diff --git a/.github/workflows/fcos-podman-next-build.yml b/.github/workflows/fcos-podman-next-build.yml index cb24a46fdf2f..eabad4ac424b 100644 --- a/.github/workflows/fcos-podman-next-build.yml +++ b/.github/workflows/fcos-podman-next-build.yml @@ -9,7 +9,8 @@ on: - cron: '0 0 * * *' env: - IMAGE_NAME: fcos + FCOS_IMAGE_NAME: fcos + MACHINE_IMAGE_NAME: machine-images # IMAGE_ARCHS has to be comma separated IMAGE_ARCHS: amd64, arm64 IMAGE_REGISTRY: quay.io/podman @@ -32,6 +33,10 @@ jobs: run: | pip3 install git+https://github.com/packit/wait-for-copr.git@main + - name: Set up cosa + run: | + # TBD + - name: Check out code uses: actions/checkout@v4 @@ -63,6 +68,12 @@ jobs: org.opencontainers.image.description=FCOS image with rpms from rhcontainerbot/podman-next copr org.opencontainers.image.revision=${{ github.sha }} + - name: Build Machine images + run: | + # TBD + + - name: Add Machine images to Manifest + # TBD - name: Echo Outputs run: | diff --git a/.github/workflows/machine-images.yml b/.github/workflows/machine-images.yml new file mode 100644 index 000000000000..e8cc717116ff --- /dev/null +++ b/.github/workflows/machine-images.yml @@ -0,0 +1,103 @@ +workflow_dispatch: false + +name: MACHINE IMAGE TRIAL + +on: + pull_request: + branches: + - main + +env: + MANIFEST_ADD_ARGS: --artifact --artifact-type="" --artifact-config-type="application/vnd.oci.image.config.v1+json" --artifact-layer-type=application/vnd.oci.image.layer.v1.tar --os=linux --arch=x86_64 + +defaults: + run: + shell: bash -l {0} + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Install qemu dependency + run: | + sudo apt update + sudo apt -y install qemu-user-static + + - name: Delete hostedtoolcache + run: rm -rf /opt/hostedtoolcache + + - name: Check out code + uses: actions/checkout@v4 + + - name: Pull coreos-assembler image + run: podman pull quay.io/coreos-assembler/coreos-assembler + + - name: create fcos work dir + run: mkdir ./fcos + + - name: Cosa init + run: | + source ./contrib/podman-next/fcos-podmanimage/cosa-snippet + cd fcos + cosa init --branch podman-next https://github.com/lsm5/fedora-coreos-config + + - name: Cosa Fetch + run: | + source ./contrib/podman-next/fcos-podmanimage/cosa-snippet + cd fcos + cosa fetch --update-lockfile + + - name: Cosa Build Qcow2 + run: | + source ./contrib/podman-next/fcos-podmanimage/cosa-snippet + cd fcos + cosa build + + - name: Cosa Build Hyperv + run: | + source ./contrib/podman-next/fcos-podmanimage/cosa-snippet + cd fcos + cosa buildextend-hyperv + + - name: Cosa Build Applehv + run: | + source ./contrib/podman-next/fcos-podmanimage/cosa-snippet + cd fcos + cosa buildextend-applehv + + - name: Cosa Compress Qcow2 + run: | + source ./contrib/podman-next/fcos-podmanimage/cosa-snippet + cd fcos + cosa compress + + - name: Create manifest + run: buildah manifest create quay.io/podman/machine-images:5.0 + + - name: Add Qcow2 to manifest + run: | + cd ./fcos/builds/latest/x86_64 + echo "QCOW_IMAGE_X86_64=$(ls | grep qcow2.xz)" >> $GITHUB_ENV + buildah manifest add --artifact --artifact-type="" --artifact-config-type="application/vnd.oci.image.config.v1+json" --artifact-layer-type=application/vnd.oci.image.layer.v1.tar --os=linux --arch=x86_64 --annotation "disktype=qemu" quay.io/podman/machine-images:5.0 ${{ env.QCOW_IMAGE }} + + - name: Add Applehv to manifest + run: | + cd ./fcos/builds/latest/x86_64 + echo "APPLEHV_IMAGE=$(ls | grep applehv.x86_64.raw.gz)" >> $GITHUB_ENV + buildah manifest add --artifact --artifact-type="" --artifact-config-type="application/vnd.oci.image.config.v1+json" --artifact-layer-type=application/vnd.oci.image.layer.v1.tar --os=linux --arch=x86_64 --annotation "disktype=applehv" quay.io/podman/machine-images:5.0 ${{ env.APPLEHV_IMAGE }} + + - name: Add Hyperv to manifest + run: | + cd ./fcos/builds/latest/x86_64 + echo "HYPERV_IMAGE=$(ls | grep hyperv.x86_64.vhdx.zip)" >> $GITHUB_ENV + buildah manifest add --artifact --artifact-type="" --artifact-config-type="application/vnd.oci.image.config.v1+json" --artifact-layer-type=application/vnd.oci.image.layer.v1.tar --os=linux --arch=x86_64 --annotation "disktype=hyperv" quay.io/podman/machine-images:5.0 ${{ env.HYPERV_IMAGE }} + + - name: Push to Quay + uses: redhat-actions/push-to-registry@v2 + with: + image: machine-images + tags: 5.0 + registry: quay.io/podman + username: ${{ secrets.QUAY_PODMAN_USERNAME }} + password: ${{ secrets.QUAY_PODMAN_PASSWORD }} diff --git a/.github/workflows/new-machine-image.yml b/.github/workflows/new-machine-image.yml new file mode 100644 index 000000000000..0efcfecfb48f --- /dev/null +++ b/.github/workflows/new-machine-image.yml @@ -0,0 +1,110 @@ +name: MACHINE IMAGE FROM FCOS IAMGE + +on: + pull_request: + branches: + main + +env: + FCOS_IMAGE_NAME: fcos + MACHINE_IMAGE_NAME: machine-images + # IMAGE_ARCHS has to be comma separated + IMAGE_ARCHS: amd64, arm64 + IMAGE_REGISTRY: quay.io/podman + COPR_OWNER: rhcontainerbot + COPR_PROJECT: podman-next + +jobs: + fcos-podman-next-image-build: + runs-on: ubuntu-latest + + steps: + - name: Install qemu dependency + run: | + sudo apt update + sudo apt -y install qemu-user-static + + - name: Set up wait-for-copr + # Do not run on scheduled nightly builds + if: ${{ github.event_name != 'schedule' }} + run: | + pip3 install git+https://github.com/packit/wait-for-copr.git@main + + - name: Check out code + uses: actions/checkout@v4 + + - name: Get short SHA from HEAD + #run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV" + # USE A KNOWN BUILT COMMIT FOR TESTING + run: echo "SHORT_SHA=f756e5db6" >> "$GITHUB_ENV" + id: short_sha + + - name: Wait for successful podman-next build with the latest commit + # Do not run on scheduled nightly builds + if: ${{ github.event_name != 'schedule' }} + run: | + # TODO: add this in the Containerfile itself or as a --build-arg + wait-for-copr --owner ${{ env.COPR_OWNER }} --project ${{ env.COPR_PROJECT }} podman ${{ env.SHORT_SHA }} + echo "podman-next build with ${{ env.SHORT_SHA }} successful." + + - name: Build FCOS Image + id: build_image_multiarch + # Ref: https://github.com/redhat-actions/buildah-build + uses: redhat-actions/buildah-build@v2 + with: + image: ${{ env.IMAGE_NAME }} + tags: ${{ env.COPR_PROJECT }} podman-${{ env.SHORT_SHA }} + archs: ${{ env.IMAGE_ARCHS }} + containerfiles: ./contrib/podman-next/fcos-podmanimage/Containerfile + labels: | + org.opencontainers.image.title=fcos-podman-next image + org.opencontainers.image.source=https://raw.githubusercontent.com/${{ github.repository }}/${{ github.sha }}/contrib/podman-next/fcos-podmanimage/Containerfile + org.opencontainers.image.url=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + org.opencontainers.image.description=FCOS image with rpms from rhcontainerbot/podman-next copr + org.opencontainers.image.revision=${{ github.sha }} + + - name: Echo Outputs + run: | + echo "Image: ${{ steps.build_image_multiarch.outputs.image }}" + echo "Tags: ${{ steps.build_image_multiarch.outputs.tags }}" + echo "Tagged Image: ${{ steps.build_image_multiarch.outputs.image-with-tag }}" + + - name: Check images created + run: buildah images | grep '${{ env.IMAGE_NAME }}' + + - name: Check image metadata + run: | + set -x + # COPR_PROJECT envvar is used for the `podman-next` floating tag + buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.COPR_PROJECT }} | jq ".OCIv1.architecture" + buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:${{ env.COPR_PROJECT }} | jq ".Docker.architecture" + buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:podman-${{ env.SHORT_SHA }} | jq ".OCIv1.architecture" + buildah inspect ${{ steps.build_image_multiarch.outputs.image }}:podman-${{ env.SHORT_SHA }} | jq ".Docker.architecture" + + - name: Run image + run: podman run --privileged --rm ${{ steps.build_image_multiarch.outputs.image-with-tag }} podman system info + + - name: Schedule test on Testing Farm + uses: sclorg/testing-farm-as-github-action@v2.0.1 + with: + api_key: ${{ secrets.TF_API_KEY }} + git_url: https://github.com/sclorg/sclorg-testing-farm + tmt_plan_regex: "machine-image" + update_pull_request_status: "false" + + # - name: Build Machine images + #run: | + + #- name: Add Machine images to Manifest + # TBD + + #- name: Push to Quay + #id: push-to-quay + # Ref: https://github.com/redhat-actions/push-to-registry + #uses: redhat-actions/push-to-registry@v2 + #with: + # image: ${{ env.MACHINE_IMAGE_NAME }} + # tags: ${{ steps.build_image_multiarch.outputs.tags }} + # registry: ${{ env.IMAGE_REGISTRY }} + # username: ${{ secrets.QUAY_PODMAN_USERNAME }} + # password: ${{ secrets.QUAY_PODMAN_PASSWORD }} diff --git a/.packit.yaml b/.packit.yaml index 45d14a003663..9c31c8cd3ff5 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -14,54 +14,54 @@ actions: - "bash .packit.sh" jobs: - - job: copr_build - trigger: pull_request - notifications: - failure_comment: - message: "Ephemeral COPR build failed. @containers/packit-build please check." - enable_net: true - targets: - - fedora-all-x86_64 - - fedora-all-aarch64 - - fedora-eln-x86_64 - - fedora-eln-aarch64 - - centos-stream+epel-next-8-x86_64 - - centos-stream+epel-next-8-aarch64 - - centos-stream+epel-next-9-x86_64 - - centos-stream+epel-next-9-aarch64 - additional_repos: - - "copr://rhcontainerbot/podman-next" + # - job: copr_build + # trigger: pull_request + # #notifications: + #failure_comment: + # message: "Ephemeral COPR build failed. @containers/packit-build please check." + # enable_net: true + #targets: + #- fedora-all-x86_64 + #- fedora-all-aarch64 + #- fedora-eln-x86_64 + # - fedora-eln-aarch64 + #- centos-stream+epel-next-8-x86_64 + #- centos-stream+epel-next-8-aarch64 + # - centos-stream+epel-next-9-x86_64 + #- centos-stream+epel-next-9-aarch64 + #additional_repos: + # - "copr://rhcontainerbot/podman-next" # Run on commit to main branch - job: copr_build trigger: commit - notifications: - failure_comment: - message: "podman-next COPR build failed. @containers/packit-build please check." + #notifications: + #failure_comment: + # message: "podman-next COPR build failed. @containers/packit-build please check." branch: main owner: rhcontainerbot project: podman-next enable_net: true - - job: tests - identifier: cockpit-revdeps - trigger: pull_request - notifications: - failure_comment: - message: "Cockpit tests failed for commit {commit_sha}. @martinpitt, @jelly, @mvollmer please check." - targets: - - fedora-latest-stable - - fedora-development - tf_extra_params: - environments: - - artifacts: - - type: repository-file - id: https://copr.fedorainfracloud.org/coprs/g/cockpit/main-builds/repo/fedora-$releasever/group_cockpit-main-builds-fedora-$releasever.repo - - type: repository-file - id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo - tmt: - context: - revdeps: "yes" + # - job: tests + #identifier: cockpit-revdeps + #trigger: pull_request + #notifications: + #failure_comment: + # message: "Cockpit tests failed for commit {commit_sha}. @martinpitt, @jelly, @mvollmer please check." + #targets: + #- fedora-latest-stable + #- fedora-development + #tf_extra_params: + # environments: + # - artifacts: + # - type: repository-file + # id: https://copr.fedorainfracloud.org/coprs/g/cockpit/main-builds/repo/fedora-$releasever/group_cockpit-main-builds-fedora-$releasever.repo + # - type: repository-file + #id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo + #tmt: + #context: + # revdeps: "yes" - job: propose_downstream trigger: release diff --git a/contrib/machine-os-disks/build-podman-machine-os-disks.sh b/contrib/machine-os-disks/build-podman-machine-os-disks.sh new file mode 100644 index 000000000000..78f3190b39f6 --- /dev/null +++ b/contrib/machine-os-disks/build-podman-machine-os-disks.sh @@ -0,0 +1,130 @@ +#!/usr/bin/bash +set -x -euo pipefail + +# Run this script on a fully up to date Fedora 39 VM with SELinux +# in permissive mode and the following tools installed: +# sudo dnf install --enablerepo=updates-testing -y osbuild osbuild-tools osbuild-ostree jq xfsprogs e2fsprogs +# +# Invocation of the script would look something like this: +# +# sudo ./build-podman-machine-os-disks.sh \ +# /path/to/podman-50-20240216.ociarchive qemu +# +# And it will create the output file in the current directory: +# podman-50-20240216.ociarchive.x86_64.qemu.qcow2 +# +# Another option is to specify no platform and it will create all of +# them that are configured: +# +# sudo ./build-podman-machine-os-disks.sh \ +# /path/to/podman-50-20240216.ociarchive +# +# And it will create the output file in the current directory: +# podman-50-20240216.ociarchive.x86_64.applehv.raw +# podman-50-20240216.ociarchive.x86_64.hyperv.vhdx +# podman-50-20240216.ociarchive.x86_64.qemu.qcow2 + +ARCH=$(arch) +OCIARCHIVE=$1 +PLATFORM="${2:-}" # Optional + +check_rpm() { + req=$1 + if ! rpm -q "$req" &>/dev/null; then + echo "No $req. Can't continue" 1>&2 + return 1 + fi +} + +check_rpms() { + reqs=(osbuild osbuild-tools osbuild-ostree jq xfsprogs e2fsprogs) + for req in "${reqs[@]}"; do + check_rpm "$req" + done +} + +main() { + + # Make sure RPMs are installed + check_rpms + # Make sure SELinux is permissive + if [ "$(getenforce)" != "Permissive" ]; then + echo "SELinux needs to be set to permissive mode" + exit 1 + fi + # Make sure we are effectively `root` + if [ $UID -ne 0 ]; then + echo "OSBuild needs to run with root permissions" + exit 1 + fi + # Make sure the given file exists + if [ ! -f $OCIARCHIVE ]; then + echo "need to pass in full path to .ociarchive file" + exit 1 + fi + # Convert it to an absolute path + OCIARCHIVE=$(readlink -f $OCIARCHIVE) + + # Make a local tmpdir + mkdir -p tmp; rm -f tmp/* + + # Freeze on specific version for now to increase stability. + #gitreporef="main" + gitreporef="74395f97327e0927a82707ca6f59f93b169c4286" + gitrepotld="https://raw.githubusercontent.com/coreos/coreos-assembler/${gitreporef}/" + pushd ./tmp + curl -LO --fail "${gitrepotld}/src/runvm-osbuild" + chmod +x runvm-osbuild + for manifest in "coreos.osbuild.${ARCH}.mpp.yaml" platform.{applehv,hyperv,qemu,gcp}.ipp.yaml; do + curl -LO --fail "${gitrepotld}/src/osbuild-manifests/${manifest}" + done + popd + + if [ "${PLATFORM:-}" == "" ]; then + platforms=(applehv hyperv qemu) + else + platforms=($PLATFORM) + fi + + for platform in "${platforms[@]}"; do + + suffix= + case $platform in + applehv) + suffix=raw + ;; + hyperv) + suffix=vhdx + ;; + qemu) + suffix=qcow2 + ;; + *) + echo "unknown platform provided" + exit 1 + ;; + esac + outfile="./$(basename $OCIARCHIVE).${ARCH}.${platform}.${suffix}" + + cat > tmp/diskvars.json << EOF +{ + "osname": "fedora-coreos", + "deploy-via-container": "true", + "ostree-container": "${OCIARCHIVE}", + "image-type": "${platform}", + "container-imgref": "ostree-remote-registry:fedora:quay.io/containers/podman-machine-os:5.0", + "metal-image-size": "3072", + "cloud-image-size": "10240" +} +EOF + ./tmp/runvm-osbuild \ + --config tmp/diskvars.json \ + --filepath "./${outfile}" \ + --mpp "tmp/coreos.osbuild.${ARCH}.mpp.yaml" + echo "Created $platform image file at: ${outfile}" + done + + rm -f tmp/*; rmdir tmp # Cleanup +} + +main "$@" diff --git a/contrib/podman-next/fcos-podmanimage/cosa-snippet b/contrib/podman-next/fcos-podmanimage/cosa-snippet new file mode 100644 index 000000000000..24695eaf0688 --- /dev/null +++ b/contrib/podman-next/fcos-podmanimage/cosa-snippet @@ -0,0 +1,28 @@ + +cosa() { + env | grep COREOS_ASSEMBLER + local -r COREOS_ASSEMBLER_CONTAINER_LATEST="quay.io/coreos-assembler/coreos-assembler:latest" + if [[ -z ${COREOS_ASSEMBLER_CONTAINER} ]] && $(podman image exists ${COREOS_ASSEMBLER_CONTAINER_LATEST}); then + local -r cosa_build_date_str="$(podman inspect -f "{{.Created}}" ${COREOS_ASSEMBLER_CONTAINER_LATEST} | awk '{print $1}')" + local -r cosa_build_date="$(date -d ${cosa_build_date_str} +%s)" + if [[ $(date +%s) -ge $((cosa_build_date + 60*60*24*7)) ]] ; then + echo -e "\e[0;33m----" >&2 + echo "The COSA container image is more that a week old and likely outdated." >&2 + echo "You should pull the latest version with:" >&2 + echo "podman pull ${COREOS_ASSEMBLER_CONTAINER_LATEST}" >&2 + echo -e "----\e[0m" >&2 + sleep 10 + fi + fi + set -x + podman run --rm --security-opt=label=disable --privileged \ + --uidmap=1000:0:1 --uidmap=0:1:1000 --uidmap=1001:1001:64536 \ + -v=${PWD}:/srv/ -e COSA_NO_KVM=1 --device=/dev/fuse \ + --tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa \ + ${COREOS_ASSEMBLER_CONFIG_GIT:+-v=$COREOS_ASSEMBLER_CONFIG_GIT:/srv/src/config/:ro} \ + ${COREOS_ASSEMBLER_GIT:+-v=$COREOS_ASSEMBLER_GIT/src/:/usr/lib/coreos-assembler/:ro} \ + ${COREOS_ASSEMBLER_ADD_CERTS:+-v=/etc/pki/ca-trust:/etc/pki/ca-trust:ro} \ + ${COREOS_ASSEMBLER_CONTAINER_RUNTIME_ARGS} \ + ${COREOS_ASSEMBLER_CONTAINER:-$COREOS_ASSEMBLER_CONTAINER_LATEST} "$@" + rc=$?; set +x; return $rc +}