diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a0e66a7d..fe31a8de 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,6 +30,7 @@ jobs: - mate - vauxite major_version: [38, 39, 40] + build_arch: [aarch64, x86_64] build_target: [nokmods, kmods] include: - major_version: 38 @@ -65,6 +66,22 @@ jobs: major_version: 39 - build_target: kmods major_version: 40 + # Only build aarch64 images for F39/40, F38 is approaching EOL + - build_arch: aarch64 + major_version: 38 + # Disable images without aarch64 support + - build_arch: aarch64 + image_name: onyx + - build_arch: aarch64 + image_name: base + - build_arch: aarch64 + image_name: lxqt + - build_arch: aarch64 + image_name: lazurite + - build_arch: aarch64 + image_name: mate + - build_arch: aarch64 + image_name: vauxite steps: # Checkout push-to-registry action GitHub repository - name: Checkout Push to Registry action @@ -73,27 +90,34 @@ jobs: - name: Matrix Variables shell: bash run: | - if [[ "${{ matrix.major_version }}" -ge "41" ]] && \ - grep "${{ matrix.image_name }}" <<< "silverblue, kinoite, sericea, onyx"; then + if [[ "${{ matrix.build_arch }}" == "aarch64" ]]; then + echo "TARGET_CONTAINERFILE=./Containerfile.aarch64" >> $GITHUB_ENV echo "SOURCE_ORG=fedora" >> $GITHUB_ENV echo "SOURCE_IMAGE=fedora-${{ matrix.image_name }}" >> $GITHUB_ENV else - if [[ "${{ matrix.image_name }}" == "lxqt" || "${{ matrix.image_name }}" == "mate" ]]; then - echo "SOURCE_IMAGE=base" >> $GITHUB_ENV + echo "TARGET_CONTAINERFILE=./Containerfile.x86_64" >> $GITHUB_ENV + if [[ "${{ matrix.major_version }}" -ge "41" ]] && \ + grep "${{ matrix.image_name }}" <<< "silverblue, kinoite, sericea"; then + echo "SOURCE_ORG=fedora" >> $GITHUB_ENV + echo "SOURCE_IMAGE=fedora-${{ matrix.image_name }}" >> $GITHUB_ENV else - echo "SOURCE_IMAGE=${{ matrix.image_name }}" >> $GITHUB_ENV + if [[ "${{ matrix.image_name }}" == "lxqt" || "${{ matrix.image_name }}" == "mate" ]]; then + echo "SOURCE_IMAGE=base" >> $GITHUB_ENV + else + echo "SOURCE_IMAGE=${{ matrix.image_name }}" >> $GITHUB_ENV + fi + echo "SOURCE_ORG=fedora-ostree-desktops" >> $GITHUB_ENV fi - echo "SOURCE_ORG=fedora-ostree-desktops" >> $GITHUB_ENV fi # THE FOLLOWING IS MESSY BUT TEMPORARY UNTIL F38 IS GONE # see: https://github.com/ublue-os/main/issues/369 # Fedora 39+ images do not include custom kmods (legacy) - if [[ "${{ matrix.major_version}}" -ge "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then + if [[ "${{ matrix.major_version }}" -ge "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then export IMAGE_FLAVOR=main - elif [[ "${{ matrix.major_version}}" -lt "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then + elif [[ "${{ matrix.major_version }}" -lt "39" && "${{ matrix.build_target }}" == "nokmods" ]]; then export IMAGE_FLAVOR=nokmods - elif [[ "${{ matrix.major_version}}" -lt "39" && "${{ matrix.build_target }}" == "kmods" ]]; then + elif [[ "${{ matrix.major_version }}" -lt "39" && "${{ matrix.build_target }}" == "kmods" ]]; then export IMAGE_FLAVOR=main else echo "ERROR: invalid workflow request - ${{ matrix.major_version }} - ${{ matrix.build_target }}" @@ -193,7 +217,7 @@ jobs: command: | # pull the base image used for FROM in containerfile so # we can retry on that unfortunately common failure case - podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} + docker pull --platform linux/${{ matrix.build_arch }} quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} # Build image using Buildah action - name: Build Image @@ -201,8 +225,9 @@ jobs: uses: redhat-actions/buildah-build@v2 with: containerfiles: | - ./Containerfile + ${{ env.TARGET_CONTAINERFILE }} image: ${{ env.IMAGE_NAME }} + arch: ${{ matrix.build_arch }} tags: | ${{ steps.generate-tags.outputs.alias_tags }} build-args: | diff --git a/.github/workflows/build.yml.save b/.github/workflows/build.yml.save deleted file mode 100644 index bfddbe6b..00000000 --- a/.github/workflows/build.yml.save +++ /dev/null @@ -1,192 +0,0 @@ -name: build-ublue -on: - pull_request: - pull_request_review: - type: [submitted] - merge_group: - schedule: - - cron: '0 7 * * *' # 7 am everyday - workflow_dispatch: -env: - IMAGE_BASE_NAME: main - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} - -jobs: - push-ghcr: - name: Build and push image - if: github.event.review.state == 'approved' || github.event_name != 'pull_request_review' - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - id-token: write - strategy: - fail-fast: false - matrix: - image_name: [silverblue, kinoite, vauxite, sericea, base, lxqt, mate] - major_version: [37, 38] - include: - - major_version: 37 - is_latest_version: false - is_stable_version: true - - major_version: 38 - is_latest_version: true - is_stable_version: true - exclude: - # There is no Fedora 37 version of sericea - # When F38 is added, sericea will automatically be built too - - image_name: sericea - major_version: 37 - steps: - - name: Delete image - uses: bots-house/ghcr-delete-image-action@v1.1.0 - with: - # NOTE: at now only orgs is supported - owner: bots-house - name: some-web-service - # NOTE: using Personal Access Token - token: ${{ secrets.PAT }} - tag: pr-${{github.event.pull_request.number}} - run: - - # Checkout push-to-registry action GitHub repository - - name: Checkout Push to Registry action - uses: actions/checkout@v3 - - - name: Matrix Variables - run: | - if [[ "${{ matrix.image_name }}" == "lxqt" || "${{ matrix.image_name }}" == "mate" ]]; then - echo "SOURCE_IMAGE=base" >> $GITHUB_ENV - else - echo "SOURCE_IMAGE=${{ matrix.image_name }}" >> $GITHUB_ENV - fi - echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.image_name, env.IMAGE_BASE_NAME) }}" >> $GITHUB_ENV - - - name: Generate tags - id: generate-tags - shell: bash - run: | - # Generate a timestamp for creating an image version history - TIMESTAMP="$(date +%Y%m%d)" - MAJOR_VERSION="${{ matrix.major_version }}" - COMMIT_TAGS=() - BUILD_TAGS=() - # Have tags for tracking builds during pull request - SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}-${MAJOR_VERSION}") - COMMIT_TAGS+=("${SHA_SHORT}-${MAJOR_VERSION}") - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then - COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}") - COMMIT_TAGS+=("${SHA_SHORT}") - fi - - BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION}-${TIMESTAMP}") - - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then - BUILD_TAGS+=("latest") - fi - - if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then - echo "Generated the following commit tags: " - for TAG in "${COMMIT_TAGS[@]}"; do - echo "${TAG}" - done - alias_tags=("${COMMIT_TAGS[@]}") - else - alias_tags=("${BUILD_TAGS[@]}") - fi - echo "Generated the following build tags: " - for TAG in "${BUILD_TAGS[@]}"; do - echo "${TAG}" - done - echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - - - name: Get current version - id: labels - run: | - ver=$(skopeo inspect docker://quay.io/fedora-ostree-desktops/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]') - echo "VERSION=$ver" >> $GITHUB_OUTPUT - - # Build metadata - - name: Image Metadata - uses: docker/metadata-action@v4 - id: meta - with: - images: | - ${{ env.IMAGE_NAME }} - labels: | - org.opencontainers.image.title=${{ env.IMAGE_NAME }} - org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }} - org.opencontainers.image.description=A base ${{ env.IMAGE_NAME }} image with batteries included - io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/main/main/README.md - io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 - - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - image: ${{ env.IMAGE_NAME }} - tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - build-args: | - IMAGE_NAME=${{ matrix.image_name }} - SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} - FEDORA_MAJOR_VERSION=${{ matrix.major_version }} - labels: ${{ steps.meta.outputs.labels }} - oci: false - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v5 - with: - string: ${{ env.IMAGE_REGISTRY }} - - # Push the image to GHCR (Image Registry) - - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 - id: push - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --disable-content-trust - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Sign container - - uses: sigstore/cosign-installer@v3.1.1 - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - - - name: Sign container image - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - run: | - cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} - env: - TAGS: ${{ steps.push.outputs.digest }} - COSIGN_EXPERIMENTAL: false - COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} - - - name: Echo outputs - if: github.event.review.state == 'approved' || github.event_name != 'pull_request' - run: | - echo "${{ toJSON(steps.push.outputs) }}" diff --git a/Containerfile.aarch64 b/Containerfile.aarch64 new file mode 100644 index 00000000..77b4e4bc --- /dev/null +++ b/Containerfile.aarch64 @@ -0,0 +1,11 @@ +ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}" +ARG SOURCE_IMAGE="${SOURCE_IMAGE:-fedora-silverblue}" +ARG SOURCE_ORG="${SOURCE_ORG:-fedora}" +ARG BASE_IMAGE="quay.io/${SOURCE_ORG}/${SOURCE_IMAGE}" +ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}" + +FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS nokmods + +run rm -rf /tmp/* /var/* && \ + ostree container commit && \ + mkdir -p /var/tmp && chmod -R 1777 /var/tmp diff --git a/Containerfile b/Containerfile.x86_64 similarity index 100% rename from Containerfile rename to Containerfile.x86_64