feat: add justfile in CI!! (wip)

.github/workflows/build.yml

@@ -14,8 +14,7 @@ on:
   workflow_dispatch:
 
 env:
-  MY_IMAGE_NAME: "${{ github.event.repository.name }}"
-  MY_IMAGE_DESC: "CentOS Stream-based images"
+  IMAGE_DESC: "CentOS Stream-based images"
   IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}"
 
 concurrency:
@@ -37,76 +36,67 @@ jobs:
       - name: Checkout Push to Registry action
         uses: actions/checkout@v4
 
+      - name: Install Just
+        shell: bash
+        run: |
+          set -eoux pipefail
+          JUST_VERSION=$(curl -L https://api.github.com/repos/casey/just/releases/latest | jq -r '.tag_name')
+          curl -sSLO https://github.com/casey/just/releases/download/${JUST_VERSION}/just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz
+          tar -zxvf just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz -C /tmp just
+          sudo mv /tmp/just /usr/local/bin/just
+          rm -f just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz
+
+      - name: Check Just Syntax
+        shell: bash
+        run: |
+          just check
+
+      - name: Image Name
+        shell: bash
+        run: |
+          IMAGE_NAME="$(just image_name)"
+          echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV
+
+      - name: Default Tag
+        shell: bash
+        run: |
+          DEFAULT_TAG="$(just generate-default-tag)"
+          echo "Default Tag: ${DEFAULT_TAG}"
+          echo "DEFAULT_TAG=${DEFAULT_TAG}" >> $GITHUB_ENV
+
       - name: Maximize build space
         uses: ublue-os/remove-unwanted-software@v7
+        with:
+          remove-codeql: true
+
+      - name: Build Image
+        id: build-image
+        shell: bash
+        run: |
+          just build
 
       - name: Generate tags
         id: generate-tags
         shell: bash
         run: |
-          # Generate a timestamp for creating an image version history
-          TIMESTAMP="$(date +%Y%m%d)"
-          COMMIT_TAGS=()
-          BUILD_TAGS=()
-
-          # Have tags for tracking builds during pull request
-          SHA_SHORT="${GITHUB_SHA::7}"
-          COMMIT_TAGS+=("pr-${{ github.event.number }}")
-          COMMIT_TAGS+=("${SHA_SHORT}")
-
-          # Append matching timestamp tags to keep a version history
-          for TAG in "${BUILD_TAGS[@]}"; do
-              BUILD_TAGS+=("${TAG}-${TIMESTAMP}")
-          done
-
-          BUILD_TAGS+=("${TIMESTAMP}")
-          BUILD_TAGS+=("latest")
-
-          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
-              echo "Generated the following commit tags: "
-              for TAG in "${COMMIT_TAGS[@]}"; do
-                  echo "${TAG}"
-              done
-
-              alias_tags=("${COMMIT_TAGS[@]}")
-          else
-              alias_tags=("${BUILD_TAGS[@]}")
-          fi
-
-          echo "Generated the following build tags: "
-          for TAG in "${BUILD_TAGS[@]}"; do
-              echo "${TAG}"
-          done
-
-          echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
-
-      # Build metadata
-      - name: Image Metadata
-        uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: |
-            ${{ env.MY_IMAGE_NAME }}
-
-          labels: |
-            io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
-            org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }}
-            org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }}
-
-      # Build image using Buildah action
-      - name: Build Image
-        id: build_image
-        uses: redhat-actions/buildah-build@v2
-        with:
-          containerfiles: |
-            ./Containerfile
-          # Postfix image name with -custom to make it a little more descriptive
-          # Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format
-          image: ${{ env.MY_IMAGE_NAME }}
-          tags: |
-            ${{ steps.generate-tags.outputs.alias_tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          oci: false
+          alias_tags="$(just generate-build-tags \
+                     "1" \
+                     "$(podman inspect ${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} | jq -r '.[].Config.Labels["org.opencontainers.image.version"]')" \
+                     "${{ github.event_name }}" \
+                     "${{ github.event.number }}")"
+
+          echo "Tags for this Action..."
+          echo "$alias_tags"
+          echo "alias_tags=${alias_tags}" >> $GITHUB_OUTPUT
+
+      # Tag Images
+      - name: Tag Images
+        shell: bash
+        run: |
+          set -eoux pipefail
+          just tag-images "${{ env.IMAGE_NAME }}" \
+                          "${{ env.DEFAULT_TAG }}" \
+                          "${{ steps.generate-tags.outputs.alias_tags }}"
 
       # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
       # https://github.com/macbre/push-to-ghcr/issues/12
@@ -123,28 +113,26 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Push Image to GHCR
-        uses: redhat-actions/push-to-registry@v2
+      - name: Push to GHCR
         id: push
-        env:
-          REGISTRY_USER: ${{ github.actor }}
-          REGISTRY_PASSWORD: ${{ github.token }}
+        if: github.event_name != 'pull_request'
+        uses: Wandalen/wretry.action@ffdd254f4eaf1562b8a2c66aeaa37f1ff2231179 # v3.7.3
         with:
-          image: ${{ steps.build_image.outputs.image }}
-          tags: ${{ steps.build_image.outputs.tags }}
-          registry: ${{ steps.registry_case.outputs.lowercase }}
-          username: ${{ env.REGISTRY_USER }}
-          password: ${{ env.REGISTRY_PASSWORD }}
-          extra-args: |
-            --compression-format=zstd
-
-      # This section is optional and only needs to be enabled if you plan on distributing
-      # your project for others to consume. You will need to create a public and private key
-      # using Cosign and save the private key as a repository secret in Github for this workflow
-      # to consume. For more details, review the image signing section of the README.
-
-      # Sign container
-      - uses: sigstore/[email protected]
+          attempt_limit: 3
+          attempt_delay: 15000
+          command: |
+            set -euox pipefail
+
+            for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do
+              podman push ${{ env.IMAGE_NAME }}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${tag}
+            done
+
+            digest=$(skopeo inspect docker://${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} --format '{{.Digest}}')
+
+            echo "digest=${digest}" >> $GITHUB_OUTPUT
+
+      - name: Install Cosign
+        uses: sigstore/[email protected]
         if: github.event_name != 'pull_request'
 
       - name: Sign container image

Containerfile

@@ -6,7 +6,7 @@ FROM quay.io/centos-bootc/centos-bootc:$MAJOR_VERSION
 RUN mkdir -p /var/roothome
 
 # Total hack to see if we can fix the /var/run symlink
-RUN ln -sf ../run /var/run
+RUN ln -sf /run /var/run
 
 #Install codecs, Workstation, EPEL, CRB, etc.
 COPY build.sh /tmp/build.sh

Justfile

@@ -1,5 +1,6 @@
 export repo_organization := "centos-workstation"
 export image_name := "main"
+export centos_version := "stream10"
 
 [private]
 default:
@@ -66,11 +67,7 @@ build $centos_version="stream10" $tag="latest":
     #!/usr/bin/env bash
 
     # Get Version
-    if [[ "${tag}" =~ stable ]]; then
-        ver="${centos_version}.$(date +%Y%m%d)"
-    else
-        ver="${tag}-${centos_version}.$(date +%Y%m%d)"
-    fi
+    ver="${tag}-${centos_version}.$(date +%Y%m%d)"
 
     BUILD_ARGS=()
     BUILD_ARGS+=("--build-arg" "MAJOR_VERSION=${centos_version}")
@@ -146,3 +143,82 @@ run-vm:
     --graphics vnc
 
     virsh start centos-workstation-main
+
+[private]
+centos_version:
+    echo "{{ centos_version }}"
+
+[private]
+image_name:
+    echo "{{ image_name }}"
+
+# Generate Default Tag
+[group('Utility')]
+generate-default-tag tag="latest":
+    #!/usr/bin/bash
+    set -eou pipefail
+
+    echo "{{ tag }}"
+
+# Generate Tags
+[group('Utility')]
+generate-build-tags tag="latest" ghcr="0" $version="" github_event="" github_number="":
+    #!/usr/bin/bash
+    set -eou pipefail
+
+    TODAY="$(date +%A)"
+    if [[ {{ ghcr }} == "0" ]]; then
+        rm -f /tmp/manifest.json
+    fi
+    CENTOS_VERSION="{{ centos_version }}"
+    DEFAULT_TAG=$(just generate-default-tag {{ tag }})
+    IMAGE_NAME={{ image_name }}
+    # Use Build Version from Rechunk
+    if [[ -z "${version:-}" ]]; then
+        version="{{ tag }}-${CENTOS_VERSION}.$(date +%Y%m%d)"
+    fi
+    version=${version#{{ tag }}-}
+
+    # Arrays for Tags
+    BUILD_TAGS=()
+    COMMIT_TAGS=()
+
+    # Commit Tags
+    github_number="{{ github_number }}"
+    SHA_SHORT="$(git rev-parse --short HEAD)"
+    if [[ "{{ ghcr }}" == "1" ]]; then
+        COMMIT_TAGS+=(pr-${github_number:-}-{{ tag }}-${version})
+        COMMIT_TAGS+=(${SHA_SHORT}-{{ tag }}-${version})
+    fi
+
+    # Convenience Tags
+    BUILD_TAGS+=("{{ tag }}")
+
+    # Weekly Stable / Rebuild Stable on workflow_dispatch
+    github_event="{{ github_event }}"
+    BUILD_TAGS+=("${CENTOS_VERSION}" "${version}")
+
+    if [[ "${github_event}" == "pull_request" ]]; then
+        alias_tags=("${COMMIT_TAGS[@]}")
+    else
+        alias_tags=("${BUILD_TAGS[@]}")
+    fi
+
+    echo "${alias_tags[*]}"
+
+[group('Utility')]
+tag-images image_name="" default_tag="" tags="":
+    #!/usr/bin/bash
+    set -eou pipefail
+
+    # Get Image, and untag
+    IMAGE=$(podman inspect localhost/{{ image_name }}:{{ default_tag }} | jq -r .[].Id)
+    podman untag localhost/{{ image_name }}:{{ default_tag }}
+
+    # Tag Image
+    for tag in {{ tags }}; do
+        podman tag $IMAGE {{ image_name }}:${tag}
+    done
+
+    # Show Images
+    podman images