fix(kernel): create root directory #122
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build container image | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: '05 10 * * *' # 10:05am UTC everyday | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '**/README.md' | |
| workflow_dispatch: | |
| env: | |
| IMAGE_DESC: "Custom Bazzite image based on Niri and Noctalia, built for the Data Lab Techs out there." | |
| IMAGE_KEYWORDS: "bootc,ublue,universal-blue,bazzite,fedora,nvidia,niri,noctalia" | |
| IMAGE_LOGO_URL: "https://raw.githubusercontent.com/DataLabTechTV/dltos/refs/heads/main/repo_files/dltos-logo.png" | |
| IMAGE_NAME: "${{ github.event.repository.name }}" # output image name, usually same as repo name | |
| IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}" # do not edit | |
| DEFAULT_TAG: "latest" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name}}-${{ inputs.stream_name }} | |
| cancel-in-progress: true | |
| jobs: | |
| build_push: | |
| name: Build and push image | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Prepare environment | |
| run: | | |
| # Lowercase the image uri | |
| echo "IMAGE_REGISTRY=${IMAGE_REGISTRY,,}" >> ${GITHUB_ENV} | |
| echo "IMAGE_NAME=${IMAGE_NAME,,}" >> ${GITHUB_ENV} | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@695eb75bc387dbcd9685a8e72d23439d8686cba6 | |
| - name: Get current date | |
| id: date | |
| run: | | |
| # This generates a timestamp like what is defined on the ArtifactHub documentation | |
| # E.G: 2022-02-08T15:38:15Z' | |
| # https://artifacthub.io/docs/topics/repositories/container-images/ | |
| # https://linux.die.net/man/1/date | |
| echo "date=$(date -u +%Y\-%m\-%d\T%H\:%M\:%S\Z)" >> $GITHUB_OUTPUT | |
| - name: Image Metadata | |
| uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 | |
| id: metadata | |
| with: | |
| tags: | | |
| type=raw,value=${{ env.DEFAULT_TAG }} | |
| type=raw,value=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD'}} | |
| type=raw,value={{date 'YYYYMMDD'}} | |
| type=sha,enable=${{ github.event_name == 'pull_request' }} | |
| type=ref,event=pr | |
| labels: | | |
| io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/${{ github.sha }}/README.md | |
| org.opencontainers.image.created=${{ steps.date.outputs.date }} | |
| org.opencontainers.image.description=${{ env.IMAGE_DESC }} | |
| org.opencontainers.image.documentation=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/${{ github.sha }}/README.md | |
| org.opencontainers.image.source=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/blob/${{ github.sha }}/Containerfile | |
| org.opencontainers.image.title=${{ env.IMAGE_NAME }} | |
| org.opencontainers.image.url=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/tree/${{ github.sha }} | |
| org.opencontainers.image.vendor=${{ github.repository_owner }} | |
| org.opencontainers.image.version=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD'}} | |
| io.artifacthub.package.deprecated=false | |
| io.artifacthub.package.keywords=${{ env.IMAGE_KEYWORDS }} | |
| io.artifacthub.package.license=Apache-2.0 | |
| io.artifacthub.package.logo-url=${{ env.IMAGE_LOGO_URL }} | |
| io.artifacthub.package.prerelease=false | |
| containers.bootc=1 | |
| sep-tags: " " | |
| sep-annotations: " " | |
| # - name: Restore DNF package cache | |
| # uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| # with: | |
| # path: /var/tmp/buildah-cache-* | |
| # key: ${{ runner.os }}-buildah-${{ env.IMAGE_NAME }}-${{ github.run_id }} | |
| # restore-keys: ${{ runner.os }}-buildah-${{ env.IMAGE_NAME }}- | |
| - name: Build Image | |
| id: build_image | |
| run: | | |
| LABELS="${{ steps.metadata.outputs.labels }}" | |
| LABEL_ARGS=() | |
| while IFS= read -r label; do | |
| if [ -n "$label" ]; then | |
| LABEL_ARGS+=(--label "$label") | |
| fi | |
| done <<< "$LABELS" | |
| sudo buildah build "${LABEL_ARGS[@]}" --tag raw-img -f ./Containerfile . | |
| # - name: Fix DNF cache permissions | |
| # run: sudo chmod 777 --recursive /var/tmp/buildah-cache-* 2>/dev/null || true | |
| # - name: Save DNF package cache | |
| # uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| # with: | |
| # path: /var/tmp/buildah-cache-* | |
| # key: ${{ runner.os }}-buildah-${{ env.IMAGE_NAME }}-${{ github.run_id }} | |
| - name: Run Rechunker | |
| id: rechunk | |
| run: | | |
| container=$(sudo buildah from raw-img) | |
| mnt=$(sudo buildah mount $container) | |
| sudo bash -c "rm -rf $mnt/run/.* $mnt/run/* $mnt/tmp/.* $mnt/tmp/*" | |
| sudo buildah umount $container | |
| sudo buildah config --label "-" $container | |
| sudo buildah commit --identity-label=false --rm $container raw-img | |
| sudo podman run --rm --privileged \ | |
| --volume /var/lib/containers:/var/lib/containers \ | |
| quay.io/centos-bootc/centos-bootc:stream10 \ | |
| rpm-ostree compose build-chunked-oci \ | |
| --bootc \ | |
| --format-version 2 \ | |
| --from localhost/raw-img \ | |
| --output containers-storage:localhost/chunked-img | |
| sudo podman untag raw-img | |
| echo "ref=containers-storage:localhost/chunked-img" >> "$GITHUB_OUTPUT" | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push to GHCR | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| run: | | |
| export REGISTRY_AUTH_FILE="$HOME/.docker/config.json" | |
| for tag in ${{ steps.metadata.outputs.tags }}; do | |
| sudo --preserve-env=REGISTRY_AUTH_FILE skopeo copy \ | |
| ${{ steps.rechunk.outputs.ref }} \ | |
| docker://${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${tag} | |
| done | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| with: | |
| cosign-release: 'v2.6.1' | |
| - name: Sign container image | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| run: | | |
| IMAGE_FULL="${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}" | |
| for tag in ${{ steps.metadata.outputs.tags }}; do | |
| cosign sign -y --key env://COSIGN_PRIVATE_KEY $IMAGE_FULL:$tag | |
| done | |
| env: | |
| TAGS: ${{ steps.push.outputs.digest }} | |
| COSIGN_EXPERIMENTAL: false | |
| COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} |