hydros/hydros
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: hydros:e4089325fc65bc69ddf50007cc0f0e76447859ea
Branches Tags
hydros:main
...
compare: hydros:0b6e29e91a45fda544b85101aac6c9698c2c8fe9
Branches Tags
hydros:main

2 Commits
e4089325fc ... 0b6e29e91a

Author SHA1 Message Date
Eriq Taing
0b6e29e91a Enable building from cache and rechunker 2025-10-20 18:03:02 -04:00
Eriq Taing
6a95047266 Move scripts up a folder, removed build.sh, added finalize.sh call scripts from Containerfile instead of build.sh 2025-10-20 18:01:20 -04:00
17 changed files with 181 additions and 73 deletions
Expand all files Collapse all files

105
.github/workflows/build.yml vendored
View File

@@ -104,43 +104,18 @@ jobs:
sep-tags: " " sep-tags: " "
sep-annotations: " " sep-annotations: " "
- name: Build Image #- name: Build Image
id: build_image # id: build_image
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2 # uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2
with:
containerfiles: |
./Containerfile
# Postfix image name with -custom to make it a little more descriptive
# Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format
image: ${{ env.IMAGE_NAME }}
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
oci: false
# Rechunk is a script that we use on Universal Blue to make sure there isnt a single huge layer when your image gets published.
# This does not make your image faster to download, just provides better resumability and fixes a few errors.
# Documentation for Rechunk is provided on their github repository at https://github.com/hhd-dev/rechunk
# You can enable it by uncommenting the following lines:
#- name: Run Rechunker
# id: rechunk
# uses: hhd-dev/rechunk@f153348d8100c1f504dec435460a0d7baf11a9d2 # v1.1.1
# if:
# with: # with:
# rechunk: 'ghcr.io/hhd-dev/rechunk:v1.0.1' # containerfiles: |
# ref: "localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}" # ./Containerfile
# prev-ref: "${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}" # # Postfix image name with -custom to make it a little more descriptive
# skip_compression: true # # Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format
# version: ${{ env.CENTOS_VERSION }} # image: ${{ env.IMAGE_NAME }}
# labels: ${{ steps.metadata.outputs.labels }} # Rechunk strips out all the labels during build, this needs to be reapplied here with newline separator # tags: ${{ steps.metadata.outputs.tags }}
# # labels: ${{ steps.metadata.outputs.labels }}
## This is necessary so that the podman socket can find the rechunked image on its storage # oci: false
#- name: Load in podman and tag
# run: |
# IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
# sudo rm -rf ${{ steps.rechunk.outputs.output }}
# for tag in ${{ steps.metadata.outputs.tags }}; do
# podman tag $IMAGE ${{ env.IMAGE_NAME }}:$tag
# done
# These `if` statements are so that pull requests for your custom images do not make it publish any packages under your name without you knowing # These `if` statements are so that pull requests for your custom images do not make it publish any packages under your name without you knowing
# They also check if the runner is on the default branch so that things like the merge queue (if you enable it), are going to work # They also check if the runner is on the default branch so that things like the merge queue (if you enable it), are going to work
@@ -152,6 +127,64 @@ jobs:
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.PACKAGE_BUILDER_TOKEN }} password: ${{ secrets.PACKAGE_BUILDER_TOKEN }}
- name: Build Image
id: build_image
run: |
sudo buildah bud \
--format docker
--tag "localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
--layers
--cache-to ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}/cache
--cache-from ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}/cache
--file ./Containerfile
# Rechunk is a script that we use on Universal Blue to make sure there isnt a single huge layer when your image gets published.
# This does not make your image faster to download, just provides better resumability and fixes a few errors.
# Documentation for Rechunk is provided on their github repository at https://github.com/hhd-dev/rechunk
# You can enable it by uncommenting the following lines:
- name: Run Rechunker
id: rechunk
if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
uses: hhd-dev/rechunk@5fbe1d3a639615d2548d83bc888360de6267b1a2 # v1.2.4
if:
with:
rechunk: 'ghcr.io/hhd-dev/rechunk:v1.2.2'
ref: "localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
prev-ref: "${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
skip_compression: false
version: ${{ env.CENTOS_VERSION }}
labels: ${{ steps.metadata.outputs.labels }} # Rechunk strips out all the labels during build, this needs to be reapplied here with newline separator
# Taken from vst-name/ublue-aurora-dx to output results of rechunk
- name: Rechunk output
if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
env:
STEPS_RECHUNK_CONCLUSION: ${{ steps.rechunk.conclusion }}
STEPS_RECHUNK_OUTPUTS_CHANGELOG: ${{ steps.rechunk.outputs.changelog }}
STEPS_RECHUNK_OUTPUTS_MANIFEST: ${{ steps.rechunk.outputs.manifest }}
run: |
if [[ "${STEPS_RECHUNK_CONCLUSION}" == "success" ]]; then
echo "${STEPS_RECHUNK_OUTPUTS_CHANGELOG}"
echo "${STEPS_RECHUNK_OUTPUTS_MANIFEST}"
cat "${STEPS_RECHUNK_OUTPUTS_CHANGELOG}"
cat "${STEPS_RECHUNK_OUTPUTS_MANIFEST}"
else
echo "Rechunk conclusion:"
echo "${STEPS_RECHUNK_CONCLUSION}"
fi
## This is necessary so that the podman socket can find the rechunked image on its storage
- name: Load in podman and tag
if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
run: |
IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
sudo rm -rf ${{ steps.rechunk.outputs.output }}
for tag in ${{ steps.metadata.outputs.tags }}; do
podman tag $IMAGE ${{ env.IMAGE_NAME }}:$tag
done
- name: Push To git.hydrosaber.com - name: Push To git.hydrosaber.com
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2 uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)

92
Containerfile
View File

@@ -23,11 +23,101 @@ COPY system_files /
# copy key into /etc/pki/containers/hydros.pub # copy key into /etc/pki/containers/hydros.pub
COPY cosign.pub /etc/pki/containers/hydros.pub COPY cosign.pub /etc/pki/containers/hydros.pub
# Install dnf packages
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \ RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \ --mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \ --mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \ --mount=type=tmpfs,dst=/tmp \
/ctx/build.sh /ctx/dnfstart.sh
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/dnf/multimedia.sh
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/dnf/greeter.sh
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/dnf/hyprland.sh
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/dnf/environment.sh
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/dnf/applications.sh
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/dnf/themes.sh
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/dnf/drivers.sh
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/dnfcleanup.sh
# Add image info
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/addimageinfo.sh
# Install Oh My Zsh
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/installohmyzsh.sh
# Install SystemD services
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/installservices.sh
# Build akmods
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/buildakmods.sh
# Finalize image
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
--mount=type=cache,dst=/var/cache \
--mount=type=cache,dst=/var/log \
--mount=type=tmpfs,dst=/tmp \
/ctx/finalize.sh
### LINTING ### LINTING
## Verify final image and contents are correct. ## Verify final image and contents are correct.

0
build_files/scripts/addimageinfo.sh → build_files/addimageinfo.sh
View File

35
build_files/build.sh
View File

@@ -1,35 +0,0 @@
#!/bin/bash
set -ouex pipefail
### Install dnf packages
# Enable rpm fusion free and nonfree
dnf5 -y install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
/ctx/scripts/dnf/multimedia.sh
/ctx/scripts/dnf/greeter.sh
/ctx/scripts/dnf/hyprland.sh
/ctx/scripts/dnf/environment.sh
/ctx/scripts/dnf/applications.sh
/ctx/scripts/dnf/themes.sh
/ctx/scripts/dnf/drivers.sh
# finish by removing rpm fusion repo files
rm -f /etc/yum.repos.d/rpmfusion-*\.repo
### Add image info
/ctx/scripts/addimageinfo.sh
### Install OhMyZsh
/ctx/scripts/installohmyzsh.sh
### Bring in SystemD units and enable services
/ctx/scripts/installservices.sh
### Build akmods
/ctx/scripts/buildakmods.sh
### Cleanup
rm -rf /usr/etc
rm -rf /var/lib/dnf

0
build_files/scripts/buildakmods.sh → build_files/buildakmods.sh
View File

0
build_files/scripts/dnf/applications.sh → build_files/dnf/applications.sh
View File

0
build_files/scripts/dnf/drivers.sh → build_files/dnf/drivers.sh
View File

0
build_files/scripts/dnf/environment.sh → build_files/dnf/environment.sh
View File

0
build_files/scripts/dnf/greeter.sh → build_files/dnf/greeter.sh
View File

0
build_files/scripts/dnf/hyprland.sh → build_files/dnf/hyprland.sh
View File

0
build_files/scripts/dnf/multimedia.sh → build_files/dnf/multimedia.sh
View File

0
build_files/scripts/dnf/themes.sh → build_files/dnf/themes.sh
View File

6
build_files/dnfcleanup.sh Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
set -ouex pipefail
# finish by removing rpm fusion repo files
rm -f /etc/yum.repos.d/rpmfusion-*\.repo

6
build_files/dnfstart.sh Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
set -ouex pipefail
# Enable rpm fusion free and nonfree
dnf5 -y install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm

8
build_files/finalize.sh Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/bash
set -ouex pipefail
### Cleanup
rm -rf /usr/etc
rm -rf /var/lib/dnf

0
build_files/scripts/installohmyzsh.sh → build_files/installohmyzsh.sh
View File

0
build_files/scripts/installservices.sh → build_files/installservices.sh
View File