From 42343fa129b79dd2f9e4be8285419633224e0135 Mon Sep 17 00:00:00 2001 From: RJ Trujillo Date: Wed, 16 Aug 2023 15:18:03 -0600 Subject: [PATCH] chore(ci): Bump isogenerator to v2.1.0 (#303) --- .github/workflows/build.yml.save | 192 +++++++++++++++++++++++++++ .github/workflows/release-please.yml | 6 +- 2 files changed, 195 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/build.yml.save diff --git a/.github/workflows/build.yml.save b/.github/workflows/build.yml.save new file mode 100644 index 00000000..bfddbe6b --- /dev/null +++ b/.github/workflows/build.yml.save @@ -0,0 +1,192 @@ +name: build-ublue +on: + pull_request: + pull_request_review: + type: [submitted] + merge_group: + schedule: + - cron: '0 7 * * *' # 7 am everyday + workflow_dispatch: +env: + IMAGE_BASE_NAME: main + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + +jobs: + push-ghcr: + name: Build and push image + if: github.event.review.state == 'approved' || github.event_name != 'pull_request_review' + runs-on: ubuntu-22.04 + permissions: + contents: read + packages: write + id-token: write + strategy: + fail-fast: false + matrix: + image_name: [silverblue, kinoite, vauxite, sericea, base, lxqt, mate] + major_version: [37, 38] + include: + - major_version: 37 + is_latest_version: false + is_stable_version: true + - major_version: 38 + is_latest_version: true + is_stable_version: true + exclude: + # There is no Fedora 37 version of sericea + # When F38 is added, sericea will automatically be built too + - image_name: sericea + major_version: 37 + steps: + - name: Delete image + uses: bots-house/ghcr-delete-image-action@v1.1.0 + with: + # NOTE: at now only orgs is supported + owner: bots-house + name: some-web-service + # NOTE: using Personal Access Token + token: ${{ secrets.PAT }} + tag: pr-${{github.event.pull_request.number}} + run: + + # Checkout push-to-registry action GitHub repository + - name: Checkout Push to Registry action + uses: actions/checkout@v3 + + - name: Matrix Variables + run: | + if [[ "${{ matrix.image_name }}" == "lxqt" || "${{ matrix.image_name }}" == "mate" ]]; then + echo "SOURCE_IMAGE=base" >> $GITHUB_ENV + else + echo "SOURCE_IMAGE=${{ matrix.image_name }}" >> $GITHUB_ENV + fi + echo "IMAGE_NAME=${{ format('{0}-{1}', matrix.image_name, env.IMAGE_BASE_NAME) }}" >> $GITHUB_ENV + + - name: Generate tags + id: generate-tags + shell: bash + run: | + # Generate a timestamp for creating an image version history + TIMESTAMP="$(date +%Y%m%d)" + MAJOR_VERSION="${{ matrix.major_version }}" + COMMIT_TAGS=() + BUILD_TAGS=() + # Have tags for tracking builds during pull request + SHA_SHORT="${GITHUB_SHA::7}" + COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}-${MAJOR_VERSION}") + COMMIT_TAGS+=("${SHA_SHORT}-${MAJOR_VERSION}") + if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ + [[ "${{ matrix.is_stable_version }}" == "true" ]]; then + COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}") + COMMIT_TAGS+=("${SHA_SHORT}") + fi + + BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION}-${TIMESTAMP}") + + if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ + [[ "${{ matrix.is_stable_version }}" == "true" ]]; then + BUILD_TAGS+=("latest") + fi + + if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then + echo "Generated the following commit tags: " + for TAG in "${COMMIT_TAGS[@]}"; do + echo "${TAG}" + done + alias_tags=("${COMMIT_TAGS[@]}") + else + alias_tags=("${BUILD_TAGS[@]}") + fi + echo "Generated the following build tags: " + for TAG in "${BUILD_TAGS[@]}"; do + echo "${TAG}" + done + echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT + + - name: Get current version + id: labels + run: | + ver=$(skopeo inspect docker://quay.io/fedora-ostree-desktops/${{ env.SOURCE_IMAGE }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]') + echo "VERSION=$ver" >> $GITHUB_OUTPUT + + # Build metadata + - name: Image Metadata + uses: docker/metadata-action@v4 + id: meta + with: + images: | + ${{ env.IMAGE_NAME }} + labels: | + org.opencontainers.image.title=${{ env.IMAGE_NAME }} + org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }} + org.opencontainers.image.description=A base ${{ env.IMAGE_NAME }} image with batteries included + io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/main/main/README.md + io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4 + + # Build image using Buildah action + - name: Build Image + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: | + ./Containerfile + image: ${{ env.IMAGE_NAME }} + tags: | + ${{ steps.generate-tags.outputs.alias_tags }} + build-args: | + IMAGE_NAME=${{ matrix.image_name }} + SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} + FEDORA_MAJOR_VERSION=${{ matrix.major_version }} + labels: ${{ steps.meta.outputs.labels }} + oci: false + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v5 + with: + string: ${{ env.IMAGE_REGISTRY }} + + # Push the image to GHCR (Image Registry) + - name: Push To GHCR + uses: redhat-actions/push-to-registry@v2 + id: push + if: github.event.review.state == 'approved' || github.event_name != 'pull_request' + env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + extra-args: | + --disable-content-trust + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + if: github.event.review.state == 'approved' || github.event_name != 'pull_request' + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Sign container + - uses: sigstore/cosign-installer@v3.1.1 + if: github.event.review.state == 'approved' || github.event_name != 'pull_request' + + - name: Sign container image + if: github.event.review.state == 'approved' || github.event_name != 'pull_request' + run: | + cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} + env: + TAGS: ${{ steps.push.outputs.digest }} + COSIGN_EXPERIMENTAL: false + COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} + + - name: Echo outputs + if: github.event.review.state == 'approved' || github.event_name != 'pull_request' + run: | + echo "${{ toJSON(steps.push.outputs) }}" diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 2615efe9..635f76cf 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -25,15 +25,15 @@ jobs: runs-on: ubuntu-latest needs: release-please if: needs.release-please.outputs.releases_created - container: + container: image: fedora:38 options: --privileged permissions: contents: write steps: - uses: actions/checkout@v3 - - name: Generate ISO - uses: ublue-os/isogenerator@v2.0.2 + - name: Generate ISO + uses: ublue-os/isogenerator@v2.1.0 id: isogenerator with: image-name: universalblue