update

Signed-off-by: Lokesh Mandvekar <[email protected]>

.github/workflows/machine-images.yml

@@ -1,3 +1,5 @@
+workflow_dispatch: false
+
 name: MACHINE IMAGE TRIAL
 
 on:

.github/workflows/new-machine-image.yml

@@ -0,0 +1,114 @@
+name: MACHINE IMAGE FROM FCOS IAMGE
+
+on:
+ pull_request:
+ branches:
+ main
+
+env:
+ FCOS_IMAGE_NAME: fcos
+ MACHINE_IMAGE_NAME: machine-images
+ # IMAGE_ARCHS has to be comma separated
+ IMAGE_ARCHS: amd64, arm64
+ IMAGE_REGISTRY: quay.io/podman
+ COPR_OWNER: rhcontainerbot
+ COPR_PROJECT: podman-next
+
+jobs:
+ fcos-podman-next-image-build:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Install qemu dependency
+ run: |
+ sudo apt update
+ sudo apt -y install qemu-user-static
+
+ #- name: Set up wait-for-copr
+ # Do not run on scheduled nightly builds
+ #if: ${{ github.event_name != 'schedule' }}
+ #run: |
+ #pip3 install git+https://github.com/packit/wait-for-copr.git@main
+
+ #- name: Set up cosa
+ #run: |
+ # TBD
+
+ - name: Check out code
+ uses: actions/checkout@v4
+
+ - name: Get short SHA from HEAD
+ #run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
+ # USE A KNOWN BUILT COMMIT FOR TESTING
+ run: echo "SHORT_SHA=f756e5db6" >> "$GITHUB_ENV"
+ id: short_sha
+
+ - name: Wait for successful podman-next build with the latest commit
+ # Do not run on scheduled nightly builds
+ if: ${{ github.event_name != 'schedule' }}
+ run: |
+ # TODO: add this in the Containerfile itself or as a --build-arg
+ wait-for-copr --owner ${{ env.COPR_OWNER }} --project ${{ env.COPR_PROJECT }} podman ${{ env.SHORT_SHA }}
+ echo "podman-next build with ${{ env.SHORT_SHA }} successful."
+
+ - name: Build FCOS Image
+ id: build_image_multiarch
+ # Ref: https://github.com/redhat-actions/buildah-build
+ uses: redhat-actions/buildah-build@v2
+ with:
+ image: ${{ env.IMAGE_NAME }}
+ tags: ${{ env.COPR_PROJECT }} podman-${{ env.SHORT_SHA }}
+ archs: ${{ env.IMAGE_ARCHS }}
+ containerfiles: ./contrib/podman-next/fcos-podmanimage/Containerfile
+ labels: |
+ org.opencontainers.image.title=fcos-podman-next image
+ org.opencontainers.image.source=https://raw.githubusercontent.com/${{ github.repository }}/${{ github.sha }}/contrib/podman-next/fcos-podmanimage/Containerfile
+ org.opencontainers.image.url=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+ org.opencontainers.image.description=FCOS image with rpms from rhcontainerbot/podman-next copr
+ org.opencontainers.image.revision=${{ github.sha }}
+
+ - name: Echo Outputs
+ run: |
+ echo "Image: ${{ steps.build_image_multiarch.outputs.image }}"
+ echo "Tags: ${{ steps.build_image_multiarch.outputs.tags }}"
+ echo "Tagged Image: ${{ steps.build_image_multiarch.outputs.image-with-tag }}"
+
+ - name: Check images created
+ run: buildah images | grep '${{ env.IMAGE_NAME }}'
+
+ - name: Check image metadata
+ run: |
+ set -x
+ # COPR_PROJECT envvar is used for the `podman-next` floating tag
+ buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.COPR_PROJECT }} | jq ".OCIv1.architecture"
+ buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.COPR_PROJECT }} | jq ".Docker.architecture"
+ buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:podman-${{ env.SHORT_SHA }} | jq ".OCIv1.architecture"
+ buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:podman-${{ env.SHORT_SHA }} | jq ".Docker.architecture"
+
+ - name: Run image
+ run: podman run --privileged --rm ${{ steps.build_image_multiarch.outputs.image-with-tag }} podman system info
+
+ - name: Schedule test on Testing Farm
+ uses: sclorg/[email protected]
+ with:
+ api_key: ${{ secrets.TF_API_KEY }}
+ git_url: https://github.com/sclorg/sclorg-testing-farm
+ tmt_plan_regex: "machine-image"
+ update_pull_request_status: "false"
+
+ - name: Build Machine images
+ #run: |
+
+ - name: Add Machine images to Manifest
+ # TBD
+
+ #- name: Push to Quay
+ #id: push-to-quay
+ # Ref: https://github.com/redhat-actions/push-to-registry
+ #uses: redhat-actions/push-to-registry@v2
+ #with:
+ # image: ${{ env.MACHINE_IMAGE_NAME }}
+ # tags: ${{ steps.build_image_multiarch.outputs.tags }}
+ # registry: ${{ env.IMAGE_REGISTRY }}
+ # username: ${{ secrets.QUAY_PODMAN_USERNAME }}
+ # password: ${{ secrets.QUAY_PODMAN_PASSWORD }}

contrib/machine-os-disks/build-podman-machine-os-disks.sh

@@ -0,0 +1,130 @@
+#!/usr/bin/bash
+set -x -euo pipefail
+
+# Run this script on a fully up to date Fedora 39 VM with SELinux
+# in permissive mode and the following tools installed:
+# sudo dnf install --enablerepo=updates-testing -y osbuild osbuild-tools osbuild-ostree jq xfsprogs e2fsprogs
+#
+# Invocation of the script would look something like this:
+#
+# sudo ./build-podman-machine-os-disks.sh \
+# /path/to/podman-50-20240216.ociarchive qemu
+#
+# And it will create the output file in the current directory:
+# podman-50-20240216.ociarchive.x86_64.qemu.qcow2
+#
+# Another option is to specify no platform and it will create all of
+# them that are configured:
+#
+# sudo ./build-podman-machine-os-disks.sh \
+# /path/to/podman-50-20240216.ociarchive
+#
+# And it will create the output file in the current directory:
+# podman-50-20240216.ociarchive.x86_64.applehv.raw
+# podman-50-20240216.ociarchive.x86_64.hyperv.vhdx
+# podman-50-20240216.ociarchive.x86_64.qemu.qcow2
+
+ARCH=$(arch)
+OCIARCHIVE=$1
+PLATFORM="${2:-}" # Optional
+
+check_rpm() {
+ req=$1
+ if ! rpm -q "$req" &>/dev/null; then
+ echo "No $req. Can't continue" 1>&2
+ return 1
+ fi
+}
+
+check_rpms() {
+ reqs=(osbuild osbuild-tools osbuild-ostree jq xfsprogs e2fsprogs)
+ for req in "${reqs[@]}"; do
+ check_rpm "$req"
+ done
+}
+
+main() {
+
+ # Make sure RPMs are installed
+ check_rpms
+ # Make sure SELinux is permissive
+ if [ "$(getenforce)" != "Permissive" ]; then
+ echo "SELinux needs to be set to permissive mode"
+ exit 1
+ fi
+ # Make sure we are effectively `root`
+ if [ $UID -ne 0 ]; then
+ echo "OSBuild needs to run with root permissions"
+ exit 1
+ fi
+ # Make sure the given file exists
+ if [ ! -f $OCIARCHIVE ]; then
+ echo "need to pass in full path to .ociarchive file"
+ exit 1
+ fi
+ # Convert it to an absolute path
+ OCIARCHIVE=$(readlink -f $OCIARCHIVE)
+
+ # Make a local tmpdir
+ mkdir -p tmp; rm -f tmp/*
+
+ # Freeze on specific version for now to increase stability.
+ #gitreporef="main"
+ gitreporef="74395f97327e0927a82707ca6f59f93b169c4286"
+ gitrepotld="https://raw.githubusercontent.com/coreos/coreos-assembler/${gitreporef}/"
+ pushd ./tmp
+ curl -LO --fail "${gitrepotld}/src/runvm-osbuild"
+ chmod +x runvm-osbuild
+ for manifest in "coreos.osbuild.${ARCH}.mpp.yaml" platform.{applehv,hyperv,qemu,gcp}.ipp.yaml; do
+ curl -LO --fail "${gitrepotld}/src/osbuild-manifests/${manifest}"
+ done
+ popd
+
+ if [ "${PLATFORM:-}" == "" ]; then
+ platforms=(applehv hyperv qemu)
+ else
+ platforms=($PLATFORM)
+ fi
+
+ for platform in "${platforms[@]}"; do
+
+ suffix=
+ case $platform in 
+ applehv)
+ suffix=raw
+ ;;
+ hyperv)
+ suffix=vhdx
+ ;;
+ qemu)
+ suffix=qcow2
+ ;;
+ *)
+ echo "unknown platform provided"
+ exit 1
+ ;;
+ esac
+ outfile="./$(basename $OCIARCHIVE).${ARCH}.${platform}.${suffix}"
+
+ cat > tmp/diskvars.json << EOF
+{
+ "osname": "fedora-coreos",
+ "deploy-via-container": "true",
+ "ostree-container": "${OCIARCHIVE}",
+ "image-type": "${platform}",
+ "container-imgref": "ostree-remote-registry:fedora:quay.io/containers/podman-machine-os:5.0",
+ "metal-image-size": "3072",
+ "cloud-image-size": "10240"
+}
+EOF
+ ./tmp/runvm-osbuild \
+ --config tmp/diskvars.json \
+ --filepath "./${outfile}" \
+ --mpp "tmp/coreos.osbuild.${ARCH}.mpp.yaml"
+ echo "Created $platform image file at: ${outfile}"
+ done
+
+ rm -f tmp/*; rmdir tmp # Cleanup
+}
+
+main "$@"