Merge branch 'add-ci' into 'main'

Import CI from base-images-experimental

See merge request fedora/bootc/base-images!8

.gitlab-ci.yml

@@ -0,0 +1,143 @@
+---
+default:
+  interruptible: true
+
+variables:
+  LATEST_VERSION: "40"
+  # Default this one
+  RUNNER: saas-linux-medium-amd64
+  ARM_RUNNER: tmp-gcp-bifrost-aarch64
+  # TODO add arm64 once we have a runner
+  ARCHES: "amd64"
+  BUILDAH_IMAGE: quay.io/buildah/stable:v1.34.0
+  BUILDAH_ARGS: "--security-opt=label=disable --cap-add=all"
+
+stages:
+  - build
+
+# Code for merge requests
+
+.build-image-mr:
+  image: $BUILDAH_IMAGE
+  parallel:
+    matrix:
+      - VARIANT:
+          - full
+        VERSION:
+          - "40"
+  script:
+    - buildah bud ${BUILDAH_ARGS} --no-cache -t localhost/test ${EXTRA_ARGS} ${CONTEXT}
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_SOURCE_PROJECT_PATH != $CI_PROJECT_PATH && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH'
+  stage: build
+
+ci-build-image-arm64:
+  variables:
+    ARCH: arm64
+  extends: .build-image-mr
+  tags:
+    - $ARM_RUNNER
+  # See above re runner
+  rules:
+    - when: never
+
+ci-build-image-amd64:
+  variables:
+    ARCH: amd64
+  extends: .build-image-mr
+  tags:
+    - $RUNNER
+
+# Code executed to build and push to registry
+
+.build-push-image-arch:
+  image: $BUILDAH_IMAGE
+  variables:
+    IMAGE: $CI_REGISTRY_IMAGE/fedora-bootc-$VARIANT:$VERSION-$ARCH
+    EXTRA_ARGS: --from=quay.io/fedora/fedora:$VERSION --build-arg=VARIANT=$VARIANT --format oci --arch $ARCH --security-opt=label=disable --cap-add=all
+  before_script:
+    - buildah login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  script:
+    - buildah bud ${BUILDAH_ARGS} --no-cache -t ${IMAGE} ${EXTRA_ARGS} ${CONTEXT}
+    - buildah push $IMAGE
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    - when: never
+  stage: build
+
+build-push-amd64:
+  variables:
+    ARCH: amd64
+  parallel:
+    matrix:
+      - VARIANT:
+          - minimal
+          - full
+        VERSION:
+          - "40"
+          - rawhide
+  extends: .build-push-image-arch
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    - when: never
+  stage: build
+
+build-push-arm64:
+  tags:
+    - tmp-gcp-bifrost-aarch64
+  parallel:
+    matrix:
+      - VARIANT:
+          - minimal
+          - full
+        VERSION:
+          - "40"
+          - rawhide
+  variables:
+    ARCH: arm64
+  extends: .build-push-image-arch
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    - when: never
+  stage: build
+
+# And stitch things together into a manifest list
+
+manifests_list:
+  parallel:
+    matrix:
+      - VARIANT:
+          - minimal
+          - full
+        VERSION:
+          - "40"
+          - rawhide
+  needs:
+    - build-push-amd64
+    - build-push-arm64
+  image: $BUILDAH_IMAGE
+  variables:
+    IMAGE_BASE: $CI_REGISTRY_IMAGE/fedora-bootc-$VARIANT
+    IMAGE: $IMAGE_BASE:$VERSION
+  before_script:
+    - buildah login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - for arch in ${ARCHES}; do buildah pull $IMAGE-${arch}; done
+  script:
+    - |
+      set -xeuo pipefail
+      buildah manifest create $IMAGE $IMAGE-amd64 $IMAGE-arm64
+      for arch in ${ARCHES}; do 
+        buildah manifest annotate $IMAGE $IMAGE-${arch} --os linux --arch ${arch}
+        buildah manifest annotate $IMAGE $IMAGE-${arch} --os linux --arch ${arch}
+      done
+      buildah manifest push --all $IMAGE docker://$IMAGE
+      if test $VERSION == $LATEST_VERSION; then
+        buildah manifest push --all $IMAGE docker://$IMAGE_BASE:latest
+      fi
+      if test $VARIANT == full; then
+        buildah push $IMAGE $CI_REGISTRY_IMAGE/fedora-bootc:$VERSION
+      fi
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+    - when: never
+  stage: build