diff --git a/.github/workflows/build-container-image.yml b/.github/workflows/build-container-and-test-iso.yml similarity index 75% rename from .github/workflows/build-container-image.yml rename to .github/workflows/build-container-and-test-iso.yml index 94e6c1a8..dec3076d 100644 --- a/.github/workflows/build-container-image.yml +++ b/.github/workflows/build-container-and-test-iso.yml @@ -16,9 +16,10 @@ on: env: IMAGE_NAME: "isogenerator" IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + FLATPAK_REFS: app/org.videolan.VLC/x86_64/stable runtime/org.kde.Platform/x86_64/5.15-23.08 jobs: - push-image: + build-image: name: Build and push container image runs-on: ubuntu-22.04 permissions: @@ -27,7 +28,7 @@ jobs: strategy: fail-fast: false matrix: - version: + version: - 38 - 39 - 40 @@ -39,6 +40,8 @@ jobs: # Checkout push-to-registry action GitHub repository - name: Checkout Push to Registry action uses: actions/checkout@v4 + with: + submodules: recursive - name: Generate tags id: generate-tags @@ -172,15 +175,64 @@ jobs: COSIGN_EXPERIMENTAL: false COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} + build-and-push-iso: + name: Build ISO + runs-on: ubuntu-latest + needs: build-image + permissions: + contents: read + packages: write + strategy: + fail-fast: false + matrix: + version: [38, 39] + boot: [secureboot, insecure] + include: + - boot: secureboot + SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' + ENROLLMENT_PASSWORD: 'ublue-os' + SECURE_BOOT_STRING: '-secure' + - boot: insecure + SECURE_BOOT_KEY_URL: '' + ENROLLMENT_PASSWORD: '' + SECURE_BOOT_STRING: '' + + steps: + - name: Build ISO + id: build-iso + uses: ./ + with: + ARCH: 'x86_64' + IMAGE_NAME: 'base-main' + IMAGE_REPO: 'ghcr.io/ublue-os' + VARIANT: 'Kinoite' + VERSION: ${{ matrix.version }} + SECURE_BOOT_KEY_URL: ${{ matrix.SECURE_BOOT_KEY_URL }} + ENROLLMENT_PASSWORD: ${{ matrix.ENROLLMENT_PASSWORD }} + FLATPAK_REMOTE_REFS: ${{ env.FLATPAK_REFS }} + + - name: Upload ISO as artifact + uses: actions/upload-artifact@v4 + with: + name: base-main-${{ matrix.version }}${{ matrix.SECURE_BOOT_STRING }}.iso + path: | + ${{ steps.build-iso.outputs.iso-path }} + ${{ steps.build-iso.outputs.checksum-path }} + if-no-files-found: error + retention-days: 0 + compression-level: 0 + overwrite: true + check: name: Check build successful if: ${{ !cancelled() }} runs-on: ubuntu-latest needs: - - push-image + - build-image + - build-and-push-iso steps: - name: Exit on failure for main - if: ${{ needs.push-image.result == 'failure' || needs.push-image.result == 'skipped' }} + if: ${{ needs.build-image.result == 'failure' || needs.build-image.result == 'skipped' || needs.build-and-push-iso.result == 'failure' || needs.build-and-push-iso.result == 'skipped' }} shell: bash run: exit 1 - name: Exit diff --git a/.github/workflows/test-iso.yml b/.github/workflows/test-iso.yml deleted file mode 100644 index 89c3acde..00000000 --- a/.github/workflows/test-iso.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: Test Generate ISO - -on: - merge_group: - pull_request: - branches: - - main - paths-ignore: - - 'Containerfile' - - '*.md' - - 'LICENSE' - - 'CODEOWNERS' - workflow_dispatch: - -jobs: - build-and-push-iso: - name: Build ISO - runs-on: ubuntu-latest - container: - image: fedora:39 - options: "--privileged" - volumes: - - "/:/host" - permissions: - contents: read - packages: write - strategy: - fail-fast: false - matrix: - version: [38, 39] - boot: [secureboot, insecure] - include: - - boot: secureboot - SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der' - ENROLLMENT_PASSWORD: 'ublue-os' - SECURE_BOOT_STRING: '-secure' - - boot: insecure - SECURE_BOOT_KEY_URL: '' - ENROLLMENT_PASSWORD: '' - SECURE_BOOT_STRING: '' - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Build ISO - id: build-iso - uses: ./ - with: - ARCH: 'x86_64' - IMAGE_NAME: 'base-main' - IMAGE_REPO: 'ghcr.io/ublue-os' - VARIANT: 'Kinoite' - VERSION: ${{ matrix.version }} - SECURE_BOOT_KEY_URL: ${{ matrix.SECURE_BOOT_KEY_URL }} - ENROLLMENT_PASSWORD: ${{ matrix.ENROLLMENT_PASSWORD }} - - - name: Upload ISO as artifact - uses: actions/upload-artifact@v4 - with: - name: base-main-${{ matrix.version }}${{ matrix.SECURE_BOOT_STRING }}.iso - path: | - ${{ steps.build-iso.outputs.iso-path }} - ${{ steps.build-iso.outputs.checksum-path }} - if-no-files-found: error - retention-days: 0 - compression-level: 0 - overwrite: true - - check: - name: Check build successful - if: ${{ !cancelled() }} - runs-on: ubuntu-latest - needs: - - build-and-push-iso - steps: - - name: Exit on failure for main - if: ${{ needs.build-and-push-iso.result == 'failure' || needs.build-and-push-iso.result == 'skipped' }} - shell: bash - run: exit 1 - - name: Exit - shell: bash - run: exit 0 diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..fe512402 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "external/fedora-lorax-templates"] + path = external/fedora-lorax-templates + url = https://pagure.io/fedora-lorax-templates.git + branch = f39 diff --git a/Containerfile b/Containerfile index a6a6045a..2150376d 100644 --- a/Containerfile +++ b/Containerfile @@ -15,6 +15,7 @@ ENV VERSION="${VERSION}" ENV WEB_UI="false" ENV SECURE_BOOT_KEY_URL="" ENV ENROLLMENT_PASSWORD="ublue-os" +ENV FLATPAK_REMOTE_REFS="" COPY ./ /isogenerator WORKDIR /isogenerator diff --git a/Makefile b/Makefile index 33cb762c..cd7f73e7 100644 --- a/Makefile +++ b/Makefile @@ -10,6 +10,11 @@ VARIANT = Kinoite WEB_UI = false ENROLLMENT_PASSWORD = ublue-os SECURE_BOOT_KEY_URL = +FLATPAK_REMOTE_NAME = flathub +FLATPAK_REMOTE_URL = https://flathub.org/repo/flathub.flatpakrepo +FLATPAK_REMOTE_REFS = +FLATPAK_TEMPLATE = $(_BASE_DIR)/external/fedora-lorax-templates/ostree-based-installer/lorax-embed-flatpaks.tmpl +ROOTFS_SIZE = 8 # Generated vars ## Formatting = _UPPERCASE @@ -28,6 +33,10 @@ ifeq ($(WEB_UI),true) _LORAX_ARGS += -i anaconda-webui endif +ifneq ($(FLATPAK_REMOTE_REFS),) +_LORAX_ARGS += -i flatpak-libs +endif + # Step 7: Move end ISO to root ## Default action $(IMAGE_NAME)-$(IMAGE_TAG).iso: output/$(IMAGE_NAME)-$(IMAGE_TAG).iso @@ -85,9 +94,14 @@ boot.iso: lorax_templates/set_installer.tmpl lorax_templates/configure_upgrades. $(_LORAX_ARGS) \ --repo /etc/yum.repos.d/fedora.repo \ --repo /etc/yum.repos.d/fedora-updates.repo \ + --rootfs-size=$(ROOTFS_SIZE) \ --add-template $(_BASE_DIR)/lorax_templates/set_installer.tmpl \ - --add-template $(_BASE_DIR)/lorax_templates/configure_upgrades.tmpl \ - --add-template $(_BASE_DIR)/lorax_templates/secure_boot_key.tmpl \ + --add-template $(_BASE_DIR)/lorax_templates/configure_upgrades.tmpl \ + --add-template $(_BASE_DIR)/lorax_templates/secure_boot_key.tmpl \ + --add-template $(FLATPAK_TEMPLATE) \ + --add-template-var "flatpak_remote_name=$(FLATPAK_REMOTE_NAME)" \ + --add-template-var "flatpak_remote_url=$(FLATPAK_REMOTE_URL)" \ + --add-template-var "flatpak_remote_refs=$(FLATPAK_REMOTE_REFS)" \ $(_BASE_DIR)/results/ mv $(_BASE_DIR)/results/images/boot.iso $(_BASE_DIR)/ @@ -99,7 +113,7 @@ container/$(IMAGE_NAME)-$(IMAGE_TAG): podman rmi $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) install-deps: - dnf install -y lorax xorriso podman git + dnf install -y lorax xorriso podman git flatpak dbus-daemon ostree # Step 4: Generate xorriso script xorriso/%.sh: xorriso/%.sh.in diff --git a/action.yml b/action.yml index edff1ab1..419d2a13 100644 --- a/action.yml +++ b/action.yml @@ -45,6 +45,18 @@ inputs: ACTION_REF: deprecationMessage: This variable is no longer used and will be removed in a future version required: false + FLATPAK_REMOTE_NAME: + description: Name of the Flatpak remote repo + required: false + default: "flathub" + FLATPAK_REMOTE_URL: + description: The URL of the Flatpak remote flatpakrepo file + required: false + default: https://flathub.org/repo/flathub.flatpakrepo + FLATPAK_REMOTE_REFS: + description: Space delimited list of refs to the flatpak packages to install + required: false + default: "" outputs: output-directory: @@ -57,82 +69,26 @@ outputs: runs: using: composite steps: - - name: Cleanup host - shell: bash - run: | - if [[ -d /host ]] - then - df -h /host - # Remove Android Library - rm -Rf /host/usr/local/lib/android - # Remove .NET runtime - rm -Rf /host/usr/share/dotnet - # Remove Haskell runtime - rm -rf /host/opt/ghc - rm -rf /host/usr/local/.ghcup - chroot /host docker image prune --all --force - df -h /host - else - echo "Host must be mounted as /host in order to make more space" - fi - - - name: Install Make - shell: bash - run: dnf install -y make - - - name: Install dependencies - shell: bash - working-directory: ${{ github.action_path }} - run: make install-deps - - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v6 - with: - string: ${{ inputs.IMAGE_REPO }} - - - name: Download image - shell: bash - working-directory: ${{ github.action_path }} - run: | - make container/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }} \ - ARCH=${{ inputs.ARCH }} \ - IMAGE_NAME=${{ inputs.IMAGE_NAME }} \ - IMAGE_REPO=${{ steps.registry_case.outputs.lowercase }} \ - IMAGE_TAG=${{ inputs.IMAGE_TAG || inputs.VERSION }} \ - VARIANT=${{ inputs.VARIANT }} \ - VERSION=${{ inputs.VERSION }} \ - WEB_UI=${{ inputs.WEB_UI }} - - - name: Create boot.iso - shell: bash - working-directory: ${{ github.action_path }} - run: | - make boot.iso \ - ARCH=${{ inputs.ARCH }} \ - IMAGE_NAME=${{ inputs.IMAGE_NAME }} \ - IMAGE_REPO=${{ steps.registry_case.outputs.lowercase }} \ - IMAGE_TAG=${{ inputs.IMAGE_TAG || inputs.VERSION }} \ - VARIANT=${{ inputs.VARIANT }} \ - VERSION=${{ inputs.VERSION }} \ - WEB_UI=${{ inputs.WEB_UI }} \ - EXTRA_BOOT_PARAMS=${{ inputs.EXTRA_BOOT_PARAMS }} \ - SECURE_BOOT_KEY_URL=${{ inputs.SECURE_BOOT_KEY_URL }} \ - ENROLLMENT_PASSWORD=${{ inputs.ENROLLMENT_PASSWORD }} - - - name: Create deploy.iso and generate sha256 checksum + - name: Run docker image and generate sha256 checksum shell: bash id: final working-directory: ${{ github.action_path }} run: | - make ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso \ - ARCH=${{ inputs.ARCH }} \ - IMAGE_NAME=${{ inputs.IMAGE_NAME }} \ - IMAGE_REPO=${{ steps.registry_case.outputs.lowercase }} \ - IMAGE_TAG=${{ inputs.IMAGE_TAG || inputs.VERSION }} \ - VARIANT=${{ inputs.VARIANT }} \ - VERSION=${{ inputs.VERSION }} \ - WEB_UI=${{ inputs.WEB_UI }} + # Check if running inside of the action repo + if [[ -z "${{ github.action_ref }}" ]]; then if [[ "${{ github.ref_name }}" =~ (.*)/merge ]]; then tag=pr-${BASH_REMATCH[1]}; else tag=${{ github.ref_name }}; fi; fi + if [[ -z "${tag}" ]]; then tag=${{ github.action_ref }}; fi + docker run --privileged --volume .:/isogenerator/output \ + -e ARCH=${{ inputs.arch }} \ + -e IMAGE_NAME=${{ inputs.image_name }} \ + -e IMAGE_REPO=${{ inputs.image_repo }} \ + -e VARIANT=${{ inputs.variant }} \ + -e VERSION=${{ inputs.version }} \ + -e IMAGE_TAG=${{ inputs.image_tag || inputs.version }} \ + -e WEB_UI=${{ inputs.web_ui }} \ + -e FLATPAK_REMOTE_NAME=${{ inputs.flatpak_remote_name }} \ + -e FLATPAK_REMOTE_URL=${{ inputs.flatpak_remote_url }} \ + -e FLATPAK_REMOTE_REFS="${{ inputs.flatpak_remote_refs }}" \ + ghcr.io/jasonn3/build-container-installer:${tag} mkdir end_iso sha256sum ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso > ./end_iso/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}-CHECKSUM mv ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso end_iso/ diff --git a/entrypoint.sh b/entrypoint.sh index 27160e89..e736547d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -14,4 +14,5 @@ make output/${IMAGE_NAME}-${IMAGE_TAG}.iso \ VARIANT=${VARIANT} \ WEB_UI=${WEB_UI} \ SECURE_BOOT_KEY_URL=${SECURE_BOOT_KEY_URL} \ - ENROLLMENT_PASSWORD=${ENROLLMENT_PASSWORD} + ENROLLMENT_PASSWORD=${ENROLLMENT_PASSWORD} \ + FLATPAK_REMOTE_REFS="${FLATPAK_REMOTE_REFS}" diff --git a/external/fedora-lorax-templates b/external/fedora-lorax-templates new file mode 160000 index 00000000..cc115537 --- /dev/null +++ b/external/fedora-lorax-templates @@ -0,0 +1 @@ +Subproject commit cc1155372046baa58f9d2cc27a9e5473bf05a3fb