Merge pull request #64 from thin-edge/next

update project to use rugpi v0.6.0 to make use of repositories

.github/workflows/bake-image.yml

@@ -12,14 +12,14 @@ jobs:
     name: Build information
     runs-on: ubuntu-latest
     outputs:
-      version: ${{ steps.step1.outputs.version }}
+      version: ${{ steps.info.outputs.version }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: extractions/setup-just@v1
-      - id: step1
+      - id: info
         name: Get Version
         run: |
           case "${GITHUB_REF}" in
@@ -35,37 +35,53 @@ jobs:
           echo "version=$version" >> "$GITHUB_OUTPUT"
 
   bake-image:
-    name: Bake Image ${{ matrix.job.arch }} - ${{ matrix.job.profile }} - ${{ matrix.job.variant }}
+    name: Bake Image ${{ matrix.job.image }}
     runs-on: ubuntu-latest
     needs: info
     strategy:
       fail-fast: false
       matrix:
         job:
-          - { arch: armhf, profile: armhf, variant: pi01 }
-          - { arch: arm64, profile: default, variant: pi023 }
-          - { arch: arm64, profile: default, variant: pi4 }
-          - { arch: arm64, profile: default, variant: pi45 }
+          - { image: pi4 }
+          - { image: tryboot }
+          - { image: u-boot }
+          - { image: u-boot-armhf }
     steps:
       - uses: actions/checkout@v3
         with:
           submodules: recursive
       - uses: extractions/setup-just@v1
+      - name: Install dependencies
+        run: just setup
+      - id: info
+        env:
+          VERSION: ${{needs.info.outputs.version}}
+        run: |
+          source <(just show)
+          echo "PREFIX=$PREFIX" >> "$GITHUB_OUTPUT"
+      - name: Configure .env
+        env:
+          IMAGE_CONFIG: ${{secrets.IMAGE_CONFIG || ''}}
+        run: |
+          echo "IMAGE_NAME=${{ steps.info.outputs.PREFIX }}${{ matrix.job.image }}_${{ needs.info.outputs.version }}" > ".env"
+          if [ -n "$IMAGE_CONFIG" ]; then
+            echo "Adding custom IMAGE_CONFIG settings to .env"
+            echo "$IMAGE_CONFIG" >> ".env"
+          fi
+
       - name: Build image
         env:
           VERSION: ${{needs.info.outputs.version}}
         run: |
-          mkdir build
-          just IMAGE_ARCH=${{ matrix.job.arch }} PROFILE=${{ matrix.job.profile }} VARIANT=${{ matrix.job.variant }} build-all
-          mv recipes/sbom/debian-packages.list build/tedge_rugpi_${{matrix.job.profile}}_${{matrix.job.variant}}_${{needs.info.outputs.version}}.sbom.txt
+          just IMAGE=${{ matrix.job.image }} build
 
       - name: Upload Image
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: tedge_rugpi_${{matrix.job.profile}}_${{matrix.job.variant}}_${{needs.info.outputs.version}}
+          name: ${{ steps.info.outputs.PREFIX }}${{ matrix.job.image }}_${{ needs.info.outputs.version }}
           path: |
-            build/tedge_rugpi_${{matrix.job.profile}}_${{matrix.job.variant}}_${{needs.info.outputs.version}}*.xz
-            build/tedge_rugpi_${{matrix.job.profile}}_${{matrix.job.variant}}_${{needs.info.outputs.version}}.sbom.txt
+            build/
+            *.sbom.txt
 
   release:
     name: Release
@@ -76,8 +92,8 @@ jobs:
       - bake-image
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
-      - uses: actions/download-artifact@v3
+        uses: actions/checkout@v4
+      - uses: actions/download-artifact@v4
         with:
           path: release
       - name: Show release artifacts

.gitignore

@@ -1,6 +1,6 @@
 /.rugpi
 /build
-recipes/build-info/files/.build_info
-**/debian-packages.list
-rugpi-bakery.toml
-*.log
+.image
+*.sbom.txt
+*.log
+*.env

README.md

@@ -1,6 +1,6 @@
-# thin-edge.io image using rugpi
+# thin-edge.io image using Rugpi
 
-The repository can be used to build custom Raspberry Pi images with thin-edge.io and Rugpi for robust OTA Operation System updates.
+The repository can be used to build custom Raspberry Pi images with thin-edge.io and [Rugpi](https://oss.silitics.com/rugpi/) for robust OTA Operating System updates.
 
 ## Compatible devices
 
@@ -22,77 +22,121 @@ The repository can be used to build custom Raspberry Pi images with thin-edge.io
 
 The following images are included in this repository.
 
-A profile determines what software and configuration is included in the image.
+|Image|Description|
+|-------|-----------|
+|tryboot|Image for Raspberry Pi 4 and 5 devices which use the tryboot bootloader|
+|tryboot-containers|Image for Raspberry Pi 4 and 5 devices which use the tryboot bootloader and with docker pre-installed|
+|rpi4|Raspberry Pi 4 image which includes the firmware to enable tryboot bootloader|
+|u-boot|Image for Raspberry Pi 2, 3, zero 2W|
+|u-boot-armhf|Image for Raspberry Pi 1 and zero|
 
-A variant is more hardware specific which uses the same profile but makes hardware specific tweaks based on the hardware limitations. For example Raspberry 2, 3 and Zero 2 W do not support the tryboot feature, so instead the u-boot bootloader is used to facilitate the robust OTA image updates.
+## Building
 
-The following sections describe the profiles and variants available.
+### Building an image
 
-### Profiles
+To run the build tasks, install [just](https://just.systems/man/en/chapter_5.html).
 
-|Profile|Description|
-|-------|-----------|
-|default|Default image which does not include WiFi credentials|
-|wifi|All the contents of the default image but also has WiFi credentials included in the image. Suitable for devices without an ethernet adapter|
+1. Clone the repository
+
+    ```sh
+    git clone https://github.com/thin-edge/tedge-rugpi-image.git
+    ```
 
+2. Create a custom `.env` file which will be used to store secrets
 
-### Variants
+    ```sh
+    cp env.template .env
+    ```
 
-|Variant|Supported Raspberry Pi Versions|Description|
-|-------|-------------------------------|-----------|
-|pi45|4 and 5|Does not include firmware so rpi4 needs to have up to date firmware for this image to work!|
-|pi4|4|Includes firmware which enables the tryboot mechanism|
-|pi023|2, 3 and Zero 2 W|Uses u-boot|
+    The `.env` file will not be committed to the repo
 
+3. Edit the `.env` file
 
-## Building
+    If your device does not have an ethernet adapter, or you the device to connect to a Wifi network for onboarding, then you will have to add the Wifi credentials to the `.env` file.
 
-### Building an image without WIFI credentials (devices must have an ethernet adapter!)
+    ```sh
+    SECRETS_WIFI_SSID=example
+    SECRETS_WIFI_PASSWORD=yoursecurepassword
+    SSH_KEYS_bootstrap="ssh-rsa xxxxxxx"
+    ```
 
-To run the build tasks, install [just](https://just.systems/man/en/chapter_5.html).
+    **Note**
+
+    The Wifi credentials only need to be included in the image that is flashed to the SD card. Subsequent images don't need to included the Wifi credentials, as the network connection configuration files are persisted across images.
 
-1. Create the image (including downloading the supported base Raspberry Pi image) using:
+    If an image has Wifi credentials baked in, then you should not make this image public, as it would expose your credentials! 
+
+4. Create the image (including downloading the supported base Raspberry Pi image) using:
 
     ```sh
-    just VARIANT=pi45 build-all
+    just IMAGE=tryboot build
     ```
 
-2. Using the path to the image shown in the console to flash the image to the Raspberry Pi.
+5. Using the path to the image shown in the console to flash the image to the Raspberry Pi.
+
+6. Subsequent A/B updates can be done using Cumulocity IoT or the local Rugpi interface on (localhost:8088)
 
-3. Subsequent A/B updates can be done using Cumulocity IoT or the local Rugpi interface on (localhost:8088)
+    **Notes**
+
+    You can apply image updates via the device's localhost:8088 interface, however you will have to expand the `.xz` image file to a `.img` file.
 
 For further information on Rugpi, checkout the [quick start guide](https://oss.silitics.com/rugpi/docs/getting-started).
 
-### Building an image with WIFI credentials
 
-For devices that only support WIFI (e.g. don't have an ethernet adapter), the WIFI credentials are required to be part of the image, otherwise you don't have any way to connect via SSH to your device.
+### Building for your specific device type
 
-In the future this process will be looked to be improved, and potentially the standard raspberry pi way of using the wpa_supplicant will enable to work out of the box (so that you don't have to bake credentials into the image, and only add them when writing to flash).
+The different image options can be confusing, so to help users a few device specific tasks were created to help you pick the correct image.
 
-The default WIFI credentials are as follows, though it assumes that the given WIFI setup is a non-trusted network that is only used for bootstrapping, and then a secure WIFI network is configured.
+#### Raspberry Pi 1
 
-|SSID|Password|
-|----|--------|
-|onboarding_jail|onboarding_jail|
+```sh
+just build-pi1
+```
 
-1. Create the image (including downloading the supported base Raspberry Pi image) using:
+#### Raspberry Pi 2
 
-    ```sh
-    just PROFILE=wifi VARIANT=pi023 build-all
-    ```
+```sh
+just build-pi2
+```
+
+#### Raspberry Pi 3
+
+```sh
+just build-pi3
+```
+
+#### Raspberry Pi 4 / 400
 
-    Possible variants are:
+```sh
+just build-pi4
+```
+
+**Note**
+
+All Raspberry Pi 4 and 400 don't support tryboot by default, and need their firmware updated before the `tryboot` image can be used.
+
+You can build an image which also includes the firmware used to enable tryboot. Afterwards you can switch back to using an image without the firmware included in it.
+
+```sh
+just build-pi4-include-firmware
+```
+
+#### Raspberry Pi 5
 
-    * pi023
-    * pi4
-    * pi45
+```sh
+just build-pi5
+```
 
-    This profile will use pre-baked credentials for the WIFI which are defined in [profiles/wifi.toml](profiles/wifi.toml).
+#### Raspberry Pi Zero
+
+```sh
+just build-pizero
+```
 
-### Building for Raspberry 1 or Zero
+#### Raspberry Pi Zero 2W
 
 ```sh
-just IMAGE_ARCH=armhf PROFILE=armhf VARIANT=pi01 build-all
+just build-pizero2w
 ```
 
 ## Project Tasks
@@ -122,7 +166,7 @@ You will need [go-c8y-cli](https://goc8ycli.netlify.app/) and [gh](https://cli.g
 
 1. In the console, using go-c8y-cli, set your session to the tenant where you want to upload the firmware to
 
-    ```
+    ```sh
     set-session mytenant
     ```
 
@@ -143,3 +187,26 @@ You will need [go-c8y-cli](https://goc8ycli.netlify.app/) and [gh](https://cli.g
     This script will create firmware items (name and version) in Cumulocity IoT. The firmware versions will be just links to the external artifacts which are available from the Github Release artifacts.
 
 3. Now you can select the firmware in Cumulocity IoT to deploy to your devices (assuming you have flashed the base image to the device first ;)!
+
+## Add SSH and/or wifi to Github workflow
+
+You can customize the images built by the Github workflow by creating a secret within Github.
+
+1. Create a repository secret with the following settings
+
+    **Name**
+
+    ```sh
+    IMAGE_CONFIG
+    ```
+
+    **Value**
+
+    ```sh
+    SSH_KEYS_bootstrap="ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx bootstrap"
+    SSH_KEYS_seconduser="ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx myseconduser"
+    ```
+
+    Remove any lines which are not applicable to your build.
+
+2. Build the workflow from Github using the UI (or creating a new git tag)

env.template

@@ -0,0 +1,9 @@
+# wifi credentials - it will be ignored if the ssid is empty
+#SECRETS_WIFI_ID=wifi
+SECRETS_WIFI_SSID=
+SECRETS_WIFI_PASSWORD=
+
+# SSH authorized keys
+SSH_KEYS_bootstrap="ssh-rsa xxxxxxx"
+#SSH_KEYS_user1="ssh-rsa xxxxxxx"
+#SSH_KEYS_user2="ssh-rsa xxxxxxx"