actions/build-container-installer
1
0
Fork 0
mirror of https://github.com/JasonN3/build-container-installer.git synced 2025-12-25 10:57:55 +01:00
Code Releases Activity

Merge branch 'main' into cache

Browse source
This commit is contained in:
Jason N 2024-03-11 10:01:24 -04:00 committed by GitHub
commit dc34e7f4b3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 310 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

75
.github/workflows/build-and-test.yml vendored
View file

@ -15,10 +15,10 @@ env:
IMAGE_REPO: 'quay.io/fedora-ostree-desktops' IMAGE_REPO: 'quay.io/fedora-ostree-desktops'
IMAGE_TAG: '39' IMAGE_TAG: '39'
VARIANT: 'Server' VARIANT: 'Server'
FLATPAK_REMOTE_REFS: app/org.videolan.VLC/x86_64/stable runtime/org.kde.Platform/x86_64/5.15-23.08
SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
ENROLLMENT_PASSWORD: 'container-installer' ENROLLMENT_PASSWORD: 'container-installer'
jobs: jobs:
build-container: build-container:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -28,6 +28,8 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
submodules: recursive
- name: Docker meta - name: Docker meta
id: meta id: meta
@ -47,7 +49,7 @@ jobs:
with: with:
containerfiles: Containerfile containerfiles: Containerfile
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
- name: Push image - name: Push image
uses: redhat-actions/push-to-registry@v2 uses: redhat-actions/push-to-registry@v2
with: with:
@ -56,7 +58,6 @@ jobs:
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ github.token }} password: ${{ github.token }}
build-and-push-iso: build-and-push-iso:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
@ -64,11 +65,16 @@ jobs:
permissions: permissions:
contents: read contents: read
packages: write packages: write
continue-on-error: false
strategy: strategy:
fail-fast: false
matrix: matrix:
version: version:
- 38 - 38
- 39 - 39
outputs:
iso_name-38: ${{ steps.save_output.outputs.iso_name-38 }}
iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }}
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -89,6 +95,7 @@ jobs:
- name: Build ISO with new container - name: Build ISO with new container
uses: ./ uses: ./
id: build
with: with:
arch: ${{ env.ARCH}} arch: ${{ env.ARCH}}
image_name: ${{ env.IMAGE_NAME}} image_name: ${{ env.IMAGE_NAME}}
@ -96,19 +103,25 @@ jobs:
image_tag: ${{ env.IMAGE_TAG }} image_tag: ${{ env.IMAGE_TAG }}
version: ${{ matrix.version }} version: ${{ matrix.version }}
variant: ${{ env.VARIANT }} variant: ${{ env.VARIANT }}
flatpak_remote_refs: ${{ env.FLATPAK_REMOTE_REFS }}
secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }} secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }}
enrollment_password: ${{ env.ENROLLMENT_PASSWORD }} enrollment_password: ${{ env.ENROLLMENT_PASSWORD }}
iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
- name: Rename ISO - name: Save output
id: save_output
shell: bash
run: | run: |
mv build/deploy.iso build/${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso echo "iso_name-${{ matrix.version }}=${{ steps.build.outputs.iso_name}}" >> $GITHUB_OUTPUT
- name: Upload ISO as artifact - name: Upload ISO as artifact
id: upload id: upload
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso name: ${{ steps.build.outputs.iso_name }}
path: build/*.iso path: |
${{ steps.build.outputs.iso_path }}
${{ steps.build.outputs.iso_path }}-CHECKSUM
if-no-files-found: error if-no-files-found: error
retention-days: 0 retention-days: 0
compression-level: 0 compression-level: 0
@ -121,7 +134,9 @@ jobs:
permissions: permissions:
contents: read contents: read
packages: write packages: write
continue-on-error: false
strategy: strategy:
fail-fast: false
matrix: matrix:
version: version:
- 38 - 38
@ -129,11 +144,13 @@ jobs:
steps: steps:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
submodules: recursive
- name: Ensure qemu is installed - name: Ensure qemu is installed
run: | run: |
sudo apt-get update sudo apt-get update
sudo apt-get install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make sudo apt-get install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make coreutils
- name: Create disk - name: Create disk
run: | run: |
@ -142,15 +159,17 @@ jobs:
- name: Download generated ISO - name: Download generated ISO
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso name: ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}
- name: Verify ISO - name: Verify ISO
run: checkisomd5 ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso run: |
checkisomd5 ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}
sha256sum -c ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}-CHECKSUM
- name: Run ISO checks - name: Run ISO checks
run: | run: |
mv ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso deploy.iso mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso
make test-iso VERSION=${{ matrix.version }} make test-iso VERSION=${{ matrix.version }} FLATPAK_REMOTE_REFS="${{ env.FLATPAK_REMOTE_REFS}}"
- name: Add Kickstart and Grub options to ISO - name: Add Kickstart and Grub options to ISO
run: | run: |
@ -194,11 +213,15 @@ jobs:
env: env:
VM_USER: core VM_USER: core
VM_PASS: foobar VM_PASS: foobar
VM_IP: "127.0.0.1"
VM_PORT: "5555"
run: | run: |
mkfifo vm.stdin mkfifo vm.stdin
qemu-system-x86_64 -name "Anaconda" \ qemu-system-x86_64 -name "Anaconda" \
-m 4096 -cpu qemu64 -display none -smp 2 \ -m 4096 -cpu qemu64 -display none -smp 2 \
-chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 \ -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 \
-device e1000,netdev=net0 \
-netdev user,id=net0,hostfwd=tcp::${VM_PORT}-:22 \
-device virtio-serial \ -device virtio-serial \
-device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \ -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \
-boot c -hda disk.qcow2 -serial telnet:localhost:4321,server,nowait & export QEMU_PID=$! -boot c -hda disk.qcow2 -serial telnet:localhost:4321,server,nowait & export QEMU_PID=$!
@ -209,19 +232,23 @@ jobs:
timeout 30m bash -c "while ! (grep 'login:' vm.stdout); do sleep 1; done" timeout 30m bash -c "while ! (grep 'login:' vm.stdout); do sleep 1; done"
export VM_IP=$({ echo '{"execute": "guest-network-get-interfaces"}'; sleep 2; } | socat unix-connect:/tmp/qga.sock - | jq -r '.return[1]["ip-addresses"][] | select(."ip-address-type"=="ipv4") | .["ip-address"]') if ! (echo > /dev/tcp/${VM_IP}/${VM_PORT})
if ! (echo > /dev/tcp/${VM_IP}/22)
then then
echo "SSH must be installed and enabled inside the container" echo "SSH must be installed and enabled inside the container"
fi fi
echo "VM ready for tests at IP ${VM_IP}" echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}"
for check in $(ls tests/vm) echo "Creating Ansible inventory"
do cat << EOF > ansible_inventory
if [[ -f $check && $check != "README.md" ]] ungrouped:
then hosts:
chmod +x $check vm:
./${check} ansible_host: ${VM_IP}
fi ansible_port: ${VM_PORT}
done ansible_user: ${VM_USER}
ansible_password: ${VM_PASS}
ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
EOF
#make test-vm
kill $QEMU_PID

4
.gitmodules vendored Normal file
View file

@ -0,0 +1,4 @@
[submodule "external/fedora-lorax-templates"]
path = external/fedora-lorax-templates
url = https://pagure.io/fedora-lorax-templates.git
branch = f39

1
Containerfile
View file

@ -11,6 +11,7 @@ ENV VERSION="${VERSION}"
ENV WEB_UI="false" ENV WEB_UI="false"
RUN mkdir /build-container-installer RUN mkdir /build-container-installer
COPY / /build-container-installer/ COPY / /build-container-installer/
WORKDIR /build-container-installer WORKDIR /build-container-installer

50
Makefile
View file

@ -8,6 +8,10 @@ IMAGE_TAG = $(VERSION)
VARIANT = Server VARIANT = Server
WEB_UI = false WEB_UI = false
REPOS = $(subst :,\:,$(shell ls /etc/yum.repos.d/*.repo)) REPOS = $(subst :,\:,$(shell ls /etc/yum.repos.d/*.repo))
ADDITIONAL_TEMPLATES =
FLATPAK_REMOTE_NAME = flathub
FLATPAK_REMOTE_URL = https://flathub.org/repo/flathub.flatpakrepo
FLATPAK_REMOTE_REFS =
ENROLLMENT_PASSWORD = ENROLLMENT_PASSWORD =
SECURE_BOOT_KEY_URL = SECURE_BOOT_KEY_URL =
ADDITIONAL_TEMPLATES = ADDITIONAL_TEMPLATES =
@ -23,10 +27,14 @@ _IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED))
_VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) _VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG)
_REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) _REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS))
_ALL_LORAX_TEMPLATES = $(subst .in,,$(shell ls lorax_templates/*.tmpl.in)) $(foreach file,$(shell ls lorax_templates/scripts/post),lorax_templates/post_$(file).tmpl) _ALL_LORAX_TEMPLATES = $(subst .in,,$(shell ls lorax_templates/*.tmpl.in)) $(foreach file,$(shell ls lorax_templates/scripts/post),lorax_templates/post_$(file).tmpl)
_EXTERNAL_TEMPLATES = fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl
_EXCLUDED_TEMPLATES = lorax_templates/copy_dnf_cache.tmpl _EXCLUDED_TEMPLATES = lorax_templates/copy_dnf_cache.tmpl
_LORAX_TEMPLATES = $(filter-out $(_EXCLUDED_TEMPLATES),$(_ALL_LORAX_TEMPLATES)) _LORAX_TEMPLATES = $(filter-out $(_EXCLUDED_TEMPLATES),$(_ALL_LORAX_TEMPLATES))
_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED ENROLLMENT_PASSWORD
_LORAX_ARGS = _LORAX_ARGS =
_FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2)
_FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2)
_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED FLATPAK_REMOTE_NAME FLATPAK_REMOTE_URL FLATPAK_REMOTE_REFS _FLATPAK_REPO_URL _FLATPAK_REPO_GPG ENROLLMENT_PASSWORD
ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo)
_LORAX_ARGS += --nomacboot --noupgrade _LORAX_ARGS += --nomacboot --noupgrade
@ -51,8 +59,11 @@ else
_PLATFORM_ID = platform:f$(VERSION) _PLATFORM_ID = platform:f$(VERSION)
endif endif
ifneq ($(FLATPAK_REMOTE_REFS),)
_LORAX_ARGS += -i flatpak-libs
endif
# Step 7: Buid end ISO # Step 7: Build end ISO
## Default action ## Default action
build/deploy.iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt build/deploy.iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt
mkdir $(_BASE_DIR)/build || true mkdir $(_BASE_DIR)/build || true
@ -102,7 +113,6 @@ lorax_templates/post_%.tmpl: lorax_templates/scripts/post/%
do \ do \
if [[ $$line =~ ^\<\% ]]; \ if [[ $$line =~ ^\<\% ]]; \
then \ then \
echo $$line >> lorax_templates/post_$*.tmpl; \
echo >> lorax_templates/post_$*.tmpl; \ echo >> lorax_templates/post_$*.tmpl; \
else \ else \
if [[ $$header == 0 ]]; \ if [[ $$header == 0 ]]; \
@ -160,6 +170,8 @@ boot.iso: $(_LORAX_TEMPLATES) $(_REPO_FILES)
$(foreach file,$(_REPO_FILES),--repo $(_BASE_DIR)/$(file)) \ $(foreach file,$(_REPO_FILES),--repo $(_BASE_DIR)/$(file)) \
$(foreach file,$(_LORAX_TEMPLATES),--add-template $(_BASE_DIR)/$(file)) \ $(foreach file,$(_LORAX_TEMPLATES),--add-template $(_BASE_DIR)/$(file)) \
$(foreach file,$(ADDITIONAL_TEMPLATES),--add-template $(file)) \ $(foreach file,$(ADDITIONAL_TEMPLATES),--add-template $(file)) \
$(foreach file,$(_FLATPAK_TEMPLATES),--add-template $(file)) \
$(foreach file,$(_EXTERNAL_TEMPLATES),--add-template $(_BASE_DIR)/external/$(file)) \
--rootfs-size $(ROOTFS_SIZE) \ --rootfs-size $(ROOTFS_SIZE) \
$(foreach var,$(_TEMPLATE_VARS),--add-template-var "$(shell echo $(var) | tr '[:upper:]' '[:lower:]')=$($(var))") \ $(foreach var,$(_TEMPLATE_VARS),--add-template-var "$(shell echo $(var) | tr '[:upper:]' '[:lower:]')=$($(var))") \
$(_BASE_DIR)/results/ $(_BASE_DIR)/results/
@ -200,12 +212,34 @@ clean:
rm -f $(_BASE_DIR)/*.log || true rm -f $(_BASE_DIR)/*.log || true
install-deps: install-deps:
dnf install -y lorax xorriso skopeo dnf install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils
test: test-iso test-vm
test-iso: test-iso:
$(eval _TESTS = $(filter-out README.md,$(shell ls tests/iso))) $(eval _TESTS = $(filter-out README.md,$(shell ls tests/iso)))
$(foreach test,$(_TESTS),chmod +x tests/iso/$(test)) $(eval _VARS = VERSION FLATPAK_REMOTE_NAME _FLATPAK_REPO_URL)
$(foreach test,$(_TESTS),./tests/iso/$(test) deploy.iso)
.PHONY: clean install-deps test-iso container/$(IMAGE_NAME)-$(IMAGE_TAG)
sudo apt-get update
sudo apt-get install -y squashfs-tools
sudo modprobe loop
sudo mkdir /mnt/iso /mnt/install
sudo mount -o loop deploy.iso /mnt/iso
sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install
chmod +x $(foreach test,$(_TESTS),tests/iso/$(test))
for test in $(_TESTS); \
do \
$(foreach var,$(_VARS),$(var)=$($(var))) ./tests/iso/$${test}; \
done
# Cleanup
sudo umount /mnt/install
sudo umount /mnt/iso
test-vm:
$(eval _TESTS = $(filter-out README.md,$(shell ls tests/vm)))
chmod +x $(foreach test,$(_TESTS),tests/vm/$(test))
for test in $(_TESTS); do ./tests/vm/$${test} deploy.iso; done
.PHONY: clean install-deps test test-iso test-vm container/$(IMAGE_NAME)-$(IMAGE_TAG)

66
README.md
View file

@ -1,4 +1,4 @@
![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/build-and-test.yml/badge.svg??event=push) ![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/build-and-test.yml/badge.svg?event=push)
# Build Container Installer Action # Build Container Installer Action
This action is used to enerate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer` This action is used to enerate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer`
@ -8,12 +8,28 @@ This action is designed to be called from a GitHub workflow using the following
```yaml ```yaml
- name: Build ISO - name: Build ISO
uses: jasonn3/build-container-installer/v1.0.0 uses: jasonn3/build-container-installer/v1.0.0
id: build
with: with:
arch: ${{ env.ARCH}} arch: ${{ env.ARCH}}
image_name: ${{ env.IMAGE_NAME}} image_name: ${{ env.IMAGE_NAME}}
image_repo: ${{ env.IMAGE_REPO}} image_repo: ${{ env.IMAGE_REPO}}
image_tag: ${{ env.IMAGE_TAG }}
version: ${{ env.VERSION }} version: ${{ env.VERSION }}
variant: ${{ env.VARIANT }} variant: ${{ env.VARIANT }}
iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ env.VERSION }}.iso
# This example is for uploading your ISO as a Github artifact. You can do something similar using any cloud storage, so long as you copy the output
- name: Upload ISO as artifact
id: upload
uses: actions/upload-artifact@v4
with:
name: ${{ steps.build.outputs.iso_name }}
path: |
${{ steps.build.outputs.iso_path }}
${{ steps.build.outputs.iso_path }}-CHECKSUM
if-no-files-found: error
retention-days: 0
compression-level: 0
``` ```
See [Customizing](#customizing) for information about customizing the ISO that gets created using `with` See [Customizing](#customizing) for information about customizing the ISO that gets created using `with`
@ -21,46 +37,61 @@ See [Customizing](#customizing) for information about customizing the ISO that g
## Customizing ## Customizing
The following variables can be used to customize the created ISO. The following variables can be used to customize the created ISO.
| Variable | Description | Default Value | ### Inputs
| ----------------- | -------------------------------------------------------- | ------------------------------ | | Variable | Description | Default Value |
| ARCH | Architecture for image to build | x86_64 | | -------------------- | ---------------------------------------------------------------------------- | ------------------------------ |
| VERSION | Fedora version of installer to build | 39 | | additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] |
| IMAGE_REPO | Repository containing the source container image | quay.io/fedora-ostree-desktops | | arch | Architecture for image to build | x86_64 |
| IMAGE_NAME | Name of the source container image | base | | enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer |
| IMAGE_TAG | Tag of the source container image | *VERSION* | | extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] |
| EXTRA_BOOT_PARAMS | Extra params used by grub to boot the anaconda installer | \[empty\] | | image_name | Name of the source container image | base |
| VARIANT | Source container variant\* | Server | | image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops |
| WEB_UI | Enable Anaconda WebUI (experimental) | false | | image_tag | Tag of the source container image | *VERSION* |
| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso |
| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] |
| variant | Source container variant\* | Server |
| version | Fedora version of installer to build | 39 |
| web_ui | Enable Anaconda WebUI (experimental) | false |
Available options for VARIANT can be found by running `dnf provides system-release`. \*Available options for VARIANT can be found by running `dnf provides system-release`.
Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite
\*\* If you need to reference a local file, you can use `file://*path*`
### Outputs
| Variable | Description | Usage |
| -------- | ----------------------------------------| ------------------------------------------------ |
| iso_name | The name of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} |
| iso_path | The name and path of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} |
For outputs, see example above.
## Development ## Development
### Makefile ### Makefile
The Makefile contains all of the commands that are run in the action. There are separate targets for each file generated, however `make` can be used to generate the final image and `make clean` can be used to clean up the workspace. The resulting ISO will be stored in the `build` directory. The Makefile contains all of the commands that are run in the action. There are separate targets for each file generated, however `make` can be used to generate the final image and `make clean` can be used to clean up the workspace. The resulting ISO will be stored in the `build` directory.
`make install-deps` can be used to install the necessary packages `make install-deps` can be used to install the necessary packages
See [Customizing](#customizing) for information about customizing the ISO that gets created. See [Customizing](#customizing) for information about customizing the ISO that gets created. All variable should be specified CAPITALIZED.
### Container ### Container
A container with `make install-deps` already run is provided at `ghcr.io/jasonn3/build-container-installer:latest` A container with `make install-deps` already run is provided at `ghcr.io/jasonn3/build-container-installer:latest`
To use the container file, run `docker run --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest`. To use the container file, run `docker run --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest`.
This will create an ISO with the baked in defaults of the container image. This will create an ISO with the baked in defaults of the container image. The resulting file will be called `deploy.iso`
See [Customizing](#customizing) for information about customizing the ISO that gets created. The variable can either be defined as environment variables. See [Customizing](#customizing) for information about customizing the ISO that gets created. The variable can either be defined as environment variables. All variable should be specified CAPITALIZED.
Examples: Examples:
Building an ISO to install Fedora 38 Building an ISO to install Fedora 38
```bash ```bash
docker run --rm --privileged --volume .:/build-container-installer/build -e VERSION=38 -e IMAGE_NAME=base -e IMAGE_TAG=38 -e VARIANT=Server ghcr.io/jasonn3/build-container-installer:latest docker run --rm --privileged --volume .:/github/workspace/build ghcr.io/jasonn3/build-container-installer:latest VERSION=38 IMAGE_NAME=base IMAGE_TAG=38 VARIANT=Server
``` ```
Building an ISO to install Fedora 39 Building an ISO to install Fedora 39
```bash ```bash
docker run --rm --privileged --volume .:/build-container-installer/build -e VERSION=39 -e IMAGE_NAME=base -e IMAGE_TAG=39 -e VARIANT=Server ghcr.io/jasonn3/build-container-installer:latest docker run --rm --privileged --volume .:/github/workspace/build ghcr.io/jasonn3/build-container-installer:latest VERSION=39 IMAGE_NAME=base IMAGE_TAG=39 VARIANT=Server
``` ```
### VSCode Dev Container ### VSCode Dev Container
@ -105,4 +136,3 @@ Build a new container image:
"privileged": true "privileged": true
} }
``` ```

128
action.yml
View file

@ -2,10 +2,47 @@ name: Build Container Installer
description: Generates an ISO for installing an OSTree stored in a container image description: Generates an ISO for installing an OSTree stored in a container image
inputs: inputs:
action_version:
description: Version of the action container to run
deprecationMessage: No longer used. github.action_ref replaces the need for this. Will be removed in a future version.
required: false
additional_templates:
description: Space delimited list of additional Lorax templates to include
required: false
arch: arch:
description: Architecture for image to build description: Architecture for image to build
required: true required: true
default: x86_64 default: x86_64
dnf_cache_key:
description: Overrides the dnf cache key
required: false
enable_cache_dnf:
description: Whether to enable caching for dnf
required: false
default: "true"
enable_cache_skopeo:
description: Whether to enable caching for skopeo
required: false
default: "true"
enrollment_password:
description: Used for supporting secure boot (requires secure_boot_key_url to be defined)
required: false
default: "container-installer"
extra_boot_params:
description: Extra params used by grub to boot the anaconda installer
required: false
flatpak_remote_name:
description: Name of the Flatpak remote repo
required: false
default: "flathub"
flatpak_remote_refs:
description: Space delimited list of refs to the flatpak packages to install
required: false
default: ""
flatpak_remote_url:
description: The URL of the Flatpak remote flatpakrepo file
required: false
default: https://flathub.org/repo/flathub.flatpakrepo
image_name: image_name:
description: Name of the source container image description: Name of the source container image
required: true required: true
@ -14,6 +51,19 @@ inputs:
description: Repository containing the source container image description: Repository containing the source container image
required: true required: true
default: quay.io/fedora-ostree-desktops default: quay.io/fedora-ostree-desktops
image_tag:
description: Tag of the source container image. Defaults to the installer version
required: false
iso_name:
description: "Name of the resulting ISO. Relative paths are relative to github.workspace"
required: false
default: build/deploy.iso
secure_boot_key_url:
description: Secure boot key that is installed from URL location
required: false
skopeo_cache_key:
description: Overrides the skopeo cache key
required: false
variant: variant:
description: "Source container variant. Available options can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinonite" description: "Source container variant. Available options can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinonite"
required: true required: true
@ -22,41 +72,18 @@ inputs:
description: Fedora version of installer to build description: Fedora version of installer to build
required: true required: true
default: "39" default: "39"
image_tag:
description: Tag of the source container image. Defaults to the installer version
required: false
web_ui: web_ui:
description: Enable Anaconda WebUI description: Enable Anaconda WebUI
required: false required: false
default: "false" default: "false"
enrollment_password:
description: Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) outputs:
required: false iso_name:
default: "container-installer" value: ${{ steps.rename_iso.outputs.iso_name }}
secure_boot_key_url: description: The name of the resulting .iso
description: Secure boot key that is installed from URL location iso_path:
required: false value: ${{ steps.rename_iso.outputs.iso_path }}
action_version: description: The name and path of the resulting .iso
description: Version of the action container to run
deprecationMessage: No longer used. github.action_ref replaces the need for this. Will be removed in a future version.
required: false
enable_cache_dnf:
description: Whether to enable caching for dnf
required: false
default: "true"
dnf_cache_key:
description: Overrides the dnf cache key
required: false
enable_cache_skopeo:
description: Whether to enable caching for skopeo
required: false
default: "true"
skopeo_cache_key:
description: Overrides the skopeo cache key
required: false
additional_templates:
description: Space delimetered list of additional Lorax templates to include
required: false
runs: runs:
using: composite using: composite
@ -104,17 +131,20 @@ runs:
if [[ "${{ inputs.enable_cache_skopeo }}" == "true" ]]; then cache="${cache} -v /cache/skopeo:/cache/skopeo"; fi if [[ "${{ inputs.enable_cache_skopeo }}" == "true" ]]; then cache="${cache} -v /cache/skopeo:/cache/skopeo"; fi
if [[ "${{ steps.load_dnf_cache.outputs.cache-hit}}" == "false" ]]; then cache="${cache} -v /cache/dnf_new:/cache/dnf_new"; fi if [[ "${{ steps.load_dnf_cache.outputs.cache-hit}}" == "false" ]]; then cache="${cache} -v /cache/dnf_new:/cache/dnf_new"; fi
docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ghcr.io/jasonn3/build-container-installer:${tag} \ docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ghcr.io/jasonn3/build-container-installer:${tag} \
ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \
ARCH=${{ inputs.arch }} \ ARCH=${{ inputs.arch }} \
DNF_CACHE=/cache/dnf \
ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \
FLATPAK_REMOTE_NAME=${{ inputs.flatpak_remote_name }} \
FLATPAK_REMOTE_REFS="${{ inputs.flatpak_remote_refs }}" \
FLATPAK_REMOTE_URL=${{ inputs.flatpak_remote_url }} \
IMAGE_NAME=${{ inputs.image_name }} \ IMAGE_NAME=${{ inputs.image_name }} \
IMAGE_REPO=${{ inputs.image_repo }} \ IMAGE_REPO=${{ inputs.image_repo }} \
IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \
SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }} \
VARIANT=${{ inputs.variant }} \ VARIANT=${{ inputs.variant }} \
VERSION=${{ inputs.version }} \ VERSION=${{ inputs.version }} \
IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \ WEB_UI=${{ inputs.web_ui }}
WEB_UI=${{ inputs.web_ui }} \
ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \
SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }} \
"ADDITIONAL_TEMPLATES=${{ inputs.additional_templates }}" \
DNF_CACHE=/cache/dnf
- name: Save dnf cache - name: Save dnf cache
env: env:
@ -133,3 +163,27 @@ runs:
with: with:
path: /cache/skopeo path: /cache/skopeo
key: ${{ inputs.skopeo_cache_key || env.skopeo_cache_key }} key: ${{ inputs.skopeo_cache_key || env.skopeo_cache_key }}
- name: Rename ISO file
id: rename_iso
shell: bash
run: |
if [[ ! ( "${{ inputs.iso_name }}" =~ \.iso$ ) ]]
then
iso_name="${{ inputs.iso_name }}.iso"
else
iso_name="${{ inputs.iso_name }}"
fi
if [[ "${{ inputs.iso_name }}" =~ ^/ ]]
then
full_path="${iso_name}"
else
full_path="${{ github.workspace }}/${iso_name}"
fi
mv ${{ github.workspace }}/build/deploy.iso ${full_path} || true
cd $(dirname ${full_path})
iso_fn=$(basename ${iso_name})
sha256sum ${iso_fn} > ${iso_fn}-CHECKSUM
echo "iso_path=${full_path}" >> $GITHUB_OUTPUT
echo "iso_name=${iso_fn}" >> $GITHUB_OUTPUT

18
entrypoint.sh
View file

@ -2,9 +2,14 @@
set -ex set -ex
for entry in $@ # Create /dev/loop0 if it doesn't already exist. `losetup` has an issue creating it during the first run
mknod -m 0660 /dev/loop0 b 7 0 2>/dev/null || true
for i
do do
export $entry key=$(echo ${i} | cut -d= -f1)
value=$(echo ${i} | cut -d= -f2-)
export ${key}="${value}"
done done
if [[ -d /cache/skopeo ]] if [[ -d /cache/skopeo ]]
@ -18,18 +23,17 @@ then
fi fi
# Pull container # Pull container
make container/${IMAGE_NAME}-${IMAGE_TAG} $@ make container/${IMAGE_NAME}-${IMAGE_TAG} "$@"
# Build base ISO # Build base ISO
make boot.iso DNF_CACHE=/cache/dnf $@ make boot.iso "$@"
# Add container to ISO # Add container to ISO
make build/deploy.iso $@ make build/deploy.iso "$@"
# Make output dir in github workspace # Make output dir in github workspace
mkdir /github/workspace/build || true mkdir /github/workspace/build || true
# Copy resulting iso to github workspace and fix permissions # Copy resulting iso to github workspace and fix permissions
cp build/deploy.iso /github/workspace/build cp build/deploy.iso /github/workspace/build
chmod -R ugo=rwX /github/workspace/build chmod -R ugo=rwx /github/workspace/build

11
lorax_templates/scripts/post/configure_flatpak Normal file
View file

@ -0,0 +1,11 @@
<%page args="_flatpak_repo_gpg"/>
if [[ -d /ostree/deploy/default/var/lib/flatpak/repo ]]
then
echo ${_flatpak_repo_gpg} | base64 -d > /ostree/deploy/default/var/lib/flatpak/repo/flathub.trustedkeys.gpg
elif [[ -d /var/lib/flatpak/repo ]]
then
echo ${_flatpak_repo_gpg} | base64 -d > /var/lib/flatpak/repo/flathub.trustedkeys.gpg
else
echo "Could not find Flatpaks repo"
fi

4
lorax_templates/set_flatpak_repo.tmpl.in Normal file
View file

@ -0,0 +1,4 @@
<%page args="flatpak_remote_name, _flatpak_repo_url"/>
replace "flatpak_manager\.add_remote\(\".*\", \".*\"\)" "flatpak_manager.add_remote(\"${flatpak_remote_name}\", \"${_flatpak_repo_url}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py
replace "flatpak_manager\.replace_installed_refs_remote\(\".*\"\)" "flatpak_manager.replace_installed_refs_remote(\"${flatpak_remote_name}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py

17
tests/iso/os-release.sh
View file

@ -1,24 +1,7 @@
#!/bin/bash #!/bin/bash
iso=$1
sudo apt-get update
sudo apt-get install -y squashfs-tools
sudo mkdir /mnt/{iso,install}
# Mount ISO
sudo mount -o loop $iso /mnt/iso
# Mount squashfs
sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install
FOUND_VERSION=$(cat /mnt/install/etc/os-release | grep VERSION_ID | cut -d= -f2) FOUND_VERSION=$(cat /mnt/install/etc/os-release | grep VERSION_ID | cut -d= -f2)
# Cleanup
sudo umount /mnt/install
sudo umount /mnt/iso
if [[ ${FOUND_VERSION} != ${VERSION} ]] if [[ ${FOUND_VERSION} != ${VERSION} ]]
then then
echo "Version mismatch" echo "Version mismatch"

37
tests/iso/verify_flatpakrepo_updated.sh Normal file
View file

@ -0,0 +1,37 @@
#!/bin/bash
add_line=$(grep flatpak_manager.add_remote /mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py)
add_line_repo=$(echo ${add_line} | grep ${FLATPAK_REMOTE_NAME})
add_line_url=$(echo ${add_line} | grep ${_FLATPAK_REPO_URL})
result=0
if [ -z "${add_line_repo}" ]
then
echo "Repo name not updated on add_remote line"
result=1
else
echo "Repo name found on add_remote line"
fi
if [ -z "${add_line_url}" ]
then
echo "Repo url not updated on add_remote line"
result=1
else
echo "Repo url found on add_remote line"
fi
replace_line=$(grep flatpak_manager.replace_installed_refs_remote /mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py)
replace_line_repo=$(echo ${replace_line} | grep ${FLATPAK_REMOTE_NAME})
if [ -z "${replace_line_repo}" ]
then
echo "Repo name not updated on replace_installed_refs line"
result=1
else
echo "Repo name found on replace_installed_refs line"
fi
exit ${result}

10
tests/vm/flatpak.yml Normal file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env -S ansible-playbook -i ./ansible_inventory
---
- name: Test for flatpaks
hosts: vm
gather_facts: no
tasks:
- name: Test updating flatpak packages
ansible.builtin.command:
cmd: /usr/bin/flatpak update -y