Build Cosmic ISOs #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Cosmic ISOs | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - ".github/workflows/build_iso.yml" | |
| env: | |
| IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-iso: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image_name: | |
| [cosmic, cosmic-nvidia, cosmic-silverblue, cosmic-silverblue-nvidia] | |
| fedora_version: [40] | |
| env: | |
| IMAGE_TAG: ${{ matrix.fedora_version }}-amd64 | |
| IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Get Flatpak dependencies | |
| id: flatpak-dependencies | |
| env: | |
| IMAGE_FULL: ${{ env.IMAGE_REGISTRY }}/${{ matrix.image_name }}:${{ env.IMAGE_TAG }} | |
| shell: bash | |
| run: | | |
| set -euox pipefail | |
| IMAGE="${IMAGE_FULL}" | |
| # Create temporary directory | |
| TEMP_FLATPAK_INSTALL_DIR=$(mktemp -d -p /tmp flatpak-XXXXXX) | |
| FLATPAK_REFS_DIR=./flatpak-refs | |
| FLATPAK_REFS_DIR_ABS=$(realpath "${FLATPAK_REFS_DIR}") | |
| mkdir -p "${FLATPAK_REFS_DIR}" | |
| mv flatpaks.txt "${FLATPAK_REFS_DIR_ABS}/flatpaks.txt" | |
| # Read the list of Flatpak packages from the manifest | |
| FLATPAK_REFS=() | |
| while IFS= read -r line; do | |
| FLATPAK_REFS+=("$line") | |
| done < "${FLATPAK_REFS_DIR}/flatpaks.txt" | |
| echo "Flatpak refs: ${FLATPAK_REFS[@]}" | |
| # Generate installation script | |
| cat <<EOF > "${TEMP_FLATPAK_INSTALL_DIR}/install-flatpaks.sh" | |
| mkdir -p /flatpak/flatpak /flatpak/triggers | |
| mkdir /var/tmp | |
| chmod -R 1777 /var/tmp | |
| flatpak config --system --set languages "*" | |
| flatpak remote-add --system flathub https://flathub.org/repo/flathub.flatpakrepo | |
| flatpak install --system -y flathub ${FLATPAK_REFS[@]} | |
| ostree refs --repo=\${FLATPAK_SYSTEM_DIR}/repo | grep '^deploy/' | grep -v 'org\.freedesktop\.Platform\.openh264' | sed 's/^deploy\///g' > /output/flatpaks-with-deps | |
| EOF | |
| docker run --rm --privileged \ | |
| --entrypoint /bin/bash \ | |
| -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak \ | |
| -e FLATPAK_TRIGGERS_DIR=/flatpak/triggers \ | |
| -v ${FLATPAK_REFS_DIR_ABS}:/output \ | |
| -v ${TEMP_FLATPAK_INSTALL_DIR}:/temp_flatpak_install_dir \ | |
| ${IMAGE} /temp_flatpak_install_dir/install-flatpaks.sh | |
| docker rmi ${IMAGE} | |
| cat ${FLATPAK_REFS_DIR}/flatpaks-with-deps | |
| echo "FLATPAK_REFS_DIR=${FLATPAK_REFS_DIR}" >> $GITHUB_OUTPUT | |
| - name: Build ISOs | |
| uses: jasonn3/build-container-installer@v1.2.2 | |
| id: build | |
| with: | |
| iso_name: ${{ matrix.image_name }}-${{ matrix.fedora_version }}.iso | |
| arch: x86_64 | |
| image_name: ${{ matrix.image_name }} | |
| image_repo: ${{ env.IMAGE_REGISTRY }} | |
| # We cannot use Silverblue variant since we need the user creation options in anaconda | |
| variant: "Kinoite" | |
| version: ${{ matrix.fedora_version }} | |
| image_tag: ${{ env.IMAGE_TAG }} | |
| secure_boot_key_url: "https://github.com/ublue-os/akmods/raw/main/certs/public_key.der" | |
| enrollment_password: "universalblue" | |
| flatpak_remote_refs_dir: ${{ steps.flatpak-dependencies.outputs.FLATPAK_REFS_DIR }} | |
| enable_flatpak_dependencies: false | |
| - name: Upload ISOs and Checksum to Job Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.image_name }}-${{ env.IMAGE_TAG }} | |
| path: | | |
| ${{ steps.build.outputs.iso_path }} | |
| ${{ steps.build.outputs.iso_path }}-CHECKSUM | |
| if-no-files-found: error | |
| retention-days: 0 | |
| compression-level: 0 | |
| overwrite: true |