From c809de3d9dadcaf9c0b91b0f96ceeccc5c0ba408 Mon Sep 17 00:00:00 2001 From: badblocks <4161747+badbl0cks@users.noreply.github.com> Date: Fri, 11 Oct 2024 17:12:45 +0000 Subject: [PATCH] Add build.yml for default bazzite (kde) building --- .github/workflows/build.yml | 169 ++++++++++++++++++++++++++++++++++++ 1 file changed, 169 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..2d0f40c --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,169 @@ +--- +name: build-bazzite-stable-40 +on: + pull_request: + branches: + - main + schedule: + - cron: '05 10 * * 0' # 10:05am UTC every Sunday + push: + branches: + - main + paths-ignore: + - '**/README.md' + workflow_dispatch: + +env: + MY_IMAGE_NAME: "bazzite-custom" # the name of the image produced by this build + MY_IMAGE_DESC: "badblocks's custom bazzite build" + MAJOR_VERSION: "40" + SOURCE_IMAGE: "bazzite" + SOURCE_SUFFIX: "" + VERSION_SUFFIX: "stable" + IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}" # do not edit + +jobs: + build_push: + name: Build and push image + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + id-token: write + + steps: + # Checkout push-to-registry action GitHub repository + - name: Checkout Push to Registry action + uses: actions/checkout@v3 + + - name: Generate tags + id: generate-tags + shell: bash + run: | + # Generate a timestamp for creating an image version history + TIMESTAMP="$(date +%Y%m%d)" + COMMIT_TAGS=() + BUILD_TAGS=() + + # Have tags for tracking builds during pull request + SHA_SHORT="${GITHUB_SHA::7}" + COMMIT_TAGS+=("pr-${{ github.event.number }}") + COMMIT_TAGS+=("${SHA_SHORT}") + + # Append matching timestamp tags to keep a version history + for TAG in "${BUILD_TAGS[@]}"; do + BUILD_TAGS+=("${TAG}-${TIMESTAMP}") + done + + if [[ ${{ github.ref_name }} == "unstable" ]]; then + BUILD_TAGS+=("${MAJOR_VERSION}-unstable" "${MAJOR_VERSION}-unstable-${TIMESTAMP}") + BUILD_TAGS+=("unstable") + elif [[ ${{ github.ref_name }} == "testing" ]]; then + BUILD_TAGS+=("${MAJOR_VERSION}-testing" "${MAJOR_VERSION}-testing-${TIMESTAMP}") + BUILD_TAGS+=("testing") + else + BUILD_TAGS+=("${MAJOR_VERSION}" "${MAJOR_VERSION}-${TIMESTAMP}") + BUILD_TAGS+=("${MAJOR_VERSION}-stable" "${MAJOR_VERSION}-stable-${TIMESTAMP}") + BUILD_TAGS+=("latest" "stable") + fi + + BUILD_TAGS+=("${TIMESTAMP}") + + if [[ "${{ github.event_name }}" == "pull_request" ]]; then + echo "Generated the following commit tags: " + for TAG in "${COMMIT_TAGS[@]}"; do + echo "${TAG}" + done + + alias_tags=("${COMMIT_TAGS[@]}") + else + alias_tags=("${BUILD_TAGS[@]}") + fi + + echo "Generated the following build tags: " + for TAG in "${BUILD_TAGS[@]}"; do + echo "${TAG}" + done + + echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT + + # Build metadata + - name: Image Metadata + uses: docker/metadata-action@v4 + id: meta + with: + images: | + ${{ env.MY_IMAGE_NAME }} + + labels: | + io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md + org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }} + org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }} + + # Build image using Buildah action + - name: Build Image + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: | + ./Containerfile + # Postfix image name with -custom to make it a little more descriptive + # Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format + image: ${{ env.MY_IMAGE_NAME }} + build-args: | + SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} + SOURCE_SUFFIX=${{ env.SOURCE_SUFFIX }} + FEDORA_VERSION=${{ env.MAJOR_VERSION }}-${{ env.VERSION_SUFFIX }} + tags: | + ${{ steps.generate-tags.outputs.alias_tags }} + labels: ${{ steps.meta.outputs.labels }} + oci: false + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v5 + with: + string: ${{ env.IMAGE_REGISTRY }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push Image to GHCR + uses: redhat-actions/push-to-registry@v2 + id: push + env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + extra-args: | + --disable-content-trust + + # This section is optional and only needs to be enabled in you plan on distributing + # your project to others to consume. You will need to create a public and private key + # using Cosign and save the private key as a repository secret in Github for this workflow + # to consume. For more details, review the image signing section of the README. + + # Sign container + - uses: sigstore/cosign-installer@v3.4.0 + if: github.event_name != 'pull_request' + + - name: Sign container image + if: github.event_name != 'pull_request' + run: | + cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS} + env: + TAGS: ${{ steps.push.outputs.digest }} + COSIGN_EXPERIMENTAL: false + COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}