From c6ae37280bcf5a1fcf9a18d3d55b169a1d8f4ff3 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 13:10:29 -0400 Subject: [PATCH 001/101] refactor: Reorganize Build Process Signed-off-by: m2 <69128853+m2Giles@users.noreply.github.com> This significantly reworks the build system for Bluefin/Aurora. Changes: Consolidates Workflows Removes Surface and Asus images in favor of a single HWE image Refwrite of local dev Justfile Reorganization and Consolidation of build files Add new files Signed-off-by: m2 <69128853+m2Giles@users.noreply.github.com> --- .devcontainer/devcontainer.json | 34 -- .github/workflows/build-aurora-stable-iso.yml | 12 - .github/workflows/build-beta-bluefin.yml | 30 - .../workflows/build-bluefin-latest-iso.yml | 15 - .../workflows/build-coreos-aurora-daily.yml | 16 - .../workflows/build-coreos-aurora-weekly.yml | 16 - .github/workflows/build-coreos-aurora.yml | 24 - .../workflows/build-coreos-bluefin-daily.yml | 17 - .../workflows/build-coreos-bluefin-weekly.yml | 16 - ...d-beta-aurora.yml => build-image-beta.yml} | 11 +- ...ld-gts-bluefin.yml => build-image-gts.yml} | 10 +- ...test-aurora.yml => build-image-latest.yml} | 9 +- ...eos-bluefin.yml => build-image-stable.yml} | 11 +- .github/workflows/build-images.yml | 22 + ...-bluefin-gts-iso.yml => build-iso-gts.yml} | 8 +- ...ra-latest-iso.yml => build-iso-latest.yml} | 13 +- ...in-stable-iso.yml => build-iso-stable.yml} | 9 +- .github/workflows/build-isos.yml | 19 + .github/workflows/build-latest-bluefin.yml | 27 - .github/workflows/reusable-build-iso.yml | 48 +- .github/workflows/reusable-build.yml | 375 ++++-------- .gitignore | 4 +- Containerfile | 80 +-- Justfile | 574 +++++++++++++++--- build_files/aurora-changes.sh | 31 - build_files/base/00-build-fix.sh | 25 + build_files/base/01-install-copr-repos.sh | 15 + build_files/base/02-install-kernel-akmods.sh | 90 +++ .../{packages.sh => base/03-packages.sh} | 0 build_files/base/04-override-install.sh | 77 +++ build_files/base/05-base-image-changes.sh | 96 +++ .../{firmware.sh => base/06-firmware.sh} | 2 +- build_files/{brew.sh => base/07-brew.sh} | 0 build_files/{bootc.sh => base/08-bootc.sh} | 0 .../{cleanup.sh => base/09-cleanup.sh} | 18 +- build_files/{ => base}/fetch-quadlets.sh | 0 build_files/base/hwe-additions.sh | 33 + build_files/{ => base}/image-info.sh | 9 +- build_files/{ => base}/initramfs.sh | 0 build_files/base/workarounds.sh | 8 + build_files/bluefin-changes.sh | 39 -- build_files/branding-dx.sh | 12 - build_files/branding.sh | 13 - build_files/build-base.sh | 30 - build_files/build-dx.sh | 21 - build_files/cache_kernel.sh | 15 - build_files/copr-repos-dx.sh | 22 - build_files/copr-repos.sh | 90 --- build_files/dx/01-install-copr-repos-dx.sh | 29 + build_files/dx/02-install-kernel-akmods-dx.sh | 22 + .../{packages-dx.sh => dx/03-packages-dx.sh} | 0 .../04-override-install-dx.sh} | 9 +- .../{cleanup-dx.sh => dx/09-cleanup-dx.sh} | 16 +- build_files/fetch-install-dx.sh | 7 - build_files/fetch-install.sh | 26 - build_files/font-install.sh | 13 - build_files/install-akmods-dx.sh | 9 - build_files/install-akmods.sh | 49 -- build_files/nvidia.sh | 11 - build_files/shared/build-base.sh | 65 ++ build_files/shared/build-dx.sh | 47 ++ build_files/{ => shared}/clean-stage.sh | 0 build_files/systemd-dx.sh | 12 - build_files/systemd.sh | 17 - build_files/workarounds.sh | 6 - scripts/base-image.sh | 12 - scripts/build-image.sh | 67 -- scripts/build-iso-ghcr.sh | 29 - scripts/build-iso-installer-main.sh | 40 -- scripts/build-iso.sh | 40 -- scripts/cleanup-dir.sh | 14 - scripts/cleanup-images.sh | 15 - scripts/common-build-iso.sh | 115 ---- scripts/container_mgr.sh | 21 - scripts/files/build-iso-makefile-patch | 11 - scripts/files/etc/group | 22 - scripts/files/etc/hostname | 1 - scripts/files/etc/passwd | 10 - scripts/files/etc/shadow | 59 -- scripts/get-defaults.sh | 41 -- scripts/list-images.sh | 14 - scripts/make-tag.sh | 12 - scripts/run-booted-guest.sh | 95 --- scripts/run-booted-home.sh | 78 --- scripts/run-image.sh | 30 - scripts/run-iso.sh | 41 -- scripts/sudoif.sh | 16 - 87 files changed, 1275 insertions(+), 1892 deletions(-) delete mode 100644 .devcontainer/devcontainer.json delete mode 100644 .github/workflows/build-aurora-stable-iso.yml delete mode 100644 .github/workflows/build-beta-bluefin.yml delete mode 100644 .github/workflows/build-bluefin-latest-iso.yml delete mode 100644 .github/workflows/build-coreos-aurora-daily.yml delete mode 100644 .github/workflows/build-coreos-aurora-weekly.yml delete mode 100644 .github/workflows/build-coreos-aurora.yml delete mode 100644 .github/workflows/build-coreos-bluefin-daily.yml delete mode 100644 .github/workflows/build-coreos-bluefin-weekly.yml rename .github/workflows/{build-beta-aurora.yml => build-image-beta.yml} (69%) rename .github/workflows/{build-gts-bluefin.yml => build-image-gts.yml} (70%) rename .github/workflows/{build-latest-aurora.yml => build-image-latest.yml} (80%) rename .github/workflows/{build-coreos-bluefin.yml => build-image-stable.yml} (65%) create mode 100644 .github/workflows/build-images.yml rename .github/workflows/{build-bluefin-gts-iso.yml => build-iso-gts.yml} (70%) rename .github/workflows/{build-aurora-latest-iso.yml => build-iso-latest.yml} (50%) rename .github/workflows/{build-bluefin-stable-iso.yml => build-iso-stable.yml} (68%) create mode 100644 .github/workflows/build-isos.yml delete mode 100644 .github/workflows/build-latest-bluefin.yml delete mode 100755 build_files/aurora-changes.sh create mode 100755 build_files/base/00-build-fix.sh create mode 100755 build_files/base/01-install-copr-repos.sh create mode 100755 build_files/base/02-install-kernel-akmods.sh rename build_files/{packages.sh => base/03-packages.sh} (100%) create mode 100755 build_files/base/04-override-install.sh create mode 100755 build_files/base/05-base-image-changes.sh rename build_files/{firmware.sh => base/06-firmware.sh} (97%) rename build_files/{brew.sh => base/07-brew.sh} (100%) rename build_files/{bootc.sh => base/08-bootc.sh} (100%) rename build_files/{cleanup.sh => base/09-cleanup.sh} (68%) rename build_files/{ => base}/fetch-quadlets.sh (100%) create mode 100755 build_files/base/hwe-additions.sh rename build_files/{ => base}/image-info.sh (93%) rename build_files/{ => base}/initramfs.sh (100%) create mode 100755 build_files/base/workarounds.sh delete mode 100755 build_files/bluefin-changes.sh delete mode 100755 build_files/branding-dx.sh delete mode 100755 build_files/branding.sh delete mode 100755 build_files/build-base.sh delete mode 100755 build_files/build-dx.sh delete mode 100755 build_files/cache_kernel.sh delete mode 100755 build_files/copr-repos-dx.sh delete mode 100755 build_files/copr-repos.sh create mode 100755 build_files/dx/01-install-copr-repos-dx.sh create mode 100755 build_files/dx/02-install-kernel-akmods-dx.sh rename build_files/{packages-dx.sh => dx/03-packages-dx.sh} (100%) rename build_files/{fonts-dx.sh => dx/04-override-install-dx.sh} (65%) rename build_files/{cleanup-dx.sh => dx/09-cleanup-dx.sh} (66%) delete mode 100755 build_files/fetch-install-dx.sh delete mode 100755 build_files/fetch-install.sh delete mode 100755 build_files/font-install.sh delete mode 100755 build_files/install-akmods-dx.sh delete mode 100755 build_files/install-akmods.sh delete mode 100755 build_files/nvidia.sh create mode 100755 build_files/shared/build-base.sh create mode 100755 build_files/shared/build-dx.sh rename build_files/{ => shared}/clean-stage.sh (100%) delete mode 100755 build_files/systemd-dx.sh delete mode 100755 build_files/systemd.sh delete mode 100755 build_files/workarounds.sh delete mode 100755 scripts/base-image.sh delete mode 100755 scripts/build-image.sh delete mode 100755 scripts/build-iso-ghcr.sh delete mode 100755 scripts/build-iso-installer-main.sh delete mode 100755 scripts/build-iso.sh delete mode 100755 scripts/cleanup-dir.sh delete mode 100755 scripts/cleanup-images.sh delete mode 100644 scripts/common-build-iso.sh delete mode 100755 scripts/container_mgr.sh delete mode 100644 scripts/files/build-iso-makefile-patch delete mode 100644 scripts/files/etc/group delete mode 100644 scripts/files/etc/hostname delete mode 100644 scripts/files/etc/passwd delete mode 100644 scripts/files/etc/shadow delete mode 100755 scripts/get-defaults.sh delete mode 100755 scripts/list-images.sh delete mode 100755 scripts/make-tag.sh delete mode 100755 scripts/run-booted-guest.sh delete mode 100755 scripts/run-booted-home.sh delete mode 100755 scripts/run-image.sh delete mode 100755 scripts/run-iso.sh delete mode 100644 scripts/sudoif.sh diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json deleted file mode 100644 index af4dc4e3187..00000000000 --- a/.devcontainer/devcontainer.json +++ /dev/null @@ -1,34 +0,0 @@ -// For format details, see https://aka.ms/devcontainer.json. -{ - "name": "Bluefin-devcontainer", - "image": "mcr.microsoft.com/devcontainers/base:ubuntu", - "customizations": { - "vscode": { - "extensions": [ - "eamodio.gitlens", - "hangxingliu.vscode-systemd-support", - "mads-hartmann.bash-ide-vscode", - "ms-azuretools.vscode-docker", - "sclu1034.justfile", - "timonwong.shellcheck" - ] - } - }, - // Likely need to add "--userns=keep-id, --group-add=keep-groups" for podman support - "runArgs": ["--init"], - "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" }, - "securityOpt": [ - "label=disable" - ], - "features": { - "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}, - "ghcr.io/guiyomh/features/just:0": {}, - "ghcr.io/lukewiwa/features/shellcheck:0": {}, - "ghcr.io/jsburckhardt/devcontainer-features/skopeo:1": {} - }, - "onCreateCommand": { - "bash-completions": "sudo apt-get install -y bash-completion; echo 'source /etc/profile.d/bash_completion.sh' | sudo tee -a /etc/bash.bashrc > /dev/null", - "just-completions": "just --completions bash | sudo tee -a /etc/bash_completion.d/just > /dev/null", - "docker-completions": "docker completion bash | sudo tee -a /etc/bash_completion.d/docker.sh > /dev/null" - } -} diff --git a/.github/workflows/build-aurora-stable-iso.yml b/.github/workflows/build-aurora-stable-iso.yml deleted file mode 100644 index 628cae6c644..00000000000 --- a/.github/workflows/build-aurora-stable-iso.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: Aurora Stable ISO -on: - workflow_dispatch: - -jobs: - build: - name: Aurora Stable - uses: ./.github/workflows/reusable-build-iso.yml - secrets: inherit - with: - brand_name: aurora - fedora_version: stable \ No newline at end of file diff --git a/.github/workflows/build-beta-bluefin.yml b/.github/workflows/build-beta-bluefin.yml deleted file mode 100644 index 495750c97ee..00000000000 --- a/.github/workflows/build-beta-bluefin.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Bluefin Beta -on: - merge_group: - pull_request: - branches: - - main - - testing - paths-ignore: - - "**.md" - - "system_files/silverblue/**" - push: - branches: - - main - paths-ignore: - - "**.md" - - "system_files/silverblue/**" - schedule: - - cron: "40 4 * * *" # 4:40 UTC everyday - workflow_dispatch: - -jobs: - build: - name: build - uses: ./.github/workflows/reusable-build.yml - secrets: inherit - with: - brand_name: bluefin - fedora_version: beta - rechunk: true - diff --git a/.github/workflows/build-bluefin-latest-iso.yml b/.github/workflows/build-bluefin-latest-iso.yml deleted file mode 100644 index 03c87b390f7..00000000000 --- a/.github/workflows/build-bluefin-latest-iso.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: Bluefin Latest ISO -on: - workflow_dispatch: - schedule: - - cron: '0 4 * * sun' # 04:00 Sunday - - -jobs: - build-latest: - name: Bluefin Latest - uses: ./.github/workflows/reusable-build-iso.yml - secrets: inherit - with: - brand_name: bluefin - fedora_version: latest diff --git a/.github/workflows/build-coreos-aurora-daily.yml b/.github/workflows/build-coreos-aurora-daily.yml deleted file mode 100644 index b02939db44e..00000000000 --- a/.github/workflows/build-coreos-aurora-daily.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Aurora Stable Daily -on: - workflow_dispatch: - -jobs: - build: - name: build - uses: ./.github/workflows/reusable-build.yml - secrets: inherit - with: - brand_name: aurora - fedora_version: stable - rechunk: true - build_stable_daily: true - build_stable_weekly: false - diff --git a/.github/workflows/build-coreos-aurora-weekly.yml b/.github/workflows/build-coreos-aurora-weekly.yml deleted file mode 100644 index 3611c0afaaf..00000000000 --- a/.github/workflows/build-coreos-aurora-weekly.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Aurora Stable Weekly -on: - workflow_dispatch: - -jobs: - build: - name: build - uses: ./.github/workflows/reusable-build.yml - secrets: inherit - with: - brand_name: aurora - fedora_version: stable - rechunk: true - build_stable_daily: false - build_stable_weekly: true - diff --git a/.github/workflows/build-coreos-aurora.yml b/.github/workflows/build-coreos-aurora.yml deleted file mode 100644 index 4531ad2d54a..00000000000 --- a/.github/workflows/build-coreos-aurora.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Aurora Stable -on: - pull_request: - branches: - - main - - testing - paths-ignore: - - '**.md' - - 'system_files/silverblue/**' - schedule: - - cron: '45 5 * * *' # 5:41 UTC everyday - workflow_dispatch: - -jobs: - build: - name: build - uses: ./.github/workflows/reusable-build.yml - secrets: inherit - with: - brand_name: aurora - fedora_version: stable - rechunk: true - weekly_tag_day: Sunday - diff --git a/.github/workflows/build-coreos-bluefin-daily.yml b/.github/workflows/build-coreos-bluefin-daily.yml deleted file mode 100644 index d79e5c20499..00000000000 --- a/.github/workflows/build-coreos-bluefin-daily.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Bluefin Stable Daily -on: - workflow_dispatch: - -jobs: - build: - name: build - uses: ./.github/workflows/reusable-build.yml - secrets: inherit - with: - brand_name: bluefin - fedora_version: stable - rechunk: true - build_stable_daily: true - build_stable_weekly: false - - diff --git a/.github/workflows/build-coreos-bluefin-weekly.yml b/.github/workflows/build-coreos-bluefin-weekly.yml deleted file mode 100644 index 57def2f05b1..00000000000 --- a/.github/workflows/build-coreos-bluefin-weekly.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Bluefin Stable Weekly -on: - workflow_dispatch: - -jobs: - build: - name: build - uses: ./.github/workflows/reusable-build.yml - secrets: inherit - with: - brand_name: bluefin - fedora_version: stable - rechunk: true - build_stable_daily: false - build_stable_weekly: true - diff --git a/.github/workflows/build-beta-aurora.yml b/.github/workflows/build-image-beta.yml similarity index 69% rename from .github/workflows/build-beta-aurora.yml rename to .github/workflows/build-image-beta.yml index 6c90214bc2e..4ff39aa74fe 100644 --- a/.github/workflows/build-beta-aurora.yml +++ b/.github/workflows/build-image-beta.yml @@ -1,4 +1,4 @@ -name: Aurora Beta +name: Beta Images on: merge_group: pull_request: @@ -7,24 +7,21 @@ on: - testing paths-ignore: - "**.md" - - "system_files/silverblue/**" push: branches: - main paths-ignore: - "**.md" - - "system_files/silverblue/**" schedule: - cron: "40 4 * * *" # 4:40 UTC everyday workflow_dispatch: + workflow_call: jobs: - build: - name: build + build-image-beta: + name: Build Beta Images uses: ./.github/workflows/reusable-build.yml secrets: inherit with: - brand_name: aurora fedora_version: beta - rechunk: true diff --git a/.github/workflows/build-gts-bluefin.yml b/.github/workflows/build-image-gts.yml similarity index 70% rename from .github/workflows/build-gts-bluefin.yml rename to .github/workflows/build-image-gts.yml index 75773b97bbc..2f9168ccd60 100644 --- a/.github/workflows/build-gts-bluefin.yml +++ b/.github/workflows/build-image-gts.yml @@ -1,4 +1,4 @@ -name: Bluefin GTS +name: GTS Images on: pull_request: branches: @@ -6,18 +6,16 @@ on: - testing paths-ignore: - '**.md' - - 'system_files/kinoite/**' schedule: - cron: '41 5 * * 0' # 5:41 UTC Weekly on Sundays workflow_dispatch: + workflow_call: jobs: - build: - name: build + build-image-gts: + name: Build GTS Images uses: ./.github/workflows/reusable-build.yml secrets: inherit with: - brand_name: bluefin fedora_version: gts - rechunk: true diff --git a/.github/workflows/build-latest-aurora.yml b/.github/workflows/build-image-latest.yml similarity index 80% rename from .github/workflows/build-latest-aurora.yml rename to .github/workflows/build-image-latest.yml index 4df95903220..099bd2c6aea 100644 --- a/.github/workflows/build-latest-aurora.yml +++ b/.github/workflows/build-image-latest.yml @@ -1,4 +1,4 @@ -name: Aurora Latest +name: Latest Images on: merge_group: pull_request: @@ -15,13 +15,12 @@ on: schedule: - cron: '40 4 * * *' # 4:40 UTC everyday workflow_dispatch: + workflow_call: jobs: - build: - name: build + build-image-latest: + name: Build Latest Images uses: ./.github/workflows/reusable-build.yml secrets: inherit with: - brand_name: aurora fedora_version: latest - rechunk: true diff --git a/.github/workflows/build-coreos-bluefin.yml b/.github/workflows/build-image-stable.yml similarity index 65% rename from .github/workflows/build-coreos-bluefin.yml rename to .github/workflows/build-image-stable.yml index 3a0aaba4859..aa090078d97 100644 --- a/.github/workflows/build-coreos-bluefin.yml +++ b/.github/workflows/build-image-stable.yml @@ -1,4 +1,4 @@ -name: Bluefin Stable +name: Stable Images on: pull_request: branches: @@ -6,19 +6,16 @@ on: - testing paths-ignore: - '**.md' - - 'system_files/kinoite/**' schedule: - cron: '45 5 * * *' # 5:41 UTC everyday workflow_dispatch: + workflow_call: jobs: - build: - name: build + build-image-stable: + name: Build Stable Images uses: ./.github/workflows/reusable-build.yml secrets: inherit with: - brand_name: bluefin fedora_version: stable - rechunk: true - weekly_tag_day: Sunday diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml new file mode 100644 index 00000000000..1e177d56ed1 --- /dev/null +++ b/.github/workflows/build-images.yml @@ -0,0 +1,22 @@ +name: Build All Images +on: + workflow_dispatch: + +permissions: + contents: read + packages: write + id-token: write + +jobs: + build-image-gts: + uses: ./.github/workflows/build-image-gts.yml + secrets: inherit + build-image-stable: + uses: ./.github/workflows/build-image-stable.yml + secrets: inherit + build-image-latest: + uses: ./.github/workflows/build-image-latest.yml + secrets: inherit + build-image-beta: + uses: ./.github/workflows/build-image-beta.yml + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/build-bluefin-gts-iso.yml b/.github/workflows/build-iso-gts.yml similarity index 70% rename from .github/workflows/build-bluefin-gts-iso.yml rename to .github/workflows/build-iso-gts.yml index 62f4478bfec..b420acb04a2 100644 --- a/.github/workflows/build-bluefin-gts-iso.yml +++ b/.github/workflows/build-iso-gts.yml @@ -1,14 +1,14 @@ -name: Bluefin GTS ISO +name: GTS ISO on: workflow_dispatch: + workflow_call: # schedule: # - cron: '0 2 * * sun' # 02:00 Sunday jobs: - build-gts: - name: Bluefin GTS + build-iso-gts: + name: Build GTS ISO uses: ./.github/workflows/reusable-build-iso.yml secrets: inherit with: - brand_name: bluefin fedora_version: gts diff --git a/.github/workflows/build-aurora-latest-iso.yml b/.github/workflows/build-iso-latest.yml similarity index 50% rename from .github/workflows/build-aurora-latest-iso.yml rename to .github/workflows/build-iso-latest.yml index f3309c45188..82653954727 100644 --- a/.github/workflows/build-aurora-latest-iso.yml +++ b/.github/workflows/build-iso-latest.yml @@ -1,13 +1,14 @@ -name: Aurora Latest ISO +name: Latest ISO on: workflow_dispatch: - schedule: - - cron: '0 4 * * sun' # 04:00 Sunday + workflow_call: + # schedule: + # - cron: '0 4 * * sun' # 04:00 Sunday + jobs: - build-40: - name: Aurora Latest ISO + build-iso-latest: + name: Build Latest ISO uses: ./.github/workflows/reusable-build-iso.yml secrets: inherit with: - brand_name: aurora fedora_version: latest diff --git a/.github/workflows/build-bluefin-stable-iso.yml b/.github/workflows/build-iso-stable.yml similarity index 68% rename from .github/workflows/build-bluefin-stable-iso.yml rename to .github/workflows/build-iso-stable.yml index 5de9f605e24..43efd4261a9 100644 --- a/.github/workflows/build-bluefin-stable-iso.yml +++ b/.github/workflows/build-iso-stable.yml @@ -1,15 +1,14 @@ -name: Bluefin Stable ISO +name: Stable ISO on: workflow_dispatch: + workflow_call: # schedule: # - cron: '41 6 * * 2' # 6:41 UTC every Tuesday - jobs: - build-latest: - name: Bluefin Stable + build-iso-stable: + name: Build Stable ISO uses: ./.github/workflows/reusable-build-iso.yml secrets: inherit with: - brand_name: bluefin fedora_version: stable \ No newline at end of file diff --git a/.github/workflows/build-isos.yml b/.github/workflows/build-isos.yml new file mode 100644 index 00000000000..629c01f3a23 --- /dev/null +++ b/.github/workflows/build-isos.yml @@ -0,0 +1,19 @@ +name: Build All ISOs +on: + workflow_dispatch: + +permissions: + contents: read + packages: write + id-token: write + +jobs: + build-iso-gts: + uses: ./.github/workflows/build-iso-gts.yml + secrets: inherit + build-iso-stable: + uses: ./.github/workflows/build-iso-stable.yml + secrets: inherit + build-iso-latest: + uses: ./.github/workflows/build-iso-latest.yml + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/build-latest-bluefin.yml b/.github/workflows/build-latest-bluefin.yml deleted file mode 100644 index f7c26d09ab8..00000000000 --- a/.github/workflows/build-latest-bluefin.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Bluefin Latest -on: - merge_group: - pull_request: - branches: - - main - - testing - paths-ignore: - - '**.md' - push: - branches: - - main - paths-ignore: - - '**.md' - schedule: - - cron: '40 4 * * *' # 4:40 UTC everyday - workflow_dispatch: - -jobs: - build: - name: build - uses: ./.github/workflows/reusable-build.yml - secrets: inherit - with: - brand_name: bluefin - fedora_version: latest - rechunk: true diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 0ab045118e2..b5c5cd7f4fb 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -2,12 +2,8 @@ name: Reusable ISO on: workflow_call: inputs: - brand_name: - description: "'aurora' or 'bluefin'" - required: true - type: string fedora_version: - description: "The Fedora release version: 38, 39, 40, etc" + description: "The Convenience Tag gts, stable, latest, beta" required: true type: string @@ -33,23 +29,29 @@ jobs: - surface - surface-nvidia base_name: - - ${{ inputs.brand_name }} - - ${{ inputs.brand_name }}-dx + - bluefin + - bluefin-dx + - aurora + - aurora-dx fedora_version: - ${{ inputs.fedora_version }} exclude: - fedora_version: gts - image_flavor: asus + base_name: aurora - fedora_version: gts - image_flavor: asus-nvidia - - fedora_version: stable - image_flavor: asus - - fedora_version: stable - image_flavor: asus-nvidia + base_name: aurora-dx + - fedora_version: gts + image_flavor: hwe + - fedora_version: gts + image_flavor: hwe-nvidia - fedora_version: stable - image_flavor: surface + image_flavor: hwe - fedora_version: stable - image_flavor: surface-nvidia + image_flavor: hwe-nvidia + - fedora_version: beta + image_flavor: hwe + - fedora_version: beta + image_flavor: hwe-nvidia steps: - name: Free Disk Space (Ubuntu) @@ -88,13 +90,7 @@ jobs: TAG="${{ inputs.fedora_version }}" if [[ "${{ github.ref_name }}" == "testing" ]]; then - if [[ "${{ inputs.fedora_version }}" == "true" ]]; then - TAG="gts-testing" - elif [[ "${{ inputs.fedora_version }}" == "true" ]]; then - TAG="stable-testing" - elif [[ "${{ inputs.fedora_version }}" == "true" ]]; then - TAG="testing" - fi + TAG="testing-${TAG}" fi # Would like to implement in the future. This will allow us to support image tags from a PR. @@ -108,9 +104,9 @@ jobs: id: generate-flatpak-dir-shortname shell: bash run: | - if [[ ${{ inputs.brand_name }} = "bluefin" ]]; then + if [[ "${{ matrix.brand_name }}" =~ bluefin ]]; then FLATPAK_DIR_SHORTNAME="bluefin_flatpaks" - elif [[ ${{ inputs.brand_name }} = "aurora" ]]; then + elif [[ "${{ matrix.brand_name }}" =~ aurora ]]; then FLATPAK_DIR_SHORTNAME="aurora_flatpaks" fi echo "flatpak-dir-shortname=${FLATPAK_DIR_SHORTNAME}" >> $GITHUB_OUTPUT @@ -191,7 +187,7 @@ jobs: overwrite: true - name: Upload ISOs and Checksum to R2 to Bluefin Bucket - if: github.ref_name == 'main' && inputs.brand_name == 'bluefin' + if: github.ref_name == 'main' && contains(matrix.brand_name,'bluefin') shell: bash env: RCLONE_CONFIG_R2_TYPE: s3 @@ -207,7 +203,7 @@ jobs: rclone copy $SOURCE_DIR R2:bluefin - name: Upload ISOs and Checksum to R2 to Aurora Bucket - if: github.ref_name == 'main' && inputs.brand_name == 'aurora' + if: github.ref_name == 'main' && contains(matrix.brand_name,'aurora') shell: bash env: RCLONE_CONFIG_R2_TYPE: s3 diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index c25c644119d..a0bf85bad95 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -6,30 +6,6 @@ on: description: "The Fedora Version: gts, stable, or latest" required: true type: string - brand_name: - description: "'aurora' or 'bluefin'" - required: true - type: string - rechunk: - description: "Rechunk the image" - required: false - type: boolean - default: false - weekly_tag_day: - description: "Tag stable weekly on for example 'Tuesday'" - required: false - type: string - default: Tuesday - build_stable_daily: - description: "Build with 'stable-daily' tag" - required: false - type: boolean - default: true - build_stable_weekly: - description: "Build with 'stable' tag" - required: false - type: boolean - default: true outputs: images: description: "An array of images built and pushed to the registry" @@ -54,43 +30,41 @@ jobs: image_flavor: - main - nvidia - - asus - - asus-nvidia - - surface - - surface-nvidia + - hwe + - hwe-nvidia base_name: - - ${{ inputs.brand_name }} - - ${{ inputs.brand_name }}-dx + - bluefin + - bluefin-dx + - aurora + - aurora-dx fedora_version: - ${{ inputs.fedora_version }} exclude: - fedora_version: gts - image_flavor: asus + base_name: aurora - fedora_version: gts - image_flavor: asus-nvidia - - fedora_version: stable - image_flavor: asus - - fedora_version: stable - image_flavor: asus-nvidia + base_name: aurora-dx + - fedora_version: gts + image_flavor: hwe + - fedora_version: gts + image_flavor: hwe-nvidia - fedora_version: stable - image_flavor: surface + image_flavor: hwe - fedora_version: stable - image_flavor: surface-nvidia - - fedora_version: beta - image_flavor: asus - - fedora_version: beta - image_flavor: asus-nvidia + image_flavor: hwe-nvidia - fedora_version: beta - image_flavor: surface + image_flavor: hwe - fedora_version: beta - image_flavor: surface-nvidia + image_flavor: hwe-nvidia steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Matrix Variables + shell: bash run: | + set -eoux pipefail # IMAGE_NAME if [[ "${{ matrix.image_flavor }}" == "main" ]]; then echo "IMAGE_NAME=${{ matrix.base_name }}" >> $GITHUB_ENV @@ -113,28 +87,16 @@ jobs: fi # AKMODS_FLAVOR - if [[ "${{ matrix.image_flavor }}" =~ "asus" ]]; then - echo "AKMODS_FLAVOR=asus" >> $GITHUB_ENV - elif [[ "${{ matrix.image_flavor }}" =~ "surface" ]]; then - echo "AKMODS_FLAVOR=surface" >> $GITHUB_ENV + if [[ "${{ matrix.image_flavor }}" =~ "hwe" ]]; then + echo "AKMODS_FLAVOR=bazzite" >> $GITHUB_ENV elif [[ "${{ matrix.fedora_version }}" =~ stable|gts ]]; then echo "AKMODS_FLAVOR=coreos-stable" >> $GITHUB_ENV + elif [[ "${{ matrix.fedora_version }}" =~ beta ]]; then + echo "AKMODS_FLAVOR=coreos-testing" >> $GITHUB_ENV else echo "AKMODS_FLAVOR=main" >> $GITHUB_ENV fi - # Env for matrix.image_flavor - if [[ "${{ matrix.image_flavor }}" == "nvidia" && \ - "${{ matrix.fedora_version }}" != "beta" ]]; then - echo "image_flavor=main" >> $GITHUB_ENV - echo "nvidia_type=nvidia" >> $GITHUB_ENV - elif [[ "${{ matrix.image_flavor }}" == "main" && \ - "${{ matrix.fedora_version }}" != "beta" ]]; then - echo "image_flavor=${{ matrix.image_flavor }}" >> $GITHUB_ENV - else - echo "image_flavor=${{ matrix.image_flavor }}" >> $GITHUB_ENV - fi - - name: Get Current Fedora Version id: labels uses: Wandalen/wretry.action@6feedb7dedadeb826de0f45ff482b53b379a7844 # v3.5.0 @@ -142,69 +104,61 @@ jobs: attempt_limit: 3 attempt_delay: 15000 command: | - set -eox pipefail - if [[ ${{ matrix.fedora_version }} == "stable" ]]; then - KERNEL_RELEASE=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]') - elif [[ ${{ matrix.fedora_version }} == "gts" && ${{ env.AKMODS_FLAVOR }} != "surface" ]]; then - coreos_kernel_release=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]') - coreos_fedora_version=$(echo $coreos_kernel_release | grep -oP 'fc\K[0-9]+') - fedora_version=$(($coreos_fedora_version - 1)) - KERNEL_RELEASE=$(skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:${fedora_version} | jq -r '.Labels["ostree.linux"]') + set -eoux pipefail + + # Fedora Version + if [[ "${{ matrix.fedora_version }}" =~ stable ]]; then + fedora_version=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + else + fedora_version=$(skopeo inspect docker://ghcr.io/ublue-os/base-main:${{ matrix.fedora_version }} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + fi + + # Kernel Release for ostree.linux label + if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then + kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/bazzite-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') + elif [[ "${{ matrix.fedora_version }}" =~ latest|beta ]]; then + kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/main-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') else - base_kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/silverblue-${{ env.image_flavor }}:${{ matrix.fedora_version }} | jq -r '.Labels["ostree.linux"]') - base_fedora_version=$(echo $base_kernel_release | grep -oP 'fc\K[0-9]+') - KERNEL_RELEASE=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.AKMODS_FLAVOR }}-kernel:${base_fedora_version} | jq -r '.Labels["ostree.linux"]') + kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') fi - fedora_version=$(echo $KERNEL_RELEASE | grep -oP 'fc\K[0-9]+') - echo "kernel_release=$KERNEL_RELEASE" >> $GITHUB_ENV - echo "fedora_version=$fedora_version" >> $GITHUB_ENV - ver=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.BASE_IMAGE_NAME }}-${{ env.image_flavor }}:$fedora_version | jq -r '.Labels["org.opencontainers.image.version"]') + + # Get Version + ver=$(skopeo inspect docker://ghcr.io/ublue-os/"${{ env.BASE_IMAGE_NAME }}"-main:"${fedora_version}" | jq -r '.Labels["org.opencontainers.image.version"]') if [ -z "$ver" ] || [ "null" = "$ver" ]; then echo "inspected image version must not be empty or null" exit 1 fi + + # Push into GITHUB ENV + echo "KERNEL_RELEASE=$kernel_release" >> $GITHUB_ENV + echo "FEDORA_VERSION=$fedora_version" >> $GITHUB_ENV echo "VERSION=$ver" >> $GITHUB_ENV - name: Verify base image uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 with: - containers: ${{ env.BASE_IMAGE_NAME}}-${{ env.image_flavor }}:${{ env.fedora_version }} + containers: ${{ env.BASE_IMAGE_NAME}}-main:${{ env.FEDORA_VERSION }} - name: Verify Akmods uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 with: - containers: akmods:${{ env.AKMODS_FLAVOR}}-${{ env.fedora_version }} + containers: akmods:${{ env.AKMODS_FLAVOR}}-${{ env.FEDORA_VERSION }}-${{ env.KERNEL_RELEASE }} - name: Verify Nvidia uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 with: - containers: akmods-nvidia:${{ env.AKMODS_FLAVOR}}-${{ env.fedora_version }} + containers: akmods-nvidia:${{ env.AKMODS_FLAVOR}}-${{ env.FEDORA_VERSION }}-${{ env.KERNEL_RELEASE }} - name: Verify ZFS uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 - if: inputs.fedora_version != 'beta' + if: inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' && ! contains( matrix.base_name, 'hwe') with: - containers: akmods-zfs:coreos-stable-${{ env.fedora_version }} + containers: akmods-zfs:${{ env.AKMODS_FLAVOR }}-${{ env.FEDORA_VERSION }}-${{ env.KERNEL_RELEASE }} - name: Verify Kernel Cache uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 with: - containers: ${{ env.AKMODS_FLAVOR }}-kernel:${{ env.kernel_release }} - - - name: Verify Kernel Version Matches - uses: Wandalen/wretry.action@6feedb7dedadeb826de0f45ff482b53b379a7844 # v3.5.0 - with: - attempt_limit: 3 - attempt_delay: 15000 - command: | - set -x - akmods_version=$(skopeo inspect docker://ghcr.io/ublue-os/akmods:${{ env.AKMODS_FLAVOR }}-${{ env.fedora_version }} | jq -r '.Labels["ostree.linux"]') - if [[ "${akmods_version}" == "${{ env.kernel_release }}" ]]; then - echo "Kernel Versions Match" - else - echo "Kernel Version do Not Match" - exit 1 - fi + containers: ${{ env.AKMODS_FLAVOR }}-kernel:${{ env.KERNEL_RELEASE }} - name: Check just syntax uses: ublue-os/just-action@bda593098a84a84973b002b4377709166a68be52 # v2 @@ -215,117 +169,59 @@ jobs: run: | # Generate a timestamp for creating an image version history TIMESTAMP="$(date +%Y%m%d)" - FEDORA_VERSION="${{ matrix.fedora_version }}" - - if [[ "${{ matrix.fedora_version }}" == "stable" ]]; then - IS_LATEST_VERSION=false - IS_STABLE_VERSION=true - IS_GTS_VERSION=false - IS_BETA_VERSION=false - IS_COREOS=true - elif [[ "${{ matrix.fedora_version }}" == "gts" ]]; then - IS_LATEST_VERSION=false - IS_STABLE_VERSION=true - IS_GTS_VERSION=true - IS_BETA_VERSION=false - IS_COREOS=false - elif [[ "${{ matrix.fedora_version }}" == "latest" ]]; then - IS_LATEST_VERSION=true - IS_STABLE_VERSION=true - IS_GTS_VERSION=false - IS_BETA_VERSION=false - IS_COREOS=false - elif [[ "${{ matrix.fedora_version }}" == "beta" ]]; then - IS_LATEST_VERSION=false - IS_STABLE_VERSION=false - IS_GTS_VERSION=false - IS_BETA_VERSION=true - IS_COREOS=false - fi + TODAY="$(date +%A)" + WEEKLY="Sunday" + # Arrays for Tags COMMIT_TAGS=() BUILD_TAGS=() # Have tags for tracking builds during pull request SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.number }}-${FEDORA_VERSION}") - COMMIT_TAGS+=("${SHA_SHORT}-${FEDORA_VERSION}") - if [[ "$IS_LATEST_VERSION" == "true" ]] && \ - [[ "$IS_STABLE_VERSION" == "true" ]]; then - COMMIT_TAGS+=("pr-${{ github.event.number }}") - COMMIT_TAGS+=("${SHA_SHORT}") + COMMIT_TAGS+=("pr-${{ github.event.number }}-${{ matrix.fedora_version }}") + COMMIT_TAGS+=("${SHA_SHORT}-${{ matrix.fedora_version }}") + + # Convenience Tags + if [[ "${{ matrix.fedora_version }}" =~ stable ]]; then + BUILD_TAGS+=("stable-daily" "stable-daily-${TIMESTAMP}") + else + BUILD_TAGS+=("${{ matrix.fedora_version }}" "${{ matrix.fedora_version }}-${TIMESTAMP}") fi - TODAY="$(date +%A)" - if [[ ${{ matrix.fedora_version }} == "stable" ]]; then - if [[ ${{ github.event_name }} == "schedule" ]] && \ - [[ "${{ inputs.weekly_tag_day }}" != "${TODAY}" ]]; then - BUILD_TAGS+=("stable-daily" "stable-daily-${TIMESTAMP}") - elif [[ ${{ inputs.build_stable_daily }} == "false" ]]; then + # Weekly Stable / Rebuild Stable on workflow_dispatch + if [[ "${{ matrix.fedora_version }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${{ github.event_name }}" =~ scheduled ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ ${{ inputs.build_stable_weekly }} == "false" ]]; then - BUILD_TAGS+=("stable-daily" "stable-daily-${TIMESTAMP}") - else + elif [[ "${{ matrix.fedora_version }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - BUILD_TAGS+=("stable-daily" "stable-daily-${TIMESTAMP}") - fi - else - BUILD_TAGS=("${{ env.fedora_version }}" "${{ env.fedora_version }}-${TIMESTAMP}") + elif [[ ! "${{ matrix.fedora_version}}" =~ "stable" ]]; then + BUILD_TAGS=("${{ env.FEDORA_VERSION }}" "${{ env.FEDORA_VERSION }}-${TIMESTAMP}") fi - if [[ ${{ github.ref_name }} == "testing" ]]; then - if [[ ${{ matrix.fedora_version }} == "stable" ]]; then - BUILD_TAGS=("${FEDORA_VERSION}-testing" "${FEDORA_VERSION}-testing-${TIMESTAMP}") - else - BUILD_TAGS=("${{ env.fedora_version }}-testing" "${{ env.fedora_version }}-testing-${TIMESTAMP}") - fi - if [[ "$IS_LATEST_VERSION" == "true" ]] && \ - [[ "$IS_STABLE_VERSION" == "true" ]]; then - BUILD_TAGS+=("testing") - echo "DEFAULT_TAG=testing" >> $GITHUB_ENV - elif [[ "$IS_GTS_VERSION" == "true" ]]; then - BUILD_TAGS+=("gts-testing") - echo "DEFAULT_TAG=gts-testing" >> $GITHUB_ENV - elif [[ "$IS_BETA_VERSION" == "true" ]]; then - BUILD_TAGS+=("beta-testing") - echo "DEFAULT_TAG=beta-testing" >> $GITHUB_ENV - elif [[ "$IS_COREOS" == "true" ]]; then - echo "DEFAULT_TAG=stable-testing" >> $GITHUB_ENV - fi - else - if [[ "$IS_LATEST_VERSION" == "true" ]] && \ - [[ "$IS_STABLE_VERSION" == "true" ]]; then - BUILD_TAGS+=("latest") - echo "DEFAULT_TAG=latest" >> $GITHUB_ENV - elif [[ "$IS_GTS_VERSION" == "true" ]]; then - BUILD_TAGS+=("gts") - echo "DEFAULT_TAG=gts" >> $GITHUB_ENV - elif [[ "$IS_BETA_VERSION" == "true" ]]; then - BUILD_TAGS+=("beta") - echo "DEFAULT_TAG=beta" >> $GITHUB_ENV - elif [[ "$IS_COREOS" == "true" ]]; then - if [[ ${{ inputs.build_stable_daily }} == "true" ]]; then - echo "DEFAULT_TAG=stable-daily" >> $GITHUB_ENV - else - echo "DEFAULT_TAG=stable" >> $GITHUB_ENV - fi - fi + # Prepend testing if built on testing branch + if [[ "${{ github.ref_name }}" == "testing" ]]; then + temp=() + for TAG in "${BUILD_TAGS[@]}"; do + temp+=(testing-"$TAG") + done + BUILD_TAGS=(${temp[@]}) fi + # Use Commit Tags if PR / Use Build Tags if Not if [[ "${{ github.event_name }}" == "pull_request" ]]; then echo "Generated the following commit tags: " for TAG in "${COMMIT_TAGS[@]}"; do echo "${TAG}" done alias_tags=("${COMMIT_TAGS[@]}") - echo "DEFAULT_TAG=${SHA_SHORT}-${FEDORA_VERSION}" >> $GITHUB_ENV - else + else + echo "Generated the following build tags: " + for TAG in "${BUILD_TAGS[@]}"; do + echo "${TAG}" + done alias_tags=("${BUILD_TAGS[@]}") fi - echo "Generated the following build tags: " - for TAG in "${BUILD_TAGS[@]}"; do - echo "${TAG}" - done + + echo "DEFAULT_TAG=${{ matrix.fedora_version }}" >> $GITHUB_ENV echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT # Build metadata @@ -339,7 +235,7 @@ jobs: org.opencontainers.image.title=${{ env.IMAGE_NAME }} org.opencontainers.image.version=${{ env.VERSION }} org.opencontainers.image.description=An interpretation of the Ubuntu spirit built on Fedora technology - ostree.linux=${{ env.kernel_release }} + ostree.linux=${{ env.KERNEL_RELEASE }} io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/bluefin/bluefin/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 @@ -348,13 +244,11 @@ jobs: echo "SHA_HEAD_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV - name: Maximize build space - if: github.event_name == 'pull_request' && ( matrix.image_flavor == 'main' || matrix.image_flavor == 'nvidia' ) || github.event_name != 'pull_request' uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 with: remove-codeql: true - name: Pull images - if: github.event_name == 'pull_request' && ( matrix.image_flavor == 'main' || matrix.image_flavor == 'nvidia' ) || github.event_name != 'pull_request' uses: Wandalen/wretry.action@6feedb7dedadeb826de0f45ff482b53b379a7844 # v3.5.0 with: attempt_limit: 3 @@ -362,29 +256,22 @@ jobs: command: | # pull the base image used for FROM in containerfile so # we can retry on that unfortunately common failure case - sudo podman pull ${{ env.IMAGE_REGISTRY }}/${{ env.BASE_IMAGE_NAME }}-${{ env.image_flavor }}:${{ env.fedora_version }} - sudo podman pull ${{ env.IMAGE_REGISTRY }}/akmods:${{ env.AKMODS_FLAVOR }}-${{ env.fedora_version }} - sudo podman pull ${{ env.IMAGE_REGISTRY }}/akmods-nvidia:${{ env.AKMODS_FLAVOR }}-${{ env.fedora_version }} - sudo podman pull ${{ env.IMAGE_REGISTRY }}/${{ env.AKMODS_FLAVOR }}-kernel:${{ env.kernel_release }} + sudo podman pull ${{ env.IMAGE_REGISTRY }}/${{ env.BASE_IMAGE_NAME }}-main:${{ env.FEDORA_VERSION }} - name: Build Image id: build_image - if: github.event_name == 'pull_request' && ( matrix.image_flavor == 'main' || matrix.image_flavor == 'nvidia' ) || github.event_name != 'pull_request' run: | set -euox pipefail BUILD_ARGS=() + BUILD_ARGS+=("--build-arg" "AKMODS_FLAVOR=${{ env.AKMODS_FLAVOR }}") BUILD_ARGS+=("--build-arg" "BASE_IMAGE_NAME=${{ env.BASE_IMAGE_NAME }}") + BUILD_ARGS+=("--build-arg" "FEDORA_MAJOR_VERSION=${{ env.FEDORA_VERSION }}") BUILD_ARGS+=("--build-arg" "IMAGE_NAME=${{ env.IMAGE_NAME }}") - BUILD_ARGS+=("--build-arg" "IMAGE_FLAVOR=${{ env.image_flavor }}") BUILD_ARGS+=("--build-arg" "IMAGE_VENDOR=${{ github.repository_owner }}") - BUILD_ARGS+=("--build-arg" "FEDORA_MAJOR_VERSION=${{ env.fedora_version }}") - BUILD_ARGS+=("--build-arg" "TARGET_BASE=${{ env.TARGET_BASE }}") - BUILD_ARGS+=("--build-arg" "AKMODS_FLAVOR=${{ env.AKMODS_FLAVOR }}") - BUILD_ARGS+=("--build-arg" "NVIDIA_TYPE=${{ env.nvidia_type }}") - BUILD_ARGS+=("--build-arg" "KERNEL=${{ env.kernel_release }}") - BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${{ matrix.fedora_version }}") + BUILD_ARGS+=("--build-arg" "KERNEL=${{ env.KERNEL_RELEASE }}") BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=${{ env.SHA_HEAD_SHORT }}") + BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${{ matrix.fedora_version }}") TAG_ARGS=() IFS=' ' read -r -a tags_array <<< "${{ steps.generate-tags.outputs.alias_tags }}" @@ -400,8 +287,8 @@ jobs: sudo podman build --format docker --target ${{ env.TARGET_NAME }} \ "${BUILD_ARGS[@]}" \ - "${TAG_ARGS[@]}" \ "${LABEL_ARGS[@]}" \ + --tag raw-img \ . sudo podman image ls @@ -409,28 +296,6 @@ jobs: echo "image=${{ env.IMAGE_NAME }}" >> $GITHUB_OUTPUT echo "tags=${{ steps.generate-tags.outputs.alias_tags }}" >> $GITHUB_OUTPUT - - - name: Check Secureboot - if: github.event_name == 'pull_request' && ( matrix.image_flavor == 'main' || matrix.image_flavor == 'nvidia' ) || github.event_name != 'pull_request' - shell: bash - run: | - set -x - if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then - sudo apt update - sudo apt install sbsigntool curl openssl - fi - sudo podman run -d --rm --name ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) "${{ env.IMAGE_NAME }}":$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) sleep 1000 - sudo podman cp ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1):/usr/lib/modules/${{ env.kernel_release }}/vmlinuz . - sudo podman rm -f ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) || true - sudo kill -9 $(sudo podman inspect --format '{{.State.Pid}}' ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1)) || true - sbverify --list vmlinuz - curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der - curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der - openssl x509 -in kernel-sign.der -out kernel-sign.crt - openssl x509 -in akmods.der -out akmods.crt - sbverify --cert kernel-sign.crt vmlinuz || exit 1 - sbverify --cert akmods.crt vmlinuz || exit 1 - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. # https://github.com/macbre/push-to-ghcr/issues/12 - name: Lowercase Registry @@ -441,7 +306,6 @@ jobs: - name: Rechunk Image id: rechunk - if: inputs.rechunk == true && ( github.event_name == 'pull_request' && ( matrix.image_flavor == 'main' || matrix.image_flavor == 'nvidia' ) || github.event_name != 'pull_request' ) uses: hhd-dev/rechunk@v0.8.6 with: rechunk: ghcr.io/hhd-dev/rechunk:v0.8.6 @@ -450,16 +314,38 @@ jobs: labels: ${{ steps.meta.outputs.labels }} prev-ref: ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}:${{ env.DEFAULT_TAG }} - # Overwrite the image with the chuncked image + # Load Rechunked image and Tag them - name: Load Rechunked Image - if: inputs.rechunk == true && github.event_name != 'pull_request' + shell: bash run: | - sudo podman rmi $(sudo podman image ls -qa) --force - IMAGE=$(sudo podman pull ${{ steps.rechunk.outputs.ref }}) + set -eoux pipefail + IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }}) sudo rm -rf ${{ steps.rechunk.outputs.output }} for tag in ${{ steps.build_image.outputs.tags }}; do - sudo podman tag $IMAGE ${{ env.IMAGE_NAME }}:${tag} + podman tag $IMAGE ${{ env.IMAGE_NAME }}:${tag} done + podman tag $IMAGE rechunked-img + + # Check that Kernel is signed with Secureboot Keys + - name: Check Secureboot + shell: bash + run: | + set -x + if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then + sudo apt update + sudo apt install sbsigntool curl openssl + fi + TMP=$(podman create rechunked-img bash) + podman cp $TMP:/usr/lib/modules/${{ env.KERNEL_RELEASE }}/vmlinuz . + podman rm $TMP + sbverify --list vmlinuz + curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der + curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der + openssl x509 -in kernel-sign.der -out kernel-sign.crt + openssl x509 -in akmods.der -out akmods.crt + sbverify --cert kernel-sign.crt vmlinuz || exit 1 + sbverify --cert akmods.crt vmlinuz || exit 1 + - name: Login to GitHub Container Registry if: github.event_name != 'pull_request' @@ -502,22 +388,21 @@ jobs: DIGEST: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }} IMAGE_REGISTRY: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} IMAGE_NAME: ${{ env.IMAGE_NAME }} - IMAGE_FLAVOR: ${{ env.image_flavor }} FEDORA_VERSION: ${{ matrix.fedora_version }} - run: echo "${IMAGE_REGISTRY}@${DIGEST}" > "${IMAGE_NAME}-${IMAGE_FLAVOR}-${FEDORA_VERSION}.txt" + run: echo "${IMAGE_REGISTRY}@${DIGEST}" > "${IMAGE_NAME}-${FEDORA_VERSION}.txt" - name: Upload artifact if: github.event_name != 'pull_request' uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: - name: image-${{ env.IMAGE_NAME }}-${{ env.image_flavor }}-${{ matrix.fedora_version }} + name: image-${{ env.IMAGE_NAME }}-${{ matrix.fedora_version }} retention-days: 1 if-no-files-found: error path: | - ${{ env.IMAGE_NAME }}-${{ env.image_flavor }}-${{ matrix.fedora_version }}.txt + ${{ env.IMAGE_NAME }}-${{ matrix.fedora_version }}.txt check: - name: Check all ${{ inputs.brand_name }} ${{ inputs.fedora_version }} builds successful + name: Check all ${{ inputs.fedora_version }} builds successful if: always() runs-on: ubuntu-latest needs: [build_container] @@ -567,14 +452,14 @@ jobs: fi done - build_iso: - name: iso - needs: [check] - if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && (github.ref_name == 'main' || github.ref_name == 'testing') && inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' - # Eventually would be nice for building images in PRs - #if: ${{ endsWith(github.event.pull_request.title, '[ISO]') }} - uses: ./.github/workflows/reusable-build-iso.yml - secrets: inherit - with: - brand_name: ${{ inputs.brand_name }} - fedora_version: ${{ inputs.fedora_version }} + # build_iso: + # name: iso + # needs: [check] + # if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && (github.ref_name == 'main' || github.ref_name == 'testing') && inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' + # # Eventually would be nice for building images in PRs + # #if: ${{ endsWith(github.event.pull_request.title, '[ISO]') }} + # uses: ./.github/workflows/reusable-build-iso.yml + # secrets: inherit + # with: + # brand_name: ${{ inputs.brand_name }} + # fedora_version: ${{ inputs.fedora_version }} diff --git a/.gitignore b/.gitignore index 213f9a5bc5c..1e63789c158 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,6 @@ flatpaks_with_deps flatpak.* -scripts/files/home/ublue-os/* +*_build +*_build.* +previous.manifest.json diff --git a/Containerfile b/Containerfile index ffc45c0a12c..2f5257219cc 100644 --- a/Containerfile +++ b/Containerfile @@ -1,22 +1,7 @@ -ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME:-silverblue}" -ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-main}" -ARG AKMODS_FLAVOR="${AKMODS_FLAVOR:-main}" -ARG SOURCE_IMAGE="${SOURCE_IMAGE:-${BASE_IMAGE_NAME}-${IMAGE_FLAVOR}}" +ARG BASE_IMAGE_NAME="silverblue" +ARG FEDORA_MAJOR_VERSION="40" +ARG SOURCE_IMAGE="${BASE_IMAGE_NAME}-main" ARG BASE_IMAGE="ghcr.io/ublue-os/${SOURCE_IMAGE}" -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" -ARG TARGET_BASE="${TARGET_BASE:-bluefin}" -ARG NVIDIA_TYPE="${NVIDIA_TYPE:-}" -ARG KERNEL="${KERNEL:-6.10.10-200.fc40.x86_64}" -ARG UBLUE_IMAGE_TAG="${UBLUE_IMAGE_TAG:-latest}" -ARG SHA_HEAD_SHORT="${SHA_HEAD_SHORT}" - -# FROM's for Mounting -ARG KMOD_SOURCE_COMMON="ghcr.io/ublue-os/akmods:${AKMODS_FLAVOR}-${FEDORA_MAJOR_VERSION}" -ARG NVIDIA_CACHE="ghcr.io/ublue-os/akmods-nvidia:${AKMODS_FLAVOR}-${FEDORA_MAJOR_VERSION}" -ARG KERNEL_CACHE="ghcr.io/ublue-os/${AKMODS_FLAVOR}-kernel:${KERNEL}" -FROM ${KMOD_SOURCE_COMMON} AS akmods -FROM ${NVIDIA_CACHE} AS nvidia_cache -FROM ${KERNEL_CACHE} AS kernel_cache FROM scratch AS ctx COPY / / @@ -24,56 +9,33 @@ COPY / / ## bluefin image section FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS base -ARG IMAGE_NAME="${IMAGE_NAME}" -ARG IMAGE_VENDOR="${IMAGE_VENDOR}" -ARG IMAGE_FLAVOR="${IMAGE_FLAVOR}" -ARG AKMODS_FLAVOR="${AKMODS_FLAVOR}" -ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME}" -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION}" -ARG NVIDIA_TYPE="${NVIDIA_TYPE:-}" -ARG KERNEL="${KERNEL:-6.10.10-200.fc40.x86_64}" -ARG UBLUE_IMAGE_TAG="${UBLUE_IMAGE_TAG:-latest}" -ARG SHA_HEAD_SHORT="${SHA_HEAD_SHORT}" +ARG AKMODS_FLAVOR="coreos-stable" +ARG BASE_IMAGE_NAME="silverblue" +ARG FEDORA_MAJOR_VERSION="40" +ARG IMAGE_NAME="bluefin" +ARG IMAGE_VENDOR="ublue-os" +ARG KERNEL="6.10.10-200.fc40.x86_64" +ARG SHA_HEAD_SHORT="dedbeef" +ARG UBLUE_IMAGE_TAG="stable" # Build, cleanup, commit. RUN --mount=type=cache,dst=/var/cache/rpm-ostree \ --mount=type=bind,from=ctx,source=/,target=/ctx \ - --mount=type=bind,from=akmods,source=/rpms,target=/tmp/akmods \ - --mount=type=bind,from=nvidia_cache,source=/rpms,target=/tmp/akmods-rpms \ - --mount=type=bind,from=kernel_cache,source=/tmp/rpms,target=/tmp/kernel-rpms \ - rpm-ostree cliwrap install-to-root / && \ - mkdir -p /var/lib/alternatives && \ - /ctx/build_files/build-base.sh && \ - mv /var/lib/alternatives /staged-alternatives && \ - /ctx/build_files/clean-stage.sh && \ - ostree container commit && \ - mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \ - mkdir -p /var/tmp && \ - chmod -R 1777 /var/tmp + /ctx/build_files/shared/build-base.sh ## bluefin-dx developer edition image section FROM base AS dx -ARG IMAGE_NAME="${IMAGE_NAME}" -ARG IMAGE_VENDOR="${IMAGE_VENDOR}" -ARG BASE_IMAGE_NAME="${BASE_IMAGE_NAME}" -ARG IMAGE_FLAVOR="${IMAGE_FLAVOR}" -ARG AKMODS_FLAVOR="${AKMODS_FLAVOR}" -ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION}" -ARG NVIDIA_TYPE="${NVIDIA_TYPE:-}" -ARG KERNEL="${KERNEL:-6.10.10-200.fc40.x86_64}" -ARG UBLUE_IMAGE_TAG="${UBLUE_IMAGE_TAG:-latest}" +ARG AKMODS_FLAVOR="coreos-stable" +ARG BASE_IMAGE_NAME="silverblue" +ARG FEDORA_MAJOR_VERSION="40" +ARG IMAGE_NAME="bluefin-dx" +ARG IMAGE_VENDOR="ublue-os" +ARG KERNEL="6.10.10-200.fc40.x86_64" +ARG SHA_HEAD_SHORT="dedbeef" +ARG UBLUE_IMAGE_TAG="stable" # Build, Clean-up, Commit RUN --mount=type=cache,dst=/var/cache/rpm-ostree \ --mount=type=bind,from=ctx,source=/,target=/ctx \ - --mount=type=bind,from=akmods,source=/rpms,target=/tmp/akmods \ - mkdir -p /var/lib/alternatives && \ - /ctx/build_files/build-dx.sh && \ - fc-cache --system-only --really-force --verbose && \ - mv /var/lib/alternatives /staged-alternatives && \ - /ctx/build_files/clean-stage.sh \ - ostree container commit && \ - mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \ - mkdir -p /var/tmp && \ - chmod -R 1777 /var/tmp + /ctx/build_files/shared/build-dx.sh diff --git a/Justfile b/Justfile index de88d174925..1df78629acf 100644 --- a/Justfile +++ b/Justfile @@ -1,122 +1,506 @@ -export project_root := `git rev-parse --show-toplevel` -export git_branch := ` git branch --show-current` +repo_organization := "ublue-os" +images := '( + [aurora]=aurora + [aurora-dx]=aurora-dx + [bluefin]=bluefin + [bluefin-dx]=bluefin-dx +)' +flavors := '( + [main]=main + [nvidia]=nvidia + [hwe]=hwe + [hwe-nvidia]=hwe-nvidia +)' +tags := '( + [gts]=gts + [stable]=stable + [latest]=latest + [beta]=beta +)' -alias run := run-container - -_default: - @just help - -_container_mgr: - @{{ project_root }}/scripts/container_mgr.sh - -_base_image image: - @{{ project_root }}/scripts/base-image.sh {{ image }} - -_tag image target: - @{{ project_root }}/scripts/make-tag.sh {{ image }} {{ target }} +[private] +default: + @just --list # Check Just Syntax -just-check: +check: #!/usr/bin/bash - find "${project_root}" -type f -name "*.just" | while read -r file; do + find . -type f -name "*.just" | while read -r file; do echo "Checking syntax: $file" just --unstable --fmt --check -f $file done - echo "Checking syntax: ${project_root}/Justfile" - just --unstable --fmt --check -f ${project_root}/Justfile + echo "Checking syntax: Justfile" + just --unstable --fmt --check -f Justfile # Fix Just Syntax -just-fix: +fix: #!/usr/bin/bash - find "${project_root}" -type f -name "*.just" | while read -r file; do + find . -type f -name "*.just" | while read -r file; do echo "Checking syntax: $file" just --unstable --fmt -f $file done - echo "Checking syntax: ${project_root}/Justfile" - just --unstable --fmt -f ${project_root}/Justfile || { exit 1; } + echo "Checking syntax: Justfile" + just --unstable --fmt -f Justfile || { exit 1; } + +# Clean Repo +clean: + #!/usr/bin/bash + set -eoux pipefail + find *_build* -exec rm -rf {} \; + rm -f previous.manifest.json + +# Sudo Clean +sudo-clean: + #!/usr/bin/bash + set -eoux pipefail + just sudoif "find *_build* -exec rm -rf {} \;" + just sudoif "rm -f previous.manifest.json" + +# Build Container +build-container: + #!/usr/bin/bash + +# Check if valid combo +[private] +validate image="" tag="" flavor="": + #!/usr/bin/bash + set -eoux pipefail + declare -A images={{ images }} + declare -A tags={{ tags }} + declare -A flavors={{ flavors }} + image={{ image }} + tag={{ tag }} + flavor={{ flavor }} + checkimage="${images[${image}]-}" + checktag="${tags[${tag}]-}" + checkflavor="${flavors[${flavor}]-}" + + # Validity Checks + if [[ -z "$checkimage" ]]; then + echo "Invalid Image..." + exit 1 + fi + if [[ -z "$checktag" ]]; then + echo "Invalid tag..." + exit 1 + fi + if [[ "$checktag" =~ gts && "$checkimage" =~ aurora ]]; then + echo "Aurora Does not build GTS..." + exit 1 + fi + if [[ ! "$checktag" =~ latest && "$checkflavor" =~ hwe ]]; then + echo "HWE images are only built on latest..." + exit 1 + fi + +# sudoif bash function +[private] +sudoif command *args: + #!/usr/bin/bash + function sudoif(){ + if [[ "${UID}" -eq 0 ]]; then + "$@" + elif [[ "$(command -v sudo)" && -n "${SSH_ASKPASS:-}" ]] && [[ -n "${DISPLAY:-}" || -n "${WAYLAND_DISPLAY:-}" ]]; then + /usr/bin/sudo --askpass "$@" || exit 1 + elif [[ "$(command -v sudo)" ]]; then + /usr/bin/sudo "$@" || exit 1 + else + exit 1 + fi + } + sudoif {{ command }} {{ args }} # Build Image -build image="" target="" version="": - @{{ project_root }}/scripts/build-image.sh {{ image }} {{ target }} {{ version }} +build image="bluefin" tag="latest" flavor="main" rechunk="0": + #!/usr/bin/bash + set -eoux pipefail + image={{ image }} + tag={{ tag }} + flavor={{ flavor }} -# Run image -run-container image="" target="" version="": - @{{ project_root }}/scripts/run-image.sh {{ image }} {{ target }} {{ version }} + # Validate + just validate "${image}" "${tag}" "${flavor}" -# # Run Booted Image Session w/ Guest -# run-booted-guest image="" target="" version="": -# @{{ project_root }}/scripts/run-booted-guest.sh {{ image }} {{ target }} {{ version }} -# # Run Booted Image Session w/ mounted in $USER and $HOME -# run-booted-home image="" target="" version="": -# @{{ project_root }}/scripts/run-booted-home.sh {{ image }} {{ target }} {{ version }} + # Image Name + if [[ "${flavor}" =~ main ]]; then + image_name="${image}" + else + image_name="${image}-${flavor}" + fi -# Create ISO from local dev build image -build-iso image="" target="" version="": - @{{ project_root }}/scripts/build-iso.sh {{ image }} {{ target }} {{ version }} + # Base Image + if [[ "${image}" =~ bluefin ]]; then + base_image_name="silverblue" + elif [[ "${image}" =~ aurora ]]; then + base_image_name="kinoite" + fi -# Create ISO from local dev build image - use build-container-installer:main -build-iso-installer-main image="" target="" version="": - @{{ project_root }}/scripts/build-iso-installer-main.sh {{ image }} {{ target }} {{ version }} + # Target + if [[ "${image}" =~ dx ]]; then + target="dx" + else + target="base" + fi -# Run ISO from local dev build image -run-iso image="" target="" version="": - @{{ project_root }}/scripts/run-iso.sh {{ image }} {{ target }} {{ version }} + # Fedora Version + if [[ "${tag}" =~ stable ]]; then + fedora_version=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + else + fedora_version=$(skopeo inspect docker://ghcr.io/ublue-os/base-main:"${tag}" | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + fi -# Create ISO from currenct ghcr image -build-iso-ghcr image="" target="" version="": - @{{ project_root }}/scripts/build-iso-ghcr.sh {{ image }} {{ target }} {{ version }} + # AKMODS Flavor and Kernel Version + if [[ "${flavor}" =~ hwe ]]; then + akmods_flavor="bazzite" + elif [[ "${tag}" =~ stable|gts ]]; then + akmods_flavor="coreos-stable" + elif [[ "${tag}" =~ beta ]]; then + akmods_flavor="coreos-testing" + else + akmods_flavor="main" + fi + kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/${akmods_flavor}-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') -# Clean Directory. Remove ISOs and Build Files -clean: - @{{ project_root }}/scripts/cleanup-dir.sh + # Get Version + ver=$(skopeo inspect docker://ghcr.io/ublue-os/"${base_image_name}-main":"${fedora_version}" | jq -r '.Labels["org.opencontainers.image.version"]') + if [ -z "$ver" ] || [ "null" = "$ver" ]; then + echo "inspected image version must not be empty or null" + exit 1 + fi -# Remove built images -clean-images: - @{{ project_root }}/scripts/cleanup-images.sh + # Build Arguments + BUILD_ARGS=() + BUILD_ARGS+=("--build-arg" "AKMODS_FLAVOR=${akmods_flavor}") + BUILD_ARGS+=("--build-arg" "BASE_IMAGE_NAME=${base_image_name}") + BUILD_ARGS+=("--build-arg" "FEDORA_MAJOR_VERSION=${fedora_version}") + BUILD_ARGS+=("--build-arg" "IMAGE_NAME=${image_name}") + BUILD_ARGS+=("--build-arg" "IMAGE_VENDOR={{ repo_organization }}") + BUILD_ARGS+=("--build-arg" "KERNEL=${kernel_release}") + if ! git diff-index --quiet HEAD -- ; then + BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=$(git rev-parse --short HEAD)") + fi + BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${tag}") -# List Built Images -list-images: - @{{ project_root }}/scripts/list-images.sh + # Labels + LABELS=() + LABELS+=("--label" "org.opencontainers.image.title=${image_name}") + LABELS+=("--label" "org.opencontainers.image.version=${ver}") + LABELS+=("--label" "ostree.linux=${kernel_release}") + LABELS+=("--label" "io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/bluefin/bluefin/README.md") + LABELS+=("--label" "io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4") + LABELS+=("--label" "org.opencontainers.image.description=An interpretation of the Ubuntu spirit built on Fedora technology") + # Build Image + podman build \ + "${BUILD_ARGS[@]}" \ + "${LABELS[@]}" \ + --target "${target}" \ + --tag "${image_name}:${tag}" \ + . + + # Rechunk + if [[ "{{ rechunk }}" == "1" ]]; then + just rechunk "${image}" "${tag}" "${flavor}" + fi + +# Build Image and Rechunk +build-rechunk image="bluefin" tag="latest" flavor="main": + @just build {{ image }} {{ tag }} {{ flavor }} 1 + +# Rechunk Image [private] -help: +rechunk image="bluefin" tag="latest" flavor="main": #!/usr/bin/bash - echo " " - echo "These are helper scripts for building and testing development images " - echo " " - echo "You can run dev images either in 'booted like' setup with 'just run-booted' " - echo "Or in a more stripped down version with 'just run' " - echo "Specify which image you wish to build and run by name. " - echo "Example: 'just run-container aurora' -> runs aurora without systemd " - echo " " - echo "Helper scripts are in 'project_root/scripts'. " - echo " " - echo "Modify the 'devcontainer.json' in 'project_root/.devcontainer' to support " - echo "Running the devcontainer with podman or docker " - echo "Manually specify container manager with '$CONTAINER_MGR' enviornment variable " - echo " " - just --list - -# Build Bluefin GTS -bluefin: (build "bluefin" "base" "gts") - -# Build Bluefin-DX GTS -bluefin-dx: (build "bluefin" "dx" "gts") - -# Build Bluefin GTS ISO -bluefin-iso: (build-iso "bluefin" "base" "gts") - -# Build Bluefin-DX GTS ISO -bluefin-dx-iso: (build-iso "bluefin" "dx" "gts") - -# Build Aurora -aurora: (build "aurora" "base" "stable") - -# Builed Aurora-DX -aurora-dx: (build "aurora" "dx" "stable") - -# Build Aurora ISO -aurora-iso: (build-iso "aurora" "base" "stable") - -# Builed Aurora-DX ISO -aurora-dx-iso: (build-iso "aurora" "dx" "stable") + set -eoux pipefail + + image={{ image }} + tag={{ tag }} + flavor={{ flavor }} + + # Validate + just validate "${image}" "${tag}" "${flavor}" + + # Image Name + if [[ "${flavor}" =~ main ]]; then + image_name="${image}" + else + image_name="${image}-${flavor}" + fi + + # Check if image is already built + ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") + if [[ -z "$ID" ]]; then + just build "${image}" "${tag}" "${flavor}" + fi + + # Load into Rootful Podman + ID=$(just sudoif podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") + if [[ -z "$ID" ]]; then + just sudoif podman image scp ${UID}@localhost::localhost/"${image_name}":"${tag}" root@localhost::localhost/"${image_name}":"${tag}" + fi + + # Prep Container + CREF=$(just sudoif podman create localhost/"${image_name}":"${tag}" bash) + MOUNT=$(just sudoif podman mount "${CREF}") + OUT_NAME="${image_name}_build" + + # Run Rechunker's Prune + just sudoif podman run --rm \ + --pull=newer \ + --security-opt label=disable \ + --volume "$MOUNT":/var/tree \ + --env TREE=/var/tree \ + --user 0:0 \ + ghcr.io/hhd-dev/rechunk:latest \ + /sources/rechunk/1_prune.sh + + # Run Rechunker's Create + just sudoif podman run --rm \ + --security-opt label=disable \ + --volume "$MOUNT":/var/tree \ + --volume "cache_ostree:/var/ostree" \ + --env TREE=/var/tree \ + --env REPO=/var/ostree/repo \ + --env RESET_TIMESTAMP=1 \ + --user 0:0 \ + ghcr.io/hhd-dev/rechunk:latest \ + /sources/rechunk/2_create.sh + + # Cleanup Temp Container Reference + just sudoif podman unmount "$CREF" + just sudoif podman rm "$CREF" + + # Run Rechunker + just sudoif podman run --rm \ + --pull=newer \ + --security-opt label=disable \ + --volume "$PWD:/workspace" \ + --volume "$PWD:/var/git" \ + --volume cache_ostree:/var/ostree \ + --env REPO=/var/ostree/repo \ + --env PREV_REF=ghcr.io/ublue-os/"${image_name}":"${tag}" \ + --env OUT_NAME="$OUT_NAME" \ + --env LABELS="org.opencontainers.image.title=${image_name}$'\n'org.opencontainers.image.version=localbuild-$(date +%Y%m%d-%H:%M:%S)$'\n''io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/bluefin/refs/heads/main/README.md'$'\n''io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4'$'\n'" \ + --env "DESCRIPTION='An interpretation of the Ubuntu spirit built on Fedora technology'" \ + --env VERSION_FN=/workspace/version.txt \ + --env OUT_REF="oci:$OUT_NAME" \ + --env GIT_DIR="/var/git" \ + --user 0:0 \ + ghcr.io/hhd-dev/rechunk:latest \ + /sources/rechunk/3_chunk.sh + + # Cleanup + just sudoif "find ${OUT_NAME} -type d -exec chmod 0755 {} \;" || true + just sudoif "find ${OUT_NAME}* -type f -exec chmod 0644 {} \;" || true + if [[ "${UID}" -gt 0 ]]; then + just sudoif chown ${UID}:${GROUPS} -R "${PWD}" + fi + just sudoif podman volume rm cache_ostree + just sudoif podman rmi localhost/"${image_name}":"${tag}" + + # Load Image into Podman Store + IMAGE=$(podman pull oci:"${PWD}"/"${OUT_NAME}") + podman tag ${IMAGE} localhost/"${image_name}":"${tag}" + +# Run Container +run image="bluefin" tag="latest" flavor="main": + #!/usr/bin/bash + set -eoux pipefail + image={{ image }} + tag={{ tag }} + flavor={{ flavor }} + + # Validate + just validate "${image}" "${tag}" "${flavor}" + + # Image Name + if [[ "${flavor}" =~ main ]]; then + image_name="${image}" + else + image_name="${image}-${flavor}" + fi + + # Check if image exists + ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") + if [[ -z "$ID" ]]; then + just build "$image" "$tag" "$flavor" + fi + + # Run Container + podman run -it --rm localhost/"${image_name}":"${tag}" bash + +# Build ISO +build-iso image="bluefin" tag="latest" flavor="main" ghcr="0": + #!/usr/bin/bash + set -eoux pipefail + image={{ image }} + tag={{ tag }} + flavor={{ flavor }} + + # Validate + just validate "${image}" "${tag}" "${flavor}" + + # Image Name + if [[ "${flavor}" =~ main ]]; then + image_name="${image}" + else + image_name="${image}-${flavor}" + fi + + build_dir="${image_name}_build" + mkdir -p "$build_dir" + + if [[ -f "${build_dir}/${image_name}.iso" || -f "${build_dir}/${image_name}.iso-CHECKSUM" ]]; then + echo "ERROR - ISO or Checksum already exist. Please mv or rm to build new ISO" + exit 1 + fi + + # Local or Github Build + if [[ "{{ ghcr }}" == "1" ]]; then + IMAGE_FULL=ghcr.io/ublue-os/"${image_name}":"${tag}" + IMAGE_REPO=ghcr.io/ublue-os + podman pull "${IMAGE_FULL}" + else + IMAGE_FULL=localhost/"${image_name}":"${tag}" + IMAGE_REPO=localhost + ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") + if [[ -z "$ID" ]]; then + just build "$image" "$tag" "$flavor" + fi + fi + + # Load Image into rootful podman + if [[ "${UID}" -gt 0 ]]; then + just sudoif podman image scp "${UID}"@localhost::"${IMAGE_FULL}" root@localhost::"${IMAGE_FULL}" + fi + + # Flatpak list for bluefin/aurora + if [[ "${image_name}" =~ bluefin ]]; then + FLATPAK_DIR_SHORTNAME="bluefin_flatpaks" + elif [[ "${image_name}" =~ aurora ]]; then + FLATPAK_DIR_SHORTNAME="aurora_flatpaks" + fi + + # Generate Flatpak List + TEMP_FLATPAK_INSTALL_DIR="$(mktemp -d -p /tmp flatpak-XXXXX)" + flatpak_refs=() + while IFS= read -r line; do + flatpak_refs+=("$line") + done < "${FLATPAK_DIR_SHORTNAME}/flatpaks" + + # Add DX Flatpaks if needed + if [[ "${image_name}" =~ dx ]]; then + while IFS= read -r line; do + flatpak_refs+=("$line") + done < "dx_flatpaks/flatpaks" + fi + + echo "Flatpak refs: ${flatpak_refs[@]}" + + # Generate Install Script for Flatpaks + tee "${TEMP_FLATPAK_INSTALL_DIR}/install-flatpaks.sh"< /output/flatpaks-with-deps + EOF + + # Create Flatpak List with dependencies + flatpak_list_args=() + flatpak_list_args+=("--rm" "--privileged") + flatpak_list_args+=("--entrypoint" "/usr/bin/bash") + flatpak_list_args+=("--env" "FLATPAK_SYSTEM_DIR=/flatpak/flatpak") + flatpak_list_args+=("--env" "FLATPAK_TRIGGERSDIR=/flatpak/triggers") + flatpak_list_args+=("--volume" "$(realpath ./${build_dir}):/output") + flatpak_list_args+=("--volume" "${TEMP_FLATPAK_INSTALL_DIR}:/temp_flatpak_install_dir") + flatpak_list_args+=("${IMAGE_FULL}" /temp_flatpak_install_dir/install-flatpaks.sh) + + if [[ ! -f "${build_dir}/flatpaks-with-deps" ]]; then + podman run "${flatpak_list_args[@]}" + else + echo "WARNING - Reusing previous determined flatpaks-with-deps" + fi + + # List Flatpaks with Dependencies + cat "${build_dir}/flatpaks-with-deps" + + # Build ISO + iso_build_args=() + iso_build_args+=("--rm" "--privileged" "--pull=newer") + iso_build_args+=(--volume "/var/lib/containers/storage:/var/lib/containers/storage:ro") + iso_build_args+=(--volume "${PWD}:/github/workspace/") + iso_build_args+=(ghcr.io/jasonn3/build-container-installer:latest) + iso_build_args+=(ARCH="x86_64") + iso_build_args+=(ENROLLMENT_PASSWORD="universalblue") + iso_build_args+=(FLATPAK_REMOTE_REFS_DIR="/github/workspace/${build_dir}") + iso_build_args+=(IMAGE_NAME="${image_name}") + iso_build_args+=(IMAGE_REPO="${IMAGE_REPO}") + iso_build_args+=(IMAGE_SIGNED="true") + iso_build_args+=(IMAGE_SRC="containers-storage:${IMAGE_FULL}") + iso_build_args+=(IMAGE_TAG="${tag}") + iso_build_args+=(ISO_NAME="/github/workspace/${build_dir}/${image_name}.iso") + iso_build_args+=(SECURE_BOOT_KEY_URL="https://github.com/ublue-os/akmods/raw/main/certs/public_key.der") + if [[ "${image_name}" =~ bluefin ]]; then + iso_build_args+=(VARIANT="Silverblue") + else + iso_build_args+=(VARIANT="Kinoite") + fi + iso_build_args+=(VERSION="$(skopeo inspect containers-storage:${IMAGE_FULL} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+')") + iso_build_args+=(WEBUI="false") + + just sudoif podman run "${iso_build_args[@]}" + just sudoif chown "${UID}:${GROUPS}" -R "${PWD}" + +# Build ISO using GHCR Image +build-iso-ghcr image="bluefin" tag="latest" flavor="main": + @just build-iso {{ image }} {{ tag }} {{ flavor }} ghcr + +# Run ISO +run-iso image="bluefin" tag="latest" flavor="main": + #!/usr/bin/bash + set -eoux pipefail + image={{ image }} + tag={{ tag }} + flavor={{ flavor }} + + # Validate + just validate "${image}" "${tag}" "${flavor}" + + # Image Name + if [[ "${flavor}" =~ main ]]; then + image_name="${image}" + else + image_name="${image}-${flavor}" + fi + + # Check if ISO Exists + if [[ ! -f "${image_name}_build/${image_name}.iso" ]]; then + just build-iso "$image" "$tag" "$flavor" + fi + + # Determine which port to use + port=8006; + while grep -q :${port} <<< $(ss -tunalp); do + port=$(( port + 1 )) + done + echo "Using Port: ${port}" + echo "Connect to http://localhost:${port}" + run_args=() + run_args+=(--rm --privileged) + run_args+=(--pull=newer) + run_args+=(--publish "127.0.0.1:${port}:8006") + run_args+=(--env "CPU_CORES=4") + run_args+=(--env "RAM_SIZE=8G") + run_args+=(--env "DISK_SIZE=64G") + run_args+=(--env "BOOT_MODE=windows_secure") + run_args+=(--env "TPM=Y") + run_args+=(--env "GPU=Y") + run_args+=(--device=/dev/kvm) + run_args+=(--volume "${PWD}/${image_name}_build/${image_name}.iso":"/boot.iso") + run_args+=(docker.io/qemux/qemu-docker) + podman run "${run_args[@]}" & + xdg-open http://localhost:${port} + fg "%podman" diff --git a/build_files/aurora-changes.sh b/build_files/aurora-changes.sh deleted file mode 100755 index 9520dbb5362..00000000000 --- a/build_files/aurora-changes.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -if [[ "${BASE_IMAGE_NAME}" = "kinoite" ]]; then - ln -sf ../places/distributor-logo.svg /usr/share/icons/hicolor/scalable/apps/start-here.svg - ln -sf /usr/share/wallpapers/jonatan-pie-aurora/contents/images/3944x2770.jxl /usr/share/backgrounds/default.png - ln -sf /usr/share/wallpapers/greg-rakozy-aurora/contents/images/5616x3744.jxl /usr/share/backgrounds/default-dark.png - ln -sf aurora.xml /usr/share/backgrounds/default.xml - sed -i '//,/<\/entry>/ s/[^<]*<\/default>/preferred:\/\/browser,applications:org.gnome.Ptyxis.desktop,applications:org.kde.discover.desktop,preferred:\/\/filemanager<\/default>/' /usr/share/plasma/plasmoids/org.kde.plasma.taskmanager/contents/config/main.xml - sed -i '//,/<\/entry>/ s/[^<]*<\/default>/preferred:\/\/browser,systemsettings.desktop,org.kde.dolphin.desktop,org.kde.kate.desktop,org.gnome.Ptyxis.desktop,org.kde.discover.desktop<\/default>/' /usr/share/plasma/plasmoids/org.kde.plasma.kickoff/contents/config/main.xml - sed -i 's@\[Desktop Action new-window\]@\[Desktop Action new-window\]\nX-KDE-Shortcuts=Ctrl+Alt+T@g' /usr/share/applications/org.gnome.Ptyxis.desktop - sed -i 's@Exec=ptyxis@Exec=kde-ptyxis@g' /usr/share/applications/org.gnome.Ptyxis.desktop - sed -i 's@Keywords=@Keywords=konsole;console;@g' /usr/share/applications/org.gnome.Ptyxis.desktop - cp /usr/share/applications/org.gnome.Ptyxis.desktop /usr/share/kglobalaccel/org.gnome.Ptyxis.desktop - sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nNoDisplay=true@g' /usr/share/applications/org.kde.konsole.desktop - sed -i 's@Bluefin@Aurora@g' /usr/share/applications/system-update.desktop - sed -i 's@Bluefin@Aurora@g' /usr/share/ublue-os/motd/tips/10-tips.md - sed -i 's@Bluefin@Aurora@g' /usr/libexec/ublue-flatpak-manager - rm -f /etc/profile.d/gnome-ssh-askpass.{csh,sh} # This shouldn't be pulled in - rm -f /usr/share/kglobalaccel/org.kde.konsole.desktop - systemctl enable kde-sysmonitor-workaround.service - # Test aurora gschema override for errors. If there are no errors, proceed with compiling aurora gschema, which includes setting overrides. - mkdir -p /tmp/aurora-schema-test - find /usr/share/glib-2.0/schemas/ -type f ! -name "*.gschema.override" -exec cp {} /tmp/aurora-schema-test/ \; - cp /usr/share/glib-2.0/schemas/zz0-aurora-modifications.gschema.override /tmp/aurora-schema-test/ - echo "Running error test for aurora gschema override. Aborting if failed." - glib-compile-schemas --strict /tmp/aurora-schema-test - echo "Compiling gschema to include aurora setting overrides" - glib-compile-schemas /usr/share/glib-2.0/schemas &>/dev/null -fi \ No newline at end of file diff --git a/build_files/base/00-build-fix.sh b/build_files/base/00-build-fix.sh new file mode 100755 index 00000000000..2261cf17cad --- /dev/null +++ b/build_files/base/00-build-fix.sh @@ -0,0 +1,25 @@ +#!/usr/bin/bash + +set -eoux pipefail + +# This script provides fixes to packages known to have caused build skew. +# It works by force replacing packages on the FROM image with current +# packages from fedora update repos. + +repos=( + fedora-updates.repo + fedora-updates-archive.repo +) + +for repo in "${repos[@]}"; do + if [ $(grep -c "enabled=1" /etc/yum.repos.d/${repo}) -eq 0 ]; then + sed -i "0,/enabled=0/{s/enabled=0/enabled=1/}" /etc/yum.repos.d/${repo} + fi +done + +rpm-ostree override replace \ + --experimental \ + --from repo=updates \ + elfutils-libelf \ + elfutils-libs \ + || true \ No newline at end of file diff --git a/build_files/base/01-install-copr-repos.sh b/build_files/base/01-install-copr-repos.sh new file mode 100755 index 00000000000..868885bd313 --- /dev/null +++ b/build_files/base/01-install-copr-repos.sh @@ -0,0 +1,15 @@ + +#!/usr/bin/bash + +set -eoux pipefail + +# Add Staging repo +curl -Lo /etc/yum.repos.d/ublue-os-staging-fedora-"$(rpm -E %fedora)".repo \ + https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"$(rpm -E %fedora)"/ublue-os-staging-fedora-"$(rpm -E %fedora)".repo + +# Add Switcheroo Repo +curl -Lo /etc/yum.repos.d/_copr_sentry-switcheroo-control_discrete.repo \ + https://copr.fedorainfracloud.org/coprs/sentry/switcheroo-control_discrete/repo/fedora-"$(rpm -E %fedora)"/sentry-switcheroo-control_discrete-fedora-"$(rpm -E %fedora)".repo + +# Add Nerd Fonts Repo +curl -Lo /etc/yum.repos.d/_copr_che-nerd-fonts-"$(rpm -E %fedora)".repo https://copr.fedorainfracloud.org/coprs/che/nerd-fonts/repo/fedora-"$(rpm -E %fedora)"/che-nerd-fonts-fedora-"$(rpm -E %fedora)".repo diff --git a/build_files/base/02-install-kernel-akmods.sh b/build_files/base/02-install-kernel-akmods.sh new file mode 100755 index 00000000000..a2748cf2eb4 --- /dev/null +++ b/build_files/base/02-install-kernel-akmods.sh @@ -0,0 +1,90 @@ +#!/usr/bin/bash + +set -eoux pipefail + +# Remove Existing Kernel +for pkg in kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra +do + rpm --erase $pkg --nodeps +done + +# Fetch Kernel +skopeo copy docker://ghcr.io/ublue-os/"${AKMODS_FLAVOR}"-kernel:"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/kernel-rpms +KERNEL_TARGZ=$(jq -r '.layers[].digest' < /tmp/kernel-rpms/manifest.json | cut -d : -f 2) +tar -xvzf /tmp/kernel-rpms/"$KERNEL_TARGZ" -C / +mv /tmp/rpms/* /tmp/kernel-rpms/ + +# Install Kernel +rpm-ostree install \ + /tmp/kernel-rpms/kernel-[0-9]*.rpm \ + /tmp/kernel-rpms/kernel-core-*.rpm \ + /tmp/kernel-rpms/kernel-modules-*.rpm + +# Fetch Common AKMODS +skopeo copy docker://ghcr.io/ublue-os/akmods:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods +AKMODS_TARGZ=$(jq -r '.layers[].digest' < /tmp/akmods/manifest.json | cut -d : -f 2) +tar -xvzf /tmp/akmods/"$AKMODS_TARGZ" -C /tmp/ +mv /tmp/rpms/* /tmp/akmods/ + +# Everyone +sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo +rpm-ostree install \ + /tmp/akmods/kmods/*xone*.rpm \ + /tmp/akmods/kmods/*openrazer*.rpm + +if [[ -f $(find /tmp/akmods-rpms/kmods/*framework-laptop*.rpm) ]]; then + rpm-ostree install \ + /tmp/akmods-rpms/kmods/*framework-laptop*.rpm +fi + +# RPMFUSION Dependent AKMODS +rpm-ostree install \ + https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \ + https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm +rpm-ostree install \ + broadcom-wl /tmp/akmods/kmods/*wl*.rpm \ + v4l2loopback /tmp/akmods/kmods/*v4l2loopback*.rpm +rpm-ostree uninstall rpmfusion-free-release rpmfusion-nonfree-release + +# Nvidia AKMODS +if [[ "${IMAGE_NAME}" =~ nvidia ]]; then + # Fetch Nvidia RPMs + skopeo copy docker://ghcr.io/ublue-os/akmods-nvidia:${AKMODS_FLAVOR}-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-rpms + NVIDIA_TARGZ=$(jq -r '.layers[].digest' < /tmp/akmods-rpms/manifest.json | cut -d : -f 2) + tar -xvzf /tmp/akmods-rpms/"$NVIDIA_TARGZ" -C /tmp/ + mv /tmp/rpms/* /tmp/akmods-rpms/ + + # Install Nvidia RPMs + curl -Lo /tmp/nvidia-install.sh https://raw.githubusercontent.com/ublue-os/hwe/main/nvidia-install.sh + chmod +x /tmp/nvidia-install.sh + IMAGE_NAME="${BASE_IMAGE_NAME}" RPMFUSION_MIRROR="" /tmp/nvidia-install.sh + rm -f /usr/share/vulkan/icd.d/nouveau_icd.*.json +fi + +# ZFS for gts/stable +if [[ ${AKMODS_FLAVOR} =~ coreos ]]; then + # Fetch ZFS RPMs + skopeo copy docker://ghcr.io/ublue-os/akmods-zfs:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-zfs + ZFS_TARGZ=$(jq -r '.layers[].digest' < /tmp/akmods-zfs/manifest.json | cut -d : -f 2) + tar -xvzf /tmp/akmods-zfs/"$ZFS_TARGZ" -C /tmp/ + mv /tmp/rpms/* /tmp/akmods-zfs/ + + # Declare ZFS RPMs + ZFS_RPMS=( + /tmp/akmods-zfs/kmods/zfs/kmod-zfs-"${KERNEL}"-*.rpm + /tmp/akmods-zfs/kmods/zfs/libnvpair3-*.rpm + /tmp/akmods-zfs/kmods/zfs/libuutil3-*.rpm + /tmp/akmods-zfs/kmods/zfs/libzfs5-*.rpm + /tmp/akmods-zfs/kmods/zfs/libzpool5-*.rpm + /tmp/akmods-zfs/kmods/zfs/python3-pyzfs-*.rpm + /tmp/akmods-zfs/kmods/zfs/zfs-*.rpm + pv + ) + + # Install + rpm-ostree install "${ZFS_RPMS[@]}" + + # Depmod and autoload + depmod -a -v "${KERNEL}" + echo "zfs" > /usr/lib/modules-load.d/zfs.conf +fi \ No newline at end of file diff --git a/build_files/packages.sh b/build_files/base/03-packages.sh similarity index 100% rename from build_files/packages.sh rename to build_files/base/03-packages.sh diff --git a/build_files/base/04-override-install.sh b/build_files/base/04-override-install.sh new file mode 100755 index 00000000000..8c36fa5aa46 --- /dev/null +++ b/build_files/base/04-override-install.sh @@ -0,0 +1,77 @@ +#!/usr/bin/bash + +set -eoux pipefail + +# Patched shells +if [[ "${BASE_IMAGE_NAME}" =~ silverblue ]]; then + rpm-ostree override replace \ + --experimental \ + --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ + gnome-shell +elif [[ "${BASE_IMAGE_NAME}" =~ kinoite ]]; then + rpm-ostree override replace \ + --experimental \ + --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ + kf6-kio-doc \ + kf6-kio-widgets-libs \ + kf6-kio-core-libs \ + kf6-kio-widgets \ + kf6-kio-file-widgets \ + kf6-kio-core \ + kf6-kio-gui +fi + +# GNOME Triple Buffering +if [[ "${BASE_IMAGE_NAME}" =~ silverblue && "${FEDORA_MAJOR_VERSION}" -lt "41" ]]; then + rpm-ostree override replace \ + --experimental \ + --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ + mutter \ + mutter-common +fi + +# Fix for ID in fwupd +rpm-ostree override replace \ + --experimental \ + --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ + fwupd \ + fwupd-plugin-flashrom \ + fwupd-plugin-modem-manager \ + fwupd-plugin-uefi-capsule-data + +# Switcheroo patch +rpm-ostree override replace \ + --experimental \ + --from repo=copr:copr.fedorainfracloud.org:sentry:switcheroo-control_discrete \ + switcheroo-control + +rm /etc/yum.repos.d/_copr_sentry-switcheroo-control_discrete.repo + +# Starship Shell Prompt +curl -Lo /tmp/starship.tar.gz "https://github.com/starship/starship/releases/latest/download/starship-x86_64-unknown-linux-gnu.tar.gz" +tar -xzf /tmp/starship.tar.gz -C /tmp +install -c -m 0755 /tmp/starship /usr/bin +# shellcheck disable=SC2016 +echo 'eval "$(starship init bash)"' >> /etc/bashrc + +# Bash Prexec +curl -Lo /usr/share/bash-prexec https://raw.githubusercontent.com/rcaloras/bash-preexec/master/bash-preexec.sh + +# Topgrade Install +pip install --prefix=/usr topgrade + +# Install ublue-update -- breaks with packages.json due to missing topgrade +rpm-ostree install ublue-update + +# Consolidate Just Files +find /tmp/just -iname '*.just' -exec printf "\n\n" \; -exec cat {} \; >> /usr/share/ublue-os/just/60-custom.just + +# Move over ublue-update config +mv -f /tmp/ublue-update.toml /usr/etc/ublue-update/ublue-update.toml + +# Register Fonts +fc-cache -f /usr/share/fonts/ubuntu +fc-cache -f /usr/share/fonts/inter + +# Get Quadlets +/ctx/build_files/base/fetch-quadlets.sh diff --git a/build_files/base/05-base-image-changes.sh b/build_files/base/05-base-image-changes.sh new file mode 100755 index 00000000000..3faf2675a86 --- /dev/null +++ b/build_files/base/05-base-image-changes.sh @@ -0,0 +1,96 @@ +#!/usr/bin/bash + +set -ouex pipefail + +if [[ "${BASE_IMAGE_NAME}" = "kinoite" ]]; then + # Branding for flatpak manager + sed -i 's/Bluefin/Aurora/' /usr/libexec/ublue-flatpak-manager + + # Restore x11 for Nvidia Images + if [[ "${FEDORA_MAJOR_VERSION}" -eq "40" ]]; then + rpm-ostree install plasma-workspace-x11 + fi + + # Branding for Images + ln -sf ../places/distributor-logo.svg /usr/share/icons/hicolor/scalable/apps/start-here.svg + ln -sf /usr/share/wallpapers/jonatan-pie-aurora/contents/images/3944x2770.jxl /usr/share/backgrounds/default.png + ln -sf /usr/share/wallpapers/greg-rakozy-aurora/contents/images/5616x3744.jxl /usr/share/backgrounds/default-dark.png + ln -sf aurora.xml /usr/share/backgrounds/default.xml + + # Favorites in Kickoff + sed -i '//,/<\/entry>/ s/[^<]*<\/default>/preferred:\/\/browser,applications:org.gnome.Ptyxis.desktop,applications:org.kde.discover.desktop,preferred:\/\/filemanager<\/default>/' /usr/share/plasma/plasmoids/org.kde.plasma.taskmanager/contents/config/main.xml + sed -i '//,/<\/entry>/ s/[^<]*<\/default>/preferred:\/\/browser,systemsettings.desktop,org.kde.dolphin.desktop,org.kde.kate.desktop,org.gnome.Ptyxis.desktop,org.kde.discover.desktop<\/default>/' /usr/share/plasma/plasmoids/org.kde.plasma.kickoff/contents/config/main.xml + + # Ptyxis Terminal + sed -i 's@\[Desktop Action new-window\]@\[Desktop Action new-window\]\nX-KDE-Shortcuts=Ctrl+Alt+T@g' /usr/share/applications/org.gnome.Ptyxis.desktop + sed -i 's@Exec=ptyxis@Exec=kde-ptyxis@g' /usr/share/applications/org.gnome.Ptyxis.desktop + sed -i 's@Keywords=@Keywords=konsole;console;@g' /usr/share/applications/org.gnome.Ptyxis.desktop + cp /usr/share/applications/org.gnome.Ptyxis.desktop /usr/share/kglobalaccel/org.gnome.Ptyxis.desktop + sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nNoDisplay=true@g' /usr/share/applications/org.kde.konsole.desktop + + # Rebrand to Aurora + sed -i 's@Bluefin@Aurora@g' /usr/share/applications/system-update.desktop + sed -i 's@Bluefin@Aurora@g' /usr/share/ublue-os/motd/tips/10-tips.md + sed -i 's@Bluefin@Aurora@g' /usr/libexec/ublue-flatpak-manager + + rm -f /etc/profile.d/gnome-ssh-askpass.{csh,sh} # This shouldn't be pulled in + rm -f /usr/share/kglobalaccel/org.kde.konsole.desktop + systemctl enable kde-sysmonitor-workaround.service + + # Get Default Font since font fallback doesn't work + curl --output-dir /tmp -LO https://github.com/ryanoasis/nerd-fonts/releases/download/v3.2.1/FiraCode.zip + mkdir -p /usr/share/fonts/fira-nf + unzip /tmp/FiraCode.zip -d /usr/share/fonts/fira-nf + fc-cache -f /usr/share/fonts/fira-nf + + # Test aurora gschema override for errors. If there are no errors, proceed with compiling aurora gschema, which includes setting overrides. + mkdir -p /tmp/aurora-schema-test + find /usr/share/glib-2.0/schemas/ -type f ! -name "*.gschema.override" -exec cp {} /tmp/aurora-schema-test/ \; + cp /usr/share/glib-2.0/schemas/zz0-aurora-modifications.gschema.override /tmp/aurora-schema-test/ + echo "Running error test for aurora gschema override. Aborting if failed." + glib-compile-schemas --strict /tmp/aurora-schema-test + echo "Compiling gschema to include aurora setting overrides" + glib-compile-schemas /usr/share/glib-2.0/schemas &>/dev/null + +elif [[ "${BASE_IMAGE_NAME}" = "silverblue" ]]; then + + # Remove desktop entries + if [[ -f /usr/share/applications/gnome-system-monitor.desktop ]]; then + sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nHidden=true@g' /usr/share/applications/gnome-system-monitor.desktop + fi + if [[ -f /usr/share/applications/org.gnome.SystemMonitor.desktop ]]; then + sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nHidden=true@g' /usr/share/applications/org.gnome.SystemMonitor.desktop + fi + + # GNOME Terminal is replaced with Ptyxis in F41+ + if [[ "${FEDORA_MAJOR_VERSION}" -lt "41" ]]; then + sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nNoDisplay=true@g' /usr/share/applications/org.gnome.Terminal.desktop + sed -i 's@accent-color="slate"@@g' /usr/share/glib-2.0/schemas/zz0-bluefin-modifications.gschema.override + sed -i 's@'", "\''xwayland-native-scaling'\''@@g' /usr/share/glib-2.0/schemas/zz0-bluefin-modifications.gschema.override + fi + + # Create symlinks from old to new wallpaper names for backwards compatibility + ln -s "/usr/share/backgrounds/bluefin/01-bluefin.xml" "/usr/share/backgrounds/bluefin/bluefin-winter-dynamic.xml" + ln -s "/usr/share/backgrounds/bluefin/04-bluefin.xml" "/usr/share/backgrounds/bluefin/bluefin-spring-dynamic.xml" + ln -s "/usr/share/backgrounds/bluefin/08-bluefin.xml" "/usr/share/backgrounds/bluefin/bluefin-summer-dynamic.xml" + ln -s "/usr/share/backgrounds/bluefin/11-bluefin.xml" "/usr/share/backgrounds/bluefin/bluefin-autumn-dynamic.xml" + ln -s "/usr/share/backgrounds/xe_clouds.jxl" "/usr/share/backgrounds/xe_clouds.jpeg" + ln -s "/usr/share/backgrounds/xe_foothills.jxl" "/usr/share/backgrounds/xe_foothills.jpeg" + ln -s "/usr/share/backgrounds/xe_space_needle.jxl" "/usr/share/backgrounds/xe_space_needle.jpeg" + ln -s "/usr/share/backgrounds/xe_sunset.jxl" "/usr/share/backgrounds/xe_sunset.jpeg" + + # Test bluefin gschema override for errors. If there are no errors, proceed with compiling bluefin gschema, which includes setting overrides. + mkdir -p /tmp/bluefin-schema-test + find /usr/share/glib-2.0/schemas/ -type f ! -name "*.gschema.override" -exec cp {} /tmp/bluefin-schema-test/ \; + cp /usr/share/glib-2.0/schemas/zz0-bluefin-modifications.gschema.override /tmp/bluefin-schema-test/ + echo "Running error test for bluefin gschema override. Aborting if failed." + # We are omitting "--strict" from the schema validation since GNOME <47 do not contain the accent-color keys. + # We should ideally refactor this to handle multiple GNOME version schemas better + glib-compile-schemas --strict /tmp/bluefin-schema-test + echo "Compiling gschema to include bluefin setting overrides" + glib-compile-schemas /usr/share/glib-2.0/schemas &>/dev/null +fi + +# Watermark for Plymouth +cp /usr/share/plymouth/themes/spinner/{"$BASE_IMAGE_NAME"-,}watermark.png + diff --git a/build_files/firmware.sh b/build_files/base/06-firmware.sh similarity index 97% rename from build_files/firmware.sh rename to build_files/base/06-firmware.sh index 572dde0bfaa..0dca6ac801a 100755 --- a/build_files/firmware.sh +++ b/build_files/base/06-firmware.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -set -xeuo pipefail +set -eoux pipefail mkdir -p /tmp/mediatek-firmware curl -Lo /tmp/mediatek-firmware/WIFI_MT7922_patch_mcu_1_1_hdr.bin https://gitlab.com/kernel-firmware/linux-firmware/-/raw/8f08053b2a7474e210b03dbc2b4ba59afbe98802/mediatek/WIFI_MT7922_patch_mcu_1_1_hdr.bin?inline=false diff --git a/build_files/brew.sh b/build_files/base/07-brew.sh similarity index 100% rename from build_files/brew.sh rename to build_files/base/07-brew.sh diff --git a/build_files/bootc.sh b/build_files/base/08-bootc.sh similarity index 100% rename from build_files/bootc.sh rename to build_files/base/08-bootc.sh diff --git a/build_files/cleanup.sh b/build_files/base/09-cleanup.sh similarity index 68% rename from build_files/cleanup.sh rename to build_files/base/09-cleanup.sh index b4cc3138a99..aa9df2cc75d 100755 --- a/build_files/cleanup.sh +++ b/build_files/base/09-cleanup.sh @@ -1,6 +1,21 @@ #!/usr/bin/bash -set -ouex pipefail +set -eoux pipefail + +# Setup Systemd +systemctl enable rpm-ostree-countme.service +systemctl enable tailscaled.service +systemctl enable dconf-update.service +systemctl --global enable ublue-flatpak-manager.service +systemctl enable ublue-update.timer +systemctl enable ublue-system-setup.service +systemctl enable ublue-guest-user.service +systemctl enable brew-setup.service +systemctl enable brew-upgrade.timer +systemctl enable brew-update.timer +systemctl --global enable ublue-user-setup.service +systemctl --global enable podman-auto-update.timer +systemctl enable check-sb-key.service # Hide Desktop Files. Hidden removes mime associations sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nHidden=true@g' /usr/share/applications/fish.desktop @@ -14,7 +29,6 @@ rm -f /etc/xdg/autostart/solaar.desktop sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/negativo17-fedora-multimedia.repo sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/tailscale.repo sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/charm.repo -sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/ublue-os-bling-fedora-"${FEDORA_MAJOR_VERSION}".repo sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/_copr_che-nerd-fonts-"${FEDORA_MAJOR_VERSION}".repo sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo diff --git a/build_files/fetch-quadlets.sh b/build_files/base/fetch-quadlets.sh similarity index 100% rename from build_files/fetch-quadlets.sh rename to build_files/base/fetch-quadlets.sh diff --git a/build_files/base/hwe-additions.sh b/build_files/base/hwe-additions.sh new file mode 100755 index 00000000000..31bc37b8026 --- /dev/null +++ b/build_files/base/hwe-additions.sh @@ -0,0 +1,33 @@ +#!/usr/bin/bash + +set -eoux pipefail + +# Asus/Surface for HWE +curl -Lo /etc/yum.repos.d/_copr_lukenukem-asus-linux.repo \ + https://copr.fedorainfracloud.org/coprs/lukenukem/asus-linux/repo/fedora-$(rpm -E %fedora)/lukenukem-asus-linux-fedora-$(rpm -E %fedora).repo + +curl -Lo /etc/yum.repos.d/linux-surface.repo \ + https://pkg.surfacelinux.com/fedora/linux-surface.repo + +# Asus Firmware +git clone https://gitlab.com/asus-linux/firmware.git --depth 1 /tmp/asus-firmware +cp -rf /tmp/asus-firmware/* /usr/lib/firmware/ +rm -rf /tmp/asus-firmware + +ASUS_PACKAGES=( + asusctl + asusctl-rog-gui +) + +SURFACE_PACKAGES=( + iptsd + libcamera + libcamera-tools + libcamera-gstreamer + libcamera-ipa + pipewire-plugin-libcamera +) + +rpm-ostree install \ + "${ASUS_PACKAGES[@]}" \ + "${SURFACE_PACKAGES[@]}" \ No newline at end of file diff --git a/build_files/image-info.sh b/build_files/base/image-info.sh similarity index 93% rename from build_files/image-info.sh rename to build_files/base/image-info.sh index ebae9fba764..e7adda63bc3 100755 --- a/build_files/image-info.sh +++ b/build_files/base/image-info.sh @@ -13,16 +13,15 @@ CODE_NAME="Archaeopteryx" IMAGE_INFO="/usr/share/ublue-os/image-info.json" IMAGE_REF="ostree-image-signed:docker://ghcr.io/$IMAGE_VENDOR/$IMAGE_NAME" -#shellcheck disable=SC2153 -image_flavor="${IMAGE_FLAVOR}" - # Aurora -if [[ "${BASE_IMAGE_NAME}" == "kinoite" ]]; then +if [[ "${BASE_IMAGE_NAME}" =~ kinoite ]]; then IMAGE_PRETTY_NAME="Aurora" HOME_URL="https://getaurora.dev/" fi -if [[ "${NVIDIA_TYPE}" == "nvidia" ]]; then +# Image Flavor +image_flavor="main" +if [[ "${IMAGE_NAME}" =~ nvidia ]]; then image_flavor="nvidia" fi diff --git a/build_files/initramfs.sh b/build_files/base/initramfs.sh similarity index 100% rename from build_files/initramfs.sh rename to build_files/base/initramfs.sh diff --git a/build_files/base/workarounds.sh b/build_files/base/workarounds.sh new file mode 100755 index 00000000000..d8158777a08 --- /dev/null +++ b/build_files/base/workarounds.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +set -eoux pipefail + +# alternatives cannot create symlinks on its own during a container build +if [[ -f /usr/bin/ld.bfd ]]; then + ln -sf /usr/bin/ld.bfd /etc/alternatives/ld && ln -sf /etc/alternatives/ld /usr/bin/ld +fi diff --git a/build_files/bluefin-changes.sh b/build_files/bluefin-changes.sh deleted file mode 100755 index c3bb3bcde44..00000000000 --- a/build_files/bluefin-changes.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -if [[ "${BASE_IMAGE_NAME}" = "silverblue" ]]; then - # Remove desktop entries - if [[ -f /usr/share/applications/gnome-system-monitor.desktop ]]; then - sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nHidden=true@g' /usr/share/applications/gnome-system-monitor.desktop - fi - if [[ -f /usr/share/applications/org.gnome.SystemMonitor.desktop ]]; then - sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nHidden=true@g' /usr/share/applications/org.gnome.SystemMonitor.desktop - fi - - # GNOME Terminal is replaced with Ptyxis in F41+ - if [[ "${FEDORA_MAJOR_VERSION}" -lt "41" ]]; then - sed -i 's@\[Desktop Entry\]@\[Desktop Entry\]\nNoDisplay=true@g' /usr/share/applications/org.gnome.Terminal.desktop - fi - - # Create symlinks from old to new wallpaper names for backwards compatibility - ln -s "/usr/share/backgrounds/bluefin/01-bluefin.xml" "/usr/share/backgrounds/bluefin/bluefin-winter-dynamic.xml" - ln -s "/usr/share/backgrounds/bluefin/04-bluefin.xml" "/usr/share/backgrounds/bluefin/bluefin-spring-dynamic.xml" - ln -s "/usr/share/backgrounds/bluefin/08-bluefin.xml" "/usr/share/backgrounds/bluefin/bluefin-summer-dynamic.xml" - ln -s "/usr/share/backgrounds/bluefin/11-bluefin.xml" "/usr/share/backgrounds/bluefin/bluefin-autumn-dynamic.xml" - ln -s "/usr/share/backgrounds/xe_clouds.jxl" "/usr/share/backgrounds/xe_clouds.jpeg" - ln -s "/usr/share/backgrounds/xe_foothills.jxl" "/usr/share/backgrounds/xe_foothills.jpeg" - ln -s "/usr/share/backgrounds/xe_space_needle.jxl" "/usr/share/backgrounds/xe_space_needle.jpeg" - ln -s "/usr/share/backgrounds/xe_sunset.jxl" "/usr/share/backgrounds/xe_sunset.jpeg" - - # Test bluefin gschema override for errors. If there are no errors, proceed with compiling bluefin gschema, which includes setting overrides. - mkdir -p /tmp/bluefin-schema-test - find /usr/share/glib-2.0/schemas/ -type f ! -name "*.gschema.override" -exec cp {} /tmp/bluefin-schema-test/ \; - cp /usr/share/glib-2.0/schemas/zz0-bluefin-modifications.gschema.override /tmp/bluefin-schema-test/ - echo "Running error test for bluefin gschema override. Aborting if failed." - # We are omitting "--strict" from the schema validation since GNOME <47 do not contain the accent-color keys. - # We should ideally refactor this to handle multiple GNOME version schemas better - glib-compile-schemas /tmp/bluefin-schema-test - echo "Compiling gschema to include bluefin setting overrides" - glib-compile-schemas /usr/share/glib-2.0/schemas &>/dev/null -fi diff --git a/build_files/branding-dx.sh b/build_files/branding-dx.sh deleted file mode 100755 index 7a99b83ce06..00000000000 --- a/build_files/branding-dx.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -if test "$BASE_IMAGE_NAME" = "silverblue"; then - sed -i '/^PRETTY_NAME/s/Bluefin/Bluefin-dx/' /usr/lib/os-release - sed -i 's/Bluefin/Bluefin-dx/' /etc/yafti.yml -elif test "$BASE_IMAGE_NAME" = "kinoite"; then - sed -i '/^PRETTY_NAME/s/Aurora/Aurora-dx/' /usr/lib/os-release - sed -i 's/Aurora/Aurora-dx/' /etc/yafti.yml - sed -i 's/Aurora/Aurora-DX/' /usr/share/kde-settings/kde-profile/default/xdg/kcm-about-distrorc -fi diff --git a/build_files/branding.sh b/build_files/branding.sh deleted file mode 100755 index 52e110153b3..00000000000 --- a/build_files/branding.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -# Branding for Bluefin/Aurora -if test "$BASE_IMAGE_NAME" = "kinoite"; then - sed -i 's/Bluefin/Aurora/g' /etc/yafti.yml - sed -i 's/Aurora (Beta)/Aurora \- Bluefin\-KDE (Alpha)/' /etc/yafti.yml - sed -i 's/Bluefin/Aurora/' /usr/libexec/ublue-flatpak-manager -fi - -# Watermark for Plymouth -cp /usr/share/plymouth/themes/spinner/{"$BASE_IMAGE_NAME"-,}watermark.png diff --git a/build_files/build-base.sh b/build_files/build-base.sh deleted file mode 100755 index 0581a46ad65..00000000000 --- a/build_files/build-base.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/bash -# shellcheck disable=SC1091 - -set -ouex pipefail - -cp -r /ctx/just /tmp/just -cp /ctx/packages.json /tmp/packages.json -cp /ctx/system_files/shared/etc/ublue-update/ublue-update.toml /tmp/ublue-update.toml - -rsync -rvK /ctx/system_files/shared/ / -rsync -rvK /ctx/system_files/"${BASE_IMAGE_NAME}"/ / - -/ctx/build_files/firmware.sh -/ctx/build_files/cache_kernel.sh -/ctx/build_files/copr-repos.sh -/ctx/build_files/install-akmods.sh -/ctx/build_files/packages.sh -/ctx/build_files/nvidia.sh -/ctx/build_files/image-info.sh -/ctx/build_files/fetch-install.sh -/ctx/build_files/brew.sh -/ctx/build_files/fetch-quadlets.sh -/ctx/build_files/font-install.sh -/ctx/build_files/systemd.sh -/ctx/build_files/bluefin-changes.sh -/ctx/build_files/aurora-changes.sh -/ctx/build_files/branding.sh -/ctx/build_files/initramfs.sh -/ctx/build_files/bootc.sh -/ctx/build_files/cleanup.sh diff --git a/build_files/build-dx.sh b/build_files/build-dx.sh deleted file mode 100755 index c97e934abd7..00000000000 --- a/build_files/build-dx.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/bash -# shellcheck disable=SC1091 - -set -ouex pipefail - -# Apply IP Forwarding before installing Docker to prevent messing with LXC networking -sysctl -p - -cp /ctx/packages.json /tmp/packages.json -rsync -rvK /ctx/system_files/dx/ / - -/ctx/build_files/copr-repos-dx.sh -/ctx/build_files/install-akmods-dx.sh -/ctx/build_files/packages-dx.sh -/ctx/build_files/image-info.sh -/ctx/build_files/fetch-install-dx.sh -/ctx/build_files/fonts-dx.sh -/ctx/build_files/workarounds.sh -/ctx/build_files/systemd-dx.sh -/ctx/build_files/branding-dx.sh -/ctx/build_files/cleanup-dx.sh diff --git a/build_files/cache_kernel.sh b/build_files/cache_kernel.sh deleted file mode 100755 index 49a764a73dd..00000000000 --- a/build_files/cache_kernel.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/bash - -set -eoux pipefail - -if [[ "${AKMODS_FLAVOR}" == "main" || "${AKMODS_FLAVOR}" =~ "coreos-" ]]; then - for pkg in kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra - do - rpm --erase $pkg --nodeps - done - - rpm-ostree install \ - /tmp/kernel-rpms/kernel-[0-9]*.rpm \ - /tmp/kernel-rpms/kernel-core-*.rpm \ - /tmp/kernel-rpms/kernel-modules-*.rpm -fi diff --git a/build_files/copr-repos-dx.sh b/build_files/copr-repos-dx.sh deleted file mode 100755 index b7ee7088e32..00000000000 --- a/build_files/copr-repos-dx.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -#incus, lxc, lxd -curl -Lo /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/ganto/lxc4/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo - -#umoci -curl -Lo /etc/yum.repos.d/ganto-umoci-fedora-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/ganto/umoci/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ganto-umoci-fedora-"${FEDORA_MAJOR_VERSION}".repo - - -#ublue-os staging -curl -Lo /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo - -#karmab-kcli -curl -Lo /etc/yum.repos.d/karmab-kcli-fedora-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/karmab/kcli/repo/fedora-"${FEDORA_MAJOR_VERSION}"/karmab-kcli-fedora-"${FEDORA_MAJOR_VERSION}".repo - -# Fonts -curl -Lo /etc/yum.repos.d/atim-ubuntu-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/atim/ubuntu-fonts/repo/fedora-"${FEDORA_MAJOR_VERSION}"/atim-ubuntu-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo - -# Kvmfr module -curl -Lo /etc/yum.repos.d/hikariknight-looking-glass-kvmfr-fedora-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/hikariknight/looking-glass-kvmfr/repo/fedora-"${FEDORA_MAJOR_VERSION}"/hikariknight-looking-glass-kvmfr-fedora-"${FEDORA_MAJOR_VERSION}".repo diff --git a/build_files/copr-repos.sh b/build_files/copr-repos.sh deleted file mode 100755 index dc59225d0ee..00000000000 --- a/build_files/copr-repos.sh +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -# Add Staging repo -curl -Lo /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo - -# Add Bling repo -curl -Lo /etc/yum.repos.d/ublue-os-bling-fedora-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/ublue-os/bling/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ublue-os-bling-fedora-"${FEDORA_MAJOR_VERSION}".repo - -# 39 Ptyxis -if [ "${FEDORA_MAJOR_VERSION}" -eq "39" ]; then - rpm-ostree override replace \ - --experimental \ - --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ - gtk4 \ - vte291 \ - libadwaita \ - mutter \ - mutter-common \ - gnome-control-center \ - gnome-control-center-filesystem - rpm-ostree install ptyxis -fi - -# Patched switcheroo -# Add repo -curl -Lo /etc/yum.repos.d/_copr_sentry-switcheroo-control_discrete.repo https://copr.fedorainfracloud.org/coprs/sentry/switcheroo-control_discrete/repo/fedora-"${FEDORA_MAJOR_VERSION}"/sentry-switcheroo-control_discrete-fedora-"${FEDORA_MAJOR_VERSION}".repo - -# Patched shells -if [[ "${BASE_IMAGE_NAME}" = "silverblue" ]]; then - rpm-ostree override replace \ - --experimental \ - --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ - gnome-shell -elif [[ "${BASE_IMAGE_NAME}" = "kinoite" && "${FEDORA_MAJOR_VERSION}" -gt "39" ]]; then - rpm-ostree override replace \ - --experimental \ - --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ - kf6-kio-doc \ - kf6-kio-widgets-libs \ - kf6-kio-core-libs \ - kf6-kio-widgets \ - kf6-kio-file-widgets \ - kf6-kio-core \ - kf6-kio-gui -elif [[ "${BASE_IMAGE_NAME}" = "kinoite" ]]; then - rpm-ostree override replace \ - --experimental \ - --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ - kf5-kio-ntlm \ - kf5-kio-doc \ - kf5-kio-widgets-libs \ - kf5-kio-core-libs \ - kf5-kio-widgets \ - kf5-kio-file-widgets \ - kf5-kio-core \ - kf5-kio-gui -fi - -# GNOME Triple Buffering -if [[ "${BASE_IMAGE_NAME}" = "silverblue" && "${FEDORA_MAJOR_VERSION}" -gt "39" && "${FEDORA_MAJOR_VERSION}" -ne "41" ]]; then - rpm-ostree override replace \ - --experimental \ - --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ - mutter \ - mutter-common -fi - -# Fix for ID in fwupd -if [[ "${FEDORA_MAJOR_VERSION}" -gt "39" ]]; then - rpm-ostree override replace \ - --experimental \ - --from repo=copr:copr.fedorainfracloud.org:ublue-os:staging \ - fwupd \ - fwupd-plugin-flashrom \ - fwupd-plugin-modem-manager \ - fwupd-plugin-uefi-capsule-data -fi - -# Switcheroo patch -rpm-ostree override replace \ - --experimental \ - --from repo=copr:copr.fedorainfracloud.org:sentry:switcheroo-control_discrete \ - switcheroo-control - -rm /etc/yum.repos.d/_copr_sentry-switcheroo-control_discrete.repo - -# Add Nerd Fonts -curl -Lo /etc/yum.repos.d/_copr_che-nerd-fonts-"${FEDORA_MAJOR_VERSION}".repo https://copr.fedorainfracloud.org/coprs/che/nerd-fonts/repo/fedora-"${FEDORA_MAJOR_VERSION}"/che-nerd-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo diff --git a/build_files/dx/01-install-copr-repos-dx.sh b/build_files/dx/01-install-copr-repos-dx.sh new file mode 100755 index 00000000000..fafd44ffd2a --- /dev/null +++ b/build_files/dx/01-install-copr-repos-dx.sh @@ -0,0 +1,29 @@ +#!/usr/bin/bash + +set -eoux pipefail + +#incus, lxc, lxd +if [[ "${FEDORA_MAJOR_VERSION}" -lt "41" ]]; then + curl -Lo /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo \ + https://copr.fedorainfracloud.org/coprs/ganto/lxc4/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo +fi + +#umoci +curl -Lo /etc/yum.repos.d/ganto-umoci-fedora-"${FEDORA_MAJOR_VERSION}".repo \ + https://copr.fedorainfracloud.org/coprs/ganto/umoci/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ganto-umoci-fedora-"${FEDORA_MAJOR_VERSION}".repo + +#ublue-os staging +curl -Lo /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo \ + https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo + +#karmab-kcli +curl -Lo /etc/yum.repos.d/karmab-kcli-fedora-"${FEDORA_MAJOR_VERSION}".repo \ + https://copr.fedorainfracloud.org/coprs/karmab/kcli/repo/fedora-"${FEDORA_MAJOR_VERSION}"/karmab-kcli-fedora-"${FEDORA_MAJOR_VERSION}".repo + +# Fonts +curl -Lo /etc/yum.repos.d/atim-ubuntu-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo \ + https://copr.fedorainfracloud.org/coprs/atim/ubuntu-fonts/repo/fedora-"${FEDORA_MAJOR_VERSION}"/atim-ubuntu-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo + +# Kvmfr module +curl -Lo /etc/yum.repos.d/hikariknight-looking-glass-kvmfr-fedora-"${FEDORA_MAJOR_VERSION}".repo \ + https://copr.fedorainfracloud.org/coprs/hikariknight/looking-glass-kvmfr/repo/fedora-"${FEDORA_MAJOR_VERSION}"/hikariknight-looking-glass-kvmfr-fedora-"${FEDORA_MAJOR_VERSION}".repo \ No newline at end of file diff --git a/build_files/dx/02-install-kernel-akmods-dx.sh b/build_files/dx/02-install-kernel-akmods-dx.sh new file mode 100755 index 00000000000..5cc8d11b5ad --- /dev/null +++ b/build_files/dx/02-install-kernel-akmods-dx.sh @@ -0,0 +1,22 @@ +#!/usr/bin/bash + +set -ouex pipefail + +sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo + +# Fetch Kernel RPMS +skopeo copy docker://ghcr.io/ublue-os/"${AKMODS_FLAVOR}"-kernel:"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/kernel-rpms +KERNEL_TARGZ=$(jq -r '.layers[].digest' < /tmp/kernel-rpms/manifest.json | cut -d : -f 2) +tar -xvzf /tmp/kernel-rpms/"$KERNEL_TARGZ" -C / +mv /tmp/rpms/* /tmp/kernel-rpms/ + +rpm-ostree install /tmp/kernel-rpms/kernel-devel-*.rpm + +# Fetch AKMODS RPMS +skopeo copy docker://ghcr.io/ublue-os/akmods:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods +AKMODS_TARGZ=$(jq -r '.layers[].digest' < /tmp/akmods/manifest.json | cut -d : -f 2) +tar -xvzf /tmp/akmods/"$AKMODS_TARGZ" -C /tmp/ +mv /tmp/rpms/* /tmp/akmods/ + +# Install RPMS +rpm-ostree install /tmp/akmods/kmods/*kvmfr*.rpm diff --git a/build_files/packages-dx.sh b/build_files/dx/03-packages-dx.sh similarity index 100% rename from build_files/packages-dx.sh rename to build_files/dx/03-packages-dx.sh diff --git a/build_files/fonts-dx.sh b/build_files/dx/04-override-install-dx.sh similarity index 65% rename from build_files/fonts-dx.sh rename to build_files/dx/04-override-install-dx.sh index 1e68f9423f1..801208527b2 100755 --- a/build_files/fonts-dx.sh +++ b/build_files/dx/04-override-install-dx.sh @@ -1,8 +1,12 @@ #!/usr/bin/bash -set -ouex pipefail +set -eoux pipefail -# GitHub Monaspace +curl -Lo /tmp/kind "https://github.com/kubernetes-sigs/kind/releases/latest/download/kind-$(uname)-amd64" +chmod +x /tmp/kind +mv /tmp/kind /usr/bin/kind + +# GitHub Monaspace Font DOWNLOAD_URL=$(curl https://api.github.com/repos/githubnext/monaspace/releases/latest | jq -r '.assets[] | select(.name| test(".*.zip$")).browser_download_url') curl -Lo /tmp/monaspace-font.zip "$DOWNLOAD_URL" @@ -12,3 +16,4 @@ mv /tmp/monaspace-font/monaspace-v*/fonts/variable/* /usr/share/fonts/monaspace/ rm -rf /tmp/monaspace-font* fc-cache -f /usr/share/fonts/monaspace +fc-cache --system-only --really-force --verbose \ No newline at end of file diff --git a/build_files/cleanup-dx.sh b/build_files/dx/09-cleanup-dx.sh similarity index 66% rename from build_files/cleanup-dx.sh rename to build_files/dx/09-cleanup-dx.sh index cc921aa33c2..168e140cd2b 100755 --- a/build_files/cleanup-dx.sh +++ b/build_files/dx/09-cleanup-dx.sh @@ -1,10 +1,20 @@ #!/usr/bin/bash -set -ouex pipefail +set -eoux pipefail + +systemctl enable docker.socket +systemctl enable podman.socket +systemctl enable swtpm-workaround.service +systemctl enable libvirt-workaround.service +systemctl enable bluefin-dx-groups.service +systemctl enable --global bluefin-dx-user-vscode.service +systemctl disable pmie.service +systemctl disable pmlogger.service -sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/ublue-os-bling-fedora-"${FEDORA_MAJOR_VERSION}".repo sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo -sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo +if [[ -f /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo ]]; then + sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo +fi sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/ganto-umoci-fedora-"${FEDORA_MAJOR_VERSION}".repo sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/karmab-kcli-fedora-"${FEDORA_MAJOR_VERSION}".repo sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/atim-ubuntu-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo diff --git a/build_files/fetch-install-dx.sh b/build_files/fetch-install-dx.sh deleted file mode 100755 index 564288f8dcc..00000000000 --- a/build_files/fetch-install-dx.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -curl -Lo ./kind "https://github.com/kubernetes-sigs/kind/releases/latest/download/kind-$(uname)-amd64" -chmod +x ./kind -mv ./kind /usr/bin/kind diff --git a/build_files/fetch-install.sh b/build_files/fetch-install.sh deleted file mode 100755 index f0b8300a22c..00000000000 --- a/build_files/fetch-install.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -# Starship Shell Prompt -curl -Lo /tmp/starship.tar.gz "https://github.com/starship/starship/releases/latest/download/starship-x86_64-unknown-linux-gnu.tar.gz" -tar -xzf /tmp/starship.tar.gz -C /tmp -install -c -m 0755 /tmp/starship /usr/bin -# shellcheck disable=SC2016 -echo 'eval "$(starship init bash)"' >> /etc/bashrc - -# Bash Prexec -curl -Lo /usr/share/bash-prexec https://raw.githubusercontent.com/rcaloras/bash-preexec/master/bash-preexec.sh - -# Topgrade Install -pip install --prefix=/usr topgrade - -# Install ublue-update -- breaks with packages.json disable staging to use bling. -sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo -rpm-ostree install ublue-update - -# Consolidate Just Files -find /tmp/just -iname '*.just' -exec printf "\n\n" \; -exec cat {} \; >> /usr/share/ublue-os/just/60-custom.just - -# Move over ublue-update config -mv -f /tmp/ublue-update.toml /usr/etc/ublue-update/ublue-update.toml diff --git a/build_files/font-install.sh b/build_files/font-install.sh deleted file mode 100755 index 0e0f0b094fe..00000000000 --- a/build_files/font-install.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -if [[ "${BASE_IMAGE_NAME}" =~ "kinoite" ]]; then - curl --output-dir /tmp -LO https://github.com/ryanoasis/nerd-fonts/releases/download/v3.2.1/FiraCode.zip - mkdir -p /usr/share/fonts/fira-nf - unzip /tmp/FiraCode.zip -d /usr/share/fonts/fira-nf - fc-cache -f /usr/share/fonts/fira-nf -fi - -fc-cache -f /usr/share/fonts/ubuntu -fc-cache -f /usr/share/fonts/inter diff --git a/build_files/install-akmods-dx.sh b/build_files/install-akmods-dx.sh deleted file mode 100755 index b7167a81b48..00000000000 --- a/build_files/install-akmods-dx.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo -if [[ "${FEDORA_MAJOR_VERSION}" -ge "39" ]]; then - rpm-ostree install \ - /tmp/akmods/kmods/*kvmfr*.rpm -fi diff --git a/build_files/install-akmods.sh b/build_files/install-akmods.sh deleted file mode 100755 index ac032843f12..00000000000 --- a/build_files/install-akmods.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -set -ouex pipefail - -# Nvidia for gts/stable - nvidia -if [[ "${NVIDIA_TYPE}" == "nvidia" ]]; then - curl -Lo /tmp/nvidia-install.sh https://raw.githubusercontent.com/ublue-os/hwe/main/nvidia-install.sh && \ - chmod +x /tmp/nvidia-install.sh && \ - IMAGE_NAME="${BASE_IMAGE_NAME}" RPMFUSION_MIRROR="" /tmp/nvidia-install.sh - rm -f /usr/share/vulkan/icd.d/nouveau_icd.*.json -fi - -sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo - -# Everyone -rpm-ostree install \ - /tmp/akmods/kmods/*xone*.rpm \ - /tmp/akmods/kmods/*openrazer*.rpm - # /tmp/akmods-rpms/kmods/*framework-laptop*.rpm - -# rpmfusion dependent kmods -rpm-ostree install \ - https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \ - https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm -rpm-ostree install \ - broadcom-wl /tmp/akmods/kmods/*wl*.rpm \ - v4l2loopback /tmp/akmods/kmods/*v4l2loopback*.rpm -rpm-ostree uninstall rpmfusion-free-release rpmfusion-nonfree-release - -# ZFS for gts/stable -if [[ ${AKMODS_FLAVOR} =~ "coreos" ]]; then - skopeo copy docker://ghcr.io/ublue-os/akmods-zfs:coreos-stable-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-zfs - ZFS_TARGZ=$(jq -r '.layers[].digest' < /tmp/akmods-zfs/manifest.json | cut -d : -f 2) - tar -xvzf /tmp/akmods-zfs/"$ZFS_TARGZ" -C /tmp/ - mv /tmp/rpms/* /tmp/akmods-zfs/ - ZFS_RPMS=( - /tmp/akmods-zfs/kmods/zfs/kmod-zfs-"${KERNEL}"-*.rpm - /tmp/akmods-zfs/kmods/zfs/libnvpair3-*.rpm - /tmp/akmods-zfs/kmods/zfs/libuutil3-*.rpm - /tmp/akmods-zfs/kmods/zfs/libzfs5-*.rpm - /tmp/akmods-zfs/kmods/zfs/libzpool5-*.rpm - /tmp/akmods-zfs/kmods/zfs/python3-pyzfs-*.rpm - /tmp/akmods-zfs/kmods/zfs/zfs-*.rpm - pv - ) - rpm-ostree install "${ZFS_RPMS[@]}" - depmod -a -v "${KERNEL}" - echo "zfs" > /usr/lib/modules-load.d/zfs.conf -fi diff --git a/build_files/nvidia.sh b/build_files/nvidia.sh deleted file mode 100755 index 9462f8e5128..00000000000 --- a/build_files/nvidia.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -# Nvidia Configurations -if [[ "${IMAGE_FLAVOR}" =~ "nvidia" || "${NVIDIA_TYPE}" =~ "nvidia" ]]; then - # Restore x11 for Nvidia Images - if [[ "${BASE_IMAGE_NAME}" =~ "kinoite" && "${FEDORA_MAJOR_VERSION}" -gt "39" ]]; then - rpm-ostree install plasma-workspace-x11 - fi -fi diff --git a/build_files/shared/build-base.sh b/build_files/shared/build-base.sh new file mode 100755 index 00000000000..9714f692a0f --- /dev/null +++ b/build_files/shared/build-base.sh @@ -0,0 +1,65 @@ +#!/usr/bin/bash + +set -eoux pipefail + +# Make Alternatives Directory +mkdir -p /var/lib/alternatives + +# Copy Files to Container +cp -r /ctx/just /tmp/just +cp /ctx/packages.json /tmp/packages.json +cp /ctx/system_files/shared/etc/ublue-update/ublue-update.toml /tmp/ublue-update.toml +rsync -rvK /ctx/system_files/shared/ / +rsync -rvK /ctx/system_files/"${BASE_IMAGE_NAME}"/ / + +# Generate image-info.json +/ctx/build_files/base/image-info.sh + +# Build Fix - Fix known skew offenders +/ctx/build_files/base/00-build-fix.sh + +# Get COPR Repos +/ctx/build_files/base/01-install-copr-repos.sh + +# Install Kernel and Akmods +/ctx/build_files/base/02-install-kernel-akmods.sh + +# Install Additional Packages +/ctx/build_files/base/03-packages.sh + +# Install Overrides and Fetch Install +/ctx/build_files/base/04-override-install.sh + +# Base Image Changes +/ctx/build_files/base/05-base-image-changes.sh + +# Get Firmare for Framework +/ctx/build_files/base/06-firmware.sh + +# Make HWE changes +if [[ "${IMAGE_NAME}" =~ hwe ]]; then + /ctx/build_files/base/hwe-additions.sh +fi + +# Get Brew +/ctx/build_files/base/07-brew.sh + +# Make sure Bootc works +/ctx/build_files/base/08-bootc.sh + +# Systemd and Remove Items +/ctx/build_files/base/09-cleanup.sh + +# Run workarounds for lf (Likely not needed) +/ctx/build_files/base/workarounds.sh + +# Regenerate initramfs +/ctx/build_files/base/initramfs.sh + +# Clean Up +mv /var/lib/alternatives /staged-alternatives +/ctx/build_files/shared/clean-stage.sh +mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \ +mkdir -p /var/tmp && \ +chmod -R 1777 /var/tmp +ostree container commit \ No newline at end of file diff --git a/build_files/shared/build-dx.sh b/build_files/shared/build-dx.sh new file mode 100755 index 00000000000..c6e4e273116 --- /dev/null +++ b/build_files/shared/build-dx.sh @@ -0,0 +1,47 @@ +#!/usr/bin/bash + +set -eoux pipefail + +# Make Alternatives Directory +mkdir -p /var/lib/alternatives + +# Copy Files to Image +cp /ctx/packages.json /tmp/packages.json +rsync -rvK /ctx/system_files/dx/ / + +# Apply IP Forwarding before installing Docker to prevent messing with LXC networking +sysctl -p + +# Generate image-info.json (Not Needed?) +# /ctx/build_files/shared/image-info.sh + +# COPR Repos +/ctx/build_files/dx/01-install-copr-repos-dx.sh + +# Install AKMODS +/ctx/build_files/dx/02-install-kernel-akmods-dx.sh + +# Install Packages +/ctx/build_files/dx/03-packages-dx.sh + +# Fetch Install +/ctx/build_files/dx/04-override-install-dx.sh + +# Branding Changes +if test "$BASE_IMAGE_NAME" = "silverblue"; then + sed -i '/^PRETTY_NAME/s/Bluefin/Bluefin-dx/' /usr/lib/os-release +elif test "$BASE_IMAGE_NAME" = "kinoite"; then + sed -i '/^PRETTY_NAME/s/Aurora/Aurora-dx/' /usr/lib/os-release + sed -i 's/Aurora/Aurora-DX/' /usr/share/kde-settings/kde-profile/default/xdg/kcm-about-distrorc +fi + +# Systemd and Disable Repos +/ctx/build_files/dx/09-cleanup-dx.sh + +# Clean Up +mv /var/lib/alternatives /staged-alternatives +/ctx/build_files/shared/clean-stage.sh +mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \ +mkdir -p /var/tmp && \ +chmod -R 1777 /var/tmp +ostree container commit \ No newline at end of file diff --git a/build_files/clean-stage.sh b/build_files/shared/clean-stage.sh similarity index 100% rename from build_files/clean-stage.sh rename to build_files/shared/clean-stage.sh diff --git a/build_files/systemd-dx.sh b/build_files/systemd-dx.sh deleted file mode 100755 index 53595bb0c44..00000000000 --- a/build_files/systemd-dx.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -systemctl enable docker.socket -systemctl enable podman.socket -systemctl enable swtpm-workaround.service -systemctl enable libvirt-workaround.service -systemctl enable bluefin-dx-groups.service -systemctl enable --global bluefin-dx-user-vscode.service -systemctl disable pmie.service -systemctl disable pmlogger.service diff --git a/build_files/systemd.sh b/build_files/systemd.sh deleted file mode 100755 index 9055c3abe6e..00000000000 --- a/build_files/systemd.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/bash - -set -ouex pipefail - -systemctl enable rpm-ostree-countme.service -systemctl enable tailscaled.service -systemctl enable dconf-update.service -systemctl --global enable ublue-flatpak-manager.service -systemctl enable ublue-update.timer -systemctl enable ublue-system-setup.service -systemctl enable ublue-guest-user.service -systemctl enable brew-setup.service -systemctl enable brew-upgrade.timer -systemctl enable brew-update.timer -systemctl --global enable ublue-user-setup.service -systemctl --global enable podman-auto-update.timer -systemctl enable check-sb-key.service diff --git a/build_files/workarounds.sh b/build_files/workarounds.sh deleted file mode 100755 index 6b469a3b130..00000000000 --- a/build_files/workarounds.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -set -oeux pipefail - -# alternatives cannot create symlinks on its own during a container build -ln -sf /usr/bin/ld.bfd /etc/alternatives/ld && ln -sf /etc/alternatives/ld /usr/bin/ld diff --git a/scripts/base-image.sh b/scripts/base-image.sh deleted file mode 100755 index f0cc13e4fc3..00000000000 --- a/scripts/base-image.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/bash -set -euo pipefail - -image=$1 - -if [[ ${image} =~ "bluefin" ]]; then - echo silverblue -elif [[ ${image} =~ "aurora" ]]; then - echo kinoite -else - exit 1 -fi diff --git a/scripts/build-image.sh b/scripts/build-image.sh deleted file mode 100755 index 63c1234c55c..00000000000 --- a/scripts/build-image.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/bash -set -eo pipefail -if [[ -z ${project_root} ]]; then - project_root=$(git rev-parse --show-toplevel) -fi -if [[ -z ${git_branch} ]]; then - git_branch=$(git branch --show-current) -fi - -# Get Inputs -image=$1 -target=$2 -version=$3 - -# Set image/target/version based on inputs -# shellcheck disable=SC2154,SC1091 -. "${project_root}/scripts/get-defaults.sh" - -# Get Fedora Version and Kernel Info -if [[ "${version}" == "stable" ]]; then - KERNEL_RELEASE=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]') - fedora_version=$(echo "$KERNEL_RELEASE" | grep -oP 'fc\K[0-9]+') -elif [[ ${version} == "gts" ]]; then - coreos_kernel_release=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]') - major_minor_patch=$(echo "$coreos_kernel_release" | cut -d '-' -f 1) - coreos_fedora_version=$(echo "$coreos_kernel_release" | grep -oP 'fc\K[0-9]+') - KERNEL_RELEASE="${major_minor_patch}-200.fc$(("$coreos_fedora_version" - 1)).$(uname -m)" -else - KERNEL_RELEASE=$(skopeo inspect docker://ghcr.io/ublue-os/silverblue-main:"${version}" | jq -r '.Labels["ostree.linux"]') -fi - -fedora_version=$(echo "$KERNEL_RELEASE" | grep -oP 'fc\K[0-9]+') - -# Get info -container_mgr=$(just _container_mgr) -base_image=$(just _base_image "${image}") -tag=$(just _tag "${image}" "${target}") - -akmods_flavor=main -if [[ "${version}" == "gts" || \ - "${version}" == "stable" ]]; then - nvidia_type="main" - akmods_flavor=coreos-stable -fi - - -# Build Command -command=( build -f Containerfile ) -if [[ ${container_mgr} == "docker" && ${TERM} == "dumb" ]]; then - command+=(--progress=plain) -fi -command+=( --build-arg="BASE_IMAGE_NAME=${base_image}" ) -command+=( --build-arg="IMAGE_NAME=${tag}" ) -command+=( --build-arg="IMAGE_FLAVOR=main" ) -command+=( --build-arg="IMAGE_VENDOR=localhost" ) -command+=( --build-arg="FEDORA_MAJOR_VERSION=${fedora_version}" ) -command+=( --build-arg="AKMODS_FLAVOR=${akmods_flavor}" ) -command+=( --build-arg="NVIDIA_TYPE=${nvidia_type:-}" ) -command+=( --build-arg="KERNEL=${KERNEL_RELEASE:-}" ) -command+=( --build-arg="UBLUE_IMAGE_TAG=${version}" ) -command+=( --build-arg="SOURCE_IMAGE=${base_image}-main" ) -command+=( --tag localhost/"${tag}:${version}-${git_branch}" ) -command+=( --target "${target}" ) -command+=( "${project_root}" ) - -# Build Image -$container_mgr ${command[@]} diff --git a/scripts/build-iso-ghcr.sh b/scripts/build-iso-ghcr.sh deleted file mode 100755 index 7dad1bafeb3..00000000000 --- a/scripts/build-iso-ghcr.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/bash -#shellcheck disable=SC2154 - -if [[ -z ${project_root} ]]; then - project_root=$(git rev-parse --show-toplevel) -fi - -# Common Build ISO -# shellcheck disable=SC2154,SC1091 -. "${project_root}/scripts/common-build-iso.sh" - -# Make ISO -${container_mgr} run --rm --privileged \ - --volume "${workspace}"/scripts/files/output:/build-container-installer/build \ - --volume "${workspace}/${flatpak_dir_shortname}":"/build-container-installer/${flatpak_dir_shortname}" \ - ghcr.io/jasonn3/build-container-installer:latest \ - ARCH="x86_64" \ - ENABLE_CACHE_DNF="false" \ - ENABLE_CACHE_SKOPEO="false" \ - ENABLE_FLATPAK_DEPENDENCIES="false" \ - ENROLLMENT_PASSWORD="universalblue" \ - FLATPAK_REMOTE_REFS_DIR="${flatpak_dir_shortname}" \ - IMAGE_NAME="${ghcr_tag}" \ - IMAGE_REPO="ghcr.io/ublue-os" \ - IMAGE_TAG="${version}" \ - ISO_NAME="build/${ghcr_tag}-${version}-ghcr.iso" \ - SECURE_BOOT_KEY_URL='https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' \ - VARIANT="${variant}" \ - VERSION="${fedora_version}" diff --git a/scripts/build-iso-installer-main.sh b/scripts/build-iso-installer-main.sh deleted file mode 100755 index 34def7151f9..00000000000 --- a/scripts/build-iso-installer-main.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/bash -#shellcheck disable=SC2154 - -if [[ -z ${project_root} ]]; then - project_root=$(git rev-parse --show-toplevel) -fi -if [[ -z ${git_branch} ]]; then - git_branch=$(git branch --show-current) -fi - -# Common Build ISO -# shellcheck disable=SC1091 -. "${project_root}/scripts/common-build-iso.sh" - -if [[ ${container_mgr} =~ "podman" ]]; then - api_socket=/run/podman/podman.sock -elif [[ ${container_mgr} =~ "docker" ]]; then - api_socket=/var/run/docker.sock -fi - -# Make ISO -${container_mgr} run --rm --privileged \ - --volume "${api_socket}":/var/run/docker.sock \ - --volume "${workspace}"/scripts/files/build-iso-makefile-patch:/build-container-installer/container/Makefile \ - --volume "${workspace}/${flatpak_dir_shortname}":"/build-container-installer/${flatpak_dir_shortname}" \ - --volume "${workspace}"/scripts/files/output:/build-container-installer/build \ - ghcr.io/jasonn3/build-container-installer:main \ - ARCH="x86_64" \ - ENABLE_CACHE_DNF="false" \ - ENABLE_CACHE_SKOPEO="false" \ - ENABLE_FLATPAK_DEPENDENCIES="false" \ - ENROLLMENT_PASSWORD="universalblue" \ - FLATPAK_REMOTE_REFS_DIR="${flatpak_dir_shortname}" \ - IMAGE_NAME="${tag}" \ - IMAGE_REPO="localhost" \ - IMAGE_TAG="${version}-${git_branch}" \ - ISO_NAME="build/${tag}-${version}-${git_branch}.iso" \ - SECURE_BOOT_KEY_URL='https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' \ - VARIANT="${variant}" \ - VERSION="${fedora_version}" diff --git a/scripts/build-iso.sh b/scripts/build-iso.sh deleted file mode 100755 index 96fd0eda51a..00000000000 --- a/scripts/build-iso.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/bash -#shellcheck disable=SC2154 - -if [[ -z ${project_root} ]]; then - project_root=$(git rev-parse --show-toplevel) -fi -if [[ -z ${git_branch} ]]; then - git_branch=$(git branch --show-current) -fi - -# Common Build ISO -# shellcheck disable=SC1091 -. "${project_root}/scripts/common-build-iso.sh" - -if [[ ${container_mgr} =~ "podman" ]]; then - api_socket=/run/podman/podman.sock -elif [[ ${container_mgr} =~ "docker" ]]; then - api_socket=/var/run/docker.sock -fi - -# Make ISO -${container_mgr} run --rm --privileged \ - --volume "${api_socket}":/var/run/docker.sock \ - --volume "${workspace}"/scripts/files/build-iso-makefile-patch:/build-container-installer/container/Makefile \ - --volume "${workspace}/${flatpak_dir_shortname}":"/build-container-installer/${flatpak_dir_shortname}" \ - --volume "${workspace}"/scripts/files/output:/build-container-installer/build \ - ghcr.io/jasonn3/build-container-installer:latest \ - ARCH="x86_64" \ - ENABLE_CACHE_DNF="false" \ - ENABLE_CACHE_SKOPEO="false" \ - ENABLE_FLATPAK_DEPENDENCIES="false" \ - ENROLLMENT_PASSWORD="universalblue" \ - FLATPAK_REMOTE_REFS_DIR="${flatpak_dir_shortname}" \ - IMAGE_NAME="${tag}" \ - IMAGE_REPO="localhost" \ - IMAGE_TAG="${version}-${git_branch}" \ - ISO_NAME="build/${tag}-${version}-${git_branch}.iso" \ - SECURE_BOOT_KEY_URL='https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' \ - VARIANT="${variant}" \ - VERSION="${fedora_version}" diff --git a/scripts/cleanup-dir.sh b/scripts/cleanup-dir.sh deleted file mode 100755 index 741d8683348..00000000000 --- a/scripts/cleanup-dir.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/bash -if [[ -z ${project_root} ]]; then - project_root=$(git rev-parse --show-toplevel) -fi -# shellcheck disable=SC1091 -. "${project_root}/scripts/sudoif.sh" - -set -euox pipefail - -#shellcheck disable=SC2154 -sudoif rm -f "${project_root}"/scripts/files/output/* #ISOs -rm -f "${project_root}"/*_flatapks/flatpaks_with_deps #Flatpak Deps -rm -rf "${project_root}"/flatpak.* #Flatpak Tempdir -sudoif rm -rf "${project_root}"/scripts/files/home/ublue-os/* #Test User Home diff --git a/scripts/cleanup-images.sh b/scripts/cleanup-images.sh deleted file mode 100755 index 9b66d614b9d..00000000000 --- a/scripts/cleanup-images.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/bash -set -euox pipefail -container_mgr=( - docker - podman - podman-remote -) -for i in "${container_mgr[@]}"; do - if [[ $(command -v "$i") ]]; then - echo "Container Manager: ${i}" - ID=$(${i} images --filter "reference=localhost/bluefin*-build*" --filter "reference=localhost/aurora*-build*" --format "{{.ID}}") - xargs -I {} "${i}" image rm {} <<< "$ID" - echo "" - fi -done diff --git a/scripts/common-build-iso.sh b/scripts/common-build-iso.sh deleted file mode 100644 index 8f61c7a0b3b..00000000000 --- a/scripts/common-build-iso.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/bin/bash -#shellcheck disable=SC2154,SC2034 - -# shellcheck disable=SC1091 -. "${project_root}/scripts/sudoif.sh" - -# Check if inside rootless container -if [[ -f /run/.containerenv ]]; then - #shellcheck disable=SC1091 - source /run/.containerenv - #shellcheck disable=SC2154 - if [[ "${rootless}" -eq "1" ]]; then - echo "Cannot build ISO inside rootless podman container... Exiting..." - exit 1 - fi -fi -container_mgr=$(just _container_mgr) -# If using rootless container manager, exit. Might not be best check -if "${container_mgr}" info | grep Root | grep -q /home; then - echo "Cannot build ISO with rootless container..." - exit 1 -fi - -# Get Inputs -image=$1 -target=$2 -version=$3 - -# Set image/target/version based on inputs -# shellcheck disable=SC2154,SC1091 -. "${project_root}/scripts/get-defaults.sh" - -# Set Container tag name -tag=$(just _tag "${image}" "${target}") - -# Don't use -build suffix, flatpak dependency using ghcr -ghcr_tag=${tag::-6} - -# Remove old ISO if present -sudoif rm -f "${project_root}/scripts/files/output/${tag}-${version}-${git_branch}.iso" -sudoif rm -f "${project_root}/scripts/files/output/${tag}-${version}-${git_branch}.iso-CHECKSUM" - -# Set Base Image -base_image=$(just _base_image "${image}") - -if [[ "${version}" == "stable" ]]; then - KERNEL_RELEASE=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') -elif [[ "${version}" == "gts" ]]; then - coreos_kernel_release=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') - major_minor_patch=$(echo "$coreos_kernel_release" | cut -d '-' -f 1) - coreos_fedora_version=$(echo "$coreos_kernel_release" | grep -oP 'fc\K[0-9]+') - KERNEL_RELEASE="${major_minor_patch}-200.fc$(("$coreos_fedora_version" - 1))" -else - KERNEL_RELEASE=$(skopeo inspect docker://ghcr.io/ublue-os/silverblue-main:"$version" | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') -fi -fedora_version=$(echo "$KERNEL_RELEASE" | grep -oP 'fc\K[0-9]+') - -# Set variant and flatpak dir -if [[ "${base_image}" =~ "silverblue" ]]; then - variant=Silverblue - flatpak_dir_shortname="bluefin_flatpaks" -elif [[ "${base_image}" =~ "kinoite" ]]; then - variant=Kinoite - flatpak_dir_shortname="aurora_flatpaks" -else - exit 1 -fi - -# Make sure image actually exists, build if it doesn't -ID=$(${container_mgr} images --filter reference=localhost/"${tag}:${version}-${git_branch}" --format "{{.ID}}") -if [[ -z ${ID} ]]; then - just build "${image}" "${target}" "${version}" -fi - -# Make temp space -TEMP_FLATPAK_INSTALL_DIR=$(mktemp -d -p "${project_root}" flatpak.XXX) -# Get list of refs from directory -FLATPAK_REFS_DIR=${project_root}/${flatpak_dir_shortname} -FLATPAK_REFS_DIR_LIST=$(tr '\n' ' ' < "${FLATPAK_REFS_DIR}/flatpaks") - -# Generate install script -cat << EOF > "${TEMP_FLATPAK_INSTALL_DIR}/script.sh" -cat /temp_flatpak_install_dir/script.sh -mkdir -p /flatpak/flatpak /flatpak/triggers -mkdir /var/tmp || true -chmod -R 1777 /var/tmp -flatpak config --system --set languages "*" -flatpak remote-add --system flathub https://flathub.org/repo/flathub.flatpakrepo -flatpak install --system -y ${FLATPAK_REFS_DIR_LIST} -ostree refs --repo=\${FLATPAK_SYSTEM_DIR}/repo | grep '^deploy/' | grep -v 'org\.freedesktop\.Platform\.openh264' | sed 's/^deploy\///g' > /output/flatpaks_with_deps -EOF - -workspace=${project_root} -if [[ -f /.dockerenv || -f /run/.containerenv ]]; then - FLATPAK_REFS_DIR=${LOCAL_WORKSPACE_FOLDER}/${flatpak_dir_shortname} - TEMP_FLATPAK_INSTALL_DIR="${LOCAL_WORKSPACE_FOLDER}/$(echo "${TEMP_FLATPAK_INSTALL_DIR}" | rev | cut -d / -f 1 | rev)" - workspace=${LOCAL_WORKSPACE_FOLDER} -fi - -# Generate Flatpak Dependency List -if [[ ! -f ${project_root}/${flatpak_dir_shortname}/flatpaks_with_deps ]]; then - "${container_mgr}" run --rm --privileged \ - --entrypoint bash \ - -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak \ - -e FLATPAK_TRIGGERSDIR=/flatpak/triggers \ - --volume "${FLATPAK_REFS_DIR}":/output \ - --volume "${TEMP_FLATPAK_INSTALL_DIR}":/temp_flatpak_install_dir \ - "ghcr.io/ublue-os/${base_image}-main:${version}" /temp_flatpak_install_dir/script.sh -fi - -# Remove Temp Directory -if [[ -f /.dockerenv ]]; then - TEMP_FLATPAK_INSTALL_DIR=${project_root}/$(echo "${TEMP_FLATPAK_INSTALL_DIR}" | rev | cut -d / -f 1 | rev) -fi -rm -rf "${TEMP_FLATPAK_INSTALL_DIR}" diff --git a/scripts/container_mgr.sh b/scripts/container_mgr.sh deleted file mode 100755 index 2b41042a459..00000000000 --- a/scripts/container_mgr.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/bash -valid_manager=( - docker - podman - podman-remote -) -if [[ -n ${CONTAINER_MGR} ]]; then - if [[ "${valid_manager[*]}" =~ ${CONTAINER_MGR} ]]; then - echo "${CONTAINER_MGR}" - else - exit 1 - fi -elif [[ $(command -v docker) ]]; then - echo docker -elif [[ $(command -v podman) ]]; then - echo podman -elif [[ $(command -v podman-remote) ]];then - echo podman-remote -else - exit 1 -fi diff --git a/scripts/files/build-iso-makefile-patch b/scripts/files/build-iso-makefile-patch deleted file mode 100644 index bb8d7d9d35c..00000000000 --- a/scripts/files/build-iso-makefile-patch +++ /dev/null @@ -1,11 +0,0 @@ -$(IMAGE_NAME)-$(IMAGE_TAG): - skopeo copy docker-daemon:$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) oci:$(IMAGE_NAME)-$(IMAGE_TAG) - -install-deps: - $(install_pkg) skopeo - -FILES=$(filter-out Makefile,$(wildcard *)) -clean: -ifneq ($(FILES),) - rm -Rf $(FILES) -endif diff --git a/scripts/files/etc/group b/scripts/files/etc/group deleted file mode 100644 index efe7aef409b..00000000000 --- a/scripts/files/etc/group +++ /dev/null @@ -1,22 +0,0 @@ -root:x:0: -wheel:x:10:ublue-os -adbusers:x:968: -plugdev:x:967: -wbpriv:x:88: -clevis:x:966: -gluster:x:965: -unbound:x:964: -setroubleshoot:x:963: -qemu:x:107: -saslauth:x:76:saslauth -libvirt:x:962:ublue-os -libvirtdbus:x:961: -stapusr:x:156: -stapsys:x:157: -stapdev:x:158: -pcp:x:960: -docker:x:959:ublue-os -lxd:x:958:ublue-os -incus:x:251: -incus-admin:x:250:ublue-os -ublue-os:x:1000: diff --git a/scripts/files/etc/hostname b/scripts/files/etc/hostname deleted file mode 100644 index 334880b3bf4..00000000000 --- a/scripts/files/etc/hostname +++ /dev/null @@ -1 +0,0 @@ -ContainerTestUblueOS diff --git a/scripts/files/etc/passwd b/scripts/files/etc/passwd deleted file mode 100644 index 1d9d39d78ba..00000000000 --- a/scripts/files/etc/passwd +++ /dev/null @@ -1,10 +0,0 @@ -root:x:0:0:root:/root:/bin/bash -clevis:x:992:966:Clevis Decryption Framework unprivileged user:/var/cache/clevis:/usr/sbin/nologin -gluster:x:977:965:GlusterFS daemons:/run/gluster:/sbin/nologin -unbound:x:976:964:Unbound DNS resolver:/var/lib/unbound:/sbin/nologin -setroubleshoot:x:975:963:SELinux troubleshoot server:/var/lib/setroubleshoot:/usr/sbin/nologin -saslauth:x:974:76:Saslauthd user:/run/saslauthd:/sbin/nologin -libvirtdbus:x:973:961:Libvirt D-Bus bridge:/:/sbin/nologin -qemu:x:107:107:qemu user:/:/usr/sbin/nologin -pcp:x:960:960:Performance Co-Pilot:/var/lib/pcp:/usr/sbin/nologin -ublue-os:x:1000:1000:ublue-os:/home/ublue-os:/usr/bin/bash diff --git a/scripts/files/etc/shadow b/scripts/files/etc/shadow deleted file mode 100644 index 77a5fe49ec5..00000000000 --- a/scripts/files/etc/shadow +++ /dev/null @@ -1,59 +0,0 @@ -root:!::0:99999:7::: -bin:*::0:99999:7::: -daemon:*::0:99999:7::: -adm:*::0:99999:7::: -lp:*::0:99999:7::: -sync:*::0:99999:7::: -shutdown:*::0:99999:7::: -halt:*::0:99999:7::: -mail:*::0:99999:7::: -operator:*::0:99999:7::: -games:*::0:99999:7::: -ftp:*::0:99999:7::: -nobody:*::0:99999:7::: -dbus:*::0:99999:7::: -polkitd:*::0:99999:7::: -etcd:*::0:99999:7::: -tss:*::0:99999:7::: -avahi-autoipd:*::0:99999:7::: -rpc:*::0:99999:7::: -sssd:*::0:99999:7::: -dockerroot:*::0:99999:7::: -rpcuser:*::0:99999:7::: -nfsnobody:*::0:99999:7::: -kube:*::0:99999:7::: -sshd:*::0:99999:7::: -chrony:*::0:99999:7::: -tcpdump:*::0:99999:7::: -systemd-timesync:*::0:99999:7::: -systemd-network:*::0:99999:7::: -systemd-resolve:*::0:99999:7::: -systemd-bus-proxy:*::0:99999:7::: -cockpit-ws:*::0:99999:7::: -apache:!::::::: -avahi:!::::::: -geoclue:!::::::: -usbmuxd:!::::::: -rtkit:!::::::: -pipewire:!::::::: -openvpn:!::::::: -nm-openvpn:!::::::: -colord:!::::::: -nm-openconnect:!::::::: -flatpak:!::::::: -gdm:!::::::: -gnome-initial-setup:!::::::: -vboxadd:!::::::: -dnsmasq:!::::::: -systemd-coredump:!*::::::: -systemd-oom:!*::::::: -clevis:!:19686:::::: -gluster:!:19686:::::: -unbound:!:19686:::::: -setroubleshoot:!:19686:::::: -saslauth:!:19686:::::: -libvirtdbus:!:19686:::::: -qemu:!*:19686:::::: -pcp:!*:19686:::::: -sddm:!::::::: -ublue-os:$y$j9T$uQkZGY3QpPmddmtkavB0Z/$c2rwYgbGPq6lcdpTeof0S7YjOGgfKaKXWxoKy3HjKhC:19816:0:99999:7::: diff --git a/scripts/get-defaults.sh b/scripts/get-defaults.sh deleted file mode 100755 index 35787f167e2..00000000000 --- a/scripts/get-defaults.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/bash -#shellcheck disable=SC2154 - -# If image has -dx, assume they want the target to be dx and that version might be $2 -if [[ ${image} =~ "-dx" ]]; then - image=$(cut -d - -f 1 <<< "${image}") - version=${target} - target="dx" -fi - -# if no image, bluefin -if [[ -z "${image}" ]]; then - image="bluefin" -fi - -# if no target, base -if [[ -z "${target}" ]]; then - target="base" -# if $2 is version, assume that is version and target is base -elif [[ ${target} =~ beta ]]; then - version=${target} - target="base" -elif [[ ${target} =~ stable ]]; then - version=${target} - target="base" -elif [[ ${target} =~ latest ]]; then - version=${target} - target="base" -elif [[ ${target} =~ gts ]]; then - version=${target} - target="base" -fi - -# if no version, bluefin is GTS, Aurora is Latest -if [[ -z "${version}" ]]; then - if [[ "${image}" =~ "bluefin" ]]; then - version="gts" - elif [[ "${image}" =~ "aurora" ]]; then - version="stable" - fi -fi diff --git a/scripts/list-images.sh b/scripts/list-images.sh deleted file mode 100755 index ab527f69998..00000000000 --- a/scripts/list-images.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/bash -set -euo pipefail -container_mgr=( - docker - podman - podman-remote -) -for i in "${container_mgr[@]}"; do - if [[ $(command -v "$i") ]]; then - echo "Container Manager: ${i}" - ${i} images --filter "reference=localhost/bluefin*-build*" --filter "reference=localhost/aurora*-build*" - echo "" - fi -done diff --git a/scripts/make-tag.sh b/scripts/make-tag.sh deleted file mode 100755 index fa196ed931e..00000000000 --- a/scripts/make-tag.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/bash -set -euo pipefail - -image=$1 -target=$2 - -# Add build to images to distinguish from ghcr -if [[ "${target}" =~ "base" ]]; then - echo "${image}-build" -elif [[ "${target}" =~ "dx" ]]; then - echo "${image}-${target}-build" -fi diff --git a/scripts/run-booted-guest.sh b/scripts/run-booted-guest.sh deleted file mode 100755 index 2d7abd12a32..00000000000 --- a/scripts/run-booted-guest.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/bash -if [[ -z ${project_root} ]]; then - project_root=$(git rev-parse --show-toplevel) -fi -if [[ -z ${git_branch} ]]; then - git_branch=$(git branch --show-current) -fi -# shellcheck disable=SC2154,SC1091 -. "${project_root}/scripts/sudoif.sh" - -# Get inputs -image=$1 -target=$2 -version=$3 - -# Set image/target/version based on inputs -# shellcheck disable=SC2154,SC1091 -. "${project_root}/scripts/get-defaults.sh" - -# Get items -container_mgr=$(just _container_mgr) -tag=$(just _tag "${image}" "${target}") - -# Graphical Warning -if "${container_mgr}" info | grep Root | grep -q /home; then - echo "Cannot run Graphical Session wiht rootless container..." - secs=5 - while [ $secs -gt 0 ] - do - printf "\r\033[KWaiting %.d seconds." $((secs--)) - sleep 1 - done -fi - -# Check to see if image exists, build it if it doesn't -ID=$(${container_mgr} images --filter reference=localhost/"${tag}:${version}-${git_branch}" --format "{{.ID}}") -if [[ -z ${ID} ]]; then - just build "${image}" "${target}" "${version}" -fi - -# Set workspace variable -workspace=${project_root} -if [[ -f /.dockerenv ]]; then - workspace=${LOCAL_WORKSPACE_FOLDER} -fi -workspace_files=${workspace}/scripts/files - -# Start building run command -run_cmd+=(run -it --rm --privileged) - -# Mount in $HOME. -run_cmd+=(-v /var/home) -mkdir -p "${project_root}"/scripts/files/home/ublue-os -if [[ -n "${SUDO_USER}" ]]; then - chown "${SUDO_USER}:${SUDO_GID}" "${project_root}"/scripts/files/home/ublue-os -fi -run_cmd+=(-v "${workspace_files}"/home/ublue-os:/var/home/ublue-os:rslave) - -# Mount in System Flatpaks and TMP -run_cmd+=(-v /tmp:/tmp:rslave) -run_cmd+=(-v /var/lib/flatpak:/var/lib/flatpak:rslave) - -# Blank out items SystemD units / don't mess with journal/selinux -run_cmd+=(-v /dev/null:/usr/lib/systemd/system/auditd.service) -run_cmd+=(-v /dev/null:/usr/lib/systemd/system/cups.path) -run_cmd+=(-v /dev/null:/usr/lib/systemd/system/cups.service) -run_cmd+=(-v /dev/null:/usr/lib/systemd/system/cups.socket) -run_cmd+=(-v /dev/null:/usr/lib/systemd/system/rtkit-daemon.service) -run_cmd+=(-v /var/log/journal) -run_cmd+=(-v /sys/fs/selinux) - -# Mount in passwd/group for user account to work -run_cmd+=(-v "${workspace_files}"/etc/passwd:/etc/passwd:ro) -run_cmd+=(-v "${workspace_files}"/etc/group:/etc/group:ro) -run_cmd+=(-v "${workspace_files}"/etc/shadow:/etc/shadow:ro) - -# Set Hostname -run_cmd+=(-v "${workspace_files}"/etc/hostname:/etc/hostname) - -# Host Network Option -if [[ -n ${HOST_NETWORK} ]]; then - run_cmd+=(--network host) - run_cmd+=(-v /etc/NetworkManager:/etc/NetworkManager) - run_cmd+=(-v /etc/hosts:/etc/hosts) - run_cmd+=(-v /etc/resolv.conf:/etc/resolv.conf) -fi - -# Boot the container -"$container_mgr" "${run_cmd[@]}" "localhost/${tag}:${version}" /sbin/init - -# Clean Up -if [[ -z ${project_root} ]]; then - project_root=$(git rev-parse --show-toplevel) -fi -sudoif rm -rf "${project_root}/scripts/files/home/ublue-os" diff --git a/scripts/run-booted-home.sh b/scripts/run-booted-home.sh deleted file mode 100755 index 44eac5ae6d2..00000000000 --- a/scripts/run-booted-home.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/bash -if [[ -z ${project_root} ]]; then - project_root=$(git rev-parse --show-toplevel) -fi -if [[ -z ${git_branch} ]]; then - git_branch=$(git branch --show-current) -fi - -# Get inputs -image=$1 -target=$2 -version=$3 - -# Set image/target/version based on inputs -# shellcheck disable=SC2154,SC1091 -. "${project_root}/scripts/get-defaults.sh" - -# Get items -container_mgr=$(just _container_mgr) -tag=$(just _tag "${image}" "${target}") - -# Graphical Warning -if "${container_mgr}" info | grep Root | grep -q /home; then - echo "Cannot run Graphical Session with rootless container..." - secs=5 - while [ $secs -gt 0 ] - do - printf "\r\033[KWaiting %.d seconds." $((secs--)) - sleep 1 - done -fi - -# Check to see if image exists, build it if it doesn't -ID=$(${container_mgr} images --filter reference=localhost/"${tag}:${version}-${git_branch}" --format "{{.ID}}") -if [[ -z ${ID} ]]; then - just build "${image}" "${target}" "${version}" -fi - -# Start building run command -run_cmd+=(run -it --rm --privileged) - -# Mount in passwd/group for user account to work -run_cmd+=(-v /etc/passwd:/etc/passwd:ro) -run_cmd+=(-v /etc/group:/etc/group:ro) -run_cmd+=(-v /etc/shadow:/etc/shadow:ro) - -# Mount in System Flatpaks and TMP -run_cmd+=(-v /tmp:/tmp:rslave) -run_cmd+=(-v /var/lib/flatpak:/var/lib/flatpak:rslave) - -# Mount in $HOME. -home_location=/home -if [[ -L /home ]]; then - home_location=/$(readlink /home) -fi -run_cmd+=(-v "${home_location}":/var/home:rslave) - -# Blank out items -run_cmd+=(-v /dev/null:/usr/lib/systemd/system/auditd.service) -run_cmd+=(-v /dev/null:/usr/lib/systemd/system/cups.path) -run_cmd+=(-v /dev/null:/usr/lib/systemd/system/cups.service) -run_cmd+=(-v /dev/null:/usr/lib/systemd/system/cups.socket) -run_cmd+=(-v /dev/null:/usr/lib/systemd/system/rtkit-daemon.service) -run_cmd+=(-v /var/log/journal) -run_cmd+=(-v /sys/fs/selinux) - -# Host Network Option -if [[ -n ${HOST_NETWORK} ]]; then - run_cmd+=(--network host) - run_cmd+=(-v /etc/NetworkManager:/etc/NetworkManager) - run_cmd+=(-v /etc/hosts:/etc/hosts) - run_cmd+=(-v /etc/resolv.conf:/etc/resolv.conf) -fi - -# Boot the container -"$container_mgr" "${run_cmd[@]}" "localhost/${tag}:${version}" /sbin/init - -exit 0 diff --git a/scripts/run-image.sh b/scripts/run-image.sh deleted file mode 100755 index c56aa650a43..00000000000 --- a/scripts/run-image.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/bash -if [[ -z ${project_root} ]]; then - project_root=$(git rev-parse --show-toplevel) -fi -if [[ -z ${git_branch} ]]; then - git_branch=$(git branch --show-current) -fi -set -eo pipefail - -# Get Inputs -image=$1 -target=$2 -version=$3 - -# Get image/target/version based on inputs -# shellcheck disable=SC2154,SC1091 -. "${project_root}/scripts/get-defaults.sh" - -# Get variables -container_mgr=$(just _container_mgr) -tag=$(just _tag "${image}" "${target}") - -# Check if requested image exist, if it doesn't build it -ID=$(${container_mgr} images --filter reference=localhost/"${tag}":"${version}-${git_branch}" --format "{{.ID}}") -if [[ -z ${ID} ]]; then - just build "${image}" "${target}" "${version}" -fi - -# Run image -"${container_mgr}" run -it --rm localhost/"${tag}:${version}-${git_branch}" /usr/bin/bash diff --git a/scripts/run-iso.sh b/scripts/run-iso.sh deleted file mode 100755 index 7edcd156f45..00000000000 --- a/scripts/run-iso.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/bash -if [[ -z ${project_root} ]]; then - project_root=$(git rev-parse --show-toplevel) -fi -if [[ -z ${git_branch} ]]; then - git_branch=$(git branch --show-current) -fi -set -eo pipefail - -# Get Inputs -image=$1 -target=$2 -version=$3 - -# Get image/target/version based on inputs -# shellcheck disable=SC2154,SC1091 -. "${project_root}/scripts/get-defaults.sh" - -# Get variables -container_mgr=$(just _container_mgr) -tag=$(just _tag "${image}" "${target}") - -#check if ISO exists. Create if it doesn't -if [[ ! -f "${project_root}/scripts/files/output/${tag}-${version}-${git_branch}.iso" ]]; then - just build-iso "$image" "$target" "$version" -fi - -workspace=${project_root} -if [[ -f /.dockerenv ]]; then - workspace=${LOCAL_WORKSPACE_FOLDER} -fi - -${container_mgr} run --rm --cap-add NET_ADMIN \ - --publish 127.0.0.1:8006:8006 \ - --env "CPU_CORES=2" \ - --env "RAM_SIZE=4G" \ - --env "DISK_SIZE=64G" \ - --env "BOOT_MODE=uefi" \ - --device=/dev/kvm \ - --volume "${workspace}/scripts/files/output/${tag}-${version}-${git_branch}.iso":/boot.iso \ - docker.io/qemux/qemu-docker diff --git a/scripts/sudoif.sh b/scripts/sudoif.sh deleted file mode 100644 index 75d825c3aa8..00000000000 --- a/scripts/sudoif.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/bash -function sudoif(){ - if [[ "${TERM_PROGRAM:-}" == "vscode" && \ - ! -f /run/.containerenv && \ - ! -f /.dockerenv ]]; then - [[ $(command -v systemd-run) ]] && \ - /usr/bin/systemd-run --uid=0 --gid=0 -d -E TERM="$TERM" -t -q -P -G "$@" \ - || exit 1 - elif [[ $(command -v sudo) && -n ${SSH_ASKPASS:-} && ${DISPLAY:-} ]]; then - /usr/bin/sudo --askpass "$@" || exit 1 - elif [[ $(command -v sudo) ]]; then - /usr/bin/sudo "$@" || exit 1 - else - exit 1 - fi -} From 258d1cbd3b963f068269c59f3abe62ce94becf5b Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 14:50:17 -0400 Subject: [PATCH 002/101] fix: use raw-img for rechunk --- .github/workflows/reusable-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index a0bf85bad95..b3e75ae830d 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -306,10 +306,10 @@ jobs: - name: Rechunk Image id: rechunk - uses: hhd-dev/rechunk@v0.8.6 + uses: hhd-dev/rechunk@v1.0.1 with: - rechunk: ghcr.io/hhd-dev/rechunk:v0.8.6 - ref: ${{ steps.build_image.outputs.image }}:${{ env.DEFAULT_TAG }} + rechunk: ghcr.io/hhd-dev/rechunk:v1.0.1 + ref: "raw-img" skip_compression: 'true' labels: ${{ steps.meta.outputs.labels }} prev-ref: ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}:${{ env.DEFAULT_TAG }} From 081dbbad08383521042a8cb06db84b2904b56338 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 15:35:06 -0400 Subject: [PATCH 003/101] chore(ci): compat with old names Keep the asus/surface images around until a service unit is written to rebase people onto hwe name images. --- .github/workflows/reusable-build.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index b3e75ae830d..6c8a0f11ece 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -151,7 +151,7 @@ jobs: - name: Verify ZFS uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 - if: inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' && ! contains( matrix.base_name, 'hwe') + if: inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' && ! contains(matrix.image_flavor, 'hwe') with: containers: akmods-zfs:${{ env.AKMODS_FLAVOR }}-${{ env.FEDORA_VERSION }}-${{ env.KERNEL_RELEASE }} @@ -325,6 +325,20 @@ jobs: podman tag $IMAGE ${{ env.IMAGE_NAME }}:${tag} done podman tag $IMAGE rechunked-img + + # HWE use legacy names + - name: Legacy HWE names + if: contains(matrix.image_flavor, 'hwe') + shell: bash + run: | + set -eoux pipefail + image_name="${{ env.IMAGE_NAME }}" + asus_name="${image_name/hwe/asus}" + surface_name="${image_name/hwe/surface}" + for tag in ${{ steps.rechunk.outputs.output }}; do + podman tag "${image_name}":"${{ env.DEFAULT_TAG }}" "${asus_name}":${tag} + podman tag "${image_name}":"${{ env.DEFAULT_TAG }}" "${surface_name}":${tag} + done # Check that Kernel is signed with Secureboot Keys - name: Check Secureboot From 637f6415d28028f9f0d5363f16f7bd104fd18311 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 15:58:05 -0400 Subject: [PATCH 004/101] try matrix in workflow call Signed-off-by: m2 <69128853+m2Giles@users.noreply.github.com> --- .github/workflows/build-image-beta.yml | 4 ++ .github/workflows/build-image-gts.yml | 4 ++ .github/workflows/build-image-latest.yml | 4 ++ .github/workflows/build-image-stable.yml | 4 ++ .github/workflows/reusable-build-iso.yml | 68 ++++++++++++------------ 5 files changed, 50 insertions(+), 34 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 4ff39aa74fe..1216d13d57f 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -22,6 +22,10 @@ jobs: name: Build Beta Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + image_flavor: [main, nvidia] + base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: fedora_version: beta diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index 2f9168ccd60..93b8ff0b10c 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -16,6 +16,10 @@ jobs: name: Build GTS Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + image_flavor: [main, nvidia] + base_name: [bluefin, bluefin-dx] with: fedora_version: gts diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 099bd2c6aea..e3fa35a1b09 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -22,5 +22,9 @@ jobs: name: Build Latest Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + image_flavor: [main, nvidia, hwe, hwe-nvidia] + base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: fedora_version: latest diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index aa090078d97..c154f3b8c37 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -16,6 +16,10 @@ jobs: name: Build Stable Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + image_flavor: [main, nvidia] + base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: fedora_version: stable diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index b5c5cd7f4fb..2f591f5f1c0 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -18,40 +18,40 @@ jobs: contents: read packages: write id-token: write - strategy: - fail-fast: false - matrix: - image_flavor: - - main - - nvidia - - asus - - asus-nvidia - - surface - - surface-nvidia - base_name: - - bluefin - - bluefin-dx - - aurora - - aurora-dx - fedora_version: - - ${{ inputs.fedora_version }} - exclude: - - fedora_version: gts - base_name: aurora - - fedora_version: gts - base_name: aurora-dx - - fedora_version: gts - image_flavor: hwe - - fedora_version: gts - image_flavor: hwe-nvidia - - fedora_version: stable - image_flavor: hwe - - fedora_version: stable - image_flavor: hwe-nvidia - - fedora_version: beta - image_flavor: hwe - - fedora_version: beta - image_flavor: hwe-nvidia + # strategy: + # fail-fast: false + # matrix: + # image_flavor: + # - main + # - nvidia + # - asus + # - asus-nvidia + # - surface + # - surface-nvidia + # base_name: + # - bluefin + # - bluefin-dx + # - aurora + # - aurora-dx + # fedora_version: + # - ${{ inputs.fedora_version }} + # exclude: + # - fedora_version: gts + # base_name: aurora + # - fedora_version: gts + # base_name: aurora-dx + # - fedora_version: gts + # image_flavor: hwe + # - fedora_version: gts + # image_flavor: hwe-nvidia + # - fedora_version: stable + # image_flavor: hwe + # - fedora_version: stable + # image_flavor: hwe-nvidia + # - fedora_version: beta + # image_flavor: hwe + # - fedora_version: beta + # image_flavor: hwe-nvidia steps: - name: Free Disk Space (Ubuntu) From a06e9a11f6f5321311640d410e2d8382deba6dc4 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 16:02:22 -0400 Subject: [PATCH 005/101] Revert "try matrix in workflow call" This reverts commit 637f6415d28028f9f0d5363f16f7bd104fd18311. --- .github/workflows/build-image-beta.yml | 4 -- .github/workflows/build-image-gts.yml | 4 -- .github/workflows/build-image-latest.yml | 4 -- .github/workflows/build-image-stable.yml | 4 -- .github/workflows/reusable-build-iso.yml | 68 ++++++++++++------------ 5 files changed, 34 insertions(+), 50 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 1216d13d57f..4ff39aa74fe 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -22,10 +22,6 @@ jobs: name: Build Beta Images uses: ./.github/workflows/reusable-build.yml secrets: inherit - strategy: - matrix: - image_flavor: [main, nvidia] - base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: fedora_version: beta diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index 93b8ff0b10c..2f9168ccd60 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -16,10 +16,6 @@ jobs: name: Build GTS Images uses: ./.github/workflows/reusable-build.yml secrets: inherit - strategy: - matrix: - image_flavor: [main, nvidia] - base_name: [bluefin, bluefin-dx] with: fedora_version: gts diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index e3fa35a1b09..099bd2c6aea 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -22,9 +22,5 @@ jobs: name: Build Latest Images uses: ./.github/workflows/reusable-build.yml secrets: inherit - strategy: - matrix: - image_flavor: [main, nvidia, hwe, hwe-nvidia] - base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: fedora_version: latest diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index c154f3b8c37..aa090078d97 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -16,10 +16,6 @@ jobs: name: Build Stable Images uses: ./.github/workflows/reusable-build.yml secrets: inherit - strategy: - matrix: - image_flavor: [main, nvidia] - base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: fedora_version: stable diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 2f591f5f1c0..b5c5cd7f4fb 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -18,40 +18,40 @@ jobs: contents: read packages: write id-token: write - # strategy: - # fail-fast: false - # matrix: - # image_flavor: - # - main - # - nvidia - # - asus - # - asus-nvidia - # - surface - # - surface-nvidia - # base_name: - # - bluefin - # - bluefin-dx - # - aurora - # - aurora-dx - # fedora_version: - # - ${{ inputs.fedora_version }} - # exclude: - # - fedora_version: gts - # base_name: aurora - # - fedora_version: gts - # base_name: aurora-dx - # - fedora_version: gts - # image_flavor: hwe - # - fedora_version: gts - # image_flavor: hwe-nvidia - # - fedora_version: stable - # image_flavor: hwe - # - fedora_version: stable - # image_flavor: hwe-nvidia - # - fedora_version: beta - # image_flavor: hwe - # - fedora_version: beta - # image_flavor: hwe-nvidia + strategy: + fail-fast: false + matrix: + image_flavor: + - main + - nvidia + - asus + - asus-nvidia + - surface + - surface-nvidia + base_name: + - bluefin + - bluefin-dx + - aurora + - aurora-dx + fedora_version: + - ${{ inputs.fedora_version }} + exclude: + - fedora_version: gts + base_name: aurora + - fedora_version: gts + base_name: aurora-dx + - fedora_version: gts + image_flavor: hwe + - fedora_version: gts + image_flavor: hwe-nvidia + - fedora_version: stable + image_flavor: hwe + - fedora_version: stable + image_flavor: hwe-nvidia + - fedora_version: beta + image_flavor: hwe + - fedora_version: beta + image_flavor: hwe-nvidia steps: - name: Free Disk Space (Ubuntu) From 5a6dcff5de8aa583b11700fca834a51c875c4013 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 16:17:53 -0400 Subject: [PATCH 006/101] try matrix changes again Signed-off-by: m2 <69128853+m2Giles@users.noreply.github.com> --- .github/workflows/build-image-beta.yml | 3 ++ .github/workflows/build-image-gts.yml | 3 ++ .github/workflows/build-image-latest.yml | 3 ++ .github/workflows/build-image-stable.yml | 4 +- .github/workflows/build-images.yml | 14 +++++- .github/workflows/reusable-build.yml | 64 ++++++++++++------------ 6 files changed, 57 insertions(+), 34 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 4ff39aa74fe..808422d8568 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -24,4 +24,7 @@ jobs: secrets: inherit with: fedora_version: beta + strategy: + matrix: + image_flavor: [main, nvidia] diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index 2f9168ccd60..d0f9122ca7f 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -18,4 +18,7 @@ jobs: secrets: inherit with: fedora_version: gts + strategy: + matrix: + image_flavor: [main, nvidia] diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 099bd2c6aea..1e8035924f6 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -24,3 +24,6 @@ jobs: secrets: inherit with: fedora_version: latest + strategy: + matrix: + image_flavor: [main, nvidia, hwe, hwe-nvidia] diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index aa090078d97..b76cabf93cd 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -18,4 +18,6 @@ jobs: secrets: inherit with: fedora_version: stable - + strategy: + matrix: + image_flavor: [main, nvidia] diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 1e177d56ed1..1238cbf3f20 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -11,12 +11,24 @@ jobs: build-image-gts: uses: ./.github/workflows/build-image-gts.yml secrets: inherit + strategy: + matrix: + base_name: [bluefin, bluefin-dx] build-image-stable: uses: ./.github/workflows/build-image-stable.yml secrets: inherit + strategy: + matrix: + base_name: [bluefin, bluefin-dx, aurora, aurora-dx] build-image-latest: uses: ./.github/workflows/build-image-latest.yml secrets: inherit + strategy: + matrix: + base_name: [bluefin, bluefin-dx, aurora, aurora-dx] build-image-beta: uses: ./.github/workflows/build-image-beta.yml - secrets: inherit \ No newline at end of file + secrets: inherit + strategy: + matrix: + base_name: [bluefin, bluefin-dx, aurora, aurora-dx] \ No newline at end of file diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 6c8a0f11ece..bc47caef2ea 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -24,38 +24,38 @@ jobs: continue-on-error: false outputs: image_full: ${{ steps.generate-outputs.outputs.image }} - strategy: - fail-fast: false - matrix: - image_flavor: - - main - - nvidia - - hwe - - hwe-nvidia - base_name: - - bluefin - - bluefin-dx - - aurora - - aurora-dx - fedora_version: - - ${{ inputs.fedora_version }} - exclude: - - fedora_version: gts - base_name: aurora - - fedora_version: gts - base_name: aurora-dx - - fedora_version: gts - image_flavor: hwe - - fedora_version: gts - image_flavor: hwe-nvidia - - fedora_version: stable - image_flavor: hwe - - fedora_version: stable - image_flavor: hwe-nvidia - - fedora_version: beta - image_flavor: hwe - - fedora_version: beta - image_flavor: hwe-nvidia + # strategy: + # fail-fast: false + # matrix: + # image_flavor: + # - main + # - nvidia + # - hwe + # - hwe-nvidia + # base_name: + # - bluefin + # - bluefin-dx + # - aurora + # - aurora-dx + # fedora_version: + # - ${{ inputs.fedora_version }} + # exclude: + # - fedora_version: gts + # base_name: aurora + # - fedora_version: gts + # base_name: aurora-dx + # - fedora_version: gts + # image_flavor: hwe + # - fedora_version: gts + # image_flavor: hwe-nvidia + # - fedora_version: stable + # image_flavor: hwe + # - fedora_version: stable + # image_flavor: hwe-nvidia + # - fedora_version: beta + # image_flavor: hwe + # - fedora_version: beta + # image_flavor: hwe-nvidia steps: - name: Checkout From f3ccdf7e157160982db2df811d1d9db9dfc3d413 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 16:19:38 -0400 Subject: [PATCH 007/101] Revert "try matrix changes again" This reverts commit 5a6dcff5de8aa583b11700fca834a51c875c4013. --- .github/workflows/build-image-beta.yml | 3 -- .github/workflows/build-image-gts.yml | 3 -- .github/workflows/build-image-latest.yml | 3 -- .github/workflows/build-image-stable.yml | 4 +- .github/workflows/build-images.yml | 14 +----- .github/workflows/reusable-build.yml | 64 ++++++++++++------------ 6 files changed, 34 insertions(+), 57 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 808422d8568..4ff39aa74fe 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -24,7 +24,4 @@ jobs: secrets: inherit with: fedora_version: beta - strategy: - matrix: - image_flavor: [main, nvidia] diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index d0f9122ca7f..2f9168ccd60 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -18,7 +18,4 @@ jobs: secrets: inherit with: fedora_version: gts - strategy: - matrix: - image_flavor: [main, nvidia] diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 1e8035924f6..099bd2c6aea 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -24,6 +24,3 @@ jobs: secrets: inherit with: fedora_version: latest - strategy: - matrix: - image_flavor: [main, nvidia, hwe, hwe-nvidia] diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index b76cabf93cd..aa090078d97 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -18,6 +18,4 @@ jobs: secrets: inherit with: fedora_version: stable - strategy: - matrix: - image_flavor: [main, nvidia] + diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 1238cbf3f20..1e177d56ed1 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -11,24 +11,12 @@ jobs: build-image-gts: uses: ./.github/workflows/build-image-gts.yml secrets: inherit - strategy: - matrix: - base_name: [bluefin, bluefin-dx] build-image-stable: uses: ./.github/workflows/build-image-stable.yml secrets: inherit - strategy: - matrix: - base_name: [bluefin, bluefin-dx, aurora, aurora-dx] build-image-latest: uses: ./.github/workflows/build-image-latest.yml secrets: inherit - strategy: - matrix: - base_name: [bluefin, bluefin-dx, aurora, aurora-dx] build-image-beta: uses: ./.github/workflows/build-image-beta.yml - secrets: inherit - strategy: - matrix: - base_name: [bluefin, bluefin-dx, aurora, aurora-dx] \ No newline at end of file + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index bc47caef2ea..6c8a0f11ece 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -24,38 +24,38 @@ jobs: continue-on-error: false outputs: image_full: ${{ steps.generate-outputs.outputs.image }} - # strategy: - # fail-fast: false - # matrix: - # image_flavor: - # - main - # - nvidia - # - hwe - # - hwe-nvidia - # base_name: - # - bluefin - # - bluefin-dx - # - aurora - # - aurora-dx - # fedora_version: - # - ${{ inputs.fedora_version }} - # exclude: - # - fedora_version: gts - # base_name: aurora - # - fedora_version: gts - # base_name: aurora-dx - # - fedora_version: gts - # image_flavor: hwe - # - fedora_version: gts - # image_flavor: hwe-nvidia - # - fedora_version: stable - # image_flavor: hwe - # - fedora_version: stable - # image_flavor: hwe-nvidia - # - fedora_version: beta - # image_flavor: hwe - # - fedora_version: beta - # image_flavor: hwe-nvidia + strategy: + fail-fast: false + matrix: + image_flavor: + - main + - nvidia + - hwe + - hwe-nvidia + base_name: + - bluefin + - bluefin-dx + - aurora + - aurora-dx + fedora_version: + - ${{ inputs.fedora_version }} + exclude: + - fedora_version: gts + base_name: aurora + - fedora_version: gts + base_name: aurora-dx + - fedora_version: gts + image_flavor: hwe + - fedora_version: gts + image_flavor: hwe-nvidia + - fedora_version: stable + image_flavor: hwe + - fedora_version: stable + image_flavor: hwe-nvidia + - fedora_version: beta + image_flavor: hwe + - fedora_version: beta + image_flavor: hwe-nvidia steps: - name: Checkout From 18fc0b0282d4b9cf7bbd2ed86dfb2e5c2684e338 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 16:40:59 -0400 Subject: [PATCH 008/101] use inputs! fixup --- .github/workflows/build-image-beta.yml | 6 ++ .github/workflows/build-image-gts.yml | 6 ++ .github/workflows/build-image-latest.yml | 7 ++ .github/workflows/build-image-stable.yml | 7 +- .github/workflows/reusable-build.yml | 98 +++++++++--------------- 5 files changed, 62 insertions(+), 62 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 4ff39aa74fe..c6ef8e57118 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -22,6 +22,12 @@ jobs: name: Build Beta Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + image_flavor: [main, nvidia] + base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: + image_flavor: ${{ matrix.image_flavor }} + base_name: ${{ matrix.base_name }} fedora_version: beta diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index 2f9168ccd60..9338a5b3b12 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -16,6 +16,12 @@ jobs: name: Build GTS Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + image_flavor: [main, nvidia] + base_name: [bluefin, bluefin-dx] with: + image_flavor: ${{ matrix.image_flavor }} + base_name: ${{ matrix.base_name }} fedora_version: gts diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 099bd2c6aea..00d796c7146 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -22,5 +22,12 @@ jobs: name: Build Latest Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + image_flavor: [main, nvidia, hwe, hwe-nvidia] + base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: + image_flavor: ${{ matrix.image_flavor }} + base_name: ${{ matrix.base_name }} fedora_version: latest + diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index aa090078d97..869d35e3721 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -16,6 +16,11 @@ jobs: name: Build Stable Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + image_flavor: [main, nvidia] + base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: + image_flavor: ${{ matrix.image_flavor }} + base_name: ${{ matrix.base_name }} fedora_version: stable - diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 6c8a0f11ece..59331123d80 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -2,6 +2,14 @@ name: Reusable Build and Push on: workflow_call: inputs: + image_flavor: + description: "The Flavor of the image: main, nvidia, hwe, hwe-nvidia" + required: true + type: string + base_name: + description: "The image name: bluefin, bluefin-dx, aurora, aurora-dx" + required: true + type: string fedora_version: description: "The Fedora Version: gts, stable, or latest" required: true @@ -24,74 +32,42 @@ jobs: continue-on-error: false outputs: image_full: ${{ steps.generate-outputs.outputs.image }} - strategy: - fail-fast: false - matrix: - image_flavor: - - main - - nvidia - - hwe - - hwe-nvidia - base_name: - - bluefin - - bluefin-dx - - aurora - - aurora-dx - fedora_version: - - ${{ inputs.fedora_version }} - exclude: - - fedora_version: gts - base_name: aurora - - fedora_version: gts - base_name: aurora-dx - - fedora_version: gts - image_flavor: hwe - - fedora_version: gts - image_flavor: hwe-nvidia - - fedora_version: stable - image_flavor: hwe - - fedora_version: stable - image_flavor: hwe-nvidia - - fedora_version: beta - image_flavor: hwe - - fedora_version: beta - image_flavor: hwe-nvidia steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Matrix Variables + - name: inputs Variables shell: bash run: | set -eoux pipefail # IMAGE_NAME - if [[ "${{ matrix.image_flavor }}" == "main" ]]; then - echo "IMAGE_NAME=${{ matrix.base_name }}" >> $GITHUB_ENV + if [[ "${{ inputs.image_flavor }}" == "main" ]]; then + echo "IMAGE_NAME=${{ inputs.base_name }}" >> $GITHUB_ENV else - echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.base_name, matrix.image_flavor) }}" >> $GITHUB_ENV + echo "IMAGE_NAME=${{ format('{0}-{1}', inputs.base_name, inputs.image_flavor) }}" >> $GITHUB_ENV fi # BASE_IMAGE_NAME - if [[ "${{ matrix.base_name }}" =~ "bluefin" ]]; then + if [[ "${{ inputs.base_name }}" =~ "bluefin" ]]; then echo "BASE_IMAGE_NAME"="silverblue" >> $GITHUB_ENV - elif [[ "${{ matrix.base_name }}" =~ "aurora" ]]; then + elif [[ "${{ inputs.base_name }}" =~ "aurora" ]]; then echo "BASE_IMAGE_NAME"="kinoite" >> $GITHUB_ENV fi # TARGET_NAME - if [[ "${{ matrix.base_name }}" =~ "dx" ]]; then + if [[ "${{ inputs.base_name }}" =~ "dx" ]]; then echo "TARGET_NAME"="dx" >> $GITHUB_ENV else echo "TARGET_NAME"="base" >> $GITHUB_ENV fi # AKMODS_FLAVOR - if [[ "${{ matrix.image_flavor }}" =~ "hwe" ]]; then + if [[ "${{ inputs.image_flavor }}" =~ "hwe" ]]; then echo "AKMODS_FLAVOR=bazzite" >> $GITHUB_ENV - elif [[ "${{ matrix.fedora_version }}" =~ stable|gts ]]; then + elif [[ "${{ inputs.fedora_version }}" =~ stable|gts ]]; then echo "AKMODS_FLAVOR=coreos-stable" >> $GITHUB_ENV - elif [[ "${{ matrix.fedora_version }}" =~ beta ]]; then + elif [[ "${{ inputs.fedora_version }}" =~ beta ]]; then echo "AKMODS_FLAVOR=coreos-testing" >> $GITHUB_ENV else echo "AKMODS_FLAVOR=main" >> $GITHUB_ENV @@ -107,16 +83,16 @@ jobs: set -eoux pipefail # Fedora Version - if [[ "${{ matrix.fedora_version }}" =~ stable ]]; then + if [[ "${{ inputs.fedora_version }}" =~ stable ]]; then fedora_version=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') else - fedora_version=$(skopeo inspect docker://ghcr.io/ublue-os/base-main:${{ matrix.fedora_version }} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + fedora_version=$(skopeo inspect docker://ghcr.io/ublue-os/base-main:${{ inputs.fedora_version }} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') fi # Kernel Release for ostree.linux label - if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then + if [[ "${{ inputs.image_flavor }}" =~ hwe ]]; then kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/bazzite-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') - elif [[ "${{ matrix.fedora_version }}" =~ latest|beta ]]; then + elif [[ "${{ inputs.fedora_version }}" =~ latest|beta ]]; then kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/main-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') else kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') @@ -151,7 +127,7 @@ jobs: - name: Verify ZFS uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 - if: inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' && ! contains(matrix.image_flavor, 'hwe') + if: inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' && ! contains(inputs.image_flavor, 'hwe') with: containers: akmods-zfs:${{ env.AKMODS_FLAVOR }}-${{ env.FEDORA_VERSION }}-${{ env.KERNEL_RELEASE }} @@ -178,22 +154,22 @@ jobs: # Have tags for tracking builds during pull request SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.number }}-${{ matrix.fedora_version }}") - COMMIT_TAGS+=("${SHA_SHORT}-${{ matrix.fedora_version }}") + COMMIT_TAGS+=("pr-${{ github.event.number }}-${{ inputs.fedora_version }}") + COMMIT_TAGS+=("${SHA_SHORT}-${{ inputs.fedora_version }}") # Convenience Tags - if [[ "${{ matrix.fedora_version }}" =~ stable ]]; then + if [[ "${{ inputs.fedora_version }}" =~ stable ]]; then BUILD_TAGS+=("stable-daily" "stable-daily-${TIMESTAMP}") else - BUILD_TAGS+=("${{ matrix.fedora_version }}" "${{ matrix.fedora_version }}-${TIMESTAMP}") + BUILD_TAGS+=("${{ inputs.fedora_version }}" "${{ inputs.fedora_version }}-${TIMESTAMP}") fi # Weekly Stable / Rebuild Stable on workflow_dispatch - if [[ "${{ matrix.fedora_version }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${{ github.event_name }}" =~ scheduled ]]; then + if [[ "${{ inputs.fedora_version }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${{ github.event_name }}" =~ scheduled ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ "${{ matrix.fedora_version }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch ]]; then + elif [[ "${{ inputs.fedora_version }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ ! "${{ matrix.fedora_version}}" =~ "stable" ]]; then + elif [[ ! "${{ inputs.fedora_version}}" =~ "stable" ]]; then BUILD_TAGS=("${{ env.FEDORA_VERSION }}" "${{ env.FEDORA_VERSION }}-${TIMESTAMP}") fi @@ -221,7 +197,7 @@ jobs: alias_tags=("${BUILD_TAGS[@]}") fi - echo "DEFAULT_TAG=${{ matrix.fedora_version }}" >> $GITHUB_ENV + echo "DEFAULT_TAG=${{ inputs.fedora_version }}" >> $GITHUB_ENV echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT # Build metadata @@ -271,7 +247,7 @@ jobs: BUILD_ARGS+=("--build-arg" "IMAGE_VENDOR=${{ github.repository_owner }}") BUILD_ARGS+=("--build-arg" "KERNEL=${{ env.KERNEL_RELEASE }}") BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=${{ env.SHA_HEAD_SHORT }}") - BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${{ matrix.fedora_version }}") + BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${{ inputs.fedora_version }}") TAG_ARGS=() IFS=' ' read -r -a tags_array <<< "${{ steps.generate-tags.outputs.alias_tags }}" @@ -328,14 +304,14 @@ jobs: # HWE use legacy names - name: Legacy HWE names - if: contains(matrix.image_flavor, 'hwe') + if: contains(inputs.image_flavor, 'hwe') shell: bash run: | set -eoux pipefail image_name="${{ env.IMAGE_NAME }}" asus_name="${image_name/hwe/asus}" surface_name="${image_name/hwe/surface}" - for tag in ${{ steps.rechunk.outputs.output }}; do + for tag in ${{ steps.build_image.outputs.tags }}; do podman tag "${image_name}":"${{ env.DEFAULT_TAG }}" "${asus_name}":${tag} podman tag "${image_name}":"${{ env.DEFAULT_TAG }}" "${surface_name}":${tag} done @@ -402,18 +378,18 @@ jobs: DIGEST: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }} IMAGE_REGISTRY: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} IMAGE_NAME: ${{ env.IMAGE_NAME }} - FEDORA_VERSION: ${{ matrix.fedora_version }} + FEDORA_VERSION: ${{ inputs.fedora_version }} run: echo "${IMAGE_REGISTRY}@${DIGEST}" > "${IMAGE_NAME}-${FEDORA_VERSION}.txt" - name: Upload artifact if: github.event_name != 'pull_request' uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: - name: image-${{ env.IMAGE_NAME }}-${{ matrix.fedora_version }} + name: image-${{ env.IMAGE_NAME }}-${{ inputs.fedora_version }} retention-days: 1 if-no-files-found: error path: | - ${{ env.IMAGE_NAME }}-${{ matrix.fedora_version }}.txt + ${{ env.IMAGE_NAME }}-${{ inputs.fedora_version }}.txt check: name: Check all ${{ inputs.fedora_version }} builds successful From 3c3daf1ab4beebef1d69c2a0c49387ea3182f6fa Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 16:48:17 -0400 Subject: [PATCH 009/101] Revert "use inputs!" This reverts commit 18fc0b0282d4b9cf7bbd2ed86dfb2e5c2684e338. --- .github/workflows/build-image-beta.yml | 6 -- .github/workflows/build-image-gts.yml | 6 -- .github/workflows/build-image-latest.yml | 7 -- .github/workflows/build-image-stable.yml | 7 +- .github/workflows/reusable-build.yml | 98 +++++++++++++++--------- 5 files changed, 62 insertions(+), 62 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index c6ef8e57118..4ff39aa74fe 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -22,12 +22,6 @@ jobs: name: Build Beta Images uses: ./.github/workflows/reusable-build.yml secrets: inherit - strategy: - matrix: - image_flavor: [main, nvidia] - base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: - image_flavor: ${{ matrix.image_flavor }} - base_name: ${{ matrix.base_name }} fedora_version: beta diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index 9338a5b3b12..2f9168ccd60 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -16,12 +16,6 @@ jobs: name: Build GTS Images uses: ./.github/workflows/reusable-build.yml secrets: inherit - strategy: - matrix: - image_flavor: [main, nvidia] - base_name: [bluefin, bluefin-dx] with: - image_flavor: ${{ matrix.image_flavor }} - base_name: ${{ matrix.base_name }} fedora_version: gts diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 00d796c7146..099bd2c6aea 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -22,12 +22,5 @@ jobs: name: Build Latest Images uses: ./.github/workflows/reusable-build.yml secrets: inherit - strategy: - matrix: - image_flavor: [main, nvidia, hwe, hwe-nvidia] - base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: - image_flavor: ${{ matrix.image_flavor }} - base_name: ${{ matrix.base_name }} fedora_version: latest - diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index 869d35e3721..aa090078d97 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -16,11 +16,6 @@ jobs: name: Build Stable Images uses: ./.github/workflows/reusable-build.yml secrets: inherit - strategy: - matrix: - image_flavor: [main, nvidia] - base_name: [bluefin, bluefin-dx, aurora, aurora-dx] with: - image_flavor: ${{ matrix.image_flavor }} - base_name: ${{ matrix.base_name }} fedora_version: stable + diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 59331123d80..6c8a0f11ece 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -2,14 +2,6 @@ name: Reusable Build and Push on: workflow_call: inputs: - image_flavor: - description: "The Flavor of the image: main, nvidia, hwe, hwe-nvidia" - required: true - type: string - base_name: - description: "The image name: bluefin, bluefin-dx, aurora, aurora-dx" - required: true - type: string fedora_version: description: "The Fedora Version: gts, stable, or latest" required: true @@ -32,42 +24,74 @@ jobs: continue-on-error: false outputs: image_full: ${{ steps.generate-outputs.outputs.image }} + strategy: + fail-fast: false + matrix: + image_flavor: + - main + - nvidia + - hwe + - hwe-nvidia + base_name: + - bluefin + - bluefin-dx + - aurora + - aurora-dx + fedora_version: + - ${{ inputs.fedora_version }} + exclude: + - fedora_version: gts + base_name: aurora + - fedora_version: gts + base_name: aurora-dx + - fedora_version: gts + image_flavor: hwe + - fedora_version: gts + image_flavor: hwe-nvidia + - fedora_version: stable + image_flavor: hwe + - fedora_version: stable + image_flavor: hwe-nvidia + - fedora_version: beta + image_flavor: hwe + - fedora_version: beta + image_flavor: hwe-nvidia steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: inputs Variables + - name: Matrix Variables shell: bash run: | set -eoux pipefail # IMAGE_NAME - if [[ "${{ inputs.image_flavor }}" == "main" ]]; then - echo "IMAGE_NAME=${{ inputs.base_name }}" >> $GITHUB_ENV + if [[ "${{ matrix.image_flavor }}" == "main" ]]; then + echo "IMAGE_NAME=${{ matrix.base_name }}" >> $GITHUB_ENV else - echo "IMAGE_NAME=${{ format('{0}-{1}', inputs.base_name, inputs.image_flavor) }}" >> $GITHUB_ENV + echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.base_name, matrix.image_flavor) }}" >> $GITHUB_ENV fi # BASE_IMAGE_NAME - if [[ "${{ inputs.base_name }}" =~ "bluefin" ]]; then + if [[ "${{ matrix.base_name }}" =~ "bluefin" ]]; then echo "BASE_IMAGE_NAME"="silverblue" >> $GITHUB_ENV - elif [[ "${{ inputs.base_name }}" =~ "aurora" ]]; then + elif [[ "${{ matrix.base_name }}" =~ "aurora" ]]; then echo "BASE_IMAGE_NAME"="kinoite" >> $GITHUB_ENV fi # TARGET_NAME - if [[ "${{ inputs.base_name }}" =~ "dx" ]]; then + if [[ "${{ matrix.base_name }}" =~ "dx" ]]; then echo "TARGET_NAME"="dx" >> $GITHUB_ENV else echo "TARGET_NAME"="base" >> $GITHUB_ENV fi # AKMODS_FLAVOR - if [[ "${{ inputs.image_flavor }}" =~ "hwe" ]]; then + if [[ "${{ matrix.image_flavor }}" =~ "hwe" ]]; then echo "AKMODS_FLAVOR=bazzite" >> $GITHUB_ENV - elif [[ "${{ inputs.fedora_version }}" =~ stable|gts ]]; then + elif [[ "${{ matrix.fedora_version }}" =~ stable|gts ]]; then echo "AKMODS_FLAVOR=coreos-stable" >> $GITHUB_ENV - elif [[ "${{ inputs.fedora_version }}" =~ beta ]]; then + elif [[ "${{ matrix.fedora_version }}" =~ beta ]]; then echo "AKMODS_FLAVOR=coreos-testing" >> $GITHUB_ENV else echo "AKMODS_FLAVOR=main" >> $GITHUB_ENV @@ -83,16 +107,16 @@ jobs: set -eoux pipefail # Fedora Version - if [[ "${{ inputs.fedora_version }}" =~ stable ]]; then + if [[ "${{ matrix.fedora_version }}" =~ stable ]]; then fedora_version=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') else - fedora_version=$(skopeo inspect docker://ghcr.io/ublue-os/base-main:${{ inputs.fedora_version }} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + fedora_version=$(skopeo inspect docker://ghcr.io/ublue-os/base-main:${{ matrix.fedora_version }} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') fi # Kernel Release for ostree.linux label - if [[ "${{ inputs.image_flavor }}" =~ hwe ]]; then + if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/bazzite-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') - elif [[ "${{ inputs.fedora_version }}" =~ latest|beta ]]; then + elif [[ "${{ matrix.fedora_version }}" =~ latest|beta ]]; then kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/main-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') else kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') @@ -127,7 +151,7 @@ jobs: - name: Verify ZFS uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 - if: inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' && ! contains(inputs.image_flavor, 'hwe') + if: inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' && ! contains(matrix.image_flavor, 'hwe') with: containers: akmods-zfs:${{ env.AKMODS_FLAVOR }}-${{ env.FEDORA_VERSION }}-${{ env.KERNEL_RELEASE }} @@ -154,22 +178,22 @@ jobs: # Have tags for tracking builds during pull request SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.number }}-${{ inputs.fedora_version }}") - COMMIT_TAGS+=("${SHA_SHORT}-${{ inputs.fedora_version }}") + COMMIT_TAGS+=("pr-${{ github.event.number }}-${{ matrix.fedora_version }}") + COMMIT_TAGS+=("${SHA_SHORT}-${{ matrix.fedora_version }}") # Convenience Tags - if [[ "${{ inputs.fedora_version }}" =~ stable ]]; then + if [[ "${{ matrix.fedora_version }}" =~ stable ]]; then BUILD_TAGS+=("stable-daily" "stable-daily-${TIMESTAMP}") else - BUILD_TAGS+=("${{ inputs.fedora_version }}" "${{ inputs.fedora_version }}-${TIMESTAMP}") + BUILD_TAGS+=("${{ matrix.fedora_version }}" "${{ matrix.fedora_version }}-${TIMESTAMP}") fi # Weekly Stable / Rebuild Stable on workflow_dispatch - if [[ "${{ inputs.fedora_version }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${{ github.event_name }}" =~ scheduled ]]; then + if [[ "${{ matrix.fedora_version }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${{ github.event_name }}" =~ scheduled ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ "${{ inputs.fedora_version }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch ]]; then + elif [[ "${{ matrix.fedora_version }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ ! "${{ inputs.fedora_version}}" =~ "stable" ]]; then + elif [[ ! "${{ matrix.fedora_version}}" =~ "stable" ]]; then BUILD_TAGS=("${{ env.FEDORA_VERSION }}" "${{ env.FEDORA_VERSION }}-${TIMESTAMP}") fi @@ -197,7 +221,7 @@ jobs: alias_tags=("${BUILD_TAGS[@]}") fi - echo "DEFAULT_TAG=${{ inputs.fedora_version }}" >> $GITHUB_ENV + echo "DEFAULT_TAG=${{ matrix.fedora_version }}" >> $GITHUB_ENV echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT # Build metadata @@ -247,7 +271,7 @@ jobs: BUILD_ARGS+=("--build-arg" "IMAGE_VENDOR=${{ github.repository_owner }}") BUILD_ARGS+=("--build-arg" "KERNEL=${{ env.KERNEL_RELEASE }}") BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=${{ env.SHA_HEAD_SHORT }}") - BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${{ inputs.fedora_version }}") + BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${{ matrix.fedora_version }}") TAG_ARGS=() IFS=' ' read -r -a tags_array <<< "${{ steps.generate-tags.outputs.alias_tags }}" @@ -304,14 +328,14 @@ jobs: # HWE use legacy names - name: Legacy HWE names - if: contains(inputs.image_flavor, 'hwe') + if: contains(matrix.image_flavor, 'hwe') shell: bash run: | set -eoux pipefail image_name="${{ env.IMAGE_NAME }}" asus_name="${image_name/hwe/asus}" surface_name="${image_name/hwe/surface}" - for tag in ${{ steps.build_image.outputs.tags }}; do + for tag in ${{ steps.rechunk.outputs.output }}; do podman tag "${image_name}":"${{ env.DEFAULT_TAG }}" "${asus_name}":${tag} podman tag "${image_name}":"${{ env.DEFAULT_TAG }}" "${surface_name}":${tag} done @@ -378,18 +402,18 @@ jobs: DIGEST: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }} IMAGE_REGISTRY: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} IMAGE_NAME: ${{ env.IMAGE_NAME }} - FEDORA_VERSION: ${{ inputs.fedora_version }} + FEDORA_VERSION: ${{ matrix.fedora_version }} run: echo "${IMAGE_REGISTRY}@${DIGEST}" > "${IMAGE_NAME}-${FEDORA_VERSION}.txt" - name: Upload artifact if: github.event_name != 'pull_request' uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: - name: image-${{ env.IMAGE_NAME }}-${{ inputs.fedora_version }} + name: image-${{ env.IMAGE_NAME }}-${{ matrix.fedora_version }} retention-days: 1 if-no-files-found: error path: | - ${{ env.IMAGE_NAME }}-${{ inputs.fedora_version }}.txt + ${{ env.IMAGE_NAME }}-${{ matrix.fedora_version }}.txt check: name: Check all ${{ inputs.fedora_version }} builds successful From d50912b638a1072c394e4c1555a2099489febc55 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 16:56:36 -0400 Subject: [PATCH 010/101] another matrix try --- .github/workflows/build-image-beta.yml | 4 ++++ .github/workflows/build-image-gts.yml | 4 ++++ .github/workflows/build-image-latest.yml | 4 ++++ .github/workflows/build-image-stable.yml | 4 ++++ .github/workflows/reusable-build.yml | 12 +++++++----- 5 files changed, 23 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 4ff39aa74fe..79c01a3bf6b 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -22,6 +22,10 @@ jobs: name: Build Beta Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + base_name: [bluefin, aurora] with: + base_name: ${{ matrix.base_name }} fedora_version: beta diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index 2f9168ccd60..7dd28a5a919 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -16,6 +16,10 @@ jobs: name: Build GTS Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + base_name: [bluefin] with: + base_name: ${{ matrix.base_name }} fedora_version: gts diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 099bd2c6aea..88e5df67231 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -22,5 +22,9 @@ jobs: name: Build Latest Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + base_name: [bluefin, aurora] with: + base_name: ${{ matrix.base_name }} fedora_version: latest diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index aa090078d97..bf19564ec5a 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -16,6 +16,10 @@ jobs: name: Build Stable Images uses: ./.github/workflows/reusable-build.yml secrets: inherit + strategy: + matrix: + base_name: [bluefin, aurora] with: + base_name: ${{ matrix.base_name }} fedora_version: stable diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 6c8a0f11ece..9b97a2b0d3e 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -2,6 +2,10 @@ name: Reusable Build and Push on: workflow_call: inputs: + base_name: + description: "The Brand Name: bluefin or aurora" + required: true + type: string fedora_version: description: "The Fedora Version: gts, stable, or latest" required: true @@ -14,7 +18,7 @@ env: IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} concurrency: - group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.fedora_version }} + group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.base_name}}-${{ inputs.fedora_version }} cancel-in-progress: true jobs: @@ -33,10 +37,8 @@ jobs: - hwe - hwe-nvidia base_name: - - bluefin - - bluefin-dx - - aurora - - aurora-dx + - ${{ inputs.base_name }} + - ${{ inputs.base_name }}-dx fedora_version: - ${{ inputs.fedora_version }} exclude: From b4ae212333b6e84a6cc030a58ad8f94945be78ab Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 17:18:25 -0400 Subject: [PATCH 011/101] use include instead of exclude --- .github/workflows/reusable-build.yml | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 9b97a2b0d3e..7b6db1997ba 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -34,29 +34,15 @@ jobs: image_flavor: - main - nvidia - - hwe - - hwe-nvidia base_name: - ${{ inputs.base_name }} - ${{ inputs.base_name }}-dx fedora_version: - ${{ inputs.fedora_version }} - exclude: - - fedora_version: gts - base_name: aurora - - fedora_version: gts - base_name: aurora-dx - - fedora_version: gts + include: + - fedora_version: latest image_flavor: hwe - - fedora_version: gts - image_flavor: hwe-nvidia - - fedora_version: stable - image_flavor: hwe - - fedora_version: stable - image_flavor: hwe-nvidia - - fedora_version: beta - image_flavor: hwe - - fedora_version: beta + - fedora_version: latest image_flavor: hwe-nvidia steps: From 927f8e9c70942d992595d0415562da7e6c74037a Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 20:33:54 -0400 Subject: [PATCH 012/101] JSON String for matrix --- .github/workflows/build-image-latest.yml | 1 + .github/workflows/reusable-build.yml | 20 +++++++------------- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 88e5df67231..76daa785c12 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -26,5 +26,6 @@ jobs: matrix: base_name: [bluefin, aurora] with: + image_flavors: '["main", "nvidia", "hwe", "hwe-nvidia"]' base_name: ${{ matrix.base_name }} fedora_version: latest diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 7b6db1997ba..606d4799ca6 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -2,6 +2,10 @@ name: Reusable Build and Push on: workflow_call: inputs: + image_flavors: + description: "JSON string of flavors to build, '[main, nvidia, hwe, hwe-nvidia]'" + default: '["main", "nvidia"]' + type: string base_name: description: "The Brand Name: bluefin or aurora" required: true @@ -31,19 +35,9 @@ jobs: strategy: fail-fast: false matrix: - image_flavor: - - main - - nvidia - base_name: - - ${{ inputs.base_name }} - - ${{ inputs.base_name }}-dx - fedora_version: - - ${{ inputs.fedora_version }} - include: - - fedora_version: latest - image_flavor: hwe - - fedora_version: latest - image_flavor: hwe-nvidia + image_flavor: ${{ toJson(inputs.image_flavors) }} + base_name: ["${{ inputs.base_name }}", "${{ inputs.base_name }}-dx"] + fedora_version: "${{ inputs.fedora_version }}" steps: - name: Checkout From cfaa180078ca66f8e8a81fbe8d71a4ede306a3aa Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 20:36:23 -0400 Subject: [PATCH 013/101] swap quotes --- .github/workflows/build-image-latest.yml | 2 +- .github/workflows/reusable-build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 76daa785c12..1510d79e577 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -26,6 +26,6 @@ jobs: matrix: base_name: [bluefin, aurora] with: - image_flavors: '["main", "nvidia", "hwe", "hwe-nvidia"]' + image_flavors: "['main', 'nvidia', 'hwe', 'hwe-nvidia']" base_name: ${{ matrix.base_name }} fedora_version: latest diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 606d4799ca6..ec4053400cf 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -4,7 +4,7 @@ on: inputs: image_flavors: description: "JSON string of flavors to build, '[main, nvidia, hwe, hwe-nvidia]'" - default: '["main", "nvidia"]' + default: "['main', 'nvidia']" type: string base_name: description: "The Brand Name: bluefin or aurora" From 3e521b0045b55d7703cac23e62cd0462fbd15e3d Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 20:40:15 -0400 Subject: [PATCH 014/101] fromJSON? --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index ec4053400cf..81cd8d23217 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -35,7 +35,7 @@ jobs: strategy: fail-fast: false matrix: - image_flavor: ${{ toJson(inputs.image_flavors) }} + image_flavor: ${{ fromJson(inputs.image_flavors) }} base_name: ["${{ inputs.base_name }}", "${{ inputs.base_name }}-dx"] fedora_version: "${{ inputs.fedora_version }}" From 53d3719d9448ec74dc8d4e3406d5cd812340b425 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 20:41:52 -0400 Subject: [PATCH 015/101] remove quotes --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 81cd8d23217..8604c600a4d 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -37,7 +37,7 @@ jobs: matrix: image_flavor: ${{ fromJson(inputs.image_flavors) }} base_name: ["${{ inputs.base_name }}", "${{ inputs.base_name }}-dx"] - fedora_version: "${{ inputs.fedora_version }}" + fedora_version: ${{ inputs.fedora_version }} steps: - name: Checkout From d4522ad6c0848bb87719adbf827da94a1b999497 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 20:43:13 -0400 Subject: [PATCH 016/101] another try? --- .github/workflows/reusable-build.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 8604c600a4d..d0d8a9c6d4a 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -36,8 +36,11 @@ jobs: fail-fast: false matrix: image_flavor: ${{ fromJson(inputs.image_flavors) }} - base_name: ["${{ inputs.base_name }}", "${{ inputs.base_name }}-dx"] - fedora_version: ${{ inputs.fedora_version }} + base_name: + - ${{ inputs.base_name }} + - ${{ inputs.base_name }}-dx + fedora_version: + - ${{ inputs.fedora_version }} steps: - name: Checkout From 01a24e1edfcf0f911e3e091f5b131b4aa573bc55 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 20:44:39 -0400 Subject: [PATCH 017/101] Single Line --- .github/workflows/reusable-build.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index d0d8a9c6d4a..e5e7330a9bb 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -36,11 +36,8 @@ jobs: fail-fast: false matrix: image_flavor: ${{ fromJson(inputs.image_flavors) }} - base_name: - - ${{ inputs.base_name }} - - ${{ inputs.base_name }}-dx - fedora_version: - - ${{ inputs.fedora_version }} + base_name: ["${{ inputs.base_name }}", "${{ inputs.base_name }}-dx"] + fedora_version: ["${{ inputs.fedora_version }}"] steps: - name: Checkout From eeb845d3b15bc271941b38ba1d053c4614f7b144 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 20:53:21 -0400 Subject: [PATCH 018/101] add selectable build choice --- .github/workflows/build-image-beta.yml | 21 ++++++++++++++++++++- .github/workflows/build-image-latest.yml | 23 ++++++++++++++++++++++- .github/workflows/build-image-stable.yml | 22 +++++++++++++++++++++- 3 files changed, 63 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 79c01a3bf6b..5f926f78a4f 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -14,11 +14,19 @@ on: - "**.md" schedule: - cron: "40 4 * * *" # 4:40 UTC everyday - workflow_dispatch: workflow_call: + workflow_dispatch: + inputs: + base_name: + default: 'bluefin' + type: choice + options: + - bluefin + - aurora jobs: build-image-beta: + if: github.event_name != 'workflow_dispatch' name: Build Beta Images uses: ./.github/workflows/reusable-build.yml secrets: inherit @@ -29,3 +37,14 @@ jobs: base_name: ${{ matrix.base_name }} fedora_version: beta + build-image-beta-call: + if: github.event_name == 'workflow_dispatch' + name: Build Latest Images + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + strategy: + matrix: + base_name: [bluefin, aurora] + with: + base_name: ${{ inputs.base_name }} + fedora_version: latest diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 1510d79e577..3509e11eb0e 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -14,11 +14,19 @@ on: - '**.md' schedule: - cron: '40 4 * * *' # 4:40 UTC everyday - workflow_dispatch: workflow_call: + workflow_dispatch: + inputs: + base_name: + default: 'bluefin' + type: choice + options: + - bluefin + - aurora jobs: build-image-latest: + if: github.event_name != 'workflow_dispatch' name: Build Latest Images uses: ./.github/workflows/reusable-build.yml secrets: inherit @@ -29,3 +37,16 @@ jobs: image_flavors: "['main', 'nvidia', 'hwe', 'hwe-nvidia']" base_name: ${{ matrix.base_name }} fedora_version: latest + + build-image-latest-call: + if: github.event_name == 'workflow_dispatch' + name: Build Latest Images + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + strategy: + matrix: + base_name: [bluefin, aurora] + with: + image_flavors: "['main', 'nvidia', 'hwe', 'hwe-nvidia']" + base_name: ${{ inputs.base_name }} + fedora_version: latest diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index bf19564ec5a..e9d070cfec8 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -8,11 +8,19 @@ on: - '**.md' schedule: - cron: '45 5 * * *' # 5:41 UTC everyday - workflow_dispatch: workflow_call: + workflow_dispatch: + inputs: + base_name: + default: 'bluefin' + type: choice + options: + - bluefin + - aurora jobs: build-image-stable: + if: github.event_name != 'workflow_dispatch' name: Build Stable Images uses: ./.github/workflows/reusable-build.yml secrets: inherit @@ -23,3 +31,15 @@ jobs: base_name: ${{ matrix.base_name }} fedora_version: stable + build-image-stable-call: + if: github.event_name == 'workflow_dispatch' + name: Build Latest Images + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + strategy: + matrix: + base_name: [bluefin, aurora] + with: + base_name: ${{ inputs.base_name }} + fedora_version: latest + From b05c7156868e8ca5dd6e54e438126644c264be3d Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 21:02:35 -0400 Subject: [PATCH 019/101] push old hwe image names --- .github/workflows/reusable-build.yml | 38 +++++++++++++++++----------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index e5e7330a9bb..e4d26bef452 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -306,21 +306,19 @@ jobs: for tag in ${{ steps.build_image.outputs.tags }}; do podman tag $IMAGE ${{ env.IMAGE_NAME }}:${tag} done + + # HWE Tagging + if [[ "${{ matrix.image_flavor }}" =~ hwe]]; then + image_name="${{ env.IMAGE_NAME }}" + asus_name="${image_name/hwe/asus}" + surface_name="${image_name/hwe/surface}" + for tag in ${{ steps.rechunk.outputs.output }}; do + podman tag "${IMAGE}":"${{ env.DEFAULT_TAG }}" "${asus_name}":${tag} + podman tag "${IMAGE}":"${{ env.DEFAULT_TAG }}" "${surface_name}":${tag} + done + fi podman tag $IMAGE rechunked-img - - # HWE use legacy names - - name: Legacy HWE names - if: contains(matrix.image_flavor, 'hwe') - shell: bash - run: | - set -eoux pipefail - image_name="${{ env.IMAGE_NAME }}" - asus_name="${image_name/hwe/asus}" - surface_name="${image_name/hwe/surface}" - for tag in ${{ steps.rechunk.outputs.output }}; do - podman tag "${image_name}":"${{ env.DEFAULT_TAG }}" "${asus_name}":${tag} - podman tag "${image_name}":"${{ env.DEFAULT_TAG }}" "${surface_name}":${tag} - done + podman images # Check that Kernel is signed with Secureboot Keys - name: Check Secureboot @@ -360,8 +358,18 @@ jobs: set -euox pipefail for tag in ${{ steps.build_image.outputs.tags }}; do - sudo podman push ${{ env.IMAGE_NAME }}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${tag} + podman push ${{ env.IMAGE_NAME }}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${tag} done + + if [[ "${{ matrix.image_flavor }}" =~ hwe]]; then + image_name="${{ env.IMAGE_NAME }}" + asus_name="${image_name/hwe/asus}" + surface_name="${image_name/hwe/surface}" + for tag in ${{ steps.rechunk.outputs.output }}; do + podman push ${asus_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${asus_name}:${tag} + podman push ${surface_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${surface_name}:${tag} + done + fi digest=$(skopeo inspect docker://${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} --format '{{.Digest}}') echo "digest=${digest}" >> $GITHUB_OUTPUT From 757df34fefa47e3e6d1dc5ce534a113b233dbb1a Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 21:22:18 -0400 Subject: [PATCH 020/101] handle defaults --- .github/workflows/build-image-beta.yml | 23 ++++++---------------- .github/workflows/build-image-latest.yml | 25 ++++++------------------ .github/workflows/build-image-stable.yml | 24 ++++++----------------- 3 files changed, 18 insertions(+), 54 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 5f926f78a4f..8f8d7c84182 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -18,33 +18,22 @@ on: workflow_dispatch: inputs: base_name: - default: 'bluefin' + description: 'Image Brand to Build' + default: '["bluefin"]' type: choice options: - - bluefin - - aurora + - '["bluefin"]' + - '["aurora"]' + - '["bluefin", "aurora"]' jobs: build-image-beta: - if: github.event_name != 'workflow_dispatch' name: Build Beta Images uses: ./.github/workflows/reusable-build.yml secrets: inherit strategy: matrix: - base_name: [bluefin, aurora] + base_name: ${{ fromJson(inputs.base_name) || fromJson('["bluefin", "aurora"]') }} with: base_name: ${{ matrix.base_name }} fedora_version: beta - - build-image-beta-call: - if: github.event_name == 'workflow_dispatch' - name: Build Latest Images - uses: ./.github/workflows/reusable-build.yml - secrets: inherit - strategy: - matrix: - base_name: [bluefin, aurora] - with: - base_name: ${{ inputs.base_name }} - fedora_version: latest diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 3509e11eb0e..f20f2ba2deb 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -18,35 +18,22 @@ on: workflow_dispatch: inputs: base_name: - default: 'bluefin' + description: 'Image Brand to Build' + default: '["bluefin"]' type: choice options: - - bluefin - - aurora + - '["bluefin"]' + - '["aurora"]' + - '["bluefin", "aurora"]' jobs: build-image-latest: - if: github.event_name != 'workflow_dispatch' name: Build Latest Images uses: ./.github/workflows/reusable-build.yml secrets: inherit strategy: matrix: - base_name: [bluefin, aurora] + base_name: ${{ fromJson(inputs.base_name) || fromJson('["bluefin", "aurora"]') }} with: - image_flavors: "['main', 'nvidia', 'hwe', 'hwe-nvidia']" base_name: ${{ matrix.base_name }} fedora_version: latest - - build-image-latest-call: - if: github.event_name == 'workflow_dispatch' - name: Build Latest Images - uses: ./.github/workflows/reusable-build.yml - secrets: inherit - strategy: - matrix: - base_name: [bluefin, aurora] - with: - image_flavors: "['main', 'nvidia', 'hwe', 'hwe-nvidia']" - base_name: ${{ inputs.base_name }} - fedora_version: latest diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index e9d070cfec8..327325b2baa 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -12,34 +12,22 @@ on: workflow_dispatch: inputs: base_name: - default: 'bluefin' + description: 'Image Brand to Build' + default: '["bluefin"]' type: choice options: - - bluefin - - aurora + - '["bluefin"]' + - '["aurora"]' + - '["bluefin", "aurora"]' jobs: build-image-stable: - if: github.event_name != 'workflow_dispatch' name: Build Stable Images uses: ./.github/workflows/reusable-build.yml secrets: inherit strategy: matrix: - base_name: [bluefin, aurora] + base_name: ${{ fromJson(inputs.base_name) || fromJson('["bluefin", "aurora"]') }} with: base_name: ${{ matrix.base_name }} fedora_version: stable - - build-image-stable-call: - if: github.event_name == 'workflow_dispatch' - name: Build Latest Images - uses: ./.github/workflows/reusable-build.yml - secrets: inherit - strategy: - matrix: - base_name: [bluefin, aurora] - with: - base_name: ${{ inputs.base_name }} - fedora_version: latest - From 0f69dc5727ac025343a7e24e7dc92c2ef2080a5e Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 21:26:31 -0400 Subject: [PATCH 021/101] fix expression --- .github/workflows/build-image-beta.yml | 2 +- .github/workflows/build-image-latest.yml | 2 +- .github/workflows/build-image-stable.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 8f8d7c84182..0c8cb034e78 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -33,7 +33,7 @@ jobs: secrets: inherit strategy: matrix: - base_name: ${{ fromJson(inputs.base_name) || fromJson('["bluefin", "aurora"]') }} + base_name: ${{ fromJson(inputs.base_name || '["bluefin", "aurora"]') }} with: base_name: ${{ matrix.base_name }} fedora_version: beta diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index f20f2ba2deb..b56792f6d11 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -33,7 +33,7 @@ jobs: secrets: inherit strategy: matrix: - base_name: ${{ fromJson(inputs.base_name) || fromJson('["bluefin", "aurora"]') }} + base_name: ${{ fromJson(inputs.base_name || '["bluefin", "aurora"]') }} with: base_name: ${{ matrix.base_name }} fedora_version: latest diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index 327325b2baa..dbf0cb75a16 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -27,7 +27,7 @@ jobs: secrets: inherit strategy: matrix: - base_name: ${{ fromJson(inputs.base_name) || fromJson('["bluefin", "aurora"]') }} + base_name: ${{ fromJson(inputs.base_name || '["bluefin", "aurora"]') }} with: base_name: ${{ matrix.base_name }} fedora_version: stable From 5ba2948cb878c70d663ca38996f4ed58d479c666 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 21:51:23 -0400 Subject: [PATCH 022/101] Update build-image-latest.yml --- .github/workflows/build-image-latest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index b56792f6d11..fef6e22f9a6 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -35,5 +35,6 @@ jobs: matrix: base_name: ${{ fromJson(inputs.base_name || '["bluefin", "aurora"]') }} with: + image_flavors: '["main", "nvidia", "hwe", "hwe-nvidia”]' base_name: ${{ matrix.base_name }} fedora_version: latest From 0f84169f0d8c1330884ba920ddf2a2708c1b75c9 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 21:53:47 -0400 Subject: [PATCH 023/101] Update reusable-build.yml --- .github/workflows/reusable-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index e4d26bef452..1b3d7995888 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -308,7 +308,7 @@ jobs: done # HWE Tagging - if [[ "${{ matrix.image_flavor }}" =~ hwe]]; then + if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then image_name="${{ env.IMAGE_NAME }}" asus_name="${image_name/hwe/asus}" surface_name="${image_name/hwe/surface}" @@ -361,7 +361,7 @@ jobs: podman push ${{ env.IMAGE_NAME }}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${tag} done - if [[ "${{ matrix.image_flavor }}" =~ hwe]]; then + if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then image_name="${{ env.IMAGE_NAME }}" asus_name="${image_name/hwe/asus}" surface_name="${image_name/hwe/surface}" From 8c7362e502287b0c8be3dff0da01f545de96e886 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 1 Nov 2024 21:57:20 -0400 Subject: [PATCH 024/101] Update build-image-latest.yml --- .github/workflows/build-image-latest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index fef6e22f9a6..0dc252dbb50 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -35,6 +35,6 @@ jobs: matrix: base_name: ${{ fromJson(inputs.base_name || '["bluefin", "aurora"]') }} with: - image_flavors: '["main", "nvidia", "hwe", "hwe-nvidia”]' + image_flavors: '["main", "nvidia", "hwe", "hwe-nvidia"]' base_name: ${{ matrix.base_name }} fedora_version: latest From 4251ec2eaf90c17fff650301bba055a725da0c34 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 2 Nov 2024 10:46:29 -0400 Subject: [PATCH 025/101] match for ISOs, loop tags --- .github/workflows/build-image-beta.yml | 6 +-- .github/workflows/build-image-gts.yml | 4 +- .github/workflows/build-image-latest.yml | 6 +-- .github/workflows/build-image-stable.yml | 6 +-- .github/workflows/build-iso-gts.yml | 11 +++-- .github/workflows/build-iso-latest.yml | 20 +++++++-- .github/workflows/build-iso-stable.yml | 19 +++++++-- .github/workflows/reusable-build-iso.yml | 54 ++++++++---------------- .github/workflows/reusable-build.yml | 15 ++++--- 9 files changed, 79 insertions(+), 62 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 0c8cb034e78..5e12b809ea3 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -17,7 +17,7 @@ on: workflow_call: workflow_dispatch: inputs: - base_name: + brand_name: description: 'Image Brand to Build' default: '["bluefin"]' type: choice @@ -33,7 +33,7 @@ jobs: secrets: inherit strategy: matrix: - base_name: ${{ fromJson(inputs.base_name || '["bluefin", "aurora"]') }} + brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: - base_name: ${{ matrix.base_name }} + brand_name: ${{ matrix.brand_name }} fedora_version: beta diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index 7dd28a5a919..876188b4e60 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -18,8 +18,8 @@ jobs: secrets: inherit strategy: matrix: - base_name: [bluefin] + brand_name: [bluefin] with: - base_name: ${{ matrix.base_name }} + brand_name: ${{ matrix.brand_name }} fedora_version: gts diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 0dc252dbb50..b6a316f311f 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -17,7 +17,7 @@ on: workflow_call: workflow_dispatch: inputs: - base_name: + brand_name: description: 'Image Brand to Build' default: '["bluefin"]' type: choice @@ -33,8 +33,8 @@ jobs: secrets: inherit strategy: matrix: - base_name: ${{ fromJson(inputs.base_name || '["bluefin", "aurora"]') }} + brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: image_flavors: '["main", "nvidia", "hwe", "hwe-nvidia"]' - base_name: ${{ matrix.base_name }} + brand_name: ${{ matrix.brand_name }} fedora_version: latest diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index dbf0cb75a16..88013b9e0e0 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -11,7 +11,7 @@ on: workflow_call: workflow_dispatch: inputs: - base_name: + brand_name: description: 'Image Brand to Build' default: '["bluefin"]' type: choice @@ -27,7 +27,7 @@ jobs: secrets: inherit strategy: matrix: - base_name: ${{ fromJson(inputs.base_name || '["bluefin", "aurora"]') }} + brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: - base_name: ${{ matrix.base_name }} + brand_name: ${{ matrix.brand_name }} fedora_version: stable diff --git a/.github/workflows/build-iso-gts.yml b/.github/workflows/build-iso-gts.yml index b420acb04a2..9ac7278df96 100644 --- a/.github/workflows/build-iso-gts.yml +++ b/.github/workflows/build-iso-gts.yml @@ -1,14 +1,19 @@ name: GTS ISO on: - workflow_dispatch: - workflow_call: # schedule: # - cron: '0 2 * * sun' # 02:00 Sunday + workflow_dispatch: + workflow_call: jobs: build-iso-gts: - name: Build GTS ISO + name: Build GTS ISOs uses: ./.github/workflows/reusable-build-iso.yml secrets: inherit + strategy: + matrix: + brand_name: [bluefin] with: + brand_name: ${{ matrix.brand_name }} fedora_version: gts + diff --git a/.github/workflows/build-iso-latest.yml b/.github/workflows/build-iso-latest.yml index 82653954727..6c6a5290545 100644 --- a/.github/workflows/build-iso-latest.yml +++ b/.github/workflows/build-iso-latest.yml @@ -1,14 +1,28 @@ name: Latest ISO on: - workflow_dispatch: - workflow_call: # schedule: # - cron: '0 4 * * sun' # 04:00 Sunday + workflow_call: + workflow_dispatch: + inputs: + brand_name: + description: 'Image Brand to Build' + default: '["bluefin"]' + type: choice + options: + - '["bluefin"]' + - '["aurora"]' + - '["bluefin", "aurora"]' jobs: build-iso-latest: - name: Build Latest ISO + name: Build Latest ISOs uses: ./.github/workflows/reusable-build-iso.yml secrets: inherit + strategy: + matrix: + brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: + image_flavors: '["main", "nvidia", "hwe", "hwe-nvidia"]' + brand_name: ${{ matrix.brand_name }} fedora_version: latest diff --git a/.github/workflows/build-iso-stable.yml b/.github/workflows/build-iso-stable.yml index 43efd4261a9..37d3a939c33 100644 --- a/.github/workflows/build-iso-stable.yml +++ b/.github/workflows/build-iso-stable.yml @@ -1,14 +1,27 @@ name: Stable ISO on: - workflow_dispatch: - workflow_call: # schedule: # - cron: '41 6 * * 2' # 6:41 UTC every Tuesday + workflow_call: + workflow_dispatch: + inputs: + brand_name: + description: 'Image Brand to Build' + default: '["bluefin"]' + type: choice + options: + - '["bluefin"]' + - '["aurora"]' + - '["bluefin", "aurora"]' jobs: build-iso-stable: - name: Build Stable ISO + name: Build Stable ISOs uses: ./.github/workflows/reusable-build-iso.yml secrets: inherit + strategy: + matrix: + brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: + brand_name: ${{ matrix.brand_name }} fedora_version: stable \ No newline at end of file diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index b5c5cd7f4fb..2f2e47611ca 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -2,8 +2,16 @@ name: Reusable ISO on: workflow_call: inputs: + image_flavors: + description: "JSON string of flavors to build, '[main, nvidia, hwe, hwe-nvidia]'" + default: "['main', 'nvidia']" + type: string + brand_name: + description: "The Brand Name: bluefin or aurora" + required: true + type: string fedora_version: - description: "The Convenience Tag gts, stable, latest, beta" + description: "The Fedora Version: gts, stable, or latest" required: true type: string @@ -21,37 +29,9 @@ jobs: strategy: fail-fast: false matrix: - image_flavor: - - main - - nvidia - - asus - - asus-nvidia - - surface - - surface-nvidia - base_name: - - bluefin - - bluefin-dx - - aurora - - aurora-dx - fedora_version: - - ${{ inputs.fedora_version }} - exclude: - - fedora_version: gts - base_name: aurora - - fedora_version: gts - base_name: aurora-dx - - fedora_version: gts - image_flavor: hwe - - fedora_version: gts - image_flavor: hwe-nvidia - - fedora_version: stable - image_flavor: hwe - - fedora_version: stable - image_flavor: hwe-nvidia - - fedora_version: beta - image_flavor: hwe - - fedora_version: beta - image_flavor: hwe-nvidia + image_flavor: ${{ fromJson(inputs.image_flavors) }} + base_name: ["${{ inputs.brand_name }}", "${{ inputs.brand_name }}-dx"] + fedora_version: ["${{ inputs.fedora_version }}"] steps: - name: Free Disk Space (Ubuntu) @@ -67,9 +47,9 @@ jobs: else echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.base_name, matrix.image_flavor) }}" >> $GITHUB_ENV fi - if [[ ${{ inputs.brand_name }} == "bluefin" ]]; then + if [[ ${{ matrix.base_name }} =~ bluefin ]]; then echo "VARIANT=Silverblue" >> $GITHUB_ENV - elif [[ ${{ inputs.brand_name }} == "aurora" ]]; then + elif [[ ${{ matrix.base_name }} =~ aurora ]]; then echo "VARIANT=Kinoite" >> $GITHUB_ENV fi @@ -78,7 +58,7 @@ jobs: shell: bash run: | set -eo pipefail - kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ inputs.fedora_version }} | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') + kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ matrix.fedora_version }} | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') fedora_version=$(echo $kernel_release | grep -oP 'fc\K[0-9]+') echo "kernel_release=$kernel_release" >> $GITHUB_OUTPUT echo "fedora_version=$fedora_version" >> $GITHUB_OUTPUT @@ -87,7 +67,7 @@ jobs: id: generate-tag shell: bash run: | - TAG="${{ inputs.fedora_version }}" + TAG="${{ matrix.fedora_version }}" if [[ "${{ github.ref_name }}" == "testing" ]]; then TAG="testing-${TAG}" @@ -116,7 +96,7 @@ jobs: shell: bash run: | set -ex - image="ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ inputs.fedora_version }}" + image="ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ matrix.fedora_version }}" # Make temp space TEMP_FLATPAK_INSTALL_DIR=$(mktemp -d -p ${{ github.workspace }} flatpak.XXX) # Get list of refs from directory diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 1b3d7995888..7fbbfa012dc 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -6,7 +6,7 @@ on: description: "JSON string of flavors to build, '[main, nvidia, hwe, hwe-nvidia]'" default: "['main', 'nvidia']" type: string - base_name: + brand_name: description: "The Brand Name: bluefin or aurora" required: true type: string @@ -22,7 +22,7 @@ env: IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} concurrency: - group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.base_name}}-${{ inputs.fedora_version }} + group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name}}-${{ inputs.fedora_version }} cancel-in-progress: true jobs: @@ -36,7 +36,7 @@ jobs: fail-fast: false matrix: image_flavor: ${{ fromJson(inputs.image_flavors) }} - base_name: ["${{ inputs.base_name }}", "${{ inputs.base_name }}-dx"] + base_name: ["${{ inputs.brand_name }}", "${{ inputs.brand_name }}-dx"] fedora_version: ["${{ inputs.fedora_version }}"] steps: @@ -303,16 +303,19 @@ jobs: set -eoux pipefail IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }}) sudo rm -rf ${{ steps.rechunk.outputs.output }} + for tag in ${{ steps.build_image.outputs.tags }}; do podman tag $IMAGE ${{ env.IMAGE_NAME }}:${tag} done # HWE Tagging if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then + image_name="${{ env.IMAGE_NAME }}" asus_name="${image_name/hwe/asus}" surface_name="${image_name/hwe/surface}" - for tag in ${{ steps.rechunk.outputs.output }}; do + + for tag in ${{ steps.build_image.outputs.tags }}; do podman tag "${IMAGE}":"${{ env.DEFAULT_TAG }}" "${asus_name}":${tag} podman tag "${IMAGE}":"${{ env.DEFAULT_TAG }}" "${surface_name}":${tag} done @@ -362,10 +365,12 @@ jobs: done if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then + image_name="${{ env.IMAGE_NAME }}" asus_name="${image_name/hwe/asus}" surface_name="${image_name/hwe/surface}" - for tag in ${{ steps.rechunk.outputs.output }}; do + + for tag in ${{ steps.build_image.outputs.tags }}; do podman push ${asus_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${asus_name}:${tag} podman push ${surface_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${surface_name}:${tag} done From 72a598ed87135fcecfa71b84011a56ba8ffd9a75 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 2 Nov 2024 13:15:42 -0400 Subject: [PATCH 026/101] add another build-fix --- build_files/base/00-build-fix.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/build_files/base/00-build-fix.sh b/build_files/base/00-build-fix.sh index 2261cf17cad..d35a42ce695 100755 --- a/build_files/base/00-build-fix.sh +++ b/build_files/base/00-build-fix.sh @@ -12,14 +12,25 @@ repos=( ) for repo in "${repos[@]}"; do - if [ $(grep -c "enabled=1" /etc/yum.repos.d/${repo}) -eq 0 ]; then - sed -i "0,/enabled=0/{s/enabled=0/enabled=1/}" /etc/yum.repos.d/${repo} + if [[ "$(grep -c "enabled=1" /etc/yum.repos.d/"${repo}")" -eq 0 ]]; then + sed -i "0,/enabled=0/{s/enabled=0/enabled=1/}" /etc/yum.repos.d/"${repo}" fi done +if grep -q "kinoite" <<<"${IMAGE_NAME}"; then + rpm-ostree override replace \ + --experimental \ + --from repo=updates \ + qt6-qtbase \ + qt6-qtbase-common \ + qt6-qtbase-mysql \ + qt6-qtbase-gui || + true +fi + rpm-ostree override replace \ --experimental \ --from repo=updates \ - elfutils-libelf \ - elfutils-libs \ - || true \ No newline at end of file + elfutils-libelf \ + elfutils-libs || + true From 52c2732b5a9d70531fdebf97bcb9e37a875d21c5 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 2 Nov 2024 13:24:56 -0400 Subject: [PATCH 027/101] fix check for build-fix --- build_files/base/00-build-fix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_files/base/00-build-fix.sh b/build_files/base/00-build-fix.sh index d35a42ce695..09c2ae0a465 100755 --- a/build_files/base/00-build-fix.sh +++ b/build_files/base/00-build-fix.sh @@ -17,7 +17,7 @@ for repo in "${repos[@]}"; do fi done -if grep -q "kinoite" <<<"${IMAGE_NAME}"; then +if grep -q "kinoite" <<<"${BASE_IMAGE_NAME}"; then rpm-ostree override replace \ --experimental \ --from repo=updates \ From 9e14a3bfeeef5427ebac4e331981aa5e12550adf Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 2 Nov 2024 13:50:37 -0400 Subject: [PATCH 028/101] ZFS verify based on akmods flavor --- .github/workflows/reusable-build.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 7fbbfa012dc..061c4b9c357 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -133,7 +133,7 @@ jobs: - name: Verify ZFS uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 - if: inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' && ! contains(matrix.image_flavor, 'hwe') + if: contains(env.AKMODS_FLAVOR, 'coreos') with: containers: akmods-zfs:${{ env.AKMODS_FLAVOR }}-${{ env.FEDORA_VERSION }}-${{ env.KERNEL_RELEASE }} @@ -195,7 +195,7 @@ jobs: echo "${TAG}" done alias_tags=("${COMMIT_TAGS[@]}") - else + else echo "Generated the following build tags: " for TAG in "${BUILD_TAGS[@]}"; do echo "${TAG}" @@ -223,7 +223,7 @@ jobs: - name: Define env.SHA_HEAD_SHORT run: | - echo "SHA_HEAD_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV + echo "SHA_HEAD_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV - name: Maximize build space uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 @@ -292,7 +292,7 @@ jobs: with: rechunk: ghcr.io/hhd-dev/rechunk:v1.0.1 ref: "raw-img" - skip_compression: 'true' + skip_compression: "true" labels: ${{ steps.meta.outputs.labels }} prev-ref: ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}:${{ env.DEFAULT_TAG }} @@ -343,7 +343,6 @@ jobs: sbverify --cert kernel-sign.crt vmlinuz || exit 1 sbverify --cert akmods.crt vmlinuz || exit 1 - - name: Login to GitHub Container Registry if: github.event_name != 'pull_request' run: | From cf2fe9c8cd1dc49beb4905ec7b1a91edf8fc4e07 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 2 Nov 2024 13:55:56 -0400 Subject: [PATCH 029/101] don't fail fast --- .github/workflows/build-image-beta.yml | 3 ++- .github/workflows/build-image-gts.yml | 8 ++++---- .github/workflows/build-image-latest.yml | 9 +++++---- .github/workflows/build-image-stable.yml | 7 ++++--- .github/workflows/build-iso-gts.yml | 4 ++-- .github/workflows/build-iso-latest.yml | 3 ++- .github/workflows/build-iso-stable.yml | 5 +++-- 7 files changed, 22 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 5e12b809ea3..ac0af5f9b47 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -18,7 +18,7 @@ on: workflow_dispatch: inputs: brand_name: - description: 'Image Brand to Build' + description: "Image Brand to Build" default: '["bluefin"]' type: choice options: @@ -32,6 +32,7 @@ jobs: uses: ./.github/workflows/reusable-build.yml secrets: inherit strategy: + fail-fast: false matrix: brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index 876188b4e60..7f63cfe4342 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -5,11 +5,11 @@ on: - main - testing paths-ignore: - - '**.md' + - "**.md" schedule: - - cron: '41 5 * * 0' # 5:41 UTC Weekly on Sundays + - cron: "41 5 * * 0" # 5:41 UTC Weekly on Sundays workflow_dispatch: - workflow_call: + workflow_call: jobs: build-image-gts: @@ -17,9 +17,9 @@ jobs: uses: ./.github/workflows/reusable-build.yml secrets: inherit strategy: + fail-fast: false matrix: brand_name: [bluefin] with: brand_name: ${{ matrix.brand_name }} fedora_version: gts - diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index b6a316f311f..463ad99a950 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -6,19 +6,19 @@ on: - main - testing paths-ignore: - - '**.md' + - "**.md" push: branches: - main paths-ignore: - - '**.md' + - "**.md" schedule: - - cron: '40 4 * * *' # 4:40 UTC everyday + - cron: "40 4 * * *" # 4:40 UTC everyday workflow_call: workflow_dispatch: inputs: brand_name: - description: 'Image Brand to Build' + description: "Image Brand to Build" default: '["bluefin"]' type: choice options: @@ -32,6 +32,7 @@ jobs: uses: ./.github/workflows/reusable-build.yml secrets: inherit strategy: + fail-fast: false matrix: brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index 88013b9e0e0..433382efa3d 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -5,14 +5,14 @@ on: - main - testing paths-ignore: - - '**.md' + - "**.md" schedule: - - cron: '45 5 * * *' # 5:41 UTC everyday + - cron: "45 5 * * *" # 5:41 UTC everyday workflow_call: workflow_dispatch: inputs: brand_name: - description: 'Image Brand to Build' + description: "Image Brand to Build" default: '["bluefin"]' type: choice options: @@ -26,6 +26,7 @@ jobs: uses: ./.github/workflows/reusable-build.yml secrets: inherit strategy: + fail-fast: false matrix: brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: diff --git a/.github/workflows/build-iso-gts.yml b/.github/workflows/build-iso-gts.yml index 9ac7278df96..d44e2c2b5f3 100644 --- a/.github/workflows/build-iso-gts.yml +++ b/.github/workflows/build-iso-gts.yml @@ -3,7 +3,7 @@ on: # schedule: # - cron: '0 2 * * sun' # 02:00 Sunday workflow_dispatch: - workflow_call: + workflow_call: jobs: build-iso-gts: @@ -11,9 +11,9 @@ jobs: uses: ./.github/workflows/reusable-build-iso.yml secrets: inherit strategy: + fail-fast: false matrix: brand_name: [bluefin] with: brand_name: ${{ matrix.brand_name }} fedora_version: gts - diff --git a/.github/workflows/build-iso-latest.yml b/.github/workflows/build-iso-latest.yml index 6c6a5290545..707b568def1 100644 --- a/.github/workflows/build-iso-latest.yml +++ b/.github/workflows/build-iso-latest.yml @@ -6,7 +6,7 @@ on: workflow_dispatch: inputs: brand_name: - description: 'Image Brand to Build' + description: "Image Brand to Build" default: '["bluefin"]' type: choice options: @@ -20,6 +20,7 @@ jobs: uses: ./.github/workflows/reusable-build-iso.yml secrets: inherit strategy: + fail-fast: false matrix: brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: diff --git a/.github/workflows/build-iso-stable.yml b/.github/workflows/build-iso-stable.yml index 37d3a939c33..34115681e25 100644 --- a/.github/workflows/build-iso-stable.yml +++ b/.github/workflows/build-iso-stable.yml @@ -6,7 +6,7 @@ on: workflow_dispatch: inputs: brand_name: - description: 'Image Brand to Build' + description: "Image Brand to Build" default: '["bluefin"]' type: choice options: @@ -20,8 +20,9 @@ jobs: uses: ./.github/workflows/reusable-build-iso.yml secrets: inherit strategy: + fail-fast: false matrix: brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: brand_name: ${{ matrix.brand_name }} - fedora_version: stable \ No newline at end of file + fedora_version: stable From 8b591daa6d66b95e506d03f824e26bd79636dd9b Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 2 Nov 2024 14:14:29 -0400 Subject: [PATCH 030/101] fix hwe tagging --- .github/workflows/reusable-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 061c4b9c357..049461e64dd 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -316,8 +316,8 @@ jobs: surface_name="${image_name/hwe/surface}" for tag in ${{ steps.build_image.outputs.tags }}; do - podman tag "${IMAGE}":"${{ env.DEFAULT_TAG }}" "${asus_name}":${tag} - podman tag "${IMAGE}":"${{ env.DEFAULT_TAG }}" "${surface_name}":${tag} + podman tag "${IMAGE}" "${asus_name}":${tag} + podman tag "${IMAGE}" "${surface_name}":${tag} done fi podman tag $IMAGE rechunked-img From dfb10208bb8facfe765936829bc3f7bc91fb9306 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 2 Nov 2024 17:57:29 -0400 Subject: [PATCH 031/101] start getting changelogs in place --- .github/changelogs.py | 454 +++++++++++++++++++++++++++ .github/workflows/reusable-build.yml | 15 +- 2 files changed, 459 insertions(+), 10 deletions(-) create mode 100644 .github/changelogs.py diff --git a/.github/changelogs.py b/.github/changelogs.py new file mode 100644 index 00000000000..8d72d3b3d3d --- /dev/null +++ b/.github/changelogs.py @@ -0,0 +1,454 @@ +from itertools import product +import subprocess +import json +import time +from typing import Any +import re +from collections import defaultdict + +REGISTRY = "docker://ghcr.io/ublue-os/" + +IMAGE_MATRIX_LATEST = { + "experience": ["base", "dx"], + "de": ["kde", "gnome"], + "image_flavor": ["main", "nvidia", "hwe", "hwe-nvidia"], +} +IMAGE_MATRIX = { + "experience": ["base", "dx"], + "de": ["kde", "gnome"], + "image_flavor": ["main", "nvidia"], +} + +RETRIES = 3 +RETRY_WAIT = 5 +FEDORA_PATTERN = re.compile(r"\.fc\d\d") +START_PATTERN = lambda target: re.compile(rf"{target}-[0-9]+") + +PATTERN_ADD = "\n| ✨ | {name} | | {version} |" +PATTERN_CHANGE = "\n| 🔄 | {name} | {prev} | {new} |" +PATTERN_REMOVE = "\n| ❌ | {name} | {version} | |" +PATTERN_PKGREL_CHANGED = "{prev} ➡️ {new}" +PATTERN_PKGREL = "{version}" +COMMON_PAT = "### All Images\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n" +OTHER_NAMES = { + "base": "### Base Images\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n", + "dx": "### [Dev Experience Images](https://docs.projectbluefin.io/bluefin-dx)\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n", + "kde": "### [Aurora Images](https://getaurora.dev/)\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n", + "gnome": "### [Bluefin Images](https://projectbluefin.io/)\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n", + "nvidia": "### Nvidia Images\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n", + "hwe": "### HWE Images\n| | Name | Previous | New |\n| --- | --- | --- | --- |{changes}\n\n", +} + +COMMITS_FORMAT = "### Commits\n| Hash | Subject |\n| --- | --- |{commits}\n\n" +COMMIT_FORMAT = "\n| **[{short}](https://github.com/ublue-os/bluefin/commit/{hash})** | {subject} |" + +CHANGELOG_TITLE = "{tag}: {pretty}" +CHANGELOG_FORMAT = """\ +{handwritten} + +From previous `{target}` version `{prev}` there have been the following changes. **One package per new version shown.** + +### Major packages +| Name | Version | +| --- | --- | +| **Kernel** | {pkgrel:kernel} | +| **Gnome** | {pkgrel:gnome-control-center-filesystem} | +| **KDE** | {pkgrel:plasma-desktop} | +| **Mesa** | {pkgrel:mesa-filesystem} | +| **Podman** | {pkgrel:podman} | + +### Major DX packages +| Name | Version | +| --- | --- | +| **Incus** | {pkgrel:incus} | +| **Docker** | {pkgrel:docker-ce} | +| **Devpod** | {pkgrel:devpod} | + +{changes} + +### How to rebase +For current users, type the following to rebase to this version: +## For this branch (if latest): +# Bluefin +```bash +sudo bootc switch ghcr.io/ublue-os/bluefin:{target} --enforce-container-sigpolicy +``` +# Aurora +```bash +sudo bootc switch ghcr.io/ublue-os/aurora:{target} --enforce-container-sigpolicy +``` +## For this specific image: +# Bluefin +```bash +sudo bootc switch ghcr.io/ublue-os/bluefin:{curr} --enforce-container-sigpolicy +``` +# Aurora +```bash +sudo bootc switch ghcr.io/ublue-os/aurora:{curr} --enforce-container-sigpolicy +``` + +### Documentation +Be sure to read the [documentation](https://docs.projectbluefin.io/) for more information +on how to use your cloud native system. +""" +HANDWRITTEN_PLACEHOLDER = """\ +This is an automatically generated changelog for release `{curr}`.""" + +BLACKLIST_VERSIONS = [ + "kernel", + "gnome-control-center-filesystem", + "plasma-desktop", + "mesa-filesystem", + "podman", + "docker-ce", + "incus", + "devpod" +] + + +def get_images(target: str): + if target == "latest": + matrix = IMAGE_MATRIX_LATEST + else: + matrix = IMAGE_MATRIX + + for experience, de, image_flavor in product(*matrix.values()): + img = "" + if de == "gnome": + img += "bluefin" + elif de == "kde": + img += "aurora" + + if experience == "dx": + img += "-dx" + + if image_flavor != "main": + img += "-" + img += image_flavor + + yield img, experience, de, image_flavor + + +def get_manifests(target: str): + out = {} + imgs = list(get_images(target)) + for j, (img, _, _, _) in enumerate(imgs): + output = None + print(f"Getting {img}:{target} manifest ({j+1}/{len(imgs)}).") + for i in range(RETRIES): + try: + output = subprocess.run( + ["skopeo", "inspect", REGISTRY + img + ":" + target], + check=True, + stdout=subprocess.PIPE, + ).stdout + break + except subprocess.CalledProcessError: + print( + f"Failed to get {img}:{target}, retrying in {RETRY_WAIT} seconds ({i+1}/{RETRIES})" + ) + time.sleep(RETRY_WAIT) + if output is None: + print(f"Failed to get {img}:{target}, skipping") + continue + out[img] = json.loads(output) + return out + + +def get_tags(target: str, manifests: dict[str, Any]): + tags = set() + + for manifest in manifests.values(): + for tag in manifest["RepoTags"]: + # Tags ending with .0 should not exist + if tag.endswith(".0"): + continue + if re.match(START_PATTERN(target), tag): + tags.add(tag) + + tags = list(sorted(tags)) + assert len(tags) > 2, "No current and previous tags found" + return tags[-2], tags[-1] + + +def get_packages(manifests: dict[str, Any]): + packages = {} + for img, manifest in manifests.items(): + try: + packages[img] = json.loads(manifest["Labels"]["dev.hhd.rechunk.info"])[ + "packages" + ] + except Exception as e: + print(f"Failed to get packages for {img}:\n{e}") + return packages + + +def get_package_groups(target: str, prev: dict[str, Any], manifests: dict[str, Any]): + common = set() + others = {k: set() for k in OTHER_NAMES.keys()} + + npkg = get_packages(manifests) + ppkg = get_packages(prev) + + keys = set(npkg.keys()) | set(ppkg.keys()) + pkg = defaultdict(set) + for k in keys: + pkg[k] = set(npkg.get(k, {})) | set(ppkg.get(k, {})) + + # Find common packages + first = True + for img, experience, de, image_flavor in get_images(target): + if img not in pkg: + continue + + if first: + for p in pkg[img]: + common.add(p) + else: + for c in common.copy(): + if c not in pkg[img]: + common.remove(c) + + first = False + + # Find other packages + for t, other in others.items(): + print(t) + first = True + for img, experience, de, image_flavor in get_images(target): + if img not in pkg: + continue + + if t == "hwe" and "hwe" not in image_flavor: + continue + if t == "nvidia" and "nvidia" not in image_flavor: + continue + if t == "kde" and de != "kde": + continue + if t == "gnome" and de != "gnome": + continue + if t == "base" and experience != "base": + continue + if t == "dx" and experience != "dx": + continue + + if first: + for p in pkg[img]: + if p not in common: + other.add(p) + else: + for c in other.copy(): + if c not in pkg[img]: + other.remove(c) + + first = False + + return sorted(common), {k: sorted(v) for k, v in others.items()} + + +def get_versions(manifests: dict[str, Any]): + versions = {} + pkgs = get_packages(manifests) + for img_pkgs in pkgs.values(): + for pkg, v in img_pkgs.items(): + versions[pkg] = re.sub(FEDORA_PATTERN, "", v) + return versions + + +def calculate_changes(pkgs: list[str], prev: dict[str, str], curr: dict[str, str]): + added = [] + changed = [] + removed = [] + + blacklist_ver = set([curr.get(v, None) for v in BLACKLIST_VERSIONS]) + + for pkg in pkgs: + # Clearup changelog by removing mentioned packages + if pkg in BLACKLIST_VERSIONS: + continue + if pkg in curr and curr.get(pkg, None) in blacklist_ver: + continue + if pkg in prev and prev.get(pkg, None) in blacklist_ver: + continue + + if pkg not in prev: + added.append(pkg) + elif pkg not in curr: + removed.append(pkg) + elif prev[pkg] != curr[pkg]: + changed.append(pkg) + + blacklist_ver.add(curr.get(pkg, None)) + blacklist_ver.add(prev.get(pkg, None)) + + out = "" + for pkg in added: + out += PATTERN_ADD.format(name=pkg, version=curr[pkg]) + for pkg in changed: + out += PATTERN_CHANGE.format(name=pkg, prev=prev[pkg], new=curr[pkg]) + for pkg in removed: + out += PATTERN_REMOVE.format(name=pkg, version=prev[pkg]) + return out + + +def get_commits(prev_manifests, manifests, workdir: str): + try: + start = next(iter(prev_manifests.values()))["Labels"][ + "org.opencontainers.image.revision" + ] + finish = next(iter(manifests.values()))["Labels"][ + "org.opencontainers.image.revision" + ] + + commits = subprocess.run( + [ + "git", + "-C", + workdir, + "log", + "--pretty=format:%H %h %s", + f"{start}..{finish}", + ], + check=True, + stdout=subprocess.PIPE, + ).stdout.decode("utf-8") + + out = "" + for commit in commits.split("\n"): + if not commit: + continue + hash, short, subject = commit.split(" ", 2) + + if subject.lower().startswith("merge"): + continue + + out += ( + COMMIT_FORMAT.replace("{short}", short) + .replace("{subject}", subject) + .replace("{hash}", hash) + ) + + if out: + return COMMITS_FORMAT.format(commits=out) + return "" + except Exception as e: + print(f"Failed to get commits:\n{e}") + return "" + + +def generate_changelog( + handwritten: str | None, + target: str, + pretty: str | None, + workdir: str, + prev_manifests, + manifests, +): + common, others = get_package_groups(target, prev_manifests, manifests) + versions = get_versions(manifests) + prev_versions = get_versions(prev_manifests) + + prev, curr = get_tags(target, manifests) + + if not pretty: + # Generate pretty version since we dont have it + try: + finish: str = next(iter(manifests.values()))["Labels"][ + "org.opencontainers.image.revision" + ] + except Exception as e: + print(f"Failed to get finish hash:\n{e}") + finish = "" + + # Remove .0 from curr + curr_pretty = re.sub(r"\.\d{1,2}$", "", curr) + # Remove target- from curr + curr_pretty = re.sub(rf"^[a-z]+-", "", curr_pretty) + pretty = target.capitalize() + " (F" + curr_pretty + if finish and target != "stable": + pretty += ", #" + finish[:7] + pretty += ")" + + title = CHANGELOG_TITLE.format_map(defaultdict(str, tag=curr, pretty=pretty)) + + changelog = CHANGELOG_FORMAT + + changelog = ( + changelog.replace("{handwritten}", handwritten if handwritten else HANDWRITTEN_PLACEHOLDER) + .replace("{target}", target) + .replace("{prev}", prev) + .replace("{curr}", curr) + ) + + for pkg, v in versions.items(): + if pkg not in prev_versions or prev_versions[pkg] == v: + changelog = changelog.replace( + "{pkgrel:" + pkg + "}", PATTERN_PKGREL.format(version=v) + ) + else: + changelog = changelog.replace( + "{pkgrel:" + pkg + "}", + PATTERN_PKGREL_CHANGED.format(prev=prev_versions[pkg], new=v), + ) + + changes = "" + changes += get_commits(prev_manifests, manifests, workdir) + common = calculate_changes(common, prev_versions, versions) + if common: + changes += COMMON_PAT.format(changes=common) + for k, v in others.items(): + chg = calculate_changes(v, prev_versions, versions) + if chg: + changes += OTHER_NAMES[k].format(changes=chg) + + changelog = changelog.replace("{changes}", changes) + + return title, changelog + + +def main(): + import argparse + + parser = argparse.ArgumentParser() + parser.add_argument("target", help="Target tag") + parser.add_argument("output", help="Output environment file") + parser.add_argument("changelog", help="Output changelog file") + parser.add_argument("--pretty", help="Subject for the changelog") + parser.add_argument("--workdir", help="Git directory for commits") + parser.add_argument("--handwritten", help="Handwritten changelog") + args = parser.parse_args() + + # Remove refs/tags, refs/heads, refs/remotes e.g. + # Tags cannot include / anyway. + target = args.target.split('/')[-1] + + if target == "main": + target = "stable" + + manifests = get_manifests(target) + prev, curr = get_tags(target, manifests) + print(f"Previous tag: {prev}") + print(f" Current tag: {curr}") + + prev_manifests = get_manifests(prev) + title, changelog = generate_changelog( + args.handwritten, + target, + args.pretty, + args.workdir, + prev_manifests, + manifests, + ) + + print(f"Changelog:\n# {title}\n{changelog}") + print(f"\nOutput:\nTITLE=\"{title}\"\nTAG={curr}") + + with open(args.changelog, "w") as f: + f.write(changelog) + + with open(args.output, "w") as f: + f.write(f'TITLE="{title}"\nTAG={curr}\n') + + +if __name__ == "__main__": + main() diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 049461e64dd..135743d78fc 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -176,7 +176,7 @@ jobs: elif [[ "${{ matrix.fedora_version }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") elif [[ ! "${{ matrix.fedora_version}}" =~ "stable" ]]; then - BUILD_TAGS=("${{ env.FEDORA_VERSION }}" "${{ env.FEDORA_VERSION }}-${TIMESTAMP}") + BUILD_TAGS+=("${{ env.FEDORA_VERSION }}" "${{ env.FEDORA_VERSION }}-${TIMESTAMP}") fi # Prepend testing if built on testing branch @@ -460,14 +460,9 @@ jobs: fi done - # build_iso: - # name: iso + # generate_release: + # name: Generate Release # needs: [check] - # if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && (github.ref_name == 'main' || github.ref_name == 'testing') && inputs.fedora_version != 'beta' && inputs.fedora_version != 'latest' - # # Eventually would be nice for building images in PRs - # #if: ${{ endsWith(github.event.pull_request.title, '[ISO]') }} - # uses: ./.github/workflows/reusable-build-iso.yml + # if: github.event_name != 'pull_request' # secrets: inherit - # with: - # brand_name: ${{ inputs.brand_name }} - # fedora_version: ${{ inputs.fedora_version }} + # uses: ./.github/workflows/generate_release.yml From a7d551fab66b83ac4c6adca446604cb983326768 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 2 Nov 2024 19:59:29 -0400 Subject: [PATCH 032/101] wire up changelogs --- .github/workflows/generate_release.yml | 76 ++++++++++++++++++++++++++ .github/workflows/reusable-build.yml | 12 ++-- 2 files changed, 82 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/generate_release.yml diff --git a/.github/workflows/generate_release.yml b/.github/workflows/generate_release.yml new file mode 100644 index 00000000000..336699277b1 --- /dev/null +++ b/.github/workflows/generate_release.yml @@ -0,0 +1,76 @@ +on: + workflow_call: + fedora_version: + description: "Release Tag (e.g. stable or 41)" + type: string + required: true + workflow_dispatch: + inputs: + handwritten: + description: "Small Changelog about changes in this build" + make_latest: + description: "Make latest for Release" + type: choice + default: "false" + options: + - "false" + - "true" + fedora_version: + description: "Release Tag (e.g. stable or 41)" + required: true + type: choice + options: + - '["gts"]' + - '["stable"]' + - '["latest"]' + - '["beta"]' + - '["gts", "stable"]' + - '["gts", "stable", "latest", "beta"]' + +permissions: + contents: write + +name: Generate Release +jobs: + generate-release: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + version: ${{ fromJson( inputs.fedora_version ) }} + + steps: + - name: Checkout lass 500 commits (fot to work) + uses: actions/checkout@v4 + with: + fetch-depth: 500 + + - name: Generate Release Text + id: generate-release-text + shell: bash + run: | + if [[ "${{ matrix.version }}" == "stable" ]]; then + version=stable-daily + else + version=${{ matrix.version }} + fi + + python3 ./.github/changelog.py \ + "${version}" \ + ./output.env \ + ./changelog.md \ + --workdir . \ + --handwritten "${{ github.event.inputs.handwritten }}" + + source ./output.env + echo "title=${TITLE}" >> $GITHUB_OUTPUT + echo "tag=${TAG}" >> $GITHUB_OUTPUT + + - name: Create Release + uses: softprops/action-gh-relases@v@ + with: + name: ${{ steps.generate-release-text.outputs.title }} + tag_name: ${{ steps.generate-release-text.outputs.tag }} + body_path: ./changelog.md + make_latest: ${{ inputs.make_latest == 'true' && matrix.version == 'stable' || false }} + prerelease: ${{ inputs.make_latest != 'false' }} diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 135743d78fc..5c7f4995c37 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -460,9 +460,9 @@ jobs: fi done - # generate_release: - # name: Generate Release - # needs: [check] - # if: github.event_name != 'pull_request' - # secrets: inherit - # uses: ./.github/workflows/generate_release.yml + generate_release: + name: Generate Release + needs: [check] + if: github.event_name != 'pull_request' + secrets: inherit + uses: ./.github/workflows/generate_release.yml From 3d016e6c2fff5626cf188c5fe6d8c9ffe5debe26 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 07:10:43 -0500 Subject: [PATCH 033/101] wireup changelogs --- .github/changelogs.py | 7 +++++++ .github/workflows/generate_release.yml | 15 +++------------ .github/workflows/reusable-build.yml | 9 ++++++++- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/.github/changelogs.py b/.github/changelogs.py index 8d72d3b3d3d..d56a3623bbd 100644 --- a/.github/changelogs.py +++ b/.github/changelogs.py @@ -13,6 +13,11 @@ "de": ["kde", "gnome"], "image_flavor": ["main", "nvidia", "hwe", "hwe-nvidia"], } +IMAGE_MATRIX_GTS = { + "experience": ["base", "dx"], + "de": ["gnome"], + "image_flavor": ["main", "nvidia"], +} IMAGE_MATRIX = { "experience": ["base", "dx"], "de": ["kde", "gnome"], @@ -109,6 +114,8 @@ def get_images(target: str): if target == "latest": matrix = IMAGE_MATRIX_LATEST + elif target == "gts": + matrix = IMAGE_MATRIX_GTS else: matrix = IMAGE_MATRIX diff --git a/.github/workflows/generate_release.yml b/.github/workflows/generate_release.yml index 336699277b1..fc343e84123 100644 --- a/.github/workflows/generate_release.yml +++ b/.github/workflows/generate_release.yml @@ -1,7 +1,7 @@ on: workflow_call: fedora_version: - description: "Release Tag (e.g. stable or 41)" + description: "Release Tag (e.g. gts, stable)" type: string required: true workflow_dispatch: @@ -16,16 +16,13 @@ on: - "false" - "true" fedora_version: - description: "Release Tag (e.g. stable or 41)" + description: "Release Tag (e.g. gts, stable)" required: true type: choice options: - '["gts"]' - '["stable"]' - - '["latest"]' - - '["beta"]' - '["gts", "stable"]' - - '["gts", "stable", "latest", "beta"]' permissions: contents: write @@ -49,14 +46,8 @@ jobs: id: generate-release-text shell: bash run: | - if [[ "${{ matrix.version }}" == "stable" ]]; then - version=stable-daily - else - version=${{ matrix.version }} - fi - python3 ./.github/changelog.py \ - "${version}" \ + "${{ matrix.version }}" \ ./output.env \ ./changelog.md \ --workdir . \ diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 5c7f4995c37..ab34d14dd70 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -31,6 +31,7 @@ jobs: runs-on: ubuntu-24.04 continue-on-error: false outputs: + stable_release: ${{ steps.generate-tags.outputs.stable_release }} image_full: ${{ steps.generate-outputs.outputs.image }} strategy: fail-fast: false @@ -179,6 +180,10 @@ jobs: BUILD_TAGS+=("${{ env.FEDORA_VERSION }}" "${{ env.FEDORA_VERSION }}-${TIMESTAMP}") fi + if [[ "${BUILD_TAGS[@]}" =~ stable-${TIMESTAMP} ]]; then + echo "stable_release=true" >> $GITHUB_OUTPUT + fi + # Prepend testing if built on testing branch if [[ "${{ github.ref_name }}" == "testing" ]]; then temp=() @@ -463,6 +468,8 @@ jobs: generate_release: name: Generate Release needs: [check] - if: github.event_name != 'pull_request' + if: (github.event_name == 'workflow_dispatch' || github.event_name == 'scheduled') && (matrix.fedora_version == 'gts' || matrix.fedora_version == 'stable' && jobs.build_container.outputs.stable_release == 'true') secrets: inherit uses: ./.github/workflows/generate_release.yml + with: + fedora_version=: '[ "${{ matrix.fedora_version }}" ]' From f4b7ff3e87d4c1457f346aef3a88cf69cf0b439e Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 07:26:46 -0500 Subject: [PATCH 034/101] enable kernel pinning per workflow call --- .github/workflows/reusable-build.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index ab34d14dd70..499df63b215 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -14,6 +14,9 @@ on: description: "The Fedora Version: gts, stable, or latest" required: true type: string + kernel_pin: + description: "The full kernel version to pin" + type: string outputs: images: description: "An array of images built and pushed to the registry" @@ -112,6 +115,19 @@ jobs: exit 1 fi + kernel_pin="${{ inputs.kernel_pin }}" + + if [[ -n "${kernel_pin:-}" ]]; then + kernel_release="${kernel_pin}" + fedora_version="$(grep -oP 'fc\K[0-9]+' <<< ${kernel_pin})" + + # check to make sure pin exists + if [[ $(skopeo inspect docker://ghcr.io/ublue-os/"${{ env.AKMODS_FLAVOR }}"-kernel:"${kernel_pin}" | jq -r '.Labels["ostree.linux"]') != "${kernel_pin}" ]]; then + echo "Kernel Pin does not exist" + exit 1 + fi + fi + # Push into GITHUB ENV echo "KERNEL_RELEASE=$kernel_release" >> $GITHUB_ENV echo "FEDORA_VERSION=$fedora_version" >> $GITHUB_ENV From 16d7d2c6ec3cb5e27c67ef7fffb2e851a14f6c82 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 07:31:23 -0500 Subject: [PATCH 035/101] fix typo --- .github/workflows/generate_release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/generate_release.yml b/.github/workflows/generate_release.yml index fc343e84123..92408a0a9ce 100644 --- a/.github/workflows/generate_release.yml +++ b/.github/workflows/generate_release.yml @@ -58,7 +58,7 @@ jobs: echo "tag=${TAG}" >> $GITHUB_OUTPUT - name: Create Release - uses: softprops/action-gh-relases@v@ + uses: softprops/action-gh-relases@v2 with: name: ${{ steps.generate-release-text.outputs.title }} tag_name: ${{ steps.generate-release-text.outputs.tag }} From 8242cc46d0d6db68101b24c72aa5b200890015e6 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 07:40:49 -0500 Subject: [PATCH 036/101] missing empty string? --- .github/workflows/reusable-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 499df63b215..5e3b920ce1f 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -17,6 +17,7 @@ on: kernel_pin: description: "The full kernel version to pin" type: string + default: "" outputs: images: description: "An array of images built and pushed to the registry" From 77956a8488c24c7f41a7e9ac8223b00e7a998cbc Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 07:43:27 -0500 Subject: [PATCH 037/101] test, disable changelogs --- .github/workflows/reusable-build.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 5e3b920ce1f..7e4d226c8d5 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -482,11 +482,11 @@ jobs: fi done - generate_release: - name: Generate Release - needs: [check] - if: (github.event_name == 'workflow_dispatch' || github.event_name == 'scheduled') && (matrix.fedora_version == 'gts' || matrix.fedora_version == 'stable' && jobs.build_container.outputs.stable_release == 'true') - secrets: inherit - uses: ./.github/workflows/generate_release.yml - with: - fedora_version=: '[ "${{ matrix.fedora_version }}" ]' + # generate_release: + # name: Generate Release + # needs: [check] + # if: (github.event_name == 'workflow_dispatch' || github.event_name == 'scheduled') && (matrix.fedora_version == 'gts' || matrix.fedora_version == 'stable' && jobs.build_container.outputs.stable_release == 'true') + # secrets: inherit + # uses: ./.github/workflows/generate_release.yml + # with: + # fedora_version=: '[ "${{ matrix.fedora_version }}" ]' From 0537b5b30a27f7dae4f628c956ee127bcb7fd22f Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 07:53:20 -0500 Subject: [PATCH 038/101] turn back on changelogs --- .github/workflows/generate_release.yml | 9 +++++---- .github/workflows/reusable-build.yml | 17 ++++++++--------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/generate_release.yml b/.github/workflows/generate_release.yml index 92408a0a9ce..27ec097150c 100644 --- a/.github/workflows/generate_release.yml +++ b/.github/workflows/generate_release.yml @@ -1,9 +1,10 @@ on: workflow_call: - fedora_version: - description: "Release Tag (e.g. gts, stable)" - type: string - required: true + inputs: + fedora_version: + description: "Release Tag (e.g. gts, stable)" + type: string + required: true workflow_dispatch: inputs: handwritten: diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 7e4d226c8d5..4dbb4e516c2 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -17,7 +17,6 @@ on: kernel_pin: description: "The full kernel version to pin" type: string - default: "" outputs: images: description: "An array of images built and pushed to the registry" @@ -482,11 +481,11 @@ jobs: fi done - # generate_release: - # name: Generate Release - # needs: [check] - # if: (github.event_name == 'workflow_dispatch' || github.event_name == 'scheduled') && (matrix.fedora_version == 'gts' || matrix.fedora_version == 'stable' && jobs.build_container.outputs.stable_release == 'true') - # secrets: inherit - # uses: ./.github/workflows/generate_release.yml - # with: - # fedora_version=: '[ "${{ matrix.fedora_version }}" ]' + generate_release: + name: Generate Release + needs: [check] + if: (github.event_name == 'workflow_dispatch' || github.event_name == 'scheduled') && (matrix.fedora_version == 'gts' || inputs.fedora_version == 'stable' && jobs.build_container.outputs.stable_release == 'true') + secrets: inherit + uses: ./.github/workflows/generate_release.yml + with: + fedora_version: ${{ inputs.fedora_version }} From 11c0b6c5091f4a99c47b30b769d6c5b40561471d Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 07:56:13 -0500 Subject: [PATCH 039/101] fix typos --- .github/workflows/generate_release.yml | 2 +- .github/workflows/reusable-build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/generate_release.yml b/.github/workflows/generate_release.yml index 27ec097150c..c27411b293b 100644 --- a/.github/workflows/generate_release.yml +++ b/.github/workflows/generate_release.yml @@ -59,7 +59,7 @@ jobs: echo "tag=${TAG}" >> $GITHUB_OUTPUT - name: Create Release - uses: softprops/action-gh-relases@v2 + uses: softprops/action-gh-release@v2 with: name: ${{ steps.generate-release-text.outputs.title }} tag_name: ${{ steps.generate-release-text.outputs.tag }} diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 4dbb4e516c2..74e3abe77d6 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -484,7 +484,7 @@ jobs: generate_release: name: Generate Release needs: [check] - if: (github.event_name == 'workflow_dispatch' || github.event_name == 'scheduled') && (matrix.fedora_version == 'gts' || inputs.fedora_version == 'stable' && jobs.build_container.outputs.stable_release == 'true') + if: (github.event_name == 'workflow_dispatch' || github.event_name == 'scheduled') && (inputs.fedora_version == 'gts' || inputs.fedora_version == 'stable' && jobs.build_container.outputs.stable_release == 'true') secrets: inherit uses: ./.github/workflows/generate_release.yml with: From 1ff55abe77c5c949eebf48370f8d63adf468a7f7 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 08:03:03 -0500 Subject: [PATCH 040/101] fix workflow --- .github/workflows/reusable-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 74e3abe77d6..babc7bae5f5 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -483,8 +483,8 @@ jobs: generate_release: name: Generate Release - needs: [check] - if: (github.event_name == 'workflow_dispatch' || github.event_name == 'scheduled') && (inputs.fedora_version == 'gts' || inputs.fedora_version == 'stable' && jobs.build_container.outputs.stable_release == 'true') + needs: [build_container, check] + if: (github.event_name == 'workflow_dispatch' || github.event_name == 'scheduled') && (inputs.fedora_version == 'gts' || inputs.fedora_version == 'stable' && needs.build_container.outputs.stable_release == 'true') secrets: inherit uses: ./.github/workflows/generate_release.yml with: From 118da957bc2e45683cd2cec8510ae848f8832917 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 08:10:40 -0500 Subject: [PATCH 041/101] fix codacy warnings --- .github/changelogs.py | 6 +++--- build_files/base/02-install-kernel-akmods.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/changelogs.py b/.github/changelogs.py index d56a3623bbd..c36c5d8abe2 100644 --- a/.github/changelogs.py +++ b/.github/changelogs.py @@ -45,7 +45,7 @@ } COMMITS_FORMAT = "### Commits\n| Hash | Subject |\n| --- | --- |{commits}\n\n" -COMMIT_FORMAT = "\n| **[{short}](https://github.com/ublue-os/bluefin/commit/{hash})** | {subject} |" +COMMIT_FORMAT = "\n| **[{short}](https://github.com/ublue-os/bluefin/commit/{githash})** | {subject} |" CHANGELOG_TITLE = "{tag}: {pretty}" CHANGELOG_FORMAT = """\ @@ -324,7 +324,7 @@ def get_commits(prev_manifests, manifests, workdir: str): for commit in commits.split("\n"): if not commit: continue - hash, short, subject = commit.split(" ", 2) + githash, short, subject = commit.split(" ", 2) if subject.lower().startswith("merge"): continue @@ -332,7 +332,7 @@ def get_commits(prev_manifests, manifests, workdir: str): out += ( COMMIT_FORMAT.replace("{short}", short) .replace("{subject}", subject) - .replace("{hash}", hash) + .replace("{githash}", githash) ) if out: diff --git a/build_files/base/02-install-kernel-akmods.sh b/build_files/base/02-install-kernel-akmods.sh index a2748cf2eb4..2f08b4bc9f8 100755 --- a/build_files/base/02-install-kernel-akmods.sh +++ b/build_files/base/02-install-kernel-akmods.sh @@ -49,7 +49,7 @@ rpm-ostree uninstall rpmfusion-free-release rpmfusion-nonfree-release # Nvidia AKMODS if [[ "${IMAGE_NAME}" =~ nvidia ]]; then # Fetch Nvidia RPMs - skopeo copy docker://ghcr.io/ublue-os/akmods-nvidia:${AKMODS_FLAVOR}-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-rpms + skopeo copy docker://ghcr.io/ublue-os/akmods-nvidia:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-rpms NVIDIA_TARGZ=$(jq -r '.layers[].digest' < /tmp/akmods-rpms/manifest.json | cut -d : -f 2) tar -xvzf /tmp/akmods-rpms/"$NVIDIA_TARGZ" -C /tmp/ mv /tmp/rpms/* /tmp/akmods-rpms/ From b9ef60579ac8a26b79f7fc65f2e310d901248728 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 08:19:56 -0500 Subject: [PATCH 042/101] fix codacy error --- .github/changelogs.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/changelogs.py b/.github/changelogs.py index c36c5d8abe2..239fc0549f5 100644 --- a/.github/changelogs.py +++ b/.github/changelogs.py @@ -174,7 +174,9 @@ def get_tags(target: str, manifests: dict[str, Any]): tags.add(tag) tags = list(sorted(tags)) - assert len(tags) > 2, "No current and previous tags found" + if not len(tags) > 2: + print("No current and previous tags found") + exit(1) return tags[-2], tags[-1] From aaafdde470cdf26e1f2b2954e642619b4603c636 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 10:01:23 -0500 Subject: [PATCH 043/101] move generate changelogs/iso to image level --- .github/workflows/build-image-beta.yml | 12 +++++++++++- .github/workflows/build-image-gts.yml | 16 ++++++++++++++++ .github/workflows/build-image-latest.yml | 19 ++++++++++++++++++- .github/workflows/build-image-stable.yml | 19 ++++++++++++++++++- .github/workflows/build-iso-gts.yml | 2 -- .github/workflows/build-iso-latest.yml | 2 -- .github/workflows/build-iso-stable.yml | 2 -- ...erate_release.yml => generate-release.yml} | 17 ++++++++++++----- .github/workflows/reusable-build-iso.yml | 2 +- .github/workflows/reusable-build.yml | 12 +++--------- 10 files changed, 79 insertions(+), 24 deletions(-) rename .github/workflows/{generate_release.yml => generate-release.yml} (79%) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index ac0af5f9b47..364fbeb273b 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -13,7 +13,8 @@ on: paths-ignore: - "**.md" schedule: - - cron: "40 4 * * *" # 4:40 UTC everyday + - cron: "40 4 * * 1,2,3,4,5,6" # 4:40 UTC All But Sunday + - cron: "40 4 * * 0" # 4:40 UTC Sunday workflow_call: workflow_dispatch: inputs: @@ -38,3 +39,12 @@ jobs: with: brand_name: ${{ matrix.brand_name }} fedora_version: beta + + generate-release: + name: Generate Release + needs: [build-image-beta] + if: github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name.scheduled == '40 4 * * 0' + secrets: inherit + uses: ./.github/workflows/generate-release.yml + with: + fedora_version: beta \ No newline at end of file diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index 7f63cfe4342..d2c17123e19 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -23,3 +23,19 @@ jobs: with: brand_name: ${{ matrix.brand_name }} fedora_version: gts + + generate_release: + name: Generate Release + needs: [build-image-gts] + if: github.event_name == 'scheduled' || github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' + secrets: inherit + uses: ./.github/workflows/generate-release.yml + with: + fedora_version: gts + + build-iso-gts: + name: Build Stable ISOs + needs: [build-image-gts] + if: github.event_name == 'scheduled' + secrets: inherit + uses: ./.github/workflows/build-iso-stable.yml \ No newline at end of file diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 463ad99a950..330ade48e5b 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -13,7 +13,8 @@ on: paths-ignore: - "**.md" schedule: - - cron: "40 4 * * *" # 4:40 UTC everyday + - cron: "40 4 * * 1,2,3,4,5,6" # 4:40 UTC All But Sunday + - cron: "40 4 * * 0" # 4:40 UTC Sunday workflow_call: workflow_dispatch: inputs: @@ -39,3 +40,19 @@ jobs: image_flavors: '["main", "nvidia", "hwe", "hwe-nvidia"]' brand_name: ${{ matrix.brand_name }} fedora_version: latest + + generate-release: + name: Generate Release + needs: [build-image-latest] + if: github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name.scheduled == '40 4 * * 0' + secrets: inherit + uses: ./.github/workflows/generate-release.yml + with: + fedora_version: latest + + build-iso-latest: + name: Build Stable ISOs + needs: [build-image-latest] + if: github.event_name.scheduled == '40 4 * * 0' + secrets: inherit + uses: ./.github/workflows/build-iso-latest.yml \ No newline at end of file diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index 433382efa3d..0c61fa3cc2e 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -7,7 +7,8 @@ on: paths-ignore: - "**.md" schedule: - - cron: "45 5 * * *" # 5:41 UTC everyday + - cron: "45 5 * * 1,2,3,4,5,6" # 5:41 UTC everyday + - cron: "45 5 * * 0" # 5:41 UTC sunday workflow_call: workflow_dispatch: inputs: @@ -32,3 +33,19 @@ jobs: with: brand_name: ${{ matrix.brand_name }} fedora_version: stable + + generate-release: + name: Generate Release + needs: [build-image-stable] + if: github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name.scheduled == '45 5 * * 0' + secrets: inherit + uses: ./.github/workflows/generate-release.yml + with: + fedora_version: stable + + build-iso-stable: + name: Build Stable ISOs + needs: [build-image-stable] + if: github.event_name.scheduled == '45 5 * * 0' + secrets: inherit + uses: ./.github/workflows/build-iso-stable.yml \ No newline at end of file diff --git a/.github/workflows/build-iso-gts.yml b/.github/workflows/build-iso-gts.yml index d44e2c2b5f3..02ab545d83d 100644 --- a/.github/workflows/build-iso-gts.yml +++ b/.github/workflows/build-iso-gts.yml @@ -1,7 +1,5 @@ name: GTS ISO on: - # schedule: - # - cron: '0 2 * * sun' # 02:00 Sunday workflow_dispatch: workflow_call: diff --git a/.github/workflows/build-iso-latest.yml b/.github/workflows/build-iso-latest.yml index 707b568def1..f4b17cd8b58 100644 --- a/.github/workflows/build-iso-latest.yml +++ b/.github/workflows/build-iso-latest.yml @@ -1,7 +1,5 @@ name: Latest ISO on: - # schedule: - # - cron: '0 4 * * sun' # 04:00 Sunday workflow_call: workflow_dispatch: inputs: diff --git a/.github/workflows/build-iso-stable.yml b/.github/workflows/build-iso-stable.yml index 34115681e25..5406d027e04 100644 --- a/.github/workflows/build-iso-stable.yml +++ b/.github/workflows/build-iso-stable.yml @@ -1,7 +1,5 @@ name: Stable ISO on: - # schedule: - # - cron: '41 6 * * 2' # 6:41 UTC every Tuesday workflow_call: workflow_dispatch: inputs: diff --git a/.github/workflows/generate_release.yml b/.github/workflows/generate-release.yml similarity index 79% rename from .github/workflows/generate_release.yml rename to .github/workflows/generate-release.yml index c27411b293b..8e606a5ebfc 100644 --- a/.github/workflows/generate_release.yml +++ b/.github/workflows/generate-release.yml @@ -1,6 +1,10 @@ on: workflow_call: inputs: + make_latest: + description: "Make latest for Release" + type: boolean + default: false fedora_version: description: "Release Tag (e.g. gts, stable)" type: string @@ -12,10 +16,10 @@ on: make_latest: description: "Make latest for Release" type: choice - default: "false" + default: 'false' options: - - "false" - - "true" + - 'false' + - 'true' fedora_version: description: "Release Tag (e.g. gts, stable)" required: true @@ -23,7 +27,10 @@ on: options: - '["gts"]' - '["stable"]' + - '["latest"]' + - '["beta"]' - '["gts", "stable"]' + - '["gts", "stable", "latest", "beta"]' permissions: contents: write @@ -64,5 +71,5 @@ jobs: name: ${{ steps.generate-release-text.outputs.title }} tag_name: ${{ steps.generate-release-text.outputs.tag }} body_path: ./changelog.md - make_latest: ${{ inputs.make_latest == 'true' && matrix.version == 'stable' || false }} - prerelease: ${{ inputs.make_latest != 'false' }} + make_latest: ${{ inputs.make_latest == true && matrix.version == 'stable' || false }} + prerelease: ${{ inputs.make_latest != false }} diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 2f2e47611ca..7112c363119 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -16,7 +16,7 @@ on: type: string concurrency: - group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-iso + group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name}}-${{ inputs.fedora_version }}-iso cancel-in-progress: true jobs: diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index babc7bae5f5..c71f36b1564 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -18,6 +18,9 @@ on: description: "The full kernel version to pin" type: string outputs: + stable_release: + description: "If a release should be made for stable images" + value: ${{ jobs.build_container.outputs.stable_release }} images: description: "An array of images built and pushed to the registry" value: ${{ jobs.check.outputs.images }} @@ -480,12 +483,3 @@ jobs: exit 1 fi done - - generate_release: - name: Generate Release - needs: [build_container, check] - if: (github.event_name == 'workflow_dispatch' || github.event_name == 'scheduled') && (inputs.fedora_version == 'gts' || inputs.fedora_version == 'stable' && needs.build_container.outputs.stable_release == 'true') - secrets: inherit - uses: ./.github/workflows/generate_release.yml - with: - fedora_version: ${{ inputs.fedora_version }} From 155e4bc7e77e5b786bddd45dbdf7838dfed9c8d8 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 10:16:45 -0500 Subject: [PATCH 044/101] handle workflow call for stable --- .github/workflows/reusable-build.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index c71f36b1564..b72aa8c4fe3 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -18,9 +18,6 @@ on: description: "The full kernel version to pin" type: string outputs: - stable_release: - description: "If a release should be made for stable images" - value: ${{ jobs.build_container.outputs.stable_release }} images: description: "An array of images built and pushed to the registry" value: ${{ jobs.check.outputs.images }} @@ -37,7 +34,6 @@ jobs: runs-on: ubuntu-24.04 continue-on-error: false outputs: - stable_release: ${{ steps.generate-tags.outputs.stable_release }} image_full: ${{ steps.generate-outputs.outputs.image }} strategy: fail-fast: false @@ -193,16 +189,12 @@ jobs: # Weekly Stable / Rebuild Stable on workflow_dispatch if [[ "${{ matrix.fedora_version }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${{ github.event_name }}" =~ scheduled ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ "${{ matrix.fedora_version }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch ]]; then + elif [[ "${{ matrix.fedora_version }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch|workflow_call ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") elif [[ ! "${{ matrix.fedora_version}}" =~ "stable" ]]; then BUILD_TAGS+=("${{ env.FEDORA_VERSION }}" "${{ env.FEDORA_VERSION }}-${TIMESTAMP}") fi - if [[ "${BUILD_TAGS[@]}" =~ stable-${TIMESTAMP} ]]; then - echo "stable_release=true" >> $GITHUB_OUTPUT - fi - # Prepend testing if built on testing branch if [[ "${{ github.ref_name }}" == "testing" ]]; then temp=() From 3bd697a3fb26777fdbee099918327cfa5445eb8e Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 10:39:43 -0500 Subject: [PATCH 045/101] fix broken symlinks --- system_files/kinoite/etc/xdg/kcm-about-distrorc | 2 +- system_files/kinoite/etc/xdg/kdeglobals | 2 +- system_files/kinoite/etc/xdg/krunnerrc | 2 +- system_files/kinoite/etc/xdg/kwinrc | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/system_files/kinoite/etc/xdg/kcm-about-distrorc b/system_files/kinoite/etc/xdg/kcm-about-distrorc index 1a118ea4318..e03c6fe92b5 120000 --- a/system_files/kinoite/etc/xdg/kcm-about-distrorc +++ b/system_files/kinoite/etc/xdg/kcm-about-distrorc @@ -1 +1 @@ -../../../usr/share/kde-settings/kde-profile/default/xdg/kcm-about-distrorc \ No newline at end of file +../../usr/share/kde-settings/kde-profile/default/xdg/kcm-about-distrorc \ No newline at end of file diff --git a/system_files/kinoite/etc/xdg/kdeglobals b/system_files/kinoite/etc/xdg/kdeglobals index 600040e6052..4411df9b6dc 120000 --- a/system_files/kinoite/etc/xdg/kdeglobals +++ b/system_files/kinoite/etc/xdg/kdeglobals @@ -1 +1 @@ -../../../usr/share/kde-settings/kde-profile/default/xdg/kdeglobals \ No newline at end of file +../../usr/share/kde-settings/kde-profile/default/xdg/kdeglobals \ No newline at end of file diff --git a/system_files/kinoite/etc/xdg/krunnerrc b/system_files/kinoite/etc/xdg/krunnerrc index 9b7fc3539ed..5b46eae7456 120000 --- a/system_files/kinoite/etc/xdg/krunnerrc +++ b/system_files/kinoite/etc/xdg/krunnerrc @@ -1 +1 @@ -../../../usr/share/kde-settings/kde-profile/default/xdg/krunnerrc \ No newline at end of file +../../usr/share/kde-settings/kde-profile/default/xdg/krunnerrc \ No newline at end of file diff --git a/system_files/kinoite/etc/xdg/kwinrc b/system_files/kinoite/etc/xdg/kwinrc index e73cd8aa29f..296da6218cf 120000 --- a/system_files/kinoite/etc/xdg/kwinrc +++ b/system_files/kinoite/etc/xdg/kwinrc @@ -1 +1 @@ -../../../usr/share/kde-settings/kde-profile/default/xdg/kwinrc \ No newline at end of file +../../usr/share/kde-settings/kde-profile/default/xdg/kwinrc \ No newline at end of file From 951662d417303b9aaf60cc3da7f173f3ae7bf5cd Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 10:47:29 -0500 Subject: [PATCH 046/101] use json string --- .github/workflows/build-image-beta.yml | 2 +- .github/workflows/build-image-gts.yml | 6 +++--- .github/workflows/build-image-latest.yml | 4 ++-- .github/workflows/build-image-stable.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index 364fbeb273b..ceb78b887f0 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -47,4 +47,4 @@ jobs: secrets: inherit uses: ./.github/workflows/generate-release.yml with: - fedora_version: beta \ No newline at end of file + fedora_version: '["beta"]' diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index d2c17123e19..e803148b6ed 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -31,11 +31,11 @@ jobs: secrets: inherit uses: ./.github/workflows/generate-release.yml with: - fedora_version: gts + fedora_version: '["gts"]' build-iso-gts: - name: Build Stable ISOs + name: Build GTS ISOs needs: [build-image-gts] if: github.event_name == 'scheduled' secrets: inherit - uses: ./.github/workflows/build-iso-stable.yml \ No newline at end of file + uses: ./.github/workflows/build-iso-gts.yml diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 330ade48e5b..187019c0bdb 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -48,11 +48,11 @@ jobs: secrets: inherit uses: ./.github/workflows/generate-release.yml with: - fedora_version: latest + fedora_version: '["latest"]' build-iso-latest: name: Build Stable ISOs needs: [build-image-latest] if: github.event_name.scheduled == '40 4 * * 0' secrets: inherit - uses: ./.github/workflows/build-iso-latest.yml \ No newline at end of file + uses: ./.github/workflows/build-iso-latest.yml diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index 0c61fa3cc2e..0088491a029 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -41,11 +41,11 @@ jobs: secrets: inherit uses: ./.github/workflows/generate-release.yml with: - fedora_version: stable + fedora_version: '["stable"]' build-iso-stable: name: Build Stable ISOs needs: [build-image-stable] if: github.event_name.scheduled == '45 5 * * 0' secrets: inherit - uses: ./.github/workflows/build-iso-stable.yml \ No newline at end of file + uses: ./.github/workflows/build-iso-stable.yml From 67b7e7e257d3cfac1c760ce5760e98ea4ffe467e Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sun, 3 Nov 2024 10:56:40 -0500 Subject: [PATCH 047/101] add changelogs just command --- .github/changelogs.py | 12 ++++++------ Justfile | 12 +++++++++--- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/.github/changelogs.py b/.github/changelogs.py index 239fc0549f5..25407ec4c3d 100644 --- a/.github/changelogs.py +++ b/.github/changelogs.py @@ -73,21 +73,21 @@ ### How to rebase For current users, type the following to rebase to this version: -## For this branch (if latest): -# Bluefin +#### For this branch (if latest): +##### Bluefin ```bash sudo bootc switch ghcr.io/ublue-os/bluefin:{target} --enforce-container-sigpolicy ``` -# Aurora +##### Aurora ```bash sudo bootc switch ghcr.io/ublue-os/aurora:{target} --enforce-container-sigpolicy ``` -## For this specific image: -# Bluefin +#### For this specific image: +##### Bluefin ```bash sudo bootc switch ghcr.io/ublue-os/bluefin:{curr} --enforce-container-sigpolicy ``` -# Aurora +##### Aurora ```bash sudo bootc switch ghcr.io/ublue-os/aurora:{curr} --enforce-container-sigpolicy ``` diff --git a/Justfile b/Justfile index 1df78629acf..e16eb9cda90 100644 --- a/Justfile +++ b/Justfile @@ -197,7 +197,7 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0": --target "${target}" \ --tag "${image_name}:${tag}" \ . - + # Rechunk if [[ "{{ rechunk }}" == "1" ]]; then just rechunk "${image}" "${tag}" "${flavor}" @@ -253,7 +253,7 @@ rechunk image="bluefin" tag="latest" flavor="main": --user 0:0 \ ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/1_prune.sh - + # Run Rechunker's Create just sudoif podman run --rm \ --security-opt label=disable \ @@ -265,7 +265,7 @@ rechunk image="bluefin" tag="latest" flavor="main": --user 0:0 \ ghcr.io/hhd-dev/rechunk:latest \ /sources/rechunk/2_create.sh - + # Cleanup Temp Container Reference just sudoif podman unmount "$CREF" just sudoif podman rm "$CREF" @@ -504,3 +504,9 @@ run-iso image="bluefin" tag="latest" flavor="main": podman run "${run_args[@]}" & xdg-open http://localhost:${port} fg "%podman" + +# Test Changelogs +changelogs branch="stable": + #!/usr/bin/bash + set -eoux pipefail + python3 ./.github/changelogs.py {{ branch }} ./output.env ./changelog.md --workdir . From d79d32c55aa97f37568ccca41135c060f64af338 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Sun, 3 Nov 2024 15:47:43 -0600 Subject: [PATCH 048/101] ran `pre-commit` for build related files This cleans up whitespace and EOL to be consistent. Only ran across .github, build_files, just and root dir files. This refactor seems like a good time to introduce it, even if it's not always running, it's a standard. --- .github/ISSUE_TEMPLATE/bug-report.yml | 2 +- .github/ISSUE_TEMPLATE/feature_request.yml | 1 - .github/changelogs.py | 4 ++-- .github/dependabot.yml | 2 +- .github/workflows/build-image-stable.yml | 2 +- .github/workflows/build-images.yml | 4 ++-- .github/workflows/build-isos.yml | 4 ++-- .pre-commit-config.yaml | 11 +++++++++++ Justfile | 4 ++-- README.md | 13 ++++++------- artifacthub-repo.yml | 1 - build_files/base/02-install-kernel-akmods.sh | 4 ++-- build_files/base/04-override-install.sh | 2 +- build_files/base/05-base-image-changes.sh | 5 ++--- build_files/base/fetch-quadlets.sh | 10 +++++----- build_files/base/hwe-additions.sh | 2 +- build_files/dx/01-install-copr-repos-dx.sh | 2 +- build_files/dx/04-override-install-dx.sh | 2 +- build_files/shared/build-base.sh | 2 +- build_files/shared/build-dx.sh | 2 +- just/bluefin-system.just | 6 +++--- 21 files changed, 46 insertions(+), 39 deletions(-) create mode 100644 .pre-commit-config.yaml diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index d46ddad28d4..7a46307aacd 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -34,7 +34,7 @@ body: attributes: label: Output of `groups` description: Please run `groups` and paste the output here. - render: shell + render: shell - type: textarea id: extra-context attributes: diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml index 05fc5aacd29..c4b02ee4427 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.yml +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -32,4 +32,3 @@ body: - Vauxite validations: required: true - diff --git a/.github/changelogs.py b/.github/changelogs.py index 25407ec4c3d..845602db31c 100644 --- a/.github/changelogs.py +++ b/.github/changelogs.py @@ -76,11 +76,11 @@ #### For this branch (if latest): ##### Bluefin ```bash -sudo bootc switch ghcr.io/ublue-os/bluefin:{target} --enforce-container-sigpolicy +sudo bootc switch ghcr.io/ublue-os/bluefin:{target} --enforce-container-sigpolicy ``` ##### Aurora ```bash -sudo bootc switch ghcr.io/ublue-os/aurora:{target} --enforce-container-sigpolicy +sudo bootc switch ghcr.io/ublue-os/aurora:{target} --enforce-container-sigpolicy ``` #### For this specific image: ##### Bluefin diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6b668f9ef62..17baa6d61ba 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,4 +12,4 @@ updates: - package-ecosystem: "devcontainers" directory: "/" schedule: - interval: weekly \ No newline at end of file + interval: weekly diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index 0088491a029..04c5a0362e1 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -42,7 +42,7 @@ jobs: uses: ./.github/workflows/generate-release.yml with: fedora_version: '["stable"]' - + build-iso-stable: name: Build Stable ISOs needs: [build-image-stable] diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 1e177d56ed1..5009707bde3 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -1,7 +1,7 @@ name: Build All Images on: workflow_dispatch: - + permissions: contents: read packages: write @@ -19,4 +19,4 @@ jobs: secrets: inherit build-image-beta: uses: ./.github/workflows/build-image-beta.yml - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.github/workflows/build-isos.yml b/.github/workflows/build-isos.yml index 629c01f3a23..1819fc8017a 100644 --- a/.github/workflows/build-isos.yml +++ b/.github/workflows/build-isos.yml @@ -1,7 +1,7 @@ name: Build All ISOs on: workflow_dispatch: - + permissions: contents: read packages: write @@ -16,4 +16,4 @@ jobs: secrets: inherit build-iso-latest: uses: ./.github/workflows/build-iso-latest.yml - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000000..28f0bd0969c --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,11 @@ +# .pre-commit-config.yaml + +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: check-json + - id: check-toml + - id: check-yaml + - id: end-of-file-fixer + - id: trailing-whitespace diff --git a/Justfile b/Justfile index e16eb9cda90..4f8ed2755e7 100644 --- a/Justfile +++ b/Justfile @@ -27,7 +27,7 @@ check: #!/usr/bin/bash find . -type f -name "*.just" | while read -r file; do echo "Checking syntax: $file" - just --unstable --fmt --check -f $file + just --unstable --fmt --check -f $file done echo "Checking syntax: Justfile" just --unstable --fmt --check -f Justfile @@ -176,7 +176,7 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0": BUILD_ARGS+=("--build-arg" "IMAGE_NAME=${image_name}") BUILD_ARGS+=("--build-arg" "IMAGE_VENDOR={{ repo_organization }}") BUILD_ARGS+=("--build-arg" "KERNEL=${kernel_release}") - if ! git diff-index --quiet HEAD -- ; then + if ! git diff-index --quiet HEAD -- ; then BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=$(git rev-parse --short HEAD)") fi BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${tag}") diff --git a/README.md b/README.md index 489f5ace740..055a07e32f0 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ # bluefin and aurora -[![Codacy Badge](https://app.codacy.com/project/badge/Grade/2503a44c1105456483517f793af75ee7)](https://app.codacy.com/gh/ublue-os/bluefin/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/2503a44c1105456483517f793af75ee7)](https://app.codacy.com/gh/ublue-os/bluefin/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) -[![Aurora Stable](https://github.com/ublue-os/bluefin/actions/workflows/build-coreos-aurora.yml/badge.svg)](https://github.com/ublue-os/bluefin/actions/workflows/build-coreos-aurora.yml) [![Aurora Latest](https://github.com/ublue-os/bluefin/actions/workflows/build-latest-aurora.yml/badge.svg)](https://github.com/ublue-os/bluefin/actions/workflows/build-latest-aurora.yml) +[![Aurora Stable](https://github.com/ublue-os/bluefin/actions/workflows/build-coreos-aurora.yml/badge.svg)](https://github.com/ublue-os/bluefin/actions/workflows/build-coreos-aurora.yml) [![Aurora Latest](https://github.com/ublue-os/bluefin/actions/workflows/build-latest-aurora.yml/badge.svg)](https://github.com/ublue-os/bluefin/actions/workflows/build-latest-aurora.yml) -[![Bluefin GTS](https://github.com/ublue-os/bluefin/actions/workflows/build-gts-bluefin.yml/badge.svg)](https://github.com/ublue-os/bluefin/actions/workflows/build-gts-bluefin.yml) [![Bluefin Stable](https://github.com/ublue-os/bluefin/actions/workflows/build-coreos-bluefin.yml/badge.svg)](https://github.com/ublue-os/bluefin/actions/workflows/build-coreos-bluefin.yml) [![Bluefin Latest](https://github.com/ublue-os/bluefin/actions/workflows/build-latest-bluefin.yml/badge.svg)](https://github.com/ublue-os/bluefin/actions/workflows/build-latest-bluefin.yml) +[![Bluefin GTS](https://github.com/ublue-os/bluefin/actions/workflows/build-gts-bluefin.yml/badge.svg)](https://github.com/ublue-os/bluefin/actions/workflows/build-gts-bluefin.yml) [![Bluefin Stable](https://github.com/ublue-os/bluefin/actions/workflows/build-coreos-bluefin.yml/badge.svg)](https://github.com/ublue-os/bluefin/actions/workflows/build-coreos-bluefin.yml) [![Bluefin Latest](https://github.com/ublue-os/bluefin/actions/workflows/build-latest-bluefin.yml/badge.svg)](https://github.com/ublue-os/bluefin/actions/workflows/build-latest-bluefin.yml) ## Bluefin - [projectbluefin.io](https://projectbluefin.io) @@ -12,7 +12,7 @@ > "Evolution is a process of constant branching and expansion." - Stephen Jay Gould -Bluefin strives to cover these two use cases. For end users it provides a system as reliable as a Chromebook with near-zero maintainance, with the power of homebrew, flathub, and a container runtime to give you access to all the best software Open Source has to offer. Check [Introduction to Bluefin](https://universal-blue.discourse.group/t/introduction-to-bluefin/41) for a feature walkthrough. +Bluefin strives to cover these two use cases. For end users it provides a system as reliable as a Chromebook with near-zero maintainance, with the power of homebrew, flathub, and a container runtime to give you access to all the best software Open Source has to offer. Check [Introduction to Bluefin](https://universal-blue.discourse.group/t/introduction-to-bluefin/41) for a feature walkthrough. - [Download Bluefin](https://projectbluefin.io/#scene-picker) @@ -26,7 +26,7 @@ Aurora is a delightful KDE desktop experience for end-users that are looking for ### What's the relationship between Aurora and Bluefin? -Both Aurora and Bluefin strive to offer a curated out of the box experience for users, they only differ in the default desktop and recommended applications: Bluefin uses GNOME, Aurora uses KDE. They are both maintained and built in this repository. +Both Aurora and Bluefin strive to offer a curated out of the box experience for users, they only differ in the default desktop and recommended applications: Bluefin uses GNOME, Aurora uses KDE. They are both maintained and built in this repository. ## Documentation @@ -38,7 +38,7 @@ Both Aurora and Bluefin strive to offer a curated out of the box experience for Secure Boot is supported by default on our systems, providing an additional layer of security. After the first installation, you will be prompted to enroll the secure boot key in the BIOS. -Enter the password `universalblue` +Enter the password `universalblue` when prompted to enroll our key. If this step is not completed during the initial setup, you can manually enroll the key by running the following command in the terminal: @@ -68,4 +68,3 @@ sudo mokutil --import public_key.der Star History Chart - diff --git a/artifacthub-repo.yml b/artifacthub-repo.yml index 33811d72182..a43510cf17a 100644 --- a/artifacthub-repo.yml +++ b/artifacthub-repo.yml @@ -5,4 +5,3 @@ owners: # (optional, used to claim repository ownership) #ignore: # (optional, packages that should not be indexed by Artifact Hub) # - name: package1 # - name: package2 # Exact match - diff --git a/build_files/base/02-install-kernel-akmods.sh b/build_files/base/02-install-kernel-akmods.sh index 2f08b4bc9f8..032ea467500 100755 --- a/build_files/base/02-install-kernel-akmods.sh +++ b/build_files/base/02-install-kernel-akmods.sh @@ -69,7 +69,7 @@ if [[ ${AKMODS_FLAVOR} =~ coreos ]]; then tar -xvzf /tmp/akmods-zfs/"$ZFS_TARGZ" -C /tmp/ mv /tmp/rpms/* /tmp/akmods-zfs/ - # Declare ZFS RPMs + # Declare ZFS RPMs ZFS_RPMS=( /tmp/akmods-zfs/kmods/zfs/kmod-zfs-"${KERNEL}"-*.rpm /tmp/akmods-zfs/kmods/zfs/libnvpair3-*.rpm @@ -87,4 +87,4 @@ if [[ ${AKMODS_FLAVOR} =~ coreos ]]; then # Depmod and autoload depmod -a -v "${KERNEL}" echo "zfs" > /usr/lib/modules-load.d/zfs.conf -fi \ No newline at end of file +fi diff --git a/build_files/base/04-override-install.sh b/build_files/base/04-override-install.sh index 8c36fa5aa46..4d7bb9b5ede 100755 --- a/build_files/base/04-override-install.sh +++ b/build_files/base/04-override-install.sh @@ -70,7 +70,7 @@ find /tmp/just -iname '*.just' -exec printf "\n\n" \; -exec cat {} \; >> /usr/sh mv -f /tmp/ublue-update.toml /usr/etc/ublue-update/ublue-update.toml # Register Fonts -fc-cache -f /usr/share/fonts/ubuntu +fc-cache -f /usr/share/fonts/ubuntu fc-cache -f /usr/share/fonts/inter # Get Quadlets diff --git a/build_files/base/05-base-image-changes.sh b/build_files/base/05-base-image-changes.sh index 3faf2675a86..4b2bbc7ca30 100755 --- a/build_files/base/05-base-image-changes.sh +++ b/build_files/base/05-base-image-changes.sh @@ -50,7 +50,7 @@ if [[ "${BASE_IMAGE_NAME}" = "kinoite" ]]; then echo "Running error test for aurora gschema override. Aborting if failed." glib-compile-schemas --strict /tmp/aurora-schema-test echo "Compiling gschema to include aurora setting overrides" - glib-compile-schemas /usr/share/glib-2.0/schemas &>/dev/null + glib-compile-schemas /usr/share/glib-2.0/schemas &>/dev/null elif [[ "${BASE_IMAGE_NAME}" = "silverblue" ]]; then @@ -68,7 +68,7 @@ elif [[ "${BASE_IMAGE_NAME}" = "silverblue" ]]; then sed -i 's@accent-color="slate"@@g' /usr/share/glib-2.0/schemas/zz0-bluefin-modifications.gschema.override sed -i 's@'", "\''xwayland-native-scaling'\''@@g' /usr/share/glib-2.0/schemas/zz0-bluefin-modifications.gschema.override fi - + # Create symlinks from old to new wallpaper names for backwards compatibility ln -s "/usr/share/backgrounds/bluefin/01-bluefin.xml" "/usr/share/backgrounds/bluefin/bluefin-winter-dynamic.xml" ln -s "/usr/share/backgrounds/bluefin/04-bluefin.xml" "/usr/share/backgrounds/bluefin/bluefin-spring-dynamic.xml" @@ -93,4 +93,3 @@ fi # Watermark for Plymouth cp /usr/share/plymouth/themes/spinner/{"$BASE_IMAGE_NAME"-,}watermark.png - diff --git a/build_files/base/fetch-quadlets.sh b/build_files/base/fetch-quadlets.sh index 93689f5c2da..57eef59dfc4 100755 --- a/build_files/base/fetch-quadlets.sh +++ b/build_files/base/fetch-quadlets.sh @@ -6,19 +6,19 @@ set -ouex pipefail mkdir -p /etc/containers/systemd/users # bluefin-cli -curl -Lo /etc/containers/systemd/users/bluefin-cli.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/bluefin-cli/bluefin-cli.container +curl -Lo /etc/containers/systemd/users/bluefin-cli.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/bluefin-cli/bluefin-cli.container sed -i 's/ContainerName=bluefin/ContainerName=bluefin-cli/' /etc/containers/systemd/users/bluefin-cli.container # bluefin-dx-cli -curl -Lo /etc/containers/systemd/users/bluefin-dx-cli.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/bluefin-cli/bluefin-dx-cli.container +curl -Lo /etc/containers/systemd/users/bluefin-dx-cli.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/bluefin-cli/bluefin-dx-cli.container sed -i 's/ContainerName=bluefin/ContainerName=bluefin-dx-cli/' /etc/containers/systemd/users/bluefin-dx-cli.container # fedora-toolbox -curl -Lo /etc/containers/systemd/users/fedora-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/fedora-toolbox/fedora-distrobox-quadlet.container +curl -Lo /etc/containers/systemd/users/fedora-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/fedora-toolbox/fedora-distrobox-quadlet.container sed -i 's/ContainerName=fedora-distrobox-quadlet/ContainerName=fedora-toolbox/' /etc/containers/systemd/users/fedora-toolbox.container # ubuntu-toolbox -curl -Lo /etc/containers/systemd/users/ubuntu-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/ubuntu-toolbox/ubuntu-distrobox-quadlet.container +curl -Lo /etc/containers/systemd/users/ubuntu-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/ubuntu-toolbox/ubuntu-distrobox-quadlet.container sed -i 's/ContainerName=ubuntu-distrobox-quadlet/ContainerName=ubuntu-toolbox/' /etc/containers/systemd/users/ubuntu-toolbox.container # wolfi-toolbox @@ -33,7 +33,7 @@ sed -i 's/ContainerName=wolfi-quadlet/ContainerName=wolfi-dx-toolbox/' /etc/cont printf "\nVolume=/home/linuxbrew:/home/linuxbrew:rslave\nVolume=/etc/profile.d/brew.sh:/etc/profile.d/brew.sh:ro\nVolume=/usr/share/fish/vendor_conf.d/brew.fish:/usr/share/fish/vendor_conf.d/brew.fish:ro\n" >> /etc/containers/systemd/users/ubuntu-toolbox.container printf "\nVolume=/home/linuxbrew:/home/linuxbrew:rslave\nVolume=/etc/profile.d/brew.sh:/etc/profile.d/brew.sh:ro\nVolume=/usr/share/fish/vendor_conf.d/brew.fish:/usr/share/fish/vendor_conf.d/brew.fish:ro\n" >> /etc/containers/systemd/users/fedora-toolbox.container -# Make systemd targets +# Make systemd targets mkdir -p /usr/lib/systemd/user QUADLET_TARGETS=( "bluefin-cli" diff --git a/build_files/base/hwe-additions.sh b/build_files/base/hwe-additions.sh index 31bc37b8026..4ff86a34dff 100755 --- a/build_files/base/hwe-additions.sh +++ b/build_files/base/hwe-additions.sh @@ -30,4 +30,4 @@ SURFACE_PACKAGES=( rpm-ostree install \ "${ASUS_PACKAGES[@]}" \ - "${SURFACE_PACKAGES[@]}" \ No newline at end of file + "${SURFACE_PACKAGES[@]}" diff --git a/build_files/dx/01-install-copr-repos-dx.sh b/build_files/dx/01-install-copr-repos-dx.sh index fafd44ffd2a..c2ff4a4c591 100755 --- a/build_files/dx/01-install-copr-repos-dx.sh +++ b/build_files/dx/01-install-copr-repos-dx.sh @@ -26,4 +26,4 @@ curl -Lo /etc/yum.repos.d/atim-ubuntu-fonts-fedora-"${FEDORA_MAJOR_VERSION}".rep # Kvmfr module curl -Lo /etc/yum.repos.d/hikariknight-looking-glass-kvmfr-fedora-"${FEDORA_MAJOR_VERSION}".repo \ - https://copr.fedorainfracloud.org/coprs/hikariknight/looking-glass-kvmfr/repo/fedora-"${FEDORA_MAJOR_VERSION}"/hikariknight-looking-glass-kvmfr-fedora-"${FEDORA_MAJOR_VERSION}".repo \ No newline at end of file + https://copr.fedorainfracloud.org/coprs/hikariknight/looking-glass-kvmfr/repo/fedora-"${FEDORA_MAJOR_VERSION}"/hikariknight-looking-glass-kvmfr-fedora-"${FEDORA_MAJOR_VERSION}".repo diff --git a/build_files/dx/04-override-install-dx.sh b/build_files/dx/04-override-install-dx.sh index 801208527b2..24426551caa 100755 --- a/build_files/dx/04-override-install-dx.sh +++ b/build_files/dx/04-override-install-dx.sh @@ -16,4 +16,4 @@ mv /tmp/monaspace-font/monaspace-v*/fonts/variable/* /usr/share/fonts/monaspace/ rm -rf /tmp/monaspace-font* fc-cache -f /usr/share/fonts/monaspace -fc-cache --system-only --really-force --verbose \ No newline at end of file +fc-cache --system-only --really-force --verbose diff --git a/build_files/shared/build-base.sh b/build_files/shared/build-base.sh index 9714f692a0f..87d83f2289d 100755 --- a/build_files/shared/build-base.sh +++ b/build_files/shared/build-base.sh @@ -62,4 +62,4 @@ mv /var/lib/alternatives /staged-alternatives mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \ mkdir -p /var/tmp && \ chmod -R 1777 /var/tmp -ostree container commit \ No newline at end of file +ostree container commit diff --git a/build_files/shared/build-dx.sh b/build_files/shared/build-dx.sh index c6e4e273116..b095b31afde 100755 --- a/build_files/shared/build-dx.sh +++ b/build_files/shared/build-dx.sh @@ -44,4 +44,4 @@ mv /var/lib/alternatives /staged-alternatives mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \ mkdir -p /var/tmp && \ chmod -R 1777 /var/tmp -ostree container commit \ No newline at end of file +ostree container commit diff --git a/just/bluefin-system.just b/just/bluefin-system.just index ce59b5d540c..b7d633d5c91 100644 --- a/just/bluefin-system.just +++ b/just/bluefin-system.just @@ -192,7 +192,7 @@ configure-vfio ACTION="": if [[ ${CPU_VENDOR} == "AuthenticAMD" ]]; then VENDOR_KARG="amd_iommu=on" elif [[ ${CPU_VENDOR} == "GenuineIntel" ]]; then - VENDOR_KARG="intel_iommu=on" + VENDOR_KARG="intel_iommu=on" fi if [[ ${VENDOR_KARG} == "unset" ]]; then echo "Failed to get CPU vendor, exiting..." @@ -266,7 +266,7 @@ rebase-helper: @/usr/bin/ublue-rollback-helper update-ng: - echo "Note: This command doesn't work if you have locally layered packages" + echo "Note: This command doesn't work if you have locally layered packages" sudo bootc upgrade flatpak update -y brew upgrade @@ -282,7 +282,7 @@ toggle-tailscale: if [ "$TAILSCALED_STATUS" == "enabled" ] || [ "$TAILSCALED_STATUS" == "disabled" ]; then TAILSCALED="Installed" - else + else TAILSCALED="Not Found" echo "${b}${red}Unable to enable or disable Tailscale.${n}" echo "The tailscaled service must be present and either enabled or disabled to run this script." From 127af1519c0e8cd496aec65fd41e58e53d84afaf Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Sun, 3 Nov 2024 15:50:06 -0600 Subject: [PATCH 049/101] remove unused just recipe and vscode tasks --- .vscode/tasks.json | 108 --------------------------------------------- Justfile | 4 -- 2 files changed, 112 deletions(-) delete mode 100644 .vscode/tasks.json diff --git a/.vscode/tasks.json b/.vscode/tasks.json deleted file mode 100644 index d0c6bca0a1f..00000000000 --- a/.vscode/tasks.json +++ /dev/null @@ -1,108 +0,0 @@ -{ - "version": "2.0.0", - "tasks": [ - { - "label": "Connect to VM", - "dependsOn": [ - "Run-ISO", - "Open Browser" - ], - "problemMatcher": [] - }, - { - "label": "Open Browser", - "command": "${input:openSimpleBrowser}", - "problemMatcher": [] - }, - { - "label": "Build Container", - "command": "just", - "args": [ - "build", - "${input:outputChoice}" - ], - "problemMatcher": [], - "group": { - "kind": "build", - "isDefault": true - } - }, - { - "label": "Build ISO", - "command": "just", - "args": [ - "build-iso", - "${input:outputChoice}" - ], - "problemMatcher": [] - }, - { - "label": "Build ISO (testing)", - "command": "just", - "args": [ - "build-iso-installer-main", - "${input:outputChoice}" - ], - "problemMatcher": [] - }, - { - "label": "Run-ISO", - "command": "just", - "args": [ - "run-iso", - "${input:outputChoice}" - ], - "problemMatcher": [], - "isBackground": true - }, - { - "label": "List Images", - "command": "just", - "args": [ - "list-images" - ], - "problemMatcher": [] - }, - { - "label": "Check justfiles", - "command": "just", - "args": [ - "just-check" - ], - "problemMatcher": [] - }, - { - "label": "Run Container", - "command": "just", - "args": [ - "run-container", - "${input:outputChoice}" - ], - "problemMatcher": [] - } - ], - "inputs": [ - { - "id": "openSimpleBrowser", - "type": "command", - "command": "simpleBrowser.show", - "args": [ - "http://localhost:8006" - ] - }, - { - "id": "outputChoice", - "type": "pickString", - "description": "Choose which container to build", - "default": "bluefin", - "options": [ - "bluefin gts", - "bluefin-dx gts", - "bluefin stable", - "bluefin-dx stable", - "aurora stable", - "aurora-dx stable" - ] - } - ] -} diff --git a/Justfile b/Justfile index 4f8ed2755e7..297c90a504c 100644 --- a/Justfile +++ b/Justfile @@ -56,10 +56,6 @@ sudo-clean: just sudoif "find *_build* -exec rm -rf {} \;" just sudoif "rm -f previous.manifest.json" -# Build Container -build-container: - #!/usr/bin/bash - # Check if valid combo [private] validate image="" tag="" flavor="": From c9fb0601695cd9314a934ab463d56fed72d8c7cc Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Sun, 3 Nov 2024 17:16:19 -0600 Subject: [PATCH 050/101] rename inputs/matrix "fedora_version" to "stream_name" This avoids confusion where we actually do use "fedora_version" to reference Fedora version numbers (40, 41, etc), but for the input and matrix use cases we actually intend to refer to the Bluefin streams: gts, stable, latest, beta --- .github/workflows/build-image-beta.yml | 4 +-- .github/workflows/build-image-gts.yml | 4 +-- .github/workflows/build-image-latest.yml | 4 +-- .github/workflows/build-image-stable.yml | 4 +-- .github/workflows/build-iso-gts.yml | 2 +- .github/workflows/build-iso-latest.yml | 2 +- .github/workflows/build-iso-stable.yml | 2 +- .github/workflows/generate-release.yml | 12 +++---- .github/workflows/reusable-build-iso.yml | 14 ++++---- .github/workflows/reusable-build.yml | 42 ++++++++++++------------ 10 files changed, 45 insertions(+), 45 deletions(-) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index ceb78b887f0..781c0030fc9 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -38,7 +38,7 @@ jobs: brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: brand_name: ${{ matrix.brand_name }} - fedora_version: beta + stream_name: beta generate-release: name: Generate Release @@ -47,4 +47,4 @@ jobs: secrets: inherit uses: ./.github/workflows/generate-release.yml with: - fedora_version: '["beta"]' + stream_name: '["beta"]' diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index e803148b6ed..fecad3d02c6 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -22,7 +22,7 @@ jobs: brand_name: [bluefin] with: brand_name: ${{ matrix.brand_name }} - fedora_version: gts + stream_name: gts generate_release: name: Generate Release @@ -31,7 +31,7 @@ jobs: secrets: inherit uses: ./.github/workflows/generate-release.yml with: - fedora_version: '["gts"]' + stream_name: '["gts"]' build-iso-gts: name: Build GTS ISOs diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 187019c0bdb..0b405b721c2 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -39,7 +39,7 @@ jobs: with: image_flavors: '["main", "nvidia", "hwe", "hwe-nvidia"]' brand_name: ${{ matrix.brand_name }} - fedora_version: latest + stream_name: latest generate-release: name: Generate Release @@ -48,7 +48,7 @@ jobs: secrets: inherit uses: ./.github/workflows/generate-release.yml with: - fedora_version: '["latest"]' + stream_name: '["latest"]' build-iso-latest: name: Build Stable ISOs diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index 04c5a0362e1..1cc1855e7e8 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -32,7 +32,7 @@ jobs: brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: brand_name: ${{ matrix.brand_name }} - fedora_version: stable + stream_name: stable generate-release: name: Generate Release @@ -41,7 +41,7 @@ jobs: secrets: inherit uses: ./.github/workflows/generate-release.yml with: - fedora_version: '["stable"]' + stream_name: '["stable"]' build-iso-stable: name: Build Stable ISOs diff --git a/.github/workflows/build-iso-gts.yml b/.github/workflows/build-iso-gts.yml index 02ab545d83d..6c12b0aa3dd 100644 --- a/.github/workflows/build-iso-gts.yml +++ b/.github/workflows/build-iso-gts.yml @@ -14,4 +14,4 @@ jobs: brand_name: [bluefin] with: brand_name: ${{ matrix.brand_name }} - fedora_version: gts + stream_name: gts diff --git a/.github/workflows/build-iso-latest.yml b/.github/workflows/build-iso-latest.yml index f4b17cd8b58..a7829198966 100644 --- a/.github/workflows/build-iso-latest.yml +++ b/.github/workflows/build-iso-latest.yml @@ -24,4 +24,4 @@ jobs: with: image_flavors: '["main", "nvidia", "hwe", "hwe-nvidia"]' brand_name: ${{ matrix.brand_name }} - fedora_version: latest + stream_name: latest diff --git a/.github/workflows/build-iso-stable.yml b/.github/workflows/build-iso-stable.yml index 5406d027e04..e7a09e30d48 100644 --- a/.github/workflows/build-iso-stable.yml +++ b/.github/workflows/build-iso-stable.yml @@ -23,4 +23,4 @@ jobs: brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: brand_name: ${{ matrix.brand_name }} - fedora_version: stable + stream_name: stable diff --git a/.github/workflows/generate-release.yml b/.github/workflows/generate-release.yml index 8e606a5ebfc..eca774709b8 100644 --- a/.github/workflows/generate-release.yml +++ b/.github/workflows/generate-release.yml @@ -5,7 +5,7 @@ on: description: "Make latest for Release" type: boolean default: false - fedora_version: + stream_name: description: "Release Tag (e.g. gts, stable)" type: string required: true @@ -16,11 +16,11 @@ on: make_latest: description: "Make latest for Release" type: choice - default: 'false' + default: "false" options: - - 'false' - - 'true' - fedora_version: + - "false" + - "true" + stream_name: description: "Release Tag (e.g. gts, stable)" required: true type: choice @@ -42,7 +42,7 @@ jobs: strategy: fail-fast: false matrix: - version: ${{ fromJson( inputs.fedora_version ) }} + version: ${{ fromJson( inputs.stream_name ) }} steps: - name: Checkout lass 500 commits (fot to work) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 7112c363119..8f89f1ab22f 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -10,13 +10,13 @@ on: description: "The Brand Name: bluefin or aurora" required: true type: string - fedora_version: + stream_name: description: "The Fedora Version: gts, stable, or latest" required: true type: string concurrency: - group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name}}-${{ inputs.fedora_version }}-iso + group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name}}-${{ inputs.stream_name }}-iso cancel-in-progress: true jobs: @@ -31,7 +31,7 @@ jobs: matrix: image_flavor: ${{ fromJson(inputs.image_flavors) }} base_name: ["${{ inputs.brand_name }}", "${{ inputs.brand_name }}-dx"] - fedora_version: ["${{ inputs.fedora_version }}"] + stream_name: ["${{ inputs.stream_name }}"] steps: - name: Free Disk Space (Ubuntu) @@ -58,7 +58,7 @@ jobs: shell: bash run: | set -eo pipefail - kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ matrix.fedora_version }} | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') + kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ matrix.stream_name }} | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') fedora_version=$(echo $kernel_release | grep -oP 'fc\K[0-9]+') echo "kernel_release=$kernel_release" >> $GITHUB_OUTPUT echo "fedora_version=$fedora_version" >> $GITHUB_OUTPUT @@ -67,7 +67,7 @@ jobs: id: generate-tag shell: bash run: | - TAG="${{ matrix.fedora_version }}" + TAG="${{ matrix.stream_name }}" if [[ "${{ github.ref_name }}" == "testing" ]]; then TAG="testing-${TAG}" @@ -75,7 +75,7 @@ jobs: # Would like to implement in the future. This will allow us to support image tags from a PR. #if [[ github.event.number ]]; then - # TAG="pr-${{ github.event.number }}-${{ matrix.fedora_version }}" + # TAG="pr-${{ github.event.number }}-${{ matrix.stream_name }}" #fi echo "tag=${TAG}" >> $GITHUB_OUTPUT @@ -96,7 +96,7 @@ jobs: shell: bash run: | set -ex - image="ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ matrix.fedora_version }}" + image="ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ matrix.stream_name }}" # Make temp space TEMP_FLATPAK_INSTALL_DIR=$(mktemp -d -p ${{ github.workspace }} flatpak.XXX) # Get list of refs from directory diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index b72aa8c4fe3..a3948a71250 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -10,7 +10,7 @@ on: description: "The Brand Name: bluefin or aurora" required: true type: string - fedora_version: + stream_name: description: "The Fedora Version: gts, stable, or latest" required: true type: string @@ -25,7 +25,7 @@ env: IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} concurrency: - group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name}}-${{ inputs.fedora_version }} + group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name}}-${{ inputs.stream_name }} cancel-in-progress: true jobs: @@ -40,7 +40,7 @@ jobs: matrix: image_flavor: ${{ fromJson(inputs.image_flavors) }} base_name: ["${{ inputs.brand_name }}", "${{ inputs.brand_name }}-dx"] - fedora_version: ["${{ inputs.fedora_version }}"] + stream_name: ["${{ inputs.stream_name }}"] steps: - name: Checkout @@ -74,9 +74,9 @@ jobs: # AKMODS_FLAVOR if [[ "${{ matrix.image_flavor }}" =~ "hwe" ]]; then echo "AKMODS_FLAVOR=bazzite" >> $GITHUB_ENV - elif [[ "${{ matrix.fedora_version }}" =~ stable|gts ]]; then + elif [[ "${{ matrix.stream_name }}" =~ stable|gts ]]; then echo "AKMODS_FLAVOR=coreos-stable" >> $GITHUB_ENV - elif [[ "${{ matrix.fedora_version }}" =~ beta ]]; then + elif [[ "${{ matrix.stream_name }}" =~ beta ]]; then echo "AKMODS_FLAVOR=coreos-testing" >> $GITHUB_ENV else echo "AKMODS_FLAVOR=main" >> $GITHUB_ENV @@ -92,16 +92,16 @@ jobs: set -eoux pipefail # Fedora Version - if [[ "${{ matrix.fedora_version }}" =~ stable ]]; then + if [[ "${{ matrix.stream_name }}" =~ stable ]]; then fedora_version=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') else - fedora_version=$(skopeo inspect docker://ghcr.io/ublue-os/base-main:${{ matrix.fedora_version }} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + fedora_version=$(skopeo inspect docker://ghcr.io/ublue-os/base-main:${{ matrix.stream_name }} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') fi # Kernel Release for ostree.linux label if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/bazzite-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') - elif [[ "${{ matrix.fedora_version }}" =~ latest|beta ]]; then + elif [[ "${{ matrix.stream_name }}" =~ latest|beta ]]; then kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/main-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') else kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') @@ -176,22 +176,22 @@ jobs: # Have tags for tracking builds during pull request SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.number }}-${{ matrix.fedora_version }}") - COMMIT_TAGS+=("${SHA_SHORT}-${{ matrix.fedora_version }}") + COMMIT_TAGS+=("pr-${{ github.event.number }}-${{ matrix.stream_name }}") + COMMIT_TAGS+=("${SHA_SHORT}-${{ matrix.stream_name }}") # Convenience Tags - if [[ "${{ matrix.fedora_version }}" =~ stable ]]; then + if [[ "${{ matrix.stream_name }}" =~ stable ]]; then BUILD_TAGS+=("stable-daily" "stable-daily-${TIMESTAMP}") else - BUILD_TAGS+=("${{ matrix.fedora_version }}" "${{ matrix.fedora_version }}-${TIMESTAMP}") + BUILD_TAGS+=("${{ matrix.stream_name }}" "${{ matrix.stream_name }}-${TIMESTAMP}") fi # Weekly Stable / Rebuild Stable on workflow_dispatch - if [[ "${{ matrix.fedora_version }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${{ github.event_name }}" =~ scheduled ]]; then + if [[ "${{ matrix.stream_name }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${{ github.event_name }}" =~ scheduled ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ "${{ matrix.fedora_version }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch|workflow_call ]]; then + elif [[ "${{ matrix.stream_name }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch|workflow_call ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ ! "${{ matrix.fedora_version}}" =~ "stable" ]]; then + elif [[ ! "${{ matrix.stream_name}}" =~ "stable" ]]; then BUILD_TAGS+=("${{ env.FEDORA_VERSION }}" "${{ env.FEDORA_VERSION }}-${TIMESTAMP}") fi @@ -219,7 +219,7 @@ jobs: alias_tags=("${BUILD_TAGS[@]}") fi - echo "DEFAULT_TAG=${{ matrix.fedora_version }}" >> $GITHUB_ENV + echo "DEFAULT_TAG=${{ matrix.stream_name }}" >> $GITHUB_ENV echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT # Build metadata @@ -269,7 +269,7 @@ jobs: BUILD_ARGS+=("--build-arg" "IMAGE_VENDOR=${{ github.repository_owner }}") BUILD_ARGS+=("--build-arg" "KERNEL=${{ env.KERNEL_RELEASE }}") BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=${{ env.SHA_HEAD_SHORT }}") - BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${{ matrix.fedora_version }}") + BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${{ matrix.stream_name }}") TAG_ARGS=() IFS=' ' read -r -a tags_array <<< "${{ steps.generate-tags.outputs.alias_tags }}" @@ -412,21 +412,21 @@ jobs: DIGEST: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }} IMAGE_REGISTRY: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} IMAGE_NAME: ${{ env.IMAGE_NAME }} - FEDORA_VERSION: ${{ matrix.fedora_version }} + FEDORA_VERSION: ${{ matrix.stream_name }} run: echo "${IMAGE_REGISTRY}@${DIGEST}" > "${IMAGE_NAME}-${FEDORA_VERSION}.txt" - name: Upload artifact if: github.event_name != 'pull_request' uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: - name: image-${{ env.IMAGE_NAME }}-${{ matrix.fedora_version }} + name: image-${{ env.IMAGE_NAME }}-${{ matrix.stream_name }} retention-days: 1 if-no-files-found: error path: | - ${{ env.IMAGE_NAME }}-${{ matrix.fedora_version }}.txt + ${{ env.IMAGE_NAME }}-${{ matrix.stream_name }}.txt check: - name: Check all ${{ inputs.fedora_version }} builds successful + name: Check all ${{ inputs.stream_name }} builds successful if: always() runs-on: ubuntu-latest needs: [build_container] From b4028f2125cca266020df0abcd7a652f46b44bd5 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Mon, 4 Nov 2024 19:07:35 -0500 Subject: [PATCH 051/101] update gitignore for changelogs --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 1e63789c158..c79db42080a 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,5 @@ flatpak.* *_build *_build.* previous.manifest.json +changelog.md +output.env From 639c65578c9edff5986245c632967aff851df4e9 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Mon, 4 Nov 2024 20:55:28 -0600 Subject: [PATCH 052/101] number all base build scripts --- .../base/{image-info.sh => 00-image-info.sh} | 0 .../base/{00-build-fix.sh => 01-build-fix.sh} | 0 ...copr-repos.sh => 02-install-copr-repos.sh} | 0 ...-akmods.sh => 03-install-kernel-akmods.sh} | 0 .../base/{03-packages.sh => 04-packages.sh} | 0 ...ride-install.sh => 05-override-install.sh} | 3 -- ...fetch-quadlets.sh => 06-fetch-quadlets.sh} | 0 ...ge-changes.sh => 07-base-image-changes.sh} | 0 .../base/{06-firmware.sh => 08-firmware.sh} | 0 .../{hwe-additions.sh => 09-hwe-additions.sh} | 7 ++++ build_files/base/{07-brew.sh => 10-brew.sh} | 0 build_files/base/{08-bootc.sh => 16-bootc.sh} | 0 .../base/{09-cleanup.sh => 17-cleanup.sh} | 0 .../{workarounds.sh => 18-workarounds.sh} | 0 .../base/{initramfs.sh => 19-initramfs.sh} | 0 build_files/shared/build-base.sh | 38 ++++++++++--------- 16 files changed, 28 insertions(+), 20 deletions(-) rename build_files/base/{image-info.sh => 00-image-info.sh} (100%) rename build_files/base/{00-build-fix.sh => 01-build-fix.sh} (100%) rename build_files/base/{01-install-copr-repos.sh => 02-install-copr-repos.sh} (100%) rename build_files/base/{02-install-kernel-akmods.sh => 03-install-kernel-akmods.sh} (100%) rename build_files/base/{03-packages.sh => 04-packages.sh} (100%) rename build_files/base/{04-override-install.sh => 05-override-install.sh} (97%) rename build_files/base/{fetch-quadlets.sh => 06-fetch-quadlets.sh} (100%) rename build_files/base/{05-base-image-changes.sh => 07-base-image-changes.sh} (100%) rename build_files/base/{06-firmware.sh => 08-firmware.sh} (100%) rename build_files/base/{hwe-additions.sh => 09-hwe-additions.sh} (82%) rename build_files/base/{07-brew.sh => 10-brew.sh} (100%) rename build_files/base/{08-bootc.sh => 16-bootc.sh} (100%) rename build_files/base/{09-cleanup.sh => 17-cleanup.sh} (100%) rename build_files/base/{workarounds.sh => 18-workarounds.sh} (100%) rename build_files/base/{initramfs.sh => 19-initramfs.sh} (100%) diff --git a/build_files/base/image-info.sh b/build_files/base/00-image-info.sh similarity index 100% rename from build_files/base/image-info.sh rename to build_files/base/00-image-info.sh diff --git a/build_files/base/00-build-fix.sh b/build_files/base/01-build-fix.sh similarity index 100% rename from build_files/base/00-build-fix.sh rename to build_files/base/01-build-fix.sh diff --git a/build_files/base/01-install-copr-repos.sh b/build_files/base/02-install-copr-repos.sh similarity index 100% rename from build_files/base/01-install-copr-repos.sh rename to build_files/base/02-install-copr-repos.sh diff --git a/build_files/base/02-install-kernel-akmods.sh b/build_files/base/03-install-kernel-akmods.sh similarity index 100% rename from build_files/base/02-install-kernel-akmods.sh rename to build_files/base/03-install-kernel-akmods.sh diff --git a/build_files/base/03-packages.sh b/build_files/base/04-packages.sh similarity index 100% rename from build_files/base/03-packages.sh rename to build_files/base/04-packages.sh diff --git a/build_files/base/04-override-install.sh b/build_files/base/05-override-install.sh similarity index 97% rename from build_files/base/04-override-install.sh rename to build_files/base/05-override-install.sh index 4d7bb9b5ede..f84b64b004a 100755 --- a/build_files/base/04-override-install.sh +++ b/build_files/base/05-override-install.sh @@ -72,6 +72,3 @@ mv -f /tmp/ublue-update.toml /usr/etc/ublue-update/ublue-update.toml # Register Fonts fc-cache -f /usr/share/fonts/ubuntu fc-cache -f /usr/share/fonts/inter - -# Get Quadlets -/ctx/build_files/base/fetch-quadlets.sh diff --git a/build_files/base/fetch-quadlets.sh b/build_files/base/06-fetch-quadlets.sh similarity index 100% rename from build_files/base/fetch-quadlets.sh rename to build_files/base/06-fetch-quadlets.sh diff --git a/build_files/base/05-base-image-changes.sh b/build_files/base/07-base-image-changes.sh similarity index 100% rename from build_files/base/05-base-image-changes.sh rename to build_files/base/07-base-image-changes.sh diff --git a/build_files/base/06-firmware.sh b/build_files/base/08-firmware.sh similarity index 100% rename from build_files/base/06-firmware.sh rename to build_files/base/08-firmware.sh diff --git a/build_files/base/hwe-additions.sh b/build_files/base/09-hwe-additions.sh similarity index 82% rename from build_files/base/hwe-additions.sh rename to build_files/base/09-hwe-additions.sh index 4ff86a34dff..3bbd4e1e774 100755 --- a/build_files/base/hwe-additions.sh +++ b/build_files/base/09-hwe-additions.sh @@ -2,6 +2,13 @@ set -eoux pipefail +if [[ "${IMAGE_NAME}" =~ hwe ]]; then + echo "HWE image detected, installing HWE packages" +else + echo "Standard image detected, skipping HWE packages" + exit 0 +fi + # Asus/Surface for HWE curl -Lo /etc/yum.repos.d/_copr_lukenukem-asus-linux.repo \ https://copr.fedorainfracloud.org/coprs/lukenukem/asus-linux/repo/fedora-$(rpm -E %fedora)/lukenukem-asus-linux-fedora-$(rpm -E %fedora).repo diff --git a/build_files/base/07-brew.sh b/build_files/base/10-brew.sh similarity index 100% rename from build_files/base/07-brew.sh rename to build_files/base/10-brew.sh diff --git a/build_files/base/08-bootc.sh b/build_files/base/16-bootc.sh similarity index 100% rename from build_files/base/08-bootc.sh rename to build_files/base/16-bootc.sh diff --git a/build_files/base/09-cleanup.sh b/build_files/base/17-cleanup.sh similarity index 100% rename from build_files/base/09-cleanup.sh rename to build_files/base/17-cleanup.sh diff --git a/build_files/base/workarounds.sh b/build_files/base/18-workarounds.sh similarity index 100% rename from build_files/base/workarounds.sh rename to build_files/base/18-workarounds.sh diff --git a/build_files/base/initramfs.sh b/build_files/base/19-initramfs.sh similarity index 100% rename from build_files/base/initramfs.sh rename to build_files/base/19-initramfs.sh diff --git a/build_files/shared/build-base.sh b/build_files/shared/build-base.sh index 87d83f2289d..cdc46a768f3 100755 --- a/build_files/shared/build-base.sh +++ b/build_files/shared/build-base.sh @@ -13,48 +13,52 @@ rsync -rvK /ctx/system_files/shared/ / rsync -rvK /ctx/system_files/"${BASE_IMAGE_NAME}"/ / # Generate image-info.json -/ctx/build_files/base/image-info.sh +/ctx/build_files/base/00-image-info.sh # Build Fix - Fix known skew offenders -/ctx/build_files/base/00-build-fix.sh +/ctx/build_files/base/01-build-fix.sh # Get COPR Repos -/ctx/build_files/base/01-install-copr-repos.sh +/ctx/build_files/base/02-install-copr-repos.sh # Install Kernel and Akmods -/ctx/build_files/base/02-install-kernel-akmods.sh +/ctx/build_files/base/03-install-kernel-akmods.sh # Install Additional Packages -/ctx/build_files/base/03-packages.sh +/ctx/build_files/base/04-packages.sh # Install Overrides and Fetch Install -/ctx/build_files/base/04-override-install.sh +/ctx/build_files/base/05-override-install.sh + +# Get Quadlets +/ctx/build_files/base/06-fetch-quadlets.sh # Base Image Changes -/ctx/build_files/base/05-base-image-changes.sh +/ctx/build_files/base/07-base-image-changes.sh # Get Firmare for Framework -/ctx/build_files/base/06-firmware.sh +/ctx/build_files/base/08-firmware.sh # Make HWE changes -if [[ "${IMAGE_NAME}" =~ hwe ]]; then - /ctx/build_files/base/hwe-additions.sh -fi +/ctx/build_files/base/09-hwe-additions.sh + +# Install Brew +/ctx/build_files/base/10-brew.sh + -# Get Brew -/ctx/build_files/base/07-brew.sh +# late stage changes # Make sure Bootc works -/ctx/build_files/base/08-bootc.sh +/ctx/build_files/base/16-bootc.sh # Systemd and Remove Items -/ctx/build_files/base/09-cleanup.sh +/ctx/build_files/base/17-cleanup.sh # Run workarounds for lf (Likely not needed) -/ctx/build_files/base/workarounds.sh +/ctx/build_files/base/18-workarounds.sh # Regenerate initramfs -/ctx/build_files/base/initramfs.sh +/ctx/build_files/base/19-initramfs.sh # Clean Up mv /var/lib/alternatives /staged-alternatives From a81ad34977fa8f447c90cfef099b76ca71911a7c Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Mon, 4 Nov 2024 22:01:32 -0500 Subject: [PATCH 053/101] feat: Justfile improvements Add retries to skopeo/curl Add Secureboot Check and Cosign Check. Add Kernel Pinning --- Justfile | 199 +++++++++++++++--- build_files/base/01-install-copr-repos.sh | 6 +- build_files/base/02-install-kernel-akmods.sh | 8 +- build_files/base/04-override-install.sh | 4 +- build_files/base/05-base-image-changes.sh | 2 +- build_files/base/06-firmware.sh | 4 +- build_files/base/07-brew.sh | 2 +- build_files/base/fetch-quadlets.sh | 12 +- build_files/base/hwe-additions.sh | 4 +- build_files/dx/01-install-copr-repos-dx.sh | 12 +- build_files/dx/02-install-kernel-akmods-dx.sh | 4 +- build_files/dx/04-override-install-dx.sh | 6 +- 12 files changed, 197 insertions(+), 66 deletions(-) diff --git a/Justfile b/Justfile index 297c90a504c..875be06736e 100644 --- a/Justfile +++ b/Justfile @@ -46,15 +46,15 @@ fix: clean: #!/usr/bin/bash set -eoux pipefail + touch _build find *_build* -exec rm -rf {} \; rm -f previous.manifest.json + rm -f changelog.md + rm -f output.env -# Sudo Clean +# Sudo Clean Repo sudo-clean: - #!/usr/bin/bash - set -eoux pipefail - just sudoif "find *_build* -exec rm -rf {} \;" - just sudoif "rm -f previous.manifest.json" + just sudoif just clean # Check if valid combo [private] @@ -107,7 +107,7 @@ sudoif command *args: sudoif {{ command }} {{ args }} # Build Image -build image="bluefin" tag="latest" flavor="main" rechunk="0": +build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin="": #!/usr/bin/bash set -eoux pipefail image={{ image }} @@ -138,13 +138,6 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0": target="base" fi - # Fedora Version - if [[ "${tag}" =~ stable ]]; then - fedora_version=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') - else - fedora_version=$(skopeo inspect docker://ghcr.io/ublue-os/base-main:"${tag}" | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') - fi - # AKMODS Flavor and Kernel Version if [[ "${flavor}" =~ hwe ]]; then akmods_flavor="bazzite" @@ -155,10 +148,38 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0": else akmods_flavor="main" fi - kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/${akmods_flavor}-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') + + # Fedora Version + if [[ "${tag}" =~ stable ]]; then + fedora_version=$(skopeo inspect --retry-times 3 docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + # Verify Base Image with cosign -- coreos does not use cosign + just verify-container "${base_image_name}-main:${fedora_version}" + else + # Verify Base Image with cosign + just verify-container "${base_image_name}-main:${tag}" + fedora_version=$(skopeo inspect --retry-times 3 docker://ghcr.io/ublue-os/"${base_image_name}"-main:"${tag}" | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + fi + + kernel_pin="{{ kernel_pin }}" + if [[ -z "${kernel_pin:-}" ]]; then + kernel_release=$(skopeo inspect --retry-times 3 docker://ghcr.io/ublue-os/${akmods_flavor}-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') + else + kernel_release="${kernel_pin}" + fi + + # Verify Containers with Cosign + just verify-container "${akmods_flavor}-kernel:${kernel_release}" + just verify-container "akmods:${akmods_flavor}-${fedora_version}-${kernel_release}" + if [[ "${akmods_flavor}" =~ coreos ]]; then + just verify-container "akmods-zfs:${akmods_flavor}-${fedora_version}-${kernel_release}" + fi + if [[ "${flavor}" =~ nvidia ]]; then + just verify-container "akmods-nvidia:${akmods_flavor}-${fedora_version}-${kernel_release}" + fi + # Get Version - ver=$(skopeo inspect docker://ghcr.io/ublue-os/"${base_image_name}-main":"${fedora_version}" | jq -r '.Labels["org.opencontainers.image.version"]') + ver=$(skopeo inspect --retry-times 3 docker://ghcr.io/ublue-os/"${base_image_name}-main":"${fedora_version}" | jq -r '.Labels["org.opencontainers.image.version"]') if [ -z "$ver" ] || [ "null" = "$ver" ]; then echo "inspected image version must not be empty or null" exit 1 @@ -195,17 +216,24 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0": . # Rechunk - if [[ "{{ rechunk }}" == "1" ]]; then + if [[ "{{ rechunk }}" == "1" && "{{ ghcr }}" == "1" ]]; then + just rechunk "${image}" "${tag}" "${flavor}" 1 + elif [[ "{{ rechunk }}" == "1" ]]; then just rechunk "${image}" "${tag}" "${flavor}" fi # Build Image and Rechunk -build-rechunk image="bluefin" tag="latest" flavor="main": - @just build {{ image }} {{ tag }} {{ flavor }} 1 +build-rechunk image="bluefin" tag="latest" flavor="main" kernel_pin="": + @just build {{ image }} {{ tag }} {{ flavor }} 1 0 {{ kernel_pin }} + +# Build Image for Pipeline: +build-pipeline image="bluefin" tag="latest" flavor="main" kernel_pin="": + @if [[ "${UID}" > 0 ]]; then echo "Must run with sudo"; exit 1; fi + @just build {{ image }} {{ tag }} {{ flavor }} 1 1 {{ kernel_pin }} # Rechunk Image [private] -rechunk image="bluefin" tag="latest" flavor="main": +rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": #!/usr/bin/bash set -eoux pipefail @@ -237,8 +265,15 @@ rechunk image="bluefin" tag="latest" flavor="main": # Prep Container CREF=$(just sudoif podman create localhost/"${image_name}":"${tag}" bash) - MOUNT=$(just sudoif podman mount "${CREF}") + if [[ "{{ ghcr }}" == 1 && "${tag}" == "stable" ]]; then + old_tag="${tag}" + tag="stable-daily" + fi OUT_NAME="${image_name}_build" + MOUNT=$(just sudoif podman mount "${CREF}") + + # Rechunk Container + rechunker="ghcr.io/hhd-dev/rechunk:latest" # Run Rechunker's Prune just sudoif podman run --rm \ @@ -247,7 +282,7 @@ rechunk image="bluefin" tag="latest" flavor="main": --volume "$MOUNT":/var/tree \ --env TREE=/var/tree \ --user 0:0 \ - ghcr.io/hhd-dev/rechunk:latest \ + "${rechunker}" \ /sources/rechunk/1_prune.sh # Run Rechunker's Create @@ -259,7 +294,7 @@ rechunk image="bluefin" tag="latest" flavor="main": --env REPO=/var/ostree/repo \ --env RESET_TIMESTAMP=1 \ --user 0:0 \ - ghcr.io/hhd-dev/rechunk:latest \ + "${rechunker}" \ /sources/rechunk/2_create.sh # Cleanup Temp Container Reference @@ -282,22 +317,20 @@ rechunk image="bluefin" tag="latest" flavor="main": --env OUT_REF="oci:$OUT_NAME" \ --env GIT_DIR="/var/git" \ --user 0:0 \ - ghcr.io/hhd-dev/rechunk:latest \ + "${rechunker}" \ /sources/rechunk/3_chunk.sh - # Cleanup - just sudoif "find ${OUT_NAME} -type d -exec chmod 0755 {} \;" || true - just sudoif "find ${OUT_NAME}* -type f -exec chmod 0644 {} \;" || true - if [[ "${UID}" -gt 0 ]]; then - just sudoif chown ${UID}:${GROUPS} -R "${PWD}" - fi - just sudoif podman volume rm cache_ostree - just sudoif podman rmi localhost/"${image_name}":"${tag}" - # Load Image into Podman Store IMAGE=$(podman pull oci:"${PWD}"/"${OUT_NAME}") podman tag ${IMAGE} localhost/"${image_name}":"${tag}" + # Cleanup + just sudoif podman volume rm cache_ostree + just sudoif "rm -rf ${OUTNAME}*" + just sudoif "rm -f previous.manifest.json" + + just secureboot "${image}" "${tag}" "${flavor}" + # Run Container run image="bluefin" tag="latest" flavor="main": #!/usr/bin/bash @@ -444,7 +477,7 @@ build-iso image="bluefin" tag="latest" flavor="main" ghcr="0": else iso_build_args+=(VARIANT="Kinoite") fi - iso_build_args+=(VERSION="$(skopeo inspect containers-storage:${IMAGE_FULL} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+')") + iso_build_args+=(VERSION="$(skopeo inspect --retry-times 3 containers-storage:${IMAGE_FULL} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+')") iso_build_args+=(WEBUI="false") just sudoif podman run "${iso_build_args[@]}" @@ -452,7 +485,7 @@ build-iso image="bluefin" tag="latest" flavor="main" ghcr="0": # Build ISO using GHCR Image build-iso-ghcr image="bluefin" tag="latest" flavor="main": - @just build-iso {{ image }} {{ tag }} {{ flavor }} ghcr + @just build-iso {{ image }} {{ tag }} {{ flavor }} 1 # Run ISO run-iso image="bluefin" tag="latest" flavor="main": @@ -506,3 +539,101 @@ changelogs branch="stable": #!/usr/bin/bash set -eoux pipefail python3 ./.github/changelogs.py {{ branch }} ./output.env ./changelog.md --workdir . + +# Verify Container with Cosign +verify-container container="" registry="ghcr.io/ublue-os" key="": + #!/usr/bin/bash + set -eoux pipefail + + # Get Cosign if Needed + if [[ ! $(command -v cosign) ]]; then + CONTAINER_ID=$(just sudoif podman create cgr.dev/chainguard/cosign:latest bash) + just sudoif podman cp "${CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign + just sudoif podman rm -f "${CONTAINER_ID}" + fi + + # Verify Cosign Image Signatures + if ! cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity=https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main cgr.dev/chainguard/cosign | jq >/dev/null; then + echo "NOTICE: Failed to verify cosign image signatures." + exit 1 + fi + + # Public Key for Container Verification + key={{ key }} + if [[ -z "${key:-}" ]]; then + key="https://raw.githubusercontent.com/ublue-os/main/main/cosign.pub" + fi + + # Verify Container using cosign public key + if ! cosign verify --key "${key}" "{{ registry }}"/"{{ container }}" | jq; then + echo "NOTICE: Verification failed. Please ensure your public key is correct." + exit 1 + fi + +# Secureboot Check +secureboot image="bluefin" tag="latest" flavor="main": + #!/usr/bin/bash + set -eoux pipefail + image={{ image }} + tag={{ tag }} + flavor={{ flavor }} + + # Validate (Handle Stable-daily) + if [[ "${tag}" == "stable-daily" ]]; then + temp_tag="${tag}" + tag="stable" + fi + + just validate "${image}" "${tag}" "${flavor}" + + if [[ -n "${temp_tag:-}" ]]; then + tag="${temp_tag}" + fi + + # Image Name + if [[ "${flavor}" =~ main ]]; then + image_name="${image}" + else + image_name="${image}-${flavor}" + fi + + # Get the vmlinuz to check + kernel_release=$(podman inspect "${image_name}":"${tag}" | jq -r '.[].Config.Labels["ostree.linux"]') + TMP=$(podman create "${image_name}":"${tag}" bash) + podman cp "$TMP":/usr/lib/modules/"${kernel_release}"/vmlinuz /tmp/vmlinuz + podman rm "$TMP" + + # Get the Public Certificates + curl --retry 3 -Lo /tmp/kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der + curl --retry 3 -Lo /tmp/akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der + openssl x509 -in /tmp/kernel-sign.der -out /tmp/kernel-sign.crt + openssl x509 -in /tmp/akmods.der -out /tmp/akmods.crt + + # Make sure we have sbverify + CMD="$(command -v sbverify)" + if [[ -z "${CMD:-}" ]]; then + temp_name="sbverify-${RANDOM}" + podman run -dt \ + --entrypoint /bin/sh \ + --volume /tmp/vmlinuz:/tmp/vmlinuz:z \ + --volume /tmp/kernel-sign.crt:/tmp/kernel-sign.crt:z \ + --volume /tmp/akmods.crt:/tmp/akmods.crt:z \ + --name ${temp_name} \ + alpine + podman exec ${temp_name} apk add sbsigntool + CMD="podman exec ${temp_name} /usr/bin/sbverify" + fi + + # Confirm that Signature are good + $CMD --list /tmp/vmlinuz + if ! $CMD --cert /tmp/kernel-sign.crt /tmp/vmlinuz || ! $CMD --cert /tmp/akmods.crt /tmp/vmlinuz; then + if [[ -n "${temp_name:-}" ]]; then + podman rm -f "${temp_name}" + fi + echo "Secureboot Signature Failed...." + exit 1 + else + if [[ -n "${temp_name:-}" ]]; then + podman rm -f "${temp_name}" + fi + fi diff --git a/build_files/base/01-install-copr-repos.sh b/build_files/base/01-install-copr-repos.sh index 868885bd313..b115a66b682 100755 --- a/build_files/base/01-install-copr-repos.sh +++ b/build_files/base/01-install-copr-repos.sh @@ -4,12 +4,12 @@ set -eoux pipefail # Add Staging repo -curl -Lo /etc/yum.repos.d/ublue-os-staging-fedora-"$(rpm -E %fedora)".repo \ +curl --retry 3 -Lo /etc/yum.repos.d/ublue-os-staging-fedora-"$(rpm -E %fedora)".repo \ https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"$(rpm -E %fedora)"/ublue-os-staging-fedora-"$(rpm -E %fedora)".repo # Add Switcheroo Repo -curl -Lo /etc/yum.repos.d/_copr_sentry-switcheroo-control_discrete.repo \ +curl --retry 3 -Lo /etc/yum.repos.d/_copr_sentry-switcheroo-control_discrete.repo \ https://copr.fedorainfracloud.org/coprs/sentry/switcheroo-control_discrete/repo/fedora-"$(rpm -E %fedora)"/sentry-switcheroo-control_discrete-fedora-"$(rpm -E %fedora)".repo # Add Nerd Fonts Repo -curl -Lo /etc/yum.repos.d/_copr_che-nerd-fonts-"$(rpm -E %fedora)".repo https://copr.fedorainfracloud.org/coprs/che/nerd-fonts/repo/fedora-"$(rpm -E %fedora)"/che-nerd-fonts-fedora-"$(rpm -E %fedora)".repo +curl --retry 3 -Lo /etc/yum.repos.d/_copr_che-nerd-fonts-"$(rpm -E %fedora)".repo https://copr.fedorainfracloud.org/coprs/che/nerd-fonts/repo/fedora-"$(rpm -E %fedora)"/che-nerd-fonts-fedora-"$(rpm -E %fedora)".repo diff --git a/build_files/base/02-install-kernel-akmods.sh b/build_files/base/02-install-kernel-akmods.sh index 032ea467500..6299d2f4b52 100755 --- a/build_files/base/02-install-kernel-akmods.sh +++ b/build_files/base/02-install-kernel-akmods.sh @@ -9,7 +9,7 @@ do done # Fetch Kernel -skopeo copy docker://ghcr.io/ublue-os/"${AKMODS_FLAVOR}"-kernel:"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/kernel-rpms +skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/"${AKMODS_FLAVOR}"-kernel:"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/kernel-rpms KERNEL_TARGZ=$(jq -r '.layers[].digest' < /tmp/kernel-rpms/manifest.json | cut -d : -f 2) tar -xvzf /tmp/kernel-rpms/"$KERNEL_TARGZ" -C / mv /tmp/rpms/* /tmp/kernel-rpms/ @@ -21,7 +21,7 @@ rpm-ostree install \ /tmp/kernel-rpms/kernel-modules-*.rpm # Fetch Common AKMODS -skopeo copy docker://ghcr.io/ublue-os/akmods:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods +skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods AKMODS_TARGZ=$(jq -r '.layers[].digest' < /tmp/akmods/manifest.json | cut -d : -f 2) tar -xvzf /tmp/akmods/"$AKMODS_TARGZ" -C /tmp/ mv /tmp/rpms/* /tmp/akmods/ @@ -49,7 +49,7 @@ rpm-ostree uninstall rpmfusion-free-release rpmfusion-nonfree-release # Nvidia AKMODS if [[ "${IMAGE_NAME}" =~ nvidia ]]; then # Fetch Nvidia RPMs - skopeo copy docker://ghcr.io/ublue-os/akmods-nvidia:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-rpms + skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods-nvidia:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-rpms NVIDIA_TARGZ=$(jq -r '.layers[].digest' < /tmp/akmods-rpms/manifest.json | cut -d : -f 2) tar -xvzf /tmp/akmods-rpms/"$NVIDIA_TARGZ" -C /tmp/ mv /tmp/rpms/* /tmp/akmods-rpms/ @@ -64,7 +64,7 @@ fi # ZFS for gts/stable if [[ ${AKMODS_FLAVOR} =~ coreos ]]; then # Fetch ZFS RPMs - skopeo copy docker://ghcr.io/ublue-os/akmods-zfs:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-zfs + skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods-zfs:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-zfs ZFS_TARGZ=$(jq -r '.layers[].digest' < /tmp/akmods-zfs/manifest.json | cut -d : -f 2) tar -xvzf /tmp/akmods-zfs/"$ZFS_TARGZ" -C /tmp/ mv /tmp/rpms/* /tmp/akmods-zfs/ diff --git a/build_files/base/04-override-install.sh b/build_files/base/04-override-install.sh index 4d7bb9b5ede..e4707475d71 100755 --- a/build_files/base/04-override-install.sh +++ b/build_files/base/04-override-install.sh @@ -48,14 +48,14 @@ rpm-ostree override replace \ rm /etc/yum.repos.d/_copr_sentry-switcheroo-control_discrete.repo # Starship Shell Prompt -curl -Lo /tmp/starship.tar.gz "https://github.com/starship/starship/releases/latest/download/starship-x86_64-unknown-linux-gnu.tar.gz" +curl --retry 3 -Lo /tmp/starship.tar.gz "https://github.com/starship/starship/releases/latest/download/starship-x86_64-unknown-linux-gnu.tar.gz" tar -xzf /tmp/starship.tar.gz -C /tmp install -c -m 0755 /tmp/starship /usr/bin # shellcheck disable=SC2016 echo 'eval "$(starship init bash)"' >> /etc/bashrc # Bash Prexec -curl -Lo /usr/share/bash-prexec https://raw.githubusercontent.com/rcaloras/bash-preexec/master/bash-preexec.sh +curl --retry 3 -Lo /usr/share/bash-prexec https://raw.githubusercontent.com/rcaloras/bash-preexec/master/bash-preexec.sh # Topgrade Install pip install --prefix=/usr topgrade diff --git a/build_files/base/05-base-image-changes.sh b/build_files/base/05-base-image-changes.sh index 4b2bbc7ca30..88d4070842f 100755 --- a/build_files/base/05-base-image-changes.sh +++ b/build_files/base/05-base-image-changes.sh @@ -38,7 +38,7 @@ if [[ "${BASE_IMAGE_NAME}" = "kinoite" ]]; then systemctl enable kde-sysmonitor-workaround.service # Get Default Font since font fallback doesn't work - curl --output-dir /tmp -LO https://github.com/ryanoasis/nerd-fonts/releases/download/v3.2.1/FiraCode.zip + curl --retry 3 --output-dir /tmp -LO https://github.com/ryanoasis/nerd-fonts/releases/download/v3.2.1/FiraCode.zip mkdir -p /usr/share/fonts/fira-nf unzip /tmp/FiraCode.zip -d /usr/share/fonts/fira-nf fc-cache -f /usr/share/fonts/fira-nf diff --git a/build_files/base/06-firmware.sh b/build_files/base/06-firmware.sh index 0dca6ac801a..0bf5f77695a 100755 --- a/build_files/base/06-firmware.sh +++ b/build_files/base/06-firmware.sh @@ -3,8 +3,8 @@ set -eoux pipefail mkdir -p /tmp/mediatek-firmware -curl -Lo /tmp/mediatek-firmware/WIFI_MT7922_patch_mcu_1_1_hdr.bin https://gitlab.com/kernel-firmware/linux-firmware/-/raw/8f08053b2a7474e210b03dbc2b4ba59afbe98802/mediatek/WIFI_MT7922_patch_mcu_1_1_hdr.bin?inline=false -curl -Lo /tmp/mediatek-firmware/WIFI_RAM_CODE_MT7922_1.bin https://gitlab.com/kernel-firmware/linux-firmware/-/raw/8f08053b2a7474e210b03dbc2b4ba59afbe98802/mediatek/WIFI_RAM_CODE_MT7922_1.bin?inline=false +curl --retry 3 -Lo /tmp/mediatek-firmware/WIFI_MT7922_patch_mcu_1_1_hdr.bin https://gitlab.com/kernel-firmware/linux-firmware/-/raw/8f08053b2a7474e210b03dbc2b4ba59afbe98802/mediatek/WIFI_MT7922_patch_mcu_1_1_hdr.bin?inline=false +curl --retry 3 -Lo /tmp/mediatek-firmware/WIFI_RAM_CODE_MT7922_1.bin https://gitlab.com/kernel-firmware/linux-firmware/-/raw/8f08053b2a7474e210b03dbc2b4ba59afbe98802/mediatek/WIFI_RAM_CODE_MT7922_1.bin?inline=false xz --check=crc32 /tmp/mediatek-firmware/WIFI_MT7922_patch_mcu_1_1_hdr.bin xz --check=crc32 /tmp/mediatek-firmware/WIFI_RAM_CODE_MT7922_1.bin mv -vf /tmp/mediatek-firmware/* /usr/lib/firmware/mediatek/ diff --git a/build_files/base/07-brew.sh b/build_files/base/07-brew.sh index 39c99b21e57..f8264b5a4c6 100755 --- a/build_files/base/07-brew.sh +++ b/build_files/base/07-brew.sh @@ -10,7 +10,7 @@ mkdir -p /var/home mkdir -p /var/roothome # Brew Install Script -curl -Lo /tmp/brew-install https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh +curl --retry 3 -Lo /tmp/brew-install https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh chmod +x /tmp/brew-install /tmp/brew-install tar --zstd -cvf /usr/share/homebrew.tar.zst /home/linuxbrew/.linuxbrew diff --git a/build_files/base/fetch-quadlets.sh b/build_files/base/fetch-quadlets.sh index 57eef59dfc4..06a3ffbb0f4 100755 --- a/build_files/base/fetch-quadlets.sh +++ b/build_files/base/fetch-quadlets.sh @@ -6,27 +6,27 @@ set -ouex pipefail mkdir -p /etc/containers/systemd/users # bluefin-cli -curl -Lo /etc/containers/systemd/users/bluefin-cli.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/bluefin-cli/bluefin-cli.container +curl --retry 3 -Lo /etc/containers/systemd/users/bluefin-cli.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/bluefin-cli/bluefin-cli.container sed -i 's/ContainerName=bluefin/ContainerName=bluefin-cli/' /etc/containers/systemd/users/bluefin-cli.container # bluefin-dx-cli -curl -Lo /etc/containers/systemd/users/bluefin-dx-cli.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/bluefin-cli/bluefin-dx-cli.container +curl --retry 3 -Lo /etc/containers/systemd/users/bluefin-dx-cli.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/bluefin-cli/bluefin-dx-cli.container sed -i 's/ContainerName=bluefin/ContainerName=bluefin-dx-cli/' /etc/containers/systemd/users/bluefin-dx-cli.container # fedora-toolbox -curl -Lo /etc/containers/systemd/users/fedora-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/fedora-toolbox/fedora-distrobox-quadlet.container +curl --retry 3 -Lo /etc/containers/systemd/users/fedora-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/fedora-toolbox/fedora-distrobox-quadlet.container sed -i 's/ContainerName=fedora-distrobox-quadlet/ContainerName=fedora-toolbox/' /etc/containers/systemd/users/fedora-toolbox.container # ubuntu-toolbox -curl -Lo /etc/containers/systemd/users/ubuntu-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/ubuntu-toolbox/ubuntu-distrobox-quadlet.container +curl --retry 3 -Lo /etc/containers/systemd/users/ubuntu-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/ubuntu-toolbox/ubuntu-distrobox-quadlet.container sed -i 's/ContainerName=ubuntu-distrobox-quadlet/ContainerName=ubuntu-toolbox/' /etc/containers/systemd/users/ubuntu-toolbox.container # wolfi-toolbox -curl -Lo /etc/containers/systemd/users/wolfi-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/wolfi-toolbox/wolfi-distrobox-quadlet.container +curl --retry 3 -Lo /etc/containers/systemd/users/wolfi-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/wolfi-toolbox/wolfi-distrobox-quadlet.container sed -i 's/ContainerName=wolfi-quadlet/ContainerName=wolfi-toolbox/' /etc/containers/systemd/users/wolfi-toolbox.container # wolfi-dx-toolbox -curl -Lo /etc/containers/systemd/users/wolfi-dx-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/wolfi-toolbox/wolfi-dx-distrobox-quadlet.container +curl --retry 3 -Lo /etc/containers/systemd/users/wolfi-dx-toolbox.container https://raw.githubusercontent.com/ublue-os/toolboxes/main/quadlets/wolfi-toolbox/wolfi-dx-distrobox-quadlet.container sed -i 's/ContainerName=wolfi-quadlet/ContainerName=wolfi-dx-toolbox/' /etc/containers/systemd/users/wolfi-dx-toolbox.container # Brew Integration for Fedora and Ubuntu Toolboxes diff --git a/build_files/base/hwe-additions.sh b/build_files/base/hwe-additions.sh index 4ff86a34dff..c50bce7b91d 100755 --- a/build_files/base/hwe-additions.sh +++ b/build_files/base/hwe-additions.sh @@ -3,10 +3,10 @@ set -eoux pipefail # Asus/Surface for HWE -curl -Lo /etc/yum.repos.d/_copr_lukenukem-asus-linux.repo \ +curl --retry 3 -Lo /etc/yum.repos.d/_copr_lukenukem-asus-linux.repo \ https://copr.fedorainfracloud.org/coprs/lukenukem/asus-linux/repo/fedora-$(rpm -E %fedora)/lukenukem-asus-linux-fedora-$(rpm -E %fedora).repo -curl -Lo /etc/yum.repos.d/linux-surface.repo \ +curl --retry 3 -Lo /etc/yum.repos.d/linux-surface.repo \ https://pkg.surfacelinux.com/fedora/linux-surface.repo # Asus Firmware diff --git a/build_files/dx/01-install-copr-repos-dx.sh b/build_files/dx/01-install-copr-repos-dx.sh index c2ff4a4c591..7822e60d306 100755 --- a/build_files/dx/01-install-copr-repos-dx.sh +++ b/build_files/dx/01-install-copr-repos-dx.sh @@ -4,26 +4,26 @@ set -eoux pipefail #incus, lxc, lxd if [[ "${FEDORA_MAJOR_VERSION}" -lt "41" ]]; then - curl -Lo /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo \ + curl --retry 3 -Lo /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo \ https://copr.fedorainfracloud.org/coprs/ganto/lxc4/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo fi #umoci -curl -Lo /etc/yum.repos.d/ganto-umoci-fedora-"${FEDORA_MAJOR_VERSION}".repo \ +curl --retry 3 -Lo /etc/yum.repos.d/ganto-umoci-fedora-"${FEDORA_MAJOR_VERSION}".repo \ https://copr.fedorainfracloud.org/coprs/ganto/umoci/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ganto-umoci-fedora-"${FEDORA_MAJOR_VERSION}".repo #ublue-os staging -curl -Lo /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo \ +curl --retry 3 -Lo /etc/yum.repos.d/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo \ https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ublue-os-staging-fedora-"${FEDORA_MAJOR_VERSION}".repo #karmab-kcli -curl -Lo /etc/yum.repos.d/karmab-kcli-fedora-"${FEDORA_MAJOR_VERSION}".repo \ +curl --retry 3 -Lo /etc/yum.repos.d/karmab-kcli-fedora-"${FEDORA_MAJOR_VERSION}".repo \ https://copr.fedorainfracloud.org/coprs/karmab/kcli/repo/fedora-"${FEDORA_MAJOR_VERSION}"/karmab-kcli-fedora-"${FEDORA_MAJOR_VERSION}".repo # Fonts -curl -Lo /etc/yum.repos.d/atim-ubuntu-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo \ +curl --retry 3 -Lo /etc/yum.repos.d/atim-ubuntu-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo \ https://copr.fedorainfracloud.org/coprs/atim/ubuntu-fonts/repo/fedora-"${FEDORA_MAJOR_VERSION}"/atim-ubuntu-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo # Kvmfr module -curl -Lo /etc/yum.repos.d/hikariknight-looking-glass-kvmfr-fedora-"${FEDORA_MAJOR_VERSION}".repo \ +curl --retry 3 -Lo /etc/yum.repos.d/hikariknight-looking-glass-kvmfr-fedora-"${FEDORA_MAJOR_VERSION}".repo \ https://copr.fedorainfracloud.org/coprs/hikariknight/looking-glass-kvmfr/repo/fedora-"${FEDORA_MAJOR_VERSION}"/hikariknight-looking-glass-kvmfr-fedora-"${FEDORA_MAJOR_VERSION}".repo diff --git a/build_files/dx/02-install-kernel-akmods-dx.sh b/build_files/dx/02-install-kernel-akmods-dx.sh index 5cc8d11b5ad..d1c554f02f7 100755 --- a/build_files/dx/02-install-kernel-akmods-dx.sh +++ b/build_files/dx/02-install-kernel-akmods-dx.sh @@ -5,7 +5,7 @@ set -ouex pipefail sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo # Fetch Kernel RPMS -skopeo copy docker://ghcr.io/ublue-os/"${AKMODS_FLAVOR}"-kernel:"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/kernel-rpms +skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/"${AKMODS_FLAVOR}"-kernel:"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/kernel-rpms KERNEL_TARGZ=$(jq -r '.layers[].digest' < /tmp/kernel-rpms/manifest.json | cut -d : -f 2) tar -xvzf /tmp/kernel-rpms/"$KERNEL_TARGZ" -C / mv /tmp/rpms/* /tmp/kernel-rpms/ @@ -13,7 +13,7 @@ mv /tmp/rpms/* /tmp/kernel-rpms/ rpm-ostree install /tmp/kernel-rpms/kernel-devel-*.rpm # Fetch AKMODS RPMS -skopeo copy docker://ghcr.io/ublue-os/akmods:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods +skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods AKMODS_TARGZ=$(jq -r '.layers[].digest' < /tmp/akmods/manifest.json | cut -d : -f 2) tar -xvzf /tmp/akmods/"$AKMODS_TARGZ" -C /tmp/ mv /tmp/rpms/* /tmp/akmods/ diff --git a/build_files/dx/04-override-install-dx.sh b/build_files/dx/04-override-install-dx.sh index 24426551caa..32eb825524e 100755 --- a/build_files/dx/04-override-install-dx.sh +++ b/build_files/dx/04-override-install-dx.sh @@ -2,13 +2,13 @@ set -eoux pipefail -curl -Lo /tmp/kind "https://github.com/kubernetes-sigs/kind/releases/latest/download/kind-$(uname)-amd64" +curl --retry 3 -Lo /tmp/kind "https://github.com/kubernetes-sigs/kind/releases/latest/download/kind-$(uname)-amd64" chmod +x /tmp/kind mv /tmp/kind /usr/bin/kind # GitHub Monaspace Font -DOWNLOAD_URL=$(curl https://api.github.com/repos/githubnext/monaspace/releases/latest | jq -r '.assets[] | select(.name| test(".*.zip$")).browser_download_url') -curl -Lo /tmp/monaspace-font.zip "$DOWNLOAD_URL" +DOWNLOAD_URL=$(curl --retry 3 https://api.github.com/repos/githubnext/monaspace/releases/latest | jq -r '.assets[] | select(.name| test(".*.zip$")).browser_download_url') +curl --retry 3 -Lo /tmp/monaspace-font.zip "$DOWNLOAD_URL" unzip -qo /tmp/monaspace-font.zip -d /tmp/monaspace-font mkdir -p /usr/share/fonts/monaspace From 7ba8c275a568e2888c8b0705e4faa9ab534124b2 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Tue, 5 Nov 2024 16:50:11 -0500 Subject: [PATCH 054/101] more changes to justfile --- Justfile | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/Justfile b/Justfile index 875be06736e..4df1cdb2cc1 100644 --- a/Justfile +++ b/Justfile @@ -151,8 +151,9 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin # Fedora Version if [[ "${tag}" =~ stable ]]; then + # CoreOS does not uses cosign fedora_version=$(skopeo inspect --retry-times 3 docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') - # Verify Base Image with cosign -- coreos does not use cosign + # Verify Base Image with cosign just verify-container "${base_image_name}-main:${fedora_version}" else # Verify Base Image with cosign @@ -329,7 +330,9 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": just sudoif "rm -rf ${OUTNAME}*" just sudoif "rm -f previous.manifest.json" - just secureboot "${image}" "${tag}" "${flavor}" + if [[ {{ ghcr }} == "1" ]]; then + just secureboot "${image}" "${tag}" "${flavor}" + fi # Run Container run image="bluefin" tag="latest" flavor="main": @@ -571,6 +574,7 @@ verify-container container="" registry="ghcr.io/ublue-os" key="": fi # Secureboot Check +[private] secureboot image="bluefin" tag="latest" flavor="main": #!/usr/bin/bash set -eoux pipefail @@ -624,16 +628,14 @@ secureboot image="bluefin" tag="latest" flavor="main": CMD="podman exec ${temp_name} /usr/bin/sbverify" fi - # Confirm that Signature are good + # Confirm that Signatures Are Good $CMD --list /tmp/vmlinuz + returncode=0 if ! $CMD --cert /tmp/kernel-sign.crt /tmp/vmlinuz || ! $CMD --cert /tmp/akmods.crt /tmp/vmlinuz; then - if [[ -n "${temp_name:-}" ]]; then - podman rm -f "${temp_name}" - fi echo "Secureboot Signature Failed...." - exit 1 - else - if [[ -n "${temp_name:-}" ]]; then - podman rm -f "${temp_name}" - fi + returncode=1 + fi + if [[ -n "${temp_name:-}" ]]; then + podman rm -f "${temp_name}" fi + exit "$returncode" From eeb95ad3d25eab880443eeb12bb913f692714b0c Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Wed, 6 Nov 2024 22:08:41 -0500 Subject: [PATCH 055/101] add groups --- Justfile | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/Justfile b/Justfile index 4df1cdb2cc1..b3ae9086a6d 100644 --- a/Justfile +++ b/Justfile @@ -23,6 +23,7 @@ default: @just --list # Check Just Syntax +[group('Just')] check: #!/usr/bin/bash find . -type f -name "*.just" | while read -r file; do @@ -33,6 +34,7 @@ check: just --unstable --fmt --check -f Justfile # Fix Just Syntax +[group('Just')] fix: #!/usr/bin/bash find . -type f -name "*.just" | while read -r file; do @@ -43,6 +45,7 @@ fix: just --unstable --fmt -f Justfile || { exit 1; } # Clean Repo +[group('Utility')] clean: #!/usr/bin/bash set -eoux pipefail @@ -53,11 +56,13 @@ clean: rm -f output.env # Sudo Clean Repo +[group('Utility')] sudo-clean: just sudoif just clean # Check if valid combo [private] +[group('Utility')] validate image="" tag="" flavor="": #!/usr/bin/bash set -eoux pipefail @@ -91,6 +96,7 @@ validate image="" tag="" flavor="": # sudoif bash function [private] +[group('Utility')] sudoif command *args: #!/usr/bin/bash function sudoif(){ @@ -107,6 +113,7 @@ sudoif command *args: sudoif {{ command }} {{ args }} # Build Image +[group('Image')] build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin="": #!/usr/bin/bash set -eoux pipefail @@ -224,16 +231,19 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin fi # Build Image and Rechunk +[group('Image')] build-rechunk image="bluefin" tag="latest" flavor="main" kernel_pin="": @just build {{ image }} {{ tag }} {{ flavor }} 1 0 {{ kernel_pin }} # Build Image for Pipeline: +[group('Production')] build-pipeline image="bluefin" tag="latest" flavor="main" kernel_pin="": @if [[ "${UID}" > 0 ]]; then echo "Must run with sudo"; exit 1; fi @just build {{ image }} {{ tag }} {{ flavor }} 1 1 {{ kernel_pin }} # Rechunk Image [private] +[group('Image')] rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": #!/usr/bin/bash set -eoux pipefail @@ -335,6 +345,7 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": fi # Run Container +[group('Image')] run image="bluefin" tag="latest" flavor="main": #!/usr/bin/bash set -eoux pipefail @@ -362,6 +373,7 @@ run image="bluefin" tag="latest" flavor="main": podman run -it --rm localhost/"${image_name}":"${tag}" bash # Build ISO +[group('ISO')] build-iso image="bluefin" tag="latest" flavor="main" ghcr="0": #!/usr/bin/bash set -eoux pipefail @@ -484,13 +496,18 @@ build-iso image="bluefin" tag="latest" flavor="main" ghcr="0": iso_build_args+=(WEBUI="false") just sudoif podman run "${iso_build_args[@]}" - just sudoif chown "${UID}:${GROUPS}" -R "${PWD}" + + if [[ "${UID}" -gt "0" ]]; then + just sudoif chown "${UID}:${GROUPS}" -R "${PWD}" + fi # Build ISO using GHCR Image +[group('Production')] build-iso-ghcr image="bluefin" tag="latest" flavor="main": @just build-iso {{ image }} {{ tag }} {{ flavor }} 1 # Run ISO +[group('ISO')] run-iso image="bluefin" tag="latest" flavor="main": #!/usr/bin/bash set -eoux pipefail @@ -538,27 +555,31 @@ run-iso image="bluefin" tag="latest" flavor="main": fg "%podman" # Test Changelogs +[group('Changelogs')] changelogs branch="stable": #!/usr/bin/bash - set -eoux pipefail + set -eou pipefail python3 ./.github/changelogs.py {{ branch }} ./output.env ./changelog.md --workdir . # Verify Container with Cosign +[group('Utility')] verify-container container="" registry="ghcr.io/ublue-os" key="": #!/usr/bin/bash set -eoux pipefail # Get Cosign if Needed if [[ ! $(command -v cosign) ]]; then - CONTAINER_ID=$(just sudoif podman create cgr.dev/chainguard/cosign:latest bash) - just sudoif podman cp "${CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign - just sudoif podman rm -f "${CONTAINER_ID}" + COSIGN_CONTAINER_ID=$(just sudoif podman create cgr.dev/chainguard/cosign:latest bash) + just sudoif podman cp "${COSIGN_CONTAINER_ID}":/usr/bin/cosign /usr/local/bin/cosign + just sudoif podman rm -f "${COSIGN_CONTAINER_ID}" fi - # Verify Cosign Image Signatures - if ! cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity=https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main cgr.dev/chainguard/cosign | jq >/dev/null; then - echo "NOTICE: Failed to verify cosign image signatures." - exit 1 + # Verify Cosign Image Signatures if needed + if [[ -n "${COSIGN_CONTAINER_ID:-}" ]]; then + if ! cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com --certificate-identity=https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main cgr.dev/chainguard/cosign >/dev/null; then + echo "NOTICE: Failed to verify cosign image signatures." + exit 1 + fi fi # Public Key for Container Verification @@ -568,13 +589,13 @@ verify-container container="" registry="ghcr.io/ublue-os" key="": fi # Verify Container using cosign public key - if ! cosign verify --key "${key}" "{{ registry }}"/"{{ container }}" | jq; then + if ! cosign verify --key "${key}" "{{ registry }}"/"{{ container }}" >/dev/null; then echo "NOTICE: Verification failed. Please ensure your public key is correct." exit 1 fi # Secureboot Check -[private] +[group('Utility')] secureboot image="bluefin" tag="latest" flavor="main": #!/usr/bin/bash set -eoux pipefail From f12b0ccbb669178baa12d9903f18bea6075fa084 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 13:06:52 -0500 Subject: [PATCH 056/101] workflow-conversion to justfile --- .github/workflows/reusable-build-iso.yml | 113 +--------- .github/workflows/reusable-build.yml | 255 +++-------------------- Justfile | 55 +++-- 3 files changed, 80 insertions(+), 343 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 2c02e90fe44..68fe1fd5ab9 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -40,109 +40,17 @@ jobs: - name: Checkout Repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Matrix Variables + - name: Image Name run: | - if [[ "${{ matrix.image_flavor }}" == "main" ]]; then - echo "IMAGE_NAME=${{ matrix.base_name }}" >> $GITHUB_ENV - else - echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.base_name, matrix.image_flavor) }}" >> $GITHUB_ENV - fi - if [[ ${{ matrix.base_name }} =~ bluefin ]]; then - echo "VARIANT=Silverblue" >> $GITHUB_ENV - elif [[ ${{ matrix.base_name }} =~ aurora ]]; then - echo "VARIANT=Kinoite" >> $GITHUB_ENV - fi - - name: Get Current Fedora Version - id: labels + - name: Build ISO shell: bash run: | - set -eo pipefail - kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ matrix.stream_name }} | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') - fedora_version=$(echo $kernel_release | grep -oP 'fc\K[0-9]+') - echo "kernel_release=$kernel_release" >> $GITHUB_OUTPUT - echo "fedora_version=$fedora_version" >> $GITHUB_OUTPUT - - - name: Set Image Tag - id: generate-tag - shell: bash - run: | - TAG="${{ matrix.stream_name }}" - - if [[ "${{ github.ref_name }}" == "testing" ]]; then - TAG="testing-${TAG}" - fi - - # Would like to implement in the future. This will allow us to support image tags from a PR. - #if [[ github.event.number ]]; then - # TAG="pr-${{ github.event.number }}-${{ matrix.stream_name }}" - #fi - - echo "tag=${TAG}" >> $GITHUB_OUTPUT - - - name: Set Flatpaks Directory Shortname - id: generate-flatpak-dir-shortname - shell: bash - run: | - if [[ "${{ matrix.brand_name }}" =~ bluefin ]]; then - FLATPAK_DIR_SHORTNAME="bluefin_flatpaks" - elif [[ "${{ matrix.brand_name }}" =~ aurora ]]; then - FLATPAK_DIR_SHORTNAME="aurora_flatpaks" - fi - echo "flatpak-dir-shortname=${FLATPAK_DIR_SHORTNAME}" >> $GITHUB_OUTPUT - - - name: Determine Flatpak Dependencies - id: flatpak_dependencies - shell: bash - run: | - set -ex - image="ghcr.io/ublue-os/${{ env.IMAGE_NAME }}:${{ matrix.stream_name }}" - # Make temp space - TEMP_FLATPAK_INSTALL_DIR=$(mktemp -d -p ${{ github.workspace }} flatpak.XXX) - # Get list of refs from directory - FLATPAK_REFS_DIR=${{ github.workspace }}/${{ steps.generate-flatpak-dir-shortname.outputs.flatpak-dir-shortname }} - FLATPAK_REFS_DIR_LIST=$(cat ${FLATPAK_REFS_DIR}/* | tr '\n' ' ' ) - DX_FLATPAK_REFS_DIR_LIST="$(cat dx_flatpaks/* | tr '\n' ' ' )" - if [[ ${{ env.IMAGE_NAME }} == *"-dx"* ]]; then - FLATPAK_REFS_DIR_LIST="${FLATPAK_REFS_DIR_LIST} ${DX_FLATPAK_REFS_DIR_LIST}" - fi - # Generate install script - cat << EOF > ${TEMP_FLATPAK_INSTALL_DIR}/script.sh - cat /temp_flatpak_install_dir/script.sh - mkdir -p /flatpak/flatpak /flatpak/triggers - mkdir /var/tmp || true - chmod -R 1777 /var/tmp - flatpak config --system --set languages "*" - flatpak remote-add --system flathub https://flathub.org/repo/flathub.flatpakrepo - flatpak install --system -y ${FLATPAK_REFS_DIR_LIST} - ostree refs --repo=\${FLATPAK_SYSTEM_DIR}/repo | grep '^deploy/' | grep -v 'org\.freedesktop\.Platform\.openh264' | sed 's/^deploy\///g' > /output/flatpaks_with_deps - EOF - docker run --rm --privileged \ - --entrypoint bash \ - -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak \ - -e FLATPAK_TRIGGERSDIR=/flatpak/triggers \ - --volume ${FLATPAK_REFS_DIR}:/output \ - --volume ${TEMP_FLATPAK_INSTALL_DIR}:/temp_flatpak_install_dir \ - ${image} /temp_flatpak_install_dir/script.sh - docker rmi ${image} - - - name: Build ISOs - uses: jasonn3/build-container-installer@a1ce6da2d6c1af0561bec053366d0f3aa7e38743 # v1.2.3 - id: build - with: - arch: x86_64 - image_name: ${{ env.IMAGE_NAME }} - image_repo: ghcr.io/ublue-os - variant: ${{ env.VARIANT }} - version: ${{ steps.labels.outputs.fedora_version }} - image_tag: ${{ steps.generate-tag.outputs.tag }} - secure_boot_key_url: "https://github.com/ublue-os/akmods/raw/main/certs/public_key.der" - enrollment_password: "universalblue" - iso_name: ${{ env.IMAGE_NAME }}-${{ steps.generate-tag.outputs.tag }}.iso - enable_cache_dnf: "false" - enable_cache_skopeo: "false" - flatpak_remote_refs_dir: ${{ steps.generate-flatpak-dir-shortname.outputs.flatpak-dir-shortname }} - enable_flatpak_dependencies: "false" + sudo just build-iso-ghcr "${{ matrix.base_name }} ${{ matrix.stream_name }} ${{ matrix.image_flavor }}" + image_name="$(just image_name ${{ matrix.base_name }} ${{ matrix.image_flavor }})" + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "ISO_BUILD_DIR=${{ github.workspace }}/${image_name}_build" >> $GITHUB_ENV + echo "ISO_NAME=${image_name}.iso" >> $GITHUB_ENV - name: Move ISOs to Upload Directory id: upload-directory @@ -150,16 +58,15 @@ jobs: run: | ISO_UPLOAD_DIR=${{ github.workspace }}/upload mkdir ${ISO_UPLOAD_DIR} - mv ${{ steps.build.outputs.iso_path }}/${{ steps.build.outputs.iso_name }} ${ISO_UPLOAD_DIR} - mv ${{ steps.build.outputs.iso_path }}/${{ steps.build.outputs.iso_name }}-CHECKSUM ${ISO_UPLOAD_DIR} + mv ${{ env.ISO_BUILD_DIR }}/${{ env.ISO_NAME }} ${ISO_UPLOAD_DIR} + mv ${{ env.ISO_BUILD_DIR }}/${{ env.ISO_NAME }}-CHECKSUM ${ISO_UPLOAD_DIR} echo "iso-upload-dir=${ISO_UPLOAD_DIR}" >> $GITHUB_OUTPUT - name: Upload ISOs and Checksum to Job Artifacts if: github.ref_name == 'testing' - #if: github.event_name == 'pull_request' uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: - name: ${{ steps.build.outputs.iso_name }} + name: ${{ env.ISO_NAME }} path: ${{ steps.upload-directory.outputs.iso-upload-dir }} if-no-files-found: error retention-days: 0 diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 69fd9a6860e..3adb302dafa 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -46,120 +46,19 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Matrix Variables - shell: bash - run: | - set -eoux pipefail - # IMAGE_NAME - if [[ "${{ matrix.image_flavor }}" == "main" ]]; then - echo "IMAGE_NAME=${{ matrix.base_name }}" >> $GITHUB_ENV - else - echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.base_name, matrix.image_flavor) }}" >> $GITHUB_ENV - fi - - # BASE_IMAGE_NAME - if [[ "${{ matrix.base_name }}" =~ "bluefin" ]]; then - echo "BASE_IMAGE_NAME"="silverblue" >> $GITHUB_ENV - elif [[ "${{ matrix.base_name }}" =~ "aurora" ]]; then - echo "BASE_IMAGE_NAME"="kinoite" >> $GITHUB_ENV - fi - - # TARGET_NAME - if [[ "${{ matrix.base_name }}" =~ "dx" ]]; then - echo "TARGET_NAME"="dx" >> $GITHUB_ENV - else - echo "TARGET_NAME"="base" >> $GITHUB_ENV - fi - - # AKMODS_FLAVOR - if [[ "${{ matrix.image_flavor }}" =~ "hwe" ]]; then - echo "AKMODS_FLAVOR=bazzite" >> $GITHUB_ENV - elif [[ "${{ matrix.stream_name }}" =~ stable|gts ]]; then - echo "AKMODS_FLAVOR=coreos-stable" >> $GITHUB_ENV - elif [[ "${{ matrix.stream_name }}" =~ beta ]]; then - echo "AKMODS_FLAVOR=coreos-testing" >> $GITHUB_ENV - else - echo "AKMODS_FLAVOR=main" >> $GITHUB_ENV - fi - - - name: Get Current Fedora Version - id: labels - uses: Wandalen/wretry.action@8ceaefd717b7cdae4f2637f9a433242ade421a0a # v3.7.2 - with: - attempt_limit: 3 - attempt_delay: 15000 - command: | - set -eoux pipefail - - # Fedora Version - if [[ "${{ matrix.stream_name }}" =~ stable ]]; then - fedora_version=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') - else - fedora_version=$(skopeo inspect docker://ghcr.io/ublue-os/base-main:${{ matrix.stream_name }} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') - fi - - # Kernel Release for ostree.linux label - if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then - kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/bazzite-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') - elif [[ "${{ matrix.stream_name }}" =~ latest|beta ]]; then - kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/main-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') - else - kernel_release=$(skopeo inspect docker://ghcr.io/ublue-os/coreos-stable-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') - fi - - # Get Version - ver=$(skopeo inspect docker://ghcr.io/ublue-os/"${{ env.BASE_IMAGE_NAME }}"-main:"${fedora_version}" | jq -r '.Labels["org.opencontainers.image.version"]') - if [ -z "$ver" ] || [ "null" = "$ver" ]; then - echo "inspected image version must not be empty or null" - exit 1 - fi - - kernel_pin="${{ inputs.kernel_pin }}" - - if [[ -n "${kernel_pin:-}" ]]; then - kernel_release="${kernel_pin}" - fedora_version="$(grep -oP 'fc\K[0-9]+' <<< ${kernel_pin})" - - # check to make sure pin exists - if [[ $(skopeo inspect docker://ghcr.io/ublue-os/"${{ env.AKMODS_FLAVOR }}"-kernel:"${kernel_pin}" | jq -r '.Labels["ostree.linux"]') != "${kernel_pin}" ]]; then - echo "Kernel Pin does not exist" - exit 1 - fi - fi - - # Push into GITHUB ENV - echo "KERNEL_RELEASE=$kernel_release" >> $GITHUB_ENV - echo "FEDORA_VERSION=$fedora_version" >> $GITHUB_ENV - echo "VERSION=$ver" >> $GITHUB_ENV - - - name: Verify base image - uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 - with: - containers: ${{ env.BASE_IMAGE_NAME}}-main:${{ env.FEDORA_VERSION }} - - - name: Verify Akmods - uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 - with: - containers: akmods:${{ env.AKMODS_FLAVOR}}-${{ env.FEDORA_VERSION }}-${{ env.KERNEL_RELEASE }} - - - name: Verify Nvidia - uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 - with: - containers: akmods-nvidia:${{ env.AKMODS_FLAVOR}}-${{ env.FEDORA_VERSION }}-${{ env.KERNEL_RELEASE }} - - - name: Verify ZFS - uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 - if: contains(env.AKMODS_FLAVOR, 'coreos') - with: - containers: akmods-zfs:${{ env.AKMODS_FLAVOR }}-${{ env.FEDORA_VERSION }}-${{ env.KERNEL_RELEASE }} - - - name: Verify Kernel Cache - uses: EyeCantCU/cosign-action/verify@58722a084c82190b57863002d494c91eabbe9e79 # v0.3.0 - with: - containers: ${{ env.AKMODS_FLAVOR }}-kernel:${{ env.KERNEL_RELEASE }} - - name: Check just syntax uses: ublue-os/just-action@bda593098a84a84973b002b4377709166a68be52 # v2 + + - name: Maximize build space + uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 + with: + remove-codeql: true + + - name: Build Image + id: build-image + shell: bash + run: | + sudo just build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" - name: Generate tags id: generate-tags @@ -169,6 +68,8 @@ jobs: TIMESTAMP="$(date +%Y%m%d)" TODAY="$(date +%A)" WEEKLY="Sunday" + FEDORA_VERSION="$(just fedora_version ${{ matrix.base_name}} ${{ matrix.stream_name}} ${{ matrix.image_flavor}} 1)" + IMAGE_NAME="$(just image_name ${{ matrix.base_name }} ${{ matrix.image_flavor }})" # Arrays for Tags COMMIT_TAGS=() @@ -194,7 +95,7 @@ jobs: elif [[ "${{ matrix.stream_name }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch|workflow_call ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") elif [[ ! "${{ matrix.stream_name}}" =~ "stable" ]]; then - BUILD_TAGS+=("${{ env.FEDORA_VERSION }}" "${{ env.FEDORA_VERSION }}-${TIMESTAMP}") + BUILD_TAGS+=("${FEDORA_VERSION}" "${FEDORA_VERSION}-${TIMESTAMP}") fi # Prepend testing if built on testing branch @@ -222,78 +123,7 @@ jobs: fi echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - - # Build metadata - - name: Image Metadata - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 - id: meta - with: - images: | - ${{ env.IMAGE_NAME }} - labels: | - org.opencontainers.image.title=${{ env.IMAGE_NAME }} - org.opencontainers.image.version=${{ env.VERSION }} - org.opencontainers.image.description=An interpretation of the Ubuntu spirit built on Fedora technology - ostree.linux=${{ env.KERNEL_RELEASE }} - io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/bluefin/bluefin/README.md - io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 - - - name: Define env.SHA_HEAD_SHORT - run: | - echo "SHA_HEAD_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV - - - name: Maximize build space - uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 - with: - remove-codeql: true - - - name: Pull images - uses: Wandalen/wretry.action@8ceaefd717b7cdae4f2637f9a433242ade421a0a # v3.7.2 - with: - attempt_limit: 3 - attempt_delay: 15000 - command: | - # pull the base image used for FROM in containerfile so - # we can retry on that unfortunately common failure case - sudo podman pull ${{ env.IMAGE_REGISTRY }}/${{ env.BASE_IMAGE_NAME }}-main:${{ env.FEDORA_VERSION }} - - - name: Build Image - id: build_image - run: | - set -euox pipefail - - BUILD_ARGS=() - BUILD_ARGS+=("--build-arg" "AKMODS_FLAVOR=${{ env.AKMODS_FLAVOR }}") - BUILD_ARGS+=("--build-arg" "BASE_IMAGE_NAME=${{ env.BASE_IMAGE_NAME }}") - BUILD_ARGS+=("--build-arg" "FEDORA_MAJOR_VERSION=${{ env.FEDORA_VERSION }}") - BUILD_ARGS+=("--build-arg" "IMAGE_NAME=${{ env.IMAGE_NAME }}") - BUILD_ARGS+=("--build-arg" "IMAGE_VENDOR=${{ github.repository_owner }}") - BUILD_ARGS+=("--build-arg" "KERNEL=${{ env.KERNEL_RELEASE }}") - BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=${{ env.SHA_HEAD_SHORT }}") - BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${{ matrix.stream_name }}") - - TAG_ARGS=() - IFS=' ' read -r -a tags_array <<< "${{ steps.generate-tags.outputs.alias_tags }}" - for tag in "${tags_array[@]}"; do - TAG_ARGS+=("--tag" "${{ env.IMAGE_NAME }}:${tag}") - done - - LABEL_ARGS=() - IFS=' ' read -r -a labels_array <<< "${{ steps.meta.outputs.labels }}" - for label in "${labels_array[@]}"; do - LABEL_ARGS+=("--label" "${label}") - done - - sudo podman build --format docker --target ${{ env.TARGET_NAME }} \ - "${BUILD_ARGS[@]}" \ - "${LABEL_ARGS[@]}" \ - --tag raw-img \ - . - - sudo podman image ls - - echo "image=${{ env.IMAGE_NAME }}" >> $GITHUB_OUTPUT - echo "tags=${{ steps.generate-tags.outputs.alias_tags }}" >> $GITHUB_OUTPUT + echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. # https://github.com/macbre/push-to-ghcr/issues/12 @@ -303,26 +133,16 @@ jobs: with: string: ${{ env.IMAGE_REGISTRY }} - - name: Rechunk Image - id: rechunk - uses: hhd-dev/rechunk@v1.0.1 - with: - rechunk: ghcr.io/hhd-dev/rechunk:v1.0.1 - ref: "raw-img" - skip_compression: "true" - labels: ${{ steps.meta.outputs.labels }} - prev-ref: ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}:${{ env.DEFAULT_TAG }} - - # Load Rechunked image and Tag them + # Tag Images - name: Load Rechunked Image shell: bash run: | set -eoux pipefail - IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }}) - sudo rm -rf ${{ steps.rechunk.outputs.output }} + + IMAGE=$(sudo podman inspect localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}) for tag in ${{ steps.build_image.outputs.tags }}; do - podman tag $IMAGE ${{ env.IMAGE_NAME }}:${tag} + sudo podman tag $IMAGE ${{ env.IMAGE_NAME }}:${tag} done # HWE Tagging @@ -333,37 +153,16 @@ jobs: surface_name="${image_name/hwe/surface}" for tag in ${{ steps.build_image.outputs.tags }}; do - podman tag "${IMAGE}" "${asus_name}":${tag} - podman tag "${IMAGE}" "${surface_name}":${tag} + sudo podman tag "${IMAGE}" "${asus_name}":${tag} + sudo podman tag "${IMAGE}" "${surface_name}":${tag} done fi - podman tag $IMAGE rechunked-img - podman images - - # Check that Kernel is signed with Secureboot Keys - - name: Check Secureboot - shell: bash - run: | - set -x - if [[ ! $(command -v sbverify) || ! $(command -v curl) || ! $(command -v openssl) ]]; then - sudo apt update - sudo apt install sbsigntool curl openssl - fi - TMP=$(podman create rechunked-img bash) - podman cp $TMP:/usr/lib/modules/${{ env.KERNEL_RELEASE }}/vmlinuz . - podman rm $TMP - sbverify --list vmlinuz - curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der - curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der - openssl x509 -in kernel-sign.der -out kernel-sign.crt - openssl x509 -in akmods.der -out akmods.crt - sbverify --cert kernel-sign.crt vmlinuz || exit 1 - sbverify --cert akmods.crt vmlinuz || exit 1 + sudo podman images - name: Login to GitHub Container Registry if: github.event_name != 'pull_request' run: | - echo ${{ secrets.GITHUB_TOKEN }} | podman login ghcr.io -u ${{ github.actor }} --password-stdin + echo ${{ secrets.GITHUB_TOKEN }} | sudo podman login ghcr.io -u ${{ github.actor }} --password-stdin echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin - name: Push to GHCR @@ -377,7 +176,7 @@ jobs: set -euox pipefail for tag in ${{ steps.build_image.outputs.tags }}; do - podman push ${{ env.IMAGE_NAME }}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${tag} + sudo podman push ${{ env.IMAGE_NAME }}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${tag} done if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then @@ -387,11 +186,13 @@ jobs: surface_name="${image_name/hwe/surface}" for tag in ${{ steps.build_image.outputs.tags }}; do - podman push ${asus_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${asus_name}:${tag} - podman push ${surface_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${surface_name}:${tag} + sudo odman push ${asus_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${asus_name}:${tag} + sudo podman push ${surface_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${surface_name}:${tag} done fi + digest=$(skopeo inspect docker://${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} --format '{{.Digest}}') + echo "digest=${digest}" >> $GITHUB_OUTPUT # Sign container diff --git a/Justfile b/Justfile index b3ae9086a6d..eb1a0958591 100644 --- a/Justfile +++ b/Justfile @@ -1,4 +1,6 @@ repo_organization := "ublue-os" +rechunker_image := "ghcr.io/hhd-dev/rechunk:v1.0.1" +iso_builder_image := "ghcr.io/jasonn3/build-container-installer:v1.2.3" images := '( [aurora]=aurora [aurora-dx]=aurora-dx @@ -61,11 +63,11 @@ sudo-clean: just sudoif just clean # Check if valid combo -[private] [group('Utility')] +[private] validate image="" tag="" flavor="": #!/usr/bin/bash - set -eoux pipefail + set -eou pipefail declare -A images={{ images }} declare -A tags={{ tags }} declare -A flavors={{ flavors }} @@ -95,8 +97,8 @@ validate image="" tag="" flavor="": fi # sudoif bash function -[private] [group('Utility')] +[private] sudoif command *args: #!/usr/bin/bash function sudoif(){ @@ -242,8 +244,8 @@ build-pipeline image="bluefin" tag="latest" flavor="main" kernel_pin="": @just build {{ image }} {{ tag }} {{ flavor }} 1 1 {{ kernel_pin }} # Rechunk Image -[private] [group('Image')] +[private] rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": #!/usr/bin/bash set -eoux pipefail @@ -284,7 +286,7 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": MOUNT=$(just sudoif podman mount "${CREF}") # Rechunk Container - rechunker="ghcr.io/hhd-dev/rechunk:latest" + rechunker="{{ rechunker_image }}" # Run Rechunker's Prune just sudoif podman run --rm \ @@ -476,7 +478,7 @@ build-iso image="bluefin" tag="latest" flavor="main" ghcr="0": iso_build_args+=("--rm" "--privileged" "--pull=newer") iso_build_args+=(--volume "/var/lib/containers/storage:/var/lib/containers/storage:ro") iso_build_args+=(--volume "${PWD}:/github/workspace/") - iso_build_args+=(ghcr.io/jasonn3/build-container-installer:latest) + iso_build_args+=("{{ iso_builder_image }}") iso_build_args+=(ARCH="x86_64") iso_build_args+=(ENROLLMENT_PASSWORD="universalblue") iso_build_args+=(FLATPAK_REMOTE_REFS_DIR="/github/workspace/${build_dir}") @@ -563,7 +565,7 @@ changelogs branch="stable": # Verify Container with Cosign [group('Utility')] -verify-container container="" registry="ghcr.io/ublue-os" key="": +verify-container container="" registry="ghcr.io/ublue-os" key="": #!/usr/bin/bash set -eoux pipefail @@ -587,7 +589,7 @@ verify-container container="" registry="ghcr.io/ublue-os" key="": if [[ -z "${key:-}" ]]; then key="https://raw.githubusercontent.com/ublue-os/main/main/cosign.pub" fi - + # Verify Container using cosign public key if ! cosign verify --key "${key}" "{{ registry }}"/"{{ container }}" >/dev/null; then echo "NOTICE: Verification failed. Please ensure your public key is correct." @@ -616,11 +618,7 @@ secureboot image="bluefin" tag="latest" flavor="main": fi # Image Name - if [[ "${flavor}" =~ main ]]; then - image_name="${image}" - else - image_name="${image}-${flavor}" - fi + image_name=$(just image_name {{ image }} {{ flavor }}) # Get the vmlinuz to check kernel_release=$(podman inspect "${image_name}":"${tag}" | jq -r '.[].Config.Labels["ostree.linux"]') @@ -660,3 +658,34 @@ secureboot image="bluefin" tag="latest" flavor="main": podman rm -f "${temp_name}" fi exit "$returncode" + +# Get Fedora Version of an image +[group('Utility')] +fedora_version image="bluefin" tag="latest" flavor="main" ghcr="0" repo="localhost": + #!/usr/bin/bash + set -eou pipefail + just validate {{ image }} {{ tag }} {{ flavor }} + image_name=$(just image_name {{ image }} {{ flavor }}) + + tag="{{ tag }}" + if [[ "${tag}" =~ stable && "{{ ghcr }}" == "1" ]]; then + tag="${tag}-daily" + fi + if [[ "{{ repo }}" == "localhost" ]]; then + IMAGE_FULL="containers-storage:{{ repo }}/${image_name}:${tag}" + else + IMAGE_FULL="docker://{{ repo }}/${image_name}:${tag}" + fi + + echo $(skopeo inspect --retry-times 3 ${IMAGE_FULL} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + +# Image Name +[group('Utility')] +image_name image="bluefin" flavor="main": + #!/usr/bin/bash + if [[ "{{ flavor }}" =~ main ]]; then + image_name={{ image }} + else + image_name="{{ image }}-{{ flavor }}" + fi + echo "${image_name}" \ No newline at end of file From 81caaa1222335cd8a74e2942d5130d8bc4ff7784 Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Fri, 8 Nov 2024 13:28:48 -0500 Subject: [PATCH 057/101] Update .github/workflows/reusable-build.yml Co-authored-by: befanyt <172807209+befanyt@users.noreply.github.com> --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 3adb302dafa..75f8e43c758 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -186,7 +186,7 @@ jobs: surface_name="${image_name/hwe/surface}" for tag in ${{ steps.build_image.outputs.tags }}; do - sudo odman push ${asus_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${asus_name}:${tag} + sudo podman push ${asus_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${asus_name}:${tag} sudo podman push ${surface_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${surface_name}:${tag} done fi From 6f8c499fdf5d961406ec398609fe840e3de56ff2 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:26:36 -0500 Subject: [PATCH 058/101] install just in workflows --- .github/workflows/reusable-build-iso.yml | 4 ++-- .github/workflows/reusable-build.yml | 3 +++ Justfile | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 68fe1fd5ab9..37257d45b43 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -40,8 +40,8 @@ jobs: - name: Checkout Repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Image Name - run: | + - name: Instal Just + uses: extractions/setup-just@v2 - name: Build ISO shell: bash diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 75f8e43c758..c1d8313a0a2 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -45,6 +45,9 @@ jobs: steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + + - name: Instal Just + uses: extractions/setup-just@v2 - name: Check just syntax uses: ublue-os/just-action@bda593098a84a84973b002b4377709166a68be52 # v2 diff --git a/Justfile b/Justfile index 154c17e453d..934a7f2e91f 100644 --- a/Justfile +++ b/Justfile @@ -495,7 +495,7 @@ build-iso image="bluefin" tag="latest" flavor="main" ghcr="0": iso_build_args+=(VARIANT="Kinoite") fi iso_build_args+=(VERSION="$(skopeo inspect --retry-times 3 containers-storage:${IMAGE_FULL} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+')") - iso_build_args+=(WEBUI="false") + iso_build_args+=(WEB_UI="false") just sudoif podman run "${iso_build_args[@]}" From 0de45ac1bdfdd410337030d17c7e071bf7de2137 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:33:45 -0500 Subject: [PATCH 059/101] cp just to path --- .github/workflows/reusable-build-iso.yml | 5 +++-- .github/workflows/reusable-build.yml | 4 +--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 37257d45b43..879950ba026 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -40,12 +40,13 @@ jobs: - name: Checkout Repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Instal Just - uses: extractions/setup-just@v2 + - name: Check just syntax + uses: ublue-os/just-action@bda593098a84a84973b002b4377709166a68be52 # v2 - name: Build ISO shell: bash run: | + sudo cp $(which just) /usr/local/bin/just sudo just build-iso-ghcr "${{ matrix.base_name }} ${{ matrix.stream_name }} ${{ matrix.image_flavor }}" image_name="$(just image_name ${{ matrix.base_name }} ${{ matrix.image_flavor }})" echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index c1d8313a0a2..e13306f2311 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -46,9 +46,6 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Instal Just - uses: extractions/setup-just@v2 - - name: Check just syntax uses: ublue-os/just-action@bda593098a84a84973b002b4377709166a68be52 # v2 @@ -61,6 +58,7 @@ jobs: id: build-image shell: bash run: | + sudo cp $(which just) /usr/local/bin/just sudo just build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" - name: Generate tags From 4c25616c69232c7d724ed7e9db8c342749cced34 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:37:43 -0500 Subject: [PATCH 060/101] don't sudo check pipeline --- Justfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Justfile b/Justfile index 934a7f2e91f..e76bba1e9b6 100644 --- a/Justfile +++ b/Justfile @@ -240,7 +240,6 @@ build-rechunk image="bluefin" tag="latest" flavor="main" kernel_pin="": # Build Image for Pipeline: [group('Production')] build-pipeline image="bluefin" tag="latest" flavor="main" kernel_pin="": - @if [[ "${UID}" > 0 ]]; then echo "Must run with sudo"; exit 1; fi @just build {{ image }} {{ tag }} {{ flavor }} 1 1 {{ kernel_pin }} # Rechunk Image From da0ef85d25654887a11e6b6de723fa7256c7a994 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:55:56 -0500 Subject: [PATCH 061/101] fix typos --- .github/workflows/reusable-build.yml | 4 ++-- Justfile | 10 ++++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index e13306f2311..da09a6c29ec 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -54,7 +54,7 @@ jobs: with: remove-codeql: true - - name: Build Image + - name: Build and Rechunk Image id: build-image shell: bash run: | @@ -135,7 +135,7 @@ jobs: string: ${{ env.IMAGE_REGISTRY }} # Tag Images - - name: Load Rechunked Image + - name: Tag Images shell: bash run: | set -eoux pipefail diff --git a/Justfile b/Justfile index e76bba1e9b6..af3abed1430 100644 --- a/Justfile +++ b/Justfile @@ -240,7 +240,12 @@ build-rechunk image="bluefin" tag="latest" flavor="main" kernel_pin="": # Build Image for Pipeline: [group('Production')] build-pipeline image="bluefin" tag="latest" flavor="main" kernel_pin="": - @just build {{ image }} {{ tag }} {{ flavor }} 1 1 {{ kernel_pin }} + #!/usr/bin/bash + if [[ "${UID}" -gt "0" ]]; then + echo "Must Run with sudo or as root..." + exit 1 + fi + just build {{ image }} {{ tag }} {{ flavor }} 1 1 {{ kernel_pin }} # Rechunk Image [group('Image')] @@ -338,9 +343,10 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": # Cleanup just sudoif podman volume rm cache_ostree - just sudoif "rm -rf ${OUTNAME}*" + just sudoif "rm -rf ${OUT_NAME}*" just sudoif "rm -f previous.manifest.json" + # Secureboot Check if [[ {{ ghcr }} == "1" ]]; then just secureboot "${image}" "${tag}" "${flavor}" fi From 9cb5792d54761c1aee3f51e83f28f0daf48cab71 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 16:25:18 -0500 Subject: [PATCH 062/101] reorder workflow --- .github/workflows/reusable-build.yml | 41 ++++++++++++++-------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index da09a6c29ec..b6476fcf99f 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -48,18 +48,6 @@ jobs: - name: Check just syntax uses: ublue-os/just-action@bda593098a84a84973b002b4377709166a68be52 # v2 - - - name: Maximize build space - uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 - with: - remove-codeql: true - - - name: Build and Rechunk Image - id: build-image - shell: bash - run: | - sudo cp $(which just) /usr/local/bin/just - sudo just build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" - name: Generate tags id: generate-tags @@ -125,14 +113,18 @@ jobs: echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@d0603cd0a7dd490be678164909f65c7737470a7f # v6 + + - name: Maximize build space + uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 with: - string: ${{ env.IMAGE_REGISTRY }} + remove-codeql: true + + - name: Build and Rechunk Image + id: build-image + shell: bash + run: | + sudo cp $(which just) /usr/local/bin/just + sudo just build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" # Tag Images - name: Tag Images @@ -141,6 +133,7 @@ jobs: set -eoux pipefail IMAGE=$(sudo podman inspect localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}) + sudo podman untag localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} for tag in ${{ steps.build_image.outputs.tags }}; do sudo podman tag $IMAGE ${{ env.IMAGE_NAME }}:${tag} @@ -166,6 +159,14 @@ jobs: echo ${{ secrets.GITHUB_TOKEN }} | sudo podman login ghcr.io -u ${{ github.actor }} --password-stdin echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@d0603cd0a7dd490be678164909f65c7737470a7f # v6 + with: + string: ${{ env.IMAGE_REGISTRY }} + - name: Push to GHCR id: push if: github.event_name != 'pull_request' @@ -243,7 +244,7 @@ jobs: ${{ env.IMAGE_NAME }}-${{ matrix.stream_name }}.txt check: - name: Check all ${{ inputs.stream_name }} builds successful + name: Check all ${{ matrix.stream_name }} builds successful if: always() runs-on: ubuntu-latest needs: [build_container] From c8e0fe6b86f10d9c20287ed36dcb36869a1e39b3 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 16:45:03 -0500 Subject: [PATCH 063/101] fix env Name --- .github/workflows/reusable-build.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index b6476fcf99f..c8395beb0ac 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -112,7 +112,7 @@ jobs: fi echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV + echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV - name: Maximize build space uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 @@ -123,8 +123,10 @@ jobs: id: build-image shell: bash run: | + set -eoux pipefail sudo cp $(which just) /usr/local/bin/just sudo just build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" + sudo rm /usr/local/bin/just # Tag Images - name: Tag Images @@ -132,7 +134,7 @@ jobs: run: | set -eoux pipefail - IMAGE=$(sudo podman inspect localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}) + IMAGE=$(sudo podman inspect localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} | jq -r .[].Id) sudo podman untag localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} for tag in ${{ steps.build_image.outputs.tags }}; do From 5353069ecb3980b1de24b9339cb5e3c243aadec8 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 17:00:20 -0500 Subject: [PATCH 064/101] reorganize --- .github/workflows/reusable-build-iso.yml | 3 +-- .github/workflows/reusable-build.yml | 33 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 879950ba026..595adf9a7e3 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -46,9 +46,8 @@ jobs: - name: Build ISO shell: bash run: | - sudo cp $(which just) /usr/local/bin/just - sudo just build-iso-ghcr "${{ matrix.base_name }} ${{ matrix.stream_name }} ${{ matrix.image_flavor }}" image_name="$(just image_name ${{ matrix.base_name }} ${{ matrix.image_flavor }})" + sudo $(which just) build-iso-ghcr "${{ matrix.base_name }} ${{ matrix.stream_name }} ${{ matrix.image_flavor }}" echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV echo "ISO_BUILD_DIR=${{ github.workspace }}/${image_name}_build" >> $GITHUB_ENV echo "ISO_NAME=${image_name}.iso" >> $GITHUB_ENV diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index c8395beb0ac..31efe4219d7 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -48,6 +48,23 @@ jobs: - name: Check just syntax uses: ublue-os/just-action@bda593098a84a84973b002b4377709166a68be52 # v2 + + - name: Image Name + shell: bash + run: | + IMAGE_NAME="$(just image_name ${{ matrix.base_name }} ${{ matrix.image_flavor }})" + echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV + + - name: Maximize build space + uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 + with: + remove-codeql: true + + - name: Build and Rechunk Image + id: build-image + shell: bash + run: | + sudo $(which just) build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" - name: Generate tags id: generate-tags @@ -58,7 +75,6 @@ jobs: TODAY="$(date +%A)" WEEKLY="Sunday" FEDORA_VERSION="$(just fedora_version ${{ matrix.base_name}} ${{ matrix.stream_name}} ${{ matrix.image_flavor}} 1)" - IMAGE_NAME="$(just image_name ${{ matrix.base_name }} ${{ matrix.image_flavor }})" # Arrays for Tags COMMIT_TAGS=() @@ -112,22 +128,7 @@ jobs: fi echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV - - name: Maximize build space - uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 - with: - remove-codeql: true - - - name: Build and Rechunk Image - id: build-image - shell: bash - run: | - set -eoux pipefail - sudo cp $(which just) /usr/local/bin/just - sudo just build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" - sudo rm /usr/local/bin/just - # Tag Images - name: Tag Images shell: bash From d891218a098bae37122f529d50b38d584d6e8d24 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:04:16 -0500 Subject: [PATCH 065/101] use just from repo --- .github/workflows/reusable-build-iso.yml | 14 +++++++++++--- .github/workflows/reusable-build.yml | 14 +++++++++++--- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 595adf9a7e3..d514fbfb301 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -21,7 +21,7 @@ concurrency: jobs: build-iso: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: contents: read packages: write @@ -40,8 +40,16 @@ jobs: - name: Checkout Repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Check just syntax - uses: ublue-os/just-action@bda593098a84a84973b002b4377709166a68be52 # v2 + - name: Install Just + shell: bash + run: | + set -eoux pipefail + sudo apt update && sudo apt install -y just + + - name: Check Just Syntax + shell: bash + run: | + just check - name: Build ISO shell: bash diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 31efe4219d7..bad98e90935 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -46,8 +46,16 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Check just syntax - uses: ublue-os/just-action@bda593098a84a84973b002b4377709166a68be52 # v2 + - name: Install Just + shell: bash + run: | + set -eoux pipefail + sudo apt update && sudo apt install -y just + + - name: Check Just Syntax + shell: bash + run: | + just check - name: Image Name shell: bash @@ -64,7 +72,7 @@ jobs: id: build-image shell: bash run: | - sudo $(which just) build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" + sudo just build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" - name: Generate tags id: generate-tags From 809de081ed7608e35343fa04a10dfec4e38ecd52 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:05:01 -0500 Subject: [PATCH 066/101] remove which --- .github/workflows/reusable-build-iso.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index d514fbfb301..f5a34fcc0a1 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -55,7 +55,7 @@ jobs: shell: bash run: | image_name="$(just image_name ${{ matrix.base_name }} ${{ matrix.image_flavor }})" - sudo $(which just) build-iso-ghcr "${{ matrix.base_name }} ${{ matrix.stream_name }} ${{ matrix.image_flavor }}" + sudo just build-iso-ghcr "${{ matrix.base_name }} ${{ matrix.stream_name }} ${{ matrix.image_flavor }}" echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV echo "ISO_BUILD_DIR=${{ github.workspace }}/${image_name}_build" >> $GITHUB_ENV echo "ISO_NAME=${image_name}.iso" >> $GITHUB_ENV From d5adf28744d772a6d0605d5924c854c5a776521e Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:20:56 -0500 Subject: [PATCH 067/101] use just from alpine --- .github/workflows/reusable-build-iso.yml | 5 ++++- .github/workflows/reusable-build.yml | 5 ++++- Justfile | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index f5a34fcc0a1..a2fa952431b 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -44,7 +44,10 @@ jobs: shell: bash run: | set -eoux pipefail - sudo apt update && sudo apt install -y just + JUST_IMAGE=$(sudo podman run --entrypoint /bin/sh -dt alpine:edge) + sudo podman exec "${JUST_IMAGE}" apk add just + sudo podman cp "${JUST_IMAGE}":/usr/bin/just /usr/local/bin/just + sudo podman rm -f "${JUST_IMAGE}" - name: Check Just Syntax shell: bash diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index bad98e90935..c8b0da7a54e 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -50,7 +50,10 @@ jobs: shell: bash run: | set -eoux pipefail - sudo apt update && sudo apt install -y just + JUST_IMAGE=$(sudo podman run --entrypoint /bin/sh -dt alpine:edge) + sudo podman exec "${JUST_IMAGE}" apk add just + sudo podman cp "${JUST_IMAGE}":/usr/bin/just /usr/local/bin/just + sudo podman rm -f "${JUST_IMAGE}" - name: Check Just Syntax shell: bash diff --git a/Justfile b/Justfile index 5aef3d1b7b9..84a7d9f009e 100644 --- a/Justfile +++ b/Justfile @@ -647,7 +647,7 @@ secureboot image="bluefin" tag="latest" flavor="main": --volume /tmp/kernel-sign.crt:/tmp/kernel-sign.crt:z \ --volume /tmp/akmods.crt:/tmp/akmods.crt:z \ --name ${temp_name} \ - alpine + alpine:edge podman exec ${temp_name} apk add sbsigntool CMD="podman exec ${temp_name} /usr/bin/sbverify" fi From 2a93f0f277ad664965c06d412729acdd77eb7c69 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:27:39 -0500 Subject: [PATCH 068/101] install from git release --- .github/workflows/reusable-build-iso.yml | 9 +++++---- .github/workflows/reusable-build.yml | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index a2fa952431b..8bee47dc952 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -44,10 +44,11 @@ jobs: shell: bash run: | set -eoux pipefail - JUST_IMAGE=$(sudo podman run --entrypoint /bin/sh -dt alpine:edge) - sudo podman exec "${JUST_IMAGE}" apk add just - sudo podman cp "${JUST_IMAGE}":/usr/bin/just /usr/local/bin/just - sudo podman rm -f "${JUST_IMAGE}" + curl -sSLO \ + https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz + tar -zxvf just-1.36.0-x86_64-unknown-linux-musl.tar.gz just + sudo mv just /usr/local/bin/just + rm -f just-1.36.0-x86_64-unknown-linux-musl.tar.gz - name: Check Just Syntax shell: bash diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index c8b0da7a54e..2f01c656163 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -50,10 +50,11 @@ jobs: shell: bash run: | set -eoux pipefail - JUST_IMAGE=$(sudo podman run --entrypoint /bin/sh -dt alpine:edge) - sudo podman exec "${JUST_IMAGE}" apk add just - sudo podman cp "${JUST_IMAGE}":/usr/bin/just /usr/local/bin/just - sudo podman rm -f "${JUST_IMAGE}" + curl -sSLO \ + https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz + tar -zxvf just-1.36.0-x86_64-unknown-linux-musl.tar.gz just + sudo mv just /usr/local/bin/just + rm -f just-1.36.0-x86_64-unknown-linux-musl.tar.gz - name: Check Just Syntax shell: bash From 65c43f194b85573369e2abcfb0d4f136cc6c6c75 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:34:04 -0500 Subject: [PATCH 069/101] rename just install --- .github/workflows/reusable-build-iso.yml | 11 +++++------ .github/workflows/reusable-build.yml | 11 +++++------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 8bee47dc952..54c60e42ac4 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -43,12 +43,11 @@ jobs: - name: Install Just shell: bash run: | - set -eoux pipefail - curl -sSLO \ - https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz - tar -zxvf just-1.36.0-x86_64-unknown-linux-musl.tar.gz just - sudo mv just /usr/local/bin/just - rm -f just-1.36.0-x86_64-unknown-linux-musl.tar.gz + set -x + curl -sSLo https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz /tmp/just.tar.gz + tar -zxvf /tmp/just.tar.gz -C /tmp just + sudo mv /tmp/just /usr/local/bin/just + rm -f /tmp/just.tar.gz - name: Check Just Syntax shell: bash diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 2f01c656163..6e988d1ec7d 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -49,12 +49,11 @@ jobs: - name: Install Just shell: bash run: | - set -eoux pipefail - curl -sSLO \ - https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz - tar -zxvf just-1.36.0-x86_64-unknown-linux-musl.tar.gz just - sudo mv just /usr/local/bin/just - rm -f just-1.36.0-x86_64-unknown-linux-musl.tar.gz + set -x + curl -sSLo https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz /tmp/just.tar.gz + tar -zxvf /tmp/just.tar.gz -C /tmp just + sudo mv /tmp/just /usr/local/bin/just + rm -f /tmp/just.tar.gz - name: Check Just Syntax shell: bash From 3f259d4ca459afd1a211d47c795bfcca5b5afe0a Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:36:32 -0500 Subject: [PATCH 070/101] another try --- .github/workflows/reusable-build-iso.yml | 6 +++--- .github/workflows/reusable-build.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 54c60e42ac4..6bc4dd242aa 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -44,10 +44,10 @@ jobs: shell: bash run: | set -x - curl -sSLo https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz /tmp/just.tar.gz - tar -zxvf /tmp/just.tar.gz -C /tmp just + curl -sSLO https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz + tar -zxvf just-1.36.0-x86_64-unknown-linux-musl.tar.gz -C /tmp just sudo mv /tmp/just /usr/local/bin/just - rm -f /tmp/just.tar.gz + rm -f just-1.36.0-x86_64-unknown-linux-musl.tar.gz - name: Check Just Syntax shell: bash diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 6e988d1ec7d..ef6033e1155 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -50,10 +50,10 @@ jobs: shell: bash run: | set -x - curl -sSLo https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz /tmp/just.tar.gz - tar -zxvf /tmp/just.tar.gz -C /tmp just + curl -sSLO https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz + tar -zxvf just-1.36.0-x86_64-unknown-linux-musl.tar.gz -C /tmp just sudo mv /tmp/just /usr/local/bin/just - rm -f /tmp/just.tar.gz + rm -f just-1.36.0-x86_64-unknown-linux-musl.tar.gz - name: Check Just Syntax shell: bash From d40d8ed61b05b95280f19b6275b9a03a9a6ec853 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:37:39 -0500 Subject: [PATCH 071/101] missing EOL --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index 84a7d9f009e..c174bee47f1 100644 --- a/Justfile +++ b/Justfile @@ -693,4 +693,4 @@ image_name image="bluefin" flavor="main": else image_name="{{ image }}-{{ flavor }}" fi - echo "${image_name}" \ No newline at end of file + echo "${image_name}" From c3adfed18ddadc5580f455bed65eb8c21c48311f Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 19:01:44 -0500 Subject: [PATCH 072/101] fix image, make version dynamic for just --- .github/workflows/reusable-build-iso.yml | 9 +++++---- .github/workflows/reusable-build.yml | 17 +++++++++-------- Justfile | 6 ++---- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 6bc4dd242aa..0cd62051c33 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -43,11 +43,12 @@ jobs: - name: Install Just shell: bash run: | - set -x - curl -sSLO https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz - tar -zxvf just-1.36.0-x86_64-unknown-linux-musl.tar.gz -C /tmp just + set -eoux pipefail + JUST_VERSION=$(curl -L https://api.github.com/repos/casey/just/releases/latest | jq -r '.tag_name') + curl -sSLO https://github.com/casey/just/releases/download/${JUST_VERSION}/just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz + tar -zxvf just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz -C /tmp just sudo mv /tmp/just /usr/local/bin/just - rm -f just-1.36.0-x86_64-unknown-linux-musl.tar.gz + rm -f just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz - name: Check Just Syntax shell: bash diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index ef6033e1155..144f4f073e7 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -49,11 +49,12 @@ jobs: - name: Install Just shell: bash run: | - set -x - curl -sSLO https://github.com/casey/just/releases/download/1.36.0/just-1.36.0-x86_64-unknown-linux-musl.tar.gz - tar -zxvf just-1.36.0-x86_64-unknown-linux-musl.tar.gz -C /tmp just + set -eoux pipefail + JUST_VERSION=$(curl -L https://api.github.com/repos/casey/just/releases/latest | jq -r '.tag_name') + curl -sSLO https://github.com/casey/just/releases/download/${JUST_VERSION}/just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz + tar -zxvf just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz -C /tmp just sudo mv /tmp/just /usr/local/bin/just - rm -f just-1.36.0-x86_64-unknown-linux-musl.tar.gz + rm -f just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz - name: Check Just Syntax shell: bash @@ -149,7 +150,7 @@ jobs: IMAGE=$(sudo podman inspect localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} | jq -r .[].Id) sudo podman untag localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} - for tag in ${{ steps.build_image.outputs.tags }}; do + for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do sudo podman tag $IMAGE ${{ env.IMAGE_NAME }}:${tag} done @@ -160,7 +161,7 @@ jobs: asus_name="${image_name/hwe/asus}" surface_name="${image_name/hwe/surface}" - for tag in ${{ steps.build_image.outputs.tags }}; do + for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do sudo podman tag "${IMAGE}" "${asus_name}":${tag} sudo podman tag "${IMAGE}" "${surface_name}":${tag} done @@ -191,7 +192,7 @@ jobs: command: | set -euox pipefail - for tag in ${{ steps.build_image.outputs.tags }}; do + for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do sudo podman push ${{ env.IMAGE_NAME }}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${tag} done @@ -201,7 +202,7 @@ jobs: asus_name="${image_name/hwe/asus}" surface_name="${image_name/hwe/surface}" - for tag in ${{ steps.build_image.outputs.tags }}; do + for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do sudo podman push ${asus_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${asus_name}:${tag} sudo podman push ${surface_name}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${surface_name}:${tag} done diff --git a/Justfile b/Justfile index c174bee47f1..b42e6f976e1 100644 --- a/Justfile +++ b/Justfile @@ -677,13 +677,11 @@ fedora_version image="bluefin" tag="latest" flavor="main" ghcr="0" repo="localho tag="${tag}-daily" fi if [[ "{{ repo }}" == "localhost" ]]; then - IMAGE_FULL="containers-storage:{{ repo }}/${image_name}:${tag}" + echo $(skopeo inspect containers-storage:{{ repo }}/${image_name}:${tag} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') else - IMAGE_FULL="docker://{{ repo }}/${image_name}:${tag}" + echo $(skopeo inspect --retry-times 3 docker://{{ repo }}/${image_name}:${tag} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') fi - echo $(skopeo inspect --retry-times 3 ${IMAGE_FULL} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') - # Image Name [group('Utility')] image_name image="bluefin" flavor="main": From 0b4747c4c8dac2e81363527e5ff0ea86ba7c8cce Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 19:49:53 -0500 Subject: [PATCH 073/101] delete old image --- Justfile | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/Justfile b/Justfile index b42e6f976e1..fa63801f195 100644 --- a/Justfile +++ b/Justfile @@ -286,6 +286,21 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": old_tag="${tag}" tag="stable-daily" fi + + if [[ "{{ ghcr }}" == "1" ]]; then + if [[ "${image_name}" =~ bluefin ]]; then + base_image_name=silverblue-main + elif [[ "${image_name}" =~ aurora ]]; then + base_image_name=kinoite-main + fi + fedora_version=$(just fedora_version {{ image }} {{ tag }} {{ flavor }}) + ID=$(just sudoif podman images --filter --reference=ghcr.io/ublue-os/"${base_image_name}":${fedora_version} "'{{ '{{.ID}}' }}'") + if [[ -n "$ID" ]]; then + podman rmi "$ID" + fi + OLD_IMAGE=$(podman inspect $CREF | jq -r '.[].Image') + fi + OUT_NAME="${image_name}_build" MOUNT=$(just sudoif podman mount "${CREF}") @@ -346,8 +361,9 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": just sudoif "rm -rf ${OUT_NAME}*" just sudoif "rm -f previous.manifest.json" - # Secureboot Check + # Pipeline Checks if [[ {{ ghcr }} == "1" ]]; then + just sudoif podman rmi "$OLD_IMAGE" just secureboot "${image}" "${tag}" "${flavor}" fi From b2342dc7ec0a4518e7adc4500166939a6b99c064 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 20:10:00 -0500 Subject: [PATCH 074/101] fixup ID for pipeline. Changelogs just. --- .github/workflows/generate-release.yml | 23 +++++++++++----- Justfile | 36 ++++++-------------------- 2 files changed, 24 insertions(+), 35 deletions(-) diff --git a/.github/workflows/generate-release.yml b/.github/workflows/generate-release.yml index 794cd3b93cc..c5249e14597 100644 --- a/.github/workflows/generate-release.yml +++ b/.github/workflows/generate-release.yml @@ -45,6 +45,21 @@ jobs: version: ${{ fromJson( inputs.stream_name ) }} steps: + - name: Install Just + shell: bash + run: | + set -eoux pipefail + JUST_VERSION=$(curl -L https://api.github.com/repos/casey/just/releases/latest | jq -r '.tag_name') + curl -sSLO https://github.com/casey/just/releases/download/${JUST_VERSION}/just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz + tar -zxvf just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz -C /tmp just + sudo mv /tmp/just /usr/local/bin/just + rm -f just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz + + - name: Check Just Syntax + shell: bash + run: | + just check + - name: Checkout last 500 commits (fot to work) uses: actions/checkout@v4 with: @@ -54,13 +69,7 @@ jobs: id: generate-release-text shell: bash run: | - python3 ./.github/changelogs.py \ - "${{ matrix.version }}" \ - ./output.env \ - ./changelog.md \ - --workdir . \ - --handwritten "${{ github.event.inputs.handwritten }}" - + just changelogs "${{ matrix.version }}" "${{ github.event.inputs.handwritten }}" source ./output.env echo "title=${TITLE}" >> $GITHUB_OUTPUT echo "tag=${TAG}" >> $GITHUB_OUTPUT diff --git a/Justfile b/Justfile index fa63801f195..e9f5489cfed 100644 --- a/Justfile +++ b/Justfile @@ -127,11 +127,7 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin just validate "${image}" "${tag}" "${flavor}" # Image Name - if [[ "${flavor}" =~ main ]]; then - image_name="${image}" - else - image_name="${image}-${flavor}" - fi + image_name=$(just image_name {{ image }} {{ flavor }}) # Base Image if [[ "${image}" =~ bluefin ]]; then @@ -262,11 +258,7 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": just validate "${image}" "${tag}" "${flavor}" # Image Name - if [[ "${flavor}" =~ main ]]; then - image_name="${image}" - else - image_name="${image}-${flavor}" - fi + image_name=$(just image_name {{ image }} {{ flavor }}) # Check if image is already built ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") @@ -294,7 +286,7 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": base_image_name=kinoite-main fi fedora_version=$(just fedora_version {{ image }} {{ tag }} {{ flavor }}) - ID=$(just sudoif podman images --filter --reference=ghcr.io/ublue-os/"${base_image_name}":${fedora_version} "'{{ '{{.ID}}' }}'") + ID=$(just sudoif podman images --filter reference=ghcr.io/ublue-os/"${base_image_name}":${fedora_version} --format "'{{ '{{.ID}}' }}'") if [[ -n "$ID" ]]; then podman rmi "$ID" fi @@ -380,11 +372,7 @@ run image="bluefin" tag="latest" flavor="main": just validate "${image}" "${tag}" "${flavor}" # Image Name - if [[ "${flavor}" =~ main ]]; then - image_name="${image}" - else - image_name="${image}-${flavor}" - fi + image_name=$(just image_name {{ image }} {{ flavor }}) # Check if image exists ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") @@ -408,11 +396,7 @@ build-iso image="bluefin" tag="latest" flavor="main" ghcr="0": just validate "${image}" "${tag}" "${flavor}" # Image Name - if [[ "${flavor}" =~ main ]]; then - image_name="${image}" - else - image_name="${image}-${flavor}" - fi + image_name=$(just image_name {{ image }} {{ flavor }}) build_dir="${image_name}_build" mkdir -p "$build_dir" @@ -542,11 +526,7 @@ run-iso image="bluefin" tag="latest" flavor="main": just validate "${image}" "${tag}" "${flavor}" # Image Name - if [[ "${flavor}" =~ main ]]; then - image_name="${image}" - else - image_name="${image}-${flavor}" - fi + image_name=$(just image_name {{ image }} {{ flavor }}) # Check if ISO Exists if [[ ! -f "${image_name}_build/${image_name}.iso" ]]; then @@ -579,10 +559,10 @@ run-iso image="bluefin" tag="latest" flavor="main": # Test Changelogs [group('Changelogs')] -changelogs branch="stable": +changelogs branch="stable" handwritten="": #!/usr/bin/bash set -eou pipefail - python3 ./.github/changelogs.py {{ branch }} ./output.env ./changelog.md --workdir . + python3 ./.github/changelogs.py "{{ branch }}" ./output.env ./changelog.md --workdir . --handwritten "{{ handwritten }}" # Verify Container with Cosign [group('Utility')] From 075c27977bfcd2b3db0f691ee7f5042e9efd269c Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Fri, 8 Nov 2024 20:36:38 -0500 Subject: [PATCH 075/101] delete unchunked image before pull --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index e9f5489cfed..d40f9615f9b 100644 --- a/Justfile +++ b/Justfile @@ -345,6 +345,7 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": /sources/rechunk/3_chunk.sh # Load Image into Podman Store + just sudoif podman rmi "$OLD_IMAGE" IMAGE=$(podman pull oci:"${PWD}"/"${OUT_NAME}") podman tag ${IMAGE} localhost/"${image_name}":"${tag}" @@ -355,7 +356,6 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": # Pipeline Checks if [[ {{ ghcr }} == "1" ]]; then - just sudoif podman rmi "$OLD_IMAGE" just secureboot "${image}" "${tag}" "${flavor}" fi From aa9d546a77f7f2ef2d424304bf5d0272f893a6c1 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 13:15:25 -0500 Subject: [PATCH 076/101] correct SHA_HEAD_SHORT --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index d40f9615f9b..a95b8156b24 100644 --- a/Justfile +++ b/Justfile @@ -199,7 +199,7 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin BUILD_ARGS+=("--build-arg" "IMAGE_NAME=${image_name}") BUILD_ARGS+=("--build-arg" "IMAGE_VENDOR={{ repo_organization }}") BUILD_ARGS+=("--build-arg" "KERNEL=${kernel_release}") - if ! git diff-index --quiet HEAD -- ; then + if [[ -z "$(git status -s)" ]]; then BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=$(git rev-parse --short HEAD)") fi BUILD_ARGS+=("--build-arg" "UBLUE_IMAGE_TAG=${tag}") From 1b9dfab2d803b64cd6799fcae7838a7414396b3e Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 13:36:11 -0500 Subject: [PATCH 077/101] only install kernel-devel if it wasn't already pulled in. --- build_files/dx/02-install-kernel-akmods-dx.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/build_files/dx/02-install-kernel-akmods-dx.sh b/build_files/dx/02-install-kernel-akmods-dx.sh index d1c554f02f7..1b4cf91a441 100755 --- a/build_files/dx/02-install-kernel-akmods-dx.sh +++ b/build_files/dx/02-install-kernel-akmods-dx.sh @@ -10,7 +10,9 @@ KERNEL_TARGZ=$(jq -r '.layers[].digest' < /tmp/kernel-rpms/manifest.json | cut - tar -xvzf /tmp/kernel-rpms/"$KERNEL_TARGZ" -C / mv /tmp/rpms/* /tmp/kernel-rpms/ -rpm-ostree install /tmp/kernel-rpms/kernel-devel-*.rpm +if grep -qv kernel-devel <<< $(rpm -qa); then + rpm-ostree install /tmp/kernel-rpms/kernel-devel-*.rpm +fi # Fetch AKMODS RPMS skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods From 5be762b1b0784f1a59e1e52159c28eb9d249c230 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 13:47:00 -0500 Subject: [PATCH 078/101] don't install openrazor --- build_files/base/03-install-kernel-akmods.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/build_files/base/03-install-kernel-akmods.sh b/build_files/base/03-install-kernel-akmods.sh index 6299d2f4b52..0674c7437b1 100755 --- a/build_files/base/03-install-kernel-akmods.sh +++ b/build_files/base/03-install-kernel-akmods.sh @@ -30,12 +30,7 @@ mv /tmp/rpms/* /tmp/akmods/ sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo rpm-ostree install \ /tmp/akmods/kmods/*xone*.rpm \ - /tmp/akmods/kmods/*openrazer*.rpm - -if [[ -f $(find /tmp/akmods-rpms/kmods/*framework-laptop*.rpm) ]]; then - rpm-ostree install \ - /tmp/akmods-rpms/kmods/*framework-laptop*.rpm -fi + /tmp/akmods-rpms/kmods/*framework-laptop*.rpm # RPMFUSION Dependent AKMODS rpm-ostree install \ From 4e2d1b71faf25e78635f2f03716da4be2c82d257 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 13:53:10 -0500 Subject: [PATCH 079/101] fix typos --- build_files/base/03-install-kernel-akmods.sh | 2 +- build_files/dx/02-install-kernel-akmods-dx.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build_files/base/03-install-kernel-akmods.sh b/build_files/base/03-install-kernel-akmods.sh index 0674c7437b1..04a27b8a78c 100755 --- a/build_files/base/03-install-kernel-akmods.sh +++ b/build_files/base/03-install-kernel-akmods.sh @@ -30,7 +30,7 @@ mv /tmp/rpms/* /tmp/akmods/ sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo rpm-ostree install \ /tmp/akmods/kmods/*xone*.rpm \ - /tmp/akmods-rpms/kmods/*framework-laptop*.rpm + /tmp/akmods/kmods/*framework-laptop*.rpm # RPMFUSION Dependent AKMODS rpm-ostree install \ diff --git a/build_files/dx/02-install-kernel-akmods-dx.sh b/build_files/dx/02-install-kernel-akmods-dx.sh index 1b4cf91a441..85913705302 100755 --- a/build_files/dx/02-install-kernel-akmods-dx.sh +++ b/build_files/dx/02-install-kernel-akmods-dx.sh @@ -10,7 +10,7 @@ KERNEL_TARGZ=$(jq -r '.layers[].digest' < /tmp/kernel-rpms/manifest.json | cut - tar -xvzf /tmp/kernel-rpms/"$KERNEL_TARGZ" -C / mv /tmp/rpms/* /tmp/kernel-rpms/ -if grep -qv kernel-devel <<< $(rpm -qa); then +if [[ -z "$(grep kernel-devel <<< $(rpm -qa))" ]]; then rpm-ostree install /tmp/kernel-rpms/kernel-devel-*.rpm fi From 39602d676acaf36485553f9c650a15b6428fdeb2 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 14:02:21 -0500 Subject: [PATCH 080/101] add back xpadneo --- build_files/base/03-install-kernel-akmods.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/build_files/base/03-install-kernel-akmods.sh b/build_files/base/03-install-kernel-akmods.sh index 04a27b8a78c..f59319b6c3c 100755 --- a/build_files/base/03-install-kernel-akmods.sh +++ b/build_files/base/03-install-kernel-akmods.sh @@ -30,6 +30,7 @@ mv /tmp/rpms/* /tmp/akmods/ sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo rpm-ostree install \ /tmp/akmods/kmods/*xone*.rpm \ + /tmp/akmods/kmods/*xpadneo*.rpm \ /tmp/akmods/kmods/*framework-laptop*.rpm # RPMFUSION Dependent AKMODS From 3313263e447aad57115f4ef47cef2d621a2914d6 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 14:16:13 -0500 Subject: [PATCH 081/101] add back openrazer --- build_files/base/03-install-kernel-akmods.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/build_files/base/03-install-kernel-akmods.sh b/build_files/base/03-install-kernel-akmods.sh index f59319b6c3c..33aa34cd133 100755 --- a/build_files/base/03-install-kernel-akmods.sh +++ b/build_files/base/03-install-kernel-akmods.sh @@ -31,6 +31,7 @@ sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo rpm-ostree install \ /tmp/akmods/kmods/*xone*.rpm \ /tmp/akmods/kmods/*xpadneo*.rpm \ + /tmp/akmods/kmods/*openrazer*.rpm \ /tmp/akmods/kmods/*framework-laptop*.rpm # RPMFUSION Dependent AKMODS From 6555e2e9321da375a6eb2fc4816fc633f1b40bea Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 14:21:21 -0500 Subject: [PATCH 082/101] openrazer needs srpm --- build_files/base/03-install-kernel-akmods.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/build_files/base/03-install-kernel-akmods.sh b/build_files/base/03-install-kernel-akmods.sh index 33aa34cd133..f59319b6c3c 100755 --- a/build_files/base/03-install-kernel-akmods.sh +++ b/build_files/base/03-install-kernel-akmods.sh @@ -31,7 +31,6 @@ sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo rpm-ostree install \ /tmp/akmods/kmods/*xone*.rpm \ /tmp/akmods/kmods/*xpadneo*.rpm \ - /tmp/akmods/kmods/*openrazer*.rpm \ /tmp/akmods/kmods/*framework-laptop*.rpm # RPMFUSION Dependent AKMODS From 850e97194bf589fe67ed86527eefcf8929357397 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 14:45:23 -0500 Subject: [PATCH 083/101] work on tagging --- .github/workflows/reusable-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 144f4f073e7..72972fbda31 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -82,6 +82,7 @@ jobs: id: generate-tags shell: bash run: | + set -eoux pipefail # Generate a timestamp for creating an image version history TIMESTAMP="$(date +%Y%m%d)" TODAY="$(date +%A)" From b043776a3d6d2bc70ed07dbf68fe65d1f0eff2cf Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 15:22:18 -0500 Subject: [PATCH 084/101] fix tagging --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 72972fbda31..3be15fcb1b8 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -87,7 +87,7 @@ jobs: TIMESTAMP="$(date +%Y%m%d)" TODAY="$(date +%A)" WEEKLY="Sunday" - FEDORA_VERSION="$(just fedora_version ${{ matrix.base_name}} ${{ matrix.stream_name}} ${{ matrix.image_flavor}} 1)" + FEDORA_VERSION="$(sudo just fedora_version ${{ matrix.base_name}} ${{ matrix.stream_name}} ${{ matrix.image_flavor}} 1)" # Arrays for Tags COMMIT_TAGS=() From 1fe81f878ba4fa6ec520300e8c33eee3643766de Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 15:58:57 -0500 Subject: [PATCH 085/101] local tagging --- .github/workflows/reusable-build.yml | 24 ++++---- Justfile | 86 +++++++++++++++++++--------- 2 files changed, 71 insertions(+), 39 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 3be15fcb1b8..ccf15fb2625 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -67,17 +67,6 @@ jobs: IMAGE_NAME="$(just image_name ${{ matrix.base_name }} ${{ matrix.image_flavor }})" echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV - - name: Maximize build space - uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 - with: - remove-codeql: true - - - name: Build and Rechunk Image - id: build-image - shell: bash - run: | - sudo just build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" - - name: Generate tags id: generate-tags shell: bash @@ -87,7 +76,7 @@ jobs: TIMESTAMP="$(date +%Y%m%d)" TODAY="$(date +%A)" WEEKLY="Sunday" - FEDORA_VERSION="$(sudo just fedora_version ${{ matrix.base_name}} ${{ matrix.stream_name}} ${{ matrix.image_flavor}} 1)" + FEDORA_VERSION="$(just fedora_version ${{ matrix.base_name}} ${{ matrix.stream_name}} ${{ matrix.image_flavor}})" # Arrays for Tags COMMIT_TAGS=() @@ -142,6 +131,17 @@ jobs: echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT + - name: Maximize build space + uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 + with: + remove-codeql: true + + - name: Build and Rechunk Image + id: build-image + shell: bash + run: | + sudo just build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" + # Tag Images - name: Tag Images shell: bash diff --git a/Justfile b/Justfile index a95b8156b24..f5e62836691 100644 --- a/Justfile +++ b/Justfile @@ -127,7 +127,7 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin just validate "${image}" "${tag}" "${flavor}" # Image Name - image_name=$(just image_name {{ image }} {{ flavor }}) + image_name=$(just image_name {{ image }} {{ tag }} {{ flavor }}) # Base Image if [[ "${image}" =~ bluefin ]]; then @@ -155,17 +155,15 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin fi # Fedora Version - if [[ "${tag}" =~ stable ]]; then - # CoreOS does not uses cosign - fedora_version=$(skopeo inspect --retry-times 3 docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') - # Verify Base Image with cosign - just verify-container "${base_image_name}-main:${fedora_version}" - else - # Verify Base Image with cosign - just verify-container "${base_image_name}-main:${tag}" - fedora_version=$(skopeo inspect --retry-times 3 docker://ghcr.io/ublue-os/"${base_image_name}"-main:"${tag}" | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + if [[ {{ ghcr }} == "0" ]]; then + rm -f /tmp/manifest.json fi + fedora_version=$(just fedora_veresion {{ image }} {{ tag }} {{ flavor }}) + + # Verify Base Image with cosign + just verify-container "${base_image_name}-main:${fedora_version}" + # Kernel Release/Pin kernel_pin="{{ kernel_pin }}" if [[ -z "${kernel_pin:-}" ]]; then kernel_release=$(skopeo inspect --retry-times 3 docker://ghcr.io/ublue-os/${akmods_flavor}-kernel:"${fedora_version}" | jq -r '.Labels["ostree.linux"]') @@ -258,7 +256,7 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": just validate "${image}" "${tag}" "${flavor}" # Image Name - image_name=$(just image_name {{ image }} {{ flavor }}) + image_name=$(just image_name {{ image }} {{ tag }} {{ flavor }}) # Check if image is already built ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") @@ -372,7 +370,7 @@ run image="bluefin" tag="latest" flavor="main": just validate "${image}" "${tag}" "${flavor}" # Image Name - image_name=$(just image_name {{ image }} {{ flavor }}) + image_name=$(just image_name {{ image }} {{ tag }} {{ flavor }}) # Check if image exists ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'") @@ -396,7 +394,7 @@ build-iso image="bluefin" tag="latest" flavor="main" ghcr="0": just validate "${image}" "${tag}" "${flavor}" # Image Name - image_name=$(just image_name {{ image }} {{ flavor }}) + image_name=$(just image_name {{ image }} {{ tag }} {{ flavor }}) build_dir="${image_name}_build" mkdir -p "$build_dir" @@ -526,7 +524,7 @@ run-iso image="bluefin" tag="latest" flavor="main": just validate "${image}" "${tag}" "${flavor}" # Image Name - image_name=$(just image_name {{ image }} {{ flavor }}) + image_name=$(just image_name {{ image }} {{ tag }} {{ flavor }}) # Check if ISO Exists if [[ ! -f "${image_name}_build/${image_name}.iso" ]]; then @@ -619,7 +617,7 @@ secureboot image="bluefin" tag="latest" flavor="main": fi # Image Name - image_name=$(just image_name {{ image }} {{ flavor }}) + image_name=$(just image_name {{ image }} {{ tag }} {{ flavor }}) # Get the vmlinuz to check kernel_release=$(podman inspect "${image_name}":"${tag}" | jq -r '.[].Config.Labels["ostree.linux"]') @@ -662,29 +660,63 @@ secureboot image="bluefin" tag="latest" flavor="main": # Get Fedora Version of an image [group('Utility')] -fedora_version image="bluefin" tag="latest" flavor="main" ghcr="0" repo="localhost": +fedora_version image="bluefin" tag="latest" flavor="main": #!/usr/bin/bash set -eou pipefail just validate {{ image }} {{ tag }} {{ flavor }} - image_name=$(just image_name {{ image }} {{ flavor }}) - - tag="{{ tag }}" - if [[ "${tag}" =~ stable && "{{ ghcr }}" == "1" ]]; then - tag="${tag}-daily" - fi - if [[ "{{ repo }}" == "localhost" ]]; then - echo $(skopeo inspect containers-storage:{{ repo }}/${image_name}:${tag} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') - else - echo $(skopeo inspect --retry-times 3 docker://{{ repo }}/${image_name}:${tag} | jq -r '.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + if [[ ! -f /tmp/manifest.json ]]; then + if [[ "{{ tag }}" =~ stable ]]; then + # CoreOS does not uses cosign + skopeo inspect --retry-times 3 docker://quay.io/fedora/fedora-coreos:stable > /tmp/manifest.json + else + skopeo inspect --retry-times 3 docker://ghcr.io/ublue-os/base-main:"{{ tag }}" > /tmp/manifest.json + fi fi + fedora_version=$(jq -r '.Labels["ostree.linux"]' < /tmp/manifest.json | grep -oP 'fc\K[0-9]+') + echo "${fedora_version}" # Image Name [group('Utility')] -image_name image="bluefin" flavor="main": +image_name image="bluefin" tag="latest" flavor="main": #!/usr/bin/bash + set -eou pipefail + just validate {{ image }} {{ tag }} {{ flavor }} if [[ "{{ flavor }}" =~ main ]]; then image_name={{ image }} else image_name="{{ image }}-{{ flavor }}" fi echo "${image_name}" + +# Generate Tags Locally +[group('Utility')] +generate-tags image="bluefin" tag="latest" flavor="main" ghcr="0": + #!/usr/bin/bash + set -eou pipefail + # Generate a timestamp for creating an image version history + TIMESTAMP="$(date +%Y%m%d)" + TODAY="$(date +%A)" + WEEKLY="Sunday" + if [[ {{ ghcr }} == "0" ]]; then + rm -f /tmp/manifest.json + fi + FEDORA_VERSION="$(just fedora_version {{ image }} {{ tag }} {{ flavor }})" + + # Arrays for Tags + BUILD_TAGS=() + + # Convenience and Default Tags + if [[ "{{ tag }}" =~ stable ]]; then + BUILD_TAGS+=("stable-daily" "stable-daily-${TIMESTAMP}") + else + BUILD_TAGS+=("{{ tag }}" "{{ tag }}-${TIMESTAMP}") + fi + + # Weekly Stable / Rebuild Stable on workflow_dispatch + if [[ "{{ tag }}" =~ "stable" ]]; then + BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") + elif [[ ! "{{ tag }}" =~ "stable" ]]; then + BUILD_TAGS+=("${FEDORA_VERSION}" "${FEDORA_VERSION}-${TIMESTAMP}") + fi + + echo "${BUILD_TAGS[@]}" From 6533418005636e1b311a3879791afa509c149882 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 16:00:02 -0500 Subject: [PATCH 086/101] fix image name --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index ccf15fb2625..008a28d5604 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -64,7 +64,7 @@ jobs: - name: Image Name shell: bash run: | - IMAGE_NAME="$(just image_name ${{ matrix.base_name }} ${{ matrix.image_flavor }})" + IMAGE_NAME="$(just image_name ${{ matrix.base_name }} ${{ matrix.stream_name }} ${{ matrix.image_flavor }})" echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV - name: Generate tags From 6d906b638605c2f4edee4a101a4c0a3805104419 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 16:02:51 -0500 Subject: [PATCH 087/101] change verbosity --- .github/workflows/reusable-build.yml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 008a28d5604..de94901ef48 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -71,7 +71,7 @@ jobs: id: generate-tags shell: bash run: | - set -eoux pipefail + set -eou pipefail # Generate a timestamp for creating an image version history TIMESTAMP="$(date +%Y%m%d)" TODAY="$(date +%A)" @@ -114,18 +114,20 @@ jobs: BUILD_TAGS=(${temp[@]}) fi + echo "Generated the following commit tags: " + for TAG in "${COMMIT_TAGS[@]}"; do + echo "${TAG}" + done + echo "Generated the following build tags: " + for TAG in "${BUILD_TAGS[@]}"; do + echo "${TAG}" + done # Use Commit Tags if PR / Use Build Tags if Not if [[ "${{ github.event_name }}" == "pull_request" ]]; then - echo "Generated the following commit tags: " - for TAG in "${COMMIT_TAGS[@]}"; do - echo "${TAG}" - done + echo "Using commit tags..." alias_tags=("${COMMIT_TAGS[@]}") else - echo "Generated the following build tags: " - for TAG in "${BUILD_TAGS[@]}"; do - echo "${TAG}" - done + echo "Using build tags..." alias_tags=("${BUILD_TAGS[@]}") fi From 1c8b38950da023804b25048ac24be99454a0a31e Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 16:03:50 -0500 Subject: [PATCH 088/101] fix typo --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index f5e62836691..35d3d1d45ec 100644 --- a/Justfile +++ b/Justfile @@ -158,7 +158,7 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin if [[ {{ ghcr }} == "0" ]]; then rm -f /tmp/manifest.json fi - fedora_version=$(just fedora_veresion {{ image }} {{ tag }} {{ flavor }}) + fedora_version=$(just fedora_version {{ image }} {{ tag }} {{ flavor }}) # Verify Base Image with cosign just verify-container "${base_image_name}-main:${fedora_version}" From cfb40450f89778bda4eab9a01138e07183eda22c Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 20:52:11 -0500 Subject: [PATCH 089/101] more just in workflow --- .github/workflows/reusable-build.yml | 96 +++++----------------------- Justfile | 96 ++++++++++++++++++++++++++-- 2 files changed, 104 insertions(+), 88 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index de94901ef48..89ef9d97b00 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -71,67 +71,20 @@ jobs: id: generate-tags shell: bash run: | - set -eou pipefail - # Generate a timestamp for creating an image version history - TIMESTAMP="$(date +%Y%m%d)" - TODAY="$(date +%A)" - WEEKLY="Sunday" - FEDORA_VERSION="$(just fedora_version ${{ matrix.base_name}} ${{ matrix.stream_name}} ${{ matrix.image_flavor}})" - - # Arrays for Tags - COMMIT_TAGS=() - BUILD_TAGS=() - - # Have tags for tracking builds during pull request - SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.number }}-${{ matrix.stream_name }}") - COMMIT_TAGS+=("${SHA_SHORT}-${{ matrix.stream_name }}") - - # Convenience and Default Tags - if [[ "${{ matrix.stream_name }}" =~ stable ]]; then - BUILD_TAGS+=("stable-daily" "stable-daily-${TIMESTAMP}") - echo "DEFAULT_TAG=stable-daily" >> $GITHUB_ENV - else - BUILD_TAGS+=("${{ matrix.stream_name }}" "${{ matrix.stream_name }}-${TIMESTAMP}") - echo "DEFAULT_TAG=${{ matrix.stream_name }}" >> $GITHUB_ENV - fi - - # Weekly Stable / Rebuild Stable on workflow_dispatch - if [[ "${{ matrix.stream_name }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${{ github.event_name }}" =~ scheduled ]]; then - BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ "${{ matrix.stream_name }}" =~ "stable" && "${{ github.event_name }}" =~ workflow_dispatch|workflow_call ]]; then - BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ ! "${{ matrix.stream_name}}" =~ "stable" ]]; then - BUILD_TAGS+=("${FEDORA_VERSION}" "${FEDORA_VERSION}-${TIMESTAMP}") - fi - - # Prepend testing if built on testing branch - if [[ "${{ github.ref_name }}" == "testing" ]]; then - temp=() - for TAG in "${BUILD_TAGS[@]}"; do - temp+=(testing-"$TAG") - done - BUILD_TAGS=(${temp[@]}) - fi - - echo "Generated the following commit tags: " - for TAG in "${COMMIT_TAGS[@]}"; do - echo "${TAG}" - done - echo "Generated the following build tags: " - for TAG in "${BUILD_TAGS[@]}"; do - echo "${TAG}" - done - # Use Commit Tags if PR / Use Build Tags if Not - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - echo "Using commit tags..." - alias_tags=("${COMMIT_TAGS[@]}") - else - echo "Using build tags..." - alias_tags=("${BUILD_TAGS[@]}") - fi - - echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT + set -eoux pipefail + echo "DEFAULT_TAG=$(just generate-default-tag \ + ${{ matrix.base_name }} \ + ${{ matrix.stream_name }} \ + ${{ matrix.image_flavor }} \ + "1")" >> $GITHUB_ENV + + echo "alias_tags=$(just generate-build-tags \ + ${{ matrix.base_name }} \ + ${{ matrix.stream_name }} \ + ${{ matrix.image_flavor }} \ + "1" \ + ${{ github.event.number }} \ + ${{ github.event_name }})" >> $GITHUB_OUTPUT - name: Maximize build space uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 @@ -149,27 +102,8 @@ jobs: shell: bash run: | set -eoux pipefail + sudo just tag-images "${{ env.IMAGE_NAME }}" "${{ env.DEFAULT_TAG }}" "${{ steps.generate-tags.outputs.alias_tags }}" - IMAGE=$(sudo podman inspect localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} | jq -r .[].Id) - sudo podman untag localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} - - for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do - sudo podman tag $IMAGE ${{ env.IMAGE_NAME }}:${tag} - done - - # HWE Tagging - if [[ "${{ matrix.image_flavor }}" =~ hwe ]]; then - - image_name="${{ env.IMAGE_NAME }}" - asus_name="${image_name/hwe/asus}" - surface_name="${image_name/hwe/surface}" - - for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do - sudo podman tag "${IMAGE}" "${asus_name}":${tag} - sudo podman tag "${IMAGE}" "${surface_name}":${tag} - done - fi - sudo podman images - name: Login to GitHub Container Registry if: github.event_name != 'pull_request' diff --git a/Justfile b/Justfile index 35d3d1d45ec..5e02a32cf93 100644 --- a/Justfile +++ b/Justfile @@ -612,12 +612,13 @@ secureboot image="bluefin" tag="latest" flavor="main": just validate "${image}" "${tag}" "${flavor}" + # Image Name + image_name=$(just image_name ${image} ${tag} ${flavor}) + if [[ -n "${temp_tag:-}" ]]; then tag="${temp_tag}" fi - # Image Name - image_name=$(just image_name {{ image }} {{ tag }} {{ flavor }}) # Get the vmlinuz to check kernel_release=$(podman inspect "${image_name}":"${tag}" | jq -r '.[].Config.Labels["ostree.linux"]') @@ -688,9 +689,9 @@ image_name image="bluefin" tag="latest" flavor="main": fi echo "${image_name}" -# Generate Tags Locally +# Generate Tags [group('Utility')] -generate-tags image="bluefin" tag="latest" flavor="main" ghcr="0": +generate-build-tags image="bluefin" tag="latest" flavor="main" ghcr="0" github_number="" github_event="": #!/usr/bin/bash set -eou pipefail # Generate a timestamp for creating an image version history @@ -704,8 +705,17 @@ generate-tags image="bluefin" tag="latest" flavor="main" ghcr="0": # Arrays for Tags BUILD_TAGS=() + COMMIT_TAGS=() - # Convenience and Default Tags + # Commit Tags + github_number="{{ github_number }}" + SHA_SHORT="$(git rev-parse --short HEAD)" + if [[ "{{ ghcr }}" == "1" ]]; then + COMMIT_TAGS+=(pr-${github_number:-}-{{ tag }}) + COMMIT_TAGS+=(${SHA_SHORT}-{{ tag }}) + fi + + # Convenience Tags if [[ "{{ tag }}" =~ stable ]]; then BUILD_TAGS+=("stable-daily" "stable-daily-${TIMESTAMP}") else @@ -713,10 +723,82 @@ generate-tags image="bluefin" tag="latest" flavor="main" ghcr="0": fi # Weekly Stable / Rebuild Stable on workflow_dispatch - if [[ "{{ tag }}" =~ "stable" ]]; then + github_event="{{ github_event }}" + if [[ "{{ tag }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${github_event}" =~ scheduled ]]; then + BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") + elif [[ "{{ tag }}" =~ "stable" && "${github_event}" =~ workflow_dispatch|workflow_call ]]; then + BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") + elif [[ "{{ tag }}" =~ "stable" && "{{ ghcr }}" == "0" ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") elif [[ ! "{{ tag }}" =~ "stable" ]]; then BUILD_TAGS+=("${FEDORA_VERSION}" "${FEDORA_VERSION}-${TIMESTAMP}") fi - echo "${BUILD_TAGS[@]}" + # Prepend testing if built on testing branch + if [[ "$(git rev-parse --abrev-ref HEAD)" == "testing" ]]; then + temp=() + for TAG in "${BUILD_TAGS[@]}"; do + temp+=(testing-"$TAG") + done + BUILD_TAGS=(${temp[@]}) + fi + + if [[ "${github_event}" == "pull_request" ]]; then + alias_tags=("${COMMIT_TAGS[@]}") + else + alias_tags=("${BUILD_TAGS[@]} ${COMMIT_TAGS[@]}") + fi + + echo "${alias_tags[*]}" + +# Generate Default Tag +[group('Utility')] +generate-default-tag image="bluefin" tag="latest" flavor="main" ghcr="0": + #!/usr/bin/bash + set -eou pipefail + if [[ {{ ghcr }} == "0" ]]; then + rm -f /tmp/manifest.json + fi + FEDORA_VERSION="$(just fedora_version {{ image }} {{ tag }} {{ flavor }})" + + # Convenience and Default Tags + if [[ "{{ tag }}" =~ stable && "{{ ghcr }}" == "1" ]]; then + DEFAULT_TAG="stable-daily" + elif [[ "{{ tag }}" =~ stable && "{{ ghcr }}" == "0" ]]; then + DEFAULT_TAG="stable" + else + DEFAULT_TAG="{{ tag }}" + fi + + echo "${DEFAULT_TAG}" + +# Tag Images +[group('Utility')] +tag-images image_name="" default_tag="" tags="" + #!/usr/bin/bash + set -eou pipefail + + # Get Image, and untag + IMAGE=$(podman inspect localhost/{{ image_name }}:{{ default_tag }} | jq -r .[].Id) + podman untag localhost/{{ image_name }}:{{ default_tag }} + + # Tag Image + for tag in {{ tags }}; do + podman tag $IMAGE {{ image_name }}:${tag} + done + + # HWE Tagging + if [[ "{{ image_name }}" =~ hwe ]]; then + + image_name="{{ image_name }}" + asus_name="${image_name/hwe/asus}" + surface_name="${image_name/hwe/surface}" + + for tag in {{ tags }}; do + podman tag "${IMAGE}" "${asus_name}":${tag} + podman tag "${IMAGE}" "${surface_name}":${tag} + done + fi + + # Show Images + podman images \ No newline at end of file From 6500a35451f6de5965fe0e3b3a40b66352d797c1 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 21:02:48 -0500 Subject: [PATCH 090/101] fix workflow --- .github/workflows/reusable-build.yml | 49 ++++++++++++++-------------- Justfile | 12 +++---- 2 files changed, 29 insertions(+), 32 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 89ef9d97b00..623198f8a37 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -71,20 +71,21 @@ jobs: id: generate-tags shell: bash run: | - set -eoux pipefail echo "DEFAULT_TAG=$(just generate-default-tag \ - ${{ matrix.base_name }} \ - ${{ matrix.stream_name }} \ - ${{ matrix.image_flavor }} \ - "1")" >> $GITHUB_ENV + ${{ matrix.stream_name }} \ + "1")" >> $GITHUB_ENV echo "alias_tags=$(just generate-build-tags \ - ${{ matrix.base_name }} \ - ${{ matrix.stream_name }} \ - ${{ matrix.image_flavor }} \ - "1" \ - ${{ github.event.number }} \ - ${{ github.event_name }})" >> $GITHUB_OUTPUT + ${{ matrix.base_name }} \ + ${{ matrix.stream_name }} \ + ${{ matrix.image_flavor }} \ + "1" \ + ${{ github.event.number }} \ + ${{ github.event_name }})" >> $GITHUB_OUTPUT + + echo "Default Tag: ${DEFAULT_TAG}" + echo "Tags for this Action..." + echo "$alias_tags" - name: Maximize build space uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 @@ -95,21 +96,19 @@ jobs: id: build-image shell: bash run: | - sudo just build-pipeline "${{ matrix.base_name }}" "${{ matrix.stream_name }}" "${{ matrix.image_flavor }}" "${{ inputs.kernel_pin }}" + sudo just build-pipeline "${{ matrix.base_name }}" \ + "${{ matrix.stream_name }}" \ + "${{ matrix.image_flavor }}" \ + "${{ inputs.kernel_pin }}" # Tag Images - name: Tag Images shell: bash run: | set -eoux pipefail - sudo just tag-images "${{ env.IMAGE_NAME }}" "${{ env.DEFAULT_TAG }}" "${{ steps.generate-tags.outputs.alias_tags }}" - - - - name: Login to GitHub Container Registry - if: github.event_name != 'pull_request' - run: | - echo ${{ secrets.GITHUB_TOKEN }} | sudo podman login ghcr.io -u ${{ github.actor }} --password-stdin - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin + sudo just tag-images "${{ env.IMAGE_NAME }}" \ + "${{ env.DEFAULT_TAG }}" \ + "${{ steps.generate-tags.outputs.alias_tags }}" # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. # https://github.com/macbre/push-to-ghcr/issues/12 @@ -119,6 +118,12 @@ jobs: with: string: ${{ env.IMAGE_REGISTRY }} + - name: Login to GitHub Container Registry + if: github.event_name != 'pull_request' + run: | + echo ${{ secrets.GITHUB_TOKEN }} | sudo podman login ghcr.io -u ${{ github.actor }} --password-stdin + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin + - name: Push to GHCR id: push if: github.event_name != 'pull_request' @@ -149,10 +154,6 @@ jobs: echo "digest=${digest}" >> $GITHUB_OUTPUT - # Sign container - - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - if: github.event_name != 'pull_request' - - name: Sign container image if: github.event_name != 'pull_request' run: | diff --git a/Justfile b/Justfile index 5e02a32cf93..c3dfde19809 100644 --- a/Justfile +++ b/Justfile @@ -753,15 +753,11 @@ generate-build-tags image="bluefin" tag="latest" flavor="main" ghcr="0" github_n # Generate Default Tag [group('Utility')] -generate-default-tag image="bluefin" tag="latest" flavor="main" ghcr="0": +generate-default-tag tag="latest" ghcr="0": #!/usr/bin/bash set -eou pipefail - if [[ {{ ghcr }} == "0" ]]; then - rm -f /tmp/manifest.json - fi - FEDORA_VERSION="$(just fedora_version {{ image }} {{ tag }} {{ flavor }})" - # Convenience and Default Tags + # Default Tag if [[ "{{ tag }}" =~ stable && "{{ ghcr }}" == "1" ]]; then DEFAULT_TAG="stable-daily" elif [[ "{{ tag }}" =~ stable && "{{ ghcr }}" == "0" ]]; then @@ -774,7 +770,7 @@ generate-default-tag image="bluefin" tag="latest" flavor="main" ghcr="0": # Tag Images [group('Utility')] -tag-images image_name="" default_tag="" tags="" +tag-images image_name="" default_tag="" tags="": #!/usr/bin/bash set -eou pipefail @@ -801,4 +797,4 @@ tag-images image_name="" default_tag="" tags="" fi # Show Images - podman images \ No newline at end of file + podman images From c34c486db11e6dc852a07a7719bd6242a15ca092 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 21:08:40 -0500 Subject: [PATCH 091/101] show outputs for tags --- .github/workflows/reusable-build.yml | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 623198f8a37..5c4ec057fa4 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -71,21 +71,24 @@ jobs: id: generate-tags shell: bash run: | - echo "DEFAULT_TAG=$(just generate-default-tag \ - ${{ matrix.stream_name }} \ - "1")" >> $GITHUB_ENV - - echo "alias_tags=$(just generate-build-tags \ - ${{ matrix.base_name }} \ - ${{ matrix.stream_name }} \ - ${{ matrix.image_flavor }} \ - "1" \ - ${{ github.event.number }} \ - ${{ github.event_name }})" >> $GITHUB_OUTPUT + DEFAULT_TAG=$(just generate-default-tag \ + ${{ matrix.stream_name }} \ + "1") + + alias_tags=$(just generate-build-tags \ + ${{ matrix.base_name }} \ + ${{ matrix.stream_name }} \ + ${{ matrix.image_flavor }} \ + "1" \ + ${{ github.event.number }} \ + ${{ github.event_name }})" echo "Default Tag: ${DEFAULT_TAG}" echo "Tags for this Action..." echo "$alias_tags" + + echo "DEFAULT_TAG=${DEFAULT_TAG}" >> $GITHUB_ENV + echo "alias_tags=${alias_tags}" >> $GITHUB_OUTPUT - name: Maximize build space uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 From c4b3990a49e92bd579b5d69f8f0cbe2371f28537 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 21:12:32 -0500 Subject: [PATCH 092/101] fixup quotes --- .github/workflows/reusable-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 5c4ec057fa4..f0ca06ec095 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -71,11 +71,11 @@ jobs: id: generate-tags shell: bash run: | - DEFAULT_TAG=$(just generate-default-tag \ + DEFAULT_TAG="$(just generate-default-tag \ ${{ matrix.stream_name }} \ - "1") + "1")" - alias_tags=$(just generate-build-tags \ + alias_tags="$(just generate-build-tags \ ${{ matrix.base_name }} \ ${{ matrix.stream_name }} \ ${{ matrix.image_flavor }} \ From 7cc74a2ede70becfe67836994953a88c812a3c05 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 21:51:08 -0500 Subject: [PATCH 093/101] splitup pipeline --- .github/workflows/reusable-build.yml | 27 ++++++++++++++++++++----- Justfile | 30 ++++++++++++++++++++-------- 2 files changed, 44 insertions(+), 13 deletions(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index f0ca06ec095..26f6218216a 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -95,14 +95,31 @@ jobs: with: remove-codeql: true - - name: Build and Rechunk Image + - name: Build Image id: build-image shell: bash run: | - sudo just build-pipeline "${{ matrix.base_name }}" \ - "${{ matrix.stream_name }}" \ - "${{ matrix.image_flavor }}" \ - "${{ inputs.kernel_pin }}" + sudo just build-ghcr "${{ matrix.base_name }}" \ + "${{ matrix.stream_name }}" \ + "${{ matrix.image_flavor }}" \ + "${{ inputs.kernel_pin }}" + + - name: Rechunk Image + id: rechunk-image + shell: bash + run: | + sudo just rechunk "${{ matrix.base_name }}" \ + "${{ matrix.stream_name }}" \ + "${{ matrix.image_flavor }}" \ + "1" + + - name: Secureboot Check + id: secureboot + shell: bash + run: | + sudo just secureboot "${{ matrix.base_name }}" \ + "${{ env.DEFAULT_TAG }}" \ + "${{ matrix.image_flavor }}" # Tag Images - name: Tag Images diff --git a/Justfile b/Justfile index c3dfde19809..988179f481d 100644 --- a/Justfile +++ b/Justfile @@ -116,7 +116,7 @@ sudoif command *args: # Build Image [group('Image')] -build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin="": +build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" pipeline="0" kernel_pin="": #!/usr/bin/bash set -eoux pipefail image={{ image }} @@ -220,7 +220,9 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin . # Rechunk - if [[ "{{ rechunk }}" == "1" && "{{ ghcr }}" == "1" ]]; then + if [[ "{{ rechunk }}" == "1" && "{{ ghcr }}" == "1" && "{{ pipeline }}" == "1" ]]; then + just rechunk "${image}" "${tag}" "${flavor}" 1 1 + elif [[ "{{ rechunk }}" == "1" && "{{ ghcr }}" == "1" ]]; then just rechunk "${image}" "${tag}" "${flavor}" 1 elif [[ "{{ rechunk }}" == "1" ]]; then just rechunk "${image}" "${tag}" "${flavor}" @@ -229,7 +231,17 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" kernel_pin # Build Image and Rechunk [group('Image')] build-rechunk image="bluefin" tag="latest" flavor="main" kernel_pin="": - @just build {{ image }} {{ tag }} {{ flavor }} 1 0 {{ kernel_pin }} + @just build {{ image }} {{ tag }} {{ flavor }} 1 0 0 {{ kernel_pin }} + +# Build Image with GHCR Flag +[group('Production')] +build-ghcr image="bluefin" tag="latest" flavor="main" kernel_pin="": + #!/usr/bin/bash + if [[ "${UID}" -gt "0" ]]; then + echo "Must Run with sudo or as root..." + exit 1 + fi + just build {{ image }} {{ tag }} {{ flavor }} 0 1 0 {{ kernel_pin }} # Build Image for Pipeline: [group('Production')] @@ -239,12 +251,12 @@ build-pipeline image="bluefin" tag="latest" flavor="main" kernel_pin="": echo "Must Run with sudo or as root..." exit 1 fi - just build {{ image }} {{ tag }} {{ flavor }} 1 1 {{ kernel_pin }} + just build {{ image }} {{ tag }} {{ flavor }} 1 1 1 {{ kernel_pin }} # Rechunk Image [group('Image')] [private] -rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": +rechunk image="bluefin" tag="latest" flavor="main" ghcr="0" pipeline="0": #!/usr/bin/bash set -eoux pipefail @@ -277,13 +289,15 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": tag="stable-daily" fi + # Fedora Version + fedora_version=$(just sudoif podman inspect $CREF | jq -r '.[].Config.Labels["ostree.linux"]') + if [[ "{{ ghcr }}" == "1" ]]; then if [[ "${image_name}" =~ bluefin ]]; then base_image_name=silverblue-main elif [[ "${image_name}" =~ aurora ]]; then base_image_name=kinoite-main fi - fedora_version=$(just fedora_version {{ image }} {{ tag }} {{ flavor }}) ID=$(just sudoif podman images --filter reference=ghcr.io/ublue-os/"${base_image_name}":${fedora_version} --format "'{{ '{{.ID}}' }}'") if [[ -n "$ID" ]]; then podman rmi "$ID" @@ -333,7 +347,7 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": --env REPO=/var/ostree/repo \ --env PREV_REF=ghcr.io/ublue-os/"${image_name}":"${tag}" \ --env OUT_NAME="$OUT_NAME" \ - --env LABELS="org.opencontainers.image.title=${image_name}$'\n'org.opencontainers.image.version=localbuild-$(date +%Y%m%d-%H:%M:%S)$'\n''io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/bluefin/refs/heads/main/README.md'$'\n''io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4'$'\n'" \ + --env LABELS="org.opencontainers.image.title=${image_name}$'\n'org.opencontainers.image.version=${fedora_version}.$(date +%Y%m%d)$'\n''io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/bluefin/refs/heads/main/README.md'$'\n''io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4'$'\n'" \ --env "DESCRIPTION='An interpretation of the Ubuntu spirit built on Fedora technology'" \ --env VERSION_FN=/workspace/version.txt \ --env OUT_REF="oci:$OUT_NAME" \ @@ -353,7 +367,7 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0": just sudoif "rm -f previous.manifest.json" # Pipeline Checks - if [[ {{ ghcr }} == "1" ]]; then + if [[ {{ pipeline }} == "1" ]]; then just secureboot "${image}" "${tag}" "${flavor}" fi From 68c9d16c77799e0d51f645b00ace930728986573 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 22:52:50 -0500 Subject: [PATCH 094/101] update changelogs --- .github/changelogs.py | 20 +++++++++++++++----- .github/workflows/build-image-beta.yml | 1 - .github/workflows/build-image-gts.yml | 3 +-- .github/workflows/build-image-latest.yml | 1 - .github/workflows/build-image-stable.yml | 1 - .github/workflows/generate-release.yml | 1 + Justfile | 2 +- 7 files changed, 18 insertions(+), 11 deletions(-) diff --git a/.github/changelogs.py b/.github/changelogs.py index 845602db31c..50dc0464df9 100644 --- a/.github/changelogs.py +++ b/.github/changelogs.py @@ -368,15 +368,25 @@ def generate_changelog( except Exception as e: print(f"Failed to get finish hash:\n{e}") finish = "" + + try: + linux: str = next(iter(manifests.values()))["Labels"][ + "ostree.linux" + ] + start=linux.find(".fc") + 3 + fedora_version=linux[start:start+2] + except Exception as e: + print(f"Failed to get linux version:\n{e}") + fedora_version = "" # Remove .0 from curr curr_pretty = re.sub(r"\.\d{1,2}$", "", curr) # Remove target- from curr - curr_pretty = re.sub(rf"^[a-z]+-", "", curr_pretty) - pretty = target.capitalize() + " (F" + curr_pretty - if finish and target != "stable": - pretty += ", #" + finish[:7] - pretty += ")" + curr_pretty = re.sub(rf"^[a-z]+-|^[0-9]+-", "", curr_pretty) + pretty = target.capitalize() + pretty += " (F" + fedora_version + pretty += "." + curr_pretty + pretty += ", #" + finish[:7] + ")" title = CHANGELOG_TITLE.format_map(defaultdict(str, tag=curr, pretty=pretty)) diff --git a/.github/workflows/build-image-beta.yml b/.github/workflows/build-image-beta.yml index f82d29c8538..1628f017b66 100644 --- a/.github/workflows/build-image-beta.yml +++ b/.github/workflows/build-image-beta.yml @@ -38,7 +38,6 @@ jobs: generate-release: name: Generate Release needs: [build-image-beta] - if: github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name.scheduled == '40 4 * * 0' secrets: inherit uses: ./.github/workflows/generate-release.yml with: diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index fecad3d02c6..199256ea1e1 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -7,7 +7,7 @@ on: paths-ignore: - "**.md" schedule: - - cron: "41 5 * * 0" # 5:41 UTC Weekly on Sundays + - cron: "45 5 * * 0" # 5:45 UTC Weekly on Sundays workflow_dispatch: workflow_call: @@ -27,7 +27,6 @@ jobs: generate_release: name: Generate Release needs: [build-image-gts] - if: github.event_name == 'scheduled' || github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' secrets: inherit uses: ./.github/workflows/generate-release.yml with: diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 12eafedf522..96963a275cb 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -39,7 +39,6 @@ jobs: generate-release: name: Generate Release needs: [build-image-latest] - if: github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name.scheduled == '40 4 * * 0' secrets: inherit uses: ./.github/workflows/generate-release.yml with: diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index 822bc2a8624..97c9eecea5c 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -38,7 +38,6 @@ jobs: generate-release: name: Generate Release needs: [build-image-stable] - if: github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name.scheduled == '45 5 * * 0' secrets: inherit uses: ./.github/workflows/generate-release.yml with: diff --git a/.github/workflows/generate-release.yml b/.github/workflows/generate-release.yml index c5249e14597..66468a5ddd0 100644 --- a/.github/workflows/generate-release.yml +++ b/.github/workflows/generate-release.yml @@ -76,6 +76,7 @@ jobs: - name: Create Release uses: softprops/action-gh-release@v2 + if: github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name.scheduled == '40 4 * * 0' || github.event_name.scheduled == '45 5 * * 0' with: name: ${{ steps.generate-release-text.outputs.title }} tag_name: ${{ steps.generate-release-text.outputs.tag }} diff --git a/Justfile b/Justfile index 988179f481d..7e4e89b36a2 100644 --- a/Justfile +++ b/Justfile @@ -744,7 +744,7 @@ generate-build-tags image="bluefin" tag="latest" flavor="main" ghcr="0" github_n BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") elif [[ "{{ tag }}" =~ "stable" && "{{ ghcr }}" == "0" ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") - elif [[ ! "{{ tag }}" =~ "stable" ]]; then + elif [[ ! "{{ tag }}" =~ stable|beta ]]; then BUILD_TAGS+=("${FEDORA_VERSION}" "${FEDORA_VERSION}-${TIMESTAMP}") fi From bd40d7c0fd6f508aecede1d8bfe3d36c564392f8 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 9 Nov 2024 23:35:43 -0500 Subject: [PATCH 095/101] fix rechunk --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index 7e4e89b36a2..5aa49afec7c 100644 --- a/Justfile +++ b/Justfile @@ -290,7 +290,7 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0" pipeline="0": fi # Fedora Version - fedora_version=$(just sudoif podman inspect $CREF | jq -r '.[].Config.Labels["ostree.linux"]') + fedora_version=$(just sudoif podman inspect $CREF | jq -r '.[].Config.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') if [[ "{{ ghcr }}" == "1" ]]; then if [[ "${image_name}" =~ bluefin ]]; then From 2bf12511b2d0636a968d2e425b7fd24c4db112e2 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sun, 10 Nov 2024 00:06:37 -0500 Subject: [PATCH 096/101] reorder generate-release workflow --- .github/workflows/generate-release.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/generate-release.yml b/.github/workflows/generate-release.yml index 66468a5ddd0..370671bfeaa 100644 --- a/.github/workflows/generate-release.yml +++ b/.github/workflows/generate-release.yml @@ -45,6 +45,11 @@ jobs: version: ${{ fromJson( inputs.stream_name ) }} steps: + - name: Checkout last 500 commits (for to work) + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + with: + fetch-depth: 500 + - name: Install Just shell: bash run: | @@ -60,11 +65,6 @@ jobs: run: | just check - - name: Checkout last 500 commits (fot to work) - uses: actions/checkout@v4 - with: - fetch-depth: 500 - - name: Generate Release Text id: generate-release-text shell: bash From 370ef53ad76fc03dab13f3f3d2d9697630cf2a98 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sun, 10 Nov 2024 01:27:36 -0500 Subject: [PATCH 097/101] remove whitespace; fix schedule --- .github/changelogs.py | 1 - .github/workflows/build-image-gts.yml | 2 +- .github/workflows/build-image-latest.yml | 2 +- .github/workflows/build-image-stable.yml | 2 +- .github/workflows/generate-release.yml | 2 +- Justfile | 15 +++++++-------- 6 files changed, 11 insertions(+), 13 deletions(-) diff --git a/.github/changelogs.py b/.github/changelogs.py index 50dc0464df9..a7c796e5a3a 100644 --- a/.github/changelogs.py +++ b/.github/changelogs.py @@ -368,7 +368,6 @@ def generate_changelog( except Exception as e: print(f"Failed to get finish hash:\n{e}") finish = "" - try: linux: str = next(iter(manifests.values()))["Labels"][ "ostree.linux" diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index 199256ea1e1..f4116ae76db 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -35,6 +35,6 @@ jobs: build-iso-gts: name: Build GTS ISOs needs: [build-image-gts] - if: github.event_name == 'scheduled' + if: github.event_name == 'schedule' secrets: inherit uses: ./.github/workflows/build-iso-gts.yml diff --git a/.github/workflows/build-image-latest.yml b/.github/workflows/build-image-latest.yml index 96963a275cb..b91cecf2d64 100644 --- a/.github/workflows/build-image-latest.yml +++ b/.github/workflows/build-image-latest.yml @@ -47,6 +47,6 @@ jobs: build-iso-latest: name: Build Latest ISOs needs: [build-image-latest] - if: github.event_name.scheduled == '40 4 * * 0' + if: github.event_name.schedule == '40 4 * * 0' secrets: inherit uses: ./.github/workflows/build-iso-latest.yml diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index 97c9eecea5c..9eb1e45be10 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -46,6 +46,6 @@ jobs: build-iso-stable: name: Build Stable ISOs needs: [build-image-stable] - if: github.event_name.scheduled == '45 5 * * 0' + if: github.event_name.schedule == '45 5 * * 0' secrets: inherit uses: ./.github/workflows/build-iso-stable.yml diff --git a/.github/workflows/generate-release.yml b/.github/workflows/generate-release.yml index 370671bfeaa..6a12413e3f2 100644 --- a/.github/workflows/generate-release.yml +++ b/.github/workflows/generate-release.yml @@ -76,7 +76,7 @@ jobs: - name: Create Release uses: softprops/action-gh-release@v2 - if: github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || github.event_name.scheduled == '40 4 * * 0' || github.event_name.scheduled == '45 5 * * 0' + if: contains(fromJson('["workflow_dispatch", "workflow_call"]'), github.event_name) || contains(fromJson('["45 5 * * 0", "40 4 * * 0"]'), github.event_name.schedule) with: name: ${{ steps.generate-release-text.outputs.title }} tag_name: ${{ steps.generate-release-text.outputs.tag }} diff --git a/Justfile b/Justfile index 5aa49afec7c..8926589d66f 100644 --- a/Justfile +++ b/Justfile @@ -284,30 +284,29 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0" pipeline="0": # Prep Container CREF=$(just sudoif podman create localhost/"${image_name}":"${tag}" bash) - if [[ "{{ ghcr }}" == 1 && "${tag}" == "stable" ]]; then - old_tag="${tag}" - tag="stable-daily" - fi + OLD_IMAGE=$(just sudoif podman inspect $CREF | jq -r '.[].Image') + OUT_NAME="${image_name}_build" + MOUNT=$(just sudoif podman mount "${CREF}") # Fedora Version fedora_version=$(just sudoif podman inspect $CREF | jq -r '.[].Config.Labels["ostree.linux"]' | grep -oP 'fc\K[0-9]+') + # Cleanup Space during Github Action if [[ "{{ ghcr }}" == "1" ]]; then if [[ "${image_name}" =~ bluefin ]]; then base_image_name=silverblue-main elif [[ "${image_name}" =~ aurora ]]; then base_image_name=kinoite-main fi + if [[ "${tag}" =~ stable ]]; then + tag="stable-daily" + fi ID=$(just sudoif podman images --filter reference=ghcr.io/ublue-os/"${base_image_name}":${fedora_version} --format "'{{ '{{.ID}}' }}'") if [[ -n "$ID" ]]; then podman rmi "$ID" fi - OLD_IMAGE=$(podman inspect $CREF | jq -r '.[].Image') fi - OUT_NAME="${image_name}_build" - MOUNT=$(just sudoif podman mount "${CREF}") - # Rechunk Container rechunker="{{ rechunker_image }}" From c290d78ce186a6288bff4e521947f0113651440e Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sun, 10 Nov 2024 01:59:51 -0500 Subject: [PATCH 098/101] remove testing tags, fix build-iso --- .github/workflows/reusable-build-iso.yml | 8 ++++---- Justfile | 11 +---------- 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/.github/workflows/reusable-build-iso.yml b/.github/workflows/reusable-build-iso.yml index 0cd62051c33..8764fa97da9 100644 --- a/.github/workflows/reusable-build-iso.yml +++ b/.github/workflows/reusable-build-iso.yml @@ -34,9 +34,6 @@ jobs: stream_name: ["${{ inputs.stream_name }}"] steps: - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 - - name: Checkout Repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 @@ -55,10 +52,13 @@ jobs: run: | just check + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 + - name: Build ISO shell: bash run: | - image_name="$(just image_name ${{ matrix.base_name }} ${{ matrix.image_flavor }})" + image_name="$(just image_name ${{ matrix.base_name }} ${{ matrix.stream_name }} ${{ matrix.image_flavor }})" sudo just build-iso-ghcr "${{ matrix.base_name }} ${{ matrix.stream_name }} ${{ matrix.image_flavor }}" echo "IMAGE_NAME=${image_name}" >> $GITHUB_ENV echo "ISO_BUILD_DIR=${{ github.workspace }}/${image_name}_build" >> $GITHUB_ENV diff --git a/Justfile b/Justfile index 8926589d66f..139649827a2 100644 --- a/Justfile +++ b/Justfile @@ -747,19 +747,10 @@ generate-build-tags image="bluefin" tag="latest" flavor="main" ghcr="0" github_n BUILD_TAGS+=("${FEDORA_VERSION}" "${FEDORA_VERSION}-${TIMESTAMP}") fi - # Prepend testing if built on testing branch - if [[ "$(git rev-parse --abrev-ref HEAD)" == "testing" ]]; then - temp=() - for TAG in "${BUILD_TAGS[@]}"; do - temp+=(testing-"$TAG") - done - BUILD_TAGS=(${temp[@]}) - fi - if [[ "${github_event}" == "pull_request" ]]; then alias_tags=("${COMMIT_TAGS[@]}") else - alias_tags=("${BUILD_TAGS[@]} ${COMMIT_TAGS[@]}") + alias_tags=("${BUILD_TAGS[@]}") fi echo "${alias_tags[*]}" From 7a51e0ea479e2ac37d635d773b4f4d191172ef25 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 10 Nov 2024 11:14:04 -0500 Subject: [PATCH 099/101] remove old image earlier in rechunk, permissions for running locally --- Justfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Justfile b/Justfile index 139649827a2..da41c2105fb 100644 --- a/Justfile +++ b/Justfile @@ -335,6 +335,7 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0" pipeline="0": # Cleanup Temp Container Reference just sudoif podman unmount "$CREF" just sudoif podman rm "$CREF" + just sudoif podman rmi "$OLD_IMAGE" # Run Rechunker just sudoif podman run --rm \ @@ -356,7 +357,9 @@ rechunk image="bluefin" tag="latest" flavor="main" ghcr="0" pipeline="0": /sources/rechunk/3_chunk.sh # Load Image into Podman Store - just sudoif podman rmi "$OLD_IMAGE" + if [[ "${UID}" -gt "0" ]]; then + just sudoif chown "${UID}:${GROUPS}" -R "${PWD}" + fi IMAGE=$(podman pull oci:"${PWD}"/"${OUT_NAME}") podman tag ${IMAGE} localhost/"${image_name}":"${tag}" From 5eddfce2701c85bfcd823cf67ceec29ff9b3532f Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 10 Nov 2024 11:59:39 -0500 Subject: [PATCH 100/101] schedule not scheduled --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index da41c2105fb..69d13a58ce0 100644 --- a/Justfile +++ b/Justfile @@ -740,7 +740,7 @@ generate-build-tags image="bluefin" tag="latest" flavor="main" ghcr="0" github_n # Weekly Stable / Rebuild Stable on workflow_dispatch github_event="{{ github_event }}" - if [[ "{{ tag }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${github_event}" =~ scheduled ]]; then + if [[ "{{ tag }}" =~ "stable" && "${WEEKLY}" == "${TODAY}" && "${github_event}" =~ schedule ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") elif [[ "{{ tag }}" =~ "stable" && "${github_event}" =~ workflow_dispatch|workflow_call ]]; then BUILD_TAGS+=("stable" "stable-${TIMESTAMP}") From d20605c18c7345ae6948bfc3fc138fbc77d31ec7 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sun, 10 Nov 2024 17:18:33 -0500 Subject: [PATCH 101/101] fix skopeo permissions --- .github/workflows/reusable-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 26f6218216a..a37cbfb745c 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -170,7 +170,7 @@ jobs: done fi - digest=$(skopeo inspect docker://${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} --format '{{.Digest}}') + digest=$(sudo skopeo inspect docker://${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} --format '{{.Digest}}') echo "digest=${digest}" >> $GITHUB_OUTPUT