From e4d3e6b573ee336ffe2eb5d3909edcca81e9a1a4 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 13:18:42 -0400 Subject: [PATCH 01/16] Attempting to use custom action --- .github/workflows/actions/build-composite.yml | 183 ++++++++++++++++++ .github/workflows/build.yml | 5 +- 2 files changed, 184 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/actions/build-composite.yml diff --git a/.github/workflows/actions/build-composite.yml b/.github/workflows/actions/build-composite.yml new file mode 100644 index 0000000..fba9af5 --- /dev/null +++ b/.github/workflows/actions/build-composite.yml @@ -0,0 +1,183 @@ +name: "BlueBuild" +description: "Build a custom OS image" +inputs: + recipe: + description: | + The [recipe](https://blue-build.org/reference/recipe/) file to build the image from, relative to the `config/` or `recipes/` directory. + required: true + default: "recipe.yml" + cosign_private_key: + description: | + The Sigstore/cosign secret used to sign the image. + + Example: `${{ secrets.SIGNING_SECRET }}` + required: true + registry_token: + description: | + The token used to sign into the container registry. + + Example: `${{ github.token }}` + required: false + default: "" + registry_username: + description: | + The username used to sign into the container registry. + required: false + default: ${{ github.repository_owner }} + pr_event_number: + description: | + The event number used to tag images pushed from pull requests. + + Example: `${{ github.event.number }}` + required: true + maximize_build_space: + description: | + Whether to run the unwanted software remover to maximize build space in the GitHub builder. + Disable this with 'false' if your image doesn't take up a lot of space and you'd rather have shorter build times. + required: false + default: "true" + cli_version: + description: | + Set this with a tag, sha, or branch name for the blue-build/cli repo to use that particular version of the CLI tool. This will override the `use_unstable_cli` input for the action. + required: false + registry: + description: | + The container registry to push the built image to. + required: false + default: "git.hydrosaber.com" + registry_namespace: + description: | + The namespace on the registry to push to. + + Example: `ublue-os` + required: false + default: ${{ github.repository_owner }} + use_cache: + description: | + Make use of layer cache by pushing the layers to the registry. Input must match the string 'true' for the step to be enabled. + required: false + default: "true" + squash: + description: | + Uses buildah to squash the build's layers into a single layer. Use of this option + disables cache. Conflicts with adding `--build-driver` or `--squash` to the build opts. + required: false + default: "false" + build_opts: + description: | + Provide options to the call to the BlueBuild CLI build command. If you use this with + the squash input set to true and provide either of the `--build-driver` or `--squash` flags + an error will occur and the action will not run. + required: false + default: " " + working_directory: + description: | + Changes working directory for whole build. + For example, setting this to `./abc/` would cause for the recipe to be read from `./abc/recipes/recipe.yml`. + required: false + default: ./ + skip_checkout: + description: | + Set to true to skip doing the actions/checkout step. + This allows you to checkout manually before calling bluebuild/github-action + and to modify files (such as supplying build information to other scripts) before building. + required: false + default: "false" + +runs: + using: "composite" + steps: + - name: Validate inputs + shell: bash + run: "${{ github.action_path }}/build_opts_check.sh" + env: + SQUASH_INPUT_VALUE: "${{ inputs.squash }}" + BUILD_OPTS: "${{ inputs.build_opts }}" + # building custom images might take a lot of space, + # so it's best to remove unneeded softawre + - name: Maximize build space + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 + if: ${{ inputs.maximize_build_space == 'true' }} + + - name: Get Ubuntu version + id: ubuntu_version + shell: bash + run: | + VERSION=$(awk -F= '/^VERSION_ID=/ {gsub(/"/, "", $2); print $2}' /etc/os-release) + echo "Ubuntu version is $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + # that is compatible with BlueBuild + - name: Setup Podman + shell: bash + run: | + # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 + ubuntu_version='22.04' + key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" + sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" + echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list + curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null + sudo apt-get update + sudo apt-get install -y podman + + - uses: sigstore/cosign-installer@sigstore/cosign-installer # v3.9.0 + with: + install-dir: /usr/bin + use-sudo: true + + # clones user's repo + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + if: ${{ inputs.skip_checkout == 'false' }} + + - name: Determine Vars + id: build_vars + shell: bash + env: + RECIPE: ${{ inputs.recipe }} + run: | + if [ -n "${{ inputs.cli_version }}" ]; then + CLI_VERSION_TAG="${{ inputs.cli_version }}" + else + CLI_VERSION_TAG="v0.9" + fi + echo "cli_version=${CLI_VERSION_TAG}" >> ${GITHUB_OUTPUT} + + RECIPE_PATH="" + if [ -f "./config/${RECIPE}" ]; then + RECIPE_PATH="./config/${RECIPE}" + else + RECIPE_PATH="./recipes/${RECIPE}" + fi + echo "recipe_path=${RECIPE_PATH}" >> ${GITHUB_OUTPUT} + + - name: Install BlueBuild + shell: bash + env: + CLI_VERSION_TAG: ${{ steps.build_vars.outputs.cli_version }} + run: | + sudo docker create \ + --name blue-build-installer \ + ghcr.io/blue-build/cli:${{ env.CLI_VERSION_TAG }}-installer + sudo docker cp blue-build-installer:/out/bluebuild /usr/bin/bluebuild + sudo docker rm blue-build-installer + bluebuild --version + + # blue-build/cli does the heavy lifting + - name: Build Image + shell: bash + working-directory: ${{ inputs.working_directory }} + env: + COSIGN_PRIVATE_KEY: ${{ inputs.cosign_private_key }} + GH_TOKEN: ${{ inputs.registry_token }} + BB_PASSWORD: ${{ inputs.registry_token }} + BB_USERNAME: ${{ inputs.registry_username }} + BB_REGISTRY: ${{ inputs.registry }} + BB_REGISTRY_NAMESPACE: ${{ inputs.registry_namespace }} + GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }} + BB_CACHE_LAYERS: ${{ inputs.use_cache }} + RECIPE_PATH: ${{ steps.build_vars.outputs.recipe_path }} + RUST_LOG_STYLE: always + CLICOLOR_FORCE: "1" + BUILD_OPTS: ${{ inputs.build_opts }} + run: | + sudo -E bluebuild build -v --push --rechunk ${BUILD_OPTS} ${RECIPE_PATH} \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b51e455..d87bfab 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,13 +32,10 @@ jobs: steps: # the build is fully handled by the reusable github action - name: Build Custom Image - uses: blue-build/github-action@v1.8 + uses: ./.github/workflows/actions/build-composite.yml with: recipe: ${{ matrix.recipe }} cosign_private_key: ${{ secrets.SIGNING_SECRET }} registry: 'git.hydrosaber.com' registry_token: ${{ secrets.PACKAGE_BUILDER_TOKEN }} pr_event_number: ${{ github.event.number }} - - # enabled by default, disable if your image is small and you want faster builds - maximize_build_space: true -- 2.39.5 From b309edb692fa8882e1514efe7661b9adbdfd449f Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 13:20:58 -0400 Subject: [PATCH 02/16] Test only the base build action from bluebuild --- .github/workflows/actions/build-composite.yml | 47 +++++++++++++++++-- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/.github/workflows/actions/build-composite.yml b/.github/workflows/actions/build-composite.yml index fba9af5..1443939 100644 --- a/.github/workflows/actions/build-composite.yml +++ b/.github/workflows/actions/build-composite.yml @@ -36,6 +36,13 @@ inputs: Disable this with 'false' if your image doesn't take up a lot of space and you'd rather have shorter build times. required: false default: "true" + use_unstable_cli: + description: | + If true, this action pulls the `main` branch of blue-build/cli instead of the stable version the current action version is configured to use by default. + This feature is useful for testing new features, but should not be used in production. + Input must match the string 'true' for the unstable version to be used. + required: false + default: "false" cli_version: description: | Set this with a tag, sha, or branch name for the blue-build/cli repo to use that particular version of the CLI tool. This will override the `use_unstable_cli` input for the action. @@ -44,7 +51,7 @@ inputs: description: | The container registry to push the built image to. required: false - default: "git.hydrosaber.com" + default: "ghcr.io" registry_namespace: description: | The namespace on the registry to push to. @@ -52,6 +59,15 @@ inputs: Example: `ublue-os` required: false default: ${{ github.repository_owner }} + rechunk: + description: | + Rechunk the ostree-based result images with [github.com/hhd-dev/rechunk](https://github.com/hhd-dev/rechunk) for more efficient diffs and updates. (lower image size, better download speed, better update resuming) + + Will make your builds considerably slower. This is an experimental option, as it can cause issues with file permissions in some scenarios, so enable on your own risk. + + Internally builds squashed images with podman to further reduce the image size. + required: false + default: "false" use_cache: description: | Make use of layer cache by pushing the layers to the registry. Input must match the string 'true' for the step to be enabled. @@ -99,6 +115,14 @@ runs: uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 if: ${{ inputs.maximize_build_space == 'true' }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0 # v3.11.0 + if: ${{ inputs.squash != 'true' && inputs.rechunk != 'true' }} + with: + install: true + driver: docker-container + cache-binary: ${{ inputs.use_cache }} + - name: Get Ubuntu version id: ubuntu_version shell: bash @@ -109,6 +133,7 @@ runs: # that is compatible with BlueBuild - name: Setup Podman + if: ${{ (inputs.squash == 'true' || inputs.rechunk == 'true') && steps.ubuntu_version.outputs.version == '22.04' }} shell: bash run: | # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 @@ -135,7 +160,9 @@ runs: env: RECIPE: ${{ inputs.recipe }} run: | - if [ -n "${{ inputs.cli_version }}" ]; then + if [[ "${{ inputs.use_unstable_cli }}" == "true" && -z "${{ inputs.cli_version }}" ]]; then + CLI_VERSION_TAG="main" + elif [ -n "${{ inputs.cli_version }}" ]; then CLI_VERSION_TAG="${{ inputs.cli_version }}" else CLI_VERSION_TAG="v0.9" @@ -180,4 +207,18 @@ runs: CLICOLOR_FORCE: "1" BUILD_OPTS: ${{ inputs.build_opts }} run: | - sudo -E bluebuild build -v --push --rechunk ${BUILD_OPTS} ${RECIPE_PATH} \ No newline at end of file + if [ "${{ inputs.squash }}" = "true" ]; then + BUILD_OPTS="--build-driver podman --squash $BUILD_OPTS" + fi + + RUN_SUDO="" + if [ "${{ inputs.rechunk }}" = "true" ]; then + RUN_SUDO=1 + BUILD_OPTS="--rechunk $BUILD_OPTS" + fi + + if [ -n "$RUN_SUDO" ]; then + sudo -E bluebuild build -v --push ${BUILD_OPTS} ${RECIPE_PATH} + else + bluebuild build -v --push ${BUILD_OPTS} ${RECIPE_PATH} + fi \ No newline at end of file -- 2.39.5 From 115dd309134f0ff790e772cf5602a120de54086b Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 13:59:26 -0400 Subject: [PATCH 03/16] Move into workflows itself --- .github/workflows/{actions => }/build-composite.yml | 0 .github/workflows/build.yml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{actions => }/build-composite.yml (100%) diff --git a/.github/workflows/actions/build-composite.yml b/.github/workflows/build-composite.yml similarity index 100% rename from .github/workflows/actions/build-composite.yml rename to .github/workflows/build-composite.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d87bfab..ba3c902 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,7 +32,7 @@ jobs: steps: # the build is fully handled by the reusable github action - name: Build Custom Image - uses: ./.github/workflows/actions/build-composite.yml + uses: ./.github/workflows/build-composite.yml with: recipe: ${{ matrix.recipe }} cosign_private_key: ${{ secrets.SIGNING_SECRET }} -- 2.39.5 From f5cc9fb68d1624983c2d7b69d3de49c4f4aa66c8 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 14:17:59 -0400 Subject: [PATCH 04/16] Move to directly put actions in build --- .github/workflows/build.yml | 97 +++++++++++++++++++++++++++++++++---- 1 file changed, 87 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ba3c902..ae5862a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -24,18 +24,95 @@ jobs: packages: write id-token: write strategy: - fail-fast: false # stop GH from cancelling all matrix builds if one fails matrix: recipe: - # !! Add your recipes here - recipe.yml steps: - # the build is fully handled by the reusable github action - - name: Build Custom Image - uses: ./.github/workflows/build-composite.yml + # building custom images might take a lot of space, + # so it's best to remove unneeded softawre + - name: Maximize build space + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 + + - name: Get Ubuntu version + id: ubuntu_version + shell: bash + run: | + VERSION=$(awk -F= '/^VERSION_ID=/ {gsub(/"/, "", $2); print $2}' /etc/os-release) + echo "Ubuntu version is $VERSION" + echo "version=$VERSION" >> $GITHUB_OUTPUT + + # that is compatible with BlueBuild + - name: Setup Podman + if: ${{ steps.ubuntu_version.outputs.version == '22.04' }} + shell: bash + run: | + # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 + ubuntu_version='22.04' + key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" + sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" + echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list + curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null + sudo apt-get update + sudo apt-get install -y podman + + - uses: sigstore/cosign-installer@sigstore/cosign-installer # v3.9.0 with: - recipe: ${{ matrix.recipe }} - cosign_private_key: ${{ secrets.SIGNING_SECRET }} - registry: 'git.hydrosaber.com' - registry_token: ${{ secrets.PACKAGE_BUILDER_TOKEN }} - pr_event_number: ${{ github.event.number }} + install-dir: /usr/bin + use-sudo: true + + # clones user's repo + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Determine Vars + id: build_vars + shell: bash + env: + RECIPE: ${{ matrix.recipe }} + run: | + if [[ "${{ inputs.use_unstable_cli }}" == "true" && -z "${{ inputs.cli_version }}" ]]; then + CLI_VERSION_TAG="main" + elif [ -n "${{ inputs.cli_version }}" ]; then + CLI_VERSION_TAG="${{ inputs.cli_version }}" + else + CLI_VERSION_TAG="v0.9" + fi + echo "cli_version=${CLI_VERSION_TAG}" >> ${GITHUB_OUTPUT} + + RECIPE_PATH="" + if [ -f "./config/${RECIPE}" ]; then + RECIPE_PATH="./config/${RECIPE}" + else + RECIPE_PATH="./recipes/${RECIPE}" + fi + echo "recipe_path=${RECIPE_PATH}" >> ${GITHUB_OUTPUT} + + - name: Install BlueBuild + shell: bash + env: + CLI_VERSION_TAG: ${{ steps.build_vars.outputs.cli_version }} + run: | + sudo docker create \ + --name blue-build-installer \ + ghcr.io/blue-build/cli:${{ env.CLI_VERSION_TAG }}-installer + sudo docker cp blue-build-installer:/out/bluebuild /usr/bin/bluebuild + sudo docker rm blue-build-installer + bluebuild --version + + # blue-build/cli does the heavy lifting + - name: Build Image + shell: bash + working-directory: ${{ inputs.working_directory }} + env: + COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} + GH_TOKEN: ${{ secrets.PACKAGE_BUILDER_TOKEN }} + BB_PASSWORD: ${{ inputs.registry_token }} + BB_USERNAME: ${{ github.repository_owner }} + BB_REGISTRY: 'git.hydrosaber.com' + BB_REGISTRY_NAMESPACE: ${{ github.repository_owner }} + GH_PR_EVENT_NUMBER: ${{ github.event.number }} + BB_CACHE_LAYERS: true + RECIPE_PATH: ${{ steps.build_vars.outputs.recipe_path }} + RUST_LOG_STYLE: always + CLICOLOR_FORCE: "1" + run: | + sudo -E bluebuild build -v --push --rechunk ${RECIPE_PATH} \ No newline at end of file -- 2.39.5 From 6655398e204c3bf943669553617e9c0158f122b5 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 14:26:09 -0400 Subject: [PATCH 05/16] set sigstore action version to proper version --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ae5862a..71b7231 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -55,7 +55,7 @@ jobs: sudo apt-get update sudo apt-get install -y podman - - uses: sigstore/cosign-installer@sigstore/cosign-installer # v3.9.0 + - uses: sigstore/cosign-installer@v3.9.0 with: install-dir: /usr/bin use-sudo: true -- 2.39.5 From 91a540cdd5b8c75704dbf552f0275b30977aab73 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 14:30:40 -0400 Subject: [PATCH 06/16] Set runner to go on 22.04 for podman --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 71b7231..b3ba8b0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ on: jobs: bluebuild: name: Build Custom Image - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: contents: read packages: write @@ -43,7 +43,6 @@ jobs: # that is compatible with BlueBuild - name: Setup Podman - if: ${{ steps.ubuntu_version.outputs.version == '22.04' }} shell: bash run: | # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 -- 2.39.5 From 5ead60b058f769fbed1cd54a2c2079745bb3047a Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 14:40:39 -0400 Subject: [PATCH 07/16] Attempt no cache --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b3ba8b0..66ad8f8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -109,9 +109,9 @@ jobs: BB_REGISTRY: 'git.hydrosaber.com' BB_REGISTRY_NAMESPACE: ${{ github.repository_owner }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} - BB_CACHE_LAYERS: true + BB_CACHE_LAYERS: false RECIPE_PATH: ${{ steps.build_vars.outputs.recipe_path }} RUST_LOG_STYLE: always CLICOLOR_FORCE: "1" run: | - sudo -E bluebuild build -v --push --rechunk ${RECIPE_PATH} \ No newline at end of file + sudo -E bluebuild build -v --push ${RECIPE_PATH} \ No newline at end of file -- 2.39.5 From 8bbefc187d55a175716e00f264d4f3da514b920e Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 14:44:40 -0400 Subject: [PATCH 08/16] Readded rechunk toggle --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 66ad8f8..390c7c5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -114,4 +114,4 @@ jobs: RUST_LOG_STYLE: always CLICOLOR_FORCE: "1" run: | - sudo -E bluebuild build -v --push ${RECIPE_PATH} \ No newline at end of file + sudo -E bluebuild build -v --push --rechunk ${RECIPE_PATH} \ No newline at end of file -- 2.39.5 From 88492460ebd969887ec2f80d60bebede94850237 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 14:52:17 -0400 Subject: [PATCH 09/16] Attempt to remove podman --- .github/workflows/build.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 390c7c5..86ad0a6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -41,19 +41,6 @@ jobs: echo "Ubuntu version is $VERSION" echo "version=$VERSION" >> $GITHUB_OUTPUT - # that is compatible with BlueBuild - - name: Setup Podman - shell: bash - run: | - # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 - ubuntu_version='22.04' - key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" - sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" - echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list - curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null - sudo apt-get update - sudo apt-get install -y podman - - uses: sigstore/cosign-installer@v3.9.0 with: install-dir: /usr/bin -- 2.39.5 From 41354993f0fe5291036ce88d70d903fc8d8895c5 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 16:05:09 -0400 Subject: [PATCH 10/16] Revert removal of podman setup --- .github/workflows/build.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 86ad0a6..390c7c5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -41,6 +41,19 @@ jobs: echo "Ubuntu version is $VERSION" echo "version=$VERSION" >> $GITHUB_OUTPUT + # that is compatible with BlueBuild + - name: Setup Podman + shell: bash + run: | + # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 + ubuntu_version='22.04' + key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" + sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" + echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list + curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null + sudo apt-get update + sudo apt-get install -y podman + - uses: sigstore/cosign-installer@v3.9.0 with: install-dir: /usr/bin -- 2.39.5 From 55760dd849b40ee622a4cfb81effb460ce663251 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 16:10:39 -0400 Subject: [PATCH 11/16] Attempt to use custom image for podman building --- .github/workflows/build.yml | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 390c7c5..d17e96e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ on: jobs: bluebuild: name: Build Custom Image - runs-on: ubuntu-22.04 + runs-on: rocky-minimal permissions: contents: read packages: write @@ -32,27 +32,6 @@ jobs: # so it's best to remove unneeded softawre - name: Maximize build space uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 - - - name: Get Ubuntu version - id: ubuntu_version - shell: bash - run: | - VERSION=$(awk -F= '/^VERSION_ID=/ {gsub(/"/, "", $2); print $2}' /etc/os-release) - echo "Ubuntu version is $VERSION" - echo "version=$VERSION" >> $GITHUB_OUTPUT - - # that is compatible with BlueBuild - - name: Setup Podman - shell: bash - run: | - # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 - ubuntu_version='22.04' - key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" - sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" - echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list - curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null - sudo apt-get update - sudo apt-get install -y podman - uses: sigstore/cosign-installer@v3.9.0 with: -- 2.39.5 From ed2a2a3ee52f8b70397ad263cef4b2d2fe472d66 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sat, 21 Jun 2025 16:12:20 -0400 Subject: [PATCH 12/16] Removing maximize build space action --- .github/workflows/build.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d17e96e..e54ddb9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,11 +28,6 @@ jobs: recipe: - recipe.yml steps: - # building custom images might take a lot of space, - # so it's best to remove unneeded softawre - - name: Maximize build space - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 - - uses: sigstore/cosign-installer@v3.9.0 with: install-dir: /usr/bin -- 2.39.5 From 1abe1821889eb9cc61d918789b78ffd3b5a3b241 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sun, 22 Jun 2025 20:50:23 -0400 Subject: [PATCH 13/16] Removed --rechunk --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e54ddb9..41e4587 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -88,4 +88,4 @@ jobs: RUST_LOG_STYLE: always CLICOLOR_FORCE: "1" run: | - sudo -E bluebuild build -v --push --rechunk ${RECIPE_PATH} \ No newline at end of file + sudo -E bluebuild build -v --push ${RECIPE_PATH} \ No newline at end of file -- 2.39.5 From 9664873c207c51d040c595bdc4e47c89de41d0dd Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sun, 22 Jun 2025 20:53:34 -0400 Subject: [PATCH 14/16] Use fedora base image and install nodejs, docker, and docker-buildx --- .github/workflows/build.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 41e4587..f8c7a71 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ on: jobs: bluebuild: name: Build Custom Image - runs-on: rocky-minimal + runs-on: fedora-latest permissions: contents: read packages: write @@ -28,6 +28,11 @@ jobs: recipe: - recipe.yml steps: + - name: Install required packages + shell: bash + run: | + sudo dnf install -y nodejs docker-cli docker-buildx containerd + - uses: sigstore/cosign-installer@v3.9.0 with: install-dir: /usr/bin -- 2.39.5 From 4b0e8a9c3222a74fb8d7f555fcd5139ac8718533 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sun, 22 Jun 2025 21:00:53 -0400 Subject: [PATCH 15/16] Add backtrace to find where is the issue --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f8c7a71..4c6ac6e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -92,5 +92,6 @@ jobs: RECIPE_PATH: ${{ steps.build_vars.outputs.recipe_path }} RUST_LOG_STYLE: always CLICOLOR_FORCE: "1" + RUST_BACKTRACE: "1" run: | sudo -E bluebuild build -v --push ${RECIPE_PATH} \ No newline at end of file -- 2.39.5 From 66a0e08d4534be6eca7300735785262ce5a04381 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Sun, 22 Jun 2025 21:03:46 -0400 Subject: [PATCH 16/16] Use full for backtrace for more information --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4c6ac6e..5fbb9f0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -92,6 +92,6 @@ jobs: RECIPE_PATH: ${{ steps.build_vars.outputs.recipe_path }} RUST_LOG_STYLE: always CLICOLOR_FORCE: "1" - RUST_BACKTRACE: "1" + RUST_BACKTRACE: "full" run: | sudo -E bluebuild build -v --push ${RECIPE_PATH} \ No newline at end of file -- 2.39.5