--- name: bazzite-build-gnome on: pull_request: branches: - main schedule: - cron: '05 05 * * *' # 05:05am UTC everyday push: branches: - main paths-ignore: - '**/README.md' workflow_dispatch: env: MY_IMAGE_NAME: "bazzite-badblocks-gnome" # the name of the image produced by this build MY_IMAGE_DESC: "badblocks's custom bazzite-gnome build" IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}" # do not edit jobs: read_groups: name: Read RPM groups from build.sh runs-on: ubuntu-latest container: fedora:latest outputs: group_pkgs: ${{ steps.extract_groups.outputs.result }} steps: - name: Checkout repository uses: actions/checkout@v4 - name: Extract quoted groups id: extract_groups shell: bash run: | # Find the rpm-ostree groupinstall lines and extract quoted strings VALUE=$(grep '^rpm-ostree groupinstall' build.sh | grep -o '"[^"]*"' | tr '\n' ' ') echo "Extracted VALUE: $VALUE" if [ -z "$VALUE" ]; then echo "No groups found in build.sh" echo "result=" >> "$GITHUB_OUTPUT" exit 0 fi # Initialize an empty array declare -a GROUP_ARRAY # Use read with a custom delimiter to split the input string while IFS='"' read -ra parts; do for part in "${parts[@]}"; do # Trim leading and trailing spaces and check if the part is not empty trimmed=$(echo "$part" | xargs) if [[ -n "$trimmed" ]]; then GROUP_ARRAY+=("$trimmed") fi done done <<< "$VALUE" echo "Raw Array without double-quotes: ${GROUP_ARRAY[@]}" IS_DNF5=$(dnf --version | { grep -sc dnf5 || test $? = 1; }) echo "IS_DNF5: $IS_DNF5 (dnf4 = 0, else dnf5)" echo -n result= >> "$GITHUB_OUTPUT" for GROUP_E in "${GROUP_ARRAY[@]}"; do echo "Getting pkgs for group: $GROUP_E" if [ "$IS_DNF5" -ne 0 ]; then #dnf5 echo -n $(dnf group info "$GROUP_E" 2>&1 | grep -E "packages|^[[:space:]]*:" | cut -d: -f2 | tr -s ' ' | tr -d '\n' | sed 's/^ //; s/ $//') >> "$GITHUB_OUTPUT" else #dnf4 echo -n $(dnf group info "$GROUP_E" 2>&1 | grep -v : | tr -d '\n' | tr -s ' ' | cut -c2-) >> "$GITHUB_OUTPUT" fi echo -n " " >> "$GITHUB_OUTPUT" done #run: | # Find the rpm-ostree groupinstall lines and extract quoted strings #VALUE=$(grep '^rpm-ostree groupinstall' build.sh | grep -o '"[^"]*"' | tr '\n' ' ') #GROUPS=( $VALUE ) #IS_DNF5=$(dnf --version | grep -c dnf5) # for GROUP in "${GROUPS[@]}"; do # if [ "$IS_DNF5" -ne 0 ]; then # #dnf5 # echo $GROUP # else # #dnf4 # echo $GROUP # fi # done #echo "result=$VALUE" >> "$GITHUB_OUTPUT" # get_pkg_lists: # name: Retrieve group package lists from fedora:latest dnf group list # runs-on: ubuntu-latest # container: fedora:latest # needs: read_groups # outputs: # GROUP_PKGS: ${{ steps.get_pkg_list.outputs.result }} # steps: # - name: Get package lists from specified groups # shell: bash # run: | # GROUPS=( ${{ needs.read_groups.outputs.groups }} ) # IS_DNF5=$(dnf --version | grep -c dnf5) # for GROUP in "${GROUPS[@]}"; do # echo $(dnf group info "$GROUP") # if [ "$IS_DNF5" -ne 0 ]; then # #dnf5 # echo "result=$(dnf group info "$GROUP" 2>&1 | grep -E "packages|^[[:space:]]*:" | cut -d: -f2 | tr -s ' ' | tr -d '\n' | sed 's/^ //; s/ $//')" >> "$GITHUB_OUTPUT" # else # #dnf4 # echo "result=$(dnf group info "$GROUP" 2>&1 | grep -v : | tr -d '\n' | tr -s ' ' | cut -c2-)" >> "$GITHUB_OUTPUT" # fi # done build_push: name: Build and push image runs-on: ubuntu-24.04 needs: read_groups permissions: contents: read packages: write id-token: write steps: # Checkout push-to-registry action GitHub repository - name: Checkout Push to Registry action uses: actions/checkout@v4 - name: Maximize build space uses: ublue-os/remove-unwanted-software@v7 - name: Replace groupinstall with install in build.sh run: | sed -i "s/^rpm-ostree groupinstall.*/rpm-ostree install ${{ needs.read_groups.outputs.group_pkgs }}/" build.sh - name: Generate tags id: generate-tags shell: bash run: | # Generate a timestamp for creating an image version history TIMESTAMP="$(date +%Y%m%d)" COMMIT_TAGS=() BUILD_TAGS=() # Have tags for tracking builds during pull request SHA_SHORT="${GITHUB_SHA::7}" COMMIT_TAGS+=("pr-${{ github.event.number }}") COMMIT_TAGS+=("${SHA_SHORT}") # Append matching timestamp tags to keep a version history for TAG in "${BUILD_TAGS[@]}"; do BUILD_TAGS+=("${TAG}-${TIMESTAMP}") done BUILD_TAGS+=("${TIMESTAMP}") if [[ ${{ github.ref_name }} == "unstable" ]]; then BUILD_TAGS+=("unstable") SOURCE_VERSION="unstable" elif [[ ${{ github.ref_name }} == "testing" ]]; then BUILD_TAGS+=("testing") SOURCE_VERSION="testing" else BUILD_TAGS+=("latest" "stable") SOURCE_VERSION="latest" fi if [[ "${{ github.event_name }}" == "pull_request" ]]; then echo "Generated the following commit tags: " for TAG in "${COMMIT_TAGS[@]}"; do echo "${TAG}" done alias_tags=("${COMMIT_TAGS[@]}") else alias_tags=("${BUILD_TAGS[@]}") fi echo "Generated the following build tags: " for TAG in "${BUILD_TAGS[@]}"; do echo "${TAG}" done echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT # Build metadata - name: Image Metadata uses: docker/metadata-action@v5 id: meta with: images: | ${{ env.MY_IMAGE_NAME }} labels: | io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }} org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }} # Build image using Buildah action - name: Build Image id: build_image uses: redhat-actions/buildah-build@v2 with: containerfiles: | ./Containerfile # Postfix image name with -custom to make it a little more descriptive # Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format image: ${{ env.MY_IMAGE_NAME }} tags: | ${{ steps.generate-tags.outputs.alias_tags }} labels: ${{ steps.meta.outputs.labels }} oci: false # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. # https://github.com/macbre/push-to-ghcr/issues/12 - name: Lowercase Registry id: registry_case uses: ASzc/change-string-case-action@v6 with: string: ${{ env.IMAGE_REGISTRY }} - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Push Image to GHCR uses: redhat-actions/push-to-registry@v2 id: push env: REGISTRY_USER: ${{ github.actor }} REGISTRY_PASSWORD: ${{ github.token }} with: image: ${{ steps.build_image.outputs.image }} tags: ${{ steps.build_image.outputs.tags }} registry: ${{ steps.registry_case.outputs.lowercase }} username: ${{ env.REGISTRY_USER }} password: ${{ env.REGISTRY_PASSWORD }} extra-args: | --disable-content-trust # This section is optional and only needs to be enabled if you plan on distributing # your project for others to consume. You will need to create a public and private key # using Cosign and save the private key as a repository secret in Github for this workflow # to consume. For more details, review the image signing section of the README. # Sign container - uses: sigstore/cosign-installer@v3.5.0 if: github.event_name != 'pull_request' - name: Sign container image if: github.event_name != 'pull_request' run: | cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS} env: TAGS: ${{ steps.push.outputs.digest }} COSIGN_EXPERIMENTAL: false COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}