diff --git a/.github/workflows/bot_commands.yml b/.github/workflows/bot_commands.yml index 2238a5b..ed19f19 100644 --- a/.github/workflows/bot_commands.yml +++ b/.github/workflows/bot_commands.yml @@ -56,11 +56,27 @@ jobs: pr: ${{ github.event.issue.number }} parent_job_name: Run Build Container - run_test_iso: - name: Run ISO Tests + run_build_iso: + name: Run Build Container if: > github.event.issue.pull_request && - contains(github.event.comment.body, '/run test iso') + contains(github.event.comment.body, '/run build iso') + permissions: + contents: read + packages: write + statuses: write + needs: + - permissions + uses: ./.github/workflows/build_iso.yml + with: + pr: ${{ github.event.issue.number }} + parent_job_name: Run Build Container + secrets: + RH_REPO: ${{ secrets.RH_REPO }} + RH_ENT: ${{ secrets.RH_ENT }} + + run_test_iso: + name: Run ISO Tests permissions: contents: read packages: write @@ -68,6 +84,7 @@ jobs: needs: - permissions - load_vars + - run_build_iso uses: ./.github/workflows/test_iso.yml with: pr: ${{ github.event.issue.number }} @@ -78,9 +95,6 @@ jobs: run_test_deployment: name: Run ISO Deployment Tests - if: > - github.event.issue.pull_request && - contains(github.event.comment.body, '/run test iso') permissions: contents: read packages: write @@ -88,7 +102,7 @@ jobs: needs: - permissions - load_vars - - run_test_iso + - run_build_iso uses: ./.github/workflows/test_deployment.yml with: pr: ${{ github.event.issue.number }} diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 197134d..8646626 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -7,11 +7,6 @@ on: parent_job_name: required: true type: string - secrets: - RH_REPO: - required: true - RH_ENT: - required: true jobs: @@ -28,19 +23,6 @@ jobs: contents: read packages: write statuses: write - continue-on-error: false - strategy: - fail-fast: false - matrix: - os: - - registry.fedoraproject.org/fedora - - registry.access.redhat.com/ubi8/ubi - include: - - os: registry.fedoraproject.org/fedora - tag: 39 - - os: registry.access.redhat.com/ubi8/ubi - tag: latest - append: ubi steps: - name: Checkout @@ -85,7 +67,7 @@ jobs: uses: docker/metadata-action@v5 with: images: | - ghcr.io/${{ github.repository }}${{ matrix.append && format('-{0}', matrix.append) }} + ghcr.io/${{ github.repository }} tags: | type=ref,event=branch type=ref,event=pr @@ -98,19 +80,10 @@ jobs: uses: docker/metadata-action@v5 with: images: | - ghcr.io/${{ github.repository }}${{ matrix.append && format('-{0}', matrix.append) }} + ghcr.io/${{ github.repository }} tags: | pr-${{ inputs.pr }} - - name: Get UBI Subs - if: matrix.append == 'ubi' - uses: actions/checkout@v4 - with: - repository: ${{ secrets.RH_REPO }} - ssh-key: ${{ secrets.RH_ENT }} - persist-credentials: false - path: ubi - - name: Buildah Build id: build-image uses: redhat-actions/buildah-build@v2 @@ -118,11 +91,6 @@ jobs: containerfiles: Containerfile tags: ${{ steps.meta.outputs.tags || steps.meta_pr.outputs.tags }} labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }} - build-args: | - BASE_IMAGE=${{ matrix.os }} - IMAGE_VERSION=${{ matrix.tag }} - extra-args: | - ${{ matrix.append == 'ubi' && format('--volume={0}/ubi:/run/secrets', github.workspace) || ''}} - name: Push image uses: redhat-actions/push-to-registry@v2 diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index ea714b9..3722a77 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -7,6 +7,11 @@ on: parent_job_name: required: true type: string + secrets: + RH_REPO: + required: true + RH_ENT: + required: true outputs: iso_name-38: description: "Version 38 ISO Name" @@ -39,9 +44,19 @@ jobs: fail-fast: false matrix: version: + - 7 + - 8 + - 9 - 38 - 39 - 40 + include: + - version: 7 + rhel: true + - version: 8 + rhel: true + - version: 9 + rhel: true outputs: iso_name-38: ${{ steps.save_output.outputs.iso_name-38 }} iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }} @@ -99,6 +114,15 @@ jobs: run: | echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin + - name: Get UBI Subs + if: matrix.rhel == true + uses: actions/checkout@v4 + with: + repository: ${{ secrets.RH_REPO }} + ssh-key: ${{ secrets.RH_ENT }} + persist-credentials: false + path: ubi + - name: Build ISO uses: ./ id: build @@ -113,6 +137,7 @@ jobs: secure_boot_key_url: ${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} enrollment_password: ${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} iso_name: ${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}.iso + secrets_dir: ${{ matrix.rhel && '/github/workspace/ubi' || '' }} - name: Save output id: save_output diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ccc3b43..dabc918 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -35,9 +35,6 @@ jobs: with: pr: ${{ inputs.pr }} parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build Container - secrets: - RH_REPO: ${{ secrets.RH_REPO }} - RH_ENT: ${{ secrets.RH_ENT }} build_iso: name: Build ISO @@ -47,6 +44,9 @@ jobs: with: pr: ${{ inputs.pr }} parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build ISO + secrets: + RH_REPO: ${{ secrets.RH_REPO }} + RH_ENT: ${{ secrets.RH_ENT }} test_iso: name: Test ISO diff --git a/Containerfile b/Containerfile index 10d091d..dcfbbd1 100644 --- a/Containerfile +++ b/Containerfile @@ -21,7 +21,7 @@ VOLUME /build-container-installer/build VOLUME /build-container-installer/repos VOLUME /cache -RUN if [[ "$(grep '^ID=' /etc/os-release)" == 'ID="rhel"' ]]; then dnf install -y coreutils --allowerasing; fi; dnf install -y make && make install-deps +RUN dnf install -y make && make install-deps ENTRYPOINT ["/bin/bash", "/build-container-installer/entrypoint.sh"] diff --git a/Makefile b/Makefile index aecc4fe..5c7bca2 100644 --- a/Makefile +++ b/Makefile @@ -224,11 +224,9 @@ clean: rm -f $(_BASE_DIR)/*.log || true install-deps: - if [ "$(PACKAGE_MANAGER)" == "dnf" ]; then disable="--disablerepo='ubi-*'"; fi; \ - $(PACKAGE_MANAGER) install -y ${disable} lorax xorriso skopeo flatpak dbus-daemon ostree coreutils gettext git + $(PACKAGE_MANAGER) install -y ${disable} lorax xorriso skopeo flatpak dbus-daemon ostree coreutils gettext git subscription-manager install-test-deps: - if [ "$(PACKAGE_MANAGER)" == "dnf" ]; then disable="--disablerepo='ubi-*'"; fi; \ $(PACKAGE_MANAGER) install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make coreutils squashfs-tools diff --git a/action.yml b/action.yml index 55944f7..e830f53 100644 --- a/action.yml +++ b/action.yml @@ -67,6 +67,9 @@ inputs: required: false rootfs_size: description: The size (in GiB) for the squashfs runtime volume + secrets_dir: + description: The location that will be mounted to /run/secrets + required: false secure_boot_key_url: description: Secure boot key that is installed from URL location required: false @@ -175,7 +178,11 @@ runs: vars="${vars} FLATPAK_REMOTE_REFS_DIR=\"${{ inputs.flatpak_remote_refs_dir }}\"" fi fi - docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ${image}:${tag} \ + if [[ -n "${{ inputs.secrets }}" ]] + then + volumes="--volume ${{ inputs.secrets }}:/run/secrets" + fi + docker run --privileged ${volumes} --volume ${{ github.workspace }}:/github/workspace/ ${cache} ${image}:${tag} \ ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \ ARCH="${{ inputs.arch }}" \ DNF_CACHE="/cache/dnf" \