actions/build-container-installer
1
0
Fork 0
mirror of https://github.com/JasonN3/build-container-installer.git synced 2025-12-25 10:57:55 +01:00
Code Releases Activity

Merge branch 'main' into cache

Browse source
This commit is contained in:
Jason N 2024-03-11 10:01:24 -04:00 committed by GitHub
commit dc34e7f4b3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 310 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

75
.github/workflows/build-and-test.yml vendored
View file

@ -15,10 +15,10 @@ env:
IMAGE_REPO: 'quay.io/fedora-ostree-desktops'
IMAGE_TAG: '39'
VARIANT: 'Server'
FLATPAK_REMOTE_REFS: app/org.videolan.VLC/x86_64/stable runtime/org.kde.Platform/x86_64/5.15-23.08
SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
ENROLLMENT_PASSWORD: 'container-installer'
jobs:
build-container:
runs-on: ubuntu-latest
@ -28,6 +28,8 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
submodules: recursive
- name: Docker meta
id: meta
@ -47,7 +49,7 @@ jobs:
with:
containerfiles: Containerfile
tags: ${{ steps.meta.outputs.tags }}
- name: Push image
uses: redhat-actions/push-to-registry@v2
with:
@ -56,7 +58,6 @@ jobs:
username: ${{ github.actor }}
password: ${{ github.token }}
build-and-push-iso:
runs-on: ubuntu-latest
needs:
@ -64,11 +65,16 @@ jobs:
permissions:
contents: read
packages: write
continue-on-error: false
strategy:
fail-fast: false
matrix:
version:
- 38
- 39
outputs:
iso_name-38: ${{ steps.save_output.outputs.iso_name-38 }}
iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }}
steps:
- name: Checkout repo
uses: actions/checkout@v4
@ -89,6 +95,7 @@ jobs:
- name: Build ISO with new container
uses: ./
id: build
with:
arch: ${{ env.ARCH}}
image_name: ${{ env.IMAGE_NAME}}
@ -96,19 +103,25 @@ jobs:
image_tag: ${{ env.IMAGE_TAG }}
version: ${{ matrix.version }}
variant: ${{ env.VARIANT }}
flatpak_remote_refs: ${{ env.FLATPAK_REMOTE_REFS }}
secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }}
enrollment_password: ${{ env.ENROLLMENT_PASSWORD }}
iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
- name: Rename ISO
- name: Save output
id: save_output
shell: bash
run: |
mv build/deploy.iso build/${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
echo "iso_name-${{ matrix.version }}=${{ steps.build.outputs.iso_name}}" >> $GITHUB_OUTPUT
- name: Upload ISO as artifact
id: upload
uses: actions/upload-artifact@v4
with:
name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
path: build/*.iso
name: ${{ steps.build.outputs.iso_name }}
path: |
${{ steps.build.outputs.iso_path }}
${{ steps.build.outputs.iso_path }}-CHECKSUM
if-no-files-found: error
retention-days: 0
compression-level: 0
@ -121,7 +134,9 @@ jobs:
permissions:
contents: read
packages: write
continue-on-error: false
strategy:
fail-fast: false
matrix:
version:
- 38
@ -129,11 +144,13 @@ jobs:
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
submodules: recursive
- name: Ensure qemu is installed
run: |
sudo apt-get update
sudo apt-get install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make
sudo apt-get install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make coreutils
- name: Create disk
run: |
@ -142,15 +159,17 @@ jobs:
- name: Download generated ISO
uses: actions/download-artifact@v4
with:
name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
name: ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}
- name: Verify ISO
run: checkisomd5 ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso
run: |
checkisomd5 ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}
sha256sum -c ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}-CHECKSUM
- name: Run ISO checks
run: |
mv ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso deploy.iso
make test-iso VERSION=${{ matrix.version }}
mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso
make test-iso VERSION=${{ matrix.version }} FLATPAK_REMOTE_REFS="${{ env.FLATPAK_REMOTE_REFS}}"
- name: Add Kickstart and Grub options to ISO
run: |
@ -194,11 +213,15 @@ jobs:
env:
VM_USER: core
VM_PASS: foobar
VM_IP: "127.0.0.1"
VM_PORT: "5555"
run: |
mkfifo vm.stdin
qemu-system-x86_64 -name "Anaconda" \
-m 4096 -cpu qemu64 -display none -smp 2 \
-chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 \
-device e1000,netdev=net0 \
-netdev user,id=net0,hostfwd=tcp::${VM_PORT}-:22 \
-device virtio-serial \
-device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \
-boot c -hda disk.qcow2 -serial telnet:localhost:4321,server,nowait & export QEMU_PID=$!
@ -209,19 +232,23 @@ jobs:
timeout 30m bash -c "while ! (grep 'login:' vm.stdout); do sleep 1; done"
export VM_IP=$({ echo '{"execute": "guest-network-get-interfaces"}'; sleep 2; } | socat unix-connect:/tmp/qga.sock - | jq -r '.return[1]["ip-addresses"][] | select(."ip-address-type"=="ipv4") | .["ip-address"]')
if ! (echo > /dev/tcp/${VM_IP}/22)
if ! (echo > /dev/tcp/${VM_IP}/${VM_PORT})
then
echo "SSH must be installed and enabled inside the container"
fi
echo "VM ready for tests at IP ${VM_IP}"
for check in $(ls tests/vm)
do
if [[ -f $check && $check != "README.md" ]]
then
chmod +x $check
./${check}
fi
done
echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}"
echo "Creating Ansible inventory"
cat << EOF > ansible_inventory
ungrouped:
hosts:
vm:
ansible_host: ${VM_IP}
ansible_port: ${VM_PORT}
ansible_user: ${VM_USER}
ansible_password: ${VM_PASS}
ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
EOF
#make test-vm
kill $QEMU_PID

4
.gitmodules vendored Normal file
View file

@ -0,0 +1,4 @@
[submodule "external/fedora-lorax-templates"]
path = external/fedora-lorax-templates
url = https://pagure.io/fedora-lorax-templates.git
branch = f39

1
Containerfile
View file

@ -11,6 +11,7 @@ ENV VERSION="${VERSION}"
ENV WEB_UI="false"
RUN mkdir /build-container-installer
COPY / /build-container-installer/
WORKDIR /build-container-installer

50
Makefile
View file

@ -8,6 +8,10 @@ IMAGE_TAG = $(VERSION)
VARIANT = Server
WEB_UI = false
REPOS = $(subst :,\:,$(shell ls /etc/yum.repos.d/*.repo))
ADDITIONAL_TEMPLATES =
FLATPAK_REMOTE_NAME = flathub
FLATPAK_REMOTE_URL = https://flathub.org/repo/flathub.flatpakrepo
FLATPAK_REMOTE_REFS =
ENROLLMENT_PASSWORD =
SECURE_BOOT_KEY_URL =
ADDITIONAL_TEMPLATES =
@ -23,10 +27,14 @@ _IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED))
_VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG)
_REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS))
_ALL_LORAX_TEMPLATES = $(subst .in,,$(shell ls lorax_templates/*.tmpl.in)) $(foreach file,$(shell ls lorax_templates/scripts/post),lorax_templates/post_$(file).tmpl)
_EXTERNAL_TEMPLATES = fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl
_EXCLUDED_TEMPLATES = lorax_templates/copy_dnf_cache.tmpl
_LORAX_TEMPLATES = $(filter-out $(_EXCLUDED_TEMPLATES),$(_ALL_LORAX_TEMPLATES))
_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED ENROLLMENT_PASSWORD
_LORAX_ARGS =
_FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2)
_FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2)
_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED FLATPAK_REMOTE_NAME FLATPAK_REMOTE_URL FLATPAK_REMOTE_REFS _FLATPAK_REPO_URL _FLATPAK_REPO_GPG ENROLLMENT_PASSWORD
ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo)
_LORAX_ARGS += --nomacboot --noupgrade
@ -51,8 +59,11 @@ else
_PLATFORM_ID = platform:f$(VERSION)
endif
ifneq ($(FLATPAK_REMOTE_REFS),)
_LORAX_ARGS += -i flatpak-libs
endif
# Step 7: Buid end ISO
# Step 7: Build end ISO
## Default action
build/deploy.iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt
mkdir $(_BASE_DIR)/build || true
@ -102,7 +113,6 @@ lorax_templates/post_%.tmpl: lorax_templates/scripts/post/%
do \
if [[ $$line =~ ^\<\% ]]; \
then \
echo $$line >> lorax_templates/post_$*.tmpl; \
echo >> lorax_templates/post_$*.tmpl; \
else \
if [[ $$header == 0 ]]; \
@ -160,6 +170,8 @@ boot.iso: $(_LORAX_TEMPLATES) $(_REPO_FILES)
$(foreach file,$(_REPO_FILES),--repo $(_BASE_DIR)/$(file)) \
$(foreach file,$(_LORAX_TEMPLATES),--add-template $(_BASE_DIR)/$(file)) \
$(foreach file,$(ADDITIONAL_TEMPLATES),--add-template $(file)) \
$(foreach file,$(_FLATPAK_TEMPLATES),--add-template $(file)) \
$(foreach file,$(_EXTERNAL_TEMPLATES),--add-template $(_BASE_DIR)/external/$(file)) \
--rootfs-size $(ROOTFS_SIZE) \
$(foreach var,$(_TEMPLATE_VARS),--add-template-var "$(shell echo $(var) | tr '[:upper:]' '[:lower:]')=$($(var))") \
$(_BASE_DIR)/results/
@ -200,12 +212,34 @@ clean:
rm -f $(_BASE_DIR)/*.log || true
install-deps:
dnf install -y lorax xorriso skopeo
dnf install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils
test: test-iso test-vm
test-iso:
$(eval _TESTS = $(filter-out README.md,$(shell ls tests/iso)))
$(foreach test,$(_TESTS),chmod +x tests/iso/$(test))
$(foreach test,$(_TESTS),./tests/iso/$(test) deploy.iso)
.PHONY: clean install-deps test-iso container/$(IMAGE_NAME)-$(IMAGE_TAG)
$(eval _VARS = VERSION FLATPAK_REMOTE_NAME _FLATPAK_REPO_URL)
sudo apt-get update
sudo apt-get install -y squashfs-tools
sudo modprobe loop
sudo mkdir /mnt/iso /mnt/install
sudo mount -o loop deploy.iso /mnt/iso
sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install
chmod +x $(foreach test,$(_TESTS),tests/iso/$(test))
for test in $(_TESTS); \
do \
$(foreach var,$(_VARS),$(var)=$($(var))) ./tests/iso/$${test}; \
done
# Cleanup
sudo umount /mnt/install
sudo umount /mnt/iso
test-vm:
$(eval _TESTS = $(filter-out README.md,$(shell ls tests/vm)))
chmod +x $(foreach test,$(_TESTS),tests/vm/$(test))
for test in $(_TESTS); do ./tests/vm/$${test} deploy.iso; done
.PHONY: clean install-deps test test-iso test-vm container/$(IMAGE_NAME)-$(IMAGE_TAG)

66
README.md
View file

@ -1,4 +1,4 @@
![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/build-and-test.yml/badge.svg??event=push)
![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/build-and-test.yml/badge.svg?event=push)
# Build Container Installer Action
This action is used to enerate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer`
@ -8,12 +8,28 @@ This action is designed to be called from a GitHub workflow using the following
```yaml
- name: Build ISO
uses: jasonn3/build-container-installer/v1.0.0
id: build
with:
arch: ${{ env.ARCH}}
image_name: ${{ env.IMAGE_NAME}}
image_repo: ${{ env.IMAGE_REPO}}
image_tag: ${{ env.IMAGE_TAG }}
version: ${{ env.VERSION }}
variant: ${{ env.VARIANT }}
iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ env.VERSION }}.iso
# This example is for uploading your ISO as a Github artifact. You can do something similar using any cloud storage, so long as you copy the output
- name: Upload ISO as artifact
id: upload
uses: actions/upload-artifact@v4
with:
name: ${{ steps.build.outputs.iso_name }}
path: |
${{ steps.build.outputs.iso_path }}
${{ steps.build.outputs.iso_path }}-CHECKSUM
if-no-files-found: error
retention-days: 0
compression-level: 0
```
See [Customizing](#customizing) for information about customizing the ISO that gets created using `with`
@ -21,46 +37,61 @@ See [Customizing](#customizing) for information about customizing the ISO that g
## Customizing
The following variables can be used to customize the created ISO.
| Variable | Description | Default Value |
| ----------------- | -------------------------------------------------------- | ------------------------------ |
| ARCH | Architecture for image to build | x86_64 |
| VERSION | Fedora version of installer to build | 39 |
| IMAGE_REPO | Repository containing the source container image | quay.io/fedora-ostree-desktops |
| IMAGE_NAME | Name of the source container image | base |
| IMAGE_TAG | Tag of the source container image | *VERSION* |
| EXTRA_BOOT_PARAMS | Extra params used by grub to boot the anaconda installer | \[empty\] |
| VARIANT | Source container variant\* | Server |
| WEB_UI | Enable Anaconda WebUI (experimental) | false |
### Inputs
| Variable | Description | Default Value |
| -------------------- | ---------------------------------------------------------------------------- | ------------------------------ |
| additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] |
| arch | Architecture for image to build | x86_64 |
| enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer |
| extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] |
| image_name | Name of the source container image | base |
| image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops |
| image_tag | Tag of the source container image | *VERSION* |
| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso |
| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] |
| variant | Source container variant\* | Server |
| version | Fedora version of installer to build | 39 |
| web_ui | Enable Anaconda WebUI (experimental) | false |
Available options for VARIANT can be found by running `dnf provides system-release`.
\*Available options for VARIANT can be found by running `dnf provides system-release`.
Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite
\*\* If you need to reference a local file, you can use `file://*path*`
### Outputs
| Variable | Description | Usage |
| -------- | ----------------------------------------| ------------------------------------------------ |
| iso_name | The name of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} |
| iso_path | The name and path of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} |
For outputs, see example above.
## Development
### Makefile
The Makefile contains all of the commands that are run in the action. There are separate targets for each file generated, however `make` can be used to generate the final image and `make clean` can be used to clean up the workspace. The resulting ISO will be stored in the `build` directory.
`make install-deps` can be used to install the necessary packages
See [Customizing](#customizing) for information about customizing the ISO that gets created.
See [Customizing](#customizing) for information about customizing the ISO that gets created. All variable should be specified CAPITALIZED.
### Container
A container with `make install-deps` already run is provided at `ghcr.io/jasonn3/build-container-installer:latest`
To use the container file, run `docker run --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest`.
This will create an ISO with the baked in defaults of the container image.
This will create an ISO with the baked in defaults of the container image. The resulting file will be called `deploy.iso`
See [Customizing](#customizing) for information about customizing the ISO that gets created. The variable can either be defined as environment variables.
See [Customizing](#customizing) for information about customizing the ISO that gets created. The variable can either be defined as environment variables. All variable should be specified CAPITALIZED.
Examples:
Building an ISO to install Fedora 38
```bash
docker run --rm --privileged --volume .:/build-container-installer/build -e VERSION=38 -e IMAGE_NAME=base -e IMAGE_TAG=38 -e VARIANT=Server ghcr.io/jasonn3/build-container-installer:latest
docker run --rm --privileged --volume .:/github/workspace/build ghcr.io/jasonn3/build-container-installer:latest VERSION=38 IMAGE_NAME=base IMAGE_TAG=38 VARIANT=Server
```
Building an ISO to install Fedora 39
```bash
docker run --rm --privileged --volume .:/build-container-installer/build -e VERSION=39 -e IMAGE_NAME=base -e IMAGE_TAG=39 -e VARIANT=Server ghcr.io/jasonn3/build-container-installer:latest
docker run --rm --privileged --volume .:/github/workspace/build ghcr.io/jasonn3/build-container-installer:latest VERSION=39 IMAGE_NAME=base IMAGE_TAG=39 VARIANT=Server
```
### VSCode Dev Container
@ -105,4 +136,3 @@ Build a new container image:
"privileged": true
}
```

128
action.yml
View file

@ -2,10 +2,47 @@ name: Build Container Installer
description: Generates an ISO for installing an OSTree stored in a container image
inputs:
action_version:
description: Version of the action container to run
deprecationMessage: No longer used. github.action_ref replaces the need for this. Will be removed in a future version.
required: false
additional_templates:
description: Space delimited list of additional Lorax templates to include
required: false
arch:
description: Architecture for image to build
required: true
default: x86_64
dnf_cache_key:
description: Overrides the dnf cache key
required: false
enable_cache_dnf:
description: Whether to enable caching for dnf
required: false
default: "true"
enable_cache_skopeo:
description: Whether to enable caching for skopeo
required: false
default: "true"
enrollment_password:
description: Used for supporting secure boot (requires secure_boot_key_url to be defined)
required: false
default: "container-installer"
extra_boot_params:
description: Extra params used by grub to boot the anaconda installer
required: false
flatpak_remote_name:
description: Name of the Flatpak remote repo
required: false
default: "flathub"
flatpak_remote_refs:
description: Space delimited list of refs to the flatpak packages to install
required: false
default: ""
flatpak_remote_url:
description: The URL of the Flatpak remote flatpakrepo file
required: false
default: https://flathub.org/repo/flathub.flatpakrepo
image_name:
description: Name of the source container image
required: true
@ -14,6 +51,19 @@ inputs:
description: Repository containing the source container image
required: true
default: quay.io/fedora-ostree-desktops
image_tag:
description: Tag of the source container image. Defaults to the installer version
required: false
iso_name:
description: "Name of the resulting ISO. Relative paths are relative to github.workspace"
required: false
default: build/deploy.iso
secure_boot_key_url:
description: Secure boot key that is installed from URL location
required: false
skopeo_cache_key:
description: Overrides the skopeo cache key
required: false
variant:
description: "Source container variant. Available options can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinonite"
required: true
@ -22,41 +72,18 @@ inputs:
description: Fedora version of installer to build
required: true
default: "39"
image_tag:
description: Tag of the source container image. Defaults to the installer version
required: false
web_ui:
description: Enable Anaconda WebUI
required: false
default: "false"
enrollment_password:
description: Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined)
required: false
default: "container-installer"
secure_boot_key_url:
description: Secure boot key that is installed from URL location
required: false
action_version:
description: Version of the action container to run
deprecationMessage: No longer used. github.action_ref replaces the need for this. Will be removed in a future version.
required: false
enable_cache_dnf:
description: Whether to enable caching for dnf
required: false
default: "true"
dnf_cache_key:
description: Overrides the dnf cache key
required: false
enable_cache_skopeo:
description: Whether to enable caching for skopeo
required: false
default: "true"
skopeo_cache_key:
description: Overrides the skopeo cache key
required: false
additional_templates:
description: Space delimetered list of additional Lorax templates to include
required: false
outputs:
iso_name:
value: ${{ steps.rename_iso.outputs.iso_name }}
description: The name of the resulting .iso
iso_path:
value: ${{ steps.rename_iso.outputs.iso_path }}
description: The name and path of the resulting .iso
runs:
using: composite
@ -104,17 +131,20 @@ runs:
if [[ "${{ inputs.enable_cache_skopeo }}" == "true" ]]; then cache="${cache} -v /cache/skopeo:/cache/skopeo"; fi
if [[ "${{ steps.load_dnf_cache.outputs.cache-hit}}" == "false" ]]; then cache="${cache} -v /cache/dnf_new:/cache/dnf_new"; fi
docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ghcr.io/jasonn3/build-container-installer:${tag} \
ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \
ARCH=${{ inputs.arch }} \
DNF_CACHE=/cache/dnf \
ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \
FLATPAK_REMOTE_NAME=${{ inputs.flatpak_remote_name }} \
FLATPAK_REMOTE_REFS="${{ inputs.flatpak_remote_refs }}" \
FLATPAK_REMOTE_URL=${{ inputs.flatpak_remote_url }} \
IMAGE_NAME=${{ inputs.image_name }} \
IMAGE_REPO=${{ inputs.image_repo }} \
IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \
SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }} \
VARIANT=${{ inputs.variant }} \
VERSION=${{ inputs.version }} \
IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \
WEB_UI=${{ inputs.web_ui }} \
ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \
SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }} \
"ADDITIONAL_TEMPLATES=${{ inputs.additional_templates }}" \
DNF_CACHE=/cache/dnf
WEB_UI=${{ inputs.web_ui }}
- name: Save dnf cache
env:
@ -133,3 +163,27 @@ runs:
with:
path: /cache/skopeo
key: ${{ inputs.skopeo_cache_key || env.skopeo_cache_key }}
- name: Rename ISO file
id: rename_iso
shell: bash
run: |
if [[ ! ( "${{ inputs.iso_name }}" =~ \.iso$ ) ]]
then
iso_name="${{ inputs.iso_name }}.iso"
else
iso_name="${{ inputs.iso_name }}"
fi
if [[ "${{ inputs.iso_name }}" =~ ^/ ]]
then
full_path="${iso_name}"
else
full_path="${{ github.workspace }}/${iso_name}"
fi
mv ${{ github.workspace }}/build/deploy.iso ${full_path} || true
cd $(dirname ${full_path})
iso_fn=$(basename ${iso_name})
sha256sum ${iso_fn} > ${iso_fn}-CHECKSUM
echo "iso_path=${full_path}" >> $GITHUB_OUTPUT
echo "iso_name=${iso_fn}" >> $GITHUB_OUTPUT

18
entrypoint.sh
View file

@ -2,9 +2,14 @@
set -ex
for entry in $@
# Create /dev/loop0 if it doesn't already exist. `losetup` has an issue creating it during the first run
mknod -m 0660 /dev/loop0 b 7 0 2>/dev/null || true
for i
do
export $entry
key=$(echo ${i} | cut -d= -f1)
value=$(echo ${i} | cut -d= -f2-)
export ${key}="${value}"
done
if [[ -d /cache/skopeo ]]
@ -18,18 +23,17 @@ then
fi
# Pull container
make container/${IMAGE_NAME}-${IMAGE_TAG} $@
make container/${IMAGE_NAME}-${IMAGE_TAG} "$@"
# Build base ISO
make boot.iso DNF_CACHE=/cache/dnf $@
make boot.iso "$@"
# Add container to ISO
make build/deploy.iso $@
make build/deploy.iso "$@"
# Make output dir in github workspace
mkdir /github/workspace/build || true
# Copy resulting iso to github workspace and fix permissions
cp build/deploy.iso /github/workspace/build
chmod -R ugo=rwX /github/workspace/build
chmod -R ugo=rwx /github/workspace/build

11
lorax_templates/scripts/post/configure_flatpak Normal file
View file

@ -0,0 +1,11 @@
<%page args="_flatpak_repo_gpg"/>
if [[ -d /ostree/deploy/default/var/lib/flatpak/repo ]]
then
echo ${_flatpak_repo_gpg} | base64 -d > /ostree/deploy/default/var/lib/flatpak/repo/flathub.trustedkeys.gpg
elif [[ -d /var/lib/flatpak/repo ]]
then
echo ${_flatpak_repo_gpg} | base64 -d > /var/lib/flatpak/repo/flathub.trustedkeys.gpg
else
echo "Could not find Flatpaks repo"
fi

4
lorax_templates/set_flatpak_repo.tmpl.in Normal file
View file

@ -0,0 +1,4 @@
<%page args="flatpak_remote_name, _flatpak_repo_url"/>
replace "flatpak_manager\.add_remote\(\".*\", \".*\"\)" "flatpak_manager.add_remote(\"${flatpak_remote_name}\", \"${_flatpak_repo_url}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py
replace "flatpak_manager\.replace_installed_refs_remote\(\".*\"\)" "flatpak_manager.replace_installed_refs_remote(\"${flatpak_remote_name}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py

17
tests/iso/os-release.sh
View file

@ -1,24 +1,7 @@
#!/bin/bash
iso=$1
sudo apt-get update
sudo apt-get install -y squashfs-tools
sudo mkdir /mnt/{iso,install}
# Mount ISO
sudo mount -o loop $iso /mnt/iso
# Mount squashfs
sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install
FOUND_VERSION=$(cat /mnt/install/etc/os-release | grep VERSION_ID | cut -d= -f2)
# Cleanup
sudo umount /mnt/install
sudo umount /mnt/iso
if [[ ${FOUND_VERSION} != ${VERSION} ]]
then
echo "Version mismatch"

37
tests/iso/verify_flatpakrepo_updated.sh Normal file
View file

@ -0,0 +1,37 @@
#!/bin/bash
add_line=$(grep flatpak_manager.add_remote /mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py)
add_line_repo=$(echo ${add_line} | grep ${FLATPAK_REMOTE_NAME})
add_line_url=$(echo ${add_line} | grep ${_FLATPAK_REPO_URL})
result=0
if [ -z "${add_line_repo}" ]
then
echo "Repo name not updated on add_remote line"
result=1
else
echo "Repo name found on add_remote line"
fi
if [ -z "${add_line_url}" ]
then
echo "Repo url not updated on add_remote line"
result=1
else
echo "Repo url found on add_remote line"
fi
replace_line=$(grep flatpak_manager.replace_installed_refs_remote /mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py)
replace_line_repo=$(echo ${replace_line} | grep ${FLATPAK_REMOTE_NAME})
if [ -z "${replace_line_repo}" ]
then
echo "Repo name not updated on replace_installed_refs line"
result=1
else
echo "Repo name found on replace_installed_refs line"
fi
exit ${result}

10
tests/vm/flatpak.yml Normal file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env -S ansible-playbook -i ./ansible_inventory
---
- name: Test for flatpaks
hosts: vm
gather_facts: no
tasks:
- name: Test updating flatpak packages
ansible.builtin.command:
cmd: /usr/bin/flatpak update -y