From de17d5f8d4bb4a03ccbff45be4e505ee658251a0 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 4 Nov 2023 09:52:31 -0400 Subject: [PATCH 1/3] gitlab-ci: Drop No longer used. --- .gitlab-ci.yml | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) delete mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 38bb110..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,46 +0,0 @@ - -image: registry.gitlab.com/centos/cloud/sagano-builder/centos:stream9 - -stages: - - build - -.base: - tags: - - platform-engineering - parallel: - matrix: - - TIER: - - tier-0 - - tier-1 - OS: centos - VERSION: [stream9] - VARIANT: ["", "-rt"] - - TIER: - - tier-0 - - tier-1 - OS: fedora - VERSION: ["eln"] - VARIANT: ["", "-dev"] -.default-target: fedora-tier-1-eln - -test-build: - extends: .base - only: - - merge_requests - stage: build - script: - - set -euo pipefail; rpm-ostree compose image --format=ociarchive --initialize ${OS}-${TIER}${VARIANT}-${VERSION}.yaml dest.oci-archive - -build-push: - extends: .base - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - variables: - COMPOSE_INITIALIZE: "1" - FORCE: "" - stage: build - before_script: - # Log into the registry - - echo "$CI_REGISTRY_PASSWORD" | skopeo login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY - script: - - set -euo pipefail; rpm-ostree compose image ${COMPOSE_INITIALIZE:+--initialize} ${FORCE:+--force-nocache} --format=registry ${OS}-${TIER}${VARIANT}-${VERSION}.yaml ${CI_REGISTRY_IMAGE}/${OS}-boot-${TIER}${VARIANT}:${VERSION} From 9c7a8face45d7545b5c6451d4f7cbb52e35d0b57 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 4 Nov 2023 09:52:56 -0400 Subject: [PATCH 2/3] builder: New container image This will be the container image buildroot. TODO: Build this using RHTAP too --- .github/workflows/builder.yml | 35 ++++++++++++++++++++++++++++++++++ builder/Containerfile | 5 +++++ builder/build.sh | 21 ++++++++++++++++++++ builder/coreos-continuous.repo | 10 ++++++++++ 4 files changed, 71 insertions(+) create mode 100644 .github/workflows/builder.yml create mode 100644 builder/Containerfile create mode 100755 builder/build.sh create mode 100644 builder/coreos-continuous.repo diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml new file mode 100644 index 0000000..2090dee --- /dev/null +++ b/.github/workflows/builder.yml @@ -0,0 +1,35 @@ +name: builder + +on: + push: + paths: + - builder/** + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository_owner }}/builder + +jobs: + build-image: + runs-on: ubuntu-latest + + steps: + - name: Install qemu dependency + run: | + sudo apt-get update + sudo apt-get install -y qemu-user-static + - name: Checkout repository + uses: actions/checkout@v3 + - name: Login + run: buildah login --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} ${{ env.REGISTRY }} + - name: Build + uses: redhat-actions/buildah-build@v2 + with: + image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: latest + containerfiles: ./builder/Containerfile + archs: s390x, arm64, amd64, ppc64le + oci: true + context: builder + - name: Push + run: buildah push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} diff --git a/builder/Containerfile b/builder/Containerfile new file mode 100644 index 0000000..81b6b62 --- /dev/null +++ b/builder/Containerfile @@ -0,0 +1,5 @@ +# This image contains the baseline tools to build bootable base images. +FROM quay.io/centos/centos:stream9 +COPY coreos-continuous.repo /etc/yum.repos.d +COPY . /src +RUN /src/build.sh && cd / && rm /src -rf diff --git a/builder/build.sh b/builder/build.sh new file mode 100755 index 0000000..c3b19a2 --- /dev/null +++ b/builder/build.sh @@ -0,0 +1,21 @@ +#!/bin/bash +set -xeuo pipefail + +pkginstall() { + dnf -y install "$@" +} + +pkginstall dnf-utils +dnf config-manager --set-enabled crb +# Sadly there's no EPEL for s390x so we just hardcode this for now, it's noarch. +dnf -y install https://kojipkgs.fedoraproject.org//packages/distribution-gpg-keys/1.98/1.el9/noarch/distribution-gpg-keys-1.98-1.el9.noarch.rpm + +# rpm-ostree for builds, and need skopeo to do the container backend +pkginstall rpm-ostree skopeo +# For derived container builds +pkginstall buildah +# And a rust toolchain +pkginstall cargo openssl-devel + +# Build tools +pkginstall selinux-policy-targeted osbuild crypto-policies-scripts sudo diff --git a/builder/coreos-continuous.repo b/builder/coreos-continuous.repo new file mode 100644 index 0000000..5bc7047 --- /dev/null +++ b/builder/coreos-continuous.repo @@ -0,0 +1,10 @@ +[copr:copr.fedorainfracloud.org:group_CoreOS:continuous] +name=Copr repo for continuous owned by @CoreOS +baseurl=https://download.copr.fedorainfracloud.org/results/@CoreOS/continuous/centos-stream-9-$basearch/ +type=rpm-md +skip_if_unavailable=True +gpgcheck=1 +gpgkey=https://download.copr.fedorainfracloud.org/results/@CoreOS/continuous/pubkey.gpg +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 From b04342d738b35844d0f165b19f2762a45f5c102a Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 4 Nov 2023 12:57:41 -0400 Subject: [PATCH 3/3] README.md: Minor fixes --- README.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4fed348..dcd5e59 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,3 @@ -# Sagano - # Goals This project's toplevel goal is to create base *bootable* container images @@ -7,7 +5,9 @@ from Fedora ELN and CentOS Stream packages. ## Status -This project was migrated from https://gitlab.com/centos/cloud/sagano +This is an in-development project not intended for production use yet. + +This project was migrated from [a gitlab repo](https://gitlab.com/centos/cloud/sagano) and currently container images point to that repository. Reworking the build system is in progress! @@ -15,10 +15,6 @@ the build system is in progress! See [install.md](./install.md). -## Status - -This is an in-development project not intended for production use yet. - ## Differences from Fedora CoreOS Fedora CoreOS today is not small; there are multiple reasons for this, but