name: bluebuild on: schedule: - cron: "00 06 * * *" # build at 06:00 UTC every Monday # (20 minutes after last ublue images start building) push: branches: - main paths-ignore: # don't rebuild if only documentation has changed - "**.md" - ".github/workflows/build-nvidia.yml" - "files/scripts/nvidia/**" - "recipes/components/nvidia-module.yml" - "recipes/recipe_nvidia.yml" pull_request: workflow_dispatch: # allow manually triggering builds jobs: bluebuild: name: Build Custom Image runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write strategy: matrix: recipe: - recipe.yml steps: # building custom images might take a lot of space, # so it's best to remove unneeded softawre - name: Maximize build space uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 - name: Get Ubuntu version id: ubuntu_version shell: bash run: | VERSION=$(awk -F= '/^VERSION_ID=/ {gsub(/"/, "", $2); print $2}' /etc/os-release) echo "Ubuntu version is $VERSION" echo "version=$VERSION" >> $GITHUB_OUTPUT # that is compatible with BlueBuild - name: Setup Podman if: ${{ steps.ubuntu_version.outputs.version == '22.04' }} shell: bash run: | # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 ubuntu_version='22.04' key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null sudo apt-get update sudo apt-get install -y podman - uses: sigstore/cosign-installer@v3.9.0 with: install-dir: /usr/bin use-sudo: true # clones user's repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Determine Vars id: build_vars shell: bash env: RECIPE: ${{ matrix.recipe }} run: | if [[ "${{ inputs.use_unstable_cli }}" == "true" && -z "${{ inputs.cli_version }}" ]]; then CLI_VERSION_TAG="main" elif [ -n "${{ inputs.cli_version }}" ]; then CLI_VERSION_TAG="${{ inputs.cli_version }}" else CLI_VERSION_TAG="v0.9" fi echo "cli_version=${CLI_VERSION_TAG}" >> ${GITHUB_OUTPUT} RECIPE_PATH="" if [ -f "./config/${RECIPE}" ]; then RECIPE_PATH="./config/${RECIPE}" else RECIPE_PATH="./recipes/${RECIPE}" fi echo "recipe_path=${RECIPE_PATH}" >> ${GITHUB_OUTPUT} - name: Install BlueBuild shell: bash env: CLI_VERSION_TAG: ${{ steps.build_vars.outputs.cli_version }} run: | sudo docker create \ --name blue-build-installer \ ghcr.io/blue-build/cli:${{ env.CLI_VERSION_TAG }}-installer sudo docker cp blue-build-installer:/out/bluebuild /usr/bin/bluebuild sudo docker rm blue-build-installer bluebuild --version # blue-build/cli does the heavy lifting - name: Build Image shell: bash working-directory: ${{ inputs.working_directory }} env: COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} GH_TOKEN: ${{ secrets.PACKAGE_BUILDER_TOKEN }} BB_PASSWORD: ${{ inputs.registry_token }} BB_USERNAME: ${{ github.repository_owner }} BB_REGISTRY: 'git.hydrosaber.com' BB_REGISTRY_NAMESPACE: ${{ github.repository_owner }} GH_PR_EVENT_NUMBER: ${{ github.event.number }} BB_CACHE_LAYERS: true RECIPE_PATH: ${{ steps.build_vars.outputs.recipe_path }} RUST_LOG_STYLE: always CLICOLOR_FORCE: "1" run: | sudo -E bluebuild build -v --push --rechunk ${RECIPE_PATH}