Build Bluefin ISOs #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Bluefin ISOs | |
| on: | |
| workflow_dispatch: | |
| workflow_call: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-iso | |
| cancel-in-progress: true | |
| jobs: | |
| build-iso: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image_name: | |
| - bluefin | |
| - bluefin-nvidia | |
| - bluefin-asus | |
| - bluefin-asus-nvidia | |
| - bluefin-surface | |
| - bluefin-surface-nvidia | |
| - bluefin-dx | |
| - bluefin-dx-nvidia | |
| - bluefin-dx-asus | |
| - bluefin-dx-surface | |
| - bluefin-dx-asus-nvidia | |
| - bluefin-dx-surface-nvidia | |
| major_version: [38, 39] | |
| exclude: | |
| - major_version: 38 | |
| image_name: bluefin-asus | |
| - major_version: 38 | |
| image_name: bluefin-asus-nvidia | |
| - major_version: 38 | |
| image_name: bluefin-dx-asus | |
| - major_version: 38 | |
| image_name: bluefin-dx-asus-nvidia | |
| include: | |
| - major_version: 38 | |
| is_gts_version: true | |
| - major_version: 39 | |
| is_gts_version: false | |
| steps: | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/[email protected] | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| - name: Set Image Tag | |
| id: generate-tag | |
| shell: bash | |
| run: | | |
| TAG="latest" | |
| if [[ ${{ matrix.is_gts_version }} == "true" ]]; then | |
| TAG="gts" | |
| fi | |
| if [[ "${{ github.ref_name }}" == "testing" ]]; then | |
| if [[ "${{ matrix.is_gts_version }}" == "true" ]]; then | |
| TAG="gts-testing" | |
| else | |
| TAG="testing" | |
| fi | |
| fi | |
| # Would like to implement in the future. This will allow us to support image tags from a PR. | |
| #if [[ github.event.number ]]; then | |
| # TAG="pr-${{ github.event.number }}-${{ matrix.major_version }}" | |
| #fi | |
| echo "tag=${TAG}" >> $GITHUB_OUTPUT | |
| - name: Determine Flatpak Dependencies | |
| id: flatpak_dependencies | |
| shell: bash | |
| run: | | |
| set -ex | |
| image="ghcr.io/ublue-os/${{ matrix.image_name }}:${{ steps.generate-tag.outputs.tag }}" | |
| # Make temp space | |
| TEMP_FLATPAK_INSTALL_DIR=$(mktemp -d -p ${{ github.workspace }} flatpak.XXX) | |
| # Get list of refs from directory | |
| FLATPAK_REFS_DIR=${{ github.workspace }}/flatpaks | |
| FLATPAK_REFS_DIR_LIST=$(cat ${FLATPAK_REFS_DIR}/* | tr '\n' ' ' ) | |
| # Generate install script | |
| cat << EOF > ${TEMP_FLATPAK_INSTALL_DIR}/script.sh | |
| cat /temp_flatpak_install_dir/script.sh | |
| mkdir -p /flatpak/flatpak /flatpak/triggers | |
| mkdir /var/tmp || true | |
| chmod -R 1777 /var/tmp | |
| flatpak config --system --set languages "*" | |
| flatpak remote-add --system flathub https://flathub.org/repo/flathub.flatpakrepo | |
| flatpak install --system -y ${FLATPAK_REFS_DIR_LIST} | |
| ostree refs --repo=\${FLATPAK_SYSTEM_DIR}/repo | grep '^deploy/' | grep -v 'org\.freedesktop\.Platform\.openh264' | sed 's/^deploy\///g' > /output/flatpaks_with_deps | |
| EOF | |
| docker run --rm --privileged \ | |
| --entrypoint bash \ | |
| -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak \ | |
| -e FLATPAK_TRIGGERSDIR=/flatpak/triggers \ | |
| --volume ${FLATPAK_REFS_DIR}:/output \ | |
| --volume ${TEMP_FLATPAK_INSTALL_DIR}:/temp_flatpak_install_dir \ | |
| ${image} /temp_flatpak_install_dir/script.sh | |
| docker rmi ${image} | |
| - name: Build ISOs | |
| uses: jasonn3/[email protected] | |
| id: build | |
| with: | |
| arch: x86_64 | |
| image_name: ${{ matrix.image_name }} | |
| image_repo: ghcr.io/ublue-os | |
| variant: 'Silverblue' | |
| version: ${{ matrix.major_version }} | |
| image_tag: ${{ steps.generate-tag.outputs.tag }} | |
| secure_boot_key_url: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' | |
| enrollment_password: 'ublue-os' | |
| iso_name: ${{ matrix.image_name }}-${{ steps.generate-tag.outputs.tag }} | |
| enable_cache_dnf: "false" | |
| enable_cache_skopeo: "false" | |
| flatpak_remote_refs_dir: /github/workspace/flatpaks | |
| enable_flatpak_dependencies: "false" | |
| - name: Upload ISOs and Checksum to Job Artifacts | |
| if: github.ref_name == 'testing' | |
| #if: github.event_name == 'pull_request' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ steps.build.outputs.iso_name }} | |
| path: | | |
| ${{ steps.build.outputs.iso_path }} | |
| ${{ steps.build.outputs.iso_path }}-CHECKSUM | |
| if-no-files-found: error | |
| retention-days: 0 | |
| compression-level: 0 | |
| overwrite: true | |
| - name: Upload ISOs and Checksum to R2 | |
| if: github.event_name == 'workflow_dispatch' && github.ref_name == 'main' | |
| shell: bash | |
| env: | |
| RCLONE_CONFIG_R2_TYPE: s3 | |
| RCLONE_CONFIG_R2_PROVIDER: Cloudflare | |
| RCLONE_CONFIG_R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| RCLONE_CONFIG_R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| RCLONE_CONFIG_R2_REGION: auto | |
| RCLONE_CONFIG_R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }} | |
| SOURCE_ISO: ${{ steps.build.outputs.iso_path }} | |
| SOURCE_ISO_CHECKSUM: ${{ steps.build.outputs.iso_path }}-CHECKSUM | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y rclone | |
| sudo chmod 777 $SOURCE_ISO | |
| sudo chmod 777 $SOURCE_ISO_CHECKSUM | |
| rclone copy $SOURCE_ISO R2:bluefin && \ | |
| rclone copy $SOURCE_ISO_CHECKSUM R2:bluefin |