Compare commits
2 Commits
e4089325fc
...
0b6e29e91a
| Author | SHA1 | Date | |
|---|---|---|---|
| 0b6e29e91a | |||
| 6a95047266 |
105
.github/workflows/build.yml
vendored
105
.github/workflows/build.yml
vendored
@@ -104,43 +104,18 @@ jobs:
|
||||
sep-tags: " "
|
||||
sep-annotations: " "
|
||||
|
||||
- name: Build Image
|
||||
id: build_image
|
||||
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2
|
||||
with:
|
||||
containerfiles: |
|
||||
./Containerfile
|
||||
# Postfix image name with -custom to make it a little more descriptive
|
||||
# Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format
|
||||
image: ${{ env.IMAGE_NAME }}
|
||||
tags: ${{ steps.metadata.outputs.tags }}
|
||||
labels: ${{ steps.metadata.outputs.labels }}
|
||||
oci: false
|
||||
|
||||
# Rechunk is a script that we use on Universal Blue to make sure there isnt a single huge layer when your image gets published.
|
||||
# This does not make your image faster to download, just provides better resumability and fixes a few errors.
|
||||
# Documentation for Rechunk is provided on their github repository at https://github.com/hhd-dev/rechunk
|
||||
# You can enable it by uncommenting the following lines:
|
||||
#- name: Run Rechunker
|
||||
# id: rechunk
|
||||
# uses: hhd-dev/rechunk@f153348d8100c1f504dec435460a0d7baf11a9d2 # v1.1.1
|
||||
# if:
|
||||
#- name: Build Image
|
||||
# id: build_image
|
||||
# uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2
|
||||
# with:
|
||||
# rechunk: 'ghcr.io/hhd-dev/rechunk:v1.0.1'
|
||||
# ref: "localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
|
||||
# prev-ref: "${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
|
||||
# skip_compression: true
|
||||
# version: ${{ env.CENTOS_VERSION }}
|
||||
# labels: ${{ steps.metadata.outputs.labels }} # Rechunk strips out all the labels during build, this needs to be reapplied here with newline separator
|
||||
#
|
||||
## This is necessary so that the podman socket can find the rechunked image on its storage
|
||||
#- name: Load in podman and tag
|
||||
# run: |
|
||||
# IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
|
||||
# sudo rm -rf ${{ steps.rechunk.outputs.output }}
|
||||
# for tag in ${{ steps.metadata.outputs.tags }}; do
|
||||
# podman tag $IMAGE ${{ env.IMAGE_NAME }}:$tag
|
||||
# done
|
||||
# containerfiles: |
|
||||
# ./Containerfile
|
||||
# # Postfix image name with -custom to make it a little more descriptive
|
||||
# # Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format
|
||||
# image: ${{ env.IMAGE_NAME }}
|
||||
# tags: ${{ steps.metadata.outputs.tags }}
|
||||
# labels: ${{ steps.metadata.outputs.labels }}
|
||||
# oci: false
|
||||
|
||||
# These `if` statements are so that pull requests for your custom images do not make it publish any packages under your name without you knowing
|
||||
# They also check if the runner is on the default branch so that things like the merge queue (if you enable it), are going to work
|
||||
@@ -152,6 +127,64 @@ jobs:
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.PACKAGE_BUILDER_TOKEN }}
|
||||
|
||||
- name: Build Image
|
||||
id: build_image
|
||||
run: |
|
||||
sudo buildah bud \
|
||||
--format docker
|
||||
--tag "localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
|
||||
--layers
|
||||
--cache-to ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}/cache
|
||||
--cache-from ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}/cache
|
||||
--file ./Containerfile
|
||||
|
||||
# Rechunk is a script that we use on Universal Blue to make sure there isnt a single huge layer when your image gets published.
|
||||
# This does not make your image faster to download, just provides better resumability and fixes a few errors.
|
||||
# Documentation for Rechunk is provided on their github repository at https://github.com/hhd-dev/rechunk
|
||||
# You can enable it by uncommenting the following lines:
|
||||
- name: Run Rechunker
|
||||
id: rechunk
|
||||
if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
|
||||
uses: hhd-dev/rechunk@5fbe1d3a639615d2548d83bc888360de6267b1a2 # v1.2.4
|
||||
if:
|
||||
with:
|
||||
rechunk: 'ghcr.io/hhd-dev/rechunk:v1.2.2'
|
||||
ref: "localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
|
||||
prev-ref: "${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
|
||||
skip_compression: false
|
||||
version: ${{ env.CENTOS_VERSION }}
|
||||
labels: ${{ steps.metadata.outputs.labels }} # Rechunk strips out all the labels during build, this needs to be reapplied here with newline separator
|
||||
|
||||
# Taken from vst-name/ublue-aurora-dx to output results of rechunk
|
||||
- name: Rechunk output
|
||||
if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
|
||||
env:
|
||||
STEPS_RECHUNK_CONCLUSION: ${{ steps.rechunk.conclusion }}
|
||||
STEPS_RECHUNK_OUTPUTS_CHANGELOG: ${{ steps.rechunk.outputs.changelog }}
|
||||
STEPS_RECHUNK_OUTPUTS_MANIFEST: ${{ steps.rechunk.outputs.manifest }}
|
||||
run: |
|
||||
if [[ "${STEPS_RECHUNK_CONCLUSION}" == "success" ]]; then
|
||||
echo "${STEPS_RECHUNK_OUTPUTS_CHANGELOG}"
|
||||
echo "${STEPS_RECHUNK_OUTPUTS_MANIFEST}"
|
||||
cat "${STEPS_RECHUNK_OUTPUTS_CHANGELOG}"
|
||||
cat "${STEPS_RECHUNK_OUTPUTS_MANIFEST}"
|
||||
|
||||
else
|
||||
echo "Rechunk conclusion:"
|
||||
echo "${STEPS_RECHUNK_CONCLUSION}"
|
||||
fi
|
||||
|
||||
|
||||
## This is necessary so that the podman socket can find the rechunked image on its storage
|
||||
- name: Load in podman and tag
|
||||
if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
|
||||
run: |
|
||||
IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
|
||||
sudo rm -rf ${{ steps.rechunk.outputs.output }}
|
||||
for tag in ${{ steps.metadata.outputs.tags }}; do
|
||||
podman tag $IMAGE ${{ env.IMAGE_NAME }}:$tag
|
||||
done
|
||||
|
||||
- name: Push To git.hydrosaber.com
|
||||
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
|
||||
if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
|
||||
|
||||
@@ -23,11 +23,101 @@ COPY system_files /
|
||||
# copy key into /etc/pki/containers/hydros.pub
|
||||
COPY cosign.pub /etc/pki/containers/hydros.pub
|
||||
|
||||
# Install dnf packages
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/build.sh
|
||||
/ctx/dnfstart.sh
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/dnf/multimedia.sh
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/dnf/greeter.sh
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/dnf/hyprland.sh
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/dnf/environment.sh
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/dnf/applications.sh
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/dnf/themes.sh
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/dnf/drivers.sh
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/dnfcleanup.sh
|
||||
|
||||
# Add image info
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/addimageinfo.sh
|
||||
|
||||
# Install Oh My Zsh
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/installohmyzsh.sh
|
||||
|
||||
# Install SystemD services
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/installservices.sh
|
||||
|
||||
# Build akmods
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/buildakmods.sh
|
||||
|
||||
# Finalize image
|
||||
|
||||
RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
|
||||
--mount=type=cache,dst=/var/cache \
|
||||
--mount=type=cache,dst=/var/log \
|
||||
--mount=type=tmpfs,dst=/tmp \
|
||||
/ctx/finalize.sh
|
||||
|
||||
### LINTING
|
||||
## Verify final image and contents are correct.
|
||||
|
||||
@@ -1,35 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -ouex pipefail
|
||||
|
||||
### Install dnf packages
|
||||
# Enable rpm fusion free and nonfree
|
||||
dnf5 -y install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
|
||||
|
||||
/ctx/scripts/dnf/multimedia.sh
|
||||
/ctx/scripts/dnf/greeter.sh
|
||||
/ctx/scripts/dnf/hyprland.sh
|
||||
/ctx/scripts/dnf/environment.sh
|
||||
/ctx/scripts/dnf/applications.sh
|
||||
/ctx/scripts/dnf/themes.sh
|
||||
/ctx/scripts/dnf/drivers.sh
|
||||
|
||||
# finish by removing rpm fusion repo files
|
||||
rm -f /etc/yum.repos.d/rpmfusion-*\.repo
|
||||
|
||||
### Add image info
|
||||
/ctx/scripts/addimageinfo.sh
|
||||
|
||||
### Install OhMyZsh
|
||||
/ctx/scripts/installohmyzsh.sh
|
||||
|
||||
### Bring in SystemD units and enable services
|
||||
/ctx/scripts/installservices.sh
|
||||
|
||||
### Build akmods
|
||||
/ctx/scripts/buildakmods.sh
|
||||
|
||||
### Cleanup
|
||||
rm -rf /usr/etc
|
||||
|
||||
rm -rf /var/lib/dnf
|
||||
6
build_files/dnfcleanup.sh
Executable file
6
build_files/dnfcleanup.sh
Executable file
@@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -ouex pipefail
|
||||
|
||||
# finish by removing rpm fusion repo files
|
||||
rm -f /etc/yum.repos.d/rpmfusion-*\.repo
|
||||
6
build_files/dnfstart.sh
Executable file
6
build_files/dnfstart.sh
Executable file
@@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -ouex pipefail
|
||||
|
||||
# Enable rpm fusion free and nonfree
|
||||
dnf5 -y install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
|
||||
8
build_files/finalize.sh
Executable file
8
build_files/finalize.sh
Executable file
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -ouex pipefail
|
||||
|
||||
### Cleanup
|
||||
rm -rf /usr/etc
|
||||
|
||||
rm -rf /var/lib/dnf
|
||||
Reference in New Issue
Block a user