build separate ubi container

.github/workflows/bot_commands.yml

@@ -55,6 +55,9 @@ jobs:
     with:
       pr: ${{ github.event.issue.number }}
       parent_job_name: Run Build Container
+    secrets:
+      RH_REPO: ${{ secrets.RH_REPO }}
+      RH_ENT: ${{ secrets.RH_ENT }}
 
   run_build_iso:
     name: Run Build Container

.github/workflows/build_container.yml

@@ -7,6 +7,12 @@ on:
       parent_job_name:
         required: true
         type: string
+    secrets:
+      RH_REPO: 
+        required: true
+      RH_ENT:
+        required: true
+    
     
 
 jobs:
@@ -23,7 +29,19 @@ jobs:
       contents: read
       packages: write
       statuses: write
-
+    continue-on-error: false
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - registry.fedoraproject.org/fedora
+          - registry.access.redhat.com/ubi8/ubi
+        include:
+          - os: registry.fedoraproject.org/fedora
+            tag: 39
+          - os: registry.access.redhat.com/ubi8/ubi
+            tag: latest
+            append: ubi
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -67,7 +85,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ghcr.io/${{ github.repository }}
+            ghcr.io/${{ github.repository }}${{ matrix.append && format('-{0}', matrix.append) }}
           tags: |
             type=ref,event=branch
             type=ref,event=pr
@@ -80,10 +98,19 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ghcr.io/${{ github.repository }}
+            ghcr.io/${{ github.repository }}${{ matrix.append && format('-{0}', matrix.append) }}
           tags: |
             pr-${{ inputs.pr }}
 
+      - name: Get UBI Subs
+        if: matrix.append == 'ubi'
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ secrets.RH_REPO }}
+          ssh-key: ${{ secrets.RH_ENT }}
+          persist-credentials: false
+          path: ubi
+
       - name: Buildah Build
         id: build-image
         uses: redhat-actions/buildah-build@v2
@@ -91,6 +118,11 @@ jobs:
           containerfiles: Containerfile
           tags: ${{ steps.meta.outputs.tags || steps.meta_pr.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }}
+          build-args: |
+            BASE_IMAGE=${{ matrix.os }}
+            IMAGE_VERSION=${{ matrix.tag }}
+          extra-args: |
+            ${{ matrix.append == 'ubi' && format('--volume={0}/ubi:/run/secrets', github.workspace) || ''}}
 
       - name: Push image
         uses: redhat-actions/push-to-registry@v2

.github/workflows/tests.yml

@@ -35,6 +35,9 @@ jobs:
     with:
       pr: ${{ inputs.pr }}
       parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build Container
+    secrets:
+      RH_REPO: ${{ secrets.RH_REPO }}
+      RH_ENT: ${{ secrets.RH_ENT }}
   
   build_iso:
     name: Build ISO

Containerfile

@@ -1,4 +1,6 @@
-FROM registry.fedoraproject.org/fedora:39
+ARG BASE_IMAGE
+ARG IMAGE_VERSION
+FROM ${BASE_IMAGE}:${IMAGE_VERSION}
 
 ARG VERSION=39
 

action.yml

@@ -140,7 +140,7 @@ runs:
       shell: bash
       run: |
         image=$(echo "ghcr.io/${ACTION_REPO}" | tr [:upper:] [:lower:])
-        # Check if running inside01 of the action repo
+        # Check if running inside of the action repo
         if [[ -z "${ACTION_REPO}" ]]
         then
           image=$(echo "ghcr.io/${{ github.repository }}" | tr [:upper:] [:lower:])
@@ -183,6 +183,11 @@ runs:
         then
           volumes="--volume ${{ inputs.secrets_dir }}:/run/secrets"
         fi
+        # RHEL
+        if [[ ${{ inputs.version }} -lt 30 ]]
+        then
+          image=${image}-ubi
+        fi
         docker run --privileged ${volumes} --volume ${{ github.workspace }}:/github/workspace/ ${cache} ${image}:${tag} \
           ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \
           ARCH="${{ inputs.arch }}" \