From d20af8b3316a4752dc24d66d72c131077526a7d2 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Wed, 28 Feb 2024 12:59:18 -0500 Subject: [PATCH 01/92] fix: fix ci failing on main (#23) --- .github/workflows/build-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 821dbac..4a5153b 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -87,7 +87,7 @@ jobs: image_repo: ${{ env.IMAGE_REPO}} version: ${{ env.VERSION }} variant: ${{ env.VARIANT }} - action_version: ${{ steps.meta.outputs.tags }} + action_version: ${{ steps.meta.outputs.tags || 'latest' }} - name: Rename ISO run: | From 88d77318487f267d4307a9d2a58d2c03d21976b1 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:22:57 -0500 Subject: [PATCH 02/92] doc: fix typo (#25) --- README.md | 4 ++-- action.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3c80ebb..e11a6cb 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ ![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/build-and-test.yml/badge.svg??event=push) -# Bulid Container Installer Action -This action is used to generate an ISO for installing OSTrees stored in a container. This utilizes the anaconda command `ostreecontainer` +# Build Container Installer Action +This action is used to enerate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer` ## Usage This action is designed to be called from a GitHub workflow using the following format diff --git a/action.yml b/action.yml index 3dd4042..985bd01 100644 --- a/action.yml +++ b/action.yml @@ -1,5 +1,5 @@ -name: Build Contianer Installer -description: generate an ISO for installing OSTrees stored in a container +name: Build Container Installer +description: Generates an ISO for installing an OSTree stored in a container image inputs: arch: From 41838b9ab68405c51021c981a99d97ec99919839 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Fri, 1 Mar 2024 13:07:12 -0500 Subject: [PATCH 03/92] Remove need for action_version (#27) --- .github/workflows/build-and-test.yml | 1 - README.md | 1 - action.yml | 9 ++++++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 4a5153b..a3b3650 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -87,7 +87,6 @@ jobs: image_repo: ${{ env.IMAGE_REPO}} version: ${{ env.VERSION }} variant: ${{ env.VARIANT }} - action_version: ${{ steps.meta.outputs.tags || 'latest' }} - name: Rename ISO run: | diff --git a/README.md b/README.md index e11a6cb..82217f9 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,6 @@ This action is designed to be called from a GitHub workflow using the following image_repo: ${{ env.IMAGE_REPO}} version: ${{ env.VERSION }} variant: ${{ env.VARIANT }} - action_version: v1.0.0 ``` See [Customizing](#customizing) for information about customizing the ISO that gets created using `with` diff --git a/action.yml b/action.yml index 985bd01..8cedd8d 100644 --- a/action.yml +++ b/action.yml @@ -31,8 +31,8 @@ inputs: default: "false" action_version: description: Version of the action container to run - required: true - default: "latest" + deprecationMessage: No longer used. github.action_ref replaces the need for this. Will be removed in a future version. + required: false additional_templates: description: Space delimetered list of additional Lorax templates to include required: false @@ -43,7 +43,10 @@ runs: - name: Run docker image shell: bash run: | - docker run --privileged --volume .:/github/workspace/ ghcr.io/jasonn3/build-container-installer:${{ inputs.action_version }} \ + # Check if running inside of the action repo + if [[ -z "${{ github.action_ref }}" ]]; then if [[ "${{ github.ref_name }}" =~ (.*)/merge ]]; then tag=pr-${BASH_REMATCH[1]}; else tag=${{ github.ref_name }}; fi; fi + if [[ -z "${tag}" ]]; then tag=${{ github.action_ref }}; fi + docker run --privileged --volume .:/github/workspace/ ghcr.io/jasonn3/build-container-installer:${tag} \ ARCH=${{ inputs.arch }} \ IMAGE_NAME=${{ inputs.image_name }} \ IMAGE_REPO=${{ inputs.image_repo }} \ From c4a0406395f0e7c4bc68b33a7381b43aa61a0d35 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Mon, 4 Mar 2024 14:53:57 -0500 Subject: [PATCH 04/92] Use Skopeo instead of Podman (#30) --- Makefile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 0ef451f..886991b 100644 --- a/Makefile +++ b/Makefile @@ -69,10 +69,8 @@ boot.iso: $(_LORAX_TEMPLATES) $(_REPO_FILES) # Step 4: Download container image container/$(IMAGE_NAME)-$(IMAGE_TAG): - mkdir container || true - podman pull $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) - podman save --format oci-dir -o $(_BASE_DIR)/container/$(IMAGE_NAME)-$(IMAGE_TAG) $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) - podman rmi $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) + mkdir $(_BASE_DIR)/container || true + skopeo copy docker://$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) oci:$(_BASE_DIR)/container/$(IMAGE_NAME)-$(IMAGE_TAG) # Step 5: Generate xorriso script xorriso/%.sh: xorriso/%.sh.in @@ -100,7 +98,7 @@ clean: rm -f $(_BASE_DIR)/*.log || true install-deps: - dnf install -y lorax xorriso podman + dnf install -y lorax xorriso skopeo .PHONY: clean install-deps From 38f41f7accc549bd732a4957109dacc18cd61730 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 5 Mar 2024 09:32:38 -0500 Subject: [PATCH 05/92] Use bootc when available (#33) --- Makefile | 62 ++++++++++++++++--- lorax_templates/configure_upgrades.tmpl.in | 8 --- .../scripts/post/configure_upgrades | 7 +++ 3 files changed, 60 insertions(+), 17 deletions(-) delete mode 100644 lorax_templates/configure_upgrades.tmpl.in create mode 100644 lorax_templates/scripts/post/configure_upgrades diff --git a/Makefile b/Makefile index 886991b..0362032 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,8 @@ _IMAGE_REPO_ESCAPED = $(subst /,\/,$(IMAGE_REPO)) _IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED)) _VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) _REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) -_LORAX_TEMPLATES = $(subst .in,,$(shell ls lorax_templates/*.tmpl.in)) +_LORAX_TEMPLATES = $(subst .in,,$(shell ls lorax_templates/*.tmpl.in)) $(foreach file,$(shell ls lorax_templates/scripts/post),lorax_templates/post_$(file).tmpl) +_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED ifeq ($(VARIANT),Server) _LORAX_ARGS = --macboot --noupgrade @@ -38,8 +39,50 @@ build/deploy.iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.t implantisomd5 build/deploy.iso # Step 1: Generate Lorax Templates +lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% + # Support interactive-defaults.ks + $(eval _ISO_FILE = usr/share/anaconda/interactive-defaults.ks) + + header=0; \ + while read -r line; \ + do \ + if [[ $$line =~ ^\<\% ]]; \ + then \ + echo $$line >> lorax_templates/post_$*.tmpl; \ + echo >> lorax_templates/post_$*.tmpl; \ + else \ + if [[ $$header == 0 ]]; \ + then \ + echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ + header=1; \ + fi; \ + echo "append $(_ISO_FILE) \"$$line\"" >> lorax_templates/post_$*.tmpl; \ + fi; \ + done < lorax_templates/scripts/post/$* + echo "append $(_ISO_FILE) \"%end\"" >> lorax_templates/post_$*.tmpl + + # Support new Anaconda method + $(eval _ISO_FILE = usr/share/anaconda/post-scripts/configure_upgrades.ks) + + header=0; \ + while read -r line; \ + do \ + if [[ $$line =~ ^\<\% ]]; \ + then \ + echo >> lorax_templates/post_$*.tmpl; \ + else \ + if [[ $$header == 0 ]]; \ + then \ + echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ + header=1; \ + fi; \ + echo "append $(_ISO_FILE) \"$$line\"" >> lorax_templates/post_$*.tmpl; \ + fi; \ + done < lorax_templates/scripts/post/$* + echo "append $(_ISO_FILE) \"%end\"" >> lorax_templates/post_$*.tmpl + lorax_templates/%.tmpl: lorax_templates/%.tmpl.in - $(eval _VARS = IMAGE_NAME IMAGE_TAG _IMAGE_REPO_DOUBLE_ESCAPED) + $(eval _VARS = IMAGE_NAME IMAGE_TAG _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED) $(foreach var,$(_VARS),$(var)=$($(var))) envsubst '$(foreach var,$(_VARS),$$$(var))' < $(_BASE_DIR)/lorax_templates/$*.tmpl.in > $(_BASE_DIR)/lorax_templates/$*.tmpl @@ -58,13 +101,14 @@ boot.iso: $(_LORAX_TEMPLATES) $(_REPO_FILES) rm -Rf $(_BASE_DIR)/results || true rm /etc/rpm/macros.image-language-conf || true lorax -p $(IMAGE_NAME) -v $(VERSION) -r $(VERSION) -t $(VARIANT) \ - --isfinal --squashfs-only --buildarch=$(ARCH) --volid=$(_VOLID) \ - $(_LORAX_ARGS) \ - $(foreach file,$(_REPO_FILES),--repo $(_BASE_DIR)/$(file)) \ - $(foreach file,$(_LORAX_TEMPLATES),--add-template $(_BASE_DIR)/$(file)) \ - $(foreach file,$(ADDITIONAL_TEMPLATES),--add-template $(file)) \ - --rootfs-size $(ROOTFS_SIZE) \ - $(_BASE_DIR)/results/ + --isfinal --squashfs-only --buildarch=$(ARCH) --volid=$(_VOLID) \ + $(_LORAX_ARGS) \ + $(foreach file,$(_REPO_FILES),--repo $(_BASE_DIR)/$(file)) \ + $(foreach file,$(_LORAX_TEMPLATES),--add-template $(_BASE_DIR)/$(file)) \ + $(foreach file,$(ADDITIONAL_TEMPLATES),--add-template $(file)) \ + --rootfs-size $(ROOTFS_SIZE) \ + $(foreach var,$(_TEMPLATE_VARS),--add-template-var "$(shell echo $(var) | tr '[:upper:]' '[:lower:]')=$($(var))") \ + $(_BASE_DIR)/results/ mv $(_BASE_DIR)/results/images/boot.iso $(_BASE_DIR)/ # Step 4: Download container image diff --git a/lorax_templates/configure_upgrades.tmpl.in b/lorax_templates/configure_upgrades.tmpl.in deleted file mode 100644 index eb75fa7..0000000 --- a/lorax_templates/configure_upgrades.tmpl.in +++ /dev/null @@ -1,8 +0,0 @@ -append usr/share/anaconda/interactive-defaults.ks "%post --erroronfail" -append usr/share/anaconda/interactive-defaults.ks "sed -i 's/container-image-reference=.*/container-image-reference=ostree-image-signed:docker:\/\/${_IMAGE_REPO_DOUBLE_ESCAPED}\/${IMAGE_NAME}:${IMAGE_TAG}/' /ostree/deploy/default/deploy/*.origin" -append usr/share/anaconda/interactive-defaults.ks "%end" - -append usr/share/anaconda/post-scripts/configure_upgrades.ks "%post --erroronfail" -append usr/share/anaconda/post-scripts/configure_upgrades.ks "sed -i 's/container-image-reference=.*/container-image-reference=ostree-image-signed:docker:\/\/${_IMAGE_REPO_DOUBLE_ESCAPED}\/${IMAGE_NAME}:${IMAGE_TAG}/' /ostree/deploy/default/deploy/*.origin" -append usr/share/anaconda/post-scripts/configure_upgrades.ks "%end" - diff --git a/lorax_templates/scripts/post/configure_upgrades b/lorax_templates/scripts/post/configure_upgrades new file mode 100644 index 0000000..5b56ef2 --- /dev/null +++ b/lorax_templates/scripts/post/configure_upgrades @@ -0,0 +1,7 @@ +<%page args="image_repo, _image_repo_double_escaped, image_name, image_tag"/> +if (which bootc &> /dev/null) +then + bootc switch ${image_repo}/${image_name}:${image_tag} +else + sed -i 's/container-image-reference=.*/container-image-reference=ostree-image-signed:docker:\/\/${_image_repo_double_escaped}\/${image_name}:${image_tag}/' /ostree/deploy/default/deploy/*.origin +fi From 17927f37f8f34e376be6f1318c812340294825f2 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 5 Mar 2024 09:50:43 -0500 Subject: [PATCH 06/92] Ensure workspace dir is used and not current dir (#34) --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 8cedd8d..219cc6b 100644 --- a/action.yml +++ b/action.yml @@ -46,7 +46,7 @@ runs: # Check if running inside of the action repo if [[ -z "${{ github.action_ref }}" ]]; then if [[ "${{ github.ref_name }}" =~ (.*)/merge ]]; then tag=pr-${BASH_REMATCH[1]}; else tag=${{ github.ref_name }}; fi; fi if [[ -z "${tag}" ]]; then tag=${{ github.action_ref }}; fi - docker run --privileged --volume .:/github/workspace/ ghcr.io/jasonn3/build-container-installer:${tag} \ + docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ghcr.io/jasonn3/build-container-installer:${tag} \ ARCH=${{ inputs.arch }} \ IMAGE_NAME=${{ inputs.image_name }} \ IMAGE_REPO=${{ inputs.image_repo }} \ From ef90875a1c2460fb40643d7152f5fd0458623ddb Mon Sep 17 00:00:00 2001 From: Noel Miller <4983138+noelmiller@users.noreply.github.com> Date: Tue, 5 Mar 2024 12:11:52 -0600 Subject: [PATCH 07/92] Add Support for Secure Boot (#37) --- .dockerignore | 5 ++ .github/workflows/build-and-test.yml | 5 ++ Containerfile | 7 +-- Makefile | 58 ++++++++++++++----- action.yml | 9 +++ .../scripts/post/enroll-secureboot-key | 26 +++++++++ xorriso/gen_input.sh.in | 14 +++-- 7 files changed, 100 insertions(+), 24 deletions(-) create mode 100644 .dockerignore create mode 100755 lorax_templates/scripts/post/enroll-secureboot-key diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..06aa2e2 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +.devcontainer +.github +.gitignore +action.yml +Containerfile diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index a3b3650..942c763 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -15,6 +15,9 @@ env: IMAGE_REPO: 'quay.io/fedora-ostree-desktops' VERSION: '39' VARIANT: 'Server' + SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' + ENROLLMENT_PASSWORD: 'container-installer' + jobs: build-container: @@ -87,6 +90,8 @@ jobs: image_repo: ${{ env.IMAGE_REPO}} version: ${{ env.VERSION }} variant: ${{ env.VARIANT }} + secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }} + enrollment_password: ${{ env.ENROLLMENT_PASSWORD }} - name: Rename ISO run: | diff --git a/Containerfile b/Containerfile index 196a151..6ca8af4 100644 --- a/Containerfile +++ b/Containerfile @@ -11,10 +11,7 @@ ENV VERSION="${VERSION}" ENV WEB_UI="false" RUN mkdir /build-container-installer -COPY /lorax_templates /build-container-installer/lorax_templates -COPY /xorriso /build-container-installer/xorriso -COPY /Makefile /build-container-installer -COPY /entrypoint.sh / +COPY / /build-container-installer/ WORKDIR /build-container-installer @@ -22,5 +19,5 @@ RUN dnf install -y make && make install-deps VOLUME /build-container-installer/build -ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] +ENTRYPOINT ["/bin/bash", "/build-container-installer/entrypoint.sh"] diff --git a/Makefile b/Makefile index 0362032..6064d01 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,8 @@ IMAGE_TAG = $(VERSION) VARIANT = Server WEB_UI = false REPOS = /etc/yum.repos.d/fedora.repo /etc/yum.repos.d/fedora-updates.repo +ENROLLMENT_PASSWORD = +SECURE_BOOT_KEY_URL = ADDITIONAL_TEMPLATES = "" ROOTFS_SIZE = 4 @@ -19,7 +21,7 @@ _IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED)) _VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) _REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) _LORAX_TEMPLATES = $(subst .in,,$(shell ls lorax_templates/*.tmpl.in)) $(foreach file,$(shell ls lorax_templates/scripts/post),lorax_templates/post_$(file).tmpl) -_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED +_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED ENROLLMENT_PASSWORD ifeq ($(VARIANT),Server) _LORAX_ARGS = --macboot --noupgrade @@ -44,19 +46,30 @@ lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% $(eval _ISO_FILE = usr/share/anaconda/interactive-defaults.ks) header=0; \ + skip=0; \ while read -r line; \ do \ - if [[ $$line =~ ^\<\% ]]; \ - then \ + if [[ $$line =~ ^\<\% ]]; \ + then \ echo $$line >> lorax_templates/post_$*.tmpl; \ echo >> lorax_templates/post_$*.tmpl; \ - else \ - if [[ $$header == 0 ]]; \ + else \ + if [[ $$header == 0 ]]; \ then \ - echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ + if [[ $$line =~ ^##\ (.*)$$ ]]; \ + then \ + echo "append $(_ISO_FILE) \"%post --erroronfail $${BASH_REMATCH[1]}\"" >> lorax_templates/post_$*.tmpl; \ + skip=1; \ + else \ + echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ + fi; \ header=1; \ fi; \ - echo "append $(_ISO_FILE) \"$$line\"" >> lorax_templates/post_$*.tmpl; \ + if [[ $$skip == 0 ]]; \ + then \ + echo "append $(_ISO_FILE) \"$${line//\"/\\\"}\"" >> lorax_templates/post_$*.tmpl; \ + fi; \ + skip=0; \ fi; \ done < lorax_templates/scripts/post/$* echo "append $(_ISO_FILE) \"%end\"" >> lorax_templates/post_$*.tmpl @@ -65,18 +78,30 @@ lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% $(eval _ISO_FILE = usr/share/anaconda/post-scripts/configure_upgrades.ks) header=0; \ + skip=0; \ while read -r line; \ do \ - if [[ $$line =~ ^\<\% ]]; \ - then \ + if [[ $$line =~ ^\<\% ]]; \ + then \ + echo $$line >> lorax_templates/post_$*.tmpl; \ echo >> lorax_templates/post_$*.tmpl; \ - else \ - if [[ $$header == 0 ]]; \ + else \ + if [[ $$header == 0 ]]; \ then \ - echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ + if [[ $$line =~ ^##\ (.*)$$ ]]; \ + then \ + echo "append $(_ISO_FILE) \"%post --erroronfail $${BASH_REMATCH[1]}\"" >> lorax_templates/post_$*.tmpl; \ + skip=1; \ + else \ + echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ + fi; \ header=1; \ fi; \ - echo "append $(_ISO_FILE) \"$$line\"" >> lorax_templates/post_$*.tmpl; \ + if [[ $$skip == 0 ]]; \ + then \ + echo "append $(_ISO_FILE) \"$${line//\"/\\\"}\"" >> lorax_templates/post_$*.tmpl; \ + fi; \ + skip=0; \ fi; \ done < lorax_templates/scripts/post/$* echo "append $(_ISO_FILE) \"%end\"" >> lorax_templates/post_$*.tmpl @@ -100,6 +125,13 @@ repos/%.repo: /etc/yum.repos.d/%.repo boot.iso: $(_LORAX_TEMPLATES) $(_REPO_FILES) rm -Rf $(_BASE_DIR)/results || true rm /etc/rpm/macros.image-language-conf || true + + # Download the secure boot key + if [ -n "$(SECURE_BOOT_KEY_URL)" ]; \ + then \ + curl --fail -L -o $(_BASE_DIR)/sb_pubkey.der $(SECURE_BOOT_KEY_URL); \ + fi + lorax -p $(IMAGE_NAME) -v $(VERSION) -r $(VERSION) -t $(VARIANT) \ --isfinal --squashfs-only --buildarch=$(ARCH) --volid=$(_VOLID) \ $(_LORAX_ARGS) \ diff --git a/action.yml b/action.yml index 219cc6b..22914f1 100644 --- a/action.yml +++ b/action.yml @@ -29,6 +29,13 @@ inputs: description: Enable Anaconda WebUI required: false default: "false" + enrollment_password: + description: Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) + required: false + default: "container-installer" + secure_boot_key_url: + description: Secure boot key that is installed from URL location + required: false action_version: description: Version of the action container to run deprecationMessage: No longer used. github.action_ref replaces the need for this. Will be removed in a future version. @@ -54,5 +61,7 @@ runs: VERSION=${{ inputs.version }} \ IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \ WEB_UI=${{ inputs.web_ui }} \ + ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \ + SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }} \ "ADDITIONAL_TEMPLATES=${{ inputs.additional_templates }}" diff --git a/lorax_templates/scripts/post/enroll-secureboot-key b/lorax_templates/scripts/post/enroll-secureboot-key new file mode 100755 index 0000000..622a1ec --- /dev/null +++ b/lorax_templates/scripts/post/enroll-secureboot-key @@ -0,0 +1,26 @@ +<%page args="enrollment_password "/> +## --nochroot + +set -oue pipefail + +readonly ENROLLMENT_PASSWORD=${enrollment_password} +readonly SECUREBOOT_KEY="/run/install/repo/sb_pubkey.der" + +if [[ ! -d "/sys/firmware/efi" ]]; then + echo "EFI mode not detected. Skipping key enrollment." + exit 0 +fi + +if [[ ! -f "$SECUREBOOT_KEY" ]]; then + echo "Secure boot key not provided: $SECUREBOOT_KEY" + exit 0 +fi + +SYS_ID="$(cat /sys/devices/virtual/dmi/id/product_name)" +if [[ ":Jupiter:Galileo:" =~ ":$SYS_ID:" ]]; then + echo "Steam Deck hardware detected. Skipping key enrollment." + exit 0 +fi + +mokutil --timeout -1 || : +echo -e "$ENROLLMENT_PASSWORD\n$ENROLLMENT_PASSWORD" | mokutil --import "$SECUREBOOT_KEY" || : diff --git a/xorriso/gen_input.sh.in b/xorriso/gen_input.sh.in index b660e1b..00acd91 100644 --- a/xorriso/gen_input.sh.in +++ b/xorriso/gen_input.sh.in @@ -5,12 +5,14 @@ echo "-outdev $(pwd)/build/deploy.iso" echo "-boot_image any replay" echo "-joliet on" echo "-compliance joliet_long_names" -pushd container > /dev/null -for file in $(find ${IMAGE_NAME}-${IMAGE_TAG}) -do - echo "-map $(pwd)/${file} ${file}" - echo "-chmod 0444 ${file}" +if [ -f $(pwd)/sb_pubkey.der ]; then + echo "-map $(pwd)/sb_pubkey.der sb_pubkey.der" + echo "-chmod 0444 /sb_pubkey.der" +fi +pushd container >/dev/null +for file in $(find ${IMAGE_NAME}-${IMAGE_TAG}); do + echo "-map $(pwd)/${file} ${file}" + echo "-chmod 0444 ${file}" done popd > /dev/null echo "-end" - From 8d9ceeb5799eaf33f538797fa9b4bc7f932c4113 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 5 Mar 2024 16:10:08 -0500 Subject: [PATCH 08/92] ci: Test resulting test ISO (#26) --- .github/workflows/build-and-test.yml | 110 ++++++++++++++++++++++++++- Makefile | 7 +- tests/iso/README.md | 1 + tests/iso/os-release.sh | 31 ++++++++ tests/vm/README.md | 1 + 5 files changed, 148 insertions(+), 2 deletions(-) create mode 100644 tests/iso/README.md create mode 100644 tests/iso/os-release.sh create mode 100644 tests/vm/README.md diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 942c763..2981e79 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -82,7 +82,7 @@ jobs: type=ref,event=branch type=ref,event=pr - - name: Build ISO + - name: Build ISO with new container uses: ./ with: arch: ${{ env.ARCH}} @@ -98,6 +98,7 @@ jobs: mv build/deploy.iso build/${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso - name: Upload ISO as artifact + id: upload uses: actions/upload-artifact@v4 with: name: ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso @@ -106,3 +107,110 @@ jobs: retention-days: 0 compression-level: 0 overwrite: true + + test-qemu: + runs-on: ubuntu-latest + needs: + - build-and-push-iso + permissions: + contents: read + packages: write + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Ensure qemu is installed + run: | + sudo apt-get update + sudo apt-get install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make + + - name: Create disk + run: | + qemu-img create -f qcow2 disk.qcow2 50G + + - name: Download generated ISO + uses: actions/download-artifact@v4 + with: + name: ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso + + - name: Verify ISO + run: checkisomd5 ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso + + - name: Run ISO checks + run: | + mv ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso deploy.iso + make test-iso + + - name: Add Kickstart and Grub options to ISO + run: | + sudo mkdir /mnt/iso || true + sudo mount -o loop deploy.iso /mnt/iso + cp /mnt/iso/boot/grub2/grub.cfg grub.cfg + sudo umount /mnt/iso + sed -i 's/quiet/console=ttyS0,115200n8 inst.ks=cdrom:\/ks.cfg/' grub.cfg + sed -i 's/set default="1"/set default="0"/' grub.cfg + sed -i 's/set timeout=60/set timeout=1/' grub.cfg + cat << EOF > ks.cfg + lang en_US.UTF-8 + keyboard us + timezone Americas/New_York + zerombr + clearpart --all --initlabel + autopart + poweroff + user --name=core --groups=wheel --password=foobar + %include /usr/share/anaconda/interactive-defaults.ks + EOF + xorriso -dialog on << EOF + -indev deploy.iso + -outdev test.iso + -boot_image any replay + -map ks.cfg ks.cfg + -chmod 0444 ks.cfg + -map grub.cfg boot/grub2/grub.cfg + -end + EOF + + - name: Install the test VM + run: | + timeout 1h qemu-system-x86_64 -name "Anaconda" -boot d -m 4096 -cpu qemu64 -display none -cdrom test.iso -smp 2 -hda disk.qcow2 -serial telnet:localhost:4321,server,nowait & QEMU_PID=$! + echo "PID: $QEMU_PID" + timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" + (nc localhost 4321 | tee vm.stdout) & + wait $QEMU_PID + + - name: Start the test VM + env: + VM_USER: core + VM_PASS: foobar + run: | + mkfifo vm.stdin + qemu-system-x86_64 -name "Anaconda" \ + -m 4096 -cpu qemu64 -display none -smp 2 \ + -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 \ + -device virtio-serial \ + -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \ + -boot c -hda disk.qcow2 -serial telnet:localhost:4321,server,nowait & export QEMU_PID=$! + echo "PID: $QEMU_PID" + + timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" + (tail -f vm.stdin | nc localhost 4321 | tee vm.stdout) & + + timeout 30m bash -c "while ! (grep 'login:' vm.stdout); do sleep 1; done" + + export VM_IP=$({ echo '{"execute": "guest-network-get-interfaces"}'; sleep 2; } | socat unix-connect:/tmp/qga.sock - | jq -r '.return[1]["ip-addresses"][] | select(."ip-address-type"=="ipv4") | .["ip-address"]') + if ! (echo > /dev/tcp/${VM_IP}/22) + then + echo "SSH must be installed and enabled inside the container" + fi + + echo "VM ready for tests at IP ${VM_IP}" + for check in $(ls tests/vm) + do + if [[ -f $check && $check != "README.md" ]] + then + chmod +x $check + ./${check} + fi + done + diff --git a/Makefile b/Makefile index 6064d01..81db881 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ WEB_UI = false REPOS = /etc/yum.repos.d/fedora.repo /etc/yum.repos.d/fedora-updates.repo ENROLLMENT_PASSWORD = SECURE_BOOT_KEY_URL = -ADDITIONAL_TEMPLATES = "" +ADDITIONAL_TEMPLATES = ROOTFS_SIZE = 4 # Generated vars @@ -175,6 +175,11 @@ clean: install-deps: dnf install -y lorax xorriso skopeo + +test-iso: + $(eval _TESTS = $(filter-out README.md,$(shell ls tests/iso))) + $(foreach test,$(_TESTS),chmod +x tests/iso/$(test)) + $(foreach test,$(_TESTS),./tests/iso/$(test) deploy.iso) .PHONY: clean install-deps diff --git a/tests/iso/README.md b/tests/iso/README.md new file mode 100644 index 0000000..bd511d9 --- /dev/null +++ b/tests/iso/README.md @@ -0,0 +1 @@ +Place scripts that will test the ISO. The ISO file will be passed as the first argument \ No newline at end of file diff --git a/tests/iso/os-release.sh b/tests/iso/os-release.sh new file mode 100644 index 0000000..ea066bc --- /dev/null +++ b/tests/iso/os-release.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +iso=$1 + +sudo apt-get update +sudo apt-get install -y squashfs-tools + +sudo mkdir /mnt/{iso,install} + +# Mount ISO +sudo mount -o loop $iso /mnt/iso + +# Mount squashfs +sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install + +FOUND_VERSION=$(cat /mnt/install/etc/os-release | grep VERSION_ID | cut -d= -f2) + +# Cleanup +sudo umount /mnt/install +sudo umount /mnt/iso + +if [[ ${FOUND_VERSION} != ${VERSION} ]] +then + echo "Version mismatch" + echo "Expected: ${VERSION}" + echo "Found: ${FOUND_VERSION}" + exit 1 +else + echo "Correct version found" + exit 0 +fi \ No newline at end of file diff --git a/tests/vm/README.md b/tests/vm/README.md new file mode 100644 index 0000000..39840b4 --- /dev/null +++ b/tests/vm/README.md @@ -0,0 +1 @@ +Place scripts that will test the VM. The VM will be available at ${VM_IP} using username ${VM_USER} and password ${VM_PASS} \ No newline at end of file From 8746fd7f0dec28f7f101e14ac2e83a2d256eef8e Mon Sep 17 00:00:00 2001 From: Noel Miller <4983138+noelmiller@users.noreply.github.com> Date: Wed, 6 Mar 2024 16:45:09 -0600 Subject: [PATCH 09/92] Fix bootc command (#40) --- lorax_templates/scripts/post/configure_upgrades | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lorax_templates/scripts/post/configure_upgrades b/lorax_templates/scripts/post/configure_upgrades index 5b56ef2..761764d 100644 --- a/lorax_templates/scripts/post/configure_upgrades +++ b/lorax_templates/scripts/post/configure_upgrades @@ -1,7 +1,7 @@ <%page args="image_repo, _image_repo_double_escaped, image_name, image_tag"/> if (which bootc &> /dev/null) then - bootc switch ${image_repo}/${image_name}:${image_tag} + bootc switch --mutate-in-place --enforce-container-sigpolicy --transport registry ${image_repo}/${image_name}:${image_tag} else sed -i 's/container-image-reference=.*/container-image-reference=ostree-image-signed:docker:\/\/${_image_repo_double_escaped}\/${image_name}:${image_tag}/' /ostree/deploy/default/deploy/*.origin fi From 5ea604d4056acb94a6fad36562dcbeba1c1ee991 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Thu, 7 Mar 2024 09:14:09 -0600 Subject: [PATCH 10/92] Add support for extra boot options (#35) --- Makefile | 5 ++++- xorriso/gen_input.sh.in | 18 +++++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 81db881..c8f8c01 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,8 @@ WEB_UI = false REPOS = /etc/yum.repos.d/fedora.repo /etc/yum.repos.d/fedora-updates.repo ENROLLMENT_PASSWORD = SECURE_BOOT_KEY_URL = -ADDITIONAL_TEMPLATES = +ADDITIONAL_TEMPLATES = +EXTRA_BOOT_PARAMS = ROOTFS_SIZE = 4 # Generated vars @@ -150,6 +151,8 @@ container/$(IMAGE_NAME)-$(IMAGE_TAG): # Step 5: Generate xorriso script xorriso/%.sh: xorriso/%.sh.in + sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' results/boot/grub2/grub.cfg + sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' results/EFI/BOOT/grub.cfg $(eval _VARS = IMAGE_NAME IMAGE_TAG ARCH VERSION) $(foreach var,$(_VARS),$(var)=$($(var))) envsubst '$(foreach var,$(_VARS),$$$(var))' < $(_BASE_DIR)/xorriso/$*.sh.in > $(_BASE_DIR)/xorriso/$*.sh diff --git a/xorriso/gen_input.sh.in b/xorriso/gen_input.sh.in index 00acd91..f2f678c 100644 --- a/xorriso/gen_input.sh.in +++ b/xorriso/gen_input.sh.in @@ -5,14 +5,22 @@ echo "-outdev $(pwd)/build/deploy.iso" echo "-boot_image any replay" echo "-joliet on" echo "-compliance joliet_long_names" -if [ -f $(pwd)/sb_pubkey.der ]; then +echo "-map $(pwd)/results/boot/grub2/grub.cfg boot/grub2/grub.cfg" +echo "-chmod 0444 boot/grub2/grub.cfg" +echo "-map $(pwd)/results/EFI/BOOT/grub.cfg EFI/BOOT/grub.cfg" +echo "-chmod 0444 EFI/BOOT/grub.cfg" + +if [ -f $(pwd)/sb_pubkey.der ] +then echo "-map $(pwd)/sb_pubkey.der sb_pubkey.der" echo "-chmod 0444 /sb_pubkey.der" fi -pushd container >/dev/null -for file in $(find ${IMAGE_NAME}-${IMAGE_TAG}); do - echo "-map $(pwd)/${file} ${file}" - echo "-chmod 0444 ${file}" + +pushd container > /dev/null +for file in $(find ${IMAGE_NAME}-${IMAGE_TAG}) +do + echo "-map $(pwd)/${file} ${file}" + echo "-chmod 0444 ${file}" done popd > /dev/null echo "-end" From 0b68c00dcfcaf0c54cceda8e80e39035687d1ddb Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Thu, 7 Mar 2024 10:42:05 -0600 Subject: [PATCH 11/92] Run tests using multiple installer versions (#47) --- .github/workflows/build-and-test.yml | 27 +++++++++++++++++++-------- external/fedora-lorax-templates | 1 + 2 files changed, 20 insertions(+), 8 deletions(-) create mode 160000 external/fedora-lorax-templates diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 2981e79..74801ed 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -13,7 +13,7 @@ env: ARCH: 'x86_64' IMAGE_NAME: 'base' IMAGE_REPO: 'quay.io/fedora-ostree-desktops' - VERSION: '39' + IMAGE_TAG: '39' VARIANT: 'Server' SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' ENROLLMENT_PASSWORD: 'container-installer' @@ -64,6 +64,11 @@ jobs: permissions: contents: read packages: write + strategy: + matrix: + version: + - 38 + - 39 steps: - name: Checkout repo uses: actions/checkout@v4 @@ -88,20 +93,21 @@ jobs: arch: ${{ env.ARCH}} image_name: ${{ env.IMAGE_NAME}} image_repo: ${{ env.IMAGE_REPO}} - version: ${{ env.VERSION }} + image_tag: ${{ env.IMAGE_TAG }} + version: ${{ matrix.version }} variant: ${{ env.VARIANT }} secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }} enrollment_password: ${{ env.ENROLLMENT_PASSWORD }} - name: Rename ISO run: | - mv build/deploy.iso build/${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso + mv build/deploy.iso build/${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso - name: Upload ISO as artifact id: upload uses: actions/upload-artifact@v4 with: - name: ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso + name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso path: build/*.iso if-no-files-found: error retention-days: 0 @@ -115,6 +121,11 @@ jobs: permissions: contents: read packages: write + strategy: + matrix: + version: + - 38 + - 39 steps: - name: Checkout repo uses: actions/checkout@v4 @@ -131,15 +142,15 @@ jobs: - name: Download generated ISO uses: actions/download-artifact@v4 with: - name: ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso + name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso - name: Verify ISO - run: checkisomd5 ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso + run: checkisomd5 ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso - name: Run ISO checks run: | - mv ${{ env.IMAGE_NAME }}-${{ env.VERSION }}.iso deploy.iso - make test-iso + mv ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso deploy.iso + make test-iso VERSION=${{ matrix.version }} - name: Add Kickstart and Grub options to ISO run: | diff --git a/external/fedora-lorax-templates b/external/fedora-lorax-templates new file mode 160000 index 0000000..cc11553 --- /dev/null +++ b/external/fedora-lorax-templates @@ -0,0 +1 @@ +Subproject commit cc1155372046baa58f9d2cc27a9e5473bf05a3fb From 54d89036fb481af6a26106e1fc760a7ace93bfd3 Mon Sep 17 00:00:00 2001 From: Noel Miller <4983138+noelmiller@users.noreply.github.com> Date: Fri, 8 Mar 2024 10:05:20 -0600 Subject: [PATCH 12/92] Fix Container Copying to Directory (#41) --- .github/workflows/build-and-test.yml | 32 +++++++----- Containerfile | 1 + Makefile | 4 +- README.md | 64 +++++++++++++++++------- action.yml | 74 +++++++++++++++++++++------- entrypoint.sh | 3 +- 6 files changed, 127 insertions(+), 51 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 74801ed..ad1a839 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -18,7 +18,6 @@ env: SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' ENROLLMENT_PASSWORD: 'container-installer' - jobs: build-container: runs-on: ubuntu-latest @@ -47,7 +46,7 @@ jobs: with: containerfiles: Containerfile tags: ${{ steps.meta.outputs.tags }} - + - name: Push image uses: redhat-actions/push-to-registry@v2 with: @@ -56,7 +55,6 @@ jobs: username: ${{ github.actor }} password: ${{ github.token }} - build-and-push-iso: runs-on: ubuntu-latest needs: @@ -69,6 +67,9 @@ jobs: version: - 38 - 39 + outputs: + iso_name-38: ${{ steps.save_output.outputs.iso_name-38 }} + iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }} steps: - name: Checkout repo uses: actions/checkout@v4 @@ -89,6 +90,7 @@ jobs: - name: Build ISO with new container uses: ./ + id: build with: arch: ${{ env.ARCH}} image_name: ${{ env.IMAGE_NAME}} @@ -98,17 +100,22 @@ jobs: variant: ${{ env.VARIANT }} secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }} enrollment_password: ${{ env.ENROLLMENT_PASSWORD }} + iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso - - name: Rename ISO + - name: Save output + id: save_output + shell: bash run: | - mv build/deploy.iso build/${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso + echo "iso_name-${{ matrix.version }}=${{ steps.build.outputs.iso_name}}" >> $GITHUB_OUTPUT - name: Upload ISO as artifact id: upload uses: actions/upload-artifact@v4 with: - name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso - path: build/*.iso + name: ${{ steps.build.outputs.iso_name }} + path: | + ${{ steps.build.outputs.iso_path }} + ${{ steps.build.outputs.iso_path }}-CHECKSUM if-no-files-found: error retention-days: 0 compression-level: 0 @@ -133,7 +140,7 @@ jobs: - name: Ensure qemu is installed run: | sudo apt-get update - sudo apt-get install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make + sudo apt-get install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make coreutils - name: Create disk run: | @@ -142,14 +149,16 @@ jobs: - name: Download generated ISO uses: actions/download-artifact@v4 with: - name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso + name: ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} - name: Verify ISO - run: checkisomd5 ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso + run: | + checkisomd5 ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} + sha256sum -c ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}-CHECKSUM - name: Run ISO checks run: | - mv ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso deploy.iso + mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso make test-iso VERSION=${{ matrix.version }} - name: Add Kickstart and Grub options to ISO @@ -224,4 +233,3 @@ jobs: ./${check} fi done - diff --git a/Containerfile b/Containerfile index 6ca8af4..7488139 100644 --- a/Containerfile +++ b/Containerfile @@ -11,6 +11,7 @@ ENV VERSION="${VERSION}" ENV WEB_UI="false" RUN mkdir /build-container-installer + COPY / /build-container-installer/ WORKDIR /build-container-installer diff --git a/Makefile b/Makefile index c8f8c01..a21d1be 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,7 @@ ifeq ($(WEB_UI),true) _LORAX_ARGS += -i anaconda-webui endif -# Step 7: Buid end ISO +# Step 7: Build end ISO ## Default action build/deploy.iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt mkdir $(_BASE_DIR)/build || true @@ -177,7 +177,7 @@ clean: rm -f $(_BASE_DIR)/*.log || true install-deps: - dnf install -y lorax xorriso skopeo + dnf install -y lorax xorriso skopeo coreutils test-iso: $(eval _TESTS = $(filter-out README.md,$(shell ls tests/iso))) diff --git a/README.md b/README.md index 82217f9..cdc4119 100644 --- a/README.md +++ b/README.md @@ -8,12 +8,28 @@ This action is designed to be called from a GitHub workflow using the following ```yaml - name: Build ISO uses: jasonn3/build-container-installer/v1.0.0 + id: build with: arch: ${{ env.ARCH}} image_name: ${{ env.IMAGE_NAME}} image_repo: ${{ env.IMAGE_REPO}} + image_tag: ${{ env.IMAGE_TAG }} version: ${{ env.VERSION }} variant: ${{ env.VARIANT }} + iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ env.VERSION }}.iso + +# This example is for uploading your ISO as a Github artifact. You can do something similar using any cloud storage, so long as you copy the output +- name: Upload ISO as artifact + id: upload + uses: actions/upload-artifact@v4 + with: + name: ${{ steps.build.outputs.iso_name }} + path: | + ${{ steps.build.outputs.iso_path }} + ${{ steps.build.outputs.iso_path }}-CHECKSUM + if-no-files-found: error + retention-days: 0 + compression-level: 0 ``` See [Customizing](#customizing) for information about customizing the ISO that gets created using `with` @@ -21,46 +37,61 @@ See [Customizing](#customizing) for information about customizing the ISO that g ## Customizing The following variables can be used to customize the created ISO. -| Variable | Description | Default Value | -| ----------------- | -------------------------------------------------------- | ------------------------------ | -| ARCH | Architecture for image to build | x86_64 | -| VERSION | Fedora version of installer to build | 39 | -| IMAGE_REPO | Repository containing the source container image | quay.io/fedora-ostree-desktops | -| IMAGE_NAME | Name of the source container image | base | -| IMAGE_TAG | Tag of the source container image | *VERSION* | -| EXTRA_BOOT_PARAMS | Extra params used by grub to boot the anaconda installer | \[empty\] | -| VARIANT | Source container variant\* | Server | -| WEB_UI | Enable Anaconda WebUI (experimental) | false | +### Inputs +| Variable | Description | Default Value | +| -------------------- | ---------------------------------------------------------------------------- | ------------------------------ | +| additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] | +| arch | Architecture for image to build | x86_64 | +| enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer | +| extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] | +| image_name | Name of the source container image | base | +| image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | +| image_tag | Tag of the source container image | *VERSION* | +| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | +| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | +| variant | Source container variant\* | Server | +| version | Fedora version of installer to build | 39 | +| web_ui | Enable Anaconda WebUI (experimental) | false | -Available options for VARIANT can be found by running `dnf provides system-release`. +\*Available options for VARIANT can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite +\*\* If you need to reference a local file, you can use `file://*path*` + +### Outputs +| Variable | Description | Usage | +| -------- | ----------------------------------------| ------------------------------------------------ | +| iso_name | The name of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} | +| iso_path | The name and path of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} | + +For outputs, see example above. + ## Development ### Makefile The Makefile contains all of the commands that are run in the action. There are separate targets for each file generated, however `make` can be used to generate the final image and `make clean` can be used to clean up the workspace. The resulting ISO will be stored in the `build` directory. `make install-deps` can be used to install the necessary packages -See [Customizing](#customizing) for information about customizing the ISO that gets created. +See [Customizing](#customizing) for information about customizing the ISO that gets created. All variable should be specified CAPITALIZED. ### Container A container with `make install-deps` already run is provided at `ghcr.io/jasonn3/build-container-installer:latest` To use the container file, run `docker run --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest`. -This will create an ISO with the baked in defaults of the container image. +This will create an ISO with the baked in defaults of the container image. The resulting file will be called `deploy.iso` -See [Customizing](#customizing) for information about customizing the ISO that gets created. The variable can either be defined as environment variables. +See [Customizing](#customizing) for information about customizing the ISO that gets created. The variable can either be defined as environment variables. All variable should be specified CAPITALIZED. Examples: Building an ISO to install Fedora 38 ```bash -docker run --rm --privileged --volume .:/build-container-installer/build -e VERSION=38 -e IMAGE_NAME=base -e IMAGE_TAG=38 -e VARIANT=Server ghcr.io/jasonn3/build-container-installer:latest +docker run --rm --privileged --volume .:/github/workspace/build ghcr.io/jasonn3/build-container-installer:latest VERSION=38 IMAGE_NAME=base IMAGE_TAG=38 VARIANT=Server ``` Building an ISO to install Fedora 39 ```bash -docker run --rm --privileged --volume .:/build-container-installer/build -e VERSION=39 -e IMAGE_NAME=base -e IMAGE_TAG=39 -e VARIANT=Server ghcr.io/jasonn3/build-container-installer:latest +docker run --rm --privileged --volume .:/github/workspace/build ghcr.io/jasonn3/build-container-installer:latest VERSION=39 IMAGE_NAME=base IMAGE_TAG=39 VARIANT=Server ``` ### VSCode Dev Container @@ -105,4 +136,3 @@ Build a new container image: "privileged": true } ``` - diff --git a/action.yml b/action.yml index 22914f1..75c7fb5 100644 --- a/action.yml +++ b/action.yml @@ -2,10 +2,24 @@ name: Build Container Installer description: Generates an ISO for installing an OSTree stored in a container image inputs: + action_version: + description: Version of the action container to run + deprecationMessage: No longer used. github.action_ref replaces the need for this. Will be removed in a future version. + required: false + additional_templates: + description: Space delimited list of additional Lorax templates to include + required: false arch: description: Architecture for image to build required: true default: x86_64 + enrollment_password: + description: Used for supporting secure boot (requires secure_boot_key_url to be defined) + required: false + default: "container-installer" + extra_boot_params: + description: Extra params used by grub to boot the anaconda installer + required: false image_name: description: Name of the source container image required: true @@ -14,6 +28,16 @@ inputs: description: Repository containing the source container image required: true default: quay.io/fedora-ostree-desktops + image_tag: + description: Tag of the source container image. Defaults to the installer version + required: false + iso_name: + description: "Name of the resulting ISO. Relative paths are relative to github.workspace" + required: false + default: build/deploy.iso + secure_boot_key_url: + description: Secure boot key that is installed from URL location + required: false variant: description: "Source container variant. Available options can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinonite" required: true @@ -22,27 +46,18 @@ inputs: description: Fedora version of installer to build required: true default: "39" - image_tag: - description: Tag of the source container image. Defaults to the installer version - required: false web_ui: description: Enable Anaconda WebUI required: false default: "false" - enrollment_password: - description: Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) - required: false - default: "container-installer" - secure_boot_key_url: - description: Secure boot key that is installed from URL location - required: false - action_version: - description: Version of the action container to run - deprecationMessage: No longer used. github.action_ref replaces the need for this. Will be removed in a future version. - required: false - additional_templates: - description: Space delimetered list of additional Lorax templates to include - required: false + +outputs: + iso_name: + value: ${{ steps.rename_iso.outputs.iso_name }} + description: The name of the resulting .iso + iso_path: + value: ${{ steps.rename_iso.outputs.iso_path }} + description: The name and path of the resulting .iso runs: using: composite @@ -53,7 +68,7 @@ runs: # Check if running inside of the action repo if [[ -z "${{ github.action_ref }}" ]]; then if [[ "${{ github.ref_name }}" =~ (.*)/merge ]]; then tag=pr-${BASH_REMATCH[1]}; else tag=${{ github.ref_name }}; fi; fi if [[ -z "${tag}" ]]; then tag=${{ github.action_ref }}; fi - docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ghcr.io/jasonn3/build-container-installer:${tag} \ + docker run --privileged --volume ${{ github.workspace }}:/github/workspace ghcr.io/jasonn3/build-container-installer:${tag} \ ARCH=${{ inputs.arch }} \ IMAGE_NAME=${{ inputs.image_name }} \ IMAGE_REPO=${{ inputs.image_repo }} \ @@ -61,7 +76,30 @@ runs: VERSION=${{ inputs.version }} \ IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \ WEB_UI=${{ inputs.web_ui }} \ + ISO_NAME=${{ inputs.iso_name }} \ ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \ SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }} \ "ADDITIONAL_TEMPLATES=${{ inputs.additional_templates }}" + - name: Rename ISO file + id: rename_iso + shell: bash + run: | + if [[ ! ( "${{ inputs.iso_name }}" =~ \.iso$ ) ]] + then + iso_name="${{ inputs.iso_name }}.iso" + else + iso_name="${{ inputs.iso_name }}" + fi + if [[ "${{ inputs.iso_name }}" =~ ^/ ]] + then + full_path="${iso_name}" + else + full_path="${{ github.workspace }}/${iso_name}" + fi + mv ${{ github.workspace }}/build/deploy.iso ${full_path} || true + cd $(dirname ${full_path}) + iso_fn=$(basename ${iso_name}) + sha256sum ${iso_fn} > ${iso_fn}-CHECKSUM + echo "iso_path=${full_path}" >> $GITHUB_OUTPUT + echo "iso_name=${iso_fn}" >> $GITHUB_OUTPUT diff --git a/entrypoint.sh b/entrypoint.sh index 5005737..3f78761 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -21,5 +21,4 @@ mkdir /github/workspace/build || true # Copy resulting iso to github workspace and fix permissions cp build/deploy.iso /github/workspace/build -chmod -R ugo=rwX /github/workspace/build - +chmod -R ugo=rwx /github/workspace/build From bfa150ceebf096e1e23c652a1e437a98ed4f6085 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Sun, 10 Mar 2024 23:39:22 -0400 Subject: [PATCH 13/92] Add flatpaks (#32) --- .github/workflows/build-and-test.yml | 43 +++++++++++----- .gitmodules | 4 ++ Makefile | 49 ++++++++++++++++--- README.md | 2 +- action.yml | 26 +++++++--- entrypoint.sh | 15 ++++-- .../scripts/post/configure_flatpak | 11 +++++ lorax_templates/set_flatpak_repo.tmpl.in | 4 ++ tests/iso/os-release.sh | 17 ------- tests/iso/verify_flatpakrepo_updated.sh | 37 ++++++++++++++ tests/vm/flatpak.yml | 10 ++++ 11 files changed, 169 insertions(+), 49 deletions(-) create mode 100644 .gitmodules create mode 100644 lorax_templates/scripts/post/configure_flatpak create mode 100644 lorax_templates/set_flatpak_repo.tmpl.in create mode 100644 tests/iso/verify_flatpakrepo_updated.sh create mode 100644 tests/vm/flatpak.yml diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index ad1a839..e82b395 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -15,6 +15,7 @@ env: IMAGE_REPO: 'quay.io/fedora-ostree-desktops' IMAGE_TAG: '39' VARIANT: 'Server' + FLATPAK_REMOTE_REFS: app/org.videolan.VLC/x86_64/stable runtime/org.kde.Platform/x86_64/5.15-23.08 SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' ENROLLMENT_PASSWORD: 'container-installer' @@ -27,6 +28,8 @@ jobs: steps: - name: Checkout repo uses: actions/checkout@v4 + with: + submodules: recursive - name: Docker meta id: meta @@ -62,7 +65,9 @@ jobs: permissions: contents: read packages: write + continue-on-error: false strategy: + fail-fast: false matrix: version: - 38 @@ -98,6 +103,7 @@ jobs: image_tag: ${{ env.IMAGE_TAG }} version: ${{ matrix.version }} variant: ${{ env.VARIANT }} + flatpak_remote_refs: ${{ env.FLATPAK_REMOTE_REFS }} secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }} enrollment_password: ${{ env.ENROLLMENT_PASSWORD }} iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso @@ -128,7 +134,9 @@ jobs: permissions: contents: read packages: write + continue-on-error: false strategy: + fail-fast: false matrix: version: - 38 @@ -136,6 +144,8 @@ jobs: steps: - name: Checkout repo uses: actions/checkout@v4 + with: + submodules: recursive - name: Ensure qemu is installed run: | @@ -159,7 +169,7 @@ jobs: - name: Run ISO checks run: | mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso - make test-iso VERSION=${{ matrix.version }} + make test-iso VERSION=${{ matrix.version }} FLATPAK_REMOTE_REFS="${{ env.FLATPAK_REMOTE_REFS}}" - name: Add Kickstart and Grub options to ISO run: | @@ -203,11 +213,15 @@ jobs: env: VM_USER: core VM_PASS: foobar + VM_IP: "127.0.0.1" + VM_PORT: "5555" run: | mkfifo vm.stdin qemu-system-x86_64 -name "Anaconda" \ -m 4096 -cpu qemu64 -display none -smp 2 \ -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 \ + -device e1000,netdev=net0 \ + -netdev user,id=net0,hostfwd=tcp::${VM_PORT}-:22 \ -device virtio-serial \ -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \ -boot c -hda disk.qcow2 -serial telnet:localhost:4321,server,nowait & export QEMU_PID=$! @@ -218,18 +232,23 @@ jobs: timeout 30m bash -c "while ! (grep 'login:' vm.stdout); do sleep 1; done" - export VM_IP=$({ echo '{"execute": "guest-network-get-interfaces"}'; sleep 2; } | socat unix-connect:/tmp/qga.sock - | jq -r '.return[1]["ip-addresses"][] | select(."ip-address-type"=="ipv4") | .["ip-address"]') - if ! (echo > /dev/tcp/${VM_IP}/22) + if ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}) then echo "SSH must be installed and enabled inside the container" fi - echo "VM ready for tests at IP ${VM_IP}" - for check in $(ls tests/vm) - do - if [[ -f $check && $check != "README.md" ]] - then - chmod +x $check - ./${check} - fi - done + echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}" + echo "Creating Ansible inventory" + cat << EOF > ansible_inventory + ungrouped: + hosts: + vm: + ansible_host: ${VM_IP} + ansible_port: ${VM_PORT} + ansible_user: ${VM_USER} + ansible_password: ${VM_PASS} + ansible_ssh_common_args: '-o StrictHostKeyChecking=no' + EOF + + #make test-vm + kill $QEMU_PID diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..fe51240 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "external/fedora-lorax-templates"] + path = external/fedora-lorax-templates + url = https://pagure.io/fedora-lorax-templates.git + branch = f39 diff --git a/Makefile b/Makefile index a21d1be..4849aca 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,10 @@ IMAGE_TAG = $(VERSION) VARIANT = Server WEB_UI = false REPOS = /etc/yum.repos.d/fedora.repo /etc/yum.repos.d/fedora-updates.repo +ADDITIONAL_TEMPLATES = +FLATPAK_REMOTE_NAME = flathub +FLATPAK_REMOTE_URL = https://flathub.org/repo/flathub.flatpakrepo +FLATPAK_REMOTE_REFS = ENROLLMENT_PASSWORD = SECURE_BOOT_KEY_URL = ADDITIONAL_TEMPLATES = @@ -22,7 +26,10 @@ _IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED)) _VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) _REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) _LORAX_TEMPLATES = $(subst .in,,$(shell ls lorax_templates/*.tmpl.in)) $(foreach file,$(shell ls lorax_templates/scripts/post),lorax_templates/post_$(file).tmpl) -_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED ENROLLMENT_PASSWORD +_EXTERNAL_TEMPLATES = fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl +_FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) +_FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) +_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED FLATPAK_REMOTE_NAME FLATPAK_REMOTE_URL FLATPAK_REMOTE_REFS _FLATPAK_REPO_URL _FLATPAK_REPO_GPG ENROLLMENT_PASSWORD ifeq ($(VARIANT),Server) _LORAX_ARGS = --macboot --noupgrade @@ -34,6 +41,10 @@ ifeq ($(WEB_UI),true) _LORAX_ARGS += -i anaconda-webui endif +ifneq ($(FLATPAK_REMOTE_REFS),) +_LORAX_ARGS += -i flatpak-libs +endif + # Step 7: Build end ISO ## Default action build/deploy.iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt @@ -84,7 +95,6 @@ lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% do \ if [[ $$line =~ ^\<\% ]]; \ then \ - echo $$line >> lorax_templates/post_$*.tmpl; \ echo >> lorax_templates/post_$*.tmpl; \ else \ if [[ $$header == 0 ]]; \ @@ -111,7 +121,6 @@ lorax_templates/%.tmpl: lorax_templates/%.tmpl.in $(eval _VARS = IMAGE_NAME IMAGE_TAG _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED) $(foreach var,$(_VARS),$(var)=$($(var))) envsubst '$(foreach var,$(_VARS),$$$(var))' < $(_BASE_DIR)/lorax_templates/$*.tmpl.in > $(_BASE_DIR)/lorax_templates/$*.tmpl - # Step 2: Replace vars in repo files repos/%.repo: /etc/yum.repos.d/%.repo mkdir repos || true @@ -139,6 +148,8 @@ boot.iso: $(_LORAX_TEMPLATES) $(_REPO_FILES) $(foreach file,$(_REPO_FILES),--repo $(_BASE_DIR)/$(file)) \ $(foreach file,$(_LORAX_TEMPLATES),--add-template $(_BASE_DIR)/$(file)) \ $(foreach file,$(ADDITIONAL_TEMPLATES),--add-template $(file)) \ + $(foreach file,$(_FLATPAK_TEMPLATES),--add-template $(file)) \ + $(foreach file,$(_EXTERNAL_TEMPLATES),--add-template $(_BASE_DIR)/external/$(file)) \ --rootfs-size $(ROOTFS_SIZE) \ $(foreach var,$(_TEMPLATE_VARS),--add-template-var "$(shell echo $(var) | tr '[:upper:]' '[:lower:]')=$($(var))") \ $(_BASE_DIR)/results/ @@ -177,12 +188,34 @@ clean: rm -f $(_BASE_DIR)/*.log || true install-deps: - dnf install -y lorax xorriso skopeo coreutils + dnf install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils + +test: test-iso test-vm test-iso: $(eval _TESTS = $(filter-out README.md,$(shell ls tests/iso))) - $(foreach test,$(_TESTS),chmod +x tests/iso/$(test)) - $(foreach test,$(_TESTS),./tests/iso/$(test) deploy.iso) - -.PHONY: clean install-deps + $(eval _VARS = VERSION FLATPAK_REMOTE_NAME _FLATPAK_REPO_URL) + sudo apt-get update + sudo apt-get install -y squashfs-tools + sudo modprobe loop + sudo mkdir /mnt/iso /mnt/install + sudo mount -o loop deploy.iso /mnt/iso + sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install + + chmod +x $(foreach test,$(_TESTS),tests/iso/$(test)) + for test in $(_TESTS); \ + do \ + $(foreach var,$(_VARS),$(var)=$($(var))) ./tests/iso/$${test}; \ + done + + # Cleanup + sudo umount /mnt/install + sudo umount /mnt/iso + +test-vm: + $(eval _TESTS = $(filter-out README.md,$(shell ls tests/vm))) + chmod +x $(foreach test,$(_TESTS),tests/vm/$(test)) + for test in $(_TESTS); do ./tests/vm/$${test} deploy.iso; done + +.PHONY: clean install-deps test test-iso test-vm diff --git a/README.md b/README.md index cdc4119..b50912f 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/build-and-test.yml/badge.svg??event=push) +![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/build-and-test.yml/badge.svg?event=push) # Build Container Installer Action This action is used to enerate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer` diff --git a/action.yml b/action.yml index 75c7fb5..d4e7861 100644 --- a/action.yml +++ b/action.yml @@ -20,6 +20,18 @@ inputs: extra_boot_params: description: Extra params used by grub to boot the anaconda installer required: false + flatpak_remote_name: + description: Name of the Flatpak remote repo + required: false + default: "flathub" + flatpak_remote_refs: + description: Space delimited list of refs to the flatpak packages to install + required: false + default: "" + flatpak_remote_url: + description: The URL of the Flatpak remote flatpakrepo file + required: false + default: https://flathub.org/repo/flathub.flatpakrepo image_name: description: Name of the source container image required: true @@ -69,17 +81,19 @@ runs: if [[ -z "${{ github.action_ref }}" ]]; then if [[ "${{ github.ref_name }}" =~ (.*)/merge ]]; then tag=pr-${BASH_REMATCH[1]}; else tag=${{ github.ref_name }}; fi; fi if [[ -z "${tag}" ]]; then tag=${{ github.action_ref }}; fi docker run --privileged --volume ${{ github.workspace }}:/github/workspace ghcr.io/jasonn3/build-container-installer:${tag} \ + ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \ ARCH=${{ inputs.arch }} \ + ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \ + FLATPAK_REMOTE_NAME=${{ inputs.flatpak_remote_name }} \ + FLATPAK_REMOTE_REFS="${{ inputs.flatpak_remote_refs }}" \ + FLATPAK_REMOTE_URL=${{ inputs.flatpak_remote_url }} \ IMAGE_NAME=${{ inputs.image_name }} \ IMAGE_REPO=${{ inputs.image_repo }} \ + IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \ + SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }} \ VARIANT=${{ inputs.variant }} \ VERSION=${{ inputs.version }} \ - IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \ - WEB_UI=${{ inputs.web_ui }} \ - ISO_NAME=${{ inputs.iso_name }} \ - ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \ - SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }} \ - "ADDITIONAL_TEMPLATES=${{ inputs.additional_templates }}" + WEB_UI=${{ inputs.web_ui }} - name: Rename ISO file id: rename_iso diff --git a/entrypoint.sh b/entrypoint.sh index 3f78761..c32743b 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,19 +2,24 @@ set -ex -for entry in $@ +# Create /dev/loop0 if it doesn't already exist. `losetup` has an issue creating it during the first run +mknod -m 0660 /dev/loop0 b 7 0 2>/dev/null || true + +for i do - export $entry + key=$(echo ${i} | cut -d= -f1) + value=$(echo ${i} | cut -d= -f2-) + export ${key}="${value}" done # Pull container -make container/${IMAGE_NAME}-${IMAGE_TAG} $@ +make container/${IMAGE_NAME}-${IMAGE_TAG} "$@" # Build base ISO -make boot.iso $@ +make boot.iso "$@" # Add container to ISO -make build/deploy.iso $@ +make build/deploy.iso "$@" # Make output dir in github workspace mkdir /github/workspace/build || true diff --git a/lorax_templates/scripts/post/configure_flatpak b/lorax_templates/scripts/post/configure_flatpak new file mode 100644 index 0000000..1c54a7f --- /dev/null +++ b/lorax_templates/scripts/post/configure_flatpak @@ -0,0 +1,11 @@ +<%page args="_flatpak_repo_gpg"/> + +if [[ -d /ostree/deploy/default/var/lib/flatpak/repo ]] +then + echo ${_flatpak_repo_gpg} | base64 -d > /ostree/deploy/default/var/lib/flatpak/repo/flathub.trustedkeys.gpg +elif [[ -d /var/lib/flatpak/repo ]] +then + echo ${_flatpak_repo_gpg} | base64 -d > /var/lib/flatpak/repo/flathub.trustedkeys.gpg +else + echo "Could not find Flatpaks repo" +fi diff --git a/lorax_templates/set_flatpak_repo.tmpl.in b/lorax_templates/set_flatpak_repo.tmpl.in new file mode 100644 index 0000000..622e9a1 --- /dev/null +++ b/lorax_templates/set_flatpak_repo.tmpl.in @@ -0,0 +1,4 @@ +<%page args="flatpak_remote_name, _flatpak_repo_url"/> + +replace "flatpak_manager\.add_remote\(\".*\", \".*\"\)" "flatpak_manager.add_remote(\"${flatpak_remote_name}\", \"${_flatpak_repo_url}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py +replace "flatpak_manager\.replace_installed_refs_remote\(\".*\"\)" "flatpak_manager.replace_installed_refs_remote(\"${flatpak_remote_name}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py diff --git a/tests/iso/os-release.sh b/tests/iso/os-release.sh index ea066bc..ccef46c 100644 --- a/tests/iso/os-release.sh +++ b/tests/iso/os-release.sh @@ -1,24 +1,7 @@ #!/bin/bash -iso=$1 - -sudo apt-get update -sudo apt-get install -y squashfs-tools - -sudo mkdir /mnt/{iso,install} - -# Mount ISO -sudo mount -o loop $iso /mnt/iso - -# Mount squashfs -sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install - FOUND_VERSION=$(cat /mnt/install/etc/os-release | grep VERSION_ID | cut -d= -f2) -# Cleanup -sudo umount /mnt/install -sudo umount /mnt/iso - if [[ ${FOUND_VERSION} != ${VERSION} ]] then echo "Version mismatch" diff --git a/tests/iso/verify_flatpakrepo_updated.sh b/tests/iso/verify_flatpakrepo_updated.sh new file mode 100644 index 0000000..b5ee240 --- /dev/null +++ b/tests/iso/verify_flatpakrepo_updated.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +add_line=$(grep flatpak_manager.add_remote /mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py) + +add_line_repo=$(echo ${add_line} | grep ${FLATPAK_REMOTE_NAME}) +add_line_url=$(echo ${add_line} | grep ${_FLATPAK_REPO_URL}) + +result=0 +if [ -z "${add_line_repo}" ] +then + echo "Repo name not updated on add_remote line" + result=1 +else + echo "Repo name found on add_remote line" +fi + +if [ -z "${add_line_url}" ] +then + echo "Repo url not updated on add_remote line" + result=1 +else + echo "Repo url found on add_remote line" +fi + +replace_line=$(grep flatpak_manager.replace_installed_refs_remote /mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py) + +replace_line_repo=$(echo ${replace_line} | grep ${FLATPAK_REMOTE_NAME}) + +if [ -z "${replace_line_repo}" ] +then + echo "Repo name not updated on replace_installed_refs line" + result=1 +else + echo "Repo name found on replace_installed_refs line" +fi + +exit ${result} \ No newline at end of file diff --git a/tests/vm/flatpak.yml b/tests/vm/flatpak.yml new file mode 100644 index 0000000..6f46263 --- /dev/null +++ b/tests/vm/flatpak.yml @@ -0,0 +1,10 @@ +#!/usr/bin/env -S ansible-playbook -i ./ansible_inventory +--- +- name: Test for flatpaks + hosts: vm + gather_facts: no + + tasks: + - name: Test updating flatpak packages + ansible.builtin.command: + cmd: /usr/bin/flatpak update -y From c3dfff5c5b3fdf473a1813c6d5be15cd459b700d Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Mon, 11 Mar 2024 16:29:45 -0400 Subject: [PATCH 14/92] Allow caching of dnf (#46) --- .gitignore | 1 - Containerfile | 5 +- Makefile | 76 ++++++++++----- README.md | 2 +- action.yml | 93 ++++++++++++++++++- entrypoint.sh | 10 ++ lorax_templates/cache_copy_dnf.tmpl | 3 + ...pak_repo.tmpl.in => flatpak_set_repo.tmpl} | 0 lorax_templates/install_set_installer.tmpl | 4 + .../{configure_flatpak => flatpak_configure} | 0 ...re_upgrades => install_configure_upgrades} | 0 ...l-secureboot-key => secureboot_enroll_key} | 2 +- lorax_templates/set_installer.tmpl.in | 2 - 13 files changed, 166 insertions(+), 32 deletions(-) create mode 100644 lorax_templates/cache_copy_dnf.tmpl rename lorax_templates/{set_flatpak_repo.tmpl.in => flatpak_set_repo.tmpl} (100%) create mode 100644 lorax_templates/install_set_installer.tmpl rename lorax_templates/scripts/post/{configure_flatpak => flatpak_configure} (100%) rename lorax_templates/scripts/post/{configure_upgrades => install_configure_upgrades} (100%) rename lorax_templates/scripts/post/{enroll-secureboot-key => secureboot_enroll_key} (94%) delete mode 100644 lorax_templates/set_installer.tmpl.in diff --git a/.gitignore b/.gitignore index 8f65d56..ff22e19 100644 --- a/.gitignore +++ b/.gitignore @@ -3,7 +3,6 @@ /pkglists /repos /results -/lorax_templates/*.tmpl /xorriso/input.txt /xorriso/*.sh /original-pkgsizes.txt diff --git a/Containerfile b/Containerfile index 7488139..f0b2174 100644 --- a/Containerfile +++ b/Containerfile @@ -15,10 +15,11 @@ RUN mkdir /build-container-installer COPY / /build-container-installer/ WORKDIR /build-container-installer +VOLUME /build-container-installer/build +VOLUME /build-container-installer/repos +VOLUME /cache RUN dnf install -y make && make install-deps -VOLUME /build-container-installer/build - ENTRYPOINT ["/bin/bash", "/build-container-installer/entrypoint.sh"] diff --git a/Makefile b/Makefile index 4849aca..0c46523 100644 --- a/Makefile +++ b/Makefile @@ -1,48 +1,77 @@ # Configuration vars ## Formatting = UPPERCASE +# General +ADDITIONAL_TEMPLATES = ARCH = x86_64 -VERSION = 39 -IMAGE_REPO = quay.io/fedora-ostree-desktops +EXTRA_BOOT_PARAMS = IMAGE_NAME = base +IMAGE_REPO = quay.io/fedora-ostree-desktops IMAGE_TAG = $(VERSION) +REPOS = $(subst :,\:,$(shell ls /etc/yum.repos.d/*.repo)) +ROOTFS_SIZE = 4 VARIANT = Server +VERSION = 39 WEB_UI = false -REPOS = /etc/yum.repos.d/fedora.repo /etc/yum.repos.d/fedora-updates.repo -ADDITIONAL_TEMPLATES = +# Flatpak FLATPAK_REMOTE_NAME = flathub FLATPAK_REMOTE_URL = https://flathub.org/repo/flathub.flatpakrepo FLATPAK_REMOTE_REFS = +# Secure boot ENROLLMENT_PASSWORD = SECURE_BOOT_KEY_URL = -ADDITIONAL_TEMPLATES = -EXTRA_BOOT_PARAMS = -ROOTFS_SIZE = 4 +# Cache +DNF_CACHE = -# Generated vars +# Generated/internal vars ## Formatting = _UPPERCASE _BASE_DIR = $(shell pwd) _IMAGE_REPO_ESCAPED = $(subst /,\/,$(IMAGE_REPO)) _IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED)) _VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) _REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) -_LORAX_TEMPLATES = $(subst .in,,$(shell ls lorax_templates/*.tmpl.in)) $(foreach file,$(shell ls lorax_templates/scripts/post),lorax_templates/post_$(file).tmpl) -_EXTERNAL_TEMPLATES = fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl +_LORAX_TEMPLATES = $(shell ls lorax_templates/install_*.tmpl) $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/install_*)),lorax_templates/post_$(file).tmpl) +_LORAX_TEMPLATES_FLATPAKS = $(shell ls lorax_templates/flatpak_*.tmpl) $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/flatpak_*)),lorax_templates/post_$(file).tmpl) external/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl +_LORAX_TEMPLATES_SECUREBOOT = $(shell ls lorax_templates/secureboot_*.tmpl) $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/secureboot_*)),lorax_templates/post_$(file).tmpl) +_LORAX_TEMPLATES_CACHE = $(shell ls lorax_templates/cache_*.tmpl) $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/cache_*)),lorax_templates/post_$(file).tmpl) +_LORAX_ARGS = _FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) _FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) -_TEMPLATE_VARS = ARCH VERSION IMAGE_REPO IMAGE_NAME IMAGE_TAG VARIANT WEB_UI REPOS _IMAGE_REPO_ESCAPED _IMAGE_REPO_DOUBLE_ESCAPED FLATPAK_REMOTE_NAME FLATPAK_REMOTE_URL FLATPAK_REMOTE_REFS _FLATPAK_REPO_URL _FLATPAK_REPO_GPG ENROLLMENT_PASSWORD +_TEMPLATE_VARS = ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS VARIANT VERSION WEB_UI -ifeq ($(VARIANT),Server) -_LORAX_ARGS = --macboot --noupgrade + +ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) +_LORAX_ARGS += --nomacboot --noupgrade +else ifeq ($(VARIANT),Server) +_LORAX_ARGS += --macboot --noupgrade else -_LORAX_ARGS = --nomacboot +_LORAX_ARGS += --nomacboot endif ifeq ($(WEB_UI),true) _LORAX_ARGS += -i anaconda-webui endif +ifneq ($(DNF_CACHE),) +_LORAX_ARGS += --cachedir $(DNF_CACHE) +_LORAX_TEMPLATES += $(_LORAX_TEMPLATES_CACHE) +_TEMPLATE_VARS += DNF_CACHE +endif + +ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) +_PLATFORM_ID = platform:el$(VERSION) +else +_PLATFORM_ID = platform:f$(VERSION) +endif + ifneq ($(FLATPAK_REMOTE_REFS),) -_LORAX_ARGS += -i flatpak-libs +_LORAX_ARGS += -i flatpak-libs +_LORAX_TEMPLATES += $(_LORAX_TEMPLATES_FLATPAKS) +_TEMPLATE_VARS += FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL +endif + +ifneq ($(SECURE_BOOT_KEY_URL),) +_LORAX_TEMPLATES += $(_LORAX_TEMPLATES_SECUREBOOT) +_TEMPLATE_VARS += ENROLLMENT_PASSWORD endif # Step 7: Build end ISO @@ -117,9 +146,8 @@ lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% done < lorax_templates/scripts/post/$* echo "append $(_ISO_FILE) \"%end\"" >> lorax_templates/post_$*.tmpl -lorax_templates/%.tmpl: lorax_templates/%.tmpl.in - $(eval _VARS = IMAGE_NAME IMAGE_TAG _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED) - $(foreach var,$(_VARS),$(var)=$($(var))) envsubst '$(foreach var,$(_VARS),$$$(var))' < $(_BASE_DIR)/lorax_templates/$*.tmpl.in > $(_BASE_DIR)/lorax_templates/$*.tmpl + +repos: $(_REPO_FILES) # Step 2: Replace vars in repo files repos/%.repo: /etc/yum.repos.d/%.repo @@ -132,9 +160,11 @@ repos/%.repo: /etc/yum.repos.d/%.repo %.repo: # Step 3: Build boot.iso using Lorax -boot.iso: $(_LORAX_TEMPLATES) $(_REPO_FILES) +boot.iso: $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) rm -Rf $(_BASE_DIR)/results || true - rm /etc/rpm/macros.image-language-conf || true + mv /etc/rpm/macros.image-language-conf /etc/rpm/macros.image-language-conf.orig || true + cp /etc/os-release /etc/os-release.orig || true + sed -i 's/PLATFORM_ID=.*/PLATFORM_ID="$(_PLATFORM_ID)"/' /etc/os-release # Download the secure boot key if [ -n "$(SECURE_BOOT_KEY_URL)" ]; \ @@ -154,6 +184,8 @@ boot.iso: $(_LORAX_TEMPLATES) $(_REPO_FILES) $(foreach var,$(_TEMPLATE_VARS),--add-template-var "$(shell echo $(var) | tr '[:upper:]' '[:lower:]')=$($(var))") \ $(_BASE_DIR)/results/ mv $(_BASE_DIR)/results/images/boot.iso $(_BASE_DIR)/ + mv -f /etc/rpm/macros.image-language-conf.orig /etc/rpm/macros.image-language-conf || true + mv -f /etc/os-release.orig /etc/os-release || true # Step 4: Download container image container/$(IMAGE_NAME)-$(IMAGE_TAG): @@ -188,7 +220,7 @@ clean: rm -f $(_BASE_DIR)/*.log || true install-deps: - dnf install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils + dnf install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils gettext test: test-iso test-vm @@ -218,4 +250,4 @@ test-vm: chmod +x $(foreach test,$(_TESTS),tests/vm/$(test)) for test in $(_TESTS); do ./tests/vm/$${test} deploy.iso; done -.PHONY: clean install-deps test test-iso test-vm +.PHONY: clean install-deps test test-iso test-vm container/$(IMAGE_NAME)-$(IMAGE_TAG) diff --git a/README.md b/README.md index b50912f..54be4c1 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ This action is used to enerate an ISO for installing an OSTree stored in a conta This action is designed to be called from a GitHub workflow using the following format ```yaml - name: Build ISO - uses: jasonn3/build-container-installer/v1.0.0 + uses: jasonn3/build-container-installer@main id: build with: arch: ${{ env.ARCH}} diff --git a/action.yml b/action.yml index d4e7861..bc6c0bf 100644 --- a/action.yml +++ b/action.yml @@ -13,6 +13,17 @@ inputs: description: Architecture for image to build required: true default: x86_64 + dnf_cache_key: + description: Overrides the dnf cache key + required: false + enable_cache_dnf: + description: Whether to enable caching for dnf + required: false + default: "true" + enable_cache_skopeo: + description: Whether to enable caching for skopeo + required: false + default: "true" enrollment_password: description: Used for supporting secure boot (requires secure_boot_key_url to be defined) required: false @@ -50,6 +61,9 @@ inputs: secure_boot_key_url: description: Secure boot key that is installed from URL location required: false + skopeo_cache_key: + description: Overrides the skopeo cache key + required: false variant: description: "Source container variant. Available options can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinonite" required: true @@ -74,15 +88,69 @@ outputs: runs: using: composite steps: + - name: Make cache directory + shell: bash + run: | + sudo mkdir /cache + sudo chmod 777 /cache + + - name: Load dnf cache + id: load_dnf_cache + env: + dnf_cache_key: dnf-${{ inputs.version }} + if: inputs.enable_cache_dnf == 'true' + uses: actions/cache/restore@v4 + with: + path: /cache/dnf + key: ${{ inputs.dnf_cache_key || env.dnf_cache_key }} + + - name: Load skopeo cache + id: load_skopeo_cache + env: + skopeo_cache_key: skopeo-${{ inputs.image_name }}-${{ inputs.version || inputs.image_tag }} + if: inputs.enable_cache_skopeo == 'true' + uses: actions/cache/restore@v4 + with: + path: /cache/skopeo + key: ${{ inputs.skopeo_cache_key || env.skopeo_cache_key }} + + - name: Ensure cache directories exist + shell: bash + run: | + mkdir /cache/dnf || true + mkdir /cache/dnf_new || true + mkdir /cache/skopeo || true + - name: Run docker image shell: bash run: | # Check if running inside of the action repo - if [[ -z "${{ github.action_ref }}" ]]; then if [[ "${{ github.ref_name }}" =~ (.*)/merge ]]; then tag=pr-${BASH_REMATCH[1]}; else tag=${{ github.ref_name }}; fi; fi - if [[ -z "${tag}" ]]; then tag=${{ github.action_ref }}; fi - docker run --privileged --volume ${{ github.workspace }}:/github/workspace ghcr.io/jasonn3/build-container-installer:${tag} \ + if [[ -z "${{ github.action_repository }}" ]] + then + if [[ "${{ github.ref_name }}" =~ (.*)/merge ]] + then tag=pr-${BASH_REMATCH[1]} + else + tag=${{ github.ref_name }} + fi + else + tag=${{ github.action_ref }} + fi + if [[ "${{ inputs.enable_cache_dnf }}" == "true" ]] + then + cache="${cache} -v /cache/dnf:/cache/dnf" + fi + if [[ "${{ inputs.enable_cache_skopeo }}" == "true" ]] + then + cache="${cache} -v /cache/skopeo:/cache/skopeo" + fi + if [[ "${{ steps.load_dnf_cache.outputs.cache-hit }}" != "true" ]] + then + cache="${cache} -v /cache/dnf_new:/cache/dnf_new" + fi + docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ghcr.io/jasonn3/build-container-installer:${tag} \ ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \ ARCH=${{ inputs.arch }} \ + DNF_CACHE=/cache/dnf \ ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \ FLATPAK_REMOTE_NAME=${{ inputs.flatpak_remote_name }} \ FLATPAK_REMOTE_REFS="${{ inputs.flatpak_remote_refs }}" \ @@ -95,6 +163,25 @@ runs: VERSION=${{ inputs.version }} \ WEB_UI=${{ inputs.web_ui }} + - name: Save dnf cache + env: + dnf_cache_key: dnf-${{ inputs.version }} + if: inputs.enable_cache_dnf == 'true' && steps.load_dnf_cache.outputs.cache-hit != 'true' + uses: actions/cache/save@v4 + with: + path: /cache/dnf_new + key: ${{ inputs.dnf_cache_key || env.dnf_cache_key }} + + - name: Save skopeo cache + env: + skopeo_cache_key: skopeo-${{ inputs.image_name }}-${{ inputs.version || inputs.image_tag }} + if: inputs.enable_cache_skopeo == 'true' && steps.load_dnf_cache.outputs.cache-hit != 'true' + uses: actions/cache/save@v4 + with: + path: /cache/skopeo + key: ${{ inputs.skopeo_cache_key || env.skopeo_cache_key }} + + - name: Rename ISO file id: rename_iso shell: bash diff --git a/entrypoint.sh b/entrypoint.sh index c32743b..672d924 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -12,6 +12,16 @@ do export ${key}="${value}" done +if [[ -d /cache/skopeo ]] +then + ln -s /cache/skopeo /build-container-installer/container +fi + +if [[ ! -d /cache/dnf ]] +then + mkdir /cache/dnf +fi + # Pull container make container/${IMAGE_NAME}-${IMAGE_TAG} "$@" diff --git a/lorax_templates/cache_copy_dnf.tmpl b/lorax_templates/cache_copy_dnf.tmpl new file mode 100644 index 0000000..43d4354 --- /dev/null +++ b/lorax_templates/cache_copy_dnf.tmpl @@ -0,0 +1,3 @@ +<%page args="dnf_cache"/> + +runcmd bash -c "if [[ -e ${dnf_cache}_new ]]; then cp -R ${dnf_cache}/* ${dnf_cache}_new/; fi" \ No newline at end of file diff --git a/lorax_templates/set_flatpak_repo.tmpl.in b/lorax_templates/flatpak_set_repo.tmpl similarity index 100% rename from lorax_templates/set_flatpak_repo.tmpl.in rename to lorax_templates/flatpak_set_repo.tmpl diff --git a/lorax_templates/install_set_installer.tmpl b/lorax_templates/install_set_installer.tmpl new file mode 100644 index 0000000..fafd61e --- /dev/null +++ b/lorax_templates/install_set_installer.tmpl @@ -0,0 +1,4 @@ +<%page args="image_name, image_tag"/> + +append usr/share/anaconda/interactive-defaults.ks "ostreecontainer --url=/run/install/repo/${image_name}-${image_tag} --transport=oci --no-signature-verification" + diff --git a/lorax_templates/scripts/post/configure_flatpak b/lorax_templates/scripts/post/flatpak_configure similarity index 100% rename from lorax_templates/scripts/post/configure_flatpak rename to lorax_templates/scripts/post/flatpak_configure diff --git a/lorax_templates/scripts/post/configure_upgrades b/lorax_templates/scripts/post/install_configure_upgrades similarity index 100% rename from lorax_templates/scripts/post/configure_upgrades rename to lorax_templates/scripts/post/install_configure_upgrades diff --git a/lorax_templates/scripts/post/enroll-secureboot-key b/lorax_templates/scripts/post/secureboot_enroll_key similarity index 94% rename from lorax_templates/scripts/post/enroll-secureboot-key rename to lorax_templates/scripts/post/secureboot_enroll_key index 622a1ec..21def9e 100755 --- a/lorax_templates/scripts/post/enroll-secureboot-key +++ b/lorax_templates/scripts/post/secureboot_enroll_key @@ -1,4 +1,4 @@ -<%page args="enrollment_password "/> +<%page args="enrollment_password"/> ## --nochroot set -oue pipefail diff --git a/lorax_templates/set_installer.tmpl.in b/lorax_templates/set_installer.tmpl.in deleted file mode 100644 index 66f01e0..0000000 --- a/lorax_templates/set_installer.tmpl.in +++ /dev/null @@ -1,2 +0,0 @@ -append usr/share/anaconda/interactive-defaults.ks "ostreecontainer --url=/run/install/repo/${IMAGE_NAME}-${IMAGE_TAG} --transport=oci --no-signature-verification" - From df936e3365f994db4e5e0683d7e3cd97b9f37768 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Mon, 11 Mar 2024 17:08:54 -0400 Subject: [PATCH 15/92] Fix var reference (#56) --- action.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index bc6c0bf..09c4b84 100644 --- a/action.yml +++ b/action.yml @@ -122,18 +122,21 @@ runs: mkdir /cache/skopeo || true - name: Run docker image + env: + ACTION_REPO: ${{ github.action_repository }} + ACTION_REF: ${{ github.action_ref }} shell: bash run: | # Check if running inside of the action repo - if [[ -z "${{ github.action_repository }}" ]] + if [[ -z "${ACTION_REPO}" || "${ACTION_REPO}" == "${{ github.repository }}" ]] then if [[ "${{ github.ref_name }}" =~ (.*)/merge ]] then tag=pr-${BASH_REMATCH[1]} else - tag=${{ github.ref_name }} + tag=${ACTION_REF} fi else - tag=${{ github.action_ref }} + tag=${ACTION_REF} fi if [[ "${{ inputs.enable_cache_dnf }}" == "true" ]] then From 13bbd2a24d47867ec2c5d1f23f5bd8e251c94e1a Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 12 Mar 2024 09:14:57 -0400 Subject: [PATCH 16/92] Fixes macros still being readable (#61) --- Makefile | 9 +++++---- action.yml | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 0c46523..9017ccd 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,7 @@ _LORAX_ARGS = _FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) _FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) _TEMPLATE_VARS = ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS VARIANT VERSION WEB_UI +_TEMP_DIR = $(shell mktemp -d) ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) @@ -162,8 +163,8 @@ repos/%.repo: /etc/yum.repos.d/%.repo # Step 3: Build boot.iso using Lorax boot.iso: $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) rm -Rf $(_BASE_DIR)/results || true - mv /etc/rpm/macros.image-language-conf /etc/rpm/macros.image-language-conf.orig || true - cp /etc/os-release /etc/os-release.orig || true + mv /etc/rpm/macros.image-language-conf $(_TEMP_DIR)/macros.image-language-conf || true + cp /etc/os-release $(_TEMP_DIR)/os-release || true sed -i 's/PLATFORM_ID=.*/PLATFORM_ID="$(_PLATFORM_ID)"/' /etc/os-release # Download the secure boot key @@ -184,8 +185,8 @@ boot.iso: $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) $(foreach var,$(_TEMPLATE_VARS),--add-template-var "$(shell echo $(var) | tr '[:upper:]' '[:lower:]')=$($(var))") \ $(_BASE_DIR)/results/ mv $(_BASE_DIR)/results/images/boot.iso $(_BASE_DIR)/ - mv -f /etc/rpm/macros.image-language-conf.orig /etc/rpm/macros.image-language-conf || true - mv -f /etc/os-release.orig /etc/os-release || true + mv -f $(_TEMP_DIR)/macros.image-language-conf /etc/rpm/macros.image-language-conf || true + mv -f $(_TEMP_DIR)/os-release /etc/os-release || true # Step 4: Download container image container/$(IMAGE_NAME)-$(IMAGE_TAG): diff --git a/action.yml b/action.yml index 09c4b84..16fb2a8 100644 --- a/action.yml +++ b/action.yml @@ -23,7 +23,7 @@ inputs: enable_cache_skopeo: description: Whether to enable caching for skopeo required: false - default: "true" + default: "false" enrollment_password: description: Used for supporting secure boot (requires secure_boot_key_url to be defined) required: false From 2d28aec7401ca91dbbb5be46533a29d92443ed6f Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 12 Mar 2024 09:20:00 -0400 Subject: [PATCH 17/92] Fix builds on main (#63) --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 16fb2a8..a31dd46 100644 --- a/action.yml +++ b/action.yml @@ -133,7 +133,7 @@ runs: if [[ "${{ github.ref_name }}" =~ (.*)/merge ]] then tag=pr-${BASH_REMATCH[1]} else - tag=${ACTION_REF} + tag=${{ github.ref_name }} fi else tag=${ACTION_REF} From 4710f3002df6994d2a0f2b332228b24416c9e631 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 12 Mar 2024 10:43:14 -0400 Subject: [PATCH 18/92] Prep for Anaconda 41 (#62) --- Makefile | 28 ++++++++++++++------------- lorax_templates/flatpak_set_repo.tmpl | 7 +++++-- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/Makefile b/Makefile index 9017ccd..5398b9e 100644 --- a/Makefile +++ b/Makefile @@ -27,18 +27,13 @@ DNF_CACHE = _BASE_DIR = $(shell pwd) _IMAGE_REPO_ESCAPED = $(subst /,\/,$(IMAGE_REPO)) _IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED)) -_VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) -_REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) -_LORAX_TEMPLATES = $(shell ls lorax_templates/install_*.tmpl) $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/install_*)),lorax_templates/post_$(file).tmpl) -_LORAX_TEMPLATES_FLATPAKS = $(shell ls lorax_templates/flatpak_*.tmpl) $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/flatpak_*)),lorax_templates/post_$(file).tmpl) external/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl -_LORAX_TEMPLATES_SECUREBOOT = $(shell ls lorax_templates/secureboot_*.tmpl) $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/secureboot_*)),lorax_templates/post_$(file).tmpl) -_LORAX_TEMPLATES_CACHE = $(shell ls lorax_templates/cache_*.tmpl) $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/cache_*)),lorax_templates/post_$(file).tmpl) _LORAX_ARGS = -_FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) -_FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) -_TEMPLATE_VARS = ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS VARIANT VERSION WEB_UI +_LORAX_TEMPLATES = $(shell ls lorax_templates/install_*.tmpl) \ + $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/install_*)),lorax_templates/post_$(file).tmpl) +_REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) _TEMP_DIR = $(shell mktemp -d) - +_TEMPLATE_VARS = ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS VARIANT VERSION WEB_UI +_VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) _LORAX_ARGS += --nomacboot --noupgrade @@ -54,7 +49,8 @@ endif ifneq ($(DNF_CACHE),) _LORAX_ARGS += --cachedir $(DNF_CACHE) -_LORAX_TEMPLATES += $(_LORAX_TEMPLATES_CACHE) +_LORAX_TEMPLATES += $(shell ls lorax_templates/cache_*.tmpl) \ + $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/cache_*)),lorax_templates/post_$(file).tmpl) _TEMPLATE_VARS += DNF_CACHE endif @@ -65,13 +61,19 @@ _PLATFORM_ID = platform:f$(VERSION) endif ifneq ($(FLATPAK_REMOTE_REFS),) +_FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) +_FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) _LORAX_ARGS += -i flatpak-libs -_LORAX_TEMPLATES += $(_LORAX_TEMPLATES_FLATPAKS) +_LORAX_TEMPLATES += $(shell ls lorax_templates/flatpak_*.tmpl) \ + $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/flatpak_*)),lorax_templates/post_$(file).tmpl) \ + external/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl _TEMPLATE_VARS += FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL + endif ifneq ($(SECURE_BOOT_KEY_URL),) -_LORAX_TEMPLATES += $(_LORAX_TEMPLATES_SECUREBOOT) +_LORAX_TEMPLATES += $(shell ls lorax_templates/secureboot_*.tmpl) \ + $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/secureboot_*)),lorax_templates/post_$(file).tmpl) _TEMPLATE_VARS += ENROLLMENT_PASSWORD endif diff --git a/lorax_templates/flatpak_set_repo.tmpl b/lorax_templates/flatpak_set_repo.tmpl index 622e9a1..9cd006b 100644 --- a/lorax_templates/flatpak_set_repo.tmpl +++ b/lorax_templates/flatpak_set_repo.tmpl @@ -1,4 +1,7 @@ -<%page args="flatpak_remote_name, _flatpak_repo_url"/> - +<%page args="flatpak_remote_name, _flatpak_repo_url, version"/> +% if int(version) >= 41: +append etc/anaconda/conf.d/anaconda.conf "flatpak_remote = ${flatpak_remote_name} ${_flatpak_repo_url}" +% else: replace "flatpak_manager\.add_remote\(\".*\", \".*\"\)" "flatpak_manager.add_remote(\"${flatpak_remote_name}\", \"${_flatpak_repo_url}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py replace "flatpak_manager\.replace_installed_refs_remote\(\".*\"\)" "flatpak_manager.replace_installed_refs_remote(\"${flatpak_remote_name}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py +% endif \ No newline at end of file From f4fd87855a472f41f80ae8e2ed8e78807925761d Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 12 Mar 2024 14:24:02 -0400 Subject: [PATCH 19/92] Use the Lorax templates for the OS version (#64) --- .github/workflows/build-and-test.yml | 6 ++++++ .gitmodules | 3 +++ Containerfile | 4 ++-- Makefile | 15 ++++++++------- external/lorax | 1 + 5 files changed, 20 insertions(+), 9 deletions(-) create mode 160000 external/lorax diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index e82b395..640f37d 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -30,6 +30,8 @@ jobs: uses: actions/checkout@v4 with: submodules: recursive + fetch-depth: 0 + fetch-tags: 'true' - name: Docker meta id: meta @@ -49,6 +51,7 @@ jobs: with: containerfiles: Containerfile tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} - name: Push image uses: redhat-actions/push-to-registry@v2 @@ -72,9 +75,11 @@ jobs: version: - 38 - 39 + - 40 outputs: iso_name-38: ${{ steps.save_output.outputs.iso_name-38 }} iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }} + iso_name-40: ${{ steps.save_output.outputs.iso_name-40 }} steps: - name: Checkout repo uses: actions/checkout@v4 @@ -141,6 +146,7 @@ jobs: version: - 38 - 39 + - 40 steps: - name: Checkout repo uses: actions/checkout@v4 diff --git a/.gitmodules b/.gitmodules index fe51240..e05748a 100644 --- a/.gitmodules +++ b/.gitmodules @@ -2,3 +2,6 @@ path = external/fedora-lorax-templates url = https://pagure.io/fedora-lorax-templates.git branch = f39 +[submodule "external/lorax"] + path = external/lorax + url = https://github.com/weldr/lorax.git diff --git a/Containerfile b/Containerfile index f0b2174..fc097e5 100644 --- a/Containerfile +++ b/Containerfile @@ -1,6 +1,6 @@ -FROM fedora:39 +FROM fedora:40 -ARG VERSION=39 +ARG VERSION=40 ENV ARCH="x86_64" ENV IMAGE_NAME="base" diff --git a/Makefile b/Makefile index 5398b9e..c4cb913 100644 --- a/Makefile +++ b/Makefile @@ -84,6 +84,10 @@ build/deploy.iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.t xorriso -dialog on < $(_BASE_DIR)/xorriso/input.txt implantisomd5 build/deploy.iso +lorax_repo: + git config advice.detachedHead false + cd external/lorax && git checkout tags/$(shell cd external/lorax && git tag -l lorax-$(VERSION).* --sort=creatordate | tail -n 1) + # Step 1: Generate Lorax Templates lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% # Support interactive-defaults.ks @@ -163,11 +167,9 @@ repos/%.repo: /etc/yum.repos.d/%.repo %.repo: # Step 3: Build boot.iso using Lorax -boot.iso: $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) +boot.iso: lorax_repo $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) rm -Rf $(_BASE_DIR)/results || true mv /etc/rpm/macros.image-language-conf $(_TEMP_DIR)/macros.image-language-conf || true - cp /etc/os-release $(_TEMP_DIR)/os-release || true - sed -i 's/PLATFORM_ID=.*/PLATFORM_ID="$(_PLATFORM_ID)"/' /etc/os-release # Download the secure boot key if [ -n "$(SECURE_BOOT_KEY_URL)" ]; \ @@ -176,7 +178,7 @@ boot.iso: $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) fi lorax -p $(IMAGE_NAME) -v $(VERSION) -r $(VERSION) -t $(VARIANT) \ - --isfinal --squashfs-only --buildarch=$(ARCH) --volid=$(_VOLID) \ + --isfinal --squashfs-only --buildarch=$(ARCH) --volid=$(_VOLID) --sharedir $(_BASE_DIR)/external/lorax/share/templates.d/99-generic \ $(_LORAX_ARGS) \ $(foreach file,$(_REPO_FILES),--repo $(_BASE_DIR)/$(file)) \ $(foreach file,$(_LORAX_TEMPLATES),--add-template $(_BASE_DIR)/$(file)) \ @@ -188,7 +190,6 @@ boot.iso: $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) $(_BASE_DIR)/results/ mv $(_BASE_DIR)/results/images/boot.iso $(_BASE_DIR)/ mv -f $(_TEMP_DIR)/macros.image-language-conf /etc/rpm/macros.image-language-conf || true - mv -f $(_TEMP_DIR)/os-release /etc/os-release || true # Step 4: Download container image container/$(IMAGE_NAME)-$(IMAGE_TAG): @@ -223,7 +224,7 @@ clean: rm -f $(_BASE_DIR)/*.log || true install-deps: - dnf install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils gettext + dnf install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils gettext git test: test-iso test-vm @@ -253,4 +254,4 @@ test-vm: chmod +x $(foreach test,$(_TESTS),tests/vm/$(test)) for test in $(_TESTS); do ./tests/vm/$${test} deploy.iso; done -.PHONY: clean install-deps test test-iso test-vm container/$(IMAGE_NAME)-$(IMAGE_TAG) +.PHONY: clean install-deps test test-iso test-vm lorax_repo diff --git a/external/lorax b/external/lorax new file mode 160000 index 0000000..ffba307 --- /dev/null +++ b/external/lorax @@ -0,0 +1 @@ +Subproject commit ffba3078beab843c5d663f6443dca28d8e820948 From 4fac21d55fce0be8b20d4c90ce0acf641a8f7de6 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 12 Mar 2024 18:28:03 -0400 Subject: [PATCH 20/92] Allowing storing the Flatpak refs in files (#66) --- .github/workflows/build-and-test.yml | 13 ++++++-- Makefile | 27 +++++++++++++--- README.md | 32 +++++++++++-------- action.yml | 29 ++++++++++------- flatpak_refs/VLC | 2 ++ lorax_templates/flatpak_set_repo.tmpl | 4 +++ ...epo_updated.sh => flatpak_repo_updated.sh} | 0 .../{os-release.sh => install_os-release.sh} | 0 tests/vm/{flatpak.yml => flatpak_update.yml} | 0 9 files changed, 75 insertions(+), 32 deletions(-) create mode 100644 flatpak_refs/VLC rename tests/iso/{verify_flatpakrepo_updated.sh => flatpak_repo_updated.sh} (100%) rename tests/iso/{os-release.sh => install_os-release.sh} (100%) rename tests/vm/{flatpak.yml => flatpak_update.yml} (100%) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 640f37d..7419361 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -15,7 +15,7 @@ env: IMAGE_REPO: 'quay.io/fedora-ostree-desktops' IMAGE_TAG: '39' VARIANT: 'Server' - FLATPAK_REMOTE_REFS: app/org.videolan.VLC/x86_64/stable runtime/org.kde.Platform/x86_64/5.15-23.08 + FLATPAK_REMOTE_REFS_DIR: flatpak_refs SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' ENROLLMENT_PASSWORD: 'container-installer' @@ -175,7 +175,16 @@ jobs: - name: Run ISO checks run: | mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso - make test-iso VERSION=${{ matrix.version }} FLATPAK_REMOTE_REFS="${{ env.FLATPAK_REMOTE_REFS}}" + make test-iso \ + ARCH=${{ env.ARCH}} \ + IMAGE_NAME=${{ env.IMAGE_NAME}} \ + IMAGE_REPO=${{ env.IMAGE_REPO}} \ + IMAGE_TAG=${{ env.IMAGE_TAG }} \ + VERSION=${{ matrix.version }} \ + VARIANT=${{ env.VARIANT }} \ + FLATPAK_REMOTE_REFS_DIR=${{ env.FLATPAK_REMOTE_REFS_DIR }} \ + SECURE_BOOT_KEY_URL=${{ env.SECURE_BOOT_KEY_URL }} \ + ENROLLMENT_PASSWORD=${{ env.ENROLLMENT_PASSWORD }} - name: Add Kickstart and Grub options to ISO run: | diff --git a/Makefile b/Makefile index c4cb913..c222730 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,8 @@ WEB_UI = false # Flatpak FLATPAK_REMOTE_NAME = flathub FLATPAK_REMOTE_URL = https://flathub.org/repo/flathub.flatpakrepo -FLATPAK_REMOTE_REFS = +FLATPAK_REMOTE_REFS = +FLATPAK_REMOTE_REFS_DIR = # Secure boot ENROLLMENT_PASSWORD = SECURE_BOOT_KEY_URL = @@ -60,6 +61,11 @@ else _PLATFORM_ID = platform:f$(VERSION) endif +ifneq ($(FLATPAK_REMOTE_REFS_DIR),) +COLLECTED_REFS = $(foreach file,$(shell ls $(FLATPAK_REMOTE_REFS_DIR)/*),$(shell cat $(file))) +FLATPAK_REMOTE_REFS += $(sort $(COLLECTED_REFS)) +endif + ifneq ($(FLATPAK_REMOTE_REFS),) _FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) _FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) @@ -166,6 +172,8 @@ repos/%.repo: /etc/yum.repos.d/%.repo # Don't do anything for custom repos %.repo: +flatpak_list: + # Step 3: Build boot.iso using Lorax boot.iso: lorax_repo $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) rm -Rf $(_BASE_DIR)/results || true @@ -239,12 +247,23 @@ test-iso: sudo mount -o loop deploy.iso /mnt/iso sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install - chmod +x $(foreach test,$(_TESTS),tests/iso/$(test)) + # install tests + chmod +x $(foreach test,$(filter install_%,$(_TESTS)),tests/iso/$(test)) for test in $(_TESTS); \ do \ $(foreach var,$(_VARS),$(var)=$($(var))) ./tests/iso/$${test}; \ done + # flapak tests + if [ -n "$(FLATPAK_REMOTE_REFS)" ]; \ + then \ + chmod +x $(foreach test,$(filter flatpak_%,$(_TESTS)),tests/iso/$(test)); \ + for test in $(_TESTS); \ + do \ + $(foreach var,$(_VARS),$(var)=$($(var))) ./tests/iso/$${test}; \ + done; \ + fi + # Cleanup sudo umount /mnt/install sudo umount /mnt/iso @@ -253,5 +272,5 @@ test-vm: $(eval _TESTS = $(filter-out README.md,$(shell ls tests/vm))) chmod +x $(foreach test,$(_TESTS),tests/vm/$(test)) for test in $(_TESTS); do ./tests/vm/$${test} deploy.iso; done - -.PHONY: clean install-deps test test-iso test-vm lorax_repo + +.PHONY: clean install-deps test test-iso test-vm lorax_repo flatpak_list diff --git a/README.md b/README.md index 54be4c1..f6c0280 100644 --- a/README.md +++ b/README.md @@ -38,20 +38,24 @@ See [Customizing](#customizing) for information about customizing the ISO that g The following variables can be used to customize the created ISO. ### Inputs -| Variable | Description | Default Value | -| -------------------- | ---------------------------------------------------------------------------- | ------------------------------ | -| additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] | -| arch | Architecture for image to build | x86_64 | -| enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer | -| extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] | -| image_name | Name of the source container image | base | -| image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | -| image_tag | Tag of the source container image | *VERSION* | -| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | -| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | -| variant | Source container variant\* | Server | -| version | Fedora version of installer to build | 39 | -| web_ui | Enable Anaconda WebUI (experimental) | false | +| Variable | Description | Default Value | +| ---------------------- | ---------------------------------------------------------------------------- | -------------------------------------------- | +| additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] | +| arch | Architecture for image to build | x86_64 | +| enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer | +| extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] | +| flatpak_remote_name | Name of the Flatpak repo on the destination OS | flathub | +| flatpak_remote_refs | Space separated list of flatpak refs to install | \[empty\] | +| flatpak_remote_refs_dir | Directory that contains files that list the flatpak refs to install | \[empty\] | +| flatpak_remote_url | URL of the flatpakrepo file | https://flathub.org/repo/flathub.flatpakrepo | +| image_name | Name of the source container image | base | +| image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | +| image_tag | Tag of the source container image | *VERSION* | +| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | +| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | +| variant | Source container variant\* | Server | +| version | Fedora version of installer to build | 39 | +| web_ui | Enable Anaconda WebUI (experimental) | false | \*Available options for VARIANT can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite diff --git a/action.yml b/action.yml index a31dd46..f2eb50f 100644 --- a/action.yml +++ b/action.yml @@ -39,6 +39,10 @@ inputs: description: Space delimited list of refs to the flatpak packages to install required: false default: "" + flatpak_remote_refs_dir: + description: Directory that contains files that list the flatpak refs to install + required: false + default: "" flatpak_remote_url: description: The URL of the Flatpak remote flatpakrepo file required: false @@ -152,19 +156,20 @@ runs: fi docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ghcr.io/jasonn3/build-container-installer:${tag} \ ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \ - ARCH=${{ inputs.arch }} \ - DNF_CACHE=/cache/dnf \ - ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }} \ - FLATPAK_REMOTE_NAME=${{ inputs.flatpak_remote_name }} \ + ARCH="${{ inputs.arch }}" \ + DNF_CACHE="/cache/dnf" \ + ENROLLMENT_PASSWORD="${{ inputs.enrollment_password }}" \ + FLATPAK_REMOTE_NAME="${{ inputs.flatpak_remote_name }}" \ FLATPAK_REMOTE_REFS="${{ inputs.flatpak_remote_refs }}" \ - FLATPAK_REMOTE_URL=${{ inputs.flatpak_remote_url }} \ - IMAGE_NAME=${{ inputs.image_name }} \ - IMAGE_REPO=${{ inputs.image_repo }} \ - IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \ - SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }} \ - VARIANT=${{ inputs.variant }} \ - VERSION=${{ inputs.version }} \ - WEB_UI=${{ inputs.web_ui }} + FLATPAK_REMOTE_REFS_DIR="${{ inputs.flatpak_remote_refs_dir }}" \ + FLATPAK_REMOTE_URL="${{ inputs.flatpak_remote_url }}" \ + IMAGE_NAME="${{ inputs.image_name }}" \ + IMAGE_REPO="${{ inputs.image_repo }}" \ + IMAGE_TAG="${{ inputs.image_tag || inputs.version }}" \ + SECURE_BOOT_KEY_URL="${{ inputs.secure_boot_key_url }}" \ + VARIANT="${{ inputs.variant }}" \ + VERSION="${{ inputs.version }}" \ + WEB_UI="${{ inputs.web_ui }}" - name: Save dnf cache env: diff --git a/flatpak_refs/VLC b/flatpak_refs/VLC new file mode 100644 index 0000000..6e4a3fd --- /dev/null +++ b/flatpak_refs/VLC @@ -0,0 +1,2 @@ +app/org.videolan.VLC/x86_64/stable +runtime/org.kde.Platform/x86_64/5.15-23.08 \ No newline at end of file diff --git a/lorax_templates/flatpak_set_repo.tmpl b/lorax_templates/flatpak_set_repo.tmpl index 9cd006b..8feda96 100644 --- a/lorax_templates/flatpak_set_repo.tmpl +++ b/lorax_templates/flatpak_set_repo.tmpl @@ -4,4 +4,8 @@ append etc/anaconda/conf.d/anaconda.conf "flatpak_remote = ${flatpak_remote_name % else: replace "flatpak_manager\.add_remote\(\".*\", \".*\"\)" "flatpak_manager.add_remote(\"${flatpak_remote_name}\", \"${_flatpak_repo_url}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py replace "flatpak_manager\.replace_installed_refs_remote\(\".*\"\)" "flatpak_manager.replace_installed_refs_remote(\"${flatpak_remote_name}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py +% endif + +%if flatpak_remote_name != 'fedora' +systemctl disable flatpak-add-fedora-repos.service % endif \ No newline at end of file diff --git a/tests/iso/verify_flatpakrepo_updated.sh b/tests/iso/flatpak_repo_updated.sh similarity index 100% rename from tests/iso/verify_flatpakrepo_updated.sh rename to tests/iso/flatpak_repo_updated.sh diff --git a/tests/iso/os-release.sh b/tests/iso/install_os-release.sh similarity index 100% rename from tests/iso/os-release.sh rename to tests/iso/install_os-release.sh diff --git a/tests/vm/flatpak.yml b/tests/vm/flatpak_update.yml similarity index 100% rename from tests/vm/flatpak.yml rename to tests/vm/flatpak_update.yml From 6f1f78fa8916ce572b99414794f0cc442b996f1c Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Wed, 13 Mar 2024 09:25:32 -0400 Subject: [PATCH 21/92] Add stale workflow (#68) --- .github/workflows/stale.yml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/stale.yml diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..6ad1c0a --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,32 @@ +# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. +# +# You can adjust the behavior by modifying this file. +# For more information, see: +# https://github.com/actions/stale +name: Mark stale issues and pull requests + +on: + schedule: + - cron: '39 21 * * *' + +jobs: + stale: + + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + + steps: + - uses: actions/stale@v5 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: 'Issue is stale and will be closed in 14 days if there is no further activity' + stale-pr-message: 'Pull request is stale and will be closed in 14 days if there is no further activity' + stale-issue-label: 'no-issue-activity' + stale-pr-label: 'no-pr-activity' + days-before-stale: 60 + days-before-close: 17 + remove-stale-when-updated: true + only-issue-labels: help wanted + From bbac3469b100817a55907ba1624456397a1296b3 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Wed, 13 Mar 2024 14:28:34 -0400 Subject: [PATCH 22/92] Only run some actions on 38 or older (#69) --- .github/workflows/build-and-test.yml | 5 + .gitignore | 1 + Makefile | 131 ++++++++---------- .../scripts/post/install_configure_upgrades | 4 +- 4 files changed, 64 insertions(+), 77 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 7419361..7d67cdd 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -8,6 +8,11 @@ on: - 'v*' pull_request: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + + # Test Values env: ARCH: 'x86_64' diff --git a/.gitignore b/.gitignore index ff22e19..dde3499 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ /debugdata /build +/lorax_templates/post_* /pkglists /repos /results diff --git a/Makefile b/Makefile index c222730..e72c0bd 100644 --- a/Makefile +++ b/Makefile @@ -23,20 +23,68 @@ SECURE_BOOT_KEY_URL = # Cache DNF_CACHE = +# Functions +## Formatting = lowercase +# Get a list of templates for the feature +# $1 = feature +get_templates = $(shell ls lorax_templates/$(1)_*.tmpl) \ + $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/$(1)_*)),lorax_templates/post_$(file).tmpl) + +# Converts a post script to a template +# $1 = script to convert +# $2 = file on ISO to write +# $3 = whether to copy the '<%' lines to the template +convert_post_to_tmpl = header=0; \ + skip=0; \ + while read -r line; \ + do \ + if [[ $$line =~ ^\<\% ]]; \ + then \ + if [[ '$(3)' == 'true' ]]; \ + then \ + echo $$line >> lorax_templates/post_$(1).tmpl; \ + fi; \ + echo >> lorax_templates/post_$(1).tmpl; \ + else \ + if [[ $$header == 0 ]]; \ + then \ + if [[ $$line =~ ^\#\#\ (.*)$$ ]]; \ + then \ + echo "append $(2) \"%post --erroronfail $${BASH_REMATCH[1]}\"" >> lorax_templates/post_$(1).tmpl; \ + skip=1; \ + else \ + echo "append $(2) \"%post --erroronfail\"" >> lorax_templates/post_$(1).tmpl; \ + fi; \ + header=1; \ + fi; \ + if [[ $$skip == 0 ]]; \ + then \ + echo "append $(2) \"$${line//\"/\\\"}\"" >> lorax_templates/post_$(1).tmpl; \ + fi; \ + skip=0; \ + fi; \ + done < lorax_templates/scripts/post/$(1); \ + echo "append $(2) \"%end\"" >> lorax_templates/post_$(1).tmpl + # Generated/internal vars ## Formatting = _UPPERCASE _BASE_DIR = $(shell pwd) _IMAGE_REPO_ESCAPED = $(subst /,\/,$(IMAGE_REPO)) _IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED)) _LORAX_ARGS = -_LORAX_TEMPLATES = $(shell ls lorax_templates/install_*.tmpl) \ - $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/install_*)),lorax_templates/post_$(file).tmpl) +_LORAX_TEMPLATES = $(call get_templates,install) _REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) _TEMP_DIR = $(shell mktemp -d) -_TEMPLATE_VARS = ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS VARIANT VERSION WEB_UI +_TEMPLATE_VARS = ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS _RHEL VARIANT VERSION WEB_UI _VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) +_RHEL = true +else +_RHEL = false +endif + +ifeq ($(_RHEL),true) _LORAX_ARGS += --nomacboot --noupgrade else ifeq ($(VARIANT),Server) _LORAX_ARGS += --macboot --noupgrade @@ -50,17 +98,10 @@ endif ifneq ($(DNF_CACHE),) _LORAX_ARGS += --cachedir $(DNF_CACHE) -_LORAX_TEMPLATES += $(shell ls lorax_templates/cache_*.tmpl) \ - $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/cache_*)),lorax_templates/post_$(file).tmpl) +_LORAX_TEMPLATES += $(call get_templates,cache) _TEMPLATE_VARS += DNF_CACHE endif -ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) -_PLATFORM_ID = platform:el$(VERSION) -else -_PLATFORM_ID = platform:f$(VERSION) -endif - ifneq ($(FLATPAK_REMOTE_REFS_DIR),) COLLECTED_REFS = $(foreach file,$(shell ls $(FLATPAK_REMOTE_REFS_DIR)/*),$(shell cat $(file))) FLATPAK_REMOTE_REFS += $(sort $(COLLECTED_REFS)) @@ -70,16 +111,14 @@ ifneq ($(FLATPAK_REMOTE_REFS),) _FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) _FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) _LORAX_ARGS += -i flatpak-libs -_LORAX_TEMPLATES += $(shell ls lorax_templates/flatpak_*.tmpl) \ - $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/flatpak_*)),lorax_templates/post_$(file).tmpl) \ +_LORAX_TEMPLATES += $(call get_templates,flatpak) \ external/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl _TEMPLATE_VARS += FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL endif ifneq ($(SECURE_BOOT_KEY_URL),) -_LORAX_TEMPLATES += $(shell ls lorax_templates/secureboot_*.tmpl) \ - $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/secureboot_*)),lorax_templates/post_$(file).tmpl) +_LORAX_TEMPLATES += $(call get_templates,secureboot) _TEMPLATE_VARS += ENROLLMENT_PASSWORD endif @@ -97,68 +136,10 @@ lorax_repo: # Step 1: Generate Lorax Templates lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% # Support interactive-defaults.ks - $(eval _ISO_FILE = usr/share/anaconda/interactive-defaults.ks) - - header=0; \ - skip=0; \ - while read -r line; \ - do \ - if [[ $$line =~ ^\<\% ]]; \ - then \ - echo $$line >> lorax_templates/post_$*.tmpl; \ - echo >> lorax_templates/post_$*.tmpl; \ - else \ - if [[ $$header == 0 ]]; \ - then \ - if [[ $$line =~ ^##\ (.*)$$ ]]; \ - then \ - echo "append $(_ISO_FILE) \"%post --erroronfail $${BASH_REMATCH[1]}\"" >> lorax_templates/post_$*.tmpl; \ - skip=1; \ - else \ - echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ - fi; \ - header=1; \ - fi; \ - if [[ $$skip == 0 ]]; \ - then \ - echo "append $(_ISO_FILE) \"$${line//\"/\\\"}\"" >> lorax_templates/post_$*.tmpl; \ - fi; \ - skip=0; \ - fi; \ - done < lorax_templates/scripts/post/$* - echo "append $(_ISO_FILE) \"%end\"" >> lorax_templates/post_$*.tmpl + ([ ${_RHEL} == false ] && [ $(VERSION) -le 38 ]) && ($(call convert_post_to_tmpl,$*,usr/share/anaconda/interactive-defaults.ks,true)) || true # Support new Anaconda method - $(eval _ISO_FILE = usr/share/anaconda/post-scripts/configure_upgrades.ks) - - header=0; \ - skip=0; \ - while read -r line; \ - do \ - if [[ $$line =~ ^\<\% ]]; \ - then \ - echo >> lorax_templates/post_$*.tmpl; \ - else \ - if [[ $$header == 0 ]]; \ - then \ - if [[ $$line =~ ^##\ (.*)$$ ]]; \ - then \ - echo "append $(_ISO_FILE) \"%post --erroronfail $${BASH_REMATCH[1]}\"" >> lorax_templates/post_$*.tmpl; \ - skip=1; \ - else \ - echo "append $(_ISO_FILE) \"%post --erroronfail\"" >> lorax_templates/post_$*.tmpl; \ - fi; \ - header=1; \ - fi; \ - if [[ $$skip == 0 ]]; \ - then \ - echo "append $(_ISO_FILE) \"$${line//\"/\\\"}\"" >> lorax_templates/post_$*.tmpl; \ - fi; \ - skip=0; \ - fi; \ - done < lorax_templates/scripts/post/$* - echo "append $(_ISO_FILE) \"%end\"" >> lorax_templates/post_$*.tmpl - + ([ ${_RHEL} == true ] || [ $(VERSION) -ge 39 ]) && ($(call convert_post_to_tmpl,$*,usr/share/anaconda/post-scripts/$*.sh,true)) || true repos: $(_REPO_FILES) diff --git a/lorax_templates/scripts/post/install_configure_upgrades b/lorax_templates/scripts/post/install_configure_upgrades index 761764d..f474d93 100644 --- a/lorax_templates/scripts/post/install_configure_upgrades +++ b/lorax_templates/scripts/post/install_configure_upgrades @@ -1,5 +1,5 @@ -<%page args="image_repo, _image_repo_double_escaped, image_name, image_tag"/> -if (which bootc &> /dev/null) +<%page args="image_repo, _image_repo_double_escaped, image_name, image_tag, _rhel, version"/> +if (which bootc &> /dev/null) && [ ${_rhel} == 'false' && ${version} -ge 39 ] then bootc switch --mutate-in-place --enforce-container-sigpolicy --transport registry ${image_repo}/${image_name}:${image_tag} else From 4ae7d1893ca91859b7169c265d5759c8b4d04171 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Wed, 13 Mar 2024 17:24:39 -0400 Subject: [PATCH 23/92] flatpak_set_repo fails to load (#72) --- .github/workflows/build-and-test.yml | 6 +++--- Makefile | 16 ++++++---------- action.yml | 16 ++++++++++++++-- flatpak_refs/Firefox | 5 +++++ lorax_templates/flatpak_set_repo.tmpl | 4 ++-- 5 files changed, 30 insertions(+), 17 deletions(-) create mode 100644 flatpak_refs/Firefox diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 7d67cdd..5884ad6 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -20,7 +20,7 @@ env: IMAGE_REPO: 'quay.io/fedora-ostree-desktops' IMAGE_TAG: '39' VARIANT: 'Server' - FLATPAK_REMOTE_REFS_DIR: flatpak_refs + FLATPAK_REMOTE_REFS_DIR: /github/workspace/flatpak_refs SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' ENROLLMENT_PASSWORD: 'container-installer' @@ -103,7 +103,7 @@ jobs: type=ref,event=branch type=ref,event=pr - - name: Build ISO with new container + - name: Build ISO uses: ./ id: build with: @@ -113,7 +113,7 @@ jobs: image_tag: ${{ env.IMAGE_TAG }} version: ${{ matrix.version }} variant: ${{ env.VARIANT }} - flatpak_remote_refs: ${{ env.FLATPAK_REMOTE_REFS }} + flatpak_remote_refs_dir: ${{ env.FLATPAK_REMOTE_REFS_DIR }} secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }} enrollment_password: ${{ env.ENROLLMENT_PASSWORD }} iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso diff --git a/Makefile b/Makefile index e72c0bd..1d6a94e 100644 --- a/Makefile +++ b/Makefile @@ -124,14 +124,15 @@ endif # Step 7: Build end ISO ## Default action -build/deploy.iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt +build/deploy.iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt mkdir $(_BASE_DIR)/build || true xorriso -dialog on < $(_BASE_DIR)/xorriso/input.txt implantisomd5 build/deploy.iso -lorax_repo: +external/lorax/branch-$(VERSION): git config advice.detachedHead false - cd external/lorax && git checkout tags/$(shell cd external/lorax && git tag -l lorax-$(VERSION).* --sort=creatordate | tail -n 1) + cd external/lorax && git reset --hard HEAD && git checkout tags/$(shell cd external/lorax && git tag -l lorax-$(VERSION).* --sort=creatordate | tail -n 1) + touch external/lorax/branch-$(VERSION) # Step 1: Generate Lorax Templates lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% @@ -150,13 +151,8 @@ repos/%.repo: /etc/yum.repos.d/%.repo sed -i "s/\$$releasever/${VERSION}/g" $(_BASE_DIR)/repos/$*.repo sed -i "s/\$$basearch/${ARCH}/g" $(_BASE_DIR)/repos/$*.repo -# Don't do anything for custom repos -%.repo: - -flatpak_list: - # Step 3: Build boot.iso using Lorax -boot.iso: lorax_repo $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) +boot.iso: external/lorax/branch-$(VERSION) $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) rm -Rf $(_BASE_DIR)/results || true mv /etc/rpm/macros.image-language-conf $(_TEMP_DIR)/macros.image-language-conf || true @@ -254,4 +250,4 @@ test-vm: chmod +x $(foreach test,$(_TESTS),tests/vm/$(test)) for test in $(_TESTS); do ./tests/vm/$${test} deploy.iso; done -.PHONY: clean install-deps test test-iso test-vm lorax_repo flatpak_list +.PHONY: clean install-deps test test-iso test-vm diff --git a/action.yml b/action.yml index f2eb50f..84f9337 100644 --- a/action.yml +++ b/action.yml @@ -154,14 +154,26 @@ runs: then cache="${cache} -v /cache/dnf_new:/cache/dnf_new" fi + vars="" + if [[ -n "${{ inputs.flatpak_remote_refs }}" ]] && [[ -n "${{ inputs.flatpak_remote_refs_dir }}" ]] + then + echo "ERROR: flatpak_remote_refs is mutually exclusive to flatpak_remote_refs_dir" + exit 1 + else + if [[ -n "${{ inputs.flatpak_remote_refs }}" ]] + then + vars="${vars} FLATPAK_REMOTE_REFS=\"${{ inputs.flatpak_remote_refs }}\"" + else + vars="${vars} FLATPAK_REMOTE_REFS_DIR=\"${{ inputs.flatpak_remote_refs_dir }}\"" + fi + fi docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ghcr.io/jasonn3/build-container-installer:${tag} \ ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \ ARCH="${{ inputs.arch }}" \ DNF_CACHE="/cache/dnf" \ ENROLLMENT_PASSWORD="${{ inputs.enrollment_password }}" \ FLATPAK_REMOTE_NAME="${{ inputs.flatpak_remote_name }}" \ - FLATPAK_REMOTE_REFS="${{ inputs.flatpak_remote_refs }}" \ - FLATPAK_REMOTE_REFS_DIR="${{ inputs.flatpak_remote_refs_dir }}" \ + ${vars} \ FLATPAK_REMOTE_URL="${{ inputs.flatpak_remote_url }}" \ IMAGE_NAME="${{ inputs.image_name }}" \ IMAGE_REPO="${{ inputs.image_repo }}" \ diff --git a/flatpak_refs/Firefox b/flatpak_refs/Firefox new file mode 100644 index 0000000..fdc2b93 --- /dev/null +++ b/flatpak_refs/Firefox @@ -0,0 +1,5 @@ +app/org.mozilla.firefox/x86_64/stable + +runtime/org.mozilla.firefox.Locale/x86_64/stable +runtime/org.freedesktop.Platform/x86_64/23.08 +runtime/org.freedesktop.Platform.Locale/x86_64/23.08 \ No newline at end of file diff --git a/lorax_templates/flatpak_set_repo.tmpl b/lorax_templates/flatpak_set_repo.tmpl index 8feda96..30992db 100644 --- a/lorax_templates/flatpak_set_repo.tmpl +++ b/lorax_templates/flatpak_set_repo.tmpl @@ -6,6 +6,6 @@ replace "flatpak_manager\.add_remote\(\".*\", \".*\"\)" "flatpak_manager.add_rem replace "flatpak_manager\.replace_installed_refs_remote\(\".*\"\)" "flatpak_manager.replace_installed_refs_remote(\"${flatpak_remote_name}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py % endif -%if flatpak_remote_name != 'fedora' +%if flatpak_remote_name != 'fedora': systemctl disable flatpak-add-fedora-repos.service -% endif \ No newline at end of file +% endif From 10524ae6eada47237da9bed3f145c48a042236e4 Mon Sep 17 00:00:00 2001 From: Noel Miller <4983138+noelmiller@users.noreply.github.com> Date: Thu, 14 Mar 2024 09:17:25 -0500 Subject: [PATCH 24/92] Revert chmod command on build directory (#75) --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 672d924..e7c579f 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -36,4 +36,4 @@ mkdir /github/workspace/build || true # Copy resulting iso to github workspace and fix permissions cp build/deploy.iso /github/workspace/build -chmod -R ugo=rwx /github/workspace/build +chmod -R ugo=rwX /github/workspace/build From 3dc05c0efc418d311d020e3e08b4aa593c607a44 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Thu, 14 Mar 2024 20:38:19 -0400 Subject: [PATCH 25/92] Fix post scripts and use multiple OS versions in tests (#70) --- .github/workflows/build-and-test.yml | 31 +++++++++-------------- Makefile | 38 +++++++++++++++++++--------- README.md | 36 +++++++++++++------------- tests/vm/flatpak_update.yml | 4 ++- 4 files changed, 59 insertions(+), 50 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 5884ad6..a1aa320 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -1,4 +1,4 @@ -name: Create and publish an ISO +name: Tests on: push: @@ -26,6 +26,7 @@ env: jobs: build-container: + name: Build Container Image runs-on: ubuntu-latest permissions: contents: read @@ -67,6 +68,7 @@ jobs: password: ${{ github.token }} build-and-push-iso: + name: Build ISO runs-on: ubuntu-latest needs: - build-container @@ -110,13 +112,13 @@ jobs: arch: ${{ env.ARCH}} image_name: ${{ env.IMAGE_NAME}} image_repo: ${{ env.IMAGE_REPO}} - image_tag: ${{ env.IMAGE_TAG }} + image_tag: ${{ matrix.version }} version: ${{ matrix.version }} variant: ${{ env.VARIANT }} flatpak_remote_refs_dir: ${{ env.FLATPAK_REMOTE_REFS_DIR }} secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }} enrollment_password: ${{ env.ENROLLMENT_PASSWORD }} - iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ matrix.version }}.iso + iso_name: ${{ env.IMAGE_NAME }}-${{ matrix.version }}-${{ matrix.version }}.iso - name: Save output id: save_output @@ -138,6 +140,7 @@ jobs: overwrite: true test-qemu: + name: Test ISO runs-on: ubuntu-latest needs: - build-and-push-iso @@ -158,10 +161,11 @@ jobs: with: submodules: recursive - - name: Ensure qemu is installed + - name: Install test tools run: | sudo apt-get update - sudo apt-get install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make coreutils + sudo apt-get install -y make + sudo make install-test-deps PACKAGE_MANAGER=apt-get - name: Create disk run: | @@ -184,7 +188,7 @@ jobs: ARCH=${{ env.ARCH}} \ IMAGE_NAME=${{ env.IMAGE_NAME}} \ IMAGE_REPO=${{ env.IMAGE_REPO}} \ - IMAGE_TAG=${{ env.IMAGE_TAG }} \ + IMAGE_TAG=${{ matrix.version }} \ VERSION=${{ matrix.version }} \ VARIANT=${{ env.VARIANT }} \ FLATPAK_REMOTE_REFS_DIR=${{ env.FLATPAK_REMOTE_REFS_DIR }} \ @@ -250,7 +254,7 @@ jobs: timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" (tail -f vm.stdin | nc localhost 4321 | tee vm.stdout) & - timeout 30m bash -c "while ! (grep 'login:' vm.stdout); do sleep 1; done" + timeout 30m bash -c "while ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}); do sleep 1; done" if ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}) then @@ -258,17 +262,6 @@ jobs: fi echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}" - echo "Creating Ansible inventory" - cat << EOF > ansible_inventory - ungrouped: - hosts: - vm: - ansible_host: ${VM_IP} - ansible_port: ${VM_PORT} - ansible_user: ${VM_USER} - ansible_password: ${VM_PASS} - ansible_ssh_common_args: '-o StrictHostKeyChecking=no' - EOF - #make test-vm + make test-vm VM_IP=${VM_IP} VM_PORT=${VM_PORT} VM_USER=${VM_USER} VM_PASS=${VM_PASS} kill $QEMU_PID diff --git a/Makefile b/Makefile index 1d6a94e..5058868 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,8 @@ SECURE_BOOT_KEY_URL = # Cache DNF_CACHE = +PACKAGE_MANAGER = dnf + # Functions ## Formatting = lowercase # Get a list of templates for the feature @@ -75,7 +77,7 @@ _LORAX_ARGS = _LORAX_TEMPLATES = $(call get_templates,install) _REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) _TEMP_DIR = $(shell mktemp -d) -_TEMPLATE_VARS = ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS _RHEL VARIANT VERSION WEB_UI +_TEMPLATE_VARS = ARCH _BASE_DIR IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS _RHEL VARIANT VERSION WEB_UI _VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) @@ -136,11 +138,7 @@ external/lorax/branch-$(VERSION): # Step 1: Generate Lorax Templates lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% - # Support interactive-defaults.ks - ([ ${_RHEL} == false ] && [ $(VERSION) -le 38 ]) && ($(call convert_post_to_tmpl,$*,usr/share/anaconda/interactive-defaults.ks,true)) || true - - # Support new Anaconda method - ([ ${_RHEL} == true ] || [ $(VERSION) -ge 39 ]) && ($(call convert_post_to_tmpl,$*,usr/share/anaconda/post-scripts/$*.sh,true)) || true + $(call convert_post_to_tmpl,$*,usr/share/anaconda/post-scripts/$*.ks,true) repos: $(_REPO_FILES) @@ -209,7 +207,13 @@ clean: rm -f $(_BASE_DIR)/*.log || true install-deps: - dnf install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils gettext git + if [ "$(PACKAGE_MANAGER)" =~ apt.* ]; then $(PACKAGE_MANAGER) update; fi + $(PACKAGE_MANAGER) install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils gettext git + +install-test-deps: + if [ "$(PACKAGE_MANAGER)" =~ apt.* ]; then $(PACKAGE_MANAGER) update; fi + $(PACKAGE_MANAGER) install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make coreutils squashfs-tools + test: test-iso test-vm @@ -217,8 +221,6 @@ test-iso: $(eval _TESTS = $(filter-out README.md,$(shell ls tests/iso))) $(eval _VARS = VERSION FLATPAK_REMOTE_NAME _FLATPAK_REPO_URL) - sudo apt-get update - sudo apt-get install -y squashfs-tools sudo modprobe loop sudo mkdir /mnt/iso /mnt/install sudo mount -o loop deploy.iso /mnt/iso @@ -245,9 +247,21 @@ test-iso: sudo umount /mnt/install sudo umount /mnt/iso -test-vm: +ansible_inventory: + echo "ungrouped:" > ansible_inventory + echo " hosts:" >> ansible_inventory + echo " vm:" >> ansible_inventory + echo " ansible_host: ${VM_IP}" >> ansible_inventory + echo " ansible_port: ${VM_PORT}" >> ansible_inventory + echo " ansible_user: ${VM_USER}" >> ansible_inventory + echo " ansible_password: ${VM_PASS}" >> ansible_inventory + echo " ansible_become_pass: ${VM_PASS}" >> ansible_inventory + echo " ansible_ssh_common_args: '-o StrictHostKeyChecking=no'" >> ansible_inventory + +test-vm: ansible_inventory + ansible -i ansible_inventory -m ansible.builtin.wait_for_connection vm $(eval _TESTS = $(filter-out README.md,$(shell ls tests/vm))) chmod +x $(foreach test,$(_TESTS),tests/vm/$(test)) - for test in $(_TESTS); do ./tests/vm/$${test} deploy.iso; done + for test in $(_TESTS); do ./tests/vm/$${test}; done -.PHONY: clean install-deps test test-iso test-vm +.PHONY: clean install-deps install-test-deps test test-iso test-vm diff --git a/README.md b/README.md index f6c0280..44792b0 100644 --- a/README.md +++ b/README.md @@ -38,24 +38,24 @@ See [Customizing](#customizing) for information about customizing the ISO that g The following variables can be used to customize the created ISO. ### Inputs -| Variable | Description | Default Value | -| ---------------------- | ---------------------------------------------------------------------------- | -------------------------------------------- | -| additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] | -| arch | Architecture for image to build | x86_64 | -| enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer | -| extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] | -| flatpak_remote_name | Name of the Flatpak repo on the destination OS | flathub | -| flatpak_remote_refs | Space separated list of flatpak refs to install | \[empty\] | -| flatpak_remote_refs_dir | Directory that contains files that list the flatpak refs to install | \[empty\] | -| flatpak_remote_url | URL of the flatpakrepo file | https://flathub.org/repo/flathub.flatpakrepo | -| image_name | Name of the source container image | base | -| image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | -| image_tag | Tag of the source container image | *VERSION* | -| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | -| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | -| variant | Source container variant\* | Server | -| version | Fedora version of installer to build | 39 | -| web_ui | Enable Anaconda WebUI (experimental) | false | +| Variable | Description | Default Value | Action | Container | Makefile | +| ----------------------- | ---------------------------------------------------------------------------- | -------------------------------------------- | ------------------ | ------------------ | ------------------ | +| additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| arch | Architecture for image to build | x86_64 | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| flatpak_remote_name | Name of the Flatpak repo on the destination OS | flathub | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| flatpak_remote_refs | Space separated list of flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| flatpak_remote_refs_dir | Directory that contains files that list the flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| flatpak_remote_url | URL of the flatpakrepo file | https://flathub.org/repo/flathub.flatpakrepo | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| image_name | Name of the source container image | base | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| image_tag | Tag of the source container image | *VERSION* | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | :white_check_mark: | :x: | :x: | +| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| variant | Source container variant\* | Server | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| version | Fedora version of installer to build | 39 | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| web_ui | Enable Anaconda WebUI (experimental) | false | :white_check_mark: | :white_check_mark: | :white_check_mark: | \*Available options for VARIANT can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite diff --git a/tests/vm/flatpak_update.yml b/tests/vm/flatpak_update.yml index 6f46263..7d004cd 100644 --- a/tests/vm/flatpak_update.yml +++ b/tests/vm/flatpak_update.yml @@ -5,6 +5,8 @@ gather_facts: no tasks: + # Verifies that the GPG key is functional - name: Test updating flatpak packages + become: true ansible.builtin.command: - cmd: /usr/bin/flatpak update -y + cmd: /usr/bin/flatpak update -y --noninteractive From 3d85c930108fea1d45529888da9909a28490057b Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Mon, 18 Mar 2024 14:32:01 -0400 Subject: [PATCH 26/92] Add tests (#76) --- .github/workflows/bot_run_tests.yml | 34 +++ .github/workflows/build-and-test.yml | 256 ++++++++++++++++-- .github/workflows/variables.yml | 27 ++ Makefile | 51 ++-- README.md | 2 + action.yml | 16 +- lorax_templates/flatpak_set_repo.tmpl | 3 - .../scripts/post/flatpak_configure | 7 +- tests/repo/vars.sh | 39 +++ tests/vm/flatpak_fedora_repo_disabled.yml | 16 ++ tests/vm/flatpak_installed.yml | 25 ++ tests/vm/install_image_source.yml | 25 ++ 12 files changed, 458 insertions(+), 43 deletions(-) create mode 100644 .github/workflows/bot_run_tests.yml create mode 100644 .github/workflows/variables.yml create mode 100644 tests/repo/vars.sh create mode 100644 tests/vm/flatpak_fedora_repo_disabled.yml create mode 100644 tests/vm/flatpak_installed.yml create mode 100644 tests/vm/install_image_source.yml diff --git a/.github/workflows/bot_run_tests.yml b/.github/workflows/bot_run_tests.yml new file mode 100644 index 0000000..ba867ed --- /dev/null +++ b/.github/workflows/bot_run_tests.yml @@ -0,0 +1,34 @@ +name: Run tests on PR +on: issue_comment + +jobs: + pr_commented: + name: Check Permissions + if: > + github.event.issue.pull_request && + contains(github.event.comment.body, '/run tests') + runs-on: ubuntu-latest + steps: + - name: Check association + run: | + allowed=("OWNER" "COLLABORATOR") + value="\<${{ github.event.issue.author_association }}\>" + + if [[ ${allowed[@]} =~ $value ]] + then + exit 0 + else + exit 1 + fi + + run-tests: + name: Run Tests + permissions: + contents: read + packages: write + statuses: write + needs: + - pr_commented + uses: ./.github/workflows/build-and-test.yml + with: + pr: ${{ github.event.issue.number }} \ No newline at end of file diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index a1aa320..7b90bfc 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -6,8 +6,16 @@ on: - 'main' tags: - 'v*' + pull_request: + workflow_call: + inputs: + pr: + required: true + type: string + + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true @@ -20,25 +28,62 @@ env: IMAGE_REPO: 'quay.io/fedora-ostree-desktops' IMAGE_TAG: '39' VARIANT: 'Server' - FLATPAK_REMOTE_REFS_DIR: /github/workspace/flatpak_refs + FLATPAK_REMOTE_REFS_DIR: flatpak_refs SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' ENROLLMENT_PASSWORD: 'container-installer' jobs: build-container: + if: > + github.event_name == 'push' || + github.event_name == 'issue_comment' || + ( github.event_name == 'pull_request' && + contains(github.event.pull_request.labels.*.name, 'auto-test') ) name: Build Container Image + env: + JOB_NAME: Build Container Image runs-on: ubuntu-latest permissions: contents: read packages: write + statuses: write steps: - - name: Checkout repo + - name: Checkout uses: actions/checkout@v4 with: submodules: recursive fetch-depth: 0 fetch-tags: 'true' + - name: Switch branch + if: inputs.pr + env: + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ github.token }} + run: | + sudo apt-get update + sudo apt-get install -y hub + hub pr checkout ${{ inputs.pr }} + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV + + - name: Get Current Job Log URL + if: inputs.pr && always() + uses: Tiryoh/gha-jobid-action@v1 + id: jobs + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + job_name: "Run Tests / ${{ env.JOB_NAME }}" + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} + - name: Docker meta id: meta uses: docker/metadata-action@v5 @@ -66,15 +111,28 @@ jobs: tags: ${{ steps.build-image.outputs.tags }} username: ${{ github.actor }} password: ${{ github.token }} + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} build-and-push-iso: name: Build ISO + env: + JOB_NAME: Build ISO runs-on: ubuntu-latest needs: - build-container permissions: contents: read packages: write + statuses: write continue-on-error: false strategy: fail-fast: false @@ -88,8 +146,39 @@ jobs: iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }} iso_name-40: ${{ steps.save_output.outputs.iso_name-40 }} steps: - - name: Checkout repo + - name: Checkout uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Switch branch + if: inputs.pr + env: + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ github.token }} + run: | + sudo apt-get update + sudo apt-get install -y hub + hub pr checkout ${{ inputs.pr }} + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV + + - name: Get Current Job Log URL + if: inputs.pr && always() + uses: Tiryoh/gha-jobid-action@v1 + id: jobs + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + job_name: "Run Tests / ${{ env.JOB_NAME }}" + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} - name: Lowercase Registry id: registry_case @@ -115,10 +204,10 @@ jobs: image_tag: ${{ matrix.version }} version: ${{ matrix.version }} variant: ${{ env.VARIANT }} - flatpak_remote_refs_dir: ${{ env.FLATPAK_REMOTE_REFS_DIR }} + flatpak_remote_refs_dir: /github/workspace/${{ env.FLATPAK_REMOTE_REFS_DIR }} secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }} enrollment_password: ${{ env.ENROLLMENT_PASSWORD }} - iso_name: ${{ env.IMAGE_NAME }}-${{ matrix.version }}-${{ matrix.version }}.iso + iso_name: ${{ env.IMAGE_NAME }}-${{ matrix.version }}-${{ github.event.pull_request.number || github.ref }}.iso - name: Save output id: save_output @@ -139,14 +228,26 @@ jobs: compression-level: 0 overwrite: true - test-qemu: + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} + + test-iso: name: Test ISO + env: + JOB_NAME: Test ISO runs-on: ubuntu-latest needs: - build-and-push-iso permissions: contents: read - packages: write + statuses: write continue-on-error: false strategy: fail-fast: false @@ -156,21 +257,46 @@ jobs: - 39 - 40 steps: - - name: Checkout repo + - name: Checkout uses: actions/checkout@v4 with: submodules: recursive + - name: Switch branch + if: inputs.pr + env: + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ github.token }} + run: | + sudo apt-get update + sudo apt-get install -y hub + hub pr checkout ${{ inputs.pr }} + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV + + - name: Get Current Job Log URL + if: inputs.pr && always() + uses: Tiryoh/gha-jobid-action@v1 + id: jobs + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + job_name: "Run Tests / ${{ env.JOB_NAME }}" + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} + - name: Install test tools run: | sudo apt-get update sudo apt-get install -y make sudo make install-test-deps PACKAGE_MANAGER=apt-get - - name: Create disk - run: | - qemu-img create -f qcow2 disk.qcow2 50G - - name: Download generated ISO uses: actions/download-artifact@v4 with: @@ -195,8 +321,83 @@ jobs: SECURE_BOOT_KEY_URL=${{ env.SECURE_BOOT_KEY_URL }} \ ENROLLMENT_PASSWORD=${{ env.ENROLLMENT_PASSWORD }} + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} + + test-deployment: + name: Test deployment + env: + JOB_NAME: Test deployment + runs-on: ubuntu-latest + needs: + - build-and-push-iso + permissions: + contents: read + statuses: write + continue-on-error: false + strategy: + fail-fast: false + matrix: + version: + - 38 + - 39 + - 40 + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Switch branch + if: inputs.pr + env: + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ github.token }} + run: | + sudo apt-get update + sudo apt-get install -y hub + hub pr checkout ${{ inputs.pr }} + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV + + - name: Get Current Job Log URL + if: inputs.pr && always() + uses: Tiryoh/gha-jobid-action@v1 + id: jobs + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + job_name: "Run Tests / ${{ env.JOB_NAME }}" + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} + + - name: Install test tools + run: | + sudo apt-get update + sudo apt-get install -y make + sudo make install-test-deps PACKAGE_MANAGER=apt-get + + - name: Download generated ISO + uses: actions/download-artifact@v4 + with: + name: ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} + - name: Add Kickstart and Grub options to ISO run: | + mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso sudo mkdir /mnt/iso || true sudo mount -o loop deploy.iso /mnt/iso cp /mnt/iso/boot/grub2/grub.cfg grub.cfg @@ -225,9 +426,13 @@ jobs: -end EOF + - name: Create VM disk + run: | + qemu-img create -f qcow2 disk.qcow2 50G + - name: Install the test VM run: | - timeout 1h qemu-system-x86_64 -name "Anaconda" -boot d -m 4096 -cpu qemu64 -display none -cdrom test.iso -smp 2 -hda disk.qcow2 -serial telnet:localhost:4321,server,nowait & QEMU_PID=$! + timeout 1h qemu-system-x86_64 -name "Anaconda" -boot d -m 4096 -cpu qemu64 -display none -cdrom test.iso -smp 2 -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & QEMU_PID=$! echo "PID: $QEMU_PID" timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" (nc localhost 4321 | tee vm.stdout) & @@ -243,12 +448,12 @@ jobs: mkfifo vm.stdin qemu-system-x86_64 -name "Anaconda" \ -m 4096 -cpu qemu64 -display none -smp 2 \ - -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 \ + -chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0 \ -device e1000,netdev=net0 \ -netdev user,id=net0,hostfwd=tcp::${VM_PORT}-:22 \ -device virtio-serial \ -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \ - -boot c -hda disk.qcow2 -serial telnet:localhost:4321,server,nowait & export QEMU_PID=$! + -boot c -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & export QEMU_PID=$! echo "PID: $QEMU_PID" timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" @@ -263,5 +468,24 @@ jobs: echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}" - make test-vm VM_IP=${VM_IP} VM_PORT=${VM_PORT} VM_USER=${VM_USER} VM_PASS=${VM_PASS} + make test-vm VM_IP=${VM_IP} VM_PORT=${VM_PORT} VM_USER=${VM_USER} VM_PASS=${VM_PASS} \ + ARCH=${{ env.ARCH}} \ + IMAGE_NAME=${{ env.IMAGE_NAME}} \ + IMAGE_REPO=${{ env.IMAGE_REPO}} \ + IMAGE_TAG=${{ matrix.version }} \ + VERSION=${{ matrix.version }} \ + VARIANT=${{ env.VARIANT }} \ + FLATPAK_REMOTE_REFS_DIR=${{ env.FLATPAK_REMOTE_REFS_DIR }} \ + SECURE_BOOT_KEY_URL=${{ env.SECURE_BOOT_KEY_URL }} \ + ENROLLMENT_PASSWORD=${{ env.ENROLLMENT_PASSWORD }} kill $QEMU_PID + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/variables.yml b/.github/workflows/variables.yml new file mode 100644 index 0000000..e697fa0 --- /dev/null +++ b/.github/workflows/variables.yml @@ -0,0 +1,27 @@ +name: Repo Tests + +on: + push: + branches: + - 'main' + tags: + - 'v*' + pull_request: + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + variables: + name: Check variables are listed + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Run test + run: | + /bin/bash tests/repo/vars.sh \ No newline at end of file diff --git a/Makefile b/Makefile index 5058868..acf2d0d 100644 --- a/Makefile +++ b/Makefile @@ -20,9 +20,12 @@ FLATPAK_REMOTE_REFS_DIR = # Secure boot ENROLLMENT_PASSWORD = SECURE_BOOT_KEY_URL = + +################### +# Hidden vars + # Cache DNF_CACHE = - PACKAGE_MANAGER = dnf # Functions @@ -32,6 +35,20 @@ PACKAGE_MANAGER = dnf get_templates = $(shell ls lorax_templates/$(1)_*.tmpl) \ $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/$(1)_*)),lorax_templates/post_$(file).tmpl) +# Get a list of tests for the feature +# $1 = test type +# $2 = feature +run_tests = tests="$(shell ls tests/$(1)/$(2)_*)"; \ + if [ -n "$$tests" ]; \ + then \ + chmod +x $$tests; \ + for test in $$tests; \ + do \ + $(foreach var,$(_VARS),$(var)=$($(var))) ./$${test}; \ + RC=$$?; if [ $$RC != 0 ]; then exit $$RC; fi; \ + done; \ + fi + # Converts a post script to a template # $1 = script to convert # $2 = file on ISO to write @@ -217,8 +234,10 @@ install-test-deps: test: test-iso test-vm +test-repo: + bash tests/repo/vars.sh + test-iso: - $(eval _TESTS = $(filter-out README.md,$(shell ls tests/iso))) $(eval _VARS = VERSION FLATPAK_REMOTE_NAME _FLATPAK_REPO_URL) sudo modprobe loop @@ -227,21 +246,10 @@ test-iso: sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install # install tests - chmod +x $(foreach test,$(filter install_%,$(_TESTS)),tests/iso/$(test)) - for test in $(_TESTS); \ - do \ - $(foreach var,$(_VARS),$(var)=$($(var))) ./tests/iso/$${test}; \ - done - + $(call run_tests,iso,install) + # flapak tests - if [ -n "$(FLATPAK_REMOTE_REFS)" ]; \ - then \ - chmod +x $(foreach test,$(filter flatpak_%,$(_TESTS)),tests/iso/$(test)); \ - for test in $(_TESTS); \ - do \ - $(foreach var,$(_VARS),$(var)=$($(var))) ./tests/iso/$${test}; \ - done; \ - fi + if [ -n "$(FLATPAK_REMOTE_REFS)" ]; then $(call run_tests,iso,flatpak); fi # Cleanup sudo umount /mnt/install @@ -259,9 +267,14 @@ ansible_inventory: echo " ansible_ssh_common_args: '-o StrictHostKeyChecking=no'" >> ansible_inventory test-vm: ansible_inventory + $(eval _VARS = IMAGE_REPO IMAGE_NAME IMAGE_TAG) + ansible -i ansible_inventory -m ansible.builtin.wait_for_connection vm - $(eval _TESTS = $(filter-out README.md,$(shell ls tests/vm))) - chmod +x $(foreach test,$(_TESTS),tests/vm/$(test)) - for test in $(_TESTS); do ./tests/vm/$${test}; done + + # install tests + $(call run_tests,vm,install) + + # flapak tests + if [ -n "$(FLATPAK_REMOTE_REFS)" ]; then $(call run_tests,vm,flatpak); fi .PHONY: clean install-deps install-test-deps test test-iso test-vm diff --git a/README.md b/README.md index 44792b0..0e8611f 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,8 @@ The following variables can be used to customize the created ISO. | image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | :white_check_mark: | :white_check_mark: | :white_check_mark: | | image_tag | Tag of the source container image | *VERSION* | :white_check_mark: | :white_check_mark: | :white_check_mark: | | iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | :white_check_mark: | :x: | :x: | +| repos | List of repo files for Lorax to use | /etc/yum.repos.d/*.repo | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| rootfs_size | The size (in GiB) for the squashfs runtime volume | 2 | :white_check_mark: | :white_check_mark: | :white_check_mark: | | secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | | variant | Source container variant\* | Server | :white_check_mark: | :white_check_mark: | :white_check_mark: | | version | Fedora version of installer to build | 39 | :white_check_mark: | :white_check_mark: | :white_check_mark: | diff --git a/action.yml b/action.yml index 84f9337..493dec4 100644 --- a/action.yml +++ b/action.yml @@ -62,6 +62,11 @@ inputs: description: "Name of the resulting ISO. Relative paths are relative to github.workspace" required: false default: build/deploy.iso + repos: + description: List of repo files for Lorax to use + required: false + rootfs_size: + description: The size (in GiB) for the squashfs runtime volume secure_boot_key_url: description: Secure boot key that is installed from URL location required: false @@ -131,16 +136,19 @@ runs: ACTION_REF: ${{ github.action_ref }} shell: bash run: | + image="ghcr.io/jasonn3/build-container-installer" # Check if running inside of the action repo if [[ -z "${ACTION_REPO}" || "${ACTION_REPO}" == "${{ github.repository }}" ]] then if [[ "${{ github.ref_name }}" =~ (.*)/merge ]] - then tag=pr-${BASH_REMATCH[1]} + then + tag="pr-${BASH_REMATCH[1]}" + image="docker.io/jasonn3/build-container-installer" else - tag=${{ github.ref_name }} + tag="${{ github.ref_name }}" fi else - tag=${ACTION_REF} + tag="${ACTION_REF}" fi if [[ "${{ inputs.enable_cache_dnf }}" == "true" ]] then @@ -167,7 +175,7 @@ runs: vars="${vars} FLATPAK_REMOTE_REFS_DIR=\"${{ inputs.flatpak_remote_refs_dir }}\"" fi fi - docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ghcr.io/jasonn3/build-container-installer:${tag} \ + docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ${image}:${tag} \ ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \ ARCH="${{ inputs.arch }}" \ DNF_CACHE="/cache/dnf" \ diff --git a/lorax_templates/flatpak_set_repo.tmpl b/lorax_templates/flatpak_set_repo.tmpl index 30992db..0d8db43 100644 --- a/lorax_templates/flatpak_set_repo.tmpl +++ b/lorax_templates/flatpak_set_repo.tmpl @@ -6,6 +6,3 @@ replace "flatpak_manager\.add_remote\(\".*\", \".*\"\)" "flatpak_manager.add_rem replace "flatpak_manager\.replace_installed_refs_remote\(\".*\"\)" "flatpak_manager.replace_installed_refs_remote(\"${flatpak_remote_name}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py % endif -%if flatpak_remote_name != 'fedora': -systemctl disable flatpak-add-fedora-repos.service -% endif diff --git a/lorax_templates/scripts/post/flatpak_configure b/lorax_templates/scripts/post/flatpak_configure index 1c54a7f..5331c05 100644 --- a/lorax_templates/scripts/post/flatpak_configure +++ b/lorax_templates/scripts/post/flatpak_configure @@ -1,4 +1,4 @@ -<%page args="_flatpak_repo_gpg"/> +<%page args="_flatpak_repo_gpg, flatpak_remote_name"/> if [[ -d /ostree/deploy/default/var/lib/flatpak/repo ]] then @@ -9,3 +9,8 @@ then else echo "Could not find Flatpaks repo" fi + +if [[ "${flatpak_remote_name}" != 'fedora' ]] +then + systemctl disable flatpak-add-fedora-repos.service +fi diff --git a/tests/repo/vars.sh b/tests/repo/vars.sh new file mode 100644 index 0000000..2e4302e --- /dev/null +++ b/tests/repo/vars.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +vars=() + +while read -r line +do + if ! [[ $line =~ ^# ]] + then + vars+=$(echo $line | cut -d= -f1 | tr [:upper:] [:lower:]) + fi + if [[ $line =~ ^########## ]] + then + break + fi +done < Makefile + +result=0 + +for var in $vars +do + grep "^| ${var}" README.md > /dev/null + if [[ $? != 0 ]] + then + echo "$var not found in README.md" + result=1 + fi +done + +for var in $vars +do + grep "^ ${var}:" action.yml > /dev/null + if [[ $? != 0 ]] + then + echo "$var not found in action.yml" + result=1 + fi +done + +exit ${result} \ No newline at end of file diff --git a/tests/vm/flatpak_fedora_repo_disabled.yml b/tests/vm/flatpak_fedora_repo_disabled.yml new file mode 100644 index 0000000..f87ff80 --- /dev/null +++ b/tests/vm/flatpak_fedora_repo_disabled.yml @@ -0,0 +1,16 @@ +#!/usr/bin/env -S ansible-playbook -i ./ansible_inventory +--- +- name: Test for installed flatpaks + hosts: vm + gather_facts: no + + tasks: + - name: Collect facts about system services + service_facts: + register: services_state + + - name: Check that flatpak-add-fedora-repos is disabled + ansible.builtin.assert: + that: + - services_state['ansible_facts']['services']['flatpak-add-fedora-repos.service']['status'] == 'disabled' + fail_msg: 'flatpak-add-fedora-repos.service is not disabled' \ No newline at end of file diff --git a/tests/vm/flatpak_installed.yml b/tests/vm/flatpak_installed.yml new file mode 100644 index 0000000..da4f331 --- /dev/null +++ b/tests/vm/flatpak_installed.yml @@ -0,0 +1,25 @@ +#!/usr/bin/env -S ansible-playbook -i ./ansible_inventory +--- +- name: Test for installed flatpaks + hosts: vm + gather_facts: no + + tasks: + # Verifies that the flatpaks are installed + - name: Get list of installed Flatpaks + become: true + ansible.builtin.command: + cmd: /usr/bin/flatpak list + register: flatpaks + + - name: Check that VLC is installed + ansible.builtin.assert: + that: + - "'VLC' in flatpaks.stdout" + fail_msg: 'VLC is not installed' + + - name: Check that Firefox is installed + ansible.builtin.assert: + that: + - "'Firefox' in flatpaks.stdout" + fail_msg: 'Firefox is not installed' diff --git a/tests/vm/install_image_source.yml b/tests/vm/install_image_source.yml new file mode 100644 index 0000000..1b21331 --- /dev/null +++ b/tests/vm/install_image_source.yml @@ -0,0 +1,25 @@ +#!/usr/bin/env -S ansible-playbook -i ./ansible_inventory +--- +- name: Test Container Image source updates + hosts: vm + gather_facts: no + + tasks: + # Get list of origins + - name: Get origin + become: true + ansible.builtin.command: + cmd: /bin/bash -c "cat /ostree/deploy/default/deploy/*.origin" + register: origin + + - name: Get vars + ansible.builtin.set_fact: + image_repo: "{{ lookup('ansible.builtin.env', 'IMAGE_REPO') }}" + image_name: "{{ lookup('ansible.builtin.env', 'IMAGE_NAME') }}" + image_tag: "{{ lookup('ansible.builtin.env', 'IMAGE_TAG') }}" + + - name: Tests + ansible.builtin.assert: + that: + - (image_repo + '/' + image_name + ':' + image_tag) in origin.stdout + fail_msg: 'Origin not configured' From bcfbc02ded4807b95445070e4351e3aaa32a0e6a Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 09:31:10 -0400 Subject: [PATCH 27/92] Split Tests to Separate files (#79) --- .github/workflows/bot_commands.yml | 95 +++++ .github/workflows/bot_run_tests.yml | 34 -- .github/workflows/build-and-test.yml | 491 -------------------------- .github/workflows/build_container.yml | 99 ++++++ .github/workflows/build_iso.yml | 139 ++++++++ .github/workflows/build_vars.yml | 28 ++ .github/workflows/test_deployment.yml | 183 ++++++++++ .github/workflows/test_iso.yml | 116 ++++++ .github/workflows/tests.yml | 63 ++++ 9 files changed, 723 insertions(+), 525 deletions(-) create mode 100644 .github/workflows/bot_commands.yml delete mode 100644 .github/workflows/bot_run_tests.yml delete mode 100644 .github/workflows/build-and-test.yml create mode 100644 .github/workflows/build_container.yml create mode 100644 .github/workflows/build_iso.yml create mode 100644 .github/workflows/build_vars.yml create mode 100644 .github/workflows/test_deployment.yml create mode 100644 .github/workflows/test_iso.yml create mode 100644 .github/workflows/tests.yml diff --git a/.github/workflows/bot_commands.yml b/.github/workflows/bot_commands.yml new file mode 100644 index 0000000..13ce9c8 --- /dev/null +++ b/.github/workflows/bot_commands.yml @@ -0,0 +1,95 @@ +name: Bot commands +on: issue_comment + +jobs: + permissions: + name: Check Permissions + runs-on: ubuntu-latest + steps: + - name: Check association + run: | + allowed=("OWNER" "COLLABORATOR") + value="\<${{ github.event.issue.author_association }}\>" + + if [[ ${allowed[@]} =~ $value ]] + then + exit 0 + else + exit 1 + fi + + load_vars: + uses: ./.github/workflows/build_vars.yml + + run-all_tests: + name: Run All Tests + if: > + github.event.issue.pull_request && + contains(github.event.comment.body, '/run tests') + permissions: + contents: read + packages: write + statuses: write + needs: + - permissions + uses: ./.github/workflows/tests.yml + with: + pr: ${{ github.event.issue.number }} + parent_job_name: Run ISO Tests / + + run_build_container: + name: Run Build Container + if: > + github.event.issue.pull_request && + contains(github.event.comment.body, '/run build container') + permissions: + contents: read + packages: write + statuses: write + needs: + - permissions + uses: ./.github/workflows/build_container.yml + with: + pr: ${{ github.event.issue.number }} + parent_job_name: Run ISO Tests / + + run_test_iso: + name: Run ISO Tests + if: > + github.event.issue.pull_request && + contains(github.event.comment.body, '/run test iso') + permissions: + contents: read + packages: write + statuses: write + needs: + - permissions + - load_vars + uses: ./.github/workflows/test_iso.yml + with: + pr: ${{ github.event.issue.number }} + parent_job_name: Run ISO Tests / + iso_name-38: ${{ needs.load_vars.outputs.IMAGE_NAME }}-38.iso + iso_name-39: ${{ needs.load_vars.outputs.IMAGE_NAME }}-39.iso + iso_name-40: ${{ needs.load_vars.outputs.IMAGE_NAME }}-40.iso + + run_test_deployment: + name: Run ISO Deployment Tests + if: > + github.event.issue.pull_request && + contains(github.event.comment.body, '/run test iso') + permissions: + contents: read + packages: write + statuses: write + needs: + - permissions + - load_vars + - run_test_iso + uses: ./.github/workflows/test_deployment.yml + with: + pr: ${{ github.event.issue.number }} + parent_job_name: Run ISO Tests / + iso_name-38: ${{ needs.load_vars.outputs.IMAGE_NAME }}-38.iso + iso_name-39: ${{ needs.load_vars.outputs.IMAGE_NAME }}-39.iso + iso_name-40: ${{ needs.load_vars.outputs.IMAGE_NAME }}-40.iso \ No newline at end of file diff --git a/.github/workflows/bot_run_tests.yml b/.github/workflows/bot_run_tests.yml deleted file mode 100644 index ba867ed..0000000 --- a/.github/workflows/bot_run_tests.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Run tests on PR -on: issue_comment - -jobs: - pr_commented: - name: Check Permissions - if: > - github.event.issue.pull_request && - contains(github.event.comment.body, '/run tests') - runs-on: ubuntu-latest - steps: - - name: Check association - run: | - allowed=("OWNER" "COLLABORATOR") - value="\<${{ github.event.issue.author_association }}\>" - - if [[ ${allowed[@]} =~ $value ]] - then - exit 0 - else - exit 1 - fi - - run-tests: - name: Run Tests - permissions: - contents: read - packages: write - statuses: write - needs: - - pr_commented - uses: ./.github/workflows/build-and-test.yml - with: - pr: ${{ github.event.issue.number }} \ No newline at end of file diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml deleted file mode 100644 index 7b90bfc..0000000 --- a/.github/workflows/build-and-test.yml +++ /dev/null @@ -1,491 +0,0 @@ -name: Tests - -on: - push: - branches: - - 'main' - tags: - - 'v*' - - pull_request: - - workflow_call: - inputs: - pr: - required: true - type: string - - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - - -# Test Values -env: - ARCH: 'x86_64' - IMAGE_NAME: 'base' - IMAGE_REPO: 'quay.io/fedora-ostree-desktops' - IMAGE_TAG: '39' - VARIANT: 'Server' - FLATPAK_REMOTE_REFS_DIR: flatpak_refs - SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' - ENROLLMENT_PASSWORD: 'container-installer' - -jobs: - build-container: - if: > - github.event_name == 'push' || - github.event_name == 'issue_comment' || - ( github.event_name == 'pull_request' && - contains(github.event.pull_request.labels.*.name, 'auto-test') ) - name: Build Container Image - env: - JOB_NAME: Build Container Image - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - statuses: write - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - fetch-depth: 0 - fetch-tags: 'true' - - - name: Switch branch - if: inputs.pr - env: - GITHUB_USER: ${{ github.actor }} - GITHUB_TOKEN: ${{ github.token }} - run: | - sudo apt-get update - sudo apt-get install -y hub - hub pr checkout ${{ inputs.pr }} - echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV - - - name: Get Current Job Log URL - if: inputs.pr && always() - uses: Tiryoh/gha-jobid-action@v1 - id: jobs - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "Run Tests / ${{ env.JOB_NAME }}" - - - name: Set status - if: inputs.pr && always() - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} - context: ${{ env.JOB_NAME }} - sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ghcr.io/${{ github.repository }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - - - name: Buildah Build - id: build-image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: Containerfile - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Push image - uses: redhat-actions/push-to-registry@v2 - with: - image: ${{ steps.build-image.outputs.image }} - tags: ${{ steps.build-image.outputs.tags }} - username: ${{ github.actor }} - password: ${{ github.token }} - - - name: Set status - if: inputs.pr && always() - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} - context: ${{ env.JOB_NAME }} - sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} - - build-and-push-iso: - name: Build ISO - env: - JOB_NAME: Build ISO - runs-on: ubuntu-latest - needs: - - build-container - permissions: - contents: read - packages: write - statuses: write - continue-on-error: false - strategy: - fail-fast: false - matrix: - version: - - 38 - - 39 - - 40 - outputs: - iso_name-38: ${{ steps.save_output.outputs.iso_name-38 }} - iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }} - iso_name-40: ${{ steps.save_output.outputs.iso_name-40 }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Switch branch - if: inputs.pr - env: - GITHUB_USER: ${{ github.actor }} - GITHUB_TOKEN: ${{ github.token }} - run: | - sudo apt-get update - sudo apt-get install -y hub - hub pr checkout ${{ inputs.pr }} - echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV - - - name: Get Current Job Log URL - if: inputs.pr && always() - uses: Tiryoh/gha-jobid-action@v1 - id: jobs - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "Run Tests / ${{ env.JOB_NAME }}" - - - name: Set status - if: inputs.pr && always() - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} - context: ${{ env.JOB_NAME }} - sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} - - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v6 - with: - string: ${{ env.IMAGE_REPO }} - - - name: Get image version - id: meta - uses: docker/metadata-action@v5 - with: - tags: | - type=ref,event=branch - type=ref,event=pr - - - name: Build ISO - uses: ./ - id: build - with: - arch: ${{ env.ARCH}} - image_name: ${{ env.IMAGE_NAME}} - image_repo: ${{ env.IMAGE_REPO}} - image_tag: ${{ matrix.version }} - version: ${{ matrix.version }} - variant: ${{ env.VARIANT }} - flatpak_remote_refs_dir: /github/workspace/${{ env.FLATPAK_REMOTE_REFS_DIR }} - secure_boot_key_url: ${{ env.SECURE_BOOT_KEY_URL }} - enrollment_password: ${{ env.ENROLLMENT_PASSWORD }} - iso_name: ${{ env.IMAGE_NAME }}-${{ matrix.version }}-${{ github.event.pull_request.number || github.ref }}.iso - - - name: Save output - id: save_output - shell: bash - run: | - echo "iso_name-${{ matrix.version }}=${{ steps.build.outputs.iso_name}}" >> $GITHUB_OUTPUT - - - name: Upload ISO as artifact - id: upload - uses: actions/upload-artifact@v4 - with: - name: ${{ steps.build.outputs.iso_name }} - path: | - ${{ steps.build.outputs.iso_path }} - ${{ steps.build.outputs.iso_path }}-CHECKSUM - if-no-files-found: error - retention-days: 0 - compression-level: 0 - overwrite: true - - - name: Set status - if: inputs.pr && always() - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} - context: ${{ env.JOB_NAME }} - sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} - - test-iso: - name: Test ISO - env: - JOB_NAME: Test ISO - runs-on: ubuntu-latest - needs: - - build-and-push-iso - permissions: - contents: read - statuses: write - continue-on-error: false - strategy: - fail-fast: false - matrix: - version: - - 38 - - 39 - - 40 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Switch branch - if: inputs.pr - env: - GITHUB_USER: ${{ github.actor }} - GITHUB_TOKEN: ${{ github.token }} - run: | - sudo apt-get update - sudo apt-get install -y hub - hub pr checkout ${{ inputs.pr }} - echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV - - - name: Get Current Job Log URL - if: inputs.pr && always() - uses: Tiryoh/gha-jobid-action@v1 - id: jobs - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "Run Tests / ${{ env.JOB_NAME }}" - - - name: Set status - if: inputs.pr && always() - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} - context: ${{ env.JOB_NAME }} - sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} - - - name: Install test tools - run: | - sudo apt-get update - sudo apt-get install -y make - sudo make install-test-deps PACKAGE_MANAGER=apt-get - - - name: Download generated ISO - uses: actions/download-artifact@v4 - with: - name: ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} - - - name: Verify ISO - run: | - checkisomd5 ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} - sha256sum -c ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }}-CHECKSUM - - - name: Run ISO checks - run: | - mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso - make test-iso \ - ARCH=${{ env.ARCH}} \ - IMAGE_NAME=${{ env.IMAGE_NAME}} \ - IMAGE_REPO=${{ env.IMAGE_REPO}} \ - IMAGE_TAG=${{ matrix.version }} \ - VERSION=${{ matrix.version }} \ - VARIANT=${{ env.VARIANT }} \ - FLATPAK_REMOTE_REFS_DIR=${{ env.FLATPAK_REMOTE_REFS_DIR }} \ - SECURE_BOOT_KEY_URL=${{ env.SECURE_BOOT_KEY_URL }} \ - ENROLLMENT_PASSWORD=${{ env.ENROLLMENT_PASSWORD }} - - - name: Set status - if: inputs.pr && always() - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} - context: ${{ env.JOB_NAME }} - sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} - - test-deployment: - name: Test deployment - env: - JOB_NAME: Test deployment - runs-on: ubuntu-latest - needs: - - build-and-push-iso - permissions: - contents: read - statuses: write - continue-on-error: false - strategy: - fail-fast: false - matrix: - version: - - 38 - - 39 - - 40 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Switch branch - if: inputs.pr - env: - GITHUB_USER: ${{ github.actor }} - GITHUB_TOKEN: ${{ github.token }} - run: | - sudo apt-get update - sudo apt-get install -y hub - hub pr checkout ${{ inputs.pr }} - echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV - - - name: Get Current Job Log URL - if: inputs.pr && always() - uses: Tiryoh/gha-jobid-action@v1 - id: jobs - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "Run Tests / ${{ env.JOB_NAME }}" - - - name: Set status - if: inputs.pr && always() - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} - context: ${{ env.JOB_NAME }} - sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} - - - name: Install test tools - run: | - sudo apt-get update - sudo apt-get install -y make - sudo make install-test-deps PACKAGE_MANAGER=apt-get - - - name: Download generated ISO - uses: actions/download-artifact@v4 - with: - name: ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} - - - name: Add Kickstart and Grub options to ISO - run: | - mv ${{ needs['build-and-push-iso']['outputs'][format('iso_name-{0}', matrix.version)] }} deploy.iso - sudo mkdir /mnt/iso || true - sudo mount -o loop deploy.iso /mnt/iso - cp /mnt/iso/boot/grub2/grub.cfg grub.cfg - sudo umount /mnt/iso - sed -i 's/quiet/console=ttyS0,115200n8 inst.ks=cdrom:\/ks.cfg/' grub.cfg - sed -i 's/set default="1"/set default="0"/' grub.cfg - sed -i 's/set timeout=60/set timeout=1/' grub.cfg - cat << EOF > ks.cfg - lang en_US.UTF-8 - keyboard us - timezone Americas/New_York - zerombr - clearpart --all --initlabel - autopart - poweroff - user --name=core --groups=wheel --password=foobar - %include /usr/share/anaconda/interactive-defaults.ks - EOF - xorriso -dialog on << EOF - -indev deploy.iso - -outdev test.iso - -boot_image any replay - -map ks.cfg ks.cfg - -chmod 0444 ks.cfg - -map grub.cfg boot/grub2/grub.cfg - -end - EOF - - - name: Create VM disk - run: | - qemu-img create -f qcow2 disk.qcow2 50G - - - name: Install the test VM - run: | - timeout 1h qemu-system-x86_64 -name "Anaconda" -boot d -m 4096 -cpu qemu64 -display none -cdrom test.iso -smp 2 -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & QEMU_PID=$! - echo "PID: $QEMU_PID" - timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" - (nc localhost 4321 | tee vm.stdout) & - wait $QEMU_PID - - - name: Start the test VM - env: - VM_USER: core - VM_PASS: foobar - VM_IP: "127.0.0.1" - VM_PORT: "5555" - run: | - mkfifo vm.stdin - qemu-system-x86_64 -name "Anaconda" \ - -m 4096 -cpu qemu64 -display none -smp 2 \ - -chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0 \ - -device e1000,netdev=net0 \ - -netdev user,id=net0,hostfwd=tcp::${VM_PORT}-:22 \ - -device virtio-serial \ - -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \ - -boot c -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & export QEMU_PID=$! - echo "PID: $QEMU_PID" - - timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" - (tail -f vm.stdin | nc localhost 4321 | tee vm.stdout) & - - timeout 30m bash -c "while ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}); do sleep 1; done" - - if ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}) - then - echo "SSH must be installed and enabled inside the container" - fi - - echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}" - - make test-vm VM_IP=${VM_IP} VM_PORT=${VM_PORT} VM_USER=${VM_USER} VM_PASS=${VM_PASS} \ - ARCH=${{ env.ARCH}} \ - IMAGE_NAME=${{ env.IMAGE_NAME}} \ - IMAGE_REPO=${{ env.IMAGE_REPO}} \ - IMAGE_TAG=${{ matrix.version }} \ - VERSION=${{ matrix.version }} \ - VARIANT=${{ env.VARIANT }} \ - FLATPAK_REMOTE_REFS_DIR=${{ env.FLATPAK_REMOTE_REFS_DIR }} \ - SECURE_BOOT_KEY_URL=${{ env.SECURE_BOOT_KEY_URL }} \ - ENROLLMENT_PASSWORD=${{ env.ENROLLMENT_PASSWORD }} - kill $QEMU_PID - - - name: Set status - if: inputs.pr && always() - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} - context: ${{ env.JOB_NAME }} - sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml new file mode 100644 index 0000000..b3c6b5a --- /dev/null +++ b/.github/workflows/build_container.yml @@ -0,0 +1,99 @@ +on: + workflow_call: + inputs: + pr: + required: false + type: string + parent_job_name: + required: true + type: string + +jobs: + build-container: + if: > + github.event_name == 'push' || + github.event_name == 'issue_comment' || + ( github.event_name == 'pull_request' && + contains(github.event.pull_request.labels.*.name, 'auto-test') ) + name: Build Container Image + env: + JOB_NAME: Tests / Build Container Image + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + statuses: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + fetch-depth: 0 + fetch-tags: 'true' + + - name: Switch branch + if: inputs.pr + env: + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ github.token }} + run: | + sudo apt-get update + sudo apt-get install -y hub + hub pr checkout ${{ inputs.pr }} + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV + + - name: Get Current Job Log URL + if: inputs.pr && always() + uses: Tiryoh/gha-jobid-action@v1 + id: jobs + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}" + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: Pending + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - name: Buildah Build + id: build-image + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: Containerfile + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Push image + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.build-image.outputs.image }} + tags: ${{ steps.build-image.outputs.tags }} + username: ${{ github.actor }} + password: ${{ github.token }} + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} \ No newline at end of file diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml new file mode 100644 index 0000000..72acff2 --- /dev/null +++ b/.github/workflows/build_iso.yml @@ -0,0 +1,139 @@ +on: + workflow_call: + inputs: + pr: + required: false + type: string + parent_job_name: + required: true + type: string + outputs: + iso_name-38: + description: "Version 38 ISO Name" + value: ${{ jobs.build_iso.outputs.iso_name-38 }} + iso_name-39: + description: "Version 39 ISO Name" + value: ${{ jobs.build_iso.outputs.iso_name-39 }} + iso_name-40: + description: "Version 40 ISO Name" + value: ${{ jobs.build_iso.outputs.iso_name-40 }} + +jobs: + load_vars: + uses: ./.github/workflows/build_vars.yml + + build_iso: + name: Build ISO + env: + JOB_NAME: Build ISO + runs-on: ubuntu-latest + needs: + - load_vars + permissions: + contents: read + packages: write + statuses: write + continue-on-error: false + strategy: + fail-fast: false + matrix: + version: + - 38 + - 39 + - 40 + outputs: + iso_name-38: ${{ steps.save_output.outputs.iso_name-38 }} + iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }} + iso_name-40: ${{ steps.save_output.outputs.iso_name-40 }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Switch branch + if: inputs.pr + env: + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ github.token }} + run: | + sudo apt-get update + sudo apt-get install -y hub + hub pr checkout ${{ inputs.pr }} + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV + + - name: Get Current Job Log URL + if: inputs.pr && always() + uses: Tiryoh/gha-jobid-action@v1 + id: jobs + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}" + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: Pending + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} + + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v6 + with: + string: ${{ needs.load_vars.outputs.IMAGE_REPO }} + + - name: Get image version + id: meta + uses: docker/metadata-action@v5 + with: + tags: | + type=ref,event=branch + type=ref,event=pr + + - name: Build ISO + uses: ./ + id: build + with: + arch: ${{ needs.load_vars.outputs.ARCH }} + image_name: ${{ needs.load_vars.outputs.IMAGE_NAME }} + image_repo: ${{ needs.load_vars.outputs.IMAGE_REPO }} + image_tag: ${{ matrix.version }} + version: ${{ matrix.version }} + variant: ${{ needs.load_vars.outputs.VARIANT }} + flatpak_remote_refs_dir: /github/workspace/${{ needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR }} + secure_boot_key_url: ${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} + enrollment_password: ${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} + iso_name: ${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}.iso + + - name: Save output + id: save_output + shell: bash + run: | + echo "iso_name-${{ matrix.version }}=${{ steps.build.outputs.iso_name}}" >> $GITHUB_OUTPUT + + - name: Upload ISO as artifact + id: upload + uses: actions/upload-artifact@v4 + with: + name: ${{ steps.build.outputs.iso_name }} + path: | + ${{ steps.build.outputs.iso_path }} + ${{ steps.build.outputs.iso_path }}-CHECKSUM + if-no-files-found: error + retention-days: 0 + compression-level: 0 + overwrite: true + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} \ No newline at end of file diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml new file mode 100644 index 0000000..a7967bf --- /dev/null +++ b/.github/workflows/build_vars.yml @@ -0,0 +1,28 @@ +on: + workflow_call: + outputs: + ARCH: + value: 'x86_64' + IMAGE_NAME: + value: 'base' + IMAGE_REPO: + value: 'quay.io/fedora-ostree-desktops' + IMAGE_TAG: + value: '39' + VARIANT: + value: 'Server' + FLATPAK_REMOTE_REFS_DIR: + value: flatpak_refs + SECURE_BOOT_KEY_URL: + value: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' + ENROLLMENT_PASSWORD: + value: 'container-installer' + + +jobs: + job1: + runs-on: ubuntu-latest + steps: + - name: Sucess + run: + echo "Vars loaded" diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml new file mode 100644 index 0000000..7ad14c2 --- /dev/null +++ b/.github/workflows/test_deployment.yml @@ -0,0 +1,183 @@ +on: + workflow_call: + inputs: + pr: + required: true + type: string + parent_job_name: + required: true + type: string + iso_name-38: + required: true + type: string + iso_name-39: + required: true + type: string + iso_name-40: + required: true + type: string + + + +jobs: + load_vars: + uses: ./.github/workflows/build_vars.yml + + test-deployment: + name: Test deployment + env: + JOB_NAME: Test deployment + runs-on: ubuntu-latest + needs: + - load_vars + permissions: + contents: read + statuses: write + continue-on-error: false + strategy: + fail-fast: false + matrix: + version: + - 38 + - 39 + - 40 + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Switch branch + if: inputs.pr + env: + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ github.token }} + run: | + sudo apt-get update + sudo apt-get install -y hub + hub pr checkout ${{ inputs.pr }} + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV + + - name: Get Current Job Log URL + if: inputs.pr && always() + uses: Tiryoh/gha-jobid-action@v1 + id: jobs + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}" + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: Pending + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} + + - name: Install test tools + run: | + sudo apt-get update + sudo apt-get install -y make + sudo make install-test-deps PACKAGE_MANAGER=apt-get + + - name: Download generated ISO + uses: actions/download-artifact@v4 + with: + name: ${{ inputs[format('iso_name-{0}', matrix.version)] }} + + - name: Add Kickstart and Grub options to ISO + run: | + mv ${{ inputs[format('iso_name-{0}', matrix.version)] }} deploy.iso + sudo mkdir /mnt/iso || true + sudo mount -o loop deploy.iso /mnt/iso + cp /mnt/iso/boot/grub2/grub.cfg grub.cfg + sudo umount /mnt/iso + sed -i 's/quiet/console=ttyS0,115200n8 inst.ks=cdrom:\/ks.cfg/' grub.cfg + sed -i 's/set default="1"/set default="0"/' grub.cfg + sed -i 's/set timeout=60/set timeout=1/' grub.cfg + cat << EOF > ks.cfg + lang en_US.UTF-8 + keyboard us + timezone Americas/New_York + zerombr + clearpart --all --initlabel + autopart + poweroff + user --name=core --groups=wheel --password=foobar + %include /usr/share/anaconda/interactive-defaults.ks + EOF + xorriso -dialog on << EOF + -indev deploy.iso + -outdev test.iso + -boot_image any replay + -map ks.cfg ks.cfg + -chmod 0444 ks.cfg + -map grub.cfg boot/grub2/grub.cfg + -end + EOF + + - name: Create VM disk + run: | + qemu-img create -f qcow2 disk.qcow2 50G + + - name: Install the test VM + run: | + timeout 1h qemu-system-x86_64 -name "Anaconda" -boot d -m 4096 -cpu qemu64 -display none -cdrom test.iso -smp 2 -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & QEMU_PID=$! + echo "PID: $QEMU_PID" + timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" + (nc localhost 4321 | tee vm.stdout) & + wait $QEMU_PID + + - name: Start the test VM + env: + VM_USER: core + VM_PASS: foobar + VM_IP: "127.0.0.1" + VM_PORT: "5555" + run: | + mkfifo vm.stdin + qemu-system-x86_64 -name "Anaconda" \ + -m 4096 -cpu qemu64 -display none -smp 2 \ + -chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0 \ + -device e1000,netdev=net0 \ + -netdev user,id=net0,hostfwd=tcp::${VM_PORT}-:22 \ + -device virtio-serial \ + -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \ + -boot c -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & export QEMU_PID=$! + echo "PID: $QEMU_PID" + + timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" + (tail -f vm.stdin | nc localhost 4321 | tee vm.stdout) & + + timeout 30m bash -c "while ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}); do sleep 1; done" + + if ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}) + then + echo "SSH must be installed and enabled inside the container" + fi + + echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}" + + make test-vm VM_IP=${VM_IP} VM_PORT=${VM_PORT} VM_USER=${VM_USER} VM_PASS=${VM_PASS} \ + ARCH=${{ needs.load_vars.outputs.ARCH}} \ + IMAGE_NAME=${{ needs.load_vars.outputs.IMAGE_NAME}} \ + IMAGE_REPO=${{ needs.load_vars.outputs.IMAGE_REPO}} \ + IMAGE_TAG=${{ matrix.version }} \ + VERSION=${{ matrix.version }} \ + VARIANT=${{ needs.load_vars.outputs.VARIANT }} \ + FLATPAK_REMOTE_REFS_DIR=${{ needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR }} \ + SECURE_BOOT_KEY_URL=${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} \ + ENROLLMENT_PASSWORD=${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} + kill $QEMU_PID + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/test_iso.yml b/.github/workflows/test_iso.yml new file mode 100644 index 0000000..5fd38d0 --- /dev/null +++ b/.github/workflows/test_iso.yml @@ -0,0 +1,116 @@ +on: + workflow_call: + inputs: + pr: + required: false + type: string + parent_job_name: + required: true + type: string + iso_name-38: + required: true + type: string + iso_name-39: + required: true + type: string + iso_name-40: + required: true + type: string + + +jobs: + load_vars: + uses: ./.github/workflows/build_vars.yml + + test-iso: + name: Test ISO + env: + JOB_NAME: Test ISO + runs-on: ubuntu-latest + needs: + - load_vars + permissions: + contents: read + statuses: write + continue-on-error: false + strategy: + fail-fast: false + matrix: + version: + - 38 + - 39 + - 40 + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Switch branch + if: inputs.pr + env: + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ github.token }} + run: | + sudo apt-get update + sudo apt-get install -y hub + hub pr checkout ${{ inputs.pr }} + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV + + - name: Get Current Job Log URL + if: inputs.pr && always() + uses: Tiryoh/gha-jobid-action@v1 + id: jobs + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}" + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: Pending + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} + + - name: Install test tools + run: | + sudo apt-get update + sudo apt-get install -y make + sudo make install-test-deps PACKAGE_MANAGER=apt-get + + - name: Download generated ISO + uses: actions/download-artifact@v4 + with: + name: ${{ inputs[format('iso_name-{0}', matrix.version)] }} + + - name: Verify ISO + run: | + checkisomd5 ${{ inputs[format('iso_name-{0}', matrix.version)] }} + sha256sum -c ${{ inputs[format('iso_name-{0}', matrix.version)] }}-CHECKSUM + + - name: Run ISO checks + run: | + mv ${{ inputs[format('iso_name-{0}', matrix.version)] }} deploy.iso + make test-iso \ + ARCH=${{ needs.load_vars.outputs.ARCH}} \ + IMAGE_NAME=${{ needs.load_vars.outputs.IMAGE_NAME}} \ + IMAGE_REPO=${{ needs.load_vars.outputs.IMAGE_REPO}} \ + IMAGE_TAG=${{ matrix.version }} \ + VERSION=${{ matrix.version }} \ + VARIANT=${{ needs.load_vars.outputs.VARIANT }} \ + FLATPAK_REMOTE_REFS_DIR=${{ needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR }} \ + SECURE_BOOT_KEY_URL=${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} \ + ENROLLMENT_PASSWORD=${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} \ No newline at end of file diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..ddceeb2 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,63 @@ +name: Tests + +on: + push: + branches: + - 'main' + tags: + - 'v*' + + workflow_call: + inputs: + pr: + required: true + type: string + parent_job_name: + required: true + type: string + + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build_container: + name: Build Container + uses: ./.github/workflows/build_container.yml + with: + pr: ${{ inputs.pr }} + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build Container + + build_iso: + name: Build ISO + needs: + - build_container + uses: ./.github/workflows/build_iso.yml + with: + pr: ${{ inputs.pr }} + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build ISO + + test_iso: + name: Test ISO + needs: + - build_iso + uses: ./.github/workflows/test_iso.yml + with: + pr: ${{ inputs.pr }} + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test ISO + iso_name-38: ${{ needs.build_iso.outputs.iso_name-38 }} + iso_name-39: ${{ needs.build_iso.outputs.iso_name-39 }} + iso_name-40: ${{ needs.build_iso.outputs.iso_name-40 }} + + test_deployment: + name: Test Deployment + needs: + - build_iso + uses: ./.github/workflows/test_deployment.yml + with: + pr: ${{ inputs.pr }} + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test Deployment + iso_name-38: ${{ needs.build_iso.outputs.iso_name-38 }} + iso_name-39: ${{ needs.build_iso.outputs.iso_name-39 }} + iso_name-40: ${{ needs.build_iso.outputs.iso_name-40 }} \ No newline at end of file From 5ee3e3cb8f908cc138085909eccfcbe319ae9e52 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 11:11:11 -0400 Subject: [PATCH 28/92] Fix tests for PRs (#80) --- .github/workflows/bot_commands.yml | 8 ++++---- .github/workflows/build_container.yml | 3 ++- .github/workflows/build_iso.yml | 1 + .github/workflows/build_vars.yml | 3 ++- .github/workflows/test_deployment.yml | 1 + .github/workflows/test_iso.yml | 1 + .github/workflows/tests.yml | 2 ++ 7 files changed, 13 insertions(+), 6 deletions(-) diff --git a/.github/workflows/bot_commands.yml b/.github/workflows/bot_commands.yml index 13ce9c8..abcd5a5 100644 --- a/.github/workflows/bot_commands.yml +++ b/.github/workflows/bot_commands.yml @@ -35,7 +35,7 @@ jobs: uses: ./.github/workflows/tests.yml with: pr: ${{ github.event.issue.number }} - parent_job_name: Run ISO Tests / + parent_job_name: Run All Tests run_build_container: name: Run Build Container @@ -51,7 +51,7 @@ jobs: uses: ./.github/workflows/build_container.yml with: pr: ${{ github.event.issue.number }} - parent_job_name: Run ISO Tests / + parent_job_name: Run Build Container run_test_iso: name: Run ISO Tests @@ -68,7 +68,7 @@ jobs: uses: ./.github/workflows/test_iso.yml with: pr: ${{ github.event.issue.number }} - parent_job_name: Run ISO Tests / + parent_job_name: Run ISO Tests iso_name-38: ${{ needs.load_vars.outputs.IMAGE_NAME }}-38.iso iso_name-39: ${{ needs.load_vars.outputs.IMAGE_NAME }}-39.iso iso_name-40: ${{ needs.load_vars.outputs.IMAGE_NAME }}-40.iso @@ -89,7 +89,7 @@ jobs: uses: ./.github/workflows/test_deployment.yml with: pr: ${{ github.event.issue.number }} - parent_job_name: Run ISO Tests / + parent_job_name: Run ISO Deployment Tests iso_name-38: ${{ needs.load_vars.outputs.IMAGE_NAME }}-38.iso iso_name-39: ${{ needs.load_vars.outputs.IMAGE_NAME }}-39.iso iso_name-40: ${{ needs.load_vars.outputs.IMAGE_NAME }}-40.iso \ No newline at end of file diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index b3c6b5a..88ce805 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -17,7 +17,7 @@ jobs: contains(github.event.pull_request.labels.*.name, 'auto-test') ) name: Build Container Image env: - JOB_NAME: Tests / Build Container Image + JOB_NAME: Build Container Image runs-on: ubuntu-latest permissions: contents: read @@ -66,6 +66,7 @@ jobs: with: images: | ghcr.io/${{ github.repository }} + context: git tags: | type=ref,event=branch type=ref,event=pr diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 72acff2..0867b90 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -20,6 +20,7 @@ on: jobs: load_vars: + name: Load Variables uses: ./.github/workflows/build_vars.yml build_iso: diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index a7967bf..3ec77e8 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -20,7 +20,8 @@ on: jobs: - job1: + load-vars: + name: Load Variables runs-on: ubuntu-latest steps: - name: Sucess diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml index 7ad14c2..11ad4d8 100644 --- a/.github/workflows/test_deployment.yml +++ b/.github/workflows/test_deployment.yml @@ -21,6 +21,7 @@ on: jobs: load_vars: + name: Load Variables uses: ./.github/workflows/build_vars.yml test-deployment: diff --git a/.github/workflows/test_iso.yml b/.github/workflows/test_iso.yml index 5fd38d0..4e2d8aa 100644 --- a/.github/workflows/test_iso.yml +++ b/.github/workflows/test_iso.yml @@ -20,6 +20,7 @@ on: jobs: load_vars: + name: Load Variables uses: ./.github/workflows/build_vars.yml test-iso: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ddceeb2..506c430 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -7,6 +7,8 @@ on: tags: - 'v*' + workflow_dispatch: + workflow_call: inputs: pr: From a4afd2efe6307d9c5433513ba7f79c3282cb1241 Mon Sep 17 00:00:00 2001 From: "Jason N." <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 12:46:37 -0400 Subject: [PATCH 29/92] lowercase --- .github/workflows/build_container.yml | 2 +- .github/workflows/build_iso.yml | 2 +- .github/workflows/test_deployment.yml | 2 +- .github/workflows/test_iso.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index b3c6b5a..c391191 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -55,7 +55,7 @@ jobs: uses: myrotvorets/set-commit-status-action@v2.0.1 with: token: ${{ secrets.GITHUB_TOKEN }} - status: Pending + status: pending context: ${{ env.JOB_NAME }} sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 72acff2..e5decb7 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -75,7 +75,7 @@ jobs: uses: myrotvorets/set-commit-status-action@v2.0.1 with: token: ${{ secrets.GITHUB_TOKEN }} - status: Pending + status: pending context: ${{ env.JOB_NAME }} sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml index 7ad14c2..48e5db9 100644 --- a/.github/workflows/test_deployment.yml +++ b/.github/workflows/test_deployment.yml @@ -71,7 +71,7 @@ jobs: uses: myrotvorets/set-commit-status-action@v2.0.1 with: token: ${{ secrets.GITHUB_TOKEN }} - status: Pending + status: pending context: ${{ env.JOB_NAME }} sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/test_iso.yml b/.github/workflows/test_iso.yml index 5fd38d0..ba8bf07 100644 --- a/.github/workflows/test_iso.yml +++ b/.github/workflows/test_iso.yml @@ -70,7 +70,7 @@ jobs: uses: myrotvorets/set-commit-status-action@v2.0.1 with: token: ${{ secrets.GITHUB_TOKEN }} - status: Pending + status: pending context: ${{ env.JOB_NAME }} sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} From 3b58e69ec44c4c8b31eb719442af6b818dfad5e4 Mon Sep 17 00:00:00 2001 From: "Jason N." <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 13:00:11 -0400 Subject: [PATCH 30/92] generate different tag for pr --- .github/workflows/build_container.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 0a1dbab..9f1e227 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -61,25 +61,35 @@ jobs: targetUrl: ${{ steps.jobs.outputs.html_url }} - name: Docker meta + if: ! inputs.pr id: meta uses: docker/metadata-action@v5 with: images: | ghcr.io/${{ github.repository }} - context: git tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} + - name: Docker meta for PR + if: inputs.pr + id: meta_pr + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository }} + tags: | + pr-${{ inputs.pr }} + - name: Buildah Build id: build-image uses: redhat-actions/buildah-build@v2 with: containerfiles: Containerfile - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags || steps.meta_pr.outputs.tags }} + labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }} - name: Push image uses: redhat-actions/push-to-registry@v2 From 4ae17213113a730e89d1baeafdfb305695e3ea12 Mon Sep 17 00:00:00 2001 From: "Jason N." <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 13:01:10 -0400 Subject: [PATCH 31/92] check if empty instead --- .github/workflows/build_container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 9f1e227..a34509d 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -61,7 +61,7 @@ jobs: targetUrl: ${{ steps.jobs.outputs.html_url }} - name: Docker meta - if: ! inputs.pr + if: inputs.pr == '' id: meta uses: docker/metadata-action@v5 with: From e8288bd5a94813a2501f95032e7b00266815630f Mon Sep 17 00:00:00 2001 From: "Jason N." <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 13:07:54 -0400 Subject: [PATCH 32/92] add matrix version --- .github/workflows/build_iso.yml | 4 ++-- .github/workflows/test_deployment.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index d294605..494b4ac 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -69,7 +69,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" - name: Set status if: inputs.pr && always() @@ -135,6 +135,6 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: ${{ env.JOB_NAME }} + context: ${{ env.JOB_NAME }} (${{ matrix.version }}) sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} \ No newline at end of file diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml index b081cfc..87c388f 100644 --- a/.github/workflows/test_deployment.yml +++ b/.github/workflows/test_deployment.yml @@ -65,7 +65,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" - name: Set status if: inputs.pr && always() @@ -179,6 +179,6 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: ${{ env.JOB_NAME }} + context: ${{ env.JOB_NAME }} (${{ matrix.version }}) sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} From d24a21a449da6af2759275b679367a417c2b4dd6 Mon Sep 17 00:00:00 2001 From: "Jason N." <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 13:18:24 -0400 Subject: [PATCH 33/92] remove refs to repo --- action.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/action.yml b/action.yml index 493dec4..e3cdb69 100644 --- a/action.yml +++ b/action.yml @@ -136,14 +136,13 @@ runs: ACTION_REF: ${{ github.action_ref }} shell: bash run: | - image="ghcr.io/jasonn3/build-container-installer" - # Check if running inside of the action repo - if [[ -z "${ACTION_REPO}" || "${ACTION_REPO}" == "${{ github.repository }}" ]] + image=$(echo "ghcr.io/${{ github.repository }}" | tr [:upper:] [:lower:]) + # Check if running inside01 of the action repo + if [[ -z "${ACTION_REPO}" ]] then - if [[ "${{ github.ref_name }}" =~ (.*)/merge ]] + if [[ -n "${{ github.event.issue.number }}" ]] then - tag="pr-${BASH_REMATCH[1]}" - image="docker.io/jasonn3/build-container-installer" + tag="pr-${{ github.event.issue.number }}" else tag="${{ github.ref_name }}" fi From 12d7515a8bfc1693741ad74d3b44460aa157495c Mon Sep 17 00:00:00 2001 From: "Jason N." <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 13:40:45 -0400 Subject: [PATCH 34/92] fix job names --- .github/workflows/build_iso.yml | 2 +- .github/workflows/test_deployment.yml | 2 +- .github/workflows/test_iso.yml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 494b4ac..9f29878 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -77,7 +77,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: ${{ env.JOB_NAME }} + context: ${{ env.JOB_NAME }} (${{ matrix.version }}) sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml index 87c388f..e1951be 100644 --- a/.github/workflows/test_deployment.yml +++ b/.github/workflows/test_deployment.yml @@ -73,7 +73,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: ${{ env.JOB_NAME }} + context: ${{ env.JOB_NAME }} (${{ matrix.version }}) sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/test_iso.yml b/.github/workflows/test_iso.yml index 405cad4..be442a3 100644 --- a/.github/workflows/test_iso.yml +++ b/.github/workflows/test_iso.yml @@ -64,7 +64,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" - name: Set status if: inputs.pr && always() @@ -72,7 +72,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: ${{ env.JOB_NAME }} + context: ${{ env.JOB_NAME }} (${{ matrix.version }}) sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} @@ -112,6 +112,6 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: ${{ env.JOB_NAME }} + context: ${{ env.JOB_NAME }} (${{ matrix.version }}) sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} \ No newline at end of file From 2a907a79c3d3dfb806461749314c0a1787106bbd Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 14:40:35 -0400 Subject: [PATCH 35/92] fix repo reference (#83) --- action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index e3cdb69..55944f7 100644 --- a/action.yml +++ b/action.yml @@ -136,10 +136,11 @@ runs: ACTION_REF: ${{ github.action_ref }} shell: bash run: | - image=$(echo "ghcr.io/${{ github.repository }}" | tr [:upper:] [:lower:]) + image=$(echo "ghcr.io/${ACTION_REPO}" | tr [:upper:] [:lower:]) # Check if running inside01 of the action repo if [[ -z "${ACTION_REPO}" ]] then + image=$(echo "ghcr.io/${{ github.repository }}" | tr [:upper:] [:lower:]) if [[ -n "${{ github.event.issue.number }}" ]] then tag="pr-${{ github.event.issue.number }}" From 8196066a63a2ffc621a56b2804498ddc3007a383 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 14:51:46 -0400 Subject: [PATCH 36/92] Fix issues pulling from fork build (#84) --- .github/workflows/build_iso.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 9f29878..ee29b86 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -95,6 +95,12 @@ jobs: type=ref,event=branch type=ref,event=pr + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ github.actor }} + password: ${{ github.token }} + - name: Build ISO uses: ./ id: build @@ -137,4 +143,4 @@ jobs: status: ${{ job.status }} context: ${{ env.JOB_NAME }} (${{ matrix.version }}) sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} \ No newline at end of file + targetUrl: ${{ steps.jobs.outputs.html_url }} From fadeb6fffb5a8b92725169bd294669c446d5180b Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 19 Mar 2024 14:59:07 -0400 Subject: [PATCH 37/92] use docker login command --- .github/workflows/build_iso.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index ee29b86..ea714b9 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -95,11 +95,9 @@ jobs: type=ref,event=branch type=ref,event=pr - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ github.actor }} - password: ${{ github.token }} + - name: Login to Registry + run: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin - name: Build ISO uses: ./ From f2305bbaf8e2cc3bb7a7549f671b64782d8d6795 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Thu, 21 Mar 2024 15:10:09 -0400 Subject: [PATCH 38/92] Add run build iso command to bot commands (#87) --- .github/workflows/bot_commands.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bot_commands.yml b/.github/workflows/bot_commands.yml index abcd5a5..c6ced5d 100644 --- a/.github/workflows/bot_commands.yml +++ b/.github/workflows/bot_commands.yml @@ -53,6 +53,22 @@ jobs: pr: ${{ github.event.issue.number }} parent_job_name: Run Build Container + run_build_iso: + name: Run Build ISO + if: > + github.event.issue.pull_request && + contains(github.event.comment.body, '/run build iso') + permissions: + contents: read + packages: write + statuses: write + needs: + - permissions + uses: ./.github/workflows/build_iso.yml + with: + pr: ${{ github.event.issue.number }} + parent_job_name: Run Build ISO + run_test_iso: name: Run ISO Tests if: > @@ -92,4 +108,4 @@ jobs: parent_job_name: Run ISO Deployment Tests iso_name-38: ${{ needs.load_vars.outputs.IMAGE_NAME }}-38.iso iso_name-39: ${{ needs.load_vars.outputs.IMAGE_NAME }}-39.iso - iso_name-40: ${{ needs.load_vars.outputs.IMAGE_NAME }}-40.iso \ No newline at end of file + iso_name-40: ${{ needs.load_vars.outputs.IMAGE_NAME }}-40.iso From b5c953d8d3e3e752470fd749cb2a58e821e63dcd Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 26 Mar 2024 14:17:21 -0400 Subject: [PATCH 39/92] Automatically determine Flatpak dependencies (#86) Co-authored-by: Noel Miller --- .github/workflows/build_container.yml | 5 ++-- .github/workflows/build_iso.yml | 16 +++++++++++ .gitignore | 2 +- Makefile | 15 ++++++++-- action.yml | 41 +++++++++++++++++++++++++++ flatpak_refs/Firefox | 4 --- flatpak_refs/VLC | 1 - lorax_templates/flatpak_link.tmpl | 5 ++++ xorriso/gen_input.sh.in | 11 +++++++ 9 files changed, 88 insertions(+), 12 deletions(-) create mode 100644 lorax_templates/flatpak_link.tmpl diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index a34509d..23966d1 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -12,9 +12,8 @@ jobs: build-container: if: > github.event_name == 'push' || - github.event_name == 'issue_comment' || - ( github.event_name == 'pull_request' && - contains(github.event.pull_request.labels.*.name, 'auto-test') ) + github.event_name == 'issue_comment' || + github.event_name == 'workflow_dispatch' name: Build Container Image env: JOB_NAME: Build Container Image diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index ea714b9..572cdbf 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -81,6 +81,22 @@ jobs: sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + + # all of these default to true, but feel free to set to + # "false" if necessary for your workflow + android: true + dotnet: true + haskell: true + large-packages: true + docker-images: true + swap-storage: true + - name: Lowercase Registry id: registry_case uses: ASzc/change-string-case-action@v6 diff --git a/.gitignore b/.gitignore index dde3499..f116d91 100644 --- a/.gitignore +++ b/.gitignore @@ -11,4 +11,4 @@ /lorax.conf /output /*.log - +/cache \ No newline at end of file diff --git a/Makefile b/Makefile index acf2d0d..b596037 100644 --- a/Makefile +++ b/Makefile @@ -17,6 +17,7 @@ FLATPAK_REMOTE_NAME = flathub FLATPAK_REMOTE_URL = https://flathub.org/repo/flathub.flatpakrepo FLATPAK_REMOTE_REFS = FLATPAK_REMOTE_REFS_DIR = +FLATPAK_DIR = # Secure boot ENROLLMENT_PASSWORD = SECURE_BOOT_KEY_URL = @@ -121,6 +122,13 @@ _LORAX_TEMPLATES += $(call get_templates,cache) _TEMPLATE_VARS += DNF_CACHE endif +ifneq ($(FLATPAK_DIR),) +_FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) +_FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) +_LORAX_ARGS += -i flatpak-libs +_LORAX_TEMPLATES += $(call get_templates,flatpak) +_TEMPLATE_VARS += FLATPAK_DIR FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL +else ifneq ($(FLATPAK_REMOTE_REFS_DIR),) COLLECTED_REFS = $(foreach file,$(shell ls $(FLATPAK_REMOTE_REFS_DIR)/*),$(shell cat $(file))) FLATPAK_REMOTE_REFS += $(sort $(COLLECTED_REFS)) @@ -132,9 +140,10 @@ _FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cu _LORAX_ARGS += -i flatpak-libs _LORAX_TEMPLATES += $(call get_templates,flatpak) \ external/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl -_TEMPLATE_VARS += FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL - +_TEMPLATE_VARS += FLATPAK_DIR FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL endif +endif + ifneq ($(SECURE_BOOT_KEY_URL),) _LORAX_TEMPLATES += $(call get_templates,secureboot) @@ -200,7 +209,7 @@ container/$(IMAGE_NAME)-$(IMAGE_TAG): xorriso/%.sh: xorriso/%.sh.in sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' results/boot/grub2/grub.cfg sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' results/EFI/BOOT/grub.cfg - $(eval _VARS = IMAGE_NAME IMAGE_TAG ARCH VERSION) + $(eval _VARS = FLATPAK_DIR IMAGE_NAME IMAGE_TAG ARCH VERSION) $(foreach var,$(_VARS),$(var)=$($(var))) envsubst '$(foreach var,$(_VARS),$$$(var))' < $(_BASE_DIR)/xorriso/$*.sh.in > $(_BASE_DIR)/xorriso/$*.sh # Step 6: Generate xorriso input diff --git a/action.yml b/action.yml index 55944f7..c856f54 100644 --- a/action.yml +++ b/action.yml @@ -24,6 +24,10 @@ inputs: description: Whether to enable caching for skopeo required: false default: "false" + enable_flatpak_dependencies: + description: Whether to enable automatically determining Flatpak dependencies + required: false + default: "true" enrollment_password: description: Used for supporting secure boot (requires secure_boot_key_url to be defined) required: false @@ -130,6 +134,42 @@ runs: mkdir /cache/dnf_new || true mkdir /cache/skopeo || true + - name: Determine Flatpak dependencies + if: inputs.enable_flatpak_dependencies == 'true' + id: flatpak_dependencies + shell: bash + run: | + image="${{ inputs.image_repo }}/${{ inputs.image_name }}:${{ inputs.image_tag }}" + # Make temp space + FLATPAK_DIR=$(basename $(mktemp -d -p ${{ github.workspace }} flatpak.XXX)) + # Get list of refs from directory + sudo mkdir /github || true + sudo ln -s ${{ github.workspace }} /github/workspace + DIR_REFS=$(cat ${{ inputs.flatpak_remote_refs_dir }}/* | tr '\n' ' ' ) + # Generate install script + cat << EOF > ${{ github.workspace }}/${FLATPAK_DIR}/script.sh + cat /flatpak_dir/script.sh + mkdir -p /flatpak/flatpak /flatpak/triggers + mkdir /var/tmp || true + chmod -R 1777 /var/tmp + flatpak config --system --set languages "*" + flatpak remote-add --system ${{ inputs.flatpak_remote_name }} ${{ inputs.flatpak_remote_url }} + flatpak install --system -y ${{ inputs.flatpak_remote_refs }} ${DIR_REFS} + ostree init --repo=/flatpak_dir/repo --mode=archive-z2 + for i in \$(ostree refs --repo=\${FLATPAK_SYSTEM_DIR}/repo | grep '^deploy/' | sed 's/^deploy\///g') + do + echo "Copying \${i}..." + ostree --repo=/flatpak_dir/repo pull-local \${FLATPAK_SYSTEM_DIR}/repo \$(ostree --repo=\${FLATPAK_SYSTEM_DIR}/repo rev-parse ${{ inputs.flatpak_remote_name }}/\${i}) + mkdir -p \$(dirname /flatpak_dir/repo/refs/heads/\${i}) + ostree --repo=\${FLATPAK_SYSTEM_DIR}/repo rev-parse ${{ inputs.flatpak_remote_name }}/\${i} > /flatpak_dir/repo/refs/heads/\${i} + done + flatpak build-update-repo /flatpak_dir/repo + ostree refs --repo=/flatpak_dir/repo + EOF + docker run --rm --privileged --entrypoint bash -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak -e FLATPAK_TRIGGERSDIR=/flatpak/triggers --volume ${{ github.workspace }}/${FLATPAK_DIR}:/flatpak_dir ${image} /flatpak_dir/script.sh + echo "flatpak_dir=${FLATPAK_DIR}" >> $GITHUB_OUTPUT + docker rmi ${image} + - name: Run docker image env: ACTION_REPO: ${{ github.action_repository }} @@ -183,6 +223,7 @@ runs: FLATPAK_REMOTE_NAME="${{ inputs.flatpak_remote_name }}" \ ${vars} \ FLATPAK_REMOTE_URL="${{ inputs.flatpak_remote_url }}" \ + FLATPAK_DIR="${{ steps.flatpak_dependencies.outputs.flatpak_dir && format('/github/workspace/{0}', steps.flatpak_dependencies.outputs.flatpak_dir) || '' }}" \ IMAGE_NAME="${{ inputs.image_name }}" \ IMAGE_REPO="${{ inputs.image_repo }}" \ IMAGE_TAG="${{ inputs.image_tag || inputs.version }}" \ diff --git a/flatpak_refs/Firefox b/flatpak_refs/Firefox index fdc2b93..6bc6e1d 100644 --- a/flatpak_refs/Firefox +++ b/flatpak_refs/Firefox @@ -1,5 +1 @@ app/org.mozilla.firefox/x86_64/stable - -runtime/org.mozilla.firefox.Locale/x86_64/stable -runtime/org.freedesktop.Platform/x86_64/23.08 -runtime/org.freedesktop.Platform.Locale/x86_64/23.08 \ No newline at end of file diff --git a/flatpak_refs/VLC b/flatpak_refs/VLC index 6e4a3fd..496d8d6 100644 --- a/flatpak_refs/VLC +++ b/flatpak_refs/VLC @@ -1,2 +1 @@ app/org.videolan.VLC/x86_64/stable -runtime/org.kde.Platform/x86_64/5.15-23.08 \ No newline at end of file diff --git a/lorax_templates/flatpak_link.tmpl b/lorax_templates/flatpak_link.tmpl new file mode 100644 index 0000000..a38341b --- /dev/null +++ b/lorax_templates/flatpak_link.tmpl @@ -0,0 +1,5 @@ +<%page args="flatpak_dir"/> + +%if flatpak_dir != "": +symlink /run/install/repo/flatpak /flatpak +%endif \ No newline at end of file diff --git a/xorriso/gen_input.sh.in b/xorriso/gen_input.sh.in index f2f678c..0a993bc 100644 --- a/xorriso/gen_input.sh.in +++ b/xorriso/gen_input.sh.in @@ -10,6 +10,17 @@ echo "-chmod 0444 boot/grub2/grub.cfg" echo "-map $(pwd)/results/EFI/BOOT/grub.cfg EFI/BOOT/grub.cfg" echo "-chmod 0444 EFI/BOOT/grub.cfg" +if [[ -n "${FLATPAK_DIR}" ]] +then + pushd ${FLATPAK_DIR} > /dev/null + for file in $(find *) + do + echo "-map $(pwd)/${file} flatpak/${file}" + echo "-chmod 0444 flatpak/${file}" + done + popd > /dev/null +fi + if [ -f $(pwd)/sb_pubkey.der ] then echo "-map $(pwd)/sb_pubkey.der sb_pubkey.der" From 1de61a80832d070b1d88542c00871a655505585b Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:39:05 -0400 Subject: [PATCH 40/92] move quotes --- action.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/action.yml b/action.yml index c856f54..1137168 100644 --- a/action.yml +++ b/action.yml @@ -210,27 +210,27 @@ runs: else if [[ -n "${{ inputs.flatpak_remote_refs }}" ]] then - vars="${vars} FLATPAK_REMOTE_REFS=\"${{ inputs.flatpak_remote_refs }}\"" + vars="${vars} \"FLATPAK_REMOTE_REFS=${{ inputs.flatpak_remote_refs }}\"" else - vars="${vars} FLATPAK_REMOTE_REFS_DIR=\"${{ inputs.flatpak_remote_refs_dir }}\"" + vars="${vars} \"FLATPAK_REMOTE_REFS_DIR=${{ inputs.flatpak_remote_refs_dir }}\"" fi fi docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ${image}:${tag} \ - ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \ - ARCH="${{ inputs.arch }}" \ - DNF_CACHE="/cache/dnf" \ - ENROLLMENT_PASSWORD="${{ inputs.enrollment_password }}" \ - FLATPAK_REMOTE_NAME="${{ inputs.flatpak_remote_name }}" \ + "ADDITIONAL_TEMPLATES=${{ inputs.additional_templates }}" \ + "ARCH=${{ inputs.arch }}" \ + "DNF_CACHE=/cache/dnf" \ + "ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }}" \ + "FLATPAK_REMOTE_NAME=${{ inputs.flatpak_remote_name }}" \ ${vars} \ - FLATPAK_REMOTE_URL="${{ inputs.flatpak_remote_url }}" \ - FLATPAK_DIR="${{ steps.flatpak_dependencies.outputs.flatpak_dir && format('/github/workspace/{0}', steps.flatpak_dependencies.outputs.flatpak_dir) || '' }}" \ - IMAGE_NAME="${{ inputs.image_name }}" \ - IMAGE_REPO="${{ inputs.image_repo }}" \ - IMAGE_TAG="${{ inputs.image_tag || inputs.version }}" \ - SECURE_BOOT_KEY_URL="${{ inputs.secure_boot_key_url }}" \ - VARIANT="${{ inputs.variant }}" \ - VERSION="${{ inputs.version }}" \ - WEB_UI="${{ inputs.web_ui }}" + "FLATPAK_REMOTE_URL=${{ inputs.flatpak_remote_url }}" \ + "FLATPAK_DIR=${{ steps.flatpak_dependencies.outputs.flatpak_dir && format('/github/workspace/{0}', steps.flatpak_dependencies.outputs.flatpak_dir) || '' }}" \ + "IMAGE_NAME=${{ inputs.image_name }}" \ + "IMAGE_REPO=${{ inputs.image_repo }}" \ + "IMAGE_TAG=${{ inputs.image_tag || inputs.version }}" \ + "SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }}" \ + "VARIANT=${{ inputs.variant }}" \ + "VERSION=${{ inputs.version }}" \ + "WEB_UI=${{ inputs.web_ui }}" - name: Save dnf cache env: From 1c3069fbf353c45adbcc514ab04028263ed70878 Mon Sep 17 00:00:00 2001 From: "Jason N." <33561705+JasonN3@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:52:45 -0400 Subject: [PATCH 41/92] revert last commit --- action.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/action.yml b/action.yml index 1137168..c856f54 100644 --- a/action.yml +++ b/action.yml @@ -210,27 +210,27 @@ runs: else if [[ -n "${{ inputs.flatpak_remote_refs }}" ]] then - vars="${vars} \"FLATPAK_REMOTE_REFS=${{ inputs.flatpak_remote_refs }}\"" + vars="${vars} FLATPAK_REMOTE_REFS=\"${{ inputs.flatpak_remote_refs }}\"" else - vars="${vars} \"FLATPAK_REMOTE_REFS_DIR=${{ inputs.flatpak_remote_refs_dir }}\"" + vars="${vars} FLATPAK_REMOTE_REFS_DIR=\"${{ inputs.flatpak_remote_refs_dir }}\"" fi fi docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ${image}:${tag} \ - "ADDITIONAL_TEMPLATES=${{ inputs.additional_templates }}" \ - "ARCH=${{ inputs.arch }}" \ - "DNF_CACHE=/cache/dnf" \ - "ENROLLMENT_PASSWORD=${{ inputs.enrollment_password }}" \ - "FLATPAK_REMOTE_NAME=${{ inputs.flatpak_remote_name }}" \ + ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \ + ARCH="${{ inputs.arch }}" \ + DNF_CACHE="/cache/dnf" \ + ENROLLMENT_PASSWORD="${{ inputs.enrollment_password }}" \ + FLATPAK_REMOTE_NAME="${{ inputs.flatpak_remote_name }}" \ ${vars} \ - "FLATPAK_REMOTE_URL=${{ inputs.flatpak_remote_url }}" \ - "FLATPAK_DIR=${{ steps.flatpak_dependencies.outputs.flatpak_dir && format('/github/workspace/{0}', steps.flatpak_dependencies.outputs.flatpak_dir) || '' }}" \ - "IMAGE_NAME=${{ inputs.image_name }}" \ - "IMAGE_REPO=${{ inputs.image_repo }}" \ - "IMAGE_TAG=${{ inputs.image_tag || inputs.version }}" \ - "SECURE_BOOT_KEY_URL=${{ inputs.secure_boot_key_url }}" \ - "VARIANT=${{ inputs.variant }}" \ - "VERSION=${{ inputs.version }}" \ - "WEB_UI=${{ inputs.web_ui }}" + FLATPAK_REMOTE_URL="${{ inputs.flatpak_remote_url }}" \ + FLATPAK_DIR="${{ steps.flatpak_dependencies.outputs.flatpak_dir && format('/github/workspace/{0}', steps.flatpak_dependencies.outputs.flatpak_dir) || '' }}" \ + IMAGE_NAME="${{ inputs.image_name }}" \ + IMAGE_REPO="${{ inputs.image_repo }}" \ + IMAGE_TAG="${{ inputs.image_tag || inputs.version }}" \ + SECURE_BOOT_KEY_URL="${{ inputs.secure_boot_key_url }}" \ + VARIANT="${{ inputs.variant }}" \ + VERSION="${{ inputs.version }}" \ + WEB_UI="${{ inputs.web_ui }}" - name: Save dnf cache env: From e514eda57415285baa4ec5c65d296d13cfdf665a Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 26 Mar 2024 20:41:20 -0400 Subject: [PATCH 42/92] fix badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0e8611f..f386545 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/build-and-test.yml/badge.svg?event=push) +![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/tests.yml/badge.svg?event=push) # Build Container Installer Action This action is used to enerate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer` From 41e2ae1242c3ae106f01fb6e5ff0d4788d027e1e Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Wed, 27 Mar 2024 15:06:16 -0400 Subject: [PATCH 43/92] Fix version tag (#90) --- .github/workflows/build_container.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 23966d1..174d39b 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -69,8 +69,9 @@ jobs: tags: | type=ref,event=branch type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} + type=semver,pattern=v{{version}} + type=semver,pattern=v{{major}}.{{minor}} + type=semver,pattern=v{{major}}.{{minor}}.{{patch}} - name: Docker meta for PR if: inputs.pr From 5d818dc7f1ab24b6f3c24a68ec06290941c2b51a Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Wed, 27 Mar 2024 15:31:20 -0400 Subject: [PATCH 44/92] Delete untagged packages (#91) --- .github/workflows/clean_repo.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/clean_repo.yml diff --git a/.github/workflows/clean_repo.yml b/.github/workflows/clean_repo.yml new file mode 100644 index 0000000..cd84fec --- /dev/null +++ b/.github/workflows/clean_repo.yml @@ -0,0 +1,19 @@ +on: + #schedule: + # - cron: '39 21 * * *' + + workflow_dispatch: + +jobs: + build-container: + name: Delete untagged packages + runs-on: ubuntu-latest + steps: + - name: Dlete Untagged packages + uses: Chizkiyahu/delete-untagged-ghcr-action@v3 + with: + token: ${{ secrets.PACKAGE_DELETER }} + repository_owner: ${{ github.repository_owner }} + repository: ${{ github.repository }} + untagged_only: true + owner_type: user \ No newline at end of file From 7311a1d4c8716f329419a97cdb4148169cfcb2d2 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Wed, 27 Mar 2024 17:02:56 -0400 Subject: [PATCH 45/92] Clean repo of old packages (#92) --- .github/workflows/clean_repo.yml | 144 ++++++++++++++++++++++++++++--- .github/workflows/stale.yml | 2 +- 2 files changed, 135 insertions(+), 11 deletions(-) diff --git a/.github/workflows/clean_repo.yml b/.github/workflows/clean_repo.yml index cd84fec..7c4de9f 100644 --- a/.github/workflows/clean_repo.yml +++ b/.github/workflows/clean_repo.yml @@ -1,19 +1,143 @@ +name: Clean Container Registry on: - #schedule: - # - cron: '39 21 * * *' + schedule: + - cron: '0 21 * * 0' workflow_dispatch: jobs: - build-container: - name: Delete untagged packages + delete_untagged: + name: Delete Untagged Packages runs-on: ubuntu-latest steps: - - name: Dlete Untagged packages + - name: Delete Untagged Packages uses: Chizkiyahu/delete-untagged-ghcr-action@v3 with: - token: ${{ secrets.PACKAGE_DELETER }} - repository_owner: ${{ github.repository_owner }} - repository: ${{ github.repository }} - untagged_only: true - owner_type: user \ No newline at end of file + token: ${{ secrets.PACKAGE_DELETER }} + repository_owner: ${{ github.repository_owner }} + repository: ${{ github.repository }} + untagged_only: true + owner_type: user + + delete_old_pr: + name: Delete Old PR Packages + runs-on: ubuntu-latest + permissions: + packages: read + steps: + - name: Delete Old PR Packages + id: all_tags + run: | + curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ github.token }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "https://api.github.com/user/packages/container/build-container-installer/versions" > all_packages.json + curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ github.token }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/${{ github.repository }}/pulls | \ + jq -r '.[] | select(.state == "open") | .number' | \ + sed 's/^/pr-/g' > open_prs + cat << EOF | python + import json + import re + + prs = open("open_prs", "r") + open_prs = prs.readlines() + open_prs = [x.strip() for x in open_prs] + + all_packages = open('all_packages.json') + data = json.load(all_packages) + + delete_versions = open("delete_versions", "w") + + for i in data: + delete = True + for tag in i['metadata']['container']['tags']: + if not re.match('pr-.*', tag): + delete = False + continue + if tag in open_prs: + delete = False + if delete: + print("delete", i['id']) + delete_versions.write(str(i['id'])) + delete_versions.write("\n") + print(i['metadata']['container']['tags']) + EOF + + for id in $(cat delete_versions) + do + curl -L \ + -X DELETE \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ secrets.PACKAGE_DELETER }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/user/packages/container/build-container-installer/versions/${id} + done + + + delete_old_branches: + name: Delete Old Branch Packages + runs-on: ubuntu-latest + permissions: + packages: read + steps: + - name: Delete Old Branch Packages + run: | + curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ github.token }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "https://api.github.com/user/packages/container/build-container-installer/versions" > all_packages.json + curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ github.token }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/${{ github.repository }}/branches | jq -r '.[].name' > branches + + cat << EOF | python + import json + import re + + branches_f = open("branches", "r") + branches = branches_f.readlines() + branches = [x.strip() for x in branches] + + all_packages_f = open('all_packages.json') + data = json.load(all_packages_f) + + delete_versions = open("delete_versions", "w") + + for i in data: + delete = True + for tag in i['metadata']['container']['tags']: + if re.match('v[0-9]+\\\.[0-9]+\\\.[0-9]+', tag): + delete = False + continue + if re.match('pr-.*', tag): + delete = False + continue + if tag in branches: + delete = False + continue + if tag == "latest": + delete = False + if delete: + print("delete", i['id']) + delete_versions.write(str(i['id'])) + delete_versions.write("\n") + print(i['metadata']['container']['tags']) + EOF + + for id in $(cat delete_versions) + do + curl -L \ + -X DELETE \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ secrets.PACKAGE_DELETER }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/user/packages/container/build-container-installer/versions/${id} + done diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 6ad1c0a..5606c09 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,7 +7,7 @@ name: Mark stale issues and pull requests on: schedule: - - cron: '39 21 * * *' + - cron: '0 21 * * *' jobs: stale: From bcc5ae23a13c6b851bd7a8ddf2a2cf13d9a29ebf Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Thu, 28 Mar 2024 20:53:36 -0400 Subject: [PATCH 46/92] Pass Flatpak vars directly and let Makefile figure it out from there (#94) --- .github/workflows/build_iso.yml | 111 ++++++++++++++++++++++++++++++++ action.yml | 12 +--- 2 files changed, 114 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 572cdbf..03ef271 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -158,3 +158,114 @@ jobs: context: ${{ env.JOB_NAME }} (${{ matrix.version }}) sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} + + build_iso_no_flatpaks: + name: Build ISO without Flatpaks + env: + JOB_NAME: Build ISO without Flatpaks + runs-on: ubuntu-latest + needs: + - load_vars + permissions: + contents: read + statuses: write + continue-on-error: false + strategy: + fail-fast: false + matrix: + version: + - 38 + - 39 + - 40 + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Switch branch + if: inputs.pr + env: + GITHUB_USER: ${{ github.actor }} + GITHUB_TOKEN: ${{ github.token }} + run: | + sudo apt-get update + sudo apt-get install -y hub + hub pr checkout ${{ inputs.pr }} + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV + + - name: Get Current Job Log URL + if: inputs.pr && always() + uses: Tiryoh/gha-jobid-action@v1 + id: jobs + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: pending + context: ${{ env.JOB_NAME }} (${{ matrix.version }}) + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} + + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + + # all of these default to true, but feel free to set to + # "false" if necessary for your workflow + android: true + dotnet: true + haskell: true + large-packages: true + docker-images: true + swap-storage: true + + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v6 + with: + string: ${{ needs.load_vars.outputs.IMAGE_REPO }} + + - name: Get image version + id: meta + uses: docker/metadata-action@v5 + with: + tags: | + type=ref,event=branch + type=ref,event=pr + + - name: Login to Registry + run: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin + + - name: Build ISO + uses: ./ + id: build + with: + arch: ${{ needs.load_vars.outputs.ARCH }} + image_name: ${{ needs.load_vars.outputs.IMAGE_NAME }} + image_repo: ${{ needs.load_vars.outputs.IMAGE_REPO }} + image_tag: ${{ matrix.version }} + version: ${{ matrix.version }} + variant: ${{ needs.load_vars.outputs.VARIANT }} + secure_boot_key_url: ${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} + enrollment_password: ${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} + iso_name: ${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}.iso + + - name: Set status + if: inputs.pr && always() + uses: myrotvorets/set-commit-status-action@v2.0.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + status: ${{ job.status }} + context: ${{ env.JOB_NAME }} (${{ matrix.version }}) + sha: ${{ env.sha }} + targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/action.yml b/action.yml index c856f54..b44a230 100644 --- a/action.yml +++ b/action.yml @@ -135,7 +135,7 @@ runs: mkdir /cache/skopeo || true - name: Determine Flatpak dependencies - if: inputs.enable_flatpak_dependencies == 'true' + if: inputs.enable_flatpak_dependencies == 'true' && (inputs.flatpak_remote_refs != '' || inputs.flatpak_remote_refs_dir != '') id: flatpak_dependencies shell: bash run: | @@ -207,13 +207,6 @@ runs: then echo "ERROR: flatpak_remote_refs is mutually exclusive to flatpak_remote_refs_dir" exit 1 - else - if [[ -n "${{ inputs.flatpak_remote_refs }}" ]] - then - vars="${vars} FLATPAK_REMOTE_REFS=\"${{ inputs.flatpak_remote_refs }}\"" - else - vars="${vars} FLATPAK_REMOTE_REFS_DIR=\"${{ inputs.flatpak_remote_refs_dir }}\"" - fi fi docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ${image}:${tag} \ ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \ @@ -221,7 +214,8 @@ runs: DNF_CACHE="/cache/dnf" \ ENROLLMENT_PASSWORD="${{ inputs.enrollment_password }}" \ FLATPAK_REMOTE_NAME="${{ inputs.flatpak_remote_name }}" \ - ${vars} \ + FLATPAK_REMOTE_REFS="${{ inputs.flatpak_remote_refs }}" \ + FLATPAK_REMOTE_REFS_DIR="${{ inputs.flatpak_remote_refs_dir }}" \ FLATPAK_REMOTE_URL="${{ inputs.flatpak_remote_url }}" \ FLATPAK_DIR="${{ steps.flatpak_dependencies.outputs.flatpak_dir && format('/github/workspace/{0}', steps.flatpak_dependencies.outputs.flatpak_dir) || '' }}" \ IMAGE_NAME="${{ inputs.image_name }}" \ From 2c44ea70434c493483a2a50f8209ac96ab3f740f Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 2 Apr 2024 15:25:13 -0400 Subject: [PATCH 47/92] Add dependabot (#96) --- .github/dependabot.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..00c7839 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "github-actions" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" + - package-ecosystem: "github-actions" # See documentation for possible values + directory: "/external" # Location of package manifests + schedule: + interval: "daily" + ignore: + - dependency-name: "lorax" From 7e04293093062d8ce9d10f5cd5b6f059b3153ba8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Apr 2024 20:27:54 -0400 Subject: [PATCH 48/92] Bump Chizkiyahu/delete-untagged-ghcr-action from 3 to 4 (#98) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/clean_repo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/clean_repo.yml b/.github/workflows/clean_repo.yml index 7c4de9f..b1e1368 100644 --- a/.github/workflows/clean_repo.yml +++ b/.github/workflows/clean_repo.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Delete Untagged Packages - uses: Chizkiyahu/delete-untagged-ghcr-action@v3 + uses: Chizkiyahu/delete-untagged-ghcr-action@v4 with: token: ${{ secrets.PACKAGE_DELETER }} repository_owner: ${{ github.repository_owner }} From 662f1a94e4ae47f00cbc9971d64e5b9196d05ff0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Apr 2024 20:29:36 -0400 Subject: [PATCH 49/92] Bump actions/stale from 5 to 9 (#97) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 5606c09..ac6193f 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v5 + - uses: actions/stale@v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'Issue is stale and will be closed in 14 days if there is no further activity' From b66942028775874f29911500fae946748651d131 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Thu, 4 Apr 2024 16:32:52 -0400 Subject: [PATCH 50/92] Split Makfile and move workflow to Makefile (#88) Co-authored-by: codacy-production[bot] <61871480+codacy-production[bot]@users.noreply.github.com> --- .github/workflows/bot_commands.yml | 6 - .github/workflows/build_container.yml | 2 + .github/workflows/build_iso.yml | 157 ++-------- .github/workflows/build_vars.yml | 4 + .github/workflows/test_deployment.yml | 102 ++----- .github/workflows/test_iso.yml | 40 ++- .../{variables.yml => test_repo.yml} | 7 +- .github/workflows/tests.yml | 76 ++++- .gitignore | 6 +- .vscode/settings.json | 5 + Containerfile | 2 +- Makefile | 280 +++++------------- Makefile.inputs | 24 ++ README.md | 43 +-- action.yml | 101 +++---- container/Makefile | 11 + entrypoint.sh | 24 +- external/Makefile | 12 + flatpaks/Makefile | 42 +++ lorax_templates/Makefile | 48 +++ repos/Makefile | 15 + test/Makefile | 23 ++ test/iso/Makefile | 25 ++ {tests => test}/iso/README.md | 0 {tests => test}/iso/flatpak_repo_updated.sh | 13 +- test/iso/install_hash.sh | 14 + {tests => test}/iso/install_os-release.sh | 2 +- test/repo/Makefile | 11 + test/repo/vars.py | 118 ++++++++ test/vm/Makefile | 100 +++++++ {tests => test}/vm/README.md | 0 test/vm/files/ks.cfg | 9 + .../vm/flatpak_fedora_repo_disabled.yml | 2 +- {tests => test}/vm/flatpak_installed.yml | 0 {tests => test}/vm/flatpak_update.yml | 2 +- {tests => test}/vm/install_image_source.yml | 0 tests/repo/vars.sh | 39 --- xorriso/Makefile | 13 + xorriso/gen_input.sh | 50 ++++ xorriso/gen_input.sh.in | 37 --- 40 files changed, 800 insertions(+), 665 deletions(-) rename .github/workflows/{variables.yml => test_repo.yml} (74%) create mode 100644 .vscode/settings.json create mode 100644 Makefile.inputs create mode 100644 container/Makefile create mode 100644 external/Makefile create mode 100644 flatpaks/Makefile create mode 100644 lorax_templates/Makefile create mode 100644 repos/Makefile create mode 100644 test/Makefile create mode 100644 test/iso/Makefile rename {tests => test}/iso/README.md (100%) rename {tests => test}/iso/flatpak_repo_updated.sh (51%) create mode 100644 test/iso/install_hash.sh rename {tests => test}/iso/install_os-release.sh (72%) create mode 100644 test/repo/Makefile create mode 100755 test/repo/vars.py create mode 100644 test/vm/Makefile rename {tests => test}/vm/README.md (100%) create mode 100644 test/vm/files/ks.cfg rename {tests => test}/vm/flatpak_fedora_repo_disabled.yml (90%) rename {tests => test}/vm/flatpak_installed.yml (100%) rename {tests => test}/vm/flatpak_update.yml (91%) rename {tests => test}/vm/install_image_source.yml (100%) delete mode 100644 tests/repo/vars.sh create mode 100644 xorriso/Makefile create mode 100644 xorriso/gen_input.sh delete mode 100644 xorriso/gen_input.sh.in diff --git a/.github/workflows/bot_commands.yml b/.github/workflows/bot_commands.yml index c6ced5d..44522d1 100644 --- a/.github/workflows/bot_commands.yml +++ b/.github/workflows/bot_commands.yml @@ -85,9 +85,6 @@ jobs: with: pr: ${{ github.event.issue.number }} parent_job_name: Run ISO Tests - iso_name-38: ${{ needs.load_vars.outputs.IMAGE_NAME }}-38.iso - iso_name-39: ${{ needs.load_vars.outputs.IMAGE_NAME }}-39.iso - iso_name-40: ${{ needs.load_vars.outputs.IMAGE_NAME }}-40.iso run_test_deployment: name: Run ISO Deployment Tests @@ -106,6 +103,3 @@ jobs: with: pr: ${{ github.event.issue.number }} parent_job_name: Run ISO Deployment Tests - iso_name-38: ${{ needs.load_vars.outputs.IMAGE_NAME }}-38.iso - iso_name-39: ${{ needs.load_vars.outputs.IMAGE_NAME }}-39.iso - iso_name-40: ${{ needs.load_vars.outputs.IMAGE_NAME }}-40.iso diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 174d39b..00c8e5e 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -1,3 +1,5 @@ +name: Build Container + on: workflow_call: inputs: diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 03ef271..c55870b 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -1,3 +1,5 @@ +name: Build ISO + on: workflow_call: inputs: @@ -7,16 +9,15 @@ on: parent_job_name: required: true type: string - outputs: - iso_name-38: - description: "Version 38 ISO Name" - value: ${{ jobs.build_iso.outputs.iso_name-38 }} - iso_name-39: - description: "Version 39 ISO Name" - value: ${{ jobs.build_iso.outputs.iso_name-39 }} - iso_name-40: - description: "Version 40 ISO Name" - value: ${{ jobs.build_iso.outputs.iso_name-40 }} + flatpaks_refs: + required: false + type: string + flatpaks_refs_dir: + required: false + type: string + suffix: + required: false + type: string jobs: load_vars: @@ -38,14 +39,7 @@ jobs: strategy: fail-fast: false matrix: - version: - - 38 - - 39 - - 40 - outputs: - iso_name-38: ${{ steps.save_output.outputs.iso_name-38 }} - iso_name-39: ${{ steps.save_output.outputs.iso_name-39 }} - iso_name-40: ${{ steps.save_output.outputs.iso_name-40 }} + version: ${{ fromJson(needs.load_vars.outputs.BUILD_VERSIONS) }} steps: - name: Checkout uses: actions/checkout@v4 @@ -125,25 +119,20 @@ jobs: image_tag: ${{ matrix.version }} version: ${{ matrix.version }} variant: ${{ needs.load_vars.outputs.VARIANT }} - flatpak_remote_refs_dir: /github/workspace/${{ needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR }} + flatpak_remote_refs: ${{ inputs.flatpaks_refs }} + flatpak_remote_refs_dir: ${{ inputs.flatpaks_refs_dir }} secure_boot_key_url: ${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} enrollment_password: ${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} - iso_name: ${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}.iso - - - name: Save output - id: save_output - shell: bash - run: | - echo "iso_name-${{ matrix.version }}=${{ steps.build.outputs.iso_name}}" >> $GITHUB_OUTPUT + iso_name: build/${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso - name: Upload ISO as artifact id: upload uses: actions/upload-artifact@v4 with: - name: ${{ steps.build.outputs.iso_name }} + name: ${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }} path: | - ${{ steps.build.outputs.iso_path }} - ${{ steps.build.outputs.iso_path }}-CHECKSUM + build/${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso + build/${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso-CHECKSUM if-no-files-found: error retention-days: 0 compression-level: 0 @@ -159,113 +148,3 @@ jobs: sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} - build_iso_no_flatpaks: - name: Build ISO without Flatpaks - env: - JOB_NAME: Build ISO without Flatpaks - runs-on: ubuntu-latest - needs: - - load_vars - permissions: - contents: read - statuses: write - continue-on-error: false - strategy: - fail-fast: false - matrix: - version: - - 38 - - 39 - - 40 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Switch branch - if: inputs.pr - env: - GITHUB_USER: ${{ github.actor }} - GITHUB_TOKEN: ${{ github.token }} - run: | - sudo apt-get update - sudo apt-get install -y hub - hub pr checkout ${{ inputs.pr }} - echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV - - - name: Get Current Job Log URL - if: inputs.pr && always() - uses: Tiryoh/gha-jobid-action@v1 - id: jobs - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" - - - name: Set status - if: inputs.pr && always() - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: pending - context: ${{ env.JOB_NAME }} (${{ matrix.version }}) - sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} - - - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@main - with: - # this might remove tools that are actually needed, - # if set to "true" but frees about 6 GB - tool-cache: false - - # all of these default to true, but feel free to set to - # "false" if necessary for your workflow - android: true - dotnet: true - haskell: true - large-packages: true - docker-images: true - swap-storage: true - - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v6 - with: - string: ${{ needs.load_vars.outputs.IMAGE_REPO }} - - - name: Get image version - id: meta - uses: docker/metadata-action@v5 - with: - tags: | - type=ref,event=branch - type=ref,event=pr - - - name: Login to Registry - run: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - - name: Build ISO - uses: ./ - id: build - with: - arch: ${{ needs.load_vars.outputs.ARCH }} - image_name: ${{ needs.load_vars.outputs.IMAGE_NAME }} - image_repo: ${{ needs.load_vars.outputs.IMAGE_REPO }} - image_tag: ${{ matrix.version }} - version: ${{ matrix.version }} - variant: ${{ needs.load_vars.outputs.VARIANT }} - secure_boot_key_url: ${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} - enrollment_password: ${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} - iso_name: ${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}.iso - - - name: Set status - if: inputs.pr && always() - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - status: ${{ job.status }} - context: ${{ env.JOB_NAME }} (${{ matrix.version }}) - sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index 3ec77e8..ce4e273 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -1,8 +1,12 @@ +name: Build Vars + on: workflow_call: outputs: ARCH: value: 'x86_64' + BUILD_VERSIONS: + value: '[38, 39, 40]' IMAGE_NAME: value: 'base' IMAGE_REPO: diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml index e1951be..d2e8259 100644 --- a/.github/workflows/test_deployment.yml +++ b/.github/workflows/test_deployment.yml @@ -1,3 +1,5 @@ +name: Test Deployment + on: workflow_call: inputs: @@ -7,18 +9,16 @@ on: parent_job_name: required: true type: string - iso_name-38: - required: true + flatpaks_refs: + required: false type: string - iso_name-39: - required: true + flatpaks_refs_dir: + required: false type: string - iso_name-40: - required: true + suffix: + required: false type: string - - jobs: load_vars: name: Load Variables @@ -38,10 +38,7 @@ jobs: strategy: fail-fast: false matrix: - version: - - 38 - - 39 - - 40 + version: ${{ fromJson(needs.load_vars.outputs.BUILD_VERSIONS) }} steps: - name: Checkout uses: actions/checkout@v4 @@ -80,98 +77,33 @@ jobs: - name: Install test tools run: | sudo apt-get update - sudo apt-get install -y make - sudo make install-test-deps PACKAGE_MANAGER=apt-get + sudo apt-get install -y unzip make + sudo make test/vm/install-deps PACKAGE_MANAGER=apt-get - name: Download generated ISO uses: actions/download-artifact@v4 with: - name: ${{ inputs[format('iso_name-{0}', matrix.version)] }} + name: ${{ format('{0}-{1}', needs.load_vars.outputs.IMAGE_NAME, matrix.version) }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }} - - name: Add Kickstart and Grub options to ISO - run: | - mv ${{ inputs[format('iso_name-{0}', matrix.version)] }} deploy.iso - sudo mkdir /mnt/iso || true - sudo mount -o loop deploy.iso /mnt/iso - cp /mnt/iso/boot/grub2/grub.cfg grub.cfg - sudo umount /mnt/iso - sed -i 's/quiet/console=ttyS0,115200n8 inst.ks=cdrom:\/ks.cfg/' grub.cfg - sed -i 's/set default="1"/set default="0"/' grub.cfg - sed -i 's/set timeout=60/set timeout=1/' grub.cfg - cat << EOF > ks.cfg - lang en_US.UTF-8 - keyboard us - timezone Americas/New_York - zerombr - clearpart --all --initlabel - autopart - poweroff - user --name=core --groups=wheel --password=foobar - %include /usr/share/anaconda/interactive-defaults.ks - EOF - xorriso -dialog on << EOF - -indev deploy.iso - -outdev test.iso - -boot_image any replay - -map ks.cfg ks.cfg - -chmod 0444 ks.cfg - -map grub.cfg boot/grub2/grub.cfg - -end - EOF - - - name: Create VM disk - run: | - qemu-img create -f qcow2 disk.qcow2 50G - - - name: Install the test VM - run: | - timeout 1h qemu-system-x86_64 -name "Anaconda" -boot d -m 4096 -cpu qemu64 -display none -cdrom test.iso -smp 2 -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & QEMU_PID=$! - echo "PID: $QEMU_PID" - timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" - (nc localhost 4321 | tee vm.stdout) & - wait $QEMU_PID - - - name: Start the test VM + - name: Run VM Tests env: VM_USER: core VM_PASS: foobar VM_IP: "127.0.0.1" VM_PORT: "5555" run: | - mkfifo vm.stdin - qemu-system-x86_64 -name "Anaconda" \ - -m 4096 -cpu qemu64 -display none -smp 2 \ - -chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0 \ - -device e1000,netdev=net0 \ - -netdev user,id=net0,hostfwd=tcp::${VM_PORT}-:22 \ - -device virtio-serial \ - -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \ - -boot c -hda disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & export QEMU_PID=$! - echo "PID: $QEMU_PID" - - timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" - (tail -f vm.stdin | nc localhost 4321 | tee vm.stdout) & - - timeout 30m bash -c "while ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}); do sleep 1; done" - - if ! (echo > /dev/tcp/${VM_IP}/${VM_PORT}) - then - echo "SSH must be installed and enabled inside the container" - fi - - echo "VM ready for tests at IP ${VM_IP}:${VM_PORT}" - - make test-vm VM_IP=${VM_IP} VM_PORT=${VM_PORT} VM_USER=${VM_USER} VM_PASS=${VM_PASS} \ + make test/vm ISO_NAME=${{ format('{0}-{1}', needs.load_vars.outputs.IMAGE_NAME, matrix.version) }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso \ + VM_IP=${VM_IP} VM_PORT=${VM_PORT} VM_USER=${VM_USER} VM_PASS=${VM_PASS} \ ARCH=${{ needs.load_vars.outputs.ARCH}} \ IMAGE_NAME=${{ needs.load_vars.outputs.IMAGE_NAME}} \ IMAGE_REPO=${{ needs.load_vars.outputs.IMAGE_REPO}} \ IMAGE_TAG=${{ matrix.version }} \ VERSION=${{ matrix.version }} \ VARIANT=${{ needs.load_vars.outputs.VARIANT }} \ - FLATPAK_REMOTE_REFS_DIR=${{ needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR }} \ + ${{ inputs.flatpaks_refs && format('FLATPAK_REMOTE_REFS="{0}"', inputs.flatpaks_refs) || '' }} \ + ${{ inputs.flatpaks_refs_dir && format('FLATPAK_REMOTE_REFS_DIR="{0}"', inputs.flatpaks_refs_dir) || '' }} \ SECURE_BOOT_KEY_URL=${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} \ ENROLLMENT_PASSWORD=${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} - kill $QEMU_PID - name: Set status if: inputs.pr && always() diff --git a/.github/workflows/test_iso.yml b/.github/workflows/test_iso.yml index be442a3..c4f0bec 100644 --- a/.github/workflows/test_iso.yml +++ b/.github/workflows/test_iso.yml @@ -1,3 +1,5 @@ +name: Test ISO + on: workflow_call: inputs: @@ -7,16 +9,15 @@ on: parent_job_name: required: true type: string - iso_name-38: - required: true + flatpaks_refs: + required: false type: string - iso_name-39: - required: true + flatpaks_refs_dir: + required: false type: string - iso_name-40: - required: true - type: string - + suffix: + required: false + type: string jobs: load_vars: @@ -37,10 +38,7 @@ jobs: strategy: fail-fast: false matrix: - version: - - 38 - - 39 - - 40 + version: ${{ fromJson(needs.load_vars.outputs.BUILD_VERSIONS) }} steps: - name: Checkout uses: actions/checkout@v4 @@ -80,31 +78,27 @@ jobs: run: | sudo apt-get update sudo apt-get install -y make - sudo make install-test-deps PACKAGE_MANAGER=apt-get + sudo make test/iso/install-deps PACKAGE_MANAGER=apt-get - name: Download generated ISO uses: actions/download-artifact@v4 with: - name: ${{ inputs[format('iso_name-{0}', matrix.version)] }} - - - name: Verify ISO - run: | - checkisomd5 ${{ inputs[format('iso_name-{0}', matrix.version)] }} - sha256sum -c ${{ inputs[format('iso_name-{0}', matrix.version)] }}-CHECKSUM + name: ${{ format('{0}-{1}', needs.load_vars.outputs.IMAGE_NAME, matrix.version) }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }} - name: Run ISO checks run: | - mv ${{ inputs[format('iso_name-{0}', matrix.version)] }} deploy.iso - make test-iso \ + make test/iso \ ARCH=${{ needs.load_vars.outputs.ARCH}} \ IMAGE_NAME=${{ needs.load_vars.outputs.IMAGE_NAME}} \ IMAGE_REPO=${{ needs.load_vars.outputs.IMAGE_REPO}} \ IMAGE_TAG=${{ matrix.version }} \ VERSION=${{ matrix.version }} \ VARIANT=${{ needs.load_vars.outputs.VARIANT }} \ - FLATPAK_REMOTE_REFS_DIR=${{ needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR }} \ + ${{ inputs.flatpaks_refs && format('FLATPAK_REMOTE_REFS="{0}"', inputs.flatpaks_refs) || '' }} \ + ${{ inputs.flatpaks_refs_dir && format('FLATPAK_REMOTE_REFS_DIR="{0}"', inputs.flatpaks_refs_dir) || '' }} \ SECURE_BOOT_KEY_URL=${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} \ - ENROLLMENT_PASSWORD=${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} + ENROLLMENT_PASSWORD=${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} \ + ISO_NAME=${{ format('{0}-{1}', needs.load_vars.outputs.IMAGE_NAME, matrix.version) }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso - name: Set status if: inputs.pr && always() diff --git a/.github/workflows/variables.yml b/.github/workflows/test_repo.yml similarity index 74% rename from .github/workflows/variables.yml rename to .github/workflows/test_repo.yml index e697fa0..4c658e3 100644 --- a/.github/workflows/variables.yml +++ b/.github/workflows/test_repo.yml @@ -1,4 +1,4 @@ -name: Repo Tests +name: Test Repo on: push: @@ -24,4 +24,7 @@ jobs: - name: Run test run: | - /bin/bash tests/repo/vars.sh \ No newline at end of file + sudo apt-get update + sudo apt-get install -y make + sudo make test/repo/install-deps + make test/repo \ No newline at end of file diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 506c430..b715490 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,4 +1,4 @@ -name: Tests +name: All Tests on: push: @@ -31,6 +31,72 @@ jobs: pr: ${{ inputs.pr }} parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build Container + build_iso_flatpaks: + name: Build ISO with Flatpaks + needs: + - build_container + uses: ./.github/workflows/build_iso.yml + with: + pr: ${{ inputs.pr }} + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build ISO with Flatpaks + flatpaks_refs_dir: flatpak_refs + suffix: flatpaks + + test_iso_flatpaks: + name: Test ISO with Flatpaks + needs: + - build_iso_flatpaks + uses: ./.github/workflows/test_iso.yml + with: + pr: ${{ inputs.pr }} + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test ISO with Flatpaks + flatpaks_refs_dir: flatpak_refs + suffix: flatpaks + + test_deployment_flatpaks: + name: Test Deployment with Flatpaks + needs: + - build_iso_flatpaks + uses: ./.github/workflows/test_deployment.yml + with: + pr: ${{ inputs.pr }} + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test Deployment with Flatpaks + flatpaks_refs_dir: flatpak_refs + suffix: flatpaks + + build_iso_flatpak_refs: + name: Build ISO with Flatpak Refs + needs: + - build_container + uses: ./.github/workflows/build_iso.yml + with: + pr: ${{ inputs.pr }} + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build ISO with Flatpak Refs + flatpaks_refs: "app/org.mozilla.firefox/x86_64/stable app/org.videolan.VLC/x86_64/stable" + suffix: flatpaks_refs + + test_iso_flatpak_refs: + name: Test ISO with Flatpak Refs + needs: + - build_iso_flatpak_refs + uses: ./.github/workflows/test_iso.yml + with: + pr: ${{ inputs.pr }} + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test ISO with Flatpak Refs + flatpaks_refs: "app/org.mozilla.firefox/x86_64/stable app/org.videolan.VLC/x86_64/stable" + suffix: flatpaks_refs + + test_deployment_flatpak_refs: + name: Test Deployment with Flatpak Refs + needs: + - build_iso_flatpak_refs + uses: ./.github/workflows/test_deployment.yml + with: + pr: ${{ inputs.pr }} + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test Deployment with Flatpak Refs + flatpaks_refs: "app/org.mozilla.firefox/x86_64/stable app/org.videolan.VLC/x86_64/stable" + suffix: flatpaks_refs + build_iso: name: Build ISO needs: @@ -48,9 +114,6 @@ jobs: with: pr: ${{ inputs.pr }} parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test ISO - iso_name-38: ${{ needs.build_iso.outputs.iso_name-38 }} - iso_name-39: ${{ needs.build_iso.outputs.iso_name-39 }} - iso_name-40: ${{ needs.build_iso.outputs.iso_name-40 }} test_deployment: name: Test Deployment @@ -59,7 +122,4 @@ jobs: uses: ./.github/workflows/test_deployment.yml with: pr: ${{ inputs.pr }} - parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test Deployment - iso_name-38: ${{ needs.build_iso.outputs.iso_name-38 }} - iso_name-39: ${{ needs.build_iso.outputs.iso_name-39 }} - iso_name-40: ${{ needs.build_iso.outputs.iso_name-40 }} \ No newline at end of file + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test Deployment \ No newline at end of file diff --git a/.gitignore b/.gitignore index f116d91..df805b5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,13 @@ /debugdata /build +/flatpaks/script.sh +/flatpaks/repo +/flatpaks/list.txt /lorax_templates/post_* /pkglists -/repos +/repos/*.repo /results /xorriso/input.txt -/xorriso/*.sh /original-pkgsizes.txt /final-pkgsizes.txt /lorax.conf diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..8e97809 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "files.associations": { + "Makefile.*": "makefile" + } +} \ No newline at end of file diff --git a/Containerfile b/Containerfile index fc097e5..feed885 100644 --- a/Containerfile +++ b/Containerfile @@ -1,6 +1,6 @@ FROM fedora:40 -ARG VERSION=40 +ARG VERSION=39 ENV ARCH="x86_64" ENV IMAGE_NAME="base" diff --git a/Makefile b/Makefile index b596037..65557ce 100644 --- a/Makefile +++ b/Makefile @@ -1,107 +1,42 @@ -# Configuration vars -## Formatting = UPPERCASE -# General -ADDITIONAL_TEMPLATES = -ARCH = x86_64 -EXTRA_BOOT_PARAMS = -IMAGE_NAME = base -IMAGE_REPO = quay.io/fedora-ostree-desktops -IMAGE_TAG = $(VERSION) -REPOS = $(subst :,\:,$(shell ls /etc/yum.repos.d/*.repo)) -ROOTFS_SIZE = 4 -VARIANT = Server -VERSION = 39 -WEB_UI = false -# Flatpak -FLATPAK_REMOTE_NAME = flathub -FLATPAK_REMOTE_URL = https://flathub.org/repo/flathub.flatpakrepo -FLATPAK_REMOTE_REFS = -FLATPAK_REMOTE_REFS_DIR = -FLATPAK_DIR = -# Secure boot -ENROLLMENT_PASSWORD = -SECURE_BOOT_KEY_URL = +include Makefile.inputs ################### # Hidden vars +export SHELL := /bin/sh # Cache -DNF_CACHE = -PACKAGE_MANAGER = dnf +export DNF_CACHE := +export PACKAGE_MANAGER := dnf # Functions ## Formatting = lowercase # Get a list of templates for the feature # $1 = feature -get_templates = $(shell ls lorax_templates/$(1)_*.tmpl) \ - $(foreach file,$(notdir $(shell ls lorax_templates/scripts/post/$(1)_*)),lorax_templates/post_$(file).tmpl) +define get_templates + $(wildcard lorax_templates/$(1)_*.tmpl) + $(foreach file,$(notdir $(wildcard lorax_templates/scripts/post/$(1)_*)),lorax_templates/post_$(file).tmpl) +endef -# Get a list of tests for the feature -# $1 = test type -# $2 = feature -run_tests = tests="$(shell ls tests/$(1)/$(2)_*)"; \ - if [ -n "$$tests" ]; \ - then \ - chmod +x $$tests; \ - for test in $$tests; \ - do \ - $(foreach var,$(_VARS),$(var)=$($(var))) ./$${test}; \ - RC=$$?; if [ $$RC != 0 ]; then exit $$RC; fi; \ - done; \ - fi - -# Converts a post script to a template -# $1 = script to convert -# $2 = file on ISO to write -# $3 = whether to copy the '<%' lines to the template -convert_post_to_tmpl = header=0; \ - skip=0; \ - while read -r line; \ - do \ - if [[ $$line =~ ^\<\% ]]; \ - then \ - if [[ '$(3)' == 'true' ]]; \ - then \ - echo $$line >> lorax_templates/post_$(1).tmpl; \ - fi; \ - echo >> lorax_templates/post_$(1).tmpl; \ - else \ - if [[ $$header == 0 ]]; \ - then \ - if [[ $$line =~ ^\#\#\ (.*)$$ ]]; \ - then \ - echo "append $(2) \"%post --erroronfail $${BASH_REMATCH[1]}\"" >> lorax_templates/post_$(1).tmpl; \ - skip=1; \ - else \ - echo "append $(2) \"%post --erroronfail\"" >> lorax_templates/post_$(1).tmpl; \ - fi; \ - header=1; \ - fi; \ - if [[ $$skip == 0 ]]; \ - then \ - echo "append $(2) \"$${line//\"/\\\"}\"" >> lorax_templates/post_$(1).tmpl; \ - fi; \ - skip=0; \ - fi; \ - done < lorax_templates/scripts/post/$(1); \ - echo "append $(2) \"%end\"" >> lorax_templates/post_$(1).tmpl +define install_pkg + $(PACKAGE_MANAGER) install -y $(if $(findstring dnf,$(PACKAGE_MANAGER)),--disablerepo='*-testing') +endef +export install_pkg # Generated/internal vars ## Formatting = _UPPERCASE -_BASE_DIR = $(shell pwd) -_IMAGE_REPO_ESCAPED = $(subst /,\/,$(IMAGE_REPO)) -_IMAGE_REPO_DOUBLE_ESCAPED = $(subst \,\\\,$(_IMAGE_REPO_ESCAPED)) -_LORAX_ARGS = -_LORAX_TEMPLATES = $(call get_templates,install) -_REPO_FILES = $(subst /etc/yum.repos.d,repos,$(REPOS)) -_TEMP_DIR = $(shell mktemp -d) -_TEMPLATE_VARS = ARCH _BASE_DIR IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS _RHEL VARIANT VERSION WEB_UI -_VOLID = $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) +_IMAGE_REPO_ESCAPED := $(subst /,\/,$(IMAGE_REPO)) +_IMAGE_REPO_DOUBLE_ESCAPED := $(subst \,\\\,$(_IMAGE_REPO_ESCAPED)) +_LORAX_ARGS := +_LORAX_TEMPLATES := $(call get_templates,install) +_REPO_FILES := $(subst /etc/yum.repos.d,repos,$(REPOS)) +_TEMP_DIR := $(shell mktemp -d) +_TEMPLATE_VARS := ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS _RHEL VARIANT VERSION WEB_UI +_VOLID := $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) -_RHEL = true +_RHEL := true else -_RHEL = false +_RHEL := false endif ifeq ($(_RHEL),true) @@ -123,20 +58,20 @@ _TEMPLATE_VARS += DNF_CACHE endif ifneq ($(FLATPAK_DIR),) -_FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) -_FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) +_FLATPAK_REPO_GPG := $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) +export _FLATPAK_REPO_URL := $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) _LORAX_ARGS += -i flatpak-libs _LORAX_TEMPLATES += $(call get_templates,flatpak) _TEMPLATE_VARS += FLATPAK_DIR FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL else ifneq ($(FLATPAK_REMOTE_REFS_DIR),) -COLLECTED_REFS = $(foreach file,$(shell ls $(FLATPAK_REMOTE_REFS_DIR)/*),$(shell cat $(file))) -FLATPAK_REMOTE_REFS += $(sort $(COLLECTED_REFS)) + COLLECTED_REFS := $(foreach file,$(filter-out README.md Makefile,$(wildcard $(FLATPAK_REMOTE_REFS_DIR)/*)),$(shell cat $(file))) +export FLATPAK_REMOTE_REFS += $(sort $(COLLECTED_REFS)) endif ifneq ($(FLATPAK_REMOTE_REFS),) -_FLATPAK_REPO_GPG = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) -_FLATPAK_REPO_URL = $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) +_FLATPAK_REPO_GPG := $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) +export _FLATPAK_REPO_URL := $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) _LORAX_ARGS += -i flatpak-libs _LORAX_TEMPLATES += $(call get_templates,flatpak) \ external/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl @@ -150,140 +85,63 @@ _LORAX_TEMPLATES += $(call get_templates,secureboot) _TEMPLATE_VARS += ENROLLMENT_PASSWORD endif -# Step 7: Build end ISO +_SUBDIRS := container external flatpak_refs lorax_templates repos xorriso test + +# Create checksum ## Default action -build/deploy.iso: boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt - mkdir $(_BASE_DIR)/build || true - xorriso -dialog on < $(_BASE_DIR)/xorriso/input.txt - implantisomd5 build/deploy.iso +$(ISO_NAME)-CHECKSUM: $(ISO_NAME) + cd $(dir $(ISO_NAME)) && sha256sum $(notdir $(ISO_NAME)) > $(notdir $(ISO_NAME))-CHECKSUM -external/lorax/branch-$(VERSION): - git config advice.detachedHead false - cd external/lorax && git reset --hard HEAD && git checkout tags/$(shell cd external/lorax && git tag -l lorax-$(VERSION).* --sort=creatordate | tail -n 1) - touch external/lorax/branch-$(VERSION) +# Build end ISO +$(ISO_NAME): results/images/boot.iso container/$(IMAGE_NAME)-$(IMAGE_TAG) xorriso/input.txt + $(if $(wildcard $(dir $(ISO_NAME))),,mkdir -p $(dir $(ISO_NAME)); chmod ugo=rwX $(dir $(ISO_NAME))) + xorriso -dialog on < xorriso/input.txt + implantisomd5 $(ISO_NAME) + chmod ugo=r $(ISO_NAME) + $(if $(GITHUB_OUTPUT), echo "iso_name=$(ISO_NAME)" >> $(GITUHB_OUTPUT)) -# Step 1: Generate Lorax Templates -lorax_templates/post_%.tmpl: lorax_templates/scripts/post/% - $(call convert_post_to_tmpl,$*,usr/share/anaconda/post-scripts/$*.ks,true) +# Download the secure boot key +sb_pubkey.der: + curl --fail -L -o sb_pubkey.der $(SECURE_BOOT_KEY_URL) -repos: $(_REPO_FILES) - -# Step 2: Replace vars in repo files -repos/%.repo: /etc/yum.repos.d/%.repo - mkdir repos || true - cp /etc/yum.repos.d/$*.repo $(_BASE_DIR)/repos/$*.repo - sed -i "s/\$$releasever/${VERSION}/g" $(_BASE_DIR)/repos/$*.repo - sed -i "s/\$$basearch/${ARCH}/g" $(_BASE_DIR)/repos/$*.repo - -# Step 3: Build boot.iso using Lorax -boot.iso: external/lorax/branch-$(VERSION) $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) - rm -Rf $(_BASE_DIR)/results || true - mv /etc/rpm/macros.image-language-conf $(_TEMP_DIR)/macros.image-language-conf || true - - # Download the secure boot key - if [ -n "$(SECURE_BOOT_KEY_URL)" ]; \ - then \ - curl --fail -L -o $(_BASE_DIR)/sb_pubkey.der $(SECURE_BOOT_KEY_URL); \ - fi +# Build boot.iso using Lorax +results/images/boot.iso: external/lorax/branch-$(VERSION) $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) $(if $(SECURE_BOOT_KEY_URL),sb_pubkey.der) + $(if $(wildcard results), rm -Rf results) + $(if $(wildcard /etc/rpm/macros.image-language-conf),mv /etc/rpm/macros.image-language-conf $(_TEMP_DIR)/macros.image-language-conf) lorax -p $(IMAGE_NAME) -v $(VERSION) -r $(VERSION) -t $(VARIANT) \ - --isfinal --squashfs-only --buildarch=$(ARCH) --volid=$(_VOLID) --sharedir $(_BASE_DIR)/external/lorax/share/templates.d/99-generic \ + --isfinal --squashfs-only --buildarch=$(ARCH) --volid=$(_VOLID) --sharedir $(PWD)/external/lorax/share/templates.d/99-generic \ $(_LORAX_ARGS) \ - $(foreach file,$(_REPO_FILES),--repo $(_BASE_DIR)/$(file)) \ - $(foreach file,$(_LORAX_TEMPLATES),--add-template $(_BASE_DIR)/$(file)) \ + $(foreach file,$(_REPO_FILES),--repo $(PWD)/$(file)) \ + $(foreach file,$(_LORAX_TEMPLATES),--add-template $(PWD)/$(file)) \ $(foreach file,$(ADDITIONAL_TEMPLATES),--add-template $(file)) \ $(foreach file,$(_FLATPAK_TEMPLATES),--add-template $(file)) \ - $(foreach file,$(_EXTERNAL_TEMPLATES),--add-template $(_BASE_DIR)/external/$(file)) \ + $(foreach file,$(_EXTERNAL_TEMPLATES),--add-template $(PWD)/external/$(file)) \ --rootfs-size $(ROOTFS_SIZE) \ $(foreach var,$(_TEMPLATE_VARS),--add-template-var "$(shell echo $(var) | tr '[:upper:]' '[:lower:]')=$($(var))") \ - $(_BASE_DIR)/results/ - mv $(_BASE_DIR)/results/images/boot.iso $(_BASE_DIR)/ - mv -f $(_TEMP_DIR)/macros.image-language-conf /etc/rpm/macros.image-language-conf || true - -# Step 4: Download container image -container/$(IMAGE_NAME)-$(IMAGE_TAG): - mkdir $(_BASE_DIR)/container || true - skopeo copy docker://$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) oci:$(_BASE_DIR)/container/$(IMAGE_NAME)-$(IMAGE_TAG) - -# Step 5: Generate xorriso script -xorriso/%.sh: xorriso/%.sh.in - sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' results/boot/grub2/grub.cfg - sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' results/EFI/BOOT/grub.cfg - $(eval _VARS = FLATPAK_DIR IMAGE_NAME IMAGE_TAG ARCH VERSION) - $(foreach var,$(_VARS),$(var)=$($(var))) envsubst '$(foreach var,$(_VARS),$$$(var))' < $(_BASE_DIR)/xorriso/$*.sh.in > $(_BASE_DIR)/xorriso/$*.sh - -# Step 6: Generate xorriso input -xorriso/input.txt: xorriso/gen_input.sh - bash $(_BASE_DIR)/xorriso/gen_input.sh | tee $(_BASE_DIR)/xorriso/input.txt + results/ + $(if $(wildcard $(_TEMP_DIR)/macros.image-language-conf),mv -f $(_TEMP_DIR)/macros.image-language-conf /etc/rpm/macros.image-language-conf) +FILES_TO_CLEAN := $(wildcard build debugdata pkglists results original-pkgsizes.txt final-pkgsizes.txt lorax.conf *.iso *log) +.PHONY: clean clean: - rm -Rf $(_BASE_DIR)/build || true - rm -Rf $(_BASE_DIR)/container || true - rm -Rf $(_BASE_DIR)/debugdata || true - rm -Rf $(_BASE_DIR)/pkglists || true - rm -Rf $(_BASE_DIR)/repos || true - rm -Rf $(_BASE_DIR)/results || true - rm -f $(_BASE_DIR)/lorax_templates/*.tmpl || true - rm -f $(_BASE_DIR)/xorriso/input.txt || true - rm -f $(_BASE_DIR)/xorriso/*.sh || true - rm -f $(_BASE_DIR)/{original,final}-pkgsizes.txt || true - rm -f $(_BASE_DIR)/lorax.conf || true - rm -f $(_BASE_DIR)/*.iso || true - rm -f $(_BASE_DIR)/*.log || true + rm -Rf $(FILES_TO_CLEAN) + $(foreach DIR,$(_SUBDIRS),$(MAKE) -w -C $(DIR) clean;) +.PHONY: install-deps install-deps: - if [ "$(PACKAGE_MANAGER)" =~ apt.* ]; then $(PACKAGE_MANAGER) update; fi - $(PACKAGE_MANAGER) install -y lorax xorriso skopeo flatpak dbus-daemon ostree coreutils gettext git - -install-test-deps: - if [ "$(PACKAGE_MANAGER)" =~ apt.* ]; then $(PACKAGE_MANAGER) update; fi - $(PACKAGE_MANAGER) install -y qemu qemu-utils xorriso unzip qemu-system-x86 netcat socat jq isomd5sum ansible make coreutils squashfs-tools + $(install_pkg) lorax xorriso coreutils gettext + $(foreach DIR,$(filter-out test,$(_SUBDIRS)),$(MAKE) -w -C $(DIR) install-deps;) -test: test-iso test-vm +.PHONY: $(_SUBDIRS) $(wildcard test/*) $(wildcard test/*/*) +test $(addsuffix /*,$(_SUBDIRS)): + $(eval DIR=$(firstword $(subst /, ,$@))) + $(if $(filter-out $(DIR),$@), $(eval TARGET=$(subst $(DIR)/,,$@)),$(eval TARGET=)) + $(MAKE) -w -C $(DIR) $(TARGET) -test-repo: - bash tests/repo/vars.sh - -test-iso: - $(eval _VARS = VERSION FLATPAK_REMOTE_NAME _FLATPAK_REPO_URL) - - sudo modprobe loop - sudo mkdir /mnt/iso /mnt/install - sudo mount -o loop deploy.iso /mnt/iso - sudo mount -t squashfs -o loop /mnt/iso/images/install.img /mnt/install - - # install tests - $(call run_tests,iso,install) - - # flapak tests - if [ -n "$(FLATPAK_REMOTE_REFS)" ]; then $(call run_tests,iso,flatpak); fi - - # Cleanup - sudo umount /mnt/install - sudo umount /mnt/iso - -ansible_inventory: - echo "ungrouped:" > ansible_inventory - echo " hosts:" >> ansible_inventory - echo " vm:" >> ansible_inventory - echo " ansible_host: ${VM_IP}" >> ansible_inventory - echo " ansible_port: ${VM_PORT}" >> ansible_inventory - echo " ansible_user: ${VM_USER}" >> ansible_inventory - echo " ansible_password: ${VM_PASS}" >> ansible_inventory - echo " ansible_become_pass: ${VM_PASS}" >> ansible_inventory - echo " ansible_ssh_common_args: '-o StrictHostKeyChecking=no'" >> ansible_inventory - -test-vm: ansible_inventory - $(eval _VARS = IMAGE_REPO IMAGE_NAME IMAGE_TAG) - - ansible -i ansible_inventory -m ansible.builtin.wait_for_connection vm - - # install tests - $(call run_tests,vm,install) - - # flapak tests - if [ -n "$(FLATPAK_REMOTE_REFS)" ]; then $(call run_tests,vm,flatpak); fi - -.PHONY: clean install-deps install-test-deps test test-iso test-vm +.DEFAULT: + $(eval DIR=$(firstword $(subst /, ,$@))) + $(if $(filter-out $(DIR),$@), $(eval TARGET=$(subst $(DIR)/,,$@)),$(eval TARGET=)) + $(MAKE) -w -C $(DIR) $(TARGET) diff --git a/Makefile.inputs b/Makefile.inputs new file mode 100644 index 0000000..ad4f333 --- /dev/null +++ b/Makefile.inputs @@ -0,0 +1,24 @@ +# Configuration vars +## Formatting = UPPERCASE +# General +export ADDITIONAL_TEMPLATES := +export ARCH := x86_64 +export EXTRA_BOOT_PARAMS := +export IMAGE_NAME := base +export IMAGE_REPO := quay.io/fedora-ostree-desktops +export IMAGE_TAG = $(VERSION) + REPOS := $(subst :,\:,$(wildcard /etc/yum.repos.d/*.repo)) +export ROOTFS_SIZE := 4 +export VARIANT := Server +export VERSION := 39 +export WEB_UI := false +# Flatpak +export FLATPAK_REMOTE_NAME := flathub +export FLATPAK_REMOTE_URL := https://flathub.org/repo/flathub.flatpakrepo +export FLATPAK_REMOTE_REFS := +export FLATPAK_REMOTE_REFS_DIR := +export FLATPAK_DIR := +# Secure boot +export ENROLLMENT_PASSWORD := +export SECURE_BOOT_KEY_URL := +export ISO_NAME := build/deploy.iso \ No newline at end of file diff --git a/README.md b/README.md index f386545..5962565 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/tests.yml/badge.svg?event=push) +![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/tests.yml/badge.svg?event=push) [![Codacy Badge](https://app.codacy.com/project/badge/Grade/35a48e77e64f469ba19d60a1a1e0be71)](https://app.codacy.com/gh/JasonN3/build-container-installer/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) # Build Container Installer Action This action is used to enerate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer` @@ -38,26 +38,27 @@ See [Customizing](#customizing) for information about customizing the ISO that g The following variables can be used to customize the created ISO. ### Inputs -| Variable | Description | Default Value | Action | Container | Makefile | -| ----------------------- | ---------------------------------------------------------------------------- | -------------------------------------------- | ------------------ | ------------------ | ------------------ | -| additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| arch | Architecture for image to build | x86_64 | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| flatpak_remote_name | Name of the Flatpak repo on the destination OS | flathub | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| flatpak_remote_refs | Space separated list of flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| flatpak_remote_refs_dir | Directory that contains files that list the flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| flatpak_remote_url | URL of the flatpakrepo file | https://flathub.org/repo/flathub.flatpakrepo | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| image_name | Name of the source container image | base | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| image_tag | Tag of the source container image | *VERSION* | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | :white_check_mark: | :x: | :x: | -| repos | List of repo files for Lorax to use | /etc/yum.repos.d/*.repo | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| rootfs_size | The size (in GiB) for the squashfs runtime volume | 2 | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| variant | Source container variant\* | Server | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| version | Fedora version of installer to build | 39 | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| web_ui | Enable Anaconda WebUI (experimental) | false | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| Variable | Description | Default Value | Action | Container/Makefile | +| ----------------------- | ---------------------------------------------------------------------------- | -------------------------------------------- | ------------------ | ------------------ | +| additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] | :white_check_mark: | :white_check_mark: | +| arch | Architecture for image to build | x86_64 | :white_check_mark: | :white_check_mark: | +| enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer | :white_check_mark: | :white_check_mark: | +| extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] | :white_check_mark: | :white_check_mark: | +| flatpak_remote_name | Name of the Flatpak repo on the destination OS | flathub | :white_check_mark: | :white_check_mark: | +| flatpak_remote_refs | Space separated list of flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | +| flatpak_remote_refs_dir | Directory that contains files that list the flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | +| flatpak_remote_url | URL of the flatpakrepo file | https://flathub.org/repo/flathub.flatpakrepo | :white_check_mark: | :white_check_mark: | +| image_name | Name of the source container image | base | :white_check_mark: | :white_check_mark: | +| image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | :white_check_mark: | :white_check_mark: | +| image_tag | Tag of the source container image | *VERSION* | :white_check_mark: | :white_check_mark: | +| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | :white_check_mark: | :white_check_mark: | +| make_target | Overrides the default make target | *ISO Checksum* | :white_check_mark: | :x: | +| repos | List of repo files for Lorax to use | /etc/yum.repos.d/*.repo | :white_check_mark: | :white_check_mark: | +| rootfs_size | The size (in GiB) for the squashfs runtime volume | 2 | :white_check_mark: | :white_check_mark: | +| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | :white_check_mark: | :white_check_mark: | +| variant | Source container variant\* | Server | :white_check_mark: | :white_check_mark: | +| version | Fedora version of installer to build | 39 | :white_check_mark: | :white_check_mark: | +| web_ui | Enable Anaconda WebUI (experimental) | false | :white_check_mark: | :white_check_mark: | \*Available options for VARIANT can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite diff --git a/action.yml b/action.yml index b44a230..7c20072 100644 --- a/action.yml +++ b/action.yml @@ -44,7 +44,7 @@ inputs: required: false default: "" flatpak_remote_refs_dir: - description: Directory that contains files that list the flatpak refs to install + description: Directory that contains files that list the flatpak refs to install relative to the github workspace required: false default: "" flatpak_remote_url: @@ -66,11 +66,15 @@ inputs: description: "Name of the resulting ISO. Relative paths are relative to github.workspace" required: false default: build/deploy.iso + make_target: + description: "Overrides the default make target" + required: false repos: description: List of repo files for Lorax to use required: false rootfs_size: description: The size (in GiB) for the squashfs runtime volume + default: "2" secure_boot_key_url: description: Secure boot key that is installed from URL location required: false @@ -92,11 +96,14 @@ inputs: outputs: iso_name: - value: ${{ steps.rename_iso.outputs.iso_name }} + value: ${{ steps.docker.outputs.iso_name }} description: The name of the resulting .iso iso_path: - value: ${{ steps.rename_iso.outputs.iso_path }} - description: The name and path of the resulting .iso + value: ${{ steps.docker.outputs.iso_path }} + description: The path of the resulting .iso + flatpak_refs: + value: ${{ steps.docker.outputs.flatpak_refs }} + description: The list of Flatpak refs runs: using: composite @@ -139,45 +146,25 @@ runs: id: flatpak_dependencies shell: bash run: | - image="${{ inputs.image_repo }}/${{ inputs.image_name }}:${{ inputs.image_tag }}" - # Make temp space - FLATPAK_DIR=$(basename $(mktemp -d -p ${{ github.workspace }} flatpak.XXX)) - # Get list of refs from directory - sudo mkdir /github || true - sudo ln -s ${{ github.workspace }} /github/workspace - DIR_REFS=$(cat ${{ inputs.flatpak_remote_refs_dir }}/* | tr '\n' ' ' ) - # Generate install script - cat << EOF > ${{ github.workspace }}/${FLATPAK_DIR}/script.sh - cat /flatpak_dir/script.sh - mkdir -p /flatpak/flatpak /flatpak/triggers - mkdir /var/tmp || true - chmod -R 1777 /var/tmp - flatpak config --system --set languages "*" - flatpak remote-add --system ${{ inputs.flatpak_remote_name }} ${{ inputs.flatpak_remote_url }} - flatpak install --system -y ${{ inputs.flatpak_remote_refs }} ${DIR_REFS} - ostree init --repo=/flatpak_dir/repo --mode=archive-z2 - for i in \$(ostree refs --repo=\${FLATPAK_SYSTEM_DIR}/repo | grep '^deploy/' | sed 's/^deploy\///g') - do - echo "Copying \${i}..." - ostree --repo=/flatpak_dir/repo pull-local \${FLATPAK_SYSTEM_DIR}/repo \$(ostree --repo=\${FLATPAK_SYSTEM_DIR}/repo rev-parse ${{ inputs.flatpak_remote_name }}/\${i}) - mkdir -p \$(dirname /flatpak_dir/repo/refs/heads/\${i}) - ostree --repo=\${FLATPAK_SYSTEM_DIR}/repo rev-parse ${{ inputs.flatpak_remote_name }}/\${i} > /flatpak_dir/repo/refs/heads/\${i} - done - flatpak build-update-repo /flatpak_dir/repo - ostree refs --repo=/flatpak_dir/repo - EOF - docker run --rm --privileged --entrypoint bash -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak -e FLATPAK_TRIGGERSDIR=/flatpak/triggers --volume ${{ github.workspace }}/${FLATPAK_DIR}:/flatpak_dir ${image} /flatpak_dir/script.sh - echo "flatpak_dir=${FLATPAK_DIR}" >> $GITHUB_OUTPUT - docker rmi ${image} + cd ${{ github.action_path }} + make flatpaks/repo \ + FLATPAK_REMOTE_NAME="${{ inputs.flatpak_remote_name }}" \ + ${{ inputs.flatpak_remote_refs && format('FLATPAK_REMOTE_REFS="{0}"', inputs.flatpak_remote_refs) || ''}} \ + ${{ inputs.flatpak_remote_refs_dir && format('FLATPAK_REMOTE_REFS_DIR="{0}"', inputs.flatpak_remote_refs_dir) || ''}} \ + FLATPAK_REMOTE_URL="${{ inputs.flatpak_remote_url }}" \ + IMAGE_NAME="${{ inputs.image_name }}" \ + IMAGE_REPO="${{ inputs.image_repo }}" \ + IMAGE_TAG="${{ inputs.image_tag || inputs.version }}" - name: Run docker image + id: docker env: ACTION_REPO: ${{ github.action_repository }} ACTION_REF: ${{ github.action_ref }} shell: bash run: | image=$(echo "ghcr.io/${ACTION_REPO}" | tr [:upper:] [:lower:]) - # Check if running inside01 of the action repo + # Check if running inside of the action repo if [[ -z "${ACTION_REPO}" ]] then image=$(echo "ghcr.io/${{ github.repository }}" | tr [:upper:] [:lower:]) @@ -209,22 +196,38 @@ runs: exit 1 fi docker run --privileged --volume ${{ github.workspace }}:/github/workspace/ ${cache} ${image}:${tag} \ + ${{ inputs.make_target }} \ ADDITIONAL_TEMPLATES="${{ inputs.additional_templates }}" \ ARCH="${{ inputs.arch }}" \ DNF_CACHE="/cache/dnf" \ ENROLLMENT_PASSWORD="${{ inputs.enrollment_password }}" \ + EXTRA_BOOT_PARAMS="${{ inputs.extra_boot_params }}" \ FLATPAK_REMOTE_NAME="${{ inputs.flatpak_remote_name }}" \ - FLATPAK_REMOTE_REFS="${{ inputs.flatpak_remote_refs }}" \ - FLATPAK_REMOTE_REFS_DIR="${{ inputs.flatpak_remote_refs_dir }}" \ + ${{ inputs.flatpak_remote_refs && format('FLATPAK_REMOTE_REFS="{0}"', inputs.flatpak_remote_refs) || ''}} \ + ${{ inputs.flatpak_remote_refs_dir && format('FLATPAK_REMOTE_REFS_DIR="/github/workspace/{0}"', inputs.flatpak_remote_refs_dir) || ''}} \ FLATPAK_REMOTE_URL="${{ inputs.flatpak_remote_url }}" \ FLATPAK_DIR="${{ steps.flatpak_dependencies.outputs.flatpak_dir && format('/github/workspace/{0}', steps.flatpak_dependencies.outputs.flatpak_dir) || '' }}" \ IMAGE_NAME="${{ inputs.image_name }}" \ IMAGE_REPO="${{ inputs.image_repo }}" \ IMAGE_TAG="${{ inputs.image_tag || inputs.version }}" \ + ISO_NAME=/github/workspace/${{ inputs.iso_name }} \ SECURE_BOOT_KEY_URL="${{ inputs.secure_boot_key_url }}" \ VARIANT="${{ inputs.variant }}" \ VERSION="${{ inputs.version }}" \ WEB_UI="${{ inputs.web_ui }}" + echo "iso_path=$(dirname ${{ inputs.iso_name }})" >> $GITHUB_OUTPUT + echo "iso_name=$(basename ${{ inputs.iso_name }})" >> $GITHUB_OUTPUT + if [[ "${{ steps.flatpak_dependencies.outputs.flatpak_dir }}" != '' ]] + then + echo "flatpak_refs=$(cat ${{ github.workspace }}/${{ steps.flatpak_dependencies.outputs.flatpak_dir }}/list.txt | tr '\n' ' ')" >> $GITHUB_OUTPUT + else + if [[ "${{ inputs.flatpak_remote_refs_dir }}" != '' ]] + then + echo "flatpak_refs=$(cat ${{ github.workspace }}/${{ inputs.flatpak_remote_refs_dir }}/* | tr '\n' ' ')" >> $GITHUB_OUTPUT + else + echo "flatpak_refs=${{ inputs.flatpak_remote_refs}}" >> $GITHUB_OUTPUT + fi + fi - name: Save dnf cache env: @@ -243,27 +246,3 @@ runs: with: path: /cache/skopeo key: ${{ inputs.skopeo_cache_key || env.skopeo_cache_key }} - - - - name: Rename ISO file - id: rename_iso - shell: bash - run: | - if [[ ! ( "${{ inputs.iso_name }}" =~ \.iso$ ) ]] - then - iso_name="${{ inputs.iso_name }}.iso" - else - iso_name="${{ inputs.iso_name }}" - fi - if [[ "${{ inputs.iso_name }}" =~ ^/ ]] - then - full_path="${iso_name}" - else - full_path="${{ github.workspace }}/${iso_name}" - fi - mv ${{ github.workspace }}/build/deploy.iso ${full_path} || true - cd $(dirname ${full_path}) - iso_fn=$(basename ${iso_name}) - sha256sum ${iso_fn} > ${iso_fn}-CHECKSUM - echo "iso_path=${full_path}" >> $GITHUB_OUTPUT - echo "iso_name=${iso_fn}" >> $GITHUB_OUTPUT diff --git a/container/Makefile b/container/Makefile new file mode 100644 index 0000000..88024a0 --- /dev/null +++ b/container/Makefile @@ -0,0 +1,11 @@ +$(IMAGE_NAME)-$(IMAGE_TAG): + skopeo copy docker://$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) oci:$(IMAGE_NAME)-$(IMAGE_TAG) + +install-deps: + $(install_pkg) skopeo + +FILES=$(filter-out Makefile,$(wildcard *)) +clean: +ifneq ($(FILES),) + rm -Rf $(FILES) +endif \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index e7c579f..ba58634 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -5,13 +5,6 @@ set -ex # Create /dev/loop0 if it doesn't already exist. `losetup` has an issue creating it during the first run mknod -m 0660 /dev/loop0 b 7 0 2>/dev/null || true -for i -do - key=$(echo ${i} | cut -d= -f1) - value=$(echo ${i} | cut -d= -f2-) - export ${key}="${value}" -done - if [[ -d /cache/skopeo ]] then ln -s /cache/skopeo /build-container-installer/container @@ -22,18 +15,5 @@ then mkdir /cache/dnf fi -# Pull container -make container/${IMAGE_NAME}-${IMAGE_TAG} "$@" - -# Build base ISO -make boot.iso "$@" - -# Add container to ISO -make build/deploy.iso "$@" - -# Make output dir in github workspace -mkdir /github/workspace/build || true - -# Copy resulting iso to github workspace and fix permissions -cp build/deploy.iso /github/workspace/build -chmod -R ugo=rwX /github/workspace/build +# Run make command +make "$@" diff --git a/external/Makefile b/external/Makefile new file mode 100644 index 0000000..d56cb17 --- /dev/null +++ b/external/Makefile @@ -0,0 +1,12 @@ +lorax/branch-$(VERSION): + git config advice.detachedHead false + cd lorax && git reset --hard HEAD && git checkout tags/$(shell cd lorax && git tag -l lorax-$(VERSION).* --sort=creatordate | tail -n 1) + touch lorax/branch-$(VERSION) + +install-deps: +# Used by external/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl + $(install_pkg) flatpak dbus-daemon ostree +# Used to clone proper lorax branch + $(install_pkg) git + +clean: \ No newline at end of file diff --git a/flatpaks/Makefile b/flatpaks/Makefile new file mode 100644 index 0000000..3b6e939 --- /dev/null +++ b/flatpaks/Makefile @@ -0,0 +1,42 @@ +IMAGE := $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) +FLATPAK_DIR := $(if $(GITHUB_WORKSPACE),$(shell mktemp -d -p $(GITHUB_WORKSPACE) flatpak.XXX),$(PWD)/flatpaks) + +.PHONY: full_list +full_list: repo + cat $(FLATPAK_DIR)/list.txt >&2 + + +repo: script.sh + $(if $(GITHUB_WORKSPACE),cp script.sh $(FLATPAK_DIR)/) + docker run --rm --privileged --entrypoint bash -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak -e FLATPAK_TRIGGERSDIR=/flatpak/triggers --volume $(FLATPAK_DIR):/flatpak_dir $(IMAGE) /flatpak_dir/script.sh + $(if $(GITHUB_OUTPUT),echo "flatpak_dir=$(subst $(GITHUB_WORKSPACE)/,,$(FLATPAK_DIR))" >> $(GITHUB_OUTPUT)) + docker rmi $(IMAGE) + +script.sh: + cat << EOF > script.sh + mkdir -p /flatpak/flatpak /flatpak/triggers + mkdir /var/tmp || true + chmod -R 1777 /var/tmp + flatpak config --system --set languages "*" + flatpak remote-add --system $(FLATPAK_REMOTE_NAME) $(FLATPAK_REMOTE_URL) + flatpak install --system -y $(FLATPAK_REMOTE_REFS) + ostree init --repo=/flatpak_dir/repo --mode=archive-z2 + for i in \$$(ostree refs --repo=\$${FLATPAK_SYSTEM_DIR}/repo | grep '^deploy/' | sed 's/^deploy\///g') + do + echo "Copying \$${i}..." + ostree --repo=/flatpak_dir/repo pull-local \$${FLATPAK_SYSTEM_DIR}/repo \$$(ostree --repo=\$${FLATPAK_SYSTEM_DIR}/repo rev-parse $(FLATPAK_REMOTE_NAME)/\$${i}) + mkdir -p \$$(dirname /flatpak_dir/repo/refs/heads/\$${i}) + ostree --repo=\$${FLATPAK_SYSTEM_DIR}/repo rev-parse $(FLATPAK_REMOTE_NAME)/\$${i} > /flatpak_dir/repo/refs/heads/\$${i} + done + flatpak build-update-repo /flatpak_dir/repo + ostree refs --repo=/flatpak_dir/repo | tee /flatpak_dir/list.txt + EOF + +install-deps: + +clean: + $(if $(wildcard script.sh),rm script.sh) + $(if $(wildcard repo),rm -Rf repo) + $(if $(wildcard list.txt),rm list.txt) + +.ONESHELL: \ No newline at end of file diff --git a/lorax_templates/Makefile b/lorax_templates/Makefile new file mode 100644 index 0000000..d022767 --- /dev/null +++ b/lorax_templates/Makefile @@ -0,0 +1,48 @@ +# Converts a post script to a template +# $1 = script to convert +# $2 = file on ISO to write +# $3 = whether to copy the '<%' lines to the template +define convert_post_to_tmpl + header=0; \ + skip=0; \ + while read -r line; \ + do \ + if [[ $$line =~ ^\<\% ]]; \ + then \ + if [[ '$(3)' == 'true' ]]; \ + then \ + echo $$line >> post_$(1).tmpl; \ + fi; \ + echo >> post_$(1).tmpl; \ + else \ + if [[ $$header == 0 ]]; \ + then \ + if [[ $$line =~ ^\#\#\ (.*)$$ ]]; \ + then \ + echo "append $(2) \"%post --erroronfail $${BASH_REMATCH[1]}\"" >> post_$(1).tmpl; \ + skip=1; \ + else \ + echo "append $(2) \"%post --erroronfail\"" >> post_$(1).tmpl; \ + fi; \ + header=1; \ + fi; \ + if [[ $$skip == 0 ]]; \ + then \ + echo "append $(2) \"$${line//\"/\\\"}\"" >> post_$(1).tmpl; \ + fi; \ + skip=0; \ + fi; \ + done < scripts/post/$(1); \ + echo "append $(2) \"%end\"" >> post_$(1).tmpl +endef + +post_%.tmpl: scripts/post/% + $(call convert_post_to_tmpl,$*,usr/share/anaconda/post-scripts/$*.ks,true) + +install-deps: + +FILES=$(wildcard post_*) +clean: +ifneq ($(FILES),) + rm -Rf $(FILES) +endif \ No newline at end of file diff --git a/repos/Makefile b/repos/Makefile new file mode 100644 index 0000000..63e2f7f --- /dev/null +++ b/repos/Makefile @@ -0,0 +1,15 @@ +repos: $(_REPO_FILES) + +# Step 2: Replace vars in repo files +%.repo: /etc/yum.repos.d/%.repo + cp /etc/yum.repos.d/$*.repo $*.repo + sed -i "s/\$$releasever/$(VERSION)/g" $*.repo + sed -i "s/\$$basearch/$(ARCH)/g" $*.repo + +install-deps: + +FILES=$(wildcard *.repo) +clean: +ifneq ($(FILES),) + rm -Rf $(FILES) +endif \ No newline at end of file diff --git a/test/Makefile b/test/Makefile new file mode 100644 index 0000000..c9785c7 --- /dev/null +++ b/test/Makefile @@ -0,0 +1,23 @@ +all: $(filter-out README.md Makefile,$(wildcard *)) + +$(filter-out README.md Makefile,$(wildcard *)): + $(eval DIR=$(firstword $(subst /, ,$@))) + $(MAKE) -w -C $(DIR) + +$(filter-out README.md Makefile,$(wildcard */*)): + $(eval DIR=$(firstword $(subst /, ,$@))) + $(eval TARGET=$(subst $(DIR)/,,$@)) + $(MAKE) -w -C $(DIR) $(TARGET) + +.DEFAULT: + $(eval DIR=$(firstword $(subst /, ,$@))) + $(if $(filter-out $(DIR),$@), $(eval TARGET=$(subst $(DIR)/,,$@)),$(eval TARGET=)) + $(MAKE) -w -C $(DIR) $(TARGET) + +install-deps: + $(foreach DIR,$(filter-out README.md Makefile,$(wildcard *)),$(MAKE) -w -C $(DIR) install-deps;) + +clean: + $(foreach DIR,$(filter-out README.md Makefile,$(wildcard *)),$(MAKE) -w -C $(DIR) clean;) + +.PHONY: all $(filter-out README.md Makefile,$(wildcard *)) $(filter-out README.md Makefile,$(wildcard */*)) \ No newline at end of file diff --git a/test/iso/Makefile b/test/iso/Makefile new file mode 100644 index 0000000..3f3f76f --- /dev/null +++ b/test/iso/Makefile @@ -0,0 +1,25 @@ +ISO_NAME=deploy.iso +ISO_TESTS=$(wildcard install_*) $(if $(FLATPAK_REMOTE_REFS),$(wildcard flatpak_*))$(if $(FLATPAK_DIR),$(wildcard flatpak_*)) + +all: $(ISO_TESTS) clean + +$(ISO_TESTS): mnt/iso + $(eval _VARS = ISO_NAME VERSION FLATPAK_REMOTE_NAME _FLATPAK_REPO_URL) + chmod +x $@ + $(foreach var,$(_VARS),$(var)=$($(var))) ./$@ + +mnt/iso: + sudo modprobe loop + sudo mkdir -p mnt/iso mnt/install + sudo mount -o loop ../../$(ISO_NAME) mnt/iso + sudo mount -t squashfs -o loop mnt/iso/images/install.img mnt/install + +clean: + sudo umount mnt/install || true + sudo umount mnt/iso || true + sudo rmdir mnt/install mnt/iso + +install-deps: + $(install_pkg) isomd5sum coreutils squashfs-tools curl + +.PHONY: all $(ISO_TESTS) clean \ No newline at end of file diff --git a/tests/iso/README.md b/test/iso/README.md similarity index 100% rename from tests/iso/README.md rename to test/iso/README.md diff --git a/tests/iso/flatpak_repo_updated.sh b/test/iso/flatpak_repo_updated.sh similarity index 51% rename from tests/iso/flatpak_repo_updated.sh rename to test/iso/flatpak_repo_updated.sh index b5ee240..83f3773 100644 --- a/tests/iso/flatpak_repo_updated.sh +++ b/test/iso/flatpak_repo_updated.sh @@ -1,14 +1,15 @@ #!/bin/bash -add_line=$(grep flatpak_manager.add_remote /mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py) +add_line=$(grep flatpak_manager.add_remote mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py) -add_line_repo=$(echo ${add_line} | grep ${FLATPAK_REMOTE_NAME}) -add_line_url=$(echo ${add_line} | grep ${_FLATPAK_REPO_URL}) +add_line_repo=$(echo "${add_line}" | grep "${FLATPAK_REMOTE_NAME}") +add_line_url=$(echo "${add_line}" | grep "${_FLATPAK_REPO_URL}") result=0 if [ -z "${add_line_repo}" ] then echo "Repo name not updated on add_remote line" + echo "${add_line}" result=1 else echo "Repo name found on add_remote line" @@ -17,18 +18,20 @@ fi if [ -z "${add_line_url}" ] then echo "Repo url not updated on add_remote line" + echo "${add_line}" result=1 else echo "Repo url found on add_remote line" fi -replace_line=$(grep flatpak_manager.replace_installed_refs_remote /mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py) +replace_line=$(grep flatpak_manager.replace_installed_refs_remote mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py) -replace_line_repo=$(echo ${replace_line} | grep ${FLATPAK_REMOTE_NAME}) +replace_line_repo=$(echo "${replace_line}" | grep "${FLATPAK_REMOTE_NAME}") if [ -z "${replace_line_repo}" ] then echo "Repo name not updated on replace_installed_refs line" + echo "${replace_line}" result=1 else echo "Repo name found on replace_installed_refs line" diff --git a/test/iso/install_hash.sh b/test/iso/install_hash.sh new file mode 100644 index 0000000..6989399 --- /dev/null +++ b/test/iso/install_hash.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +#set -ex + +checkisomd5 "../../${ISO_NAME}" +if [[ $? != 0 ]] +then + echo "Found:" + checkisomd5 --md5sumonly "../../${ISO_NAME}" + echo "Expected:" + implantisomd5 --force "../../${ISO_NAME}" +fi + +cd "$(dirname "../../${ISO_NAME}")" && sha256sum -c "$(basename "${ISO_NAME}")-CHECKSUM" \ No newline at end of file diff --git a/tests/iso/install_os-release.sh b/test/iso/install_os-release.sh similarity index 72% rename from tests/iso/install_os-release.sh rename to test/iso/install_os-release.sh index ccef46c..37e0007 100644 --- a/tests/iso/install_os-release.sh +++ b/test/iso/install_os-release.sh @@ -1,6 +1,6 @@ #!/bin/bash -FOUND_VERSION=$(cat /mnt/install/etc/os-release | grep VERSION_ID | cut -d= -f2) +FOUND_VERSION=$(grep VERSION_ID mnt/install/etc/os-release | cut -d= -f2) if [[ ${FOUND_VERSION} != ${VERSION} ]] then diff --git a/test/repo/Makefile b/test/repo/Makefile new file mode 100644 index 0000000..3c395c3 --- /dev/null +++ b/test/repo/Makefile @@ -0,0 +1,11 @@ +REPO_TESTS=$(filter-out README.md Makefile,$(wildcard *)) + +all: $(REPO_TESTS) + +$(REPO_TESTS): + chmod +x $@ + ./$@ + +install-deps: + +.PHONY: $(REPO_TESTS) \ No newline at end of file diff --git a/test/repo/vars.py b/test/repo/vars.py new file mode 100755 index 0000000..e76f3e3 --- /dev/null +++ b/test/repo/vars.py @@ -0,0 +1,118 @@ +#!/usr/bin/env python + +makefile = open('../../Makefile.inputs', 'r') +makefile_lines = makefile.readlines() + +inputs = {} +outputs = {} +errors = 0 + +for line in makefile_lines: + if line.startswith('#'): + makefile_lines.remove(line) + continue + parts = line.split('=', 1) + if parts[0].startswith('export'): + var_name = parts[0].strip().split(' ')[1].lower() + else: + var_name = parts[0].strip().lower() + inputs[var_name] = {'default_value': parts[1].strip(), 'makefile': True} + +action = open('../../action.yml', 'r') +action_lines = action.readlines() + +at_inputs = False +at_outputs = False +for line in action_lines: + if not at_inputs: + if line.strip() == 'inputs:': + at_inputs = True + continue + else: + if line.startswith(' '): + parts = line.strip().split(':', 1) + if parts[0] == 'description': + inputs[var_name]['description'] = parts[1].strip() + if parts[0] == 'deprecationMessage': + inputs[var_name]['deprecated'] = True + if parts[0] == 'default': + if 'default' in inputs[var_name]: + if inputs[var_name]['default_value'] != parts[1].strip().strip('"'): + print("ERROR: Default value for " + var_name + " in action.yml does not match Makefile") + errors += 1 + else: + inputs[var_name]['default_value'] = parts[1].strip().strip('"') + elif line.startswith(' '): + var_name = line.strip().strip(':').lower() + if not var_name in inputs: + inputs[var_name] = {} + inputs[var_name]['action'] = True + else: + at_inputs = False + + if not at_outputs: + if line.strip() == 'outputs:': + at_outputs = True + continue + else: + if line.startswith(' '): + parts = line.strip().split(':', 1) + if parts[0] == 'description': + outputs[var_name]['description'] = parts[1].strip() + if parts[0] == 'deprecationMessage': + outputs[var_name]['deprecated'] = True + if parts[0] == 'default': + outputs[var_name]['default_value'] = parts[1].strip().strip('"') + elif line.startswith(' '): + var_name = line.strip().strip(':').lower() + outputs[var_name] = {} + else: + at_outputs = False + + +readme = open('../../README.md', 'r') +readme_lines = readme.readlines() + +at_inputs = False +skip_header = True +at_outputs = False +for line in readme_lines: + if not at_inputs: + if line.strip() == '### Inputs': + at_inputs = True + continue + else: + if skip_header: + if line.startswith('| -----'): + skip_header = False + continue + else: + if not line.startswith('|'): + at_inputs = False + continue + parts = line.split('|') + var_name = parts[1].strip().lower() + if not var_name in inputs: + print("ERROR: " + var_name + " is not listed in action.yml or Makefile") + errors += 1 + continue + if 'description' in inputs[var_name]: + if parts[2].strip() != inputs[var_name]['description']: + print("WARNING: " + var_name + " description in README.md does not match action.yml") + if 'default_value' in inputs[var_name]: + if not parts[3].strip().strip('"').startswith('*'): + if inputs[var_name]['default_value'] == "": + if parts[3].strip().strip('"') != '\\[empty\\]': + print("ERROR: " + var_name + " default value in README.md does not match action.yml") + errors += 1 + elif parts[3].strip().strip('"') != inputs[var_name]['default_value']: + print("ERROR: " + var_name + " default value in README.md does not match action.yml") + errors += 1 + if 'action' in inputs[var_name] and inputs[var_name]['action']: + if parts[4].strip() != ':white_check_mark:': + print("WARNING: " + var_name + " not labeled as in action.yml in the README.md") + if 'makefile' in inputs[var_name] and inputs[var_name]['makefile']: + if parts[4].strip() != ':white_check_mark:': + print("WARNING: " + var_name + " not labeled as in Makefile in the README.md") + +exit(errors) \ No newline at end of file diff --git a/test/vm/Makefile b/test/vm/Makefile new file mode 100644 index 0000000..1c3ef4b --- /dev/null +++ b/test/vm/Makefile @@ -0,0 +1,100 @@ +VM_TESTS=$(wildcard install_*) $(if $(FLATPAK_REMOTE_REFS),$(wildcard flatpak_*))$(if $(FLATPAK_DIR),$(wildcard flatpak_*)) + +all: $(VM_TESTS) clean + +$(VM_TESTS): start_vm ansible_inventory + $(eval _VARS = IMAGE_REPO IMAGE_NAME IMAGE_TAG) + + ansible -i ansible_inventory -m ansible.builtin.wait_for_connection vm + + chmod +x $@ + $(foreach var,$(_VARS),$(var)=$($(var))) ./$@ + +ansible_inventory: + echo "ungrouped:" > ansible_inventory + echo " hosts:" >> ansible_inventory + echo " vm:" >> ansible_inventory + echo " ansible_host: $(VM_IP)" >> ansible_inventory + echo " ansible_port: $(VM_PORT)" >> ansible_inventory + echo " ansible_user: $(VM_USER)" >> ansible_inventory + echo " ansible_password: $(VM_PASS)" >> ansible_inventory + echo " ansible_become_pass: $(VM_PASS)" >> ansible_inventory + echo " ansible_ssh_common_args: '-o StrictHostKeyChecking=no'" >> ansible_inventory + +.PHONY: $(VM_TESTS) install-deps + +install-deps: + $(install_pkg) qemu qemu-utils xorriso qemu-system-x86 netcat socat jq ansible curl + +files/mnt/iso: + $(if $(wildcard files/mnt),,mkdir files/mnt) + $(if $(wildcard files/mnt/iso),,mkdir files/mnt/iso) + sudo mount -o loop ../../$(ISO_NAME) files/mnt/iso + +files/grub.cfg: files/mnt/iso + cp files/mnt/iso/boot/grub2/grub.cfg files/grub.cfg + sed -i 's/quiet/console=ttyS0,115200n8 inst.ks=cdrom:\/ks.cfg/' files/grub.cfg + sed -i 's/set default="1"/set default="0"/' files/grub.cfg + sed -i 's/set timeout=60/set timeout=1/' files/grub.cfg + +.PHONY: clean +clean: + $(if $(wildcard start_vm), kill "$(shell cat start_vm)") + $(if $(wildcard files/mnt/iso),sudo umount files/mnt/iso) + $(if $(wildcard files/mnt/iso),rmdir files/mnt/iso) + $(if $(wildcard ansible_inventory),rm ansible_inventory) + $(if $(wildcard files/install.iso),rm files/install.iso) + $(if $(wildcard files/disk.qcow2),rm files/disk.qcow2) + $(if $(wildcard install_os),rm install_os) + $(if $(wildcard start_vm),rm start_vm) + +files/install.iso: files/grub.cfg + xorriso -dialog on << EOF + -indev ../../$(ISO_NAME) + -outdev files/install.iso + -boot_image any replay + -joliet on + -compliance joliet_long_names + -map files/ks.cfg ks.cfg + -chmod 0444 ks.cfg + -map files/grub.cfg boot/grub2/grub.cfg + -end + EOF + +files/disk.qcow2: + qemu-img create -f qcow2 files/disk.qcow2 50G + +install_os: files/install.iso files/disk.qcow2 + timeout 1h qemu-system-x86_64 -name "Anaconda" -boot d -m 4096 -cpu qemu64 -display none -cdrom files/install.iso -smp 2 -hda files/disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & QEMU_PID=$$! + echo "PID: $$QEMU_PID" + timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" + (nc localhost 4321 | tee vm.stdout) & + wait $$QEMU_PID + touch install_os + +.ONESHELL: + +start_vm: install_os + mkfifo vm.stdin + qemu-system-x86_64 -name "Anaconda" \ + -m 4096 -cpu qemu64 -display none -smp 2 \ + -chardev socket,path=/tmp/qga.sock,server=on,wait=off,id=qga0 \ + -device e1000,netdev=net0 \ + -netdev user,id=net0,hostfwd=tcp::$(VM_PORT)-:22 \ + -device virtio-serial \ + -device virtserialport,chardev=qga0,name=org.qemu.guest_agent.0 \ + -boot c -hda files/disk.qcow2 -serial telnet:localhost:4321,server=on,wait=off & export QEMU_PID=$$! + echo "PID: $$QEMU_PID" + + timeout 1m bash -c "while ! (echo > /dev/tcp/127.0.0.1/4321); do sleep 0.1; done" + (tail -f vm.stdin | nc localhost 4321 | tee vm.stdout) & + + timeout 30m bash -c "while ! (echo > /dev/tcp/$(VM_IP)/$(VM_PORT)); do sleep 1; done" + + if ! (echo > /dev/tcp/$(VM_IP)/$(VM_PORT)) + then + echo "SSH must be installed and enabled inside the container" + fi + + echo "VM ready for tests at IP $(VM_IP):$(VM_PORT)" + echo $$QEMU_PID > start_vm \ No newline at end of file diff --git a/tests/vm/README.md b/test/vm/README.md similarity index 100% rename from tests/vm/README.md rename to test/vm/README.md diff --git a/test/vm/files/ks.cfg b/test/vm/files/ks.cfg new file mode 100644 index 0000000..280583d --- /dev/null +++ b/test/vm/files/ks.cfg @@ -0,0 +1,9 @@ +lang en_US.UTF-8 +keyboard us +timezone Americas/New_York +zerombr +clearpart --all --initlabel +autopart +poweroff +user --name=core --groups=wheel --password=foobar +%include /usr/share/anaconda/interactive-defaults.ks diff --git a/tests/vm/flatpak_fedora_repo_disabled.yml b/test/vm/flatpak_fedora_repo_disabled.yml similarity index 90% rename from tests/vm/flatpak_fedora_repo_disabled.yml rename to test/vm/flatpak_fedora_repo_disabled.yml index f87ff80..17a3e08 100644 --- a/tests/vm/flatpak_fedora_repo_disabled.yml +++ b/test/vm/flatpak_fedora_repo_disabled.yml @@ -1,6 +1,6 @@ #!/usr/bin/env -S ansible-playbook -i ./ansible_inventory --- -- name: Test for installed flatpaks +- name: Test fedora flatpak repo wasn't enabled hosts: vm gather_facts: no diff --git a/tests/vm/flatpak_installed.yml b/test/vm/flatpak_installed.yml similarity index 100% rename from tests/vm/flatpak_installed.yml rename to test/vm/flatpak_installed.yml diff --git a/tests/vm/flatpak_update.yml b/test/vm/flatpak_update.yml similarity index 91% rename from tests/vm/flatpak_update.yml rename to test/vm/flatpak_update.yml index 7d004cd..3f80685 100644 --- a/tests/vm/flatpak_update.yml +++ b/test/vm/flatpak_update.yml @@ -1,6 +1,6 @@ #!/usr/bin/env -S ansible-playbook -i ./ansible_inventory --- -- name: Test for flatpaks +- name: Test flatpak update hosts: vm gather_facts: no diff --git a/tests/vm/install_image_source.yml b/test/vm/install_image_source.yml similarity index 100% rename from tests/vm/install_image_source.yml rename to test/vm/install_image_source.yml diff --git a/tests/repo/vars.sh b/tests/repo/vars.sh deleted file mode 100644 index 2e4302e..0000000 --- a/tests/repo/vars.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -vars=() - -while read -r line -do - if ! [[ $line =~ ^# ]] - then - vars+=$(echo $line | cut -d= -f1 | tr [:upper:] [:lower:]) - fi - if [[ $line =~ ^########## ]] - then - break - fi -done < Makefile - -result=0 - -for var in $vars -do - grep "^| ${var}" README.md > /dev/null - if [[ $? != 0 ]] - then - echo "$var not found in README.md" - result=1 - fi -done - -for var in $vars -do - grep "^ ${var}:" action.yml > /dev/null - if [[ $? != 0 ]] - then - echo "$var not found in action.yml" - result=1 - fi -done - -exit ${result} \ No newline at end of file diff --git a/xorriso/Makefile b/xorriso/Makefile new file mode 100644 index 0000000..65b8b2a --- /dev/null +++ b/xorriso/Makefile @@ -0,0 +1,13 @@ +input.txt: gen_input.sh + sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' ../results/boot/grub2/grub.cfg + sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' ../results/EFI/BOOT/grub.cfg + $(eval _VARS = ARCH FLATPAK_DIR IMAGE_NAME IMAGE_TAG ISO_NAME VERSION) + $(foreach var,$(_VARS),$(var)=$($(var))) bash gen_input.sh | tee input.txt + +install-deps: + +FILES=$(wildcard input.txt) +clean: +ifneq ($(FILES),) + rm -Rf $(FILES) +endif \ No newline at end of file diff --git a/xorriso/gen_input.sh b/xorriso/gen_input.sh new file mode 100644 index 0000000..ef27010 --- /dev/null +++ b/xorriso/gen_input.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +echo "-report_about WARNING" +echo "-indev ${PWD}/../results/images/boot.iso" +echo "-outdev ${ISO_NAME}" +echo "-boot_image any replay" +echo "-joliet on" +echo "-compliance joliet_long_names" +pushd "${PWD}/../results" > /dev/null +#for file in $(find .) +for file in ./boot/grub2/grub.cfg ./EFI/BOOT/grub.cfg +do + if [[ "$file" == "./images/boot.iso" ]] + then + continue + fi + echo "-map ${PWD}/${file} ${file:2}" + echo "-chmod 0444 ${file:2}" +done +popd > /dev/null + +if [[ -n "${FLATPAK_DIR}" ]] +then + pushd "${FLATPAK_DIR}" > /dev/null + for file in $(find repo) + do + if [[ "${file}" == "repo/.lock" ]] + then + continue + fi + echo "-map ${PWD}/${file} flatpak/${file}" + echo "-chmod 0444 flatpak/${file}" + done + popd > /dev/null +fi + +if [ -f $(pwd)/sb_pubkey.der ] +then + echo "-map $(pwd)/../sb_pubkey.der sb_pubkey.der" + echo "-chmod 0444 /sb_pubkey.der" +fi + +pushd "${PWD}/../container" > /dev/null +for file in $(find "${IMAGE_NAME}-${IMAGE_TAG}" -type f) +do + echo "-map ${PWD}/${file} ${file}" + echo "-chmod 0444 ${file}" +done +popd > /dev/null +echo "-end" diff --git a/xorriso/gen_input.sh.in b/xorriso/gen_input.sh.in deleted file mode 100644 index 0a993bc..0000000 --- a/xorriso/gen_input.sh.in +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -echo "-indev $(pwd)/boot.iso" -echo "-outdev $(pwd)/build/deploy.iso" -echo "-boot_image any replay" -echo "-joliet on" -echo "-compliance joliet_long_names" -echo "-map $(pwd)/results/boot/grub2/grub.cfg boot/grub2/grub.cfg" -echo "-chmod 0444 boot/grub2/grub.cfg" -echo "-map $(pwd)/results/EFI/BOOT/grub.cfg EFI/BOOT/grub.cfg" -echo "-chmod 0444 EFI/BOOT/grub.cfg" - -if [[ -n "${FLATPAK_DIR}" ]] -then - pushd ${FLATPAK_DIR} > /dev/null - for file in $(find *) - do - echo "-map $(pwd)/${file} flatpak/${file}" - echo "-chmod 0444 flatpak/${file}" - done - popd > /dev/null -fi - -if [ -f $(pwd)/sb_pubkey.der ] -then - echo "-map $(pwd)/sb_pubkey.der sb_pubkey.der" - echo "-chmod 0444 /sb_pubkey.der" -fi - -pushd container > /dev/null -for file in $(find ${IMAGE_NAME}-${IMAGE_TAG}) -do - echo "-map $(pwd)/${file} ${file}" - echo "-chmod 0444 ${file}" -done -popd > /dev/null -echo "-end" From 02c3b10f56e49821f70f8eca700b99570e0991ac Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 9 Apr 2024 10:53:10 -0400 Subject: [PATCH 51/92] Fix dependencies path and issues with secure boot key (#100) Co-authored-by: Noel Miller --- .github/workflows/build_container.yml | 1 + .github/workflows/build_iso.yml | 1 + .github/workflows/test_deployment.yml | 1 + .github/workflows/test_iso.yml | 1 + action.yml | 2 +- xorriso/gen_input.sh | 4 ++-- 6 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 00c8e5e..705485a 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -50,6 +50,7 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}" + per_page: 100 - name: Set status if: inputs.pr && always() diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index c55870b..54e309f 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -64,6 +64,7 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" + per_page: 100 - name: Set status if: inputs.pr && always() diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml index d2e8259..da2a2b2 100644 --- a/.github/workflows/test_deployment.yml +++ b/.github/workflows/test_deployment.yml @@ -63,6 +63,7 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" + per_page: 100 - name: Set status if: inputs.pr && always() diff --git a/.github/workflows/test_iso.yml b/.github/workflows/test_iso.yml index c4f0bec..b78c2a5 100644 --- a/.github/workflows/test_iso.yml +++ b/.github/workflows/test_iso.yml @@ -63,6 +63,7 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" + per_page: 100 - name: Set status if: inputs.pr && always() diff --git a/action.yml b/action.yml index 7c20072..2df4659 100644 --- a/action.yml +++ b/action.yml @@ -150,7 +150,7 @@ runs: make flatpaks/repo \ FLATPAK_REMOTE_NAME="${{ inputs.flatpak_remote_name }}" \ ${{ inputs.flatpak_remote_refs && format('FLATPAK_REMOTE_REFS="{0}"', inputs.flatpak_remote_refs) || ''}} \ - ${{ inputs.flatpak_remote_refs_dir && format('FLATPAK_REMOTE_REFS_DIR="{0}"', inputs.flatpak_remote_refs_dir) || ''}} \ + ${{ inputs.flatpak_remote_refs_dir && format('FLATPAK_REMOTE_REFS_DIR="{0}/{1}"', github.workspace, inputs.flatpak_remote_refs_dir) || ''}} \ FLATPAK_REMOTE_URL="${{ inputs.flatpak_remote_url }}" \ IMAGE_NAME="${{ inputs.image_name }}" \ IMAGE_REPO="${{ inputs.image_repo }}" \ diff --git a/xorriso/gen_input.sh b/xorriso/gen_input.sh index ef27010..a0f3a48 100644 --- a/xorriso/gen_input.sh +++ b/xorriso/gen_input.sh @@ -34,9 +34,9 @@ then popd > /dev/null fi -if [ -f $(pwd)/sb_pubkey.der ] +if [ -f "${PWD}/../sb_pubkey.der" ] then - echo "-map $(pwd)/../sb_pubkey.der sb_pubkey.der" + echo "-map ${PWD}/../sb_pubkey.der sb_pubkey.der" echo "-chmod 0444 /sb_pubkey.der" fi From 834657681642011849b99b9e582722e5fb978321 Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Wed, 10 Apr 2024 17:45:41 -0400 Subject: [PATCH 52/92] Remove cache after installing packages (#104) --- Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containerfile b/Containerfile index feed885..a0678e4 100644 --- a/Containerfile +++ b/Containerfile @@ -19,7 +19,7 @@ VOLUME /build-container-installer/build VOLUME /build-container-installer/repos VOLUME /cache -RUN dnf install -y make && make install-deps +RUN dnf install -y make && make install-deps && dnf clean all ENTRYPOINT ["/bin/bash", "/build-container-installer/entrypoint.sh"] From 80921040cabbfdb88957a59c7f0821b76c7c9fee Mon Sep 17 00:00:00 2001 From: Jason N <33561705+JasonN3@users.noreply.github.com> Date: Tue, 23 Apr 2024 10:28:57 -0400 Subject: [PATCH 53/92] Update examples with correct volume path (#109) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5962565..2f85f4d 100644 --- a/README.md +++ b/README.md @@ -93,12 +93,12 @@ Examples: Building an ISO to install Fedora 38 ```bash -docker run --rm --privileged --volume .:/github/workspace/build ghcr.io/jasonn3/build-container-installer:latest VERSION=38 IMAGE_NAME=base IMAGE_TAG=38 VARIANT=Server +docker run --rm --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest VERSION=38 IMAGE_NAME=base IMAGE_TAG=38 VARIANT=Server ``` Building an ISO to install Fedora 39 ```bash -docker run --rm --privileged --volume .:/github/workspace/build ghcr.io/jasonn3/build-container-installer:latest VERSION=39 IMAGE_NAME=base IMAGE_TAG=39 VARIANT=Server +docker run --rm --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest VERSION=39 IMAGE_NAME=base IMAGE_TAG=39 VARIANT=Server ``` ### VSCode Dev Container From 575e169bf9380eaeb0620ff65d3f9d96b11f8965 Mon Sep 17 00:00:00 2001 From: Matt Norton Date: Tue, 30 Apr 2024 16:05:03 +0100 Subject: [PATCH 54/92] Fix spelling error in `README.md` (#112) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2f85f4d..02c0ad7 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ ![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/tests.yml/badge.svg?event=push) [![Codacy Badge](https://app.codacy.com/project/badge/Grade/35a48e77e64f469ba19d60a1a1e0be71)](https://app.codacy.com/gh/JasonN3/build-container-installer/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) # Build Container Installer Action -This action is used to enerate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer` +This action is used to generate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer` ## Usage This action is designed to be called from a GitHub workflow using the following format From 6e803c8fcb82c34bfc6228239ed4d5489b116327 Mon Sep 17 00:00:00 2001 From: Matt Norton Date: Wed, 1 May 2024 13:41:18 +0100 Subject: [PATCH 55/92] Fix code example indentation (#114) --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 02c0ad7..9fc0ee2 100644 --- a/README.md +++ b/README.md @@ -27,9 +27,9 @@ This action is designed to be called from a GitHub workflow using the following path: | ${{ steps.build.outputs.iso_path }} ${{ steps.build.outputs.iso_path }}-CHECKSUM - if-no-files-found: error - retention-days: 0 - compression-level: 0 + if-no-files-found: error + retention-days: 0 + compression-level: 0 ``` See [Customizing](#customizing) for information about customizing the ISO that gets created using `with` From ee3a60c6a131fe2d107f02720a3e90849b750aae Mon Sep 17 00:00:00 2001 From: Matt Norton Date: Mon, 6 May 2024 12:39:07 +0100 Subject: [PATCH 56/92] Add hyperlink to badge icons in `README.md` (#116) --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9fc0ee2..764e3fd 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ -![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/tests.yml/badge.svg?event=push) [![Codacy Badge](https://app.codacy.com/project/badge/Grade/35a48e77e64f469ba19d60a1a1e0be71)](https://app.codacy.com/gh/JasonN3/build-container-installer/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) +[![Build status](https://github.com/jasonn3/build-container-installer/actions/workflows/tests.yml/badge.svg?event=push)](https://github.com/jasonn3/build-container-installer/actions/workflows/tests.yml) +[![Codacy Badge](https://app.codacy.com/project/badge/Grade/35a48e77e64f469ba19d60a1a1e0be71)](https://app.codacy.com/gh/JasonN3/build-container-installer/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) # Build Container Installer Action This action is used to generate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer` From 383427c619a8b6f0f008f7fb55ee3a721662381b Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Thu, 9 May 2024 15:39:51 -0400 Subject: [PATCH 57/92] Add build for Fedora-bootc (#105) --- .codacy/markdownlint.rb | 2 + .github/ISSUE_TEMPLATE/bug_report.md | 6 +- .github/workflows/build_iso.yml | 35 ++++------- .github/workflows/build_vars.yml | 51 +++++++++++++--- .github/workflows/test_deployment.yml | 43 ++++++------- .github/workflows/test_iso.yml | 39 +++++------- .github/workflows/tests.yml | 88 ++++----------------------- .mdlrc | 1 + Makefile | 13 ++-- README.md | 71 +++++++++++++-------- action.yml | 1 + external/Makefile | 2 +- test/iso/install_os-release.sh | 2 +- test/repo/vars.py | 4 +- test/vm/Makefile | 4 +- xorriso/Makefile | 3 +- xorriso/gen_input.sh | 7 ++- 17 files changed, 174 insertions(+), 198 deletions(-) create mode 100644 .codacy/markdownlint.rb create mode 100644 .mdlrc diff --git a/.codacy/markdownlint.rb b/.codacy/markdownlint.rb new file mode 100644 index 0000000..fcd51bc --- /dev/null +++ b/.codacy/markdownlint.rb @@ -0,0 +1,2 @@ +all +rule 'MD033', :allowed_elements => ["a","img","picture","source"] \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index b443a7a..4cac71d 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -12,6 +12,7 @@ A clear and concise description of what the bug is. **To Reproduce** Steps to reproduce the behavior: + 1. Go to '...' 2. Click on '....' 3. Scroll down to '....' @@ -24,8 +25,9 @@ A clear and concise description of what you expected to happen. If applicable, add screenshots to help explain your problem. **Desktop (please complete the following information):** - - OS: [e.g. iOS] - - Version [e.g. 22] + +- OS: [e.g. iOS] +- Version [e.g. 22] **Additional context** Add any other context about the problem here. diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 54e309f..990de53 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -9,15 +9,6 @@ on: parent_job_name: required: true type: string - flatpaks_refs: - required: false - type: string - flatpaks_refs_dir: - required: false - type: string - suffix: - required: false - type: string jobs: load_vars: @@ -38,8 +29,7 @@ jobs: continue-on-error: false strategy: fail-fast: false - matrix: - version: ${{ fromJson(needs.load_vars.outputs.BUILD_VERSIONS) }} + matrix: ${{ fromJson(needs.load_vars.outputs.BUILD_MATRIX) }} steps: - name: Checkout uses: actions/checkout@v4 @@ -63,7 +53,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" per_page: 100 - name: Set status @@ -72,7 +62,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: ${{ env.JOB_NAME }} (${{ matrix.version }}) + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} @@ -115,25 +105,26 @@ jobs: id: build with: arch: ${{ needs.load_vars.outputs.ARCH }} - image_name: ${{ needs.load_vars.outputs.IMAGE_NAME }} - image_repo: ${{ needs.load_vars.outputs.IMAGE_REPO }} + image_name: ${{ matrix.image_name }} + image_repo: ${{ matrix.image_repo}} image_tag: ${{ matrix.version }} version: ${{ matrix.version }} + repos: ${{ matrix.repos }} variant: ${{ needs.load_vars.outputs.VARIANT }} - flatpak_remote_refs: ${{ inputs.flatpaks_refs }} - flatpak_remote_refs_dir: ${{ inputs.flatpaks_refs_dir }} + flatpak_remote_refs: ${{ matrix.flatpaks == 'flatpak_refs' && needs.load_vars.outputs.FLATPAK_REMOTE_REFS || '' }} + flatpak_remote_refs_dir: ${{ matrix.flatpaks == 'flatpak_refs_dir' && needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR || '' }} secure_boot_key_url: ${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} enrollment_password: ${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} - iso_name: build/${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso + iso_name: build/${{ matrix.image_name }}-${{ matrix.version }}${{ matrix.flatpaks == 'false' && '' || format('-{0}', matrix.flatpaks) }}.iso - name: Upload ISO as artifact id: upload uses: actions/upload-artifact@v4 with: - name: ${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }} + name: ${{ matrix.image_name }}-${{ matrix.version }}${{ matrix.flatpaks == 'false' && '' || format('-{0}', matrix.flatpaks) }} path: | - build/${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso - build/${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso-CHECKSUM + build/${{ matrix.image_name }}-${{ matrix.version }}${{ matrix.flatpaks == 'false' && '' || format('-{0}', matrix.flatpaks) }}.iso + build/${{ matrix.image_name }}-${{ matrix.version }}${{ matrix.flatpaks == 'false' && '' || format('-{0}', matrix.flatpaks) }}.iso-CHECKSUM if-no-files-found: error retention-days: 0 compression-level: 0 @@ -145,7 +136,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: ${{ env.JOB_NAME }} (${{ matrix.version }}) + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index ce4e273..55b53cc 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -5,18 +5,53 @@ on: outputs: ARCH: value: 'x86_64' - BUILD_VERSIONS: - value: '[38, 39, 40]' - IMAGE_NAME: - value: 'base' - IMAGE_REPO: - value: 'quay.io/fedora-ostree-desktops' - IMAGE_TAG: - value: '39' + BUILD_MATRIX: + value: ' + { + "version": [ + "38", + "39", + "40", + ], + "flatpaks": [ + "false", + "flatpak_dir", + "flatpak_refs" + ], + "exclude": [ + { + "version": "40", + "flatpaks": "flatpak_dir" + }, + { + "version": "40", + "flatpaks": "flatpak_refs" + } + ], + "include": [ + { + "version": "38", + "image_repo": "quay.io/fedora-ostree-desktops", + "image_name": "base" + }, + { + "version": "39", + "image_repo": "quay.io/fedora-ostree-desktops", + "image_name": "base" + }, + { + "version": "40", + "image_repo": "quay.io/fedora", + "image_name": "fedora-bootc" + } + ] + }' VARIANT: value: 'Server' FLATPAK_REMOTE_REFS_DIR: value: flatpak_refs + FLATPAK_REMOTE_REFS: + value: "app/org.mozilla.firefox/x86_64/stable app/org.videolan.VLC/x86_64/stable" SECURE_BOOT_KEY_URL: value: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' ENROLLMENT_PASSWORD: diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml index da2a2b2..792b68a 100644 --- a/.github/workflows/test_deployment.yml +++ b/.github/workflows/test_deployment.yml @@ -9,15 +9,6 @@ on: parent_job_name: required: true type: string - flatpaks_refs: - required: false - type: string - flatpaks_refs_dir: - required: false - type: string - suffix: - required: false - type: string jobs: load_vars: @@ -37,8 +28,7 @@ jobs: continue-on-error: false strategy: fail-fast: false - matrix: - version: ${{ fromJson(needs.load_vars.outputs.BUILD_VERSIONS) }} + matrix: ${{ fromJson(needs.load_vars.outputs.BUILD_MATRIX) }} steps: - name: Checkout uses: actions/checkout@v4 @@ -62,7 +52,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" per_page: 100 - name: Set status @@ -71,7 +61,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: ${{ env.JOB_NAME }} (${{ matrix.version }}) + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} @@ -84,7 +74,7 @@ jobs: - name: Download generated ISO uses: actions/download-artifact@v4 with: - name: ${{ format('{0}-{1}', needs.load_vars.outputs.IMAGE_NAME, matrix.version) }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }} + name: ${{ matrix.image_name }}-${{ matrix.version }}${{ matrix.flatpaks == 'false' && '' || format('-{0}', matrix.flatpaks) }} - name: Run VM Tests env: @@ -93,18 +83,23 @@ jobs: VM_IP: "127.0.0.1" VM_PORT: "5555" run: | - make test/vm ISO_NAME=${{ format('{0}-{1}', needs.load_vars.outputs.IMAGE_NAME, matrix.version) }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso \ - VM_IP=${VM_IP} VM_PORT=${VM_PORT} VM_USER=${VM_USER} VM_PASS=${VM_PASS} \ + make test/vm \ ARCH=${{ needs.load_vars.outputs.ARCH}} \ - IMAGE_NAME=${{ needs.load_vars.outputs.IMAGE_NAME}} \ - IMAGE_REPO=${{ needs.load_vars.outputs.IMAGE_REPO}} \ + ENROLLMENT_PASSWORD=${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} \ + ${{ matrix.flatpaks == 'flatpak_refs' && format('FLATPAK_REMOTE_REFS="{0}"', needs.load_vars.outputs.FLATPAK_REMOTE_REFS) || '' }} \ + ${{ matrix.flatpaks == 'flatpak_refs_dir' && format('FLATPAK_REMOTE_REFS_DIR="{0}"', needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR) || '' }} \ + IMAGE_NAME=${{ matrix.image_name }} \ + IMAGE_REPO=${{ matrix.image_repo }} \ IMAGE_TAG=${{ matrix.version }} \ - VERSION=${{ matrix.version }} \ - VARIANT=${{ needs.load_vars.outputs.VARIANT }} \ - ${{ inputs.flatpaks_refs && format('FLATPAK_REMOTE_REFS="{0}"', inputs.flatpaks_refs) || '' }} \ - ${{ inputs.flatpaks_refs_dir && format('FLATPAK_REMOTE_REFS_DIR="{0}"', inputs.flatpaks_refs_dir) || '' }} \ + ISO_NAME=${{ matrix.image_name }}-${{ matrix.version }}${{ matrix.flatpaks == 'false' && '' || format('-{0}', matrix.flatpaks) }}.iso \ + ${{ matrix.repos != '' && format('REPOS="{0}"', matrix.repos) || '' }} \ SECURE_BOOT_KEY_URL=${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} \ - ENROLLMENT_PASSWORD=${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} + VARIANT=${{ needs.load_vars.outputs.VARIANT }} \ + VERSION=${{ matrix.version }} \ + VM_IP=${VM_IP} \ + VM_PASS=${VM_PASS} \ + VM_PORT=${VM_PORT} \ + VM_USER=${VM_USER} - name: Set status if: inputs.pr && always() @@ -112,6 +107,6 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: ${{ env.JOB_NAME }} (${{ matrix.version }}) + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/test_iso.yml b/.github/workflows/test_iso.yml index b78c2a5..3b072d7 100644 --- a/.github/workflows/test_iso.yml +++ b/.github/workflows/test_iso.yml @@ -9,15 +9,6 @@ on: parent_job_name: required: true type: string - flatpaks_refs: - required: false - type: string - flatpaks_refs_dir: - required: false - type: string - suffix: - required: false - type: string jobs: load_vars: @@ -37,8 +28,7 @@ jobs: continue-on-error: false strategy: fail-fast: false - matrix: - version: ${{ fromJson(needs.load_vars.outputs.BUILD_VERSIONS) }} + matrix: ${{ fromJson(needs.load_vars.outputs.BUILD_MATRIX) }} steps: - name: Checkout uses: actions/checkout@v4 @@ -62,7 +52,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" per_page: 100 - name: Set status @@ -71,7 +61,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: ${{ env.JOB_NAME }} (${{ matrix.version }}) + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} @@ -84,22 +74,23 @@ jobs: - name: Download generated ISO uses: actions/download-artifact@v4 with: - name: ${{ format('{0}-{1}', needs.load_vars.outputs.IMAGE_NAME, matrix.version) }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }} + name: ${{ matrix.image_name }}-${{ matrix.version }}${{ matrix.flatpaks == 'false' && '' || format('-{0}', matrix.flatpaks) }} - name: Run ISO checks run: | make test/iso \ ARCH=${{ needs.load_vars.outputs.ARCH}} \ - IMAGE_NAME=${{ needs.load_vars.outputs.IMAGE_NAME}} \ - IMAGE_REPO=${{ needs.load_vars.outputs.IMAGE_REPO}} \ - IMAGE_TAG=${{ matrix.version }} \ - VERSION=${{ matrix.version }} \ - VARIANT=${{ needs.load_vars.outputs.VARIANT }} \ - ${{ inputs.flatpaks_refs && format('FLATPAK_REMOTE_REFS="{0}"', inputs.flatpaks_refs) || '' }} \ - ${{ inputs.flatpaks_refs_dir && format('FLATPAK_REMOTE_REFS_DIR="{0}"', inputs.flatpaks_refs_dir) || '' }} \ - SECURE_BOOT_KEY_URL=${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} \ ENROLLMENT_PASSWORD=${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }} \ - ISO_NAME=${{ format('{0}-{1}', needs.load_vars.outputs.IMAGE_NAME, matrix.version) }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso + ${{ matrix.flatpaks == 'flatpak_refs' && format('FLATPAK_REMOTE_REFS="{0}"', needs.load_vars.outputs.FLATPAK_REMOTE_REFS) || '' }} \ + ${{ matrix.flatpaks == 'flatpak_refs_dir' && format('FLATPAK_REMOTE_REFS_DIR="{0}"', needs.load_vars.outputs.FLATPAK_REMOTE_REFS_DIR) || '' }} \ + IMAGE_NAME=${{ matrix.image_name }} \ + IMAGE_REPO=${{ matrix.image_repo }} \ + IMAGE_TAG=${{ matrix.version }} \ + ISO_NAME=${{ matrix.image_name }}-${{ matrix.version }}${{ matrix.flatpaks == 'false' && '' || format('-{0}', matrix.flatpaks) }}.iso \ + ${{ matrix.repos != '' && format('REPOS="{0}"', matrix.repos) || '' }} \ + SECURE_BOOT_KEY_URL=${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }} \ + VARIANT=${{ needs.load_vars.outputs.VARIANT }} \ + VERSION=${{ matrix.version }} - name: Set status if: inputs.pr && always() @@ -107,6 +98,6 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: ${{ env.JOB_NAME }} (${{ matrix.version }}) + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} \ No newline at end of file diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b715490..651d3f0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -31,95 +31,29 @@ jobs: pr: ${{ inputs.pr }} parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build Container - build_iso_flatpaks: - name: Build ISO with Flatpaks + build_isos: + name: Build ISOs needs: - build_container uses: ./.github/workflows/build_iso.yml with: pr: ${{ inputs.pr }} - parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build ISO with Flatpaks - flatpaks_refs_dir: flatpak_refs - suffix: flatpaks + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build ISOs - test_iso_flatpaks: - name: Test ISO with Flatpaks + test_isos: + name: Test ISOs needs: - - build_iso_flatpaks + - build_isos uses: ./.github/workflows/test_iso.yml with: pr: ${{ inputs.pr }} - parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test ISO with Flatpaks - flatpaks_refs_dir: flatpak_refs - suffix: flatpaks + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test ISOs - test_deployment_flatpaks: - name: Test Deployment with Flatpaks + test_deployments: + name: Test Deployments needs: - - build_iso_flatpaks + - build_isos uses: ./.github/workflows/test_deployment.yml with: pr: ${{ inputs.pr }} - parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test Deployment with Flatpaks - flatpaks_refs_dir: flatpak_refs - suffix: flatpaks - - build_iso_flatpak_refs: - name: Build ISO with Flatpak Refs - needs: - - build_container - uses: ./.github/workflows/build_iso.yml - with: - pr: ${{ inputs.pr }} - parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build ISO with Flatpak Refs - flatpaks_refs: "app/org.mozilla.firefox/x86_64/stable app/org.videolan.VLC/x86_64/stable" - suffix: flatpaks_refs - - test_iso_flatpak_refs: - name: Test ISO with Flatpak Refs - needs: - - build_iso_flatpak_refs - uses: ./.github/workflows/test_iso.yml - with: - pr: ${{ inputs.pr }} - parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test ISO with Flatpak Refs - flatpaks_refs: "app/org.mozilla.firefox/x86_64/stable app/org.videolan.VLC/x86_64/stable" - suffix: flatpaks_refs - - test_deployment_flatpak_refs: - name: Test Deployment with Flatpak Refs - needs: - - build_iso_flatpak_refs - uses: ./.github/workflows/test_deployment.yml - with: - pr: ${{ inputs.pr }} - parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test Deployment with Flatpak Refs - flatpaks_refs: "app/org.mozilla.firefox/x86_64/stable app/org.videolan.VLC/x86_64/stable" - suffix: flatpaks_refs - - build_iso: - name: Build ISO - needs: - - build_container - uses: ./.github/workflows/build_iso.yml - with: - pr: ${{ inputs.pr }} - parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build ISO - - test_iso: - name: Test ISO - needs: - - build_iso - uses: ./.github/workflows/test_iso.yml - with: - pr: ${{ inputs.pr }} - parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test ISO - - test_deployment: - name: Test Deployment - needs: - - build_iso - uses: ./.github/workflows/test_deployment.yml - with: - pr: ${{ inputs.pr }} - parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test Deployment \ No newline at end of file + parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Test Deployments diff --git a/.mdlrc b/.mdlrc new file mode 100644 index 0000000..17717c6 --- /dev/null +++ b/.mdlrc @@ -0,0 +1 @@ +style "#{File.dirname(__FILE__)}/.codacy/markdownlint.rb" \ No newline at end of file diff --git a/Makefile b/Makefile index 65557ce..7886947 100644 --- a/Makefile +++ b/Makefile @@ -34,17 +34,18 @@ _TEMPLATE_VARS := ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCA _VOLID := $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) -_RHEL := true +export _RHEL := true +_LORAX_TEMPLATES += $(call get_templates,rhel) else -_RHEL := false +undefine _RHEL endif ifeq ($(_RHEL),true) _LORAX_ARGS += --nomacboot --noupgrade else ifeq ($(VARIANT),Server) -_LORAX_ARGS += --macboot --noupgrade +_LORAX_ARGS += --macboot --noupgrade --squashfs-only else -_LORAX_ARGS += --nomacboot +_LORAX_ARGS += --nomacboot --squashfs-only endif ifeq ($(WEB_UI),true) @@ -110,7 +111,7 @@ results/images/boot.iso: external/lorax/branch-$(VERSION) $(filter lorax_templat $(if $(wildcard /etc/rpm/macros.image-language-conf),mv /etc/rpm/macros.image-language-conf $(_TEMP_DIR)/macros.image-language-conf) lorax -p $(IMAGE_NAME) -v $(VERSION) -r $(VERSION) -t $(VARIANT) \ - --isfinal --squashfs-only --buildarch=$(ARCH) --volid=$(_VOLID) --sharedir $(PWD)/external/lorax/share/templates.d/99-generic \ + --isfinal --buildarch=$(ARCH) --volid=$(_VOLID) --sharedir $(PWD)/external/lorax/share/templates.d/99-generic \ $(_LORAX_ARGS) \ $(foreach file,$(_REPO_FILES),--repo $(PWD)/$(file)) \ $(foreach file,$(_LORAX_TEMPLATES),--add-template $(PWD)/$(file)) \ @@ -131,7 +132,7 @@ clean: .PHONY: install-deps install-deps: - $(install_pkg) lorax xorriso coreutils gettext + $(install_pkg) lorax xorriso coreutils gettext syslinux-nonlinux $(foreach DIR,$(filter-out test,$(_SUBDIRS)),$(MAKE) -w -C $(DIR) install-deps;) diff --git a/README.md b/README.md index 764e3fd..974e8c8 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,11 @@ [![Codacy Badge](https://app.codacy.com/project/badge/Grade/35a48e77e64f469ba19d60a1a1e0be71)](https://app.codacy.com/gh/JasonN3/build-container-installer/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) # Build Container Installer Action + This action is used to generate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer` ## Usage + This action is designed to be called from a GitHub workflow using the following format ```yaml - name: Build ISO @@ -36,9 +38,11 @@ This action is designed to be called from a GitHub workflow using the following See [Customizing](#customizing) for information about customizing the ISO that gets created using `with` ## Customizing + The following variables can be used to customize the created ISO. ### Inputs + | Variable | Description | Default Value | Action | Container/Makefile | | ----------------------- | ---------------------------------------------------------------------------- | -------------------------------------------- | ------------------ | ------------------ | | additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] | :white_check_mark: | :white_check_mark: | @@ -48,12 +52,12 @@ The following variables can be used to customize the created ISO. | flatpak_remote_name | Name of the Flatpak repo on the destination OS | flathub | :white_check_mark: | :white_check_mark: | | flatpak_remote_refs | Space separated list of flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | | flatpak_remote_refs_dir | Directory that contains files that list the flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | -| flatpak_remote_url | URL of the flatpakrepo file | https://flathub.org/repo/flathub.flatpakrepo | :white_check_mark: | :white_check_mark: | +| flatpak_remote_url | URL of the flatpakrepo file | | :white_check_mark: | :white_check_mark: | | image_name | Name of the source container image | base | :white_check_mark: | :white_check_mark: | | image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | :white_check_mark: | :white_check_mark: | | image_tag | Tag of the source container image | *VERSION* | :white_check_mark: | :white_check_mark: | | iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | :white_check_mark: | :white_check_mark: | -| make_target | Overrides the default make target | *ISO Checksum* | :white_check_mark: | :x: | +| make_target | Overrides the default make target | *ISO_NAME*-Checksum | :white_check_mark: | :x: | | repos | List of repo files for Lorax to use | /etc/yum.repos.d/*.repo | :white_check_mark: | :white_check_mark: | | rootfs_size | The size (in GiB) for the squashfs runtime volume | 2 | :white_check_mark: | :white_check_mark: | | secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | :white_check_mark: | :white_check_mark: | @@ -67,6 +71,7 @@ Variant will be the third item in the package name. Example: `fedora-release-kin \*\* If you need to reference a local file, you can use `file://*path*` ### Outputs + | Variable | Description | Usage | | -------- | ----------------------------------------| ------------------------------------------------ | | iso_name | The name of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} | @@ -75,7 +80,9 @@ Variant will be the third item in the package name. Example: `fedora-release-kin For outputs, see example above. ## Development + ### Makefile + The Makefile contains all of the commands that are run in the action. There are separate targets for each file generated, however `make` can be used to generate the final image and `make clean` can be used to clean up the workspace. The resulting ISO will be stored in the `build` directory. `make install-deps` can be used to install the necessary packages @@ -83,6 +90,7 @@ The Makefile contains all of the commands that are run in the action. There are See [Customizing](#customizing) for information about customizing the ISO that gets created. All variable should be specified CAPITALIZED. ### Container + A container with `make install-deps` already run is provided at `ghcr.io/jasonn3/build-container-installer:latest` To use the container file, run `docker run --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest`. @@ -103,6 +111,7 @@ docker run --rm --privileged --volume .:/build-container-installer/build ghcr.i ``` ### VSCode Dev Container + There is a dev container configuration provided for development. By default it will use the existing container image available at `ghcr.io/jasonn3/build-container-installer:latest`, however, you can have it build a new image by editing `.devcontainer/devcontainer.json` and replacing `image` with `build`. `Ctrl+/` can be used to comment and uncomment blocks of code within VSCode. The code from VSCode will be available at `/workspaces/build-container-installer` once the container has started. @@ -112,35 +121,45 @@ Privileged is required for access to loop devices for lorax. Use existing container image: ``` { - "name": "Existing Dockerfile", - // "build": { - // "context": "..", - // "dockerfile": "../Containerfile", - // "args": { - // "version": "39" - // } - // }, - "image": "ghcr.io/jasonn3/build-container-installer:latest", - "overrideCommand": true, - "shutdownAction": "stopContainer", - "privileged": true + "name": "Existing Dockerfile", +// "build": { +// "context": "..", +// "dockerfile": "../Containerfile", +// "args": { +// "version": "39" +// } +// }, + "image": "ghcr.io/jasonn3/build-container-installer:latest", + "overrideCommand": true, + "shutdownAction": "stopContainer", + "privileged": true } ``` Build a new container image: ``` { - "name": "Existing Dockerfile", - "build": { - "context": "..", - "dockerfile": "../Containerfile", - "args": { - "version": "39" - } - }, - //"image": "ghcr.io/jasonn3/build-container-installer:latest", - "overrideCommand": true, - "shutdownAction": "stopContainer", - "privileged": true + "name": "Existing Dockerfile", + "build": { + "context": "..", + "dockerfile": "../Containerfile", + "args": { + "version": "39" + } + }, + //"image": "ghcr.io/jasonn3/build-container-installer:latest", + "overrideCommand": true, + "shutdownAction": "stopContainer", + "privileged": true } ``` + +## Star History + + + + + + Star History Chart + + \ No newline at end of file diff --git a/action.yml b/action.yml index 2df4659..0a6a436 100644 --- a/action.yml +++ b/action.yml @@ -211,6 +211,7 @@ runs: IMAGE_REPO="${{ inputs.image_repo }}" \ IMAGE_TAG="${{ inputs.image_tag || inputs.version }}" \ ISO_NAME=/github/workspace/${{ inputs.iso_name }} \ + ${{ inputs.repos && format('REPOS="{0}"', inputs.repos) || '' }} \ SECURE_BOOT_KEY_URL="${{ inputs.secure_boot_key_url }}" \ VARIANT="${{ inputs.variant }}" \ VERSION="${{ inputs.version }}" \ diff --git a/external/Makefile b/external/Makefile index d56cb17..74047b1 100644 --- a/external/Makefile +++ b/external/Makefile @@ -1,6 +1,6 @@ lorax/branch-$(VERSION): git config advice.detachedHead false - cd lorax && git reset --hard HEAD && git checkout tags/$(shell cd lorax && git tag -l lorax-$(VERSION).* --sort=creatordate | tail -n 1) + cd lorax && git reset --hard HEAD && git checkout $(if $(_RHEL),rhel$(word 1,$(subst ., ,$(VERSION)))-branch,tags/$(shell cd lorax && git tag -l lorax-$(VERSION).* --sort=creatordate | tail -n 1)) touch lorax/branch-$(VERSION) install-deps: diff --git a/test/iso/install_os-release.sh b/test/iso/install_os-release.sh index 37e0007..788111a 100644 --- a/test/iso/install_os-release.sh +++ b/test/iso/install_os-release.sh @@ -1,6 +1,6 @@ #!/bin/bash -FOUND_VERSION=$(grep VERSION_ID mnt/install/etc/os-release | cut -d= -f2) +FOUND_VERSION=$(grep VERSION_ID mnt/install/etc/os-release | cut -d= -f2 | tr -d '"') if [[ ${FOUND_VERSION} != ${VERSION} ]] then diff --git a/test/repo/vars.py b/test/repo/vars.py index e76f3e3..4aea753 100755 --- a/test/repo/vars.py +++ b/test/repo/vars.py @@ -100,12 +100,12 @@ for line in readme_lines: if parts[2].strip() != inputs[var_name]['description']: print("WARNING: " + var_name + " description in README.md does not match action.yml") if 'default_value' in inputs[var_name]: - if not parts[3].strip().strip('"').startswith('*'): + if not parts[3].strip().strip('"<>').startswith('*'): if inputs[var_name]['default_value'] == "": if parts[3].strip().strip('"') != '\\[empty\\]': print("ERROR: " + var_name + " default value in README.md does not match action.yml") errors += 1 - elif parts[3].strip().strip('"') != inputs[var_name]['default_value']: + elif parts[3].strip().strip('"<>') != inputs[var_name]['default_value']: print("ERROR: " + var_name + " default value in README.md does not match action.yml") errors += 1 if 'action' in inputs[var_name] and inputs[var_name]['action']: diff --git a/test/vm/Makefile b/test/vm/Makefile index 1c3ef4b..99288cb 100644 --- a/test/vm/Makefile +++ b/test/vm/Makefile @@ -32,7 +32,7 @@ files/mnt/iso: sudo mount -o loop ../../$(ISO_NAME) files/mnt/iso files/grub.cfg: files/mnt/iso - cp files/mnt/iso/boot/grub2/grub.cfg files/grub.cfg + cp files/mnt/iso/$(if $(_RHEL),isolinux/grub.conf,boot/grub2/grub.cfg) files/grub.cfg sed -i 's/quiet/console=ttyS0,115200n8 inst.ks=cdrom:\/ks.cfg/' files/grub.cfg sed -i 's/set default="1"/set default="0"/' files/grub.cfg sed -i 's/set timeout=60/set timeout=1/' files/grub.cfg @@ -57,7 +57,7 @@ files/install.iso: files/grub.cfg -compliance joliet_long_names -map files/ks.cfg ks.cfg -chmod 0444 ks.cfg - -map files/grub.cfg boot/grub2/grub.cfg + -map files/grub.cfg $(if $(_RHEL),isolinux/grub.conf,boot/grub2/grub.cfg) -end EOF diff --git a/xorriso/Makefile b/xorriso/Makefile index 65b8b2a..b2f5d87 100644 --- a/xorriso/Makefile +++ b/xorriso/Makefile @@ -1,5 +1,6 @@ input.txt: gen_input.sh - sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' ../results/boot/grub2/grub.cfg + find + $(if $(wildcard ../results/boot/grub2/grub.cfg),sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' ../results/boot/grub2/grub.cfg) sed -i 's/quiet/quiet $(EXTRA_BOOT_PARAMS)/g' ../results/EFI/BOOT/grub.cfg $(eval _VARS = ARCH FLATPAK_DIR IMAGE_NAME IMAGE_TAG ISO_NAME VERSION) $(foreach var,$(_VARS),$(var)=$($(var))) bash gen_input.sh | tee input.txt diff --git a/xorriso/gen_input.sh b/xorriso/gen_input.sh index a0f3a48..0329186 100644 --- a/xorriso/gen_input.sh +++ b/xorriso/gen_input.sh @@ -14,8 +14,11 @@ do then continue fi - echo "-map ${PWD}/${file} ${file:2}" - echo "-chmod 0444 ${file:2}" + if [[ -f ${PWD}/${file} ]] + then + echo "-map ${PWD}/${file} ${file:2}" + echo "-chmod 0444 ${file:2}" + fi done popd > /dev/null From e0e4de8f9a94c7bf21c111218d7e7a8afbcceb33 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Fri, 10 May 2024 19:59:44 -0400 Subject: [PATCH 58/92] Add support for unsigned container images (#118) --- .vscode/settings.json | 2 +- Makefile | 2 +- Makefile.inputs | 3 ++- README.md | 1 + action.yml | 5 +++++ .../scripts/post/install_configure_upgrades | 17 ++++++++++++++--- 6 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 8e97809..2625bca 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,5 +1,5 @@ { "files.associations": { - "Makefile.*": "makefile" + "Makefile.inputs": "makefile" } } \ No newline at end of file diff --git a/Makefile b/Makefile index 7886947..25ee23a 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,7 @@ _LORAX_ARGS := _LORAX_TEMPLATES := $(call get_templates,install) _REPO_FILES := $(subst /etc/yum.repos.d,repos,$(REPOS)) _TEMP_DIR := $(shell mktemp -d) -_TEMPLATE_VARS := ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_TAG REPOS _RHEL VARIANT VERSION WEB_UI +_TEMPLATE_VARS := ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_SIGNED IMAGE_TAG REPOS _RHEL VARIANT VERSION WEB_UI _VOLID := $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$(IMAGE_TAG) ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) diff --git a/Makefile.inputs b/Makefile.inputs index ad4f333..51804c3 100644 --- a/Makefile.inputs +++ b/Makefile.inputs @@ -7,6 +7,7 @@ export EXTRA_BOOT_PARAMS := export IMAGE_NAME := base export IMAGE_REPO := quay.io/fedora-ostree-desktops export IMAGE_TAG = $(VERSION) +export IMAGE_SIGNED := true REPOS := $(subst :,\:,$(wildcard /etc/yum.repos.d/*.repo)) export ROOTFS_SIZE := 4 export VARIANT := Server @@ -21,4 +22,4 @@ export FLATPAK_DIR := # Secure boot export ENROLLMENT_PASSWORD := export SECURE_BOOT_KEY_URL := -export ISO_NAME := build/deploy.iso \ No newline at end of file +export ISO_NAME := build/deploy.iso diff --git a/README.md b/README.md index 974e8c8..0124d58 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,7 @@ The following variables can be used to customize the created ISO. | flatpak_remote_url | URL of the flatpakrepo file | | :white_check_mark: | :white_check_mark: | | image_name | Name of the source container image | base | :white_check_mark: | :white_check_mark: | | image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | :white_check_mark: | :white_check_mark: | +| image_signed | Whether the container image is signed. The policy to test the signing must be configured inside the container image | true | :white_check_mark: | :white_check_mark: | | image_tag | Tag of the source container image | *VERSION* | :white_check_mark: | :white_check_mark: | | iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | :white_check_mark: | :white_check_mark: | | make_target | Overrides the default make target | *ISO_NAME*-Checksum | :white_check_mark: | :x: | diff --git a/action.yml b/action.yml index 0a6a436..e325527 100644 --- a/action.yml +++ b/action.yml @@ -59,6 +59,10 @@ inputs: description: Repository containing the source container image required: true default: quay.io/fedora-ostree-desktops + image_signed: + description: Whether the container image is signed. The policy to test the signing must be configured inside the container image + required: false + default: "true" image_tag: description: Tag of the source container image. Defaults to the installer version required: false @@ -209,6 +213,7 @@ runs: FLATPAK_DIR="${{ steps.flatpak_dependencies.outputs.flatpak_dir && format('/github/workspace/{0}', steps.flatpak_dependencies.outputs.flatpak_dir) || '' }}" \ IMAGE_NAME="${{ inputs.image_name }}" \ IMAGE_REPO="${{ inputs.image_repo }}" \ + IMAGE_SIGNED="${{ inputs.image_signed }}" \ IMAGE_TAG="${{ inputs.image_tag || inputs.version }}" \ ISO_NAME=/github/workspace/${{ inputs.iso_name }} \ ${{ inputs.repos && format('REPOS="{0}"', inputs.repos) || '' }} \ diff --git a/lorax_templates/scripts/post/install_configure_upgrades b/lorax_templates/scripts/post/install_configure_upgrades index f474d93..20ca2ae 100644 --- a/lorax_templates/scripts/post/install_configure_upgrades +++ b/lorax_templates/scripts/post/install_configure_upgrades @@ -1,7 +1,18 @@ -<%page args="image_repo, _image_repo_double_escaped, image_name, image_tag, _rhel, version"/> +<%page args="image_repo, _image_repo_double_escaped, image_name, image_signed, image_tag, _rhel, version"/> + if (which bootc &> /dev/null) && [ ${_rhel} == 'false' && ${version} -ge 39 ] then - bootc switch --mutate-in-place --enforce-container-sigpolicy --transport registry ${image_repo}/${image_name}:${image_tag} + if [ ${image_signed} == 'true' ] + then + bootc switch --mutate-in-place --enforce-container-sigpolicy --transport registry ${image_repo}/${image_name}:${image_tag} + else + bootc switch --mutate-in-place --transport registry ${image_repo}/${image_name}:${image_tag} + fi else - sed -i 's/container-image-reference=.*/container-image-reference=ostree-image-signed:docker:\/\/${_image_repo_double_escaped}\/${image_name}:${image_tag}/' /ostree/deploy/default/deploy/*.origin + if [ ${image_signed} == 'true' ] + then + sed -i 's/container-image-reference=.*/container-image-reference=ostree-image-signed:docker:\/\/${_image_repo_double_escaped}\/${image_name}:${image_tag}/' /ostree/deploy/default/deploy/*.origin + else + sed -i 's/container-image-reference=.*/container-image-reference=ostree-unverified-image:docker:\/\/${_image_repo_double_escaped}\/${image_name}:${image_tag}/' /ostree/deploy/default/deploy/*.origin + fi fi From 3d7e6b3725b8a310fdad04a5a5ff12352eae9e85 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Tue, 11 Jun 2024 14:29:32 -0400 Subject: [PATCH 59/92] Add `image_src` variable for container image source override (#121) --- .github/workflows/build_vars.yml | 6 ---- Makefile.inputs | 1 + README.md | 58 ++++++++++++++++++-------------- action.yml | 21 +++++++----- container/Makefile | 6 +++- test/repo/vars.py | 6 +++- 6 files changed, 56 insertions(+), 42 deletions(-) diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index 55b53cc..1f9cf95 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -9,7 +9,6 @@ on: value: ' { "version": [ - "38", "39", "40", ], @@ -29,11 +28,6 @@ on: } ], "include": [ - { - "version": "38", - "image_repo": "quay.io/fedora-ostree-desktops", - "image_name": "base" - }, { "version": "39", "image_repo": "quay.io/fedora-ostree-desktops", diff --git a/Makefile.inputs b/Makefile.inputs index 51804c3..a77e4f2 100644 --- a/Makefile.inputs +++ b/Makefile.inputs @@ -6,6 +6,7 @@ export ARCH := x86_64 export EXTRA_BOOT_PARAMS := export IMAGE_NAME := base export IMAGE_REPO := quay.io/fedora-ostree-desktops +export IMAGE_SRC := export IMAGE_TAG = $(VERSION) export IMAGE_SIGNED := true REPOS := $(subst :,\:,$(wildcard /etc/yum.repos.d/*.repo)) diff --git a/README.md b/README.md index 0124d58..b8da5e4 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ This action is used to generate an ISO for installing an OSTree stored in a cont ## Usage This action is designed to be called from a GitHub workflow using the following format + ```yaml - name: Build ISO uses: jasonn3/build-container-installer@main @@ -56,6 +57,7 @@ The following variables can be used to customize the created ISO. | image_name | Name of the source container image | base | :white_check_mark: | :white_check_mark: | | image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | :white_check_mark: | :white_check_mark: | | image_signed | Whether the container image is signed. The policy to test the signing must be configured inside the container image | true | :white_check_mark: | :white_check_mark: | +| image_src | Overrides the source of the container image. Must be formatted for the skopeo copy command | \[empty\] | :white_check_mark: | :white_check_mark: | | image_tag | Tag of the source container image | *VERSION* | :white_check_mark: | :white_check_mark: | | iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | :white_check_mark: | :white_check_mark: | | make_target | Overrides the default make target | *ISO_NAME*-Checksum | :white_check_mark: | :x: | @@ -84,11 +86,11 @@ For outputs, see example above. ### Makefile -The Makefile contains all of the commands that are run in the action. There are separate targets for each file generated, however `make` can be used to generate the final image and `make clean` can be used to clean up the workspace. The resulting ISO will be stored in the `build` directory. +The Makefile contains all commands that are run the action. There are separate targets for each file generated, however `make` can be used to generate the final image and `make clean` can be used to clean up the workspace. The resulting ISO will be stored in the `build` directory. -`make install-deps` can be used to install the necessary packages +You can use `make install-deps` to install the required packages. -See [Customizing](#customizing) for information about customizing the ISO that gets created. All variable should be specified CAPITALIZED. +See [Customizing](#customizing) for information about customizing the ISO that gets created. All variables should be specified in CAPITALIZED form. ### Container @@ -98,39 +100,42 @@ To use the container file, run `docker run --privileged --volume .:/build-contai This will create an ISO with the baked in defaults of the container image. The resulting file will be called `deploy.iso` -See [Customizing](#customizing) for information about customizing the ISO that gets created. The variable can either be defined as environment variables. All variable should be specified CAPITALIZED. +See [Customizing](#customizing) for information about customizing the ISO that gets created. All variables should be specified in CAPITALIZED form. Examples: Building an ISO to install Fedora 38 + ```bash docker run --rm --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest VERSION=38 IMAGE_NAME=base IMAGE_TAG=38 VARIANT=Server ``` Building an ISO to install Fedora 39 + ```bash docker run --rm --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest VERSION=39 IMAGE_NAME=base IMAGE_TAG=39 VARIANT=Server ``` ### VSCode Dev Container -There is a dev container configuration provided for development. By default it will use the existing container image available at `ghcr.io/jasonn3/build-container-installer:latest`, however, you can have it build a new image by editing `.devcontainer/devcontainer.json` and replacing `image` with `build`. `Ctrl+/` can be used to comment and uncomment blocks of code within VSCode. +There is a dev container configuration provided for development. By default, it will use the existing container image available at `ghcr.io/jasonn3/build-container-installer:latest`. However, you can have it build a new image by editing `.devcontainer/devcontainer.json` and replacing `image` with `build`. `Ctrl+/` can be used to comment and uncomment blocks of code within VSCode. The code from VSCode will be available at `/workspaces/build-container-installer` once the container has started. Privileged is required for access to loop devices for lorax. Use existing container image: -``` + +```diff { - "name": "Existing Dockerfile", -// "build": { -// "context": "..", -// "dockerfile": "../Containerfile", -// "args": { -// "version": "39" -// } -// }, - "image": "ghcr.io/jasonn3/build-container-installer:latest", + "name": "Existing Image", +- "build": { +- "context": "..", +- "dockerfile": "../Containerfile", +- "args": { +- "version": "39" +- } +- }, ++ "image": "ghcr.io/jasonn3/build-container-installer:latest", "overrideCommand": true, "shutdownAction": "stopContainer", "privileged": true @@ -138,17 +143,18 @@ Use existing container image: ``` Build a new container image: -``` + +```diff { - "name": "Existing Dockerfile", - "build": { - "context": "..", - "dockerfile": "../Containerfile", - "args": { - "version": "39" - } - }, - //"image": "ghcr.io/jasonn3/build-container-installer:latest", + "name": "New Image", ++ "build": { ++ "context": "..", ++ "dockerfile": "../Containerfile", ++ "args": { ++ "version": "39" ++ } ++ }, +- "image": "ghcr.io/jasonn3/build-container-installer:latest", "overrideCommand": true, "shutdownAction": "stopContainer", "privileged": true @@ -163,4 +169,4 @@ Build a new container image: Star History Chart - \ No newline at end of file + diff --git a/action.yml b/action.yml index e325527..7115248 100644 --- a/action.yml +++ b/action.yml @@ -29,26 +29,26 @@ inputs: required: false default: "true" enrollment_password: - description: Used for supporting secure boot (requires secure_boot_key_url to be defined) + description: Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) required: false default: "container-installer" extra_boot_params: description: Extra params used by grub to boot the anaconda installer required: false flatpak_remote_name: - description: Name of the Flatpak remote repo + description: Name of the Flatpak repo on the destination OS required: false default: "flathub" flatpak_remote_refs: - description: Space delimited list of refs to the flatpak packages to install + description: Space separated list of flatpak refs to install required: false default: "" flatpak_remote_refs_dir: - description: Directory that contains files that list the flatpak refs to install relative to the github workspace + description: Directory that contains files that list the flatpak refs to install required: false default: "" flatpak_remote_url: - description: The URL of the Flatpak remote flatpakrepo file + description: URL of the flatpakrepo file required: false default: https://flathub.org/repo/flathub.flatpakrepo image_name: @@ -63,15 +63,18 @@ inputs: description: Whether the container image is signed. The policy to test the signing must be configured inside the container image required: false default: "true" + image_src: + description: Overrides the source of the container image. Must be formatted for the skopeo copy command + required: false image_tag: - description: Tag of the source container image. Defaults to the installer version + description: Tag of the source container image required: false iso_name: - description: "Name of the resulting ISO. Relative paths are relative to github.workspace" + description: Name of the ISO you wish to output when completed required: false default: build/deploy.iso make_target: - description: "Overrides the default make target" + description: Overrides the default make target required: false repos: description: List of repo files for Lorax to use @@ -158,6 +161,7 @@ runs: FLATPAK_REMOTE_URL="${{ inputs.flatpak_remote_url }}" \ IMAGE_NAME="${{ inputs.image_name }}" \ IMAGE_REPO="${{ inputs.image_repo }}" \ + IMAGE_SRC="${{ inputs.image_src }}" \ IMAGE_TAG="${{ inputs.image_tag || inputs.version }}" - name: Run docker image @@ -214,6 +218,7 @@ runs: IMAGE_NAME="${{ inputs.image_name }}" \ IMAGE_REPO="${{ inputs.image_repo }}" \ IMAGE_SIGNED="${{ inputs.image_signed }}" \ + IMAGE_SRC="${{ inputs.image_src }}" \ IMAGE_TAG="${{ inputs.image_tag || inputs.version }}" \ ISO_NAME=/github/workspace/${{ inputs.iso_name }} \ ${{ inputs.repos && format('REPOS="{0}"', inputs.repos) || '' }} \ diff --git a/container/Makefile b/container/Makefile index 88024a0..c9f7c4a 100644 --- a/container/Makefile +++ b/container/Makefile @@ -1,5 +1,9 @@ +ifeq ($(IMAGE_SRC),) +IMAGE_SRC := docker://$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) +endif + $(IMAGE_NAME)-$(IMAGE_TAG): - skopeo copy docker://$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) oci:$(IMAGE_NAME)-$(IMAGE_TAG) + skopeo copy $(IMAGE_SRC) oci:$(IMAGE_NAME)-$(IMAGE_TAG) install-deps: $(install_pkg) skopeo diff --git a/test/repo/vars.py b/test/repo/vars.py index 4aea753..497b67e 100755 --- a/test/repo/vars.py +++ b/test/repo/vars.py @@ -97,16 +97,20 @@ for line in readme_lines: errors += 1 continue if 'description' in inputs[var_name]: - if parts[2].strip() != inputs[var_name]['description']: + if parts[2].strip().strip('\*') != inputs[var_name]['description']: print("WARNING: " + var_name + " description in README.md does not match action.yml") if 'default_value' in inputs[var_name]: if not parts[3].strip().strip('"<>').startswith('*'): if inputs[var_name]['default_value'] == "": if parts[3].strip().strip('"') != '\\[empty\\]': print("ERROR: " + var_name + " default value in README.md does not match action.yml") + print("Found " + parts[3].strip().strip('"<>')) + print("Expected " + inputs[var_name]['default_value']) errors += 1 elif parts[3].strip().strip('"<>') != inputs[var_name]['default_value']: print("ERROR: " + var_name + " default value in README.md does not match action.yml") + print("Found " + parts[3].strip().strip('"<>')) + print("Expected " + inputs[var_name]['default_value']) errors += 1 if 'action' in inputs[var_name] and inputs[var_name]['action']: if parts[4].strip() != ':white_check_mark:': From 19c4aae2f2e1a3618b8c70d29df435cb51b208e1 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Thu, 13 Jun 2024 11:58:32 -0400 Subject: [PATCH 60/92] Fix `image_src` not setting default value (#122) --- .github/workflows/build_iso.yml | 2 ++ .github/workflows/build_vars.yml | 6 ++++++ container/Makefile | 6 +----- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 990de53..4c89f38 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -107,6 +107,7 @@ jobs: arch: ${{ needs.load_vars.outputs.ARCH }} image_name: ${{ matrix.image_name }} image_repo: ${{ matrix.image_repo}} + image_src: ${{ matrix.image_src }} image_tag: ${{ matrix.version }} version: ${{ matrix.version }} repos: ${{ matrix.repos }} @@ -118,6 +119,7 @@ jobs: iso_name: build/${{ matrix.image_name }}-${{ matrix.version }}${{ matrix.flatpaks == 'false' && '' || format('-{0}', matrix.flatpaks) }}.iso - name: Upload ISO as artifact + if: matrix.version != 'fake' id: upload uses: actions/upload-artifact@v4 with: diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index 1f9cf95..6806eaa 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -37,6 +37,12 @@ on: "version": "40", "image_repo": "quay.io/fedora", "image_name": "fedora-bootc" + }, + { + "version": "fake", + "image_repo": "quay.io/fedora", + "image_name": "fedora-bootc", + "image_src": "docker://quay.io/fedora-ostree-desktops/base:39" } ] }' diff --git a/container/Makefile b/container/Makefile index c9f7c4a..9e662dc 100644 --- a/container/Makefile +++ b/container/Makefile @@ -1,9 +1,5 @@ -ifeq ($(IMAGE_SRC),) -IMAGE_SRC := docker://$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) -endif - $(IMAGE_NAME)-$(IMAGE_TAG): - skopeo copy $(IMAGE_SRC) oci:$(IMAGE_NAME)-$(IMAGE_TAG) + skopeo copy $(if $(IMAGE_SRC),$(IMAGE_SRC),docker://$(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG)) oci:$(IMAGE_NAME)-$(IMAGE_TAG) install-deps: $(install_pkg) skopeo From 03ed84acd8c24cf62ac9ccbe318305f00f09f91e Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Thu, 13 Jun 2024 15:17:32 -0400 Subject: [PATCH 61/92] version must be a number --- .github/workflows/build_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index 6806eaa..e574c15 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -39,7 +39,7 @@ on: "image_name": "fedora-bootc" }, { - "version": "fake", + "version": "38", "image_repo": "quay.io/fedora", "image_name": "fedora-bootc", "image_src": "docker://quay.io/fedora-ostree-desktops/base:39" From 326734dccbe05edf2b9435df679d530d4dfcaffb Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:26:19 -0400 Subject: [PATCH 62/92] Add image signing (#124) --- .github/workflows/build_container.yml | 30 ++++++++++++++++++++++++++- cosign.pub | 4 ++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 cosign.pub diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 705485a..6b2ec21 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -94,6 +94,13 @@ jobs: tags: ${{ steps.meta.outputs.tags || steps.meta_pr.outputs.tags }} labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v2.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Push image uses: redhat-actions/push-to-registry@v2 with: @@ -110,4 +117,25 @@ jobs: status: ${{ job.status }} context: ${{ env.JOB_NAME }} sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} \ No newline at end of file + targetUrl: ${{ steps.jobs.outputs.html_url }} + + - name: Install Cosign + if: startsWith(github.ref, 'refs/tags/v') + uses: sigstore/cosign-installer@v3.5.0 + + - name: Sign the images + if: startsWith(github.ref, 'refs/tags/v') + env: + TAGS: ${{ steps.build-image.outputs.tags }} + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + run: | + images="" + digest="" + for tag in ${TAGS}; do + if [[ -z "${digest}" ]] + then + digest=$(cat $(echo ${tag} | tr '/:' '--')_digest.txt) + fi + images+="${tag}@${digest} " + done + cosign sign --key env://COSIGN_PRIVATE_KEY --yes ${images} diff --git a/cosign.pub b/cosign.pub new file mode 100644 index 0000000..4d5e06d --- /dev/null +++ b/cosign.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEY4ljyIhI2w9DOptB4WT20S+K5ts3 +GJTEKRkXmIYEXGfyKpJMdlGCWeg2kOam5dNhWKXXl46d3eBBo9S53TPpyQ== +-----END PUBLIC KEY----- From 2b91de59597440aca34123ba8d3c4a48712f8b08 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Fri, 21 Jun 2024 11:28:08 -0400 Subject: [PATCH 63/92] add password --- .github/workflows/build_container.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 6b2ec21..77ff2f0 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -128,6 +128,7 @@ jobs: env: TAGS: ${{ steps.build-image.outputs.tags }} COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | images="" digest="" From 92531089f947bc6493e9d11aafd2b412dc128ea4 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Fri, 21 Jun 2024 11:51:54 -0400 Subject: [PATCH 64/92] inherit secrets --- .github/workflows/tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 651d3f0..52e8305 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -27,6 +27,7 @@ jobs: build_container: name: Build Container uses: ./.github/workflows/build_container.yml + secrets: inherit with: pr: ${{ inputs.pr }} parent_job_name: ${{ inputs.parent_job_name && format('{0} / ', inputs.parent_job_name) }}Build Container From edf9c39029ac4c105720a807ae39b8dcd5fa7938 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jun 2024 09:48:43 -0400 Subject: [PATCH 65/92] Bump docker/login-action from 2.1.0 to 3.2.0 (#125) --- .github/workflows/build_container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 77ff2f0..54b9360 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -95,7 +95,7 @@ jobs: labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v3.2.0 with: registry: ghcr.io username: ${{ github.actor }} From 909d1a1bd8032a4fa8825902bcf649a4a5c48f83 Mon Sep 17 00:00:00 2001 From: Kean Ren Date: Wed, 26 Jun 2024 10:34:16 -0400 Subject: [PATCH 66/92] Update .gitmodules from f39 to f40 (#126) Co-authored-by: renhai2 --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index e05748a..3ac6662 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,7 +1,7 @@ [submodule "external/fedora-lorax-templates"] path = external/fedora-lorax-templates url = https://pagure.io/fedora-lorax-templates.git - branch = f39 + branch = f40 [submodule "external/lorax"] path = external/lorax url = https://github.com/weldr/lorax.git From ceccfc98ef73825152095431bfa85c796f174c7a Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Sun, 4 Aug 2024 18:10:17 +0000 Subject: [PATCH 67/92] fix issue with custom repo files --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 25ee23a..20bc28d 100644 --- a/Makefile +++ b/Makefile @@ -106,14 +106,14 @@ sb_pubkey.der: curl --fail -L -o sb_pubkey.der $(SECURE_BOOT_KEY_URL) # Build boot.iso using Lorax -results/images/boot.iso: external/lorax/branch-$(VERSION) $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(_REPO_FILES) $(if $(SECURE_BOOT_KEY_URL),sb_pubkey.der) +results/images/boot.iso: external/lorax/branch-$(VERSION) $(filter lorax_templates/%,$(_LORAX_TEMPLATES)) $(filter repos/%,$(_REPO_FILES)) $(if $(SECURE_BOOT_KEY_URL),sb_pubkey.der) $(if $(wildcard results), rm -Rf results) $(if $(wildcard /etc/rpm/macros.image-language-conf),mv /etc/rpm/macros.image-language-conf $(_TEMP_DIR)/macros.image-language-conf) lorax -p $(IMAGE_NAME) -v $(VERSION) -r $(VERSION) -t $(VARIANT) \ --isfinal --buildarch=$(ARCH) --volid=$(_VOLID) --sharedir $(PWD)/external/lorax/share/templates.d/99-generic \ $(_LORAX_ARGS) \ - $(foreach file,$(_REPO_FILES),--repo $(PWD)/$(file)) \ + $(foreach file,$(_REPO_FILES),--repo $(patsubst repos/%,$(PWD)/repos/%,$(file))) \ $(foreach file,$(_LORAX_TEMPLATES),--add-template $(PWD)/$(file)) \ $(foreach file,$(ADDITIONAL_TEMPLATES),--add-template $(file)) \ $(foreach file,$(_FLATPAK_TEMPLATES),--add-template $(file)) \ From 776a9a7e988b760789dfe55795a04a8621ff539d Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Mon, 12 Aug 2024 11:38:47 -0400 Subject: [PATCH 68/92] Tag image with long sha (#136) --- .github/workflows/build_container.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 54b9360..ca65ed7 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -72,6 +72,7 @@ jobs: tags: | type=ref,event=branch type=ref,event=pr + type=raw,value=${{ github.sha }} type=semver,pattern=v{{version}} type=semver,pattern=v{{major}}.{{minor}} type=semver,pattern=v{{major}}.{{minor}}.{{patch}} @@ -85,6 +86,7 @@ jobs: ghcr.io/${{ github.repository }} tags: | pr-${{ inputs.pr }} + ${{ github.sha }} - name: Buildah Build id: build-image From f98ebd14208b9aab7abf360b035db51ffe4acff9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 11:40:00 -0400 Subject: [PATCH 69/92] Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#131) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jason Nagin <33561705+JasonN3@users.noreply.github.com> --- .github/workflows/build_container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index ca65ed7..32df1e1 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -123,7 +123,7 @@ jobs: - name: Install Cosign if: startsWith(github.ref, 'refs/tags/v') - uses: sigstore/cosign-installer@v3.5.0 + uses: sigstore/cosign-installer@v3.6.0 - name: Sign the images if: startsWith(github.ref, 'refs/tags/v') From aa74d32215ba7bd6682211bfc3c07ede6e182614 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 11:40:47 -0400 Subject: [PATCH 70/92] Bump docker/login-action from 3.2.0 to 3.3.0 (#129) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jason Nagin <33561705+JasonN3@users.noreply.github.com> --- .github/workflows/build_container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 32df1e1..60ff1ea 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -97,7 +97,7 @@ jobs: labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3.2.0 + uses: docker/login-action@v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} From 54d96145905fed494e57147928726f23fe42e876 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Wed, 21 Aug 2024 10:09:28 -0400 Subject: [PATCH 71/92] Copy Wiki from main repo (#128) Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/update_wiki.yml | 50 ++++++++++++ README.md | 126 +----------------------------- docs/Makefile | 12 +++ docs/README.md | 1 + docs/_Sidebar.md | 8 ++ docs/development/container.md | 22 ++++++ docs/development/makefile.md | 7 ++ docs/development/vscode.md | 46 +++++++++++ docs/examples/adding-flatpaks.md | 74 ++++++++++++++++++ docs/home.md | 11 +++ docs/usage.md | 68 ++++++++++++++++ 11 files changed, 301 insertions(+), 124 deletions(-) create mode 100644 .github/workflows/update_wiki.yml create mode 100644 docs/Makefile create mode 100644 docs/README.md create mode 100644 docs/_Sidebar.md create mode 100644 docs/development/container.md create mode 100644 docs/development/makefile.md create mode 100644 docs/development/vscode.md create mode 100644 docs/examples/adding-flatpaks.md create mode 100644 docs/home.md create mode 100644 docs/usage.md diff --git a/.github/workflows/update_wiki.yml b/.github/workflows/update_wiki.yml new file mode 100644 index 0000000..daeeb9b --- /dev/null +++ b/.github/workflows/update_wiki.yml @@ -0,0 +1,50 @@ +name: Update Wiki +on: + push: + branches: + - main + paths: + - 'docs/**' + - '.github/workflows/update_wiki.yml' + +jobs: + update-wiki: + name: Update Wiki + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Install packages + run: | + apt install -y make rsync + # Checkout Main Repo + - uses: actions/checkout@v2 + + # Checkout Wiki Repo + - uses: actions/checkout@v2 + with: + repository: ${{github.repository}}.wiki + persist-credentials: true + path: wiki + ref: master + + # Generate final files + - name: Generate Files + run: | + cd ${GITHUB_WORKSPACE}/docs + make + + # Copy Docs + - name: Copy files + run: | + rsync -av --exclude='.git/*' ${GITHUB_WORKSPACE}/docs/ ${GITHUB_WORKSPACE}/wiki/ + + # Push Changes + - name: Push changes + run: | + cd ${GITHUB_WORKSPACE}/wiki/ + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add . + git commit -m "Add changes" + git push diff --git a/README.md b/README.md index b8da5e4..26a3de9 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ # Build Container Installer Action -This action is used to generate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer` +This action is used to generate an ISO for installing an OSTree stored in a container image. This utilizes the anaconda command `ostreecontainer`, which also supports bootc. ## Usage @@ -36,130 +36,8 @@ This action is designed to be called from a GitHub workflow using the following compression-level: 0 ``` -See [Customizing](#customizing) for information about customizing the ISO that gets created using `with` +**See the [Wiki](https://github.com/JasonN3/build-container-installer/wiki) for development and usage information.** -## Customizing - -The following variables can be used to customize the created ISO. - -### Inputs - -| Variable | Description | Default Value | Action | Container/Makefile | -| ----------------------- | ---------------------------------------------------------------------------- | -------------------------------------------- | ------------------ | ------------------ | -| additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] | :white_check_mark: | :white_check_mark: | -| arch | Architecture for image to build | x86_64 | :white_check_mark: | :white_check_mark: | -| enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer | :white_check_mark: | :white_check_mark: | -| extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] | :white_check_mark: | :white_check_mark: | -| flatpak_remote_name | Name of the Flatpak repo on the destination OS | flathub | :white_check_mark: | :white_check_mark: | -| flatpak_remote_refs | Space separated list of flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | -| flatpak_remote_refs_dir | Directory that contains files that list the flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | -| flatpak_remote_url | URL of the flatpakrepo file | | :white_check_mark: | :white_check_mark: | -| image_name | Name of the source container image | base | :white_check_mark: | :white_check_mark: | -| image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | :white_check_mark: | :white_check_mark: | -| image_signed | Whether the container image is signed. The policy to test the signing must be configured inside the container image | true | :white_check_mark: | :white_check_mark: | -| image_src | Overrides the source of the container image. Must be formatted for the skopeo copy command | \[empty\] | :white_check_mark: | :white_check_mark: | -| image_tag | Tag of the source container image | *VERSION* | :white_check_mark: | :white_check_mark: | -| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | :white_check_mark: | :white_check_mark: | -| make_target | Overrides the default make target | *ISO_NAME*-Checksum | :white_check_mark: | :x: | -| repos | List of repo files for Lorax to use | /etc/yum.repos.d/*.repo | :white_check_mark: | :white_check_mark: | -| rootfs_size | The size (in GiB) for the squashfs runtime volume | 2 | :white_check_mark: | :white_check_mark: | -| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | :white_check_mark: | :white_check_mark: | -| variant | Source container variant\* | Server | :white_check_mark: | :white_check_mark: | -| version | Fedora version of installer to build | 39 | :white_check_mark: | :white_check_mark: | -| web_ui | Enable Anaconda WebUI (experimental) | false | :white_check_mark: | :white_check_mark: | - -\*Available options for VARIANT can be found by running `dnf provides system-release`. -Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite - -\*\* If you need to reference a local file, you can use `file://*path*` - -### Outputs - -| Variable | Description | Usage | -| -------- | ----------------------------------------| ------------------------------------------------ | -| iso_name | The name of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} | -| iso_path | The name and path of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} | - -For outputs, see example above. - -## Development - -### Makefile - -The Makefile contains all commands that are run the action. There are separate targets for each file generated, however `make` can be used to generate the final image and `make clean` can be used to clean up the workspace. The resulting ISO will be stored in the `build` directory. - -You can use `make install-deps` to install the required packages. - -See [Customizing](#customizing) for information about customizing the ISO that gets created. All variables should be specified in CAPITALIZED form. - -### Container - -A container with `make install-deps` already run is provided at `ghcr.io/jasonn3/build-container-installer:latest` - -To use the container file, run `docker run --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest`. - -This will create an ISO with the baked in defaults of the container image. The resulting file will be called `deploy.iso` - -See [Customizing](#customizing) for information about customizing the ISO that gets created. All variables should be specified in CAPITALIZED form. -Examples: - -Building an ISO to install Fedora 38 - -```bash -docker run --rm --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest VERSION=38 IMAGE_NAME=base IMAGE_TAG=38 VARIANT=Server -``` - -Building an ISO to install Fedora 39 - -```bash -docker run --rm --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest VERSION=39 IMAGE_NAME=base IMAGE_TAG=39 VARIANT=Server -``` - -### VSCode Dev Container - -There is a dev container configuration provided for development. By default, it will use the existing container image available at `ghcr.io/jasonn3/build-container-installer:latest`. However, you can have it build a new image by editing `.devcontainer/devcontainer.json` and replacing `image` with `build`. `Ctrl+/` can be used to comment and uncomment blocks of code within VSCode. - -The code from VSCode will be available at `/workspaces/build-container-installer` once the container has started. - -Privileged is required for access to loop devices for lorax. - -Use existing container image: - -```diff -{ - "name": "Existing Image", -- "build": { -- "context": "..", -- "dockerfile": "../Containerfile", -- "args": { -- "version": "39" -- } -- }, -+ "image": "ghcr.io/jasonn3/build-container-installer:latest", - "overrideCommand": true, - "shutdownAction": "stopContainer", - "privileged": true -} -``` - -Build a new container image: - -```diff -{ - "name": "New Image", -+ "build": { -+ "context": "..", -+ "dockerfile": "../Containerfile", -+ "args": { -+ "version": "39" -+ } -+ }, -- "image": "ghcr.io/jasonn3/build-container-installer:latest", - "overrideCommand": true, - "shutdownAction": "stopContainer", - "privileged": true -} -``` ## Star History diff --git a/docs/Makefile b/docs/Makefile new file mode 100644 index 0000000..21029af --- /dev/null +++ b/docs/Makefile @@ -0,0 +1,12 @@ +SHELL = /bin/bash + +docs: + find -name '*.md' -print0 | xargs -0 -I {} bash -c ' \ + source_file=$${1:2}; \ + final_file=$${source_file//\//_}; \ + mv "$${source_file}" "$${final_file}"; \ + no_ext_source=$${source_file:0:-3}; \ + no_ext_final=$${final_file:0:-3}; \ + sed -i "s;(\(../\)*$${source_file});($${no_ext_final});g" $$(find -name '*.md'); \ + ' _ {} + find . -type d -empty -delete diff --git a/docs/README.md b/docs/README.md new file mode 100644 index 0000000..2091ec8 --- /dev/null +++ b/docs/README.md @@ -0,0 +1 @@ +These are the files for the [wiki](https://github.com/JasonN3/build-container-installer/wiki) \ No newline at end of file diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md new file mode 100644 index 0000000..93379d1 --- /dev/null +++ b/docs/_Sidebar.md @@ -0,0 +1,8 @@ +- [Home](home.md) +- Development + - [Using the Makefile](development/makefile.md) + - [Using the Container](development/container.md) + - [Using the VSCode Dev Container](development/vscode.md) + +- Examples + - [Adding Flatpaks](examples/adding-flatpaks.md) diff --git a/docs/development/container.md b/docs/development/container.md new file mode 100644 index 0000000..29d4a7a --- /dev/null +++ b/docs/development/container.md @@ -0,0 +1,22 @@ +# Using the Container + +A container with `make install-deps` already run is provided at `ghcr.io/jasonn3/build-container-installer:latest` + +To use the container file, run `podman run --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest`. + +This will create an ISO with the baked in defaults of the container image. The resulting file will be called `deploy.iso` + +See [Inputs](../usage.md#inputs) for information about customizing the ISO that gets created. The variables can be defined as environment variables or command arguments. All variables should be specified in CAPITALIZED form. +Examples: + +Building an ISO to install Fedora 39 +```bash +podman run --rm --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest VERSION=39 IMAGE_NAME=base IMAGE_TAG=39 VARIANT=Server +``` + +Building an ISO to install Fedora 40 +```bash +podman run --rm --privileged --volume .:/build-container-installer/build ghcr.io/jasonn3/build-container-installer:latest VERSION=40 IMAGE_NAME=base IMAGE_TAG=40 VARIANT=Server +``` + +The same commands are also available using `docker` by replacing `podman` with `docker` in each command. diff --git a/docs/development/makefile.md b/docs/development/makefile.md new file mode 100644 index 0000000..a94535e --- /dev/null +++ b/docs/development/makefile.md @@ -0,0 +1,7 @@ +# Using the Makefile + +The Makefile contains all the commands that are run in the action. There are separate targets for each file generated, however `make` can be used to generate the final image and `make clean` can be used to clean up the workspace. The resulting ISO will be stored in the `build` directory. + +`make install-deps` can be used to install the necessary packages. + +See [Inputs](../usage.md#inputs) for information about the available parameters. All variables should be specified in CAPITALIZED form. diff --git a/docs/development/vscode.md b/docs/development/vscode.md new file mode 100644 index 0000000..4b22fe9 --- /dev/null +++ b/docs/development/vscode.md @@ -0,0 +1,46 @@ +# Using the VSCode Dev Container + +There is a dev container configuration provided for development. By default, it will use the existing container image available at `ghcr.io/jasonn3/build-container-installer:latest`. However, you can have it build a new image by editing `.devcontainer/devcontainer.json` and replacing `image` with `build`. `Ctrl+/` can be used to comment and uncomment blocks of code within VSCode. + +The code from VSCode will be available at `/workspaces/build-container-installer` once the container has started. + +Privileged is required for access to loop devices for lorax. + +## Use existing container image + +```diff +{ + "name": "Existing Image", +- "build": { +- "context": "..", +- "dockerfile": "../Containerfile", +- "args": { +- "version": "39" +- } +- }, ++ "image": "ghcr.io/jasonn3/build-container-installer:latest", + "overrideCommand": true, + "shutdownAction": "stopContainer", + "privileged": true +} +``` + +## Build a new container image + +```diff +{ + "name": "New Image", ++ "build": { ++ "context": "..", ++ "dockerfile": "../Containerfile", ++ "args": { ++ "version": "39" ++ } ++ }, +- "image": "ghcr.io/jasonn3/build-container-installer:latest", + "overrideCommand": true, + "shutdownAction": "stopContainer", + "privileged": true +} +``` + diff --git a/docs/examples/adding-flatpaks.md b/docs/examples/adding-flatpaks.md new file mode 100644 index 0000000..153b740 --- /dev/null +++ b/docs/examples/adding-flatpaks.md @@ -0,0 +1,74 @@ +# Adding Flatpaks + +- [Directly using refs](#directly-using-refs) +- [Using a directory](#using-a-directory) + +## Directly using refs + +Action: +Specify the following in your workflow: + +```yaml +- name: Build ISO + uses: jasonn3/build-container-installer@main + id: build + with: + flatpak_remote_name: flathub + flatpak_remote_url: https://flathub.org/repo/flathub.flatpakrepo + flatpak_remote_refs: app/org.videolan.VLC/x86_64/stable runtime/org.kde.Platform/x86_64/5.15-23.08 +``` + +Podman: +Run the following command: + +```bash +podman run --privileged --volume ./:/github/workspace/ ghcr.io/jasonn3/build-container-installer:main \ + FLATPAK_REMOTE_NAME=flathub \ + FLATPAK_REMOTE_URL=https://flathub.org/repo/flathub.flatpakrepo \ + FLATPAK_REMOTE_REFS="app/org.videolan.VLC/x86_64/stable runtime/org.kde.Platform/x86_64/5.15-23.08" +``` + +--- + +## Using a directory + +Action: + +1. Create a directory within your GitHub repo named flatpak_refs +1. Create a file within flatpak_refs with the following content + +```plaintext +app/org.videolan.VLC/x86_64/stable +runtime/org.kde.Platform/x86_64/5.15-23.08 +``` + +Specify the following in your workflow: + +```yaml +- name: Build ISO + uses: jasonn3/build-container-installer@main + id: build + with: + flatpak_remote_name: flathub + flatpak_remote_url: https://flathub.org/repo/flathub.flatpakrepo + flatpak_remote_refs_dir: /github/workspace/flatpak_refs +``` + +Podman: + +1. Create a directory named flatpak_refs +1. Create a file within flatpak_refs with the following content + +```plaintext +app/org.videolan.VLC/x86_64/stable +runtime/org.kde.Platform/x86_64/5.15-23.08 +``` + +Run the following command: + +```bash +podman run --privileged --volume ./:/github/workspace/ ghcr.io/jasonn3/build-container-installer:main \ + FLATPAK_REMOTE_NAME=flathub \ + FLATPAK_REMOTE_URL=https://flathub.org/repo/flathub.flatpakrepo \ + FLATPAK_REMOTE_REFS="app/org.videolan.VLC/x86_64/stable runtime/org.kde.Platform/x86_64/5.15-23.08" +``` diff --git a/docs/home.md b/docs/home.md new file mode 100644 index 0000000..6f88490 --- /dev/null +++ b/docs/home.md @@ -0,0 +1,11 @@ +Welcome to the build-container-installer wiki! + +## Index + +- Development + - [Using the Makefile](development/makefile.md) + - [Using the Container](development/container.md) + - [Using the VSCode Dev Container](development/vscode.md) + +- Examples + - [Adding Flatpaks](examples/adding-flatpaks.md) diff --git a/docs/usage.md b/docs/usage.md new file mode 100644 index 0000000..9f6a83f --- /dev/null +++ b/docs/usage.md @@ -0,0 +1,68 @@ +# Usage + +This action is designed to be called from a GitHub workflow using the following format + +```yaml +- name: Build ISO + uses: jasonn3/build-container-installer@main + id: build + with: + arch: ${{ env.ARCH}} + image_name: ${{ env.IMAGE_NAME}} + image_repo: ${{ env.IMAGE_REPO}} + image_tag: ${{ env.IMAGE_TAG }} + version: ${{ env.VERSION }} + variant: ${{ env.VARIANT }} + iso_name: ${{ env.IMAGE_NAME }}-${{ env.IMAGE_TAG }}-${{ env.VERSION }}.iso + +# This example is for uploading your ISO as a Github artifact. You can do something similar using any cloud storage, so long as you copy the output +- name: Upload ISO as artifact + id: upload + uses: actions/upload-artifact@v4 + with: + name: ${{ steps.build.outputs.iso_name }} + path: | + ${{ steps.build.outputs.iso_path }} + ${{ steps.build.outputs.iso_path }}-CHECKSUM + if-no-files-found: error + retention-days: 0 + compression-level: 0 +``` + +## Inputs + +| Variable | Description | Default Value | Action | Container/Makefile | +| ----------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------- | ------------------ | ------------------ | +| additional_templates | Space delimited list of additional Lorax templates to include | \[empty\] | :white_check_mark: | :white_check_mark: | +| arch | Architecture for image to build | x86_64 | :white_check_mark: | :white_check_mark: | +| enrollment_password | Used for supporting secure boot (requires SECURE_BOOT_KEY_URL to be defined) | container-installer | :white_check_mark: | :white_check_mark: | +| extra_boot_params | Extra params used by grub to boot the anaconda installer | \[empty\] | :white_check_mark: | :white_check_mark: | +| flatpak_remote_name | Name of the Flatpak repo on the destination OS | flathub | :white_check_mark: | :white_check_mark: | +| flatpak_remote_refs | Space separated list of flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | +| flatpak_remote_refs_dir | Directory that contains files that list the flatpak refs to install | \[empty\] | :white_check_mark: | :white_check_mark: | +| flatpak_remote_url | URL of the flatpakrepo file | | :white_check_mark: | :white_check_mark: | +| image_name | Name of the source container image | base | :white_check_mark: | :white_check_mark: | +| image_repo | Repository containing the source container image | quay.io/fedora-ostree-desktops | :white_check_mark: | :white_check_mark: | +| image_signed | Whether the container image is signed. The policy to test the signing must be configured inside the container image | true | :white_check_mark: | :white_check_mark: | +| image_src | Overrides the source of the container image. Must be formatted for the skopeo copy command | \[empty\] | :white_check_mark: | :white_check_mark: | +| image_tag | Tag of the source container image | *VERSION* | :white_check_mark: | :white_check_mark: | +| iso_name | Name of the ISO you wish to output when completed | build/deploy.iso | :white_check_mark: | :white_check_mark: | +| make_target | Overrides the default make target | *ISO_NAME*-Checksum | :white_check_mark: | :x: | +| repos | List of repo files for Lorax to use | /etc/yum.repos.d/*.repo | :white_check_mark: | :white_check_mark: | +| rootfs_size | The size (in GiB) for the squashfs runtime volume | 2 | :white_check_mark: | :white_check_mark: | +| secure_boot_key_url | Secure boot key that is installed from URL location\*\* | \[empty\] | :white_check_mark: | :white_check_mark: | +| variant | Source container variant\* | Server | :white_check_mark: | :white_check_mark: | +| version | Fedora version of installer to build | 39 | :white_check_mark: | :white_check_mark: | +| web_ui | Enable Anaconda WebUI (experimental) | false | :white_check_mark: | :white_check_mark: | + +\*Available options for VARIANT can be found by running `dnf provides system-release`. +Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite + +\*\* If you need to reference a local file, you can use `file://*path*` + +## Outputs + +| Variable | Description | Usage | +| -------- | ----------------------------------------| ------------------------------------------------ | +| iso_name | The name of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} | +| iso_path | The name and path of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} | \ No newline at end of file From f10dd64668e822264ef39ae93beec550961818d7 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Wed, 21 Aug 2024 10:29:27 -0400 Subject: [PATCH 72/92] Add known errors page (#137) --- .github/workflows/update_wiki.yml | 2 +- docs/_Sidebar.md | 2 ++ docs/home.md | 2 ++ docs/known_errors.md | 7 +++++++ 4 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 docs/known_errors.md diff --git a/.github/workflows/update_wiki.yml b/.github/workflows/update_wiki.yml index daeeb9b..ac78537 100644 --- a/.github/workflows/update_wiki.yml +++ b/.github/workflows/update_wiki.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Install packages run: | - apt install -y make rsync + sudo apt install -y make rsync # Checkout Main Repo - uses: actions/checkout@v2 diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 93379d1..300a54e 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -6,3 +6,5 @@ - Examples - [Adding Flatpaks](examples/adding-flatpaks.md) + +- [Known Errors](known_errors.md) \ No newline at end of file diff --git a/docs/home.md b/docs/home.md index 6f88490..e8b6e75 100644 --- a/docs/home.md +++ b/docs/home.md @@ -9,3 +9,5 @@ Welcome to the build-container-installer wiki! - Examples - [Adding Flatpaks](examples/adding-flatpaks.md) + +- [Known Errors](known_errors.md) \ No newline at end of file diff --git a/docs/known_errors.md b/docs/known_errors.md new file mode 100644 index 0000000..bda0b22 --- /dev/null +++ b/docs/known_errors.md @@ -0,0 +1,7 @@ +# Known Errors + +This page describes known errors and how to resolve them. + +## failed to write boot loader configuration + +Add `RUN bootupctl backend generate-update-metadata` at the end of your Dockerfile/Containerfile \ No newline at end of file From 237ff3e130d9455a33f02e34b258ed7cbc79b9a9 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Wed, 21 Aug 2024 14:23:54 -0400 Subject: [PATCH 73/92] escape quote --- docs/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Makefile b/docs/Makefile index 21029af..49f871b 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -7,6 +7,6 @@ docs: mv "$${source_file}" "$${final_file}"; \ no_ext_source=$${source_file:0:-3}; \ no_ext_final=$${final_file:0:-3}; \ - sed -i "s;(\(../\)*$${source_file});($${no_ext_final});g" $$(find -name '*.md'); \ + sed -i "s;(\(../\)*$${source_file});($${no_ext_final});g" $$(find -name '\''*.md'\''); \ ' _ {} find . -type d -empty -delete From 0180c5003041d49b357465562e942aab8c04c71b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Aug 2024 10:11:18 -0400 Subject: [PATCH 74/92] Bump actions/checkout from 2 to 4 (#138) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/update_wiki.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update_wiki.yml b/.github/workflows/update_wiki.yml index ac78537..a9bdf15 100644 --- a/.github/workflows/update_wiki.yml +++ b/.github/workflows/update_wiki.yml @@ -18,10 +18,10 @@ jobs: run: | sudo apt install -y make rsync # Checkout Main Repo - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 # Checkout Wiki Repo - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: repository: ${{github.repository}}.wiki persist-credentials: true From f9395d5ae1ad571746a7fd890e80f2d4360b81e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 09:36:44 -0400 Subject: [PATCH 75/92] Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#143) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build_container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 60ff1ea..57949bc 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -123,7 +123,7 @@ jobs: - name: Install Cosign if: startsWith(github.ref, 'refs/tags/v') - uses: sigstore/cosign-installer@v3.6.0 + uses: sigstore/cosign-installer@v3.7.0 - name: Sign the images if: startsWith(github.ref, 'refs/tags/v') From a1ce6da2d6c1af0561bec053366d0f3aa7e38743 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Wed, 30 Oct 2024 15:01:05 -0400 Subject: [PATCH 76/92] Add F41 tests (#145) Co-authored-by: Noel Miller --- .github/workflows/build_vars.yml | 37 +++++------------------- flatpaks/Makefile | 1 + lorax_templates/flatpak_set_repo.tmpl | 2 +- test/iso/flatpak_repo_updated.sh | 14 +++++++++ test/vm/flatpak_fedora_repo_disabled.yml | 4 ++- 5 files changed, 27 insertions(+), 31 deletions(-) diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index e574c15..ffbe614 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -10,40 +10,19 @@ on: { "version": [ "39", - "40", - ], + "40", + "41" + ], "flatpaks": [ "false", - "flatpak_dir", + "flatpak_refs_dir", "flatpak_refs" ], - "exclude": [ - { - "version": "40", - "flatpaks": "flatpak_dir" - }, - { - "version": "40", - "flatpaks": "flatpak_refs" - } + "image_repo": [ + "ghcr.io/ublue-os" ], - "include": [ - { - "version": "39", - "image_repo": "quay.io/fedora-ostree-desktops", - "image_name": "base" - }, - { - "version": "40", - "image_repo": "quay.io/fedora", - "image_name": "fedora-bootc" - }, - { - "version": "38", - "image_repo": "quay.io/fedora", - "image_name": "fedora-bootc", - "image_src": "docker://quay.io/fedora-ostree-desktops/base:39" - } + "image_name": [ + "base-main" ] }' VARIANT: diff --git a/flatpaks/Makefile b/flatpaks/Makefile index 3b6e939..7729d01 100644 --- a/flatpaks/Makefile +++ b/flatpaks/Makefile @@ -14,6 +14,7 @@ repo: script.sh script.sh: cat << EOF > script.sh + which flatpak &> /dev/null || dnf install -y flatpak mkdir -p /flatpak/flatpak /flatpak/triggers mkdir /var/tmp || true chmod -R 1777 /var/tmp diff --git a/lorax_templates/flatpak_set_repo.tmpl b/lorax_templates/flatpak_set_repo.tmpl index 0d8db43..b7fae2d 100644 --- a/lorax_templates/flatpak_set_repo.tmpl +++ b/lorax_templates/flatpak_set_repo.tmpl @@ -1,8 +1,8 @@ <%page args="flatpak_remote_name, _flatpak_repo_url, version"/> % if int(version) >= 41: +append etc/anaconda/conf.d/anaconda.conf "[Payload]" append etc/anaconda/conf.d/anaconda.conf "flatpak_remote = ${flatpak_remote_name} ${_flatpak_repo_url}" % else: replace "flatpak_manager\.add_remote\(\".*\", \".*\"\)" "flatpak_manager.add_remote(\"${flatpak_remote_name}\", \"${_flatpak_repo_url}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py replace "flatpak_manager\.replace_installed_refs_remote\(\".*\"\)" "flatpak_manager.replace_installed_refs_remote(\"${flatpak_remote_name}\")" /usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py % endif - diff --git a/test/iso/flatpak_repo_updated.sh b/test/iso/flatpak_repo_updated.sh index 83f3773..c8187ff 100644 --- a/test/iso/flatpak_repo_updated.sh +++ b/test/iso/flatpak_repo_updated.sh @@ -1,5 +1,19 @@ #!/bin/bash +if [[ ${VERSION} -ge 41 ]] +then + result=0 + grep "^\[Payload\]" mnt/install/etc/anaconda/conf.d/anaconda.conf > /dev/null || { + echo "Missing [Payload] header" + result=1 + } + grep "^flatpak_remote = ${FLATPAK_REMOTE_NAME} ${_FLATPAK_REPO_URL}" mnt/install/etc/anaconda/conf.d/anaconda.conf > /dev/null || { + echo "Missing flatpak_remote option" + result=1 + } + exit ${result} +fi + add_line=$(grep flatpak_manager.add_remote mnt/install/usr/lib64/python*/site-packages/pyanaconda/modules/payloads/payload/rpm_ostree/flatpak_installation.py) add_line_repo=$(echo "${add_line}" | grep "${FLATPAK_REMOTE_NAME}") diff --git a/test/vm/flatpak_fedora_repo_disabled.yml b/test/vm/flatpak_fedora_repo_disabled.yml index 17a3e08..eb87099 100644 --- a/test/vm/flatpak_fedora_repo_disabled.yml +++ b/test/vm/flatpak_fedora_repo_disabled.yml @@ -10,7 +10,9 @@ register: services_state - name: Check that flatpak-add-fedora-repos is disabled + when: services_state['ansible_facts']['services']['flatpak-add-fedora-repos.service'] is defined ansible.builtin.assert: that: - services_state['ansible_facts']['services']['flatpak-add-fedora-repos.service']['status'] == 'disabled' - fail_msg: 'flatpak-add-fedora-repos.service is not disabled' \ No newline at end of file + fail_msg: 'flatpak-add-fedora-repos.service is not disabled' + success_msg: 'flatpak-add-fedora-repos.service is correctly disabled' From ec2a9f4e3fbf100d7d42487bc45524f106ace8cf Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Thu, 31 Oct 2024 09:47:55 -0400 Subject: [PATCH 77/92] disable schedule --- .github/workflows/clean_repo.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/clean_repo.yml b/.github/workflows/clean_repo.yml index b1e1368..d5e05ab 100644 --- a/.github/workflows/clean_repo.yml +++ b/.github/workflows/clean_repo.yml @@ -1,7 +1,7 @@ name: Clean Container Registry on: - schedule: - - cron: '0 21 * * 0' +# schedule: +# - cron: '0 21 * * 0' workflow_dispatch: From 312375b2cd5b2e426c3ff966cfd4e7515f658524 Mon Sep 17 00:00:00 2001 From: Noel Miller <4983138+noelmiller@users.noreply.github.com> Date: Tue, 3 Dec 2024 12:00:55 -0600 Subject: [PATCH 78/92] fix link to inputs (#147) Co-authored-by: Jason Nagin <33561705+JasonN3@users.noreply.github.com> --- docs/development/container.md | 2 +- docs/development/makefile.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/development/container.md b/docs/development/container.md index 29d4a7a..8df3e27 100644 --- a/docs/development/container.md +++ b/docs/development/container.md @@ -6,7 +6,7 @@ To use the container file, run `podman run --privileged --volume .:/build-contai This will create an ISO with the baked in defaults of the container image. The resulting file will be called `deploy.iso` -See [Inputs](../usage.md#inputs) for information about customizing the ISO that gets created. The variables can be defined as environment variables or command arguments. All variables should be specified in CAPITALIZED form. +See [Inputs](usage.md#inputs) for information about customizing the ISO that gets created. The variables can be defined as environment variables or command arguments. All variables should be specified in CAPITALIZED form. Examples: Building an ISO to install Fedora 39 diff --git a/docs/development/makefile.md b/docs/development/makefile.md index a94535e..be37851 100644 --- a/docs/development/makefile.md +++ b/docs/development/makefile.md @@ -4,4 +4,4 @@ The Makefile contains all the commands that are run in the action. There are sep `make install-deps` can be used to install the necessary packages. -See [Inputs](../usage.md#inputs) for information about the available parameters. All variables should be specified in CAPITALIZED form. +See [Inputs](usage#inputs) for information about the available parameters. All variables should be specified in CAPITALIZED form. From e80a97fbb08318a708bc8a3b2515f4a7aa912c0c Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Tue, 3 Dec 2024 13:02:35 -0500 Subject: [PATCH 79/92] fix link path --- docs/development/container.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/development/container.md b/docs/development/container.md index 8df3e27..0e0a0ef 100644 --- a/docs/development/container.md +++ b/docs/development/container.md @@ -6,7 +6,7 @@ To use the container file, run `podman run --privileged --volume .:/build-contai This will create an ISO with the baked in defaults of the container image. The resulting file will be called `deploy.iso` -See [Inputs](usage.md#inputs) for information about customizing the ISO that gets created. The variables can be defined as environment variables or command arguments. All variables should be specified in CAPITALIZED form. +See [Inputs](usage#inputs) for information about customizing the ISO that gets created. The variables can be defined as environment variables or command arguments. All variables should be specified in CAPITALIZED form. Examples: Building an ISO to install Fedora 39 From f09a756b7a1205f121d8508f1171759328b95d2c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 13:03:39 -0500 Subject: [PATCH 80/92] Bump Chizkiyahu/delete-untagged-ghcr-action from 4 to 5 (#148) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/clean_repo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/clean_repo.yml b/.github/workflows/clean_repo.yml index d5e05ab..a19ddd5 100644 --- a/.github/workflows/clean_repo.yml +++ b/.github/workflows/clean_repo.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Delete Untagged Packages - uses: Chizkiyahu/delete-untagged-ghcr-action@v4 + uses: Chizkiyahu/delete-untagged-ghcr-action@v5 with: token: ${{ secrets.PACKAGE_DELETER }} repository_owner: ${{ github.repository_owner }} From 362fea7d5d5df8d8d2412379c05b77bdaaf934a0 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Thu, 2 Jan 2025 09:02:24 -0500 Subject: [PATCH 81/92] Block broken lorax versions (#152) --- .github/workflows/build_iso.yml | 6 +++--- .github/workflows/test_deployment.yml | 6 +++--- .github/workflows/test_iso.yml | 6 +++--- external/Makefile | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 4c89f38..3c2316d 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -53,7 +53,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" per_page: 100 - name: Set status @@ -62,7 +62,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} @@ -138,7 +138,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml index 792b68a..ec85345 100644 --- a/.github/workflows/test_deployment.yml +++ b/.github/workflows/test_deployment.yml @@ -52,7 +52,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" per_page: 100 - name: Set status @@ -61,7 +61,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} @@ -107,6 +107,6 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/test_iso.yml b/.github/workflows/test_iso.yml index 3b072d7..4697e30 100644 --- a/.github/workflows/test_iso.yml +++ b/.github/workflows/test_iso.yml @@ -52,7 +52,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" per_page: 100 - name: Set status @@ -61,7 +61,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} @@ -98,6 +98,6 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} \ No newline at end of file diff --git a/external/Makefile b/external/Makefile index 74047b1..0cac3e7 100644 --- a/external/Makefile +++ b/external/Makefile @@ -1,6 +1,6 @@ lorax/branch-$(VERSION): git config advice.detachedHead false - cd lorax && git reset --hard HEAD && git checkout $(if $(_RHEL),rhel$(word 1,$(subst ., ,$(VERSION)))-branch,tags/$(shell cd lorax && git tag -l lorax-$(VERSION).* --sort=creatordate | tail -n 1)) + cd lorax && git reset --hard HEAD && git checkout $(if $(_RHEL),rhel$(word 1,$(subst ., ,$(VERSION)))-branch,tags/$(shell cd lorax && git tag -l lorax-$(VERSION).* --sort=creatordate | grep -v 'lorax-40\.5' | tail -n 1)) touch lorax/branch-$(VERSION) install-deps: From 46786df34449d211be50addcde81570b6e5aba8b Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Wed, 8 Jan 2025 10:39:29 -0500 Subject: [PATCH 82/92] Test with base Fedora images (#155) --- .github/workflows/build_vars.yml | 36 ++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index ffbe614..336a401 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -9,7 +9,7 @@ on: value: ' { "version": [ - "39", + "39", "40", "41" ], @@ -19,10 +19,38 @@ on: "flatpak_refs" ], "image_repo": [ - "ghcr.io/ublue-os" + "ghcr.io/ublue-os", + "quay.io/fedora-ostree-desktops" ], - "image_name": [ - "base-main" + "include": [ + { + "image_repo": "ghcr.io/ublue-os", + "image_name": "base-main", + }, + { + "image_repo": "quay.io/fedora-ostree-desktops", + "version": "40", + "image_name": "base" + }, + { + "image_repo": "quay.io/fedora-ostree-desktops", + "version": "41", + "image_name": "base-atomic" + } + ], + "exclude": [ + { + "image_repo": "quay.io/fedora-ostree-desktops", + "version": "39" + }, + { + "image_repo": "quay.io/fedora-ostree-desktops", + "flatpaks": "flatpak_refs_dir" + }, + { + "image_repo": "quay.io/fedora-ostree-desktops", + "flatpaks": "flatpak_refs" + } ] }' VARIANT: From d2186329e46f75e7b88a932554869ba173b923cf Mon Sep 17 00:00:00 2001 From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com> Date: Mon, 3 Feb 2025 06:32:53 -0800 Subject: [PATCH 83/92] fix: typo (#156) --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 7115248..3615f05 100644 --- a/action.yml +++ b/action.yml @@ -89,7 +89,7 @@ inputs: description: Overrides the skopeo cache key required: false variant: - description: "Source container variant. Available options can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinonite" + description: "Source container variant. Available options can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite" required: true default: Server version: From 45fec1fc9de463178cf414c8045a2480aa3d8419 Mon Sep 17 00:00:00 2001 From: Noel Miller <4983138+noelmiller@users.noreply.github.com> Date: Mon, 5 May 2025 16:07:08 -0500 Subject: [PATCH 84/92] Add tests for 42 (#161) Co-authored-by: Jason N. <33561705+JasonN3@users.noreply.github.com> --- .github/workflows/build_vars.yml | 23 +++++++++++++++-------- Makefile | 32 ++++++++++++++++---------------- lorax_templates/Makefile | 8 ++++++-- test/vm/Makefile | 4 ++-- 4 files changed, 39 insertions(+), 28 deletions(-) diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index 336a401..e74c6ca 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -9,9 +9,9 @@ on: value: ' { "version": [ - "39", "40", - "41" + "41", + "42" ], "flatpaks": [ "false", @@ -20,6 +20,7 @@ on: ], "image_repo": [ "ghcr.io/ublue-os", + "quay.io/fedora", "quay.io/fedora-ostree-desktops" ], "include": [ @@ -28,20 +29,22 @@ on: "image_name": "base-main", }, { - "image_repo": "quay.io/fedora-ostree-desktops", - "version": "40", - "image_name": "base" + "image_repo": "quay.io/fedora", + "image_name": "fedora-bootc" }, { "image_repo": "quay.io/fedora-ostree-desktops", - "version": "41", "image_name": "base-atomic" } ], "exclude": [ { - "image_repo": "quay.io/fedora-ostree-desktops", - "version": "39" + "image_repo": "quay.io/fedora", + "flatpaks": "flatpak_refs_dir" + }, + { + "image_repo": "quay.io/fedora", + "flatpaks": "flatpak_refs" }, { "image_repo": "quay.io/fedora-ostree-desktops", @@ -50,6 +53,10 @@ on: { "image_repo": "quay.io/fedora-ostree-desktops", "flatpaks": "flatpak_refs" + }, + { + "image_repo": "quay.io/fedora-ostree-desktops", + "version": "40" } ] }' diff --git a/Makefile b/Makefile index 20bc28d..9f85c58 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,7 @@ export install_pkg _IMAGE_REPO_ESCAPED := $(subst /,\/,$(IMAGE_REPO)) _IMAGE_REPO_DOUBLE_ESCAPED := $(subst \,\\\,$(_IMAGE_REPO_ESCAPED)) _LORAX_ARGS := -_LORAX_TEMPLATES := $(call get_templates,install) +export _LORAX_TEMPLATES := $(call get_templates,install) lorax_templates/install_include_post.tmpl _REPO_FILES := $(subst /etc/yum.repos.d,repos,$(REPOS)) _TEMP_DIR := $(shell mktemp -d) _TEMPLATE_VARS := ARCH IMAGE_NAME IMAGE_REPO _IMAGE_REPO_DOUBLE_ESCAPED _IMAGE_REPO_ESCAPED IMAGE_SIGNED IMAGE_TAG REPOS _RHEL VARIANT VERSION WEB_UI @@ -35,7 +35,7 @@ _VOLID := $(firstword $(subst -, ,$(IMAGE_NAME)))-$(ARCH)-$( ifeq ($(findstring redhat.repo,$(REPOS)),redhat.repo) export _RHEL := true -_LORAX_TEMPLATES += $(call get_templates,rhel) +export _LORAX_TEMPLATES += $(call get_templates,rhel) else undefine _RHEL endif @@ -53,17 +53,17 @@ _LORAX_ARGS += -i anaconda-webui endif ifneq ($(DNF_CACHE),) -_LORAX_ARGS += --cachedir $(DNF_CACHE) -_LORAX_TEMPLATES += $(call get_templates,cache) -_TEMPLATE_VARS += DNF_CACHE + _LORAX_ARGS += --cachedir $(DNF_CACHE) +export _LORAX_TEMPLATES += $(call get_templates,cache) + _TEMPLATE_VARS += DNF_CACHE endif ifneq ($(FLATPAK_DIR),) -_FLATPAK_REPO_GPG := $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) + _FLATPAK_REPO_GPG := $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) export _FLATPAK_REPO_URL := $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) -_LORAX_ARGS += -i flatpak-libs -_LORAX_TEMPLATES += $(call get_templates,flatpak) -_TEMPLATE_VARS += FLATPAK_DIR FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL + _LORAX_ARGS += -i flatpak-libs +export _LORAX_TEMPLATES += $(call get_templates,flatpak) + _TEMPLATE_VARS += FLATPAK_DIR FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL else ifneq ($(FLATPAK_REMOTE_REFS_DIR),) COLLECTED_REFS := $(foreach file,$(filter-out README.md Makefile,$(wildcard $(FLATPAK_REMOTE_REFS_DIR)/*)),$(shell cat $(file))) @@ -71,19 +71,19 @@ export FLATPAK_REMOTE_REFS += $(sort $(COLLECTED_REFS)) endif ifneq ($(FLATPAK_REMOTE_REFS),) -_FLATPAK_REPO_GPG := $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) + _FLATPAK_REPO_GPG := $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^GPGKey=' | cut -d= -f2) export _FLATPAK_REPO_URL := $(shell curl -L $(FLATPAK_REMOTE_URL) | grep -i '^URL=' | cut -d= -f2) -_LORAX_ARGS += -i flatpak-libs -_LORAX_TEMPLATES += $(call get_templates,flatpak) \ - external/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl -_TEMPLATE_VARS += FLATPAK_DIR FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL + _LORAX_ARGS += -i flatpak-libs +export _LORAX_TEMPLATES += $(call get_templates,flatpak) \ + external/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl + _TEMPLATE_VARS += FLATPAK_DIR FLATPAK_REMOTE_NAME FLATPAK_REMOTE_REFS FLATPAK_REMOTE_URL _FLATPAK_REPO_GPG _FLATPAK_REPO_URL endif endif ifneq ($(SECURE_BOOT_KEY_URL),) -_LORAX_TEMPLATES += $(call get_templates,secureboot) -_TEMPLATE_VARS += ENROLLMENT_PASSWORD +export _LORAX_TEMPLATES += $(call get_templates,secureboot) + _TEMPLATE_VARS += ENROLLMENT_PASSWORD endif _SUBDIRS := container external flatpak_refs lorax_templates repos xorriso test diff --git a/lorax_templates/Makefile b/lorax_templates/Makefile index d022767..b2e80e5 100644 --- a/lorax_templates/Makefile +++ b/lorax_templates/Makefile @@ -39,10 +39,14 @@ endef post_%.tmpl: scripts/post/% $(call convert_post_to_tmpl,$*,usr/share/anaconda/post-scripts/$*.ks,true) +install_include_post.tmpl: + echo '<%page />' > install_include_post.tmpl + for file in $(patsubst post_%.tmpl, %, $(filter post_%, $(notdir $(_LORAX_TEMPLATES)))); do echo "append usr/share/anaconda/interactive-defaults.ks \"%include /usr/share/anaconda/post-scripts/$${file}.ks\"" >> install_include_post.tmpl; done + install-deps: -FILES=$(wildcard post_*) +FILES=$(wildcard post_*) install_include_post.tmpl clean: ifneq ($(FILES),) rm -Rf $(FILES) -endif \ No newline at end of file +endif diff --git a/test/vm/Makefile b/test/vm/Makefile index 99288cb..6578595 100644 --- a/test/vm/Makefile +++ b/test/vm/Makefile @@ -24,7 +24,7 @@ ansible_inventory: .PHONY: $(VM_TESTS) install-deps install-deps: - $(install_pkg) qemu qemu-utils xorriso qemu-system-x86 netcat socat jq ansible curl + $(install_pkg) qemu-system qemu-utils xorriso qemu-system-x86 ncat socat jq ansible curl files/mnt/iso: $(if $(wildcard files/mnt),,mkdir files/mnt) @@ -97,4 +97,4 @@ start_vm: install_os fi echo "VM ready for tests at IP $(VM_IP):$(VM_PORT)" - echo $$QEMU_PID > start_vm \ No newline at end of file + echo $$QEMU_PID > start_vm From 91208e0329d2282a549eb4eaaf10c0ed8c5a33fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 18:44:24 -0400 Subject: [PATCH 85/92] Bump docker/login-action from 3.3.0 to 3.4.0 (#160) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jason Nagin <33561705+JasonN3@users.noreply.github.com> --- .github/workflows/build_container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 57949bc..900cd43 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -97,7 +97,7 @@ jobs: labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3.3.0 + uses: docker/login-action@v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} From d77e9563739921c2f93de778d4fbad854f52d389 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 20:44:40 -0400 Subject: [PATCH 86/92] Bump sigstore/cosign-installer from 3.7.0 to 3.8.2 (#162) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jason Nagin <33561705+JasonN3@users.noreply.github.com> --- .github/workflows/build_container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 900cd43..615b8ea 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -123,7 +123,7 @@ jobs: - name: Install Cosign if: startsWith(github.ref, 'refs/tags/v') - uses: sigstore/cosign-installer@v3.7.0 + uses: sigstore/cosign-installer@v3.8.2 - name: Sign the images if: startsWith(github.ref, 'refs/tags/v') From 6810b148ad076484005cd80ded8ba51c6621dd71 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Oct 2025 18:24:07 -0400 Subject: [PATCH 87/92] Bump docker/login-action from 3.4.0 to 3.6.0 (#174) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build_container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 615b8ea..dc664e0 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -97,7 +97,7 @@ jobs: labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3.4.0 + uses: docker/login-action@v3.6.0 with: registry: ghcr.io username: ${{ github.actor }} From 3b090e7c2eea3f73c65ac2790514a39816a0b3e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Oct 2025 18:33:45 -0400 Subject: [PATCH 88/92] Bump sigstore/cosign-installer from 3.8.2 to 3.10.0 (#173) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build_container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index dc664e0..cf98730 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -123,7 +123,7 @@ jobs: - name: Install Cosign if: startsWith(github.ref, 'refs/tags/v') - uses: sigstore/cosign-installer@v3.8.2 + uses: sigstore/cosign-installer@v3.10.0 - name: Sign the images if: startsWith(github.ref, 'refs/tags/v') From 33d0e5a5c241506b86b94277fa53537cc99e411a Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Sun, 5 Oct 2025 17:58:17 -0500 Subject: [PATCH 89/92] Add tests for Fedora 43 (#175) --- .github/workflows/build_vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index e74c6ca..06c5eaa 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -9,9 +9,9 @@ on: value: ' { "version": [ - "40", "41", - "42" + "42", + "43" ], "flatpaks": [ "false", From e310904cc7086ffd73ca14b1abf74f9efb90ea12 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Wed, 8 Oct 2025 11:41:09 -0400 Subject: [PATCH 90/92] Fix documentation about iso_path (#177) --- README.md | 4 ++-- docs/_Sidebar.md | 3 ++- docs/home.md | 3 ++- docs/usage.md | 6 +++--- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 26a3de9..fdea723 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,8 @@ This action is designed to be called from a GitHub workflow using the following with: name: ${{ steps.build.outputs.iso_name }} path: | - ${{ steps.build.outputs.iso_path }} - ${{ steps.build.outputs.iso_path }}-CHECKSUM + ${{ steps.build.outputs.iso_path }}/${{ steps.build.outputs.iso_name }} + ${{ steps.build.outputs.iso_path }}/${{ steps.build.outputs.iso_name }}-CHECKSUM if-no-files-found: error retention-days: 0 compression-level: 0 diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 300a54e..7e637e7 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -1,4 +1,5 @@ - [Home](home.md) +- [Usage](usage.md) - Development - [Using the Makefile](development/makefile.md) - [Using the Container](development/container.md) @@ -7,4 +8,4 @@ - Examples - [Adding Flatpaks](examples/adding-flatpaks.md) -- [Known Errors](known_errors.md) \ No newline at end of file +- [Known Errors](known_errors.md) diff --git a/docs/home.md b/docs/home.md index e8b6e75..f7e2096 100644 --- a/docs/home.md +++ b/docs/home.md @@ -2,6 +2,7 @@ Welcome to the build-container-installer wiki! ## Index +- [Usage](usage.md) - Development - [Using the Makefile](development/makefile.md) - [Using the Container](development/container.md) @@ -10,4 +11,4 @@ Welcome to the build-container-installer wiki! - Examples - [Adding Flatpaks](examples/adding-flatpaks.md) -- [Known Errors](known_errors.md) \ No newline at end of file +- [Known Errors](known_errors.md) diff --git a/docs/usage.md b/docs/usage.md index 9f6a83f..9ffeb8e 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -22,8 +22,8 @@ This action is designed to be called from a GitHub workflow using the following with: name: ${{ steps.build.outputs.iso_name }} path: | - ${{ steps.build.outputs.iso_path }} - ${{ steps.build.outputs.iso_path }}-CHECKSUM + ${{ steps.build.outputs.iso_path }}/${{ steps.build.outputs.iso_name }} + ${{ steps.build.outputs.iso_path }}/${{ steps.build.outputs.iso_name }}-CHECKSUM if-no-files-found: error retention-days: 0 compression-level: 0 @@ -65,4 +65,4 @@ Variant will be the third item in the package name. Example: `fedora-release-kin | Variable | Description | Usage | | -------- | ----------------------------------------| ------------------------------------------------ | | iso_name | The name of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} | -| iso_path | The name and path of the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_name }} | \ No newline at end of file +| iso_path | The path to the resulting .iso | ${{ steps.YOUR_ID_FOR_ACTION.outputs.iso_path }} | From c9ef3de33236e66781ec37bd0485e8009eaefe24 Mon Sep 17 00:00:00 2001 From: Jason Nagin <33561705+JasonN3@users.noreply.github.com> Date: Wed, 8 Oct 2025 13:04:06 -0400 Subject: [PATCH 91/92] Upgrade base image to 42 (#176) --- .github/workflows/build_iso.yml | 6 +++--- .github/workflows/build_vars.yml | 4 ++-- .github/workflows/test_deployment.yml | 6 +++--- .github/workflows/test_iso.yml | 8 ++++---- Containerfile | 4 ++-- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 3c2316d..2964d72 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -53,7 +53,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }})" per_page: 100 - name: Set status @@ -62,7 +62,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} @@ -138,7 +138,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/build_vars.yml b/.github/workflows/build_vars.yml index 06c5eaa..8a60657 100644 --- a/.github/workflows/build_vars.yml +++ b/.github/workflows/build_vars.yml @@ -55,8 +55,8 @@ on: "flatpaks": "flatpak_refs" }, { - "image_repo": "quay.io/fedora-ostree-desktops", - "version": "40" + "image_repo": "ghcr.io/ublue-os", + "version": "43" } ] }' diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml index ec85345..f343313 100644 --- a/.github/workflows/test_deployment.yml +++ b/.github/workflows/test_deployment.yml @@ -52,7 +52,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }})" per_page: 100 - name: Set status @@ -61,7 +61,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} @@ -107,6 +107,6 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/.github/workflows/test_iso.yml b/.github/workflows/test_iso.yml index 4697e30..c3b5103 100644 --- a/.github/workflows/test_iso.yml +++ b/.github/workflows/test_iso.yml @@ -52,7 +52,7 @@ jobs: id: jobs with: github_token: ${{ secrets.GITHUB_TOKEN }} - job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" + job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }})" per_page: 100 - name: Set status @@ -61,7 +61,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: pending - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }})" sha: ${{ env.sha }} targetUrl: ${{ steps.jobs.outputs.html_url }} @@ -98,6 +98,6 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} - context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }}, ${{ matrix.image_name }})" + context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }}, ${{ matrix.flatpaks }}, ${{ matrix.image_repo }})" sha: ${{ env.sha }} - targetUrl: ${{ steps.jobs.outputs.html_url }} \ No newline at end of file + targetUrl: ${{ steps.jobs.outputs.html_url }} diff --git a/Containerfile b/Containerfile index a0678e4..18b844b 100644 --- a/Containerfile +++ b/Containerfile @@ -1,6 +1,6 @@ -FROM fedora:40 +FROM fedora:42 -ARG VERSION=39 +ARG VERSION=42 ENV ARCH="x86_64" ENV IMAGE_NAME="base" From 4ab1e18f8346cea28b84a8c16fca7cfece611ef0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 31 Oct 2025 19:26:02 -0400 Subject: [PATCH 92/92] Bump actions/checkout from 4 to 5 (#171) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jason Nagin <33561705+JasonN3@users.noreply.github.com> --- .github/workflows/build_container.yml | 2 +- .github/workflows/build_iso.yml | 2 +- .github/workflows/test_deployment.yml | 2 +- .github/workflows/test_iso.yml | 2 +- .github/workflows/test_repo.yml | 2 +- .github/workflows/update_wiki.yml | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index cf98730..53f412d 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -26,7 +26,7 @@ jobs: statuses: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: recursive fetch-depth: 0 diff --git a/.github/workflows/build_iso.yml b/.github/workflows/build_iso.yml index 2964d72..6cd33ef 100644 --- a/.github/workflows/build_iso.yml +++ b/.github/workflows/build_iso.yml @@ -32,7 +32,7 @@ jobs: matrix: ${{ fromJson(needs.load_vars.outputs.BUILD_MATRIX) }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: recursive diff --git a/.github/workflows/test_deployment.yml b/.github/workflows/test_deployment.yml index f343313..8738ded 100644 --- a/.github/workflows/test_deployment.yml +++ b/.github/workflows/test_deployment.yml @@ -31,7 +31,7 @@ jobs: matrix: ${{ fromJson(needs.load_vars.outputs.BUILD_MATRIX) }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: recursive diff --git a/.github/workflows/test_iso.yml b/.github/workflows/test_iso.yml index c3b5103..049fc11 100644 --- a/.github/workflows/test_iso.yml +++ b/.github/workflows/test_iso.yml @@ -31,7 +31,7 @@ jobs: matrix: ${{ fromJson(needs.load_vars.outputs.BUILD_MATRIX) }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: submodules: recursive diff --git a/.github/workflows/test_repo.yml b/.github/workflows/test_repo.yml index 4c658e3..59071c0 100644 --- a/.github/workflows/test_repo.yml +++ b/.github/workflows/test_repo.yml @@ -20,7 +20,7 @@ jobs: contents: read steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Run test run: | diff --git a/.github/workflows/update_wiki.yml b/.github/workflows/update_wiki.yml index a9bdf15..fce015c 100644 --- a/.github/workflows/update_wiki.yml +++ b/.github/workflows/update_wiki.yml @@ -18,10 +18,10 @@ jobs: run: | sudo apt install -y make rsync # Checkout Main Repo - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 # Checkout Wiki Repo - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: repository: ${{github.repository}}.wiki persist-credentials: true