badblocks/ublue
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
ublue/.github/workflows/bazzite-build-gnome.yml

261 lines
9.2 KiB
YAML
Raw Blame History

---
name: bazzite-build-gnome
on:
pull_request:
branches:
- main
schedule:
- cron: '05 05 * * *' # 05:05am UTC everyday
push:
branches:
- main
paths-ignore:
- '**/README.md'
workflow_dispatch:
env:
MY_IMAGE_NAME: "bazzite-badblocks-gnome" # the name of the image produced by this build
MY_IMAGE_DESC: "badblocks's custom bazzite-gnome build"
IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}" # do not edit
jobs:
read_groups:
name: Read RPM groups from build.sh
runs-on: ubuntu-latest
container: fedora:latest
outputs:
group_pkgs: ${{ steps.extract_groups.outputs.result }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Extract quoted groups
id: extract_groups
shell: bash
run: |
# Find the rpm-ostree groupinstall lines and extract quoted strings
VALUE=$(grep '^rpm-ostree groupinstall' build.sh | grep -o '"[^"]*"' | tr '\n' ' ')
echo "Extracted VALUE: $VALUE"
if [ -z "$VALUE" ]; then
echo "No groups found in build.sh"
echo "result=" >> "$GITHUB_OUTPUT"
exit 0
fi
# Initialize an empty array
declare -a GROUP_ARRAY
# Use read with a custom delimiter to split the input string
while IFS='"' read -ra parts; do
for part in "${parts[@]}"; do
# Trim leading and trailing spaces and check if the part is not empty
trimmed=$(echo "$part" | xargs)
if [[ -n "$trimmed" ]]; then
GROUP_ARRAY+=("$trimmed")
fi
done
done <<< "$VALUE"
echo "Raw Array without double-quotes: ${GROUP_ARRAY[@]}"
IS_DNF5=$(dnf --version | { grep -sc dnf5 || test $? = 1; })
echo "IS_DNF5: $IS_DNF5 (dnf4 = 0, else dnf5)"
echo -n result= >> "$GITHUB_OUTPUT"
for GROUP_E in "${GROUP_ARRAY[@]}"; do
echo "Getting pkgs for group: $GROUP_E"
if [ "$IS_DNF5" -ne 0 ]; then
#dnf5
echo -n $(dnf group info "$GROUP_E" 2>&1 | grep -E "packages|^[[:space:]]*:" | cut -d: -f2 | tr -s ' ' | tr -d '\n' | sed 's/^ //; s/ $//') >> "$GITHUB_OUTPUT"
else
#dnf4
echo -n $(dnf group info "$GROUP_E" 2>&1 | grep -v : | tr -d '\n' | tr -s ' ' | cut -c2-) >> "$GITHUB_OUTPUT"
fi
echo -n " " >> "$GITHUB_OUTPUT"
done
#run: |
# Find the rpm-ostree groupinstall lines and extract quoted strings
#VALUE=$(grep '^rpm-ostree groupinstall' build.sh | grep -o '"[^"]*"' | tr '\n' ' ')
#GROUPS=( $VALUE )
#IS_DNF5=$(dnf --version | grep -c dnf5)
# for GROUP in "${GROUPS[@]}"; do
# if [ "$IS_DNF5" -ne 0 ]; then
# #dnf5
# echo $GROUP
# else
# #dnf4
# echo $GROUP
# fi
# done
#echo "result=$VALUE" >> "$GITHUB_OUTPUT"
# get_pkg_lists:
# name: Retrieve group package lists from fedora:latest dnf group list
# runs-on: ubuntu-latest
# container: fedora:latest
# needs: read_groups
# outputs:
# GROUP_PKGS: ${{ steps.get_pkg_list.outputs.result }}
# steps:
# - name: Get package lists from specified groups
# shell: bash
# run: |
# GROUPS=( ${{ needs.read_groups.outputs.groups }} )
# IS_DNF5=$(dnf --version | grep -c dnf5)
# for GROUP in "${GROUPS[@]}"; do
# echo $(dnf group info "$GROUP")
# if [ "$IS_DNF5" -ne 0 ]; then
# #dnf5
# echo "result=$(dnf group info "$GROUP" 2>&1 | grep -E "packages|^[[:space:]]*:" | cut -d: -f2 | tr -s ' ' | tr -d '\n' | sed 's/^ //; s/ $//')" >> "$GITHUB_OUTPUT"
# else
# #dnf4
# echo "result=$(dnf group info "$GROUP" 2>&1 | grep -v : | tr -d '\n' | tr -s ' ' | cut -c2-)" >> "$GITHUB_OUTPUT"
# fi
# done
build_push:
name: Build and push image
runs-on: ubuntu-24.04
needs: read_groups
permissions:
contents: read
packages: write
id-token: write
steps:
# Checkout push-to-registry action GitHub repository
- name: Checkout Push to Registry action
uses: actions/checkout@v4
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v7
- name: Replace groupinstall <groups> with install <pkgs> in build.sh
run: |
sed -i "s/^rpm-ostree groupinstall.*/rpm-ostree install ${{ needs.read_groups.outputs.group_pkgs }}/" build.sh
- name: Generate tags
id: generate-tags
shell: bash
run: |
# Generate a timestamp for creating an image version history
TIMESTAMP="$(date +%Y%m%d)"
COMMIT_TAGS=()
BUILD_TAGS=()
# Have tags for tracking builds during pull request
SHA_SHORT="${GITHUB_SHA::7}"
COMMIT_TAGS+=("pr-${{ github.event.number }}")
COMMIT_TAGS+=("${SHA_SHORT}")
# Append matching timestamp tags to keep a version history
for TAG in "${BUILD_TAGS[@]}"; do
BUILD_TAGS+=("${TAG}-${TIMESTAMP}")
done
BUILD_TAGS+=("${TIMESTAMP}")
if [[ ${{ github.ref_name }} == "unstable" ]]; then
BUILD_TAGS+=("unstable")
SOURCE_VERSION="unstable"
elif [[ ${{ github.ref_name }} == "testing" ]]; then
BUILD_TAGS+=("testing")
SOURCE_VERSION="testing"
else
BUILD_TAGS+=("latest" "stable")
SOURCE_VERSION="latest"
fi
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
echo "Generated the following commit tags: "
for TAG in "${COMMIT_TAGS[@]}"; do
echo "${TAG}"
done
alias_tags=("${COMMIT_TAGS[@]}")
else
alias_tags=("${BUILD_TAGS[@]}")
fi
echo "Generated the following build tags: "
for TAG in "${BUILD_TAGS[@]}"; do
echo "${TAG}"
done
echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
# Build metadata
- name: Image Metadata
uses: docker/metadata-action@v5
id: meta
with:
images: |
${{ env.MY_IMAGE_NAME }}
labels: |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }}
org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }}
# Build image using Buildah action
- name: Build Image
id: build_image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./Containerfile
# Postfix image name with -custom to make it a little more descriptive
# Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format
image: ${{ env.MY_IMAGE_NAME }}
tags: |
${{ steps.generate-tags.outputs.alias_tags }}
labels: ${{ steps.meta.outputs.labels }}
oci: false
# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
# https://github.com/macbre/push-to-ghcr/issues/12
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v6
with:
string: ${{ env.IMAGE_REGISTRY }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push Image to GHCR
uses: redhat-actions/push-to-registry@v2
id: push
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
# This section is optional and only needs to be enabled if you plan on distributing
# your project for others to consume. You will need to create a public and private key
# using Cosign and save the private key as a repository secret in Github for this workflow
# to consume. For more details, review the image signing section of the README.
# Sign container
- uses: sigstore/cosign-installer@v3.5.0
if: github.event_name != 'pull_request'
- name: Sign container image
if: github.event_name != 'pull_request'
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
env:
TAGS: ${{ steps.push.outputs.digest }}
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
Reference in a new issue View git blame Copy permalink