FEDORA_MAJOR_VERSION} AS akmods FROM ghcr.io/ublue-os/main-kernel:${KERNEL_VERSION} AS kernel +FROM scratch AS ctx +COPY / / + FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" @@ -16,24 +19,19 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" ARG RPMFUSION_MIRROR="${:-}" ARG KERNEL_VERSION="${KERNEL_VERSION:-6.9.7-200.fc40.x86_64}" -COPY github-release-install.sh \ - install.sh \ - post-install.sh \ - packages.sh \ - packages.json \ - /tmp/ - -COPY --from=config /rpms /tmp/rpms -COPY --from=akmods /rpms/ublue-os /tmp/rpms -COPY --from=kernel /tmp/rpms /tmp/kernel-rpms COPY sys_files/usr /usr -RUN mkdir -p /var/lib/alternatives && \ - /tmp/install.sh && \ - /tmp/post-install.sh && \ +RUN --mount=type=cache,dst=/var/cache/rpm-ostree \ + --mount=type=bind,from=ctx,src=/,dst=/ctx \ + --mount=type=bind,from=config,src=/rpms,dst=/tmp/rpms \ + --mount=type=bind,from=akmods,src=/rpms/ublue-os,dst=/tmp/akmods-rpms \ + --mount=type=bind,from=kernel,src=/tmp/rpms,dst=/tmp/kernel-rpms \ + mkdir -p /var/lib/alternatives && \ + /ctx/install.sh && \ + /ctx/post-install.sh && \ mv /var/lib/alternatives /staged-alternatives && \ - rm -rf /tmp/* /var/* && \ + /ctx/cleanup.sh && \ ostree container commit && \ mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \ - mkdir -p /tmp /var/tmp && \ - chmod -R 1777 /tmp /var/tmp + mkdir -p /var/tmp && \ + chmod -R 1777 /var/tmp diff --git a/cleanup.sh b/cleanup.sh new file mode 100755 index 00000000..064dd0b4 --- /dev/null +++ b/cleanup.sh @@ -0,0 +1,8 @@ +#!/usr/bin/bash + +set -eoux pipefail +shopt -s extglob + +rm -rf /tmp/* || true +rm -rf /var/!(cache) +rm -rf /var/cache/!(rpm-ostree) diff --git a/initramfs.sh b/initramfs.sh new file mode 100755 index 00000000..f1941f0b --- /dev/null +++ b/initramfs.sh @@ -0,0 +1,7 @@ +#!/usr/bin/bash + +set -eoux pipefail + +QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(\d+\.\d+\.\d+)' | sed -E 's/kernel-//')" +/usr/libexec/rpm-ostree/wrapped/dracut --no-hostonly --kver "$QUALIFIED_KERNEL" --reproducible -v --add ostree -f "/lib/modules/$QUALIFIED_KERNEL/initramfs.img" +chmod 0600 "/lib/modules/$QUALIFIED_KERNEL/initramfs.img" diff --git a/install.sh b/install.sh index 3cff5312..101d9ea0 100755 --- a/install.sh +++ b/install.sh @@ -11,21 +11,24 @@ if [ -n "${RPMFUSION_MIRROR}" ]; then RPMFUSION_MIRROR_RPMS=${RPMFUSION_MIRROR} fi -curl -Lo /tmp/rpms/rpmfusion-free-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/free/fedora/rpmfusion-free-release-"${RELEASE}".noarch.rpm -curl -Lo /tmp/rpms/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/nonfree/fedora/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm +mkdir -p /tmp/rpm-repos +curl -Lo /tmp/rpm-repos/rpmfusion-free-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/free/fedora/rpmfusion-free-release-"${RELEASE}".noarch.rpm +curl -Lo /tmp/rpm-repos/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm "${RPMFUSION_MIRROR_RPMS}"/nonfree/fedora/rpmfusion-nonfree-release-"${RELEASE}".noarch.rpm curl -Lo /etc/yum.repos.d/_copr_ublue-os_staging.repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${RELEASE}"/ublue-os-staging-fedora-"${RELEASE}".repo curl -Lo /etc/yum.repos.d/_copr_kylegospo_oversteer.repo https://copr.fedorainfracloud.org/coprs/kylegospo/oversteer/repo/fedora-"${RELEASE}"/kylegospo-oversteer-fedora-"${RELEASE}".repo rpm-ostree install \ /tmp/rpms/*.rpm \ + /tmp/rpm-repos/*.rpm \ + /tmp/akmods-rpms/*.rpm \ fedora-repos-archive # Handle Kernel Skew with override replace rpm-ostree cliwrap install-to-root / if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then echo "Installing signed kernel from kernel-cache." - cd /tmp/kernel-rpms + cd /tmp rpm2cpio /tmp/kernel-rpms/kernel-core-*.rpm | cpio -idmv cp ./lib/modules/*/vmlinuz /usr/lib/modules/*/vmlinuz cd / @@ -33,6 +36,7 @@ else echo "Install kernel version ${KERNEL_VERSION} from kernel-cache." rpm-ostree override replace \ --experimental \ + --install=zstd \ /tmp/kernel-rpms/kernel-[0-9]*.rpm \ /tmp/kernel-rpms/kernel-core-*.rpm \ /tmp/kernel-rpms/kernel-modules-*.rpm @@ -59,10 +63,14 @@ if [ -n "${RPMFUSION_MIRROR}" ]; then fi # run common packages script -/tmp/packages.sh +/ctx/packages.sh ## install packages direct from github -/tmp/github-release-install.sh sigstore/cosign x86_64 +/ctx/github-release-install.sh sigstore/cosign x86_64 + +if [[ "${KERNEL_VERSION}" == "${QUALIFIED_KERNEL}" ]]; then + /ctx/initramfs.sh +fi if [ -n "${RPMFUSION_MIRROR}" ]; then # reset forced use of single rpmfusion mirror diff --git a/packages.sh b/packages.sh index 0c444c38..7194562f 100755 --- a/packages.sh +++ b/packages.sh @@ -7,12 +7,12 @@ RELEASE="$(rpm -E %fedora)" # build list of all packages requested for inclusion INCLUDED_PACKAGES=($(jq -r "[(.all.include | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".include | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ - | sort | unique[]" /tmp/packages.json)) + | sort | unique[]" /ctx/packages.json)) # build list of all packages requested for exclusion EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ - | sort | unique[]" /tmp/packages.json)) + | sort | unique[]" /ctx/packages.json)) # ensure exclusion list only contains packages already present on image @@ -40,7 +40,7 @@ fi # (this can happen if an included package pulls in a dependency) EXCLUDED_PACKAGES=($(jq -r "[(.all.exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[]), \ (select(.\"$FEDORA_MAJOR_VERSION\" != null).\"$FEDORA_MAJOR_VERSION\".exclude | (.all, select(.\"$IMAGE_NAME\" != null).\"$IMAGE_NAME\")[])] \ - | sort | unique[]" /tmp/packages.json)) + | sort | unique[]" /ctx/packages.json)) if [[ "${#EXCLUDED_PACKAGES[@]}" -gt 0 ]]; then EXCLUDED_PACKAGES=($(rpm -qa --queryformat='%{NAME} ' ${EXCLUDED_PACKAGES[@]})) diff --git a/post-install.sh b/post-install.sh index 53d69526..7adc2743 100755 --- a/post-install.sh +++ b/post-install.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -ouex pipefail