j7s-os/osbuild-manifests/include/image-ostree.ipp.yml

version: '2'
mpp-vars:
  image_rpms:
    mpp-join:
    - mpp-eval: locals().get('extra_image_rpms', [])
    - mpp-eval: boot_rpms
    - mpp-eval: locals().get('extra_boot_rpms', [])
    - - nss-altfiles
      - greenboot
      - greenboot-grub2
      - greenboot-reboot
      - greenboot-status
      - greenboot-rpm-ostree-grub2
      - polkit # Needed by rpm-ostree upgrade (until fix for https://github.com/coreos/rpm-ostree/issues/3554 is in)
pipelines:
- name: ostree-tree
  build: name:build
  stages:
    mpp-join:
    - - type: org.osbuild.copy
        inputs:
          tree:
            type: org.osbuild.tree
            origin: org.osbuild.pipeline
            references:
            - name:rootfs
          extra-tree:
            type: org.osbuild.tree
            origin: org.osbuild.pipeline
            references:
            - name:extra-tree-content
        options:
          paths:
            mpp-join:
              - - from: input://tree/
                  to: tree:///
              - mpp-eval: extra_tree_content
      - type: org.osbuild.systemd
        options:
          enabled_services:
          - greenboot-grub2-set-counter.service
          - greenboot-grub2-set-success.service
          - greenboot-healthcheck.service
          - greenboot-rpm-ostree-grub2-check-fallback.service
          - greenboot-status.service
          - greenboot-task-runner.service
    - mpp-eval: target_stages
    - - type: org.osbuild.selinux
        options:
          file_contexts: etc/selinux/targeted/contexts/files/file_contexts
      - type: org.osbuild.ostree.preptree
        options:
          etc_group_members:
          - wheel
          - docker
          initramfs-args:
            - mpp-if: dracut_add_modules
              then: "--add"
            - mpp-if: dracut_add_modules
              then:
                mpp-eval: "' '.join(dracut_add_modules)"
            - mpp-if: dracut_omit_modules
              then: "--omit"
            - mpp-if: dracut_omit_modules
              then:
                mpp-eval: "' '.join(dracut_omit_modules)"
            - mpp-if: dracut_filesystems
              then: "--filesystems"
            - mpp-if: dracut_filesystems
              then:
                mpp-eval: "' '.join(dracut_filesystems)"
            - mpp-if: dracut_add_drivers
              then: "--add-drivers"
            - mpp-if: dracut_add_drivers
              then:
                mpp-eval: "' '.join(dracut_add_drivers)"
            - mpp-if: dracut_install
              then: "--install"
            - mpp-if: dracut_install
              then:
                mpp-eval: "' '.join(dracut_install)"
- name: ostree-commit
  build: name:build
  stages:
  - type: org.osbuild.ostree.init
    options:
      path: /repo
  - type: org.osbuild.ostree.commit
    inputs:
      tree:
        type: org.osbuild.tree
        origin: org.osbuild.pipeline
        references:
        - name:ostree-tree
    options:
      ref:
        mpp-eval: ostree_ref
      os_version:
        mpp-eval: ostree_os_version
      parent:
        mpp-if: ostree_ref in locals().get("ostree_parent_refs", {})
        then:
          mpp-eval: ostree_parent_refs[ostree_ref]
- name: image-tree
  build: name:build
  stages:
  - type: org.osbuild.ostree.init-fs
  - type: org.osbuild.ostree.pull
    options:
      repo: /ostree/repo
      remote:
        mpp-eval: ostree_remote_name
    inputs:
      commits:
        type: org.osbuild.ostree
        origin: org.osbuild.pipeline
        references:
          name:ostree-commit:
            ref:
              mpp-eval: ostree_ref
  - type: org.osbuild.ostree.os-init
    options:
      osname:
        mpp-eval: osname
  - type: org.osbuild.ostree.config
    options:
      repo: /ostree/repo
      config:
        sysroot:
          readonly: true
          bootloader: none
  - type: org.osbuild.ostree.remotes
    options:
      repo: /ostree/repo
      remotes:
        - name:
            mpp-eval: ostree_remote_name
          url:
            mpp-eval: ostree_repo_url
  - type: org.osbuild.mkdir
    options:
      paths:
      - path: /boot/efi
        mode: 448
  - type: org.osbuild.ostree.deploy
    options:
      osname:
        mpp-eval: osname
      ref:
        mpp-eval: ostree_ref
      remote:
        mpp-eval: ostree_remote_name
      mounts:
      - /boot
      - /boot/efi
      rootfs:
        label: root
      kernel_opts:
        mpp-eval: kernel_opts
  - type: org.osbuild.ostree.fillvar
    options:
      deployment:
        osname:
          mpp-eval: osname
        ref:
          mpp-eval: ostree_ref
  - type: org.osbuild.users
    mounts:
      - type: org.osbuild.ostree.deployment
        name: ostree.deployment
        options:
          deployment:
            osname:
              mpp-eval: osname
            ref:
              mpp-eval: ostree_ref
    options:
      users:
        root:
          password:
            mpp-eval: root_password
          key:
            mpp-eval: root_ssh_key
  - type: org.osbuild.fstab
    options:
      ostree:
        deployment:
          osname:
            mpp-eval: osname
          ref:
            mpp-eval: ostree_ref
      filesystems:
        mpp-eval: fstab
  - type: org.osbuild.ostree.selinux
    options:
      deployment:
        osname:
          mpp-eval: osname
        ref:
          mpp-eval: ostree_ref
  - type: org.osbuild.grub2
    options:
      rootfs:
        label: root
      bootfs:
        label: boot
      uefi:
        vendor:
          mpp-eval: uefi_vendor
        unified: true
        install: true
      legacy: false
      write_defaults: false
      greenboot: true