chore: more formatting fixes #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Reusable Build and Push | ||
on: | ||
workflow_call: | ||
inputs: | ||
fedora_version: | ||
description: 'The Fedora Version: gts, stable, or latest" | ||
required: true | ||
type: string | ||
brand_name: | ||
description: "'aurora' or 'bluefin'" | ||
required: true | ||
type: string | ||
outputs: | ||
images: | ||
description: 'An array of images built and pushed to the registry' | ||
value: ${{ jobs.check.outputs.images }} | ||
env: | ||
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.fedora_version }} | ||
cancel-in-progress: true | ||
jobs: | ||
build_container: | ||
name: image | ||
runs-on: ubuntu-22.04 | ||
continue-on-error: false | ||
outputs: | ||
image_full: ${{ steps.generate-outputs.outputs.image }} | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
image_flavor: | ||
- main | ||
- nvidia | ||
- asus | ||
- asus-nvidia | ||
- surface | ||
- surface-nvidia | ||
base_name: | ||
- ${{ inputs.brand_name }} | ||
- ${{ inputs.brand_name }}-dx | ||
fedora_version: | ||
- ${{ inputs.fedora_version }} | ||
include: | ||
exclude: | ||
- fedora_version: gts | ||
image_flavor: asus | ||
- fedora_version: gts | ||
image_flavor: asus-nvidia | ||
- fedora_version: stable | ||
image_flavor: asus | ||
- fedora_version: stable | ||
image_flavor: asus-nvidia | ||
- fedora_version: stable | ||
image_flavor: surface | ||
- fedora_version: stable | ||
image_flavor: surface-nvidia | ||
- fedora_version: beta | ||
image_flavor: asus | ||
- fedora_version: beta | ||
image_flavor: asus-nvidia | ||
- fedora_version: beta | ||
image_flavor: surface | ||
- fedora_version: beta | ||
image_flavor: surface-nvidia | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | ||
- name: Matrix Variables | ||
run: | | ||
# IMAGE_NAME | ||
if [[ "${{ matrix.image_flavor }}" == "main" ]]; then | ||
echo "IMAGE_NAME=${{ matrix.base_name }}" >> $GITHUB_ENV | ||
else | ||
echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.base_name, matrix.image_flavor) }}" >> $GITHUB_ENV | ||
fi | ||
# BASE_IMAGE_NAME | ||
if [[ "${{ matrix.base_name }}" =~ "bluefin" ]]; then | ||
echo "BASE_IMAGE_NAME"="silverblue" >> $GITHUB_ENV | ||
elif [[ "${{ matrix.base_name }}" =~ "aurora" ]]; then | ||
echo "BASE_IMAGE_NAME"="kinoite" >> $GITHUB_ENV | ||
fi | ||
# TARGET_NAME | ||
if [[ "${{ matrix.base_name }}" =~ "dx" ]]; then | ||
echo "TARGET_NAME"="dx" >> $GITHUB_ENV | ||
else | ||
echo "TARGET_NAME"="base" >> $GITHUB_ENV | ||
fi | ||
# AKMODS_FLAVOR | ||
if [[ "${{ matrix.image_flavor }}" =~ "asus" ]]; then | ||
echo "AKMODS_FLAVOR=asus" >> $GITHUB_ENV | ||
elif [[ "${{ matrix.image_flavor }}" =~ "surface" ]]; then | ||
echo "AKMODS_FLAVOR=surface" >> $GITHUB_ENV | ||
echo "KERNEL_SUFFIX=surface" >> $GITHUB_ENV | ||
elif [[ "${{ matrix.fedora_version }}" == "stable" || \ | ||
"${{ matrix.fedora_version }}" == "gts" ]]; then | ||
echo "AKMODS_FLAVOR=coreos" >> $GITHUB_ENV | ||
else | ||
echo "AKMODS_FLAVOR=main" >> $GITHUB_ENV | ||
fi | ||
# Env for matrix.image_flavor | ||
if [[ "${{ matrix.image_flavor }}" == "nvidia" ]] && \ | ||
[[ "${{ matrix.fedora_version }}" == "stable" || \ | ||
"${{ matrix.fedora_version }}" == "gts" ]]; then | ||
echo "image_flavor=main" >> $GITHUB_ENV | ||
echo "coreos_type=nvidia" >> $GITHUB_ENV | ||
elif [[ "${{ matrix.image_flavor }}" == "main" ]] && \ | ||
[[ "${{ matrix.fedora_version }}" == "stable" || \ | ||
"${{ matrix.fedora_version }}" == "gts" ]]; then | ||
echo "image_flavor=${{ matrix.image_flavor }}" >> $GITHUB_ENV | ||
echo "coreos_type=main" >> $GITHUB_ENV | ||
else | ||
echo "image_flavor=${{ matrix.image_flavor }}" >> $GITHUB_ENV | ||
fi | ||
- name: Get Current Fedora Version | ||
id: labels | ||
shell: bash | ||
run: | | ||
set -eo pipefail | ||
if [[ ${{ matrix.fedora_version }} == "stable" ]]; then | ||
KERNEL_RELEASE=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') | ||
if [[ ${{ matrix.fedora_version }} == "gts" ]]; then | ||
coreos_kernel_release=$(skopeo inspect docker://quay.io/fedora/fedora-coreos:stable | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') | ||
major_minor_patch=$(echo "$coreos_kernel_release" | cut -d '-' -f 1) | ||
coreos_fedora_version=$(echo $coreos_kernel_release | grep -oP 'fc\K[0-9]+') | ||
KERNEL_RELEASE="${major_minor_patch}-200.fc$(($coreos_fedora_version - 1))" | ||
else | ||
KERNEL_RELEASE=$(skopeo inspect docker://ghcr.io/ublue-os/silverblue-${{ env.image_flavor }}:${{ matrix.fedora_version }} | jq -r '.Labels["ostree.linux"] | split(".x86_64")[0]') | ||
fi | ||
fedora_version=$(echo $KERNEL_RELEASE | grep -oP 'fc\K[0-9]+') | ||
echo "kernel_release=$KERNEL_RELEASE" >> $GITHUB_OUTPUT | ||
echo "fedora_version=$fedora_version" >> $GITHUB_OUTPUT | ||
ver=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.BASE_IMAGE_NAME }}-${{ env.image_flavor }}:$fedora_version | jq -r '.Labels["org.opencontainers.image.version"]') | ||
if [ -z "$ver" ] || [ "null" = "$ver" ]; then | ||
echo "inspected image version must not be empty or null" | ||
exit 1 | ||
fi | ||
echo "VERSION=$ver" >> $GITHUB_OUTPUT | ||
- name: Verify base image | ||
uses: EyeCantCU/cosign-action/verify@11f8c114a5e67c7a663c9dfcaf76d85429d254bc # v0.2.2 | ||
with: | ||
containers: ${{ env.BASE_IMAGE_NAME}}-${{ env.image_flavor }}:${{ steps.labels.outputs.fedora_version }} | ||
- name: Verify Chainguard images | ||
if: matrix.base_name != 'bluefin' && matrix.base_name != 'aurora' | ||
uses: EyeCantCU/cosign-action/verify@11f8c114a5e67c7a663c9dfcaf76d85429d254bc # v0.2.2 | ||
with: | ||
containers: dive, flux, helm, ko, minio, kubectl | ||
cert-identity: https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main | ||
oidc-issuer: https://token.actions.githubusercontent.com | ||
registry: cgr.dev/chainguard | ||
- name: Maximize build space | ||
if: contains(matrix.base_name, '-dx') && (github.event_name == 'pull_request' && ( matrix.image_flavor == 'main' || matrix.image_flavor == 'nvidia' ) || github.event_name != 'pull_request') | ||
uses: ublue-os/remove-unwanted-software@517622d6452028f266b7ba4cc9a123b5f58a6b53 # v7 | ||
- name: Check just syntax | ||
uses: ublue-os/just-action@961e70ef33d8e0ef5ecf19dbb20739f3c0ce873b # v1 | ||
- name: Generate tags | ||
id: generate-tags | ||
shell: bash | ||
run: | | ||
# Generate a timestamp for creating an image version history | ||
TIMESTAMP="$(date +%Y%m%d)" | ||
FEDORA_VERSION="${{ matrix.fedora_version }}" | ||
if [[ "${{ matrix.fedora_version }}" == "stable" ]]; then | ||
IS_LATEST_VERSION=false | ||
IS_STABLE_VERSION=true | ||
IS_GTS_VERSION=false | ||
IS_COREOS=true | ||
elif [[ "${{ matrix.fedora_version }}" == "gts" ]]; then | ||
IS_LATEST_VERSION=false | ||
IS_STABLE_VERSION=true | ||
IS_GTS_VERSION=true | ||
IS_COREOS=false | ||
elif [[ "${{ matrix.fedora_version }}" == "latest" ]]; then | ||
IS_LATEST_VERSION=true | ||
IS_STABLE_VERSION=true | ||
IS_GTS_VERSION=false | ||
IS_COREOS=false | ||
elif [[ "${{ matrix.fedora_version }}" == "beta" ]]; then | ||
IS_LATEST_VERSION=false | ||
IS_STABLE_VERSION=false | ||
IS_GTS_VERSION=false | ||
IS_COREOS=false | ||
fi | ||
COMMIT_TAGS=() | ||
BUILD_TAGS=() | ||
# Have tags for tracking builds during pull request | ||
SHA_SHORT="${GITHUB_SHA::7}" | ||
COMMIT_TAGS+=("pr-${{ github.event.number }}-${FEDORA_VERSION}") | ||
COMMIT_TAGS+=("${SHA_SHORT}-${FEDORA_VERSION}") | ||
if [[ "$IS_LATEST_VERSION" == "true" ]] && \ | ||
[[ "$IS_STABLE_VERSION" == "true" ]]; then | ||
COMMIT_TAGS+=("pr-${{ github.event.number }}") | ||
COMMIT_TAGS+=("${SHA_SHORT}") | ||
fi | ||
if [[ ${{ matrix.fedora_version }} == "stable" ]]; then | ||
BUILD_TAGS=("${FEDORA_VERSION}" "${FEDORA_VERSION}-${TIMESTAMP}") | ||
else | ||
BUILD_TAGS=("${{ steps.labels.outputs.fedora_version }}" "${{ steps.labels.outputs.fedora_version }}-${TIMESTAMP}") | ||
fi | ||
if [[ ${{ github.ref_name }} == "testing" ]]; then | ||
if [[ ${{ matrix.fedora_version }} == "stable" ]]; then | ||
BUILD_TAGS=("${FEDORA_VERSION}" "${FEDORA_VERSION}-${TIMESTAMP}") | ||
else | ||
BUILD_TAGS=("${{ steps.labels.outputs.fedora_version }}" "${{ steps.labels.outputs.fedora_version }}-${TIMESTAMP}") | ||
fi | ||
if [[ "$IS_LATEST_VERSION" == "true" ]] && \ | ||
[[ "$IS_STABLE_VERSION" == "true" ]]; then | ||
BUILD_TAGS+=("testing") | ||
echo "DEFAULT_TAG=testing" >> $GITHUB_ENV | ||
elif [[ "$IS_GTS_VERSION" == "true" ]]; then | ||
BUILD_TAGS+=("gts-testing") | ||
echo "DEFAULT_TAG=gts-testing" >> $GITHUB_ENV | ||
elif [[ "$IS_COREOS" == "true" ]]; then | ||
echo "DEFAULT_TAG=stable-testing" >> $GITHUB_ENV | ||
fi | ||
else | ||
if [[ "$IS_LATEST_VERSION" == "true" ]] && \ | ||
[[ "$IS_STABLE_VERSION" == "true" ]]; then | ||
BUILD_TAGS+=("latest") | ||
echo "DEFAULT_TAG=latest" >> $GITHUB_ENV | ||
elif [[ "$IS_GTS_VERSION" == "true" ]]; then | ||
BUILD_TAGS+=("gts") | ||
echo "DEFAULT_TAG=gts" >> $GITHUB_ENV | ||
elif [[ "$IS_COREOS" == "true" ]]; then | ||
echo "DEFAULT_TAG=stable" >> $GITHUB_ENV | ||
fi | ||
fi | ||
if [[ "${{ github.event_name }}" == "pull_request" ]]; then | ||
echo "Generated the following commit tags: " | ||
for TAG in "${COMMIT_TAGS[@]}"; do | ||
echo "${TAG}" | ||
done | ||
alias_tags=("${COMMIT_TAGS[@]}") | ||
echo "DEFAULT_TAG=${SHA_SHORT}-${FEDORA_VERSION}" >> $GITHUB_ENV | ||
else | ||
alias_tags=("${BUILD_TAGS[@]}") | ||
fi | ||
echo "Generated the following build tags: " | ||
for TAG in "${BUILD_TAGS[@]}"; do | ||
echo "${TAG}" | ||
done | ||
echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT | ||
# Build metadata | ||
- name: Image Metadata | ||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 | ||
id: meta | ||
with: | ||
images: | | ||
${{ env.IMAGE_NAME }} | ||
labels: | | ||
org.opencontainers.image.title=${{ env.IMAGE_NAME }} | ||
org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }} | ||
org.opencontainers.image.description=An interpretation of the Ubuntu spirit built on Fedora technology | ||
ostree.linux=${{ steps.labels.outputs.kernel_release }}.x86_64 | ||
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/bluefin/bluefin/README.md | ||
io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 | ||
# Build image using Buildah action | ||
- name: Build Image | ||
id: build_image | ||
if: github.event_name == 'pull_request' && ( matrix.image_flavor == 'main' || matrix.image_flavor == 'nvidia' ) || github.event_name != 'pull_request' | ||
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2 | ||
with: | ||
containerfiles: | | ||
./Containerfile | ||
image: ${{ env.IMAGE_NAME }} | ||
tags: | | ||
${{ steps.generate-tags.outputs.alias_tags }} | ||
build-args: | | ||
BASE_IMAGE_NAME=${{ env.BASE_IMAGE_NAME }} | ||
IMAGE_NAME=${{ env.IMAGE_NAME }} | ||
IMAGE_FLAVOR=${{ env.image_flavor }} | ||
IMAGE_VENDOR=${{ github.repository_owner }} | ||
FEDORA_MAJOR_VERSION=${{ steps.labels.outputs.fedora_version }} | ||
TARGET_BASE=${{ matrix.target_base }} | ||
AKMODS_FLAVOR=${{ env.AKMODS_FLAVOR }} | ||
COREOS_TYPE=${{ env.coreos_type }} | ||
KERNEL=${{ steps.labels.outputs.kernel_release }} | ||
UBLUE_IMAGE_TAG=${{ matrix.fedora_version }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
oci: false | ||
# TODO(GH-280) | ||
# extra-args: | | ||
# --target=${{ matrix.target_name || matrix.base_name }} | ||
extra-args: | | ||
--target=${{ env.TARGET_NAME }} | ||
- name: Sign kernel | ||
uses: ublue-os/kernel-signer@ba1d52542bbfd0db42a528f52a114e12667169e5 # v0.2.3 | ||
if: github.event_name != 'pull_request' | ||
with: | ||
image: ${{ steps.build_image.outputs.image }} | ||
default-tag: ${{ env.DEFAULT_TAG }} | ||
privkey: ${{ secrets.AKMOD_PRIVKEY_20230518 }} | ||
pubkey: /etc/pki/akmods/certs/akmods-ublue.der | ||
tags: ${{ steps.build_image.outputs.tags }} | ||
kernel_suffix: ${{ env.KERNEL_SUFFIX }} | ||
strip: false | ||
# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. | ||
# https://github.com/macbre/push-to-ghcr/issues/12 | ||
- name: Lowercase Registry | ||
id: registry_case | ||
uses: ASzc/change-string-case-action@d0603cd0a7dd490be678164909f65c7737470a7f # v6 | ||
with: | ||
string: ${{ env.IMAGE_REGISTRY }} | ||
# Push the image to GHCR (Image Registry) | ||
- name: Push To GHCR | ||
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2 | ||
id: push | ||
if: github.event_name != 'pull_request' | ||
env: | ||
REGISTRY_USER: ${{ github.actor }} | ||
REGISTRY_PASSWORD: ${{ github.token }} | ||
with: | ||
image: ${{ steps.build_image.outputs.image }} | ||
tags: ${{ steps.build_image.outputs.tags }} | ||
registry: ${{ steps.registry_case.outputs.lowercase }} | ||
username: ${{ env.REGISTRY_USER }} | ||
password: ${{ env.REGISTRY_PASSWORD }} | ||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3 | ||
if: github.event_name != 'pull_request' | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
# Sign container | ||
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 | ||
if: github.event_name != 'pull_request' | ||
- name: Sign container image | ||
if: github.event_name != 'pull_request' | ||
run: | | ||
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} | ||
env: | ||
TAGS: ${{ steps.push.outputs.digest }} | ||
COSIGN_EXPERIMENTAL: false | ||
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} | ||
- name: Generate file containing outputs | ||
if: github.event_name != 'pull_request' | ||
env: | ||
DIGEST: ${{ steps.push.outputs.digest }} | ||
IMAGE_REGISTRY: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} | ||
IMAGE_NAME: ${{ env.IMAGE_NAME }} | ||
IMAGE_FLAVOR: ${{ env.image_flavor }} | ||
FEDORA_VERSION: ${{ matrix.fedora_version }} | ||
run: echo "${IMAGE_REGISTRY}@${DIGEST}" > "${IMAGE_NAME}-${IMAGE_FLAVOR}-${FEDORA_VERSION}.txt" | ||
- name: Upload artifact | ||
if: github.event_name != 'pull_request' | ||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 | ||
with: | ||
name: image-${{ env.IMAGE_NAME }}-${{ env.image_flavor }}-${{ matrix.fedora_version }} | ||
retention-days: 1 | ||
if-no-files-found: error | ||
path: | | ||
${{ env.IMAGE_NAME }}-${{ env.image_flavor }}-${{ matrix.fedora_version }}.txt | ||
check: | ||
name: Check all ${{ inputs.brand_name }} ${{ inputs.fedora_version }} builds successful | ||
if: always() | ||
runs-on: ubuntu-latest | ||
needs: [build_container] | ||
outputs: | ||
images: ${{ steps.generate-outputs.outputs.images }} | ||
steps: | ||
- name: Download artifacts | ||
if: github.event_name != 'pull_request' | ||
id: download-artifacts | ||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4 | ||
with: | ||
pattern: image-* | ||
merge-multiple: true | ||
- name: Create output | ||
if: github.event_name != 'pull_request' | ||
id: generate-outputs | ||
env: | ||
JOBS: ${{ toJson(needs) }} | ||
ARTIFACT_PATH: ${{ steps.download-artifacts.outputs.download-path }} | ||
run: | | ||
# Initialize the array | ||
images=() | ||
# Populate the array with each line from each file in the artifacts directory | ||
for file in $ARTIFACT_PATH/*; do | ||
while IFS= read -r line; do | ||
images+=("$line") | ||
done < "$file" | ||
done | ||
# Create the GITHUB_OUTPUT in the format '["image1", "image2", ...]' | ||
echo "images=$(printf '%s\n' "${images[@]}" | jq -R -s -c 'split("\n") | .[:-1]')" >> $GITHUB_OUTPUT | ||
- name: Check Jobs | ||
env: | ||
JOBS: ${{ toJson(needs) }} | ||
run: | | ||
echo "Job status:" | ||
echo $JOBS | jq -r 'to_entries[] | " - \(.key): \(.value.result)"' | ||
for i in $(echo $JOBS | jq -r 'to_entries[] | .value.result'); do | ||
if [ "$i" != "success" ] && [ "$i" != "skipped" ]; then | ||
echo "" | ||
echo "Status check not okay!" | ||
exit 1 | ||
fi | ||
done | ||
# build_iso: | ||
# name: iso | ||
# needs: [check] | ||
# if: github.ref_name == 'testing' && inputs.fedora_version != '40' | ||
# # Eventually would be nice for building images in PRs | ||
# #if: ${{ endsWith(github.event.pull_request.title, '[ISO]') }} | ||
# uses: ./.github/workflows/reusable-build-iso.yml | ||
# secrets: inherit | ||
# with: | ||
# brand_name: ${{ inputs.brand_name }} | ||
# fedora_version: ${{ inputs.fedora_version }} |