From a9400fb45d0473456340c771edd86c3ede26faa8 Mon Sep 17 00:00:00 2001
From: Lokesh Mandvekar <lsm5@redhat.com>
Date: Tue, 27 Feb 2024 16:37:18 +0530
Subject: [PATCH] update

Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
---
 .github/workflows/machine-images.yml          |   2 +
 .github/workflows/new-machine-image.yml       | 114 +++++++++++++++
 .../build-podman-machine-os-disks.sh          | 130 ++++++++++++++++++
 3 files changed, 246 insertions(+)
 create mode 100644 .github/workflows/new-machine-image.yml
 create mode 100644 contrib/machine-os-disks/build-podman-machine-os-disks.sh

diff --git a/.github/workflows/machine-images.yml b/.github/workflows/machine-images.yml
index a15ea4c87661..e8cc717116ff 100644
--- a/.github/workflows/machine-images.yml
+++ b/.github/workflows/machine-images.yml
@@ -1,3 +1,5 @@
+workflow_dispatch: false
+
 name: MACHINE IMAGE TRIAL
 
 on:
diff --git a/.github/workflows/new-machine-image.yml b/.github/workflows/new-machine-image.yml
new file mode 100644
index 000000000000..a0675c8d6f2b
--- /dev/null
+++ b/.github/workflows/new-machine-image.yml
@@ -0,0 +1,114 @@
+name: MACHINE IMAGE FROM FCOS IAMGE
+
+on:
+  pull_request:
+    branches:
+      main
+
+env:
+  FCOS_IMAGE_NAME: fcos
+  MACHINE_IMAGE_NAME: machine-images
+  # IMAGE_ARCHS has to be comma separated
+  IMAGE_ARCHS: amd64, arm64
+  IMAGE_REGISTRY: quay.io/podman
+  COPR_OWNER: rhcontainerbot
+  COPR_PROJECT: podman-next
+
+jobs:
+  fcos-podman-next-image-build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Install qemu dependency
+      run: |
+        sudo apt update
+        sudo apt -y install qemu-user-static
+
+        #- name: Set up wait-for-copr
+      # Do not run on scheduled nightly builds
+      #if: ${{ github.event_name != 'schedule' }}
+      #run: |
+      #pip3 install git+https://github.com/packit/wait-for-copr.git@main
+
+        #- name: Set up cosa
+        #run: |
+        # TBD
+
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Get short SHA from HEAD
+      #run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV"
+      # USE A KNOWN BUILT COMMIT FOR TESTING
+      run: echo "SHORT_SHA=f756e5db6" >> "$GITHUB_ENV"
+      id: short_sha
+
+    - name: Wait for successful podman-next build with the latest commit
+      # Do not run on scheduled nightly builds
+      if: ${{ github.event_name != 'schedule' }}
+      run: |
+        # TODO: add this in the Containerfile itself or as a --build-arg
+        wait-for-copr --owner ${{ env.COPR_OWNER }} --project ${{ env.COPR_PROJECT }} podman ${{ env.SHORT_SHA }}
+        echo "podman-next build with ${{ env.SHORT_SHA }} successful."
+
+    - name: Build FCOS Image
+      id: build_image_multiarch
+      # Ref: https://github.com/redhat-actions/buildah-build
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: ${{ env.IMAGE_NAME }}
+        tags: ${{ env.COPR_PROJECT }} podman-${{ env.SHORT_SHA }}
+        archs: ${{ env.IMAGE_ARCHS }}
+        containerfiles: ./contrib/podman-next/fcos-podmanimage/Containerfile
+        labels: |
+          org.opencontainers.image.title=fcos-podman-next image
+          org.opencontainers.image.source=https://raw.githubusercontent.com/${{ github.repository }}/${{ github.sha }}/contrib/podman-next/fcos-podmanimage/Containerfile
+          org.opencontainers.image.url=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          org.opencontainers.image.description=FCOS image with rpms from rhcontainerbot/podman-next copr
+          org.opencontainers.image.revision=${{ github.sha }}
+
+    - name: Echo Outputs
+      run: |
+        echo "Image: ${{ steps.build_image_multiarch.outputs.image }}"
+        echo "Tags: ${{ steps.build_image_multiarch.outputs.tags }}"
+        echo "Tagged Image: ${{ steps.build_image_multiarch.outputs.image-with-tag }}"
+
+    - name: Check images created
+      run: buildah images | grep '${{ env.IMAGE_NAME }}'
+
+    - name: Check image metadata
+      run: |
+        set -x
+        # COPR_PROJECT envvar is used for the `podman-next` floating tag
+        buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.COPR_PROJECT }} | jq ".OCIv1.architecture"
+        buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.COPR_PROJECT }} | jq ".Docker.architecture"
+        buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:podman-${{ env.SHORT_SHA }} | jq ".OCIv1.architecture"
+        buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:podman-${{ env.SHORT_SHA }} | jq ".Docker.architecture"
+
+    - name: Run image
+      run: podman run --privileged --rm ${{ steps.build_image_multiarch.outputs.image-with-tag }} podman system info
+
+    - name: Schedule test on Testing Farm
+      uses: sclorg/testing-farm-as-github-action@v2.0.1
+      with:
+        api_key: ${{ secrets.TF_API_KEY }}
+        git_url: https://github.com/sclorg/sclorg-testing-farm
+        tmt_plan_regex: "machine-image"
+        update_pull_request_status: "false"
+
+    - name: Build Machine images
+      #run: |
+
+    - name: Add Machine images to Manifest
+      # TBD
+
+      #- name: Push to Quay
+      #id: push-to-quay
+      # Ref: https://github.com/redhat-actions/push-to-registry
+      #uses: redhat-actions/push-to-registry@v2
+      #with:
+      #  image: ${{ env.MACHINE_IMAGE_NAME }}
+      #  tags: ${{ steps.build_image_multiarch.outputs.tags }}
+      #  registry: ${{ env.IMAGE_REGISTRY }}
+      #  username: ${{ secrets.QUAY_PODMAN_USERNAME }}
+      #  password: ${{ secrets.QUAY_PODMAN_PASSWORD }}
diff --git a/contrib/machine-os-disks/build-podman-machine-os-disks.sh b/contrib/machine-os-disks/build-podman-machine-os-disks.sh
new file mode 100644
index 000000000000..78f3190b39f6
--- /dev/null
+++ b/contrib/machine-os-disks/build-podman-machine-os-disks.sh
@@ -0,0 +1,130 @@
+#!/usr/bin/bash
+set -x -euo pipefail
+
+# Run this script on a fully up to date Fedora 39 VM with SELinux
+# in permissive mode and the following tools installed:
+# sudo dnf install --enablerepo=updates-testing -y osbuild osbuild-tools osbuild-ostree jq xfsprogs e2fsprogs
+#
+# Invocation of the script would look something like this:
+#
+# sudo ./build-podman-machine-os-disks.sh \
+#   /path/to/podman-50-20240216.ociarchive qemu
+#
+# And it will create the output file in the current directory:
+#   podman-50-20240216.ociarchive.x86_64.qemu.qcow2
+#
+# Another option is to specify no platform and it will create all of
+# them that are configured:
+#
+# sudo ./build-podman-machine-os-disks.sh \
+#   /path/to/podman-50-20240216.ociarchive
+#
+# And it will create the output file in the current directory:
+#   podman-50-20240216.ociarchive.x86_64.applehv.raw
+#   podman-50-20240216.ociarchive.x86_64.hyperv.vhdx
+#   podman-50-20240216.ociarchive.x86_64.qemu.qcow2
+
+ARCH=$(arch)
+OCIARCHIVE=$1
+PLATFORM="${2:-}" # Optional
+
+check_rpm() {
+    req=$1
+    if ! rpm -q "$req" &>/dev/null; then
+        echo "No $req. Can't continue" 1>&2
+        return 1
+    fi
+}
+
+check_rpms() {
+    reqs=(osbuild osbuild-tools osbuild-ostree jq xfsprogs e2fsprogs)
+    for req in "${reqs[@]}"; do
+        check_rpm "$req"
+    done
+}
+
+main() {
+
+    # Make sure RPMs are installed
+    check_rpms
+    # Make sure SELinux is permissive
+    if [ "$(getenforce)" != "Permissive" ]; then
+        echo "SELinux needs to be set to permissive mode"
+        exit 1
+    fi
+    # Make sure we are effectively `root`
+    if [ $UID -ne 0 ]; then
+        echo "OSBuild needs to run with root permissions"
+        exit 1
+    fi
+    # Make sure the given file exists
+    if [ ! -f $OCIARCHIVE ]; then
+        echo "need to pass in full path to .ociarchive file"
+        exit 1
+    fi
+    # Convert it to an absolute path
+    OCIARCHIVE=$(readlink -f $OCIARCHIVE)
+
+    # Make a local tmpdir
+    mkdir -p tmp; rm -f tmp/*
+
+    # Freeze on specific version for now to increase stability.
+    #gitreporef="main"
+    gitreporef="74395f97327e0927a82707ca6f59f93b169c4286"
+    gitrepotld="https://raw.githubusercontent.com/coreos/coreos-assembler/${gitreporef}/"
+    pushd ./tmp
+    curl -LO --fail "${gitrepotld}/src/runvm-osbuild"
+    chmod +x runvm-osbuild
+    for manifest in "coreos.osbuild.${ARCH}.mpp.yaml" platform.{applehv,hyperv,qemu,gcp}.ipp.yaml; do
+        curl -LO --fail "${gitrepotld}/src/osbuild-manifests/${manifest}"
+    done
+    popd
+
+    if [ "${PLATFORM:-}" == "" ]; then
+        platforms=(applehv hyperv qemu)
+    else
+        platforms=($PLATFORM)
+    fi
+
+    for platform in "${platforms[@]}"; do
+
+        suffix=
+        case $platform in 
+            applehv)
+                suffix=raw
+                ;;
+            hyperv)
+                suffix=vhdx
+                ;;
+            qemu)
+                suffix=qcow2
+                ;;
+            *)
+                echo "unknown platform provided"
+                exit 1
+                ;;
+        esac
+        outfile="./$(basename $OCIARCHIVE).${ARCH}.${platform}.${suffix}"
+
+        cat > tmp/diskvars.json << EOF
+{
+	"osname": "fedora-coreos",
+	"deploy-via-container": "true",
+	"ostree-container": "${OCIARCHIVE}",
+	"image-type": "${platform}",
+	"container-imgref": "ostree-remote-registry:fedora:quay.io/containers/podman-machine-os:5.0",
+	"metal-image-size": "3072",
+	"cloud-image-size": "10240"
+}
+EOF
+        ./tmp/runvm-osbuild            \
+            --config tmp/diskvars.json \
+            --filepath "./${outfile}"  \
+            --mpp "tmp/coreos.osbuild.${ARCH}.mpp.yaml"
+        echo "Created $platform image file at: ${outfile}"
+    done
+
+    rm -f tmp/*; rmdir tmp # Cleanup
+}
+
+main "$@"