From 351356d257c1c002f8f911c5f9f2ad1c0e06760f Mon Sep 17 00:00:00 2001 From: Tulip Blossom Date: Wed, 18 Dec 2024 16:26:40 -0300 Subject: [PATCH] feat: add justfile in CI!! (wip) --- .github/workflows/build.yml | 158 +++++++++++++++++------------------- Containerfile | 2 +- Justfile | 86 ++++++++++++++++++-- 3 files changed, 155 insertions(+), 91 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1cc24e4..2e7903a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,8 +14,7 @@ on: workflow_dispatch: env: - MY_IMAGE_NAME: "${{ github.event.repository.name }}" - MY_IMAGE_DESC: "CentOS Stream-based images" + IMAGE_DESC: "CentOS Stream-based images" IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}" concurrency: @@ -37,76 +36,67 @@ jobs: - name: Checkout Push to Registry action uses: actions/checkout@v4 + - name: Install Just + shell: bash + run: | + set -eoux pipefail + JUST_VERSION=$(curl -L https://api.github.com/repos/casey/just/releases/latest | jq -r '.tag_name') + curl -sSLO https://github.com/casey/just/releases/download/${JUST_VERSION}/just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz + tar -zxvf just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz -C /tmp just + sudo mv /tmp/just /usr/local/bin/just + rm -f just-${JUST_VERSION}-x86_64-unknown-linux-musl.tar.gz + + - name: Check Just Syntax + shell: bash + run: | + just check + + - name: Image Name + shell: bash + run: | + IMAGE_NAME="$(just image_name)" + echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV + + - name: Default Tag + shell: bash + run: | + DEFAULT_TAG="$(just generate-default-tag)" + echo "Default Tag: ${DEFAULT_TAG}" + echo "DEFAULT_TAG=${DEFAULT_TAG}" >> $GITHUB_ENV + - name: Maximize build space uses: ublue-os/remove-unwanted-software@v7 + with: + remove-codeql: true + + - name: Build Image + id: build-image + shell: bash + run: | + just build - name: Generate tags id: generate-tags shell: bash run: | - # Generate a timestamp for creating an image version history - TIMESTAMP="$(date +%Y%m%d)" - COMMIT_TAGS=() - BUILD_TAGS=() - - # Have tags for tracking builds during pull request - SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.number }}") - COMMIT_TAGS+=("${SHA_SHORT}") - - # Append matching timestamp tags to keep a version history - for TAG in "${BUILD_TAGS[@]}"; do - BUILD_TAGS+=("${TAG}-${TIMESTAMP}") - done - - BUILD_TAGS+=("${TIMESTAMP}") - BUILD_TAGS+=("latest") - - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - echo "Generated the following commit tags: " - for TAG in "${COMMIT_TAGS[@]}"; do - echo "${TAG}" - done - - alias_tags=("${COMMIT_TAGS[@]}") - else - alias_tags=("${BUILD_TAGS[@]}") - fi - - echo "Generated the following build tags: " - for TAG in "${BUILD_TAGS[@]}"; do - echo "${TAG}" - done - - echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - - # Build metadata - - name: Image Metadata - uses: docker/metadata-action@v5 - id: meta - with: - images: | - ${{ env.MY_IMAGE_NAME }} - - labels: | - io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md - org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }} - org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }} - - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - # Postfix image name with -custom to make it a little more descriptive - # Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format - image: ${{ env.MY_IMAGE_NAME }} - tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - labels: ${{ steps.meta.outputs.labels }} - oci: false + alias_tags="$(just generate-build-tags \ + "1" \ + "$(podman inspect ${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} | jq -r '.[].Config.Labels["org.opencontainers.image.version"]')" \ + "${{ github.event_name }}" \ + "${{ github.event.number }}")" + + echo "Tags for this Action..." + echo "$alias_tags" + echo "alias_tags=${alias_tags}" >> $GITHUB_OUTPUT + + # Tag Images + - name: Tag Images + shell: bash + run: | + set -eoux pipefail + just tag-images "${{ env.IMAGE_NAME }}" \ + "${{ env.DEFAULT_TAG }}" \ + "${{ steps.generate-tags.outputs.alias_tags }}" # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. # https://github.com/macbre/push-to-ghcr/issues/12 @@ -123,28 +113,26 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Push Image to GHCR - uses: redhat-actions/push-to-registry@v2 + - name: Push to GHCR id: push - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} + if: github.event_name != 'pull_request' + uses: Wandalen/wretry.action@ffdd254f4eaf1562b8a2c66aeaa37f1ff2231179 # v3.7.3 with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --compression-format=zstd - - # This section is optional and only needs to be enabled if you plan on distributing - # your project for others to consume. You will need to create a public and private key - # using Cosign and save the private key as a repository secret in Github for this workflow - # to consume. For more details, review the image signing section of the README. - - # Sign container - - uses: sigstore/cosign-installer@v3.7.0 + attempt_limit: 3 + attempt_delay: 15000 + command: | + set -euox pipefail + + for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do + podman push ${{ env.IMAGE_NAME }}:${tag} ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${tag} + done + + digest=$(skopeo inspect docker://${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} --format '{{.Digest}}') + + echo "digest=${digest}" >> $GITHUB_OUTPUT + + - name: Install Cosign + uses: sigstore/cosign-installer@v3.7.0 if: github.event_name != 'pull_request' - name: Sign container image diff --git a/Containerfile b/Containerfile index b5d69ad..2deda97 100644 --- a/Containerfile +++ b/Containerfile @@ -6,7 +6,7 @@ FROM quay.io/centos-bootc/centos-bootc:$MAJOR_VERSION RUN mkdir -p /var/roothome # Total hack to see if we can fix the /var/run symlink -RUN ln -sf ../run /var/run +RUN ln -sf /run /var/run #Install codecs, Workstation, EPEL, CRB, etc. COPY build.sh /tmp/build.sh diff --git a/Justfile b/Justfile index 49a5917..c605e02 100644 --- a/Justfile +++ b/Justfile @@ -1,5 +1,6 @@ export repo_organization := "centos-workstation" export image_name := "main" +export centos_version := "stream10" [private] default: @@ -66,11 +67,7 @@ build $centos_version="stream10" $tag="latest": #!/usr/bin/env bash # Get Version - if [[ "${tag}" =~ stable ]]; then - ver="${centos_version}.$(date +%Y%m%d)" - else - ver="${tag}-${centos_version}.$(date +%Y%m%d)" - fi + ver="${tag}-${centos_version}.$(date +%Y%m%d)" BUILD_ARGS=() BUILD_ARGS+=("--build-arg" "MAJOR_VERSION=${centos_version}") @@ -146,3 +143,82 @@ run-vm: --graphics vnc virsh start centos-workstation-main + +[private] +centos_version: + echo "{{ centos_version }}" + +[private] +image_name: + echo "{{ image_name }}" + +# Generate Default Tag +[group('Utility')] +generate-default-tag tag="latest": + #!/usr/bin/bash + set -eou pipefail + + echo "{{ tag }}" + +# Generate Tags +[group('Utility')] +generate-build-tags tag="latest" ghcr="0" $version="" github_event="" github_number="": + #!/usr/bin/bash + set -eou pipefail + + TODAY="$(date +%A)" + if [[ {{ ghcr }} == "0" ]]; then + rm -f /tmp/manifest.json + fi + CENTOS_VERSION="{{ centos_version }}" + DEFAULT_TAG=$(just generate-default-tag {{ tag }}) + IMAGE_NAME={{ image_name }} + # Use Build Version from Rechunk + if [[ -z "${version:-}" ]]; then + version="{{ tag }}-${CENTOS_VERSION}.$(date +%Y%m%d)" + fi + version=${version#{{ tag }}-} + + # Arrays for Tags + BUILD_TAGS=() + COMMIT_TAGS=() + + # Commit Tags + github_number="{{ github_number }}" + SHA_SHORT="$(git rev-parse --short HEAD)" + if [[ "{{ ghcr }}" == "1" ]]; then + COMMIT_TAGS+=(pr-${github_number:-}-{{ tag }}-${version}) + COMMIT_TAGS+=(${SHA_SHORT}-{{ tag }}-${version}) + fi + + # Convenience Tags + BUILD_TAGS+=("{{ tag }}") + + # Weekly Stable / Rebuild Stable on workflow_dispatch + github_event="{{ github_event }}" + BUILD_TAGS+=("${CENTOS_VERSION}" "${version}") + + if [[ "${github_event}" == "pull_request" ]]; then + alias_tags=("${COMMIT_TAGS[@]}") + else + alias_tags=("${BUILD_TAGS[@]}") + fi + + echo "${alias_tags[*]}" + +[group('Utility')] +tag-images image_name="" default_tag="" tags="": + #!/usr/bin/bash + set -eou pipefail + + # Get Image, and untag + IMAGE=$(podman inspect localhost/{{ image_name }}:{{ default_tag }} | jq -r .[].Id) + podman untag localhost/{{ image_name }}:{{ default_tag }} + + # Tag Image + for tag in {{ tags }}; do + podman tag $IMAGE {{ image_name }}:${tag} + done + + # Show Images + podman images