Show how to use secrets-connected config to create a custom, bootable…

…, connectable raspberry pi image directly from Github actions with no manual configuration

.github/workflows/ci.yml

@@ -0,0 +1,40 @@
+name: CI
+
+on:
+  # Run jobs on push to master or feature branches
+  push:
+    branches:
+      - main
+      - feature-*
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Checkout submodules
+        uses: textbook/git-checkout-submodule-action@master
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: crazy-max/ghaction-docker-buildx@v1
+        with:
+          buildx-version: latest
+          qemu-version: latest
+
+      - name: Build
+        env:
+          SECRET_IMAGE_NAME: ${{ secrets.IMAGE_NAME }}
+          SECRET_HOSTNAME: ${{ secrets.HOSTNAME }}
+          SECRET_FIRST_USER: ${{ secrets.FIRST_USER }}
+          SECRET_FIRST_USERPASS: ${{ secrets.FIRST_USER_PASS }}
+          SECRET_SSH_ENABLED: ${{ secrets.SSH_ENABLED }}
+          SECRET_WPA_SSID: ${{ secrets.WPA_SSID }}
+          SECRET_WPA_PASSPHRASE: ${{ secrets.WPA_PASSPHRASE }}
+          SECRET_WPA_COUNTRY: ${{ secrets.WPA_COUNTRY }}
+        run: |
+          pushd pi-gen
+          trap "popd; exit" INT TERM EXIT
+          ./build-docker.sh -c ../config IMAGE_NAME="${SECRET_IMAGE_NAME}" HOSTNAME="${SECRET_HOSTNAME}" FIRST_USER="${SECRET_FIRST_USER}" FIRST_USERPASS="${SECRET_FIRST_USER_PASS}" SSH_ENABLED="${SECRET_SSH_ENABLED}" WPA_SSID="${SECRET_WPA_SSID}" WPA_PASSPHRASE="${SECRET_WPA_PASSPHRASE}" WPA_COUNTRY="${SECRET_WPA_COUNTRY}"

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "pi-gen"]
+	path = pi-gen
+	url = https://github.com/aniongithub/pi-gen.git
+	branch = master

bootstrap/00-packages

@@ -0,0 +1,4 @@
+nano
+wget
+jq
+python3-pip

bootstrap/01-run.sh

@@ -0,0 +1,18 @@
+#!/bin/bash -e
+
+# Install Docker using default installation script
+# and perform post-install steps to not require
+# sudo for docker commands
+echo "Installing docker..."
+on_chroot << EOF
+curl -sSL get.docker.com | sh
+usermod -aG docker ${FIRST_USER_NAME}
+EOF
+
+# Install docker-compose
+echo "Installing docker-compose..."
+on_chroot << EOF
+pip3 install docker-compose
+# Ensure it's in PATH
+ln -sfn /home/${FIRST_USER_NAME}/.local/bin/docker-compose /usr/bin/docker-compose
+EOF

bootstrap/02-run.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+# Generate wpa_supplicant.conf in /boot so pi will copy it and disable rfkill on startup
+echo "Generating wpa_supplicant.conf..."
+echo "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev" > ${BOOTFS_DIR}/wpa_supplicant.conf
+echo "update_config=1" >> ${BOOTFS_DIR}/wpa_supplicant.conf
+echo "country=${WPA_COUNTRY}" >> ${BOOTFS_DIR}/wpa_supplicant.conf
+wpa_passphrase ${WPA_SSID} ${WPA_PASSPHRASE} >> ${BOOTFS_DIR}/wpa_supplicant.conf

config

@@ -0,0 +1,27 @@
+# The directory this config file lives in
+CONFIG_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd)"
+
+export IMG_NAME=${IMAGE_NAME}
+export TARGET_HOSTNAME=${HOSTNAME}
+
+TIMEZONE=$(cat /etc/timezone)
+export TIMEZONE_DEFAULT=$TIMEZONE
+
+# TODO: Fix this!
+export LOCALE_DEFAULT=${LANG:="en_US.UTF-8"}
+
+export FIRST_USER_NAME=${FIRST_USER}
+export FIRST_USER_PASS=${FIRST_USERPASS}
+
+export ENABLE_SSH=${SSH_ENABLED}
+
+# Add additional mounts containing custom steps and files it needs
+export ADDL_MOUNTS="${CONFIG_DIR}/bootstrap:/pi-gen/stage2/90-bootstrap:ro ${CONFIG_DIR}/bootstrap-resources:/bootstrap-resources:ro"
+
+# We only want to build a lite image
+export STAGE_LIST="stage0 stage1 stage2"
+
+# Set up WiFi
+export WPA_ESSID=${WPA_SSID}
+export WPA_PASSWORD=${WPA_PASSPHRASE}
+export WPA_COUNTRY=${WPA_COUNTRY}