actions/build-container-installer
1
0
Fork 0
mirror of https://github.com/JasonN3/build-container-installer.git synced 2025-12-25 10:57:55 +01:00
Code Releases Activity

Merge branch 'main' into add_secure_boot

Browse source
This commit is contained in:
Jason N 2024-03-19 13:29:25 -04:00 committed by GitHub
commit 71ce08cc52
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 745 additions and 531 deletions
Download patch file Download diff file Expand all files Collapse all files

95
.github/workflows/bot_commands.yml vendored Normal file
View file

@ -0,0 +1,95 @@
name: Bot commands
on: issue_comment
jobs:
permissions:
name: Check Permissions
runs-on: ubuntu-latest
steps:
- name: Check association
run: |
allowed=("OWNER" "COLLABORATOR")
value="\<${{ github.event.issue.author_association }}\>"
if [[ ${allowed[@]} =~ $value ]]
then
exit 0
else
exit 1
fi
load_vars:
uses: ./.github/workflows/build_vars.yml
run-all_tests:
name: Run All Tests
if: >
github.event.issue.pull_request &&
contains(github.event.comment.body, '/run tests')
permissions:
contents: read
packages: write
statuses: write
needs:
- permissions
uses: ./.github/workflows/tests.yml
with:
pr: ${{ github.event.issue.number }}
parent_job_name: Run All Tests
run_build_container:
name: Run Build Container
if: >
github.event.issue.pull_request &&
contains(github.event.comment.body, '/run build container')
permissions:
contents: read
packages: write
statuses: write
needs:
- permissions
uses: ./.github/workflows/build_container.yml
with:
pr: ${{ github.event.issue.number }}
parent_job_name: Run Build Container
run_test_iso:
name: Run ISO Tests
if: >
github.event.issue.pull_request &&
contains(github.event.comment.body, '/run test iso')
permissions:
contents: read
packages: write
statuses: write
needs:
- permissions
- load_vars
uses: ./.github/workflows/test_iso.yml
with:
pr: ${{ github.event.issue.number }}
parent_job_name: Run ISO Tests
iso_name-38: ${{ needs.load_vars.outputs.IMAGE_NAME }}-38.iso
iso_name-39: ${{ needs.load_vars.outputs.IMAGE_NAME }}-39.iso
iso_name-40: ${{ needs.load_vars.outputs.IMAGE_NAME }}-40.iso
run_test_deployment:
name: Run ISO Deployment Tests
if: >
github.event.issue.pull_request &&
contains(github.event.comment.body, '/run test iso')
permissions:
contents: read
packages: write
statuses: write
needs:
- permissions
- load_vars
- run_test_iso
uses: ./.github/workflows/test_deployment.yml
with:
pr: ${{ github.event.issue.number }}
parent_job_name: Run ISO Deployment Tests
iso_name-38: ${{ needs.load_vars.outputs.IMAGE_NAME }}-38.iso
iso_name-39: ${{ needs.load_vars.outputs.IMAGE_NAME }}-39.iso
iso_name-40: ${{ needs.load_vars.outputs.IMAGE_NAME }}-40.iso

34
.github/workflows/bot_run_tests.yml vendored
View file

@ -1,34 +0,0 @@
name: Run tests on PR
on: issue_comment
jobs:
pr_commented:
name: Check Permissions
if: >
github.event.issue.pull_request &&
contains(github.event.comment.body, '/run tests')
runs-on: ubuntu-latest
steps:
- name: Check association
run: |
allowed=("OWNER" "COLLABORATOR")
value="\<${{ github.event.issue.author_association }}\>"
if [[ ${allowed[@]} =~ $value ]]
then
exit 0
else
exit 1
fi
run-tests:
name: Run Tests
permissions:
contents: read
packages: write
statuses: write
needs:
- pr_commented
uses: ./.github/workflows/build-and-test.yml
with:
pr: ${{ github.event.issue.number }}

491
.github/workflows/build-and-test.yml vendored
View file

@ -1,491 +0,0 @@
name: Tests
on:
push:
branches:
- 'main'
tags:
- 'v*'
pull_request:
workflow_call:
inputs:
pr:
required: true
type: string
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
# Test Values
env:
ARCH: 'x86_64'
IMAGE_NAME: 'base'
IMAGE_REPO: 'quay.io/fedora-ostree-desktops'
IMAGE_TAG: '39'
VARIANT: 'Server'
FLATPAK_REMOTE_REFS_DIR: flatpak_refs
SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
ENROLLMENT_PASSWORD: 'container-installer'
jobs:
build-container:
if: >
github.event_name == 'push' ||
github.event_name == 'issue_comment' ||
( github.event_name == 'pull_request' &&
contains(github.event.pull_request.labels.*.name, 'auto-test') )
name: Build Container Image
env:
JOB_NAME: Build Container Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
statuses: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
fetch-depth: 0
fetch-tags: 'true'
- name: Switch branch
if: inputs.pr
env:
GITHUB_USER: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
run: |
sudo apt-get update
sudo apt-get install -y hub
hub pr checkout ${{ inputs.pr }}
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Get Current Job Log URL
if: inputs.pr && always()
uses: Tiryoh/gha-jobid-action@v1
id: jobs
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
job_name: "Run Tests / ${{ env.JOB_NAME }}"
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Buildah Build
id: build-image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: Containerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Push image
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
build-and-push-iso:
name: Build ISO
env:
JOB_NAME: Build ISO
runs-on: ubuntu-latest
needs:
- build-container
permissions:
contents: read
packages: write
statuses: write
continue-on-error: false
strategy:
fail-fast: false
matrix:
version:
- 38
- 39
- 40
outputs:
iso_name-38: ${{ steps.save_output.outputs.iso_name-38 }}
iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }}
iso_name-40: ${{ steps.save_output.outputs.iso_name-40 }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Switch branch
if: inputs.pr
env:
GITHUB_USER: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
run: |
sudo apt-get update
sudo apt-get install -y hub
hub pr checkout ${{ inputs.pr }}
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Get Current Job Log URL
if: inputs.pr && always()
uses: Tiryoh/gha-jobid-action@v1
id: jobs
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
job_name: "Run Tests / ${{ env.JOB_NAME }}"
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v6
with:
string: ${{ env.IMAGE_REPO }}
- name: Get image version
id: meta
uses: docker/metadata-action@v5
with:
tags: |
type=ref,event=branch
type=ref,event=pr
- name: Build ISO
uses: ./
id: build
with:
arch: ${{ env.ARCH}}
image_name: ${{ env.IMAGE_NAME}}
image_repo: ${{ env.IMAGE_REPO}}
image_tag: ${{ matrix.version }}
version: ${{ matrix.version }}
variant: ${{ env.VARIANT }}
flatpak_remote_refs_dir: /github/workspace/${{ env.FLATPAK_REMOTE_REFS_DIR }}
secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }}
enrollment_password: ${{ env.ENROLLMENT_PASSWORD }}
iso_name: ${{ env.IMAGE_NAME }}-${{ matrix.version }}-${{ github.event.pull_request.number || github.ref }}.iso
- name: Save output
id: save_output
shell: bash
run: |
echo "iso_name-${{ matrix.version }}=${{ steps.build.outputs.iso_name}}" >> $GITHUB_OUTPUT
- name: Upload ISO as artifact
id: upload
uses: actions/upload-artifact@v4
with:
name: ${{ steps.build.outputs.iso_name }}
path: |
${{ steps.build.outputs.iso_path }}
${{ steps.build.outputs.iso_path }}-CHECKSUM
if-no-files-found: error
retention-days: 0
compression-level: 0
overwrite: true
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
test-iso:
name: Test ISO
env:
JOB_NAME: Test ISO
runs-on: ubuntu-latest
needs:
- build-and-push-iso
permissions:
contents: read
statuses: write
continue-on-error: false
strategy:
fail-fast: false
matrix:
version:
- 38
- 39
- 40
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Switch branch
if: inputs.pr
env:
GITHUB_USER: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
run: |
sudo apt-get update
sudo apt-get install -y hub
hub pr checkout ${{ inputs.pr }}
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Get Current Job Log URL
if: inputs.pr && always()
uses: Tiryoh/gha-jobid-action@v1
id: jobs
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
job_name: "Run Tests / ${{ env.JOB_NAME }}"
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
- name: Install test tools
run: |
sudo apt-get update
sudo apt-get install -y make
sudo make install-test-deps PACKAGE_MANAGER=apt-get
- name: Download generated ISO
uses: actions/download-artifact@v4
with:
name: ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}
- name: Verify ISO
run: |
checkisomd5 ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}
sha256sum -c ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}-CHECKSUM
- name: Run ISO checks
run: |
mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso
make test-iso \
ARCH=${{ env.ARCH}} \
IMAGE_NAME=${{ env.IMAGE_NAME}} \
IMAGE_REPO=${{ env.IMAGE_REPO}} \
IMAGE_TAG=${{ matrix.version }} \
VERSION=${{ matrix.version }} \
VARIANT=${{ env.VARIANT }} \
FLATPAK_REMOTE_REFS_DIR=${{ env.FLATPAK_REMOTE_REFS_DIR }} \
SECURE_BOOT_KEY_URL=${{ env.SECURE_BOOT_KEY_URL }} \
ENROLLMENT_PASSWORD=${{ env.ENROLLMENT_PASSWORD }}
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
test-deployment:
name: Test deployment
env:
JOB_NAME: Test deployment
runs-on: ubuntu-latest
needs:
- build-and-push-iso
permissions:
contents: read
statuses: write
continue-on-error: false
strategy:
fail-fast: false
matrix:
version:
- 38
- 39
- 40
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Switch branch
if: inputs.pr
env:
GITHUB_USER: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
run: |
sudo apt-get update
sudo apt-get install -y hub
hub pr checkout ${{ inputs.pr }}
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Get Current Job Log URL
if: inputs.pr && always()
uses: Tiryoh/gha-jobid-action@v1
id: jobs
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
job_name: "Run Tests / ${{ env.JOB_NAME }}"
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
- name: Install test tools
run: |
sudo apt-get update
sudo apt-get install -y make
sudo make install-test-deps PACKAGE_MANAGER=apt-get
- name: Download generated ISO
uses: actions/download-artifact@v4
with:
name: ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}
- name: Add Kickstart and Grub options to ISO
run: |
mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso
sudo mkdir /mnt/iso || true
sudo mount -o loop deploy.iso /mnt/iso
cp /mnt/iso/boot/grub2/grub.cfg grub.cfg
sudo umount /mnt/iso
sed -i 's/quiet/console=ttyS0,115200n8 inst.ks=cdrom:\/ks.cfg/' grub.cfg
sed -i 's/set default="1"/set default="0"/' grub.cfg
sed -i 's/set timeout=60/set timeout=1/' grub.cfg
cat << EOF > ks.cfg
lang en_US.UTF-8
keyboard us
timezone Americas/New_York
zerombr
clearpart --all --initlabel
autopart
poweroff
user --name=core --groups=wheel --password=foobar
%include /usr/share/anaconda/interactive-defaults.ks
EOF
xorriso -dialog on << EOF
-indev deploy.iso
-outdev test.iso
-boot_image any replay
-map ks.cfg ks.cfg
-chmod 0444 ks.cfg
-map grub.cfg boot/grub2/grub.cfg
-end
EOF
- name: Create VM disk
run: |
qemu-img create -f qcow2 disk.qcow2 50G
- name: Install the test VM
run: |
timeout 1h qemu-system-x86_64 -name "Anaconda" -boot d -m 4096 -cpu qemu64 -display none -cdrom test.iso -smp 2 -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & QEMU_PID=$!
echo "PID: $QEMU_PID"
timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done"
(nc localhost 4321 | tee vm.stdout) &
wait $QEMU_PID
- name: Start the test VM
env:
VM_USER: core
VM_PASS: foobar
VM_IP: "127.0.0.1"
VM_PORT: "5555"
run: |
mkfifo vm.stdin
qemu-system-x86_64 -name "Anaconda" \
-m 4096 -cpu qemu64 -display none -smp 2 \
-chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0 \
-device e1000,netdev=net0 \
-netdev user,id=net0,hostfwd=tcp::${VM_PORT}-:22 \
-device virtio-serial \
-device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \
-boot c -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & export QEMU_PID=$!
echo "PID: $QEMU_PID"
timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done"
(tail -f vm.stdin | nc localhost 4321 | tee vm.stdout) &
timeout 30m bash -c "while ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}); do sleep 1; done"
if ! (echo > /dev/tcp/${VM_IP}/${VM_PORT})
then
echo "SSH must be installed and enabled inside the container"
fi
echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}"
make test-vm VM_IP=${VM_IP} VM_PORT=${VM_PORT} VM_USER=${VM_USER} VM_PASS=${VM_PASS} \
ARCH=${{ env.ARCH}} \
IMAGE_NAME=${{ env.IMAGE_NAME}} \
IMAGE_REPO=${{ env.IMAGE_REPO}} \
IMAGE_TAG=${{ matrix.version }} \
VERSION=${{ matrix.version }} \
VARIANT=${{ env.VARIANT }} \
FLATPAK_REMOTE_REFS_DIR=${{ env.FLATPAK_REMOTE_REFS_DIR }} \
SECURE_BOOT_KEY_URL=${{ env.SECURE_BOOT_KEY_URL }} \
ENROLLMENT_PASSWORD=${{ env.ENROLLMENT_PASSWORD }}
kill $QEMU_PID
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}

110
.github/workflows/build_container.yml vendored Normal file
View file

@ -0,0 +1,110 @@
on:
workflow_call:
inputs:
pr:
required: false
type: string
parent_job_name:
required: true
type: string
jobs:
build-container:
if: >
github.event_name == 'push' ||
github.event_name == 'issue_comment' ||
( github.event_name == 'pull_request' &&
contains(github.event.pull_request.labels.*.name, 'auto-test') )
name: Build Container Image
env:
JOB_NAME: Build Container Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
statuses: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
fetch-depth: 0
fetch-tags: 'true'
- name: Switch branch
if: inputs.pr
env:
GITHUB_USER: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
run: |
sudo apt-get update
sudo apt-get install -y hub
hub pr checkout ${{ inputs.pr }}
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Get Current Job Log URL
if: inputs.pr && always()
uses: Tiryoh/gha-jobid-action@v1
id: jobs
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}"
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: pending
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
- name: Docker meta
if: inputs.pr == ''
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Docker meta for PR
if: inputs.pr
id: meta_pr
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
pr-${{ inputs.pr }}
- name: Buildah Build
id: build-image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: Containerfile
tags: ${{ steps.meta.outputs.tags || steps.meta_pr.outputs.tags }}
labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }}
- name: Push image
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}

140
.github/workflows/build_iso.yml vendored Normal file
View file

@ -0,0 +1,140 @@
on:
workflow_call:
inputs:
pr:
required: false
type: string
parent_job_name:
required: true
type: string
outputs:
iso_name-38:
description: "Version 38 ISO Name"
value: ${{ jobs.build_iso.outputs.iso_name-38 }}
iso_name-39:
description: "Version 39 ISO Name"
value: ${{ jobs.build_iso.outputs.iso_name-39 }}
iso_name-40:
description: "Version 40 ISO Name"
value: ${{ jobs.build_iso.outputs.iso_name-40 }}
jobs:
load_vars:
name: Load Variables
uses: ./.github/workflows/build_vars.yml
build_iso:
name: Build ISO
env:
JOB_NAME: Build ISO
runs-on: ubuntu-latest
needs:
- load_vars
permissions:
contents: read
packages: write
statuses: write
continue-on-error: false
strategy:
fail-fast: false
matrix:
version:
- 38
- 39
- 40
outputs:
iso_name-38: ${{ steps.save_output.outputs.iso_name-38 }}
iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }}
iso_name-40: ${{ steps.save_output.outputs.iso_name-40 }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Switch branch
if: inputs.pr
env:
GITHUB_USER: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
run: |
sudo apt-get update
sudo apt-get install -y hub
hub pr checkout ${{ inputs.pr }}
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Get Current Job Log URL
if: inputs.pr && always()
uses: Tiryoh/gha-jobid-action@v1
id: jobs
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})"
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: pending
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v6
with:
string: ${{ needs.load_vars.outputs.IMAGE_REPO }}
- name: Get image version
id: meta
uses: docker/metadata-action@v5
with:
tags: |
type=ref,event=branch
type=ref,event=pr
- name: Build ISO
uses: ./
id: build
with:
arch: ${{ needs.load_vars.outputs.ARCH }}
image_name: ${{ needs.load_vars.outputs.IMAGE_NAME }}
image_repo: ${{ needs.load_vars.outputs.IMAGE_REPO }}
image_tag: ${{ matrix.version }}
version: ${{ matrix.version }}
variant: ${{ needs.load_vars.outputs.VARIANT }}
flatpak_remote_refs_dir: /github/workspace/${{ needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR }}
secure_boot_key_url: ${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }}
enrollment_password: ${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }}
iso_name: ${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}.iso
- name: Save output
id: save_output
shell: bash
run: |
echo "iso_name-${{ matrix.version }}=${{ steps.build.outputs.iso_name}}" >> $GITHUB_OUTPUT
- name: Upload ISO as artifact
id: upload
uses: actions/upload-artifact@v4
with:
name: ${{ steps.build.outputs.iso_name }}
path: |
${{ steps.build.outputs.iso_path }}
${{ steps.build.outputs.iso_path }}-CHECKSUM
if-no-files-found: error
retention-days: 0
compression-level: 0
overwrite: true
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }} (${{ matrix.version }})
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}

29
.github/workflows/build_vars.yml vendored Normal file
View file

@ -0,0 +1,29 @@
on:
workflow_call:
outputs:
ARCH:
value: 'x86_64'
IMAGE_NAME:
value: 'base'
IMAGE_REPO:
value: 'quay.io/fedora-ostree-desktops'
IMAGE_TAG:
value: '39'
VARIANT:
value: 'Server'
FLATPAK_REMOTE_REFS_DIR:
value: flatpak_refs
SECURE_BOOT_KEY_URL:
value: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
ENROLLMENT_PASSWORD:
value: 'container-installer'
jobs:
load-vars:
name: Load Variables
runs-on: ubuntu-latest
steps:
- name: Sucess
run:
echo "Vars loaded"

184
.github/workflows/test_deployment.yml vendored Normal file
View file

@ -0,0 +1,184 @@
on:
workflow_call:
inputs:
pr:
required: true
type: string
parent_job_name:
required: true
type: string
iso_name-38:
required: true
type: string
iso_name-39:
required: true
type: string
iso_name-40:
required: true
type: string
jobs:
load_vars:
name: Load Variables
uses: ./.github/workflows/build_vars.yml
test-deployment:
name: Test deployment
env:
JOB_NAME: Test deployment
runs-on: ubuntu-latest
needs:
- load_vars
permissions:
contents: read
statuses: write
continue-on-error: false
strategy:
fail-fast: false
matrix:
version:
- 38
- 39
- 40
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Switch branch
if: inputs.pr
env:
GITHUB_USER: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
run: |
sudo apt-get update
sudo apt-get install -y hub
hub pr checkout ${{ inputs.pr }}
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Get Current Job Log URL
if: inputs.pr && always()
uses: Tiryoh/gha-jobid-action@v1
id: jobs
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})"
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: pending
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
- name: Install test tools
run: |
sudo apt-get update
sudo apt-get install -y make
sudo make install-test-deps PACKAGE_MANAGER=apt-get
- name: Download generated ISO
uses: actions/download-artifact@v4
with:
name: ${{ inputs[format('iso_name-{0}', matrix.version)] }}
- name: Add Kickstart and Grub options to ISO
run: |
mv ${{ inputs[format('iso_name-{0}', matrix.version)] }} deploy.iso
sudo mkdir /mnt/iso || true
sudo mount -o loop deploy.iso /mnt/iso
cp /mnt/iso/boot/grub2/grub.cfg grub.cfg
sudo umount /mnt/iso
sed -i 's/quiet/console=ttyS0,115200n8 inst.ks=cdrom:\/ks.cfg/' grub.cfg
sed -i 's/set default="1"/set default="0"/' grub.cfg
sed -i 's/set timeout=60/set timeout=1/' grub.cfg
cat << EOF > ks.cfg
lang en_US.UTF-8
keyboard us
timezone Americas/New_York
zerombr
clearpart --all --initlabel
autopart
poweroff
user --name=core --groups=wheel --password=foobar
%include /usr/share/anaconda/interactive-defaults.ks
EOF
xorriso -dialog on << EOF
-indev deploy.iso
-outdev test.iso
-boot_image any replay
-map ks.cfg ks.cfg
-chmod 0444 ks.cfg
-map grub.cfg boot/grub2/grub.cfg
-end
EOF
- name: Create VM disk
run: |
qemu-img create -f qcow2 disk.qcow2 50G
- name: Install the test VM
run: |
timeout 1h qemu-system-x86_64 -name "Anaconda" -boot d -m 4096 -cpu qemu64 -display none -cdrom test.iso -smp 2 -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & QEMU_PID=$!
echo "PID: $QEMU_PID"
timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done"
(nc localhost 4321 | tee vm.stdout) &
wait $QEMU_PID
- name: Start the test VM
env:
VM_USER: core
VM_PASS: foobar
VM_IP: "127.0.0.1"
VM_PORT: "5555"
run: |
mkfifo vm.stdin
qemu-system-x86_64 -name "Anaconda" \
-m 4096 -cpu qemu64 -display none -smp 2 \
-chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0 \
-device e1000,netdev=net0 \
-netdev user,id=net0,hostfwd=tcp::${VM_PORT}-:22 \
-device virtio-serial \
-device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \
-boot c -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & export QEMU_PID=$!
echo "PID: $QEMU_PID"
timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done"
(tail -f vm.stdin | nc localhost 4321 | tee vm.stdout) &
timeout 30m bash -c "while ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}); do sleep 1; done"
if ! (echo > /dev/tcp/${VM_IP}/${VM_PORT})
then
echo "SSH must be installed and enabled inside the container"
fi
echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}"
make test-vm VM_IP=${VM_IP} VM_PORT=${VM_PORT} VM_USER=${VM_USER} VM_PASS=${VM_PASS} \
ARCH=${{ needs.load_vars.outputs.ARCH}} \
IMAGE_NAME=${{ needs.load_vars.outputs.IMAGE_NAME}} \
IMAGE_REPO=${{ needs.load_vars.outputs.IMAGE_REPO}} \
IMAGE_TAG=${{ matrix.version }} \
VERSION=${{ matrix.version }} \
VARIANT=${{ needs.load_vars.outputs.VARIANT }} \
FLATPAK_REMOTE_REFS_DIR=${{ needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR }} \
SECURE_BOOT_KEY_URL=${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} \
ENROLLMENT_PASSWORD=${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }}
kill $QEMU_PID
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }} (${{ matrix.version }})
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}

117
.github/workflows/test_iso.yml vendored Normal file
View file

@ -0,0 +1,117 @@
on:
workflow_call:
inputs:
pr:
required: false
type: string
parent_job_name:
required: true
type: string
iso_name-38:
required: true
type: string
iso_name-39:
required: true
type: string
iso_name-40:
required: true
type: string
jobs:
load_vars:
name: Load Variables
uses: ./.github/workflows/build_vars.yml
test-iso:
name: Test ISO
env:
JOB_NAME: Test ISO
runs-on: ubuntu-latest
needs:
- load_vars
permissions:
contents: read
statuses: write
continue-on-error: false
strategy:
fail-fast: false
matrix:
version:
- 38
- 39
- 40
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Switch branch
if: inputs.pr
env:
GITHUB_USER: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
run: |
sudo apt-get update
sudo apt-get install -y hub
hub pr checkout ${{ inputs.pr }}
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Get Current Job Log URL
if: inputs.pr && always()
uses: Tiryoh/gha-jobid-action@v1
id: jobs
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}"
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: pending
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
- name: Install test tools
run: |
sudo apt-get update
sudo apt-get install -y make
sudo make install-test-deps PACKAGE_MANAGER=apt-get
- name: Download generated ISO
uses: actions/download-artifact@v4
with:
name: ${{ inputs[format('iso_name-{0}', matrix.version)] }}
- name: Verify ISO
run: |
checkisomd5 ${{ inputs[format('iso_name-{0}', matrix.version)] }}
sha256sum -c ${{ inputs[format('iso_name-{0}', matrix.version)] }}-CHECKSUM
- name: Run ISO checks
run: |
mv ${{ inputs[format('iso_name-{0}', matrix.version)] }} deploy.iso
make test-iso \
ARCH=${{ needs.load_vars.outputs.ARCH}} \
IMAGE_NAME=${{ needs.load_vars.outputs.IMAGE_NAME}} \
IMAGE_REPO=${{ needs.load_vars.outputs.IMAGE_REPO}} \
IMAGE_TAG=${{ matrix.version }} \
VERSION=${{ matrix.version }} \
VARIANT=${{ needs.load_vars.outputs.VARIANT }} \
FLATPAK_REMOTE_REFS_DIR=${{ needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR }} \
SECURE_BOOT_KEY_URL=${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} \
ENROLLMENT_PASSWORD=${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }}
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}

65
.github/workflows/tests.yml vendored Normal file
View file

@ -0,0 +1,65 @@
name: Tests
on:
push:
branches:
- 'main'
tags:
- 'v*'
workflow_dispatch:
workflow_call:
inputs:
pr:
required: true
type: string
parent_job_name:
required: true
type: string
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
build_container:
name: Build Container
uses: ./.github/workflows/build_container.yml
with:
pr: ${{ inputs.pr }}
parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build Container
build_iso:
name: Build ISO
needs:
- build_container
uses: ./.github/workflows/build_iso.yml
with:
pr: ${{ inputs.pr }}
parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build ISO
test_iso:
name: Test ISO
needs:
- build_iso
uses: ./.github/workflows/test_iso.yml
with:
pr: ${{ inputs.pr }}
parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test ISO
iso_name-38: ${{ needs.build_iso.outputs.iso_name-38 }}
iso_name-39: ${{ needs.build_iso.outputs.iso_name-39 }}
iso_name-40: ${{ needs.build_iso.outputs.iso_name-40 }}
test_deployment:
name: Test Deployment
needs:
- build_iso
uses: ./.github/workflows/test_deployment.yml
with:
pr: ${{ inputs.pr }}
parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test Deployment
iso_name-38: ${{ needs.build_iso.outputs.iso_name-38 }}
iso_name-39: ${{ needs.build_iso.outputs.iso_name-39 }}
iso_name-40: ${{ needs.build_iso.outputs.iso_name-40 }}

11
action.yml
View file

@ -136,14 +136,13 @@ runs:
ACTION_REF: ${{ github.action_ref }}
shell: bash
run: |
image="ghcr.io/jasonn3/build-container-installer"
# Check if running inside of the action repo
if [[ -z "${ACTION_REPO}" || "${ACTION_REPO}" == "${{ github.repository }}" ]]
image=$(echo "ghcr.io/${{ github.repository }}" | tr [:upper:] [:lower:])
# Check if running inside01 of the action repo
if [[ -z "${ACTION_REPO}" ]]
then
if [[ "${{ github.ref_name }}" =~ (.*)/merge ]]
if [[ -n "${{ github.event.issue.number }}" ]]
then
tag="pr-${BASH_REMATCH[1]}"
image="docker.io/jasonn3/build-container-installer"
tag="pr-${{ github.event.issue.number }}"
else
tag="${{ github.ref_name }}"
fi