diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 698d1f00..2985eb4d 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -13,10 +13,6 @@ jobs: build-image: runs-on: ubuntu-latest - container: - image: quay.io/centos-bootc/bootc-image-builder:latest - options: --privileged - # Yes, this is a one-element matrix, but we may add c10s in the future soon strategy: matrix: @@ -26,10 +22,30 @@ jobs: version: stream9 steps: + - name: Update podman + run: | + # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 + ubuntu_version='22.04' + key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" + sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" + echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list + curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null + sudo apt update + sudo apt install -y podman + - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build run: | - rpm-ostree compose image --format=ociarchive \ - --initialize ${{ matrix.os }}-bootc.yaml dest.oci-archive + podman build --security-opt=label=disable --cap-add=all --device /dev/fuse \ + -t localhost/${{ matrix.os }}-${{ matrix.version }}-bootc-wrapped -f Containerfile.${{ matrix.os }}-${{ matrix.version }} + + - name: Extract wrapped archive + run: | + id=$(podman create --entrypoint=/none localhost/${{ matrix.os }}-${{ matrix.version }}-bootc-wrapped) + podman cp ${id}/nested.ociarchive . + skopeo copy oci-archive:nested.ociarchive containers-storage:localhost/${{ matrix.os }}-${{ matrix.version }}-bootc + + - name: Run image + run: podman run --rm -ti localhost/${{ matrix.os }}-${{ matrix.version }}-bootc cat /etc/os-release diff --git a/Containerfile.centos-stream9 b/Containerfile.centos-stream9 new file mode 100644 index 00000000..4b278a4e --- /dev/null +++ b/Containerfile.centos-stream9 @@ -0,0 +1,34 @@ +# This container build will end up generating a *scratch* image +# whose content is an .ociarchive of the real container. +# +# This container build uses nested containerization, so you must build with e.g. +# podman build --security-opt=label=disable --cap-add=all --device /dev/fuse <...> +# +# Once you have the desired image (e.g. localhost/c9s-bootc) you can then +# extract the "wrapped" image however you like, among them: +# +# id=$(podman create localhost/c9s-bootc) +# podman cp ${id} /nested.ociarchive . +# podman rm ${id} +# +# Then you can e.g. `skopeo copy oci-archive:nested.ociarchive` to another place +# such as containers-storage: (to run locally) or docker:// (to push to a remote registry). + +FROM quay.io/centos/centos:stream9 as repos + +FROM quay.io/centos-bootc/bootc-image-builder:latest as builder +ARG VARIANT=centos +COPY . /src +WORKDIR /src +COPY --from=repos /etc/dnf/vars /etc/dnf/vars +COPY --from=repos /etc/yum.repos.d/centos.repo c9s.repo +COPY --from=repos /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /etc/pki/rpm-gpg +# rpm-ostree doesn't honor /etc/dnf/vars right now +RUN for n in $(ls /etc/dnf/vars); do v=$(cat /etc/dnf/vars/$n); sed -ie s,\$${n},$v, c9s.repo; done +RUN --mount=type=cache,target=/workdir rpm-ostree compose image --cachedir=/workdir --format=ociarchive --initialize ${VARIANT}-bootc.yaml ${VARIANT}-bootc.ociarchive + +FROM quay.io/centos/centos:stream9 +# Standardize on this name so it's easy to find/extract +COPY --from=builder /src/*-bootc.ociarchive /nested.ociarchive +# For convenience - if executed, we copy the oci-archive to stdout +CMD cat /nested.ociarchive