builder: New container image

This will be the container image buildroot. TODO: Build this using RHTAP too
2023-11-04 09:52:56 -04:00 · 2023-11-04 09:52:56 -04:00 · 9c7a8face4
parent de17d5f8d4
commit 9c7a8face4
4 changed files with 71 additions and 0 deletions
--- a/.github/workflows/builder.yml
+++ b/.github/workflows/builder.yml
@ -0,0 +1,35 @@
+name: builder
+
+on:
+  push:
+    paths:
+      - builder/**
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/builder
+
+jobs:
+  build-image:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Install qemu dependency
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-user-static
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Login
+        run: buildah login --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} ${{ env.REGISTRY }}
+      - name: Build
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: latest
+          containerfiles: ./builder/Containerfile
+          archs: s390x, arm64, amd64, ppc64le
+          oci: true
+          context: builder
+      - name: Push
+        run: buildah push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
--- a/builder/Containerfile
+++ b/builder/Containerfile
@ -0,0 +1,5 @@
+# This image contains the baseline tools to build bootable base images.
+FROM quay.io/centos/centos:stream9
+COPY coreos-continuous.repo /etc/yum.repos.d
+COPY . /src
+RUN /src/build.sh && cd / && rm /src -rf
--- a/builder/build.sh
+++ b/builder/build.sh
@ -0,0 +1,21 @@
+#!/bin/bash
+set -xeuo pipefail
+
+pkginstall() {
+    dnf -y install "$@"
+}
+
+pkginstall dnf-utils
+dnf config-manager --set-enabled crb
+# Sadly there's no EPEL for s390x so we just hardcode this for now, it's noarch.
+dnf -y install https://kojipkgs.fedoraproject.org//packages/distribution-gpg-keys/1.98/1.el9/noarch/distribution-gpg-keys-1.98-1.el9.noarch.rpm
+
+# rpm-ostree for builds, and need skopeo to do the container backend
+pkginstall rpm-ostree skopeo
+# For derived container builds
+pkginstall buildah
+# And a rust toolchain
+pkginstall cargo openssl-devel
+
+# Build tools
+pkginstall selinux-policy-targeted osbuild crypto-policies-scripts sudo
--- a/builder/coreos-continuous.repo
+++ b/builder/coreos-continuous.repo
@ -0,0 +1,10 @@
+[copr:copr.fedorainfracloud.org:group_CoreOS:continuous]
+name=Copr repo for continuous owned by @CoreOS
+baseurl=https://download.copr.fedorainfracloud.org/results/@CoreOS/continuous/centos-stream-9-$basearch/
+type=rpm-md
+skip_if_unavailable=True
+gpgcheck=1
+gpgkey=https://download.copr.fedorainfracloud.org/results/@CoreOS/continuous/pubkey.gpg
+repo_gpgcheck=0
+enabled=1
+enabled_metadata=1