Skip to content
This repository has been archived by the owner on Jul 8, 2024. It is now read-only.

Commit

Permalink
initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@getchoo
getchoo committed Jan 20, 2024
0 parents commit 1cb0011
Show file tree
Hide file tree
Showing 20 changed files with 844 additions and 0 deletions.
8 changes: 8 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
commit-message:
prefix: "deps(actions)"
27 changes: 27 additions & 0 deletions .github/workflows/autobot.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Auto-merge Dependabot

on: pull_request

jobs:
automerge:
name: Check and merge PR
runs-on: ubuntu-latest

permissions:
contents: write
pull-requests: write

if: github.actor == 'dependabot[bot]'

steps:
- uses: dependabot/fetch-metadata@v1
id: metadata
with:
github-token: ${{ github.token }}

- name: Enable auto-merge
if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
run: gh pr merge --auto --rebase "$PR"
env:
GH_TOKEN: ${{ github.token }}
PR: ${{ github.event.pull_request.html_url }}
305 changes: 305 additions & 0 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,305 @@
name: Build Images

on:
push:
branches: [main]
schedule:
- cron: "0 0 * * *"
pull_request:
workflow_dispatch:

env:
REGISTRY: ghcr.io

jobs:
akmods:
name: Akmods Image
runs-on: ubuntu-latest

permissions:
contents: read
id-token: write
packages: write

env:
IMAGE_NAME: akmods
FEDORA_VERSION: 39
NVIDIA_VERSION: 535

steps:
- uses: actions/checkout@v4

- name: Extract metadata
id: metadata
uses: docker/metadata-action@v5
with:
images: |
${{ env.IMAGE_NAME }}
tags: |
type=sha
type=ref,event=branch
type=ref,event=pr
type=schedule,pattern={{date 'YYYYMMDD'}}
- name: Generate extra tags
id: extra-tags
run: |
timestamp="$(date +%Y%m%d)"
tag="$IMAGE_NAME:$FEDORA_VERSION-$NVIDIA_VERSION"
tags=("$tag" "$tag-$timestamp")
echo "tags=${tags[*]}" >> "$GITHUB_OUTPUT"
- name: Get akmods signing key
if: github.event_name != 'pull_request'
env:
AKMODS_KEY: ${{ secrets.AKMODS_KEY }}
run: |
echo "$AKMODS_KEY" > akmods/certs/private_key.priv
- name: Build image
id: build
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./akmods/Containerfile
image: ${{ env.IMAGE_NAME }}
context: ./akmods
tags: |
${{ steps.metadata.outputs.tags }}}
${{ steps.extra-tags.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
build-args: |
FEDORA_VERSION=${{ env.FEDORA_VERSION }}
NVIDIA_VERSION=${{ env.NVIDIA_VERSION }}
- name: Push to registry
id: push
if: github.event_name != 'pull_request'
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build.outputs.image }}
tags: ${{ steps.build.outputs.tags }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
extra-args: |
--disable-content-trust
- name: Login to registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}

- name: Install cosign
if: github.event_name == 'pull_request'
uses: sigstore/cosign-installer@v3

- name: Sign image
if: github.event_name == 'pull_request'
env:
DIGEST: ${{ steps.push.outputs.digest }}
TAGS: ${{ steps.build.outputs.tags }}
run: |
images=()
for tag in "${TAGS[@]}"; do
images+=("$tag@$DIGEST")
done
cosign sign --yes "${images[@]}"
base:
name: Base Image
runs-on: ubuntu-latest

permissions:
contents: read
id-token: write
packages: write

strategy:
fail-fast: false
matrix:
include:
- image_name: getchblue
fedora_version: 39
image_flavor: silverblue

steps:
- uses: actions/checkout@v4

- name: Extract metadata
id: metadata
uses: docker/metadata-action@v5
with:
images: |
${{ matrix.image_name }}
tags: |
type=sha,
type=ref,event=branch
type=ref,event=pr
type=schedule,pattern={{date 'YYYYMMDD'}}
- name: Generate extra tags
id: extra-tags
env:
IMAGE_NAME: ${{ matrix.image_name }}
FEDORA_VERSION: ${{ matrix.fedora_version }}
run: |
timestamp="$(date +%Y%m%d)"
tag="$IMAGE_NAME:$FEDORA_VERSION"
tags=("$tag" "$tag-$timestamp")
echo "tags=${tags[*]}" >> "$GITHUB_OUTPUT"
- name: Build image
id: build
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./Containerfile
image: ${{ matrix.image_name }}
context: .
tags: |
${{ steps.metadata.outputs.tags }}}
${{ steps.extra-tags.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
build-args: |
FEDORA_VERSION=${{ matrix.fedora_version }}
IMAGE_FLAVOR=${{ matrix.image_flavor }}
- name: Push to registry
id: push
if: github.event_name != 'pull_request'
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build.outputs.image }}
tags: ${{ steps.build.outputs.tags }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
extra-args: |
--disable-content-trust
- name: Login to registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}

- name: Install cosign
if: github.event_name == 'pull_request'
uses: sigstore/cosign-installer@v3

- name: Sign image
if: github.event_name == 'pull_request'
env:
DIGEST: ${{ steps.push.outputs.digest }}
TAGS: ${{ steps.build.outputs.tags }}
run: |
images=()
for tag in "${TAGS[@]}"; do
images+=("$tag@$DIGEST")
done
cosign sign --yes "${images[@]}"
nvidia:
name: NVIDIA Image
runs-on: ubuntu-latest
needs: [akmods, base]

strategy:
fail-fast: false
matrix:
include:
- image_name: getchblue-nvidia
fedora_version: 39
image_flavor: getchblue
nvidia_version: 535

permissions:
contents: read
id-token: write
packages: write

steps:
- uses: actions/checkout@v4

- name: Extract metadata
id: metadata
uses: docker/metadata-action@v5
with:
images: |
${{ matrix.image_name }}
tags: |
type=sha
type=ref,event=branch
type=ref,event=pr
type=schedule,pattern={{date 'YYYYMMDD'}}
- name: Generate extra tags
id: extra-tags
env:
IMAGE_NAME: ${{ matrix.image_name }}
FEDORA_VERSION: ${{ matrix.fedora_version }}
NVIDIA_VERSION: ${{ matrix.nvidia_version }}
run: |
timestamp="$(date +%Y%m%d)"
tag="$IMAGE_NAME:$FEDORA_VERSION-$NVIDIA_VERSION"
tags=("$tag" "$tag-$timestamp")
echo "tags=${tags[*]}" >> "$GITHUB_OUTPUT"
- name: Build image
id: build
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./nvidia/Containerfile
image: ${{ matrix.image_name }}
context: ./nvidia
tags: |
${{ steps.metadata.outputs.tags }}}
${{ steps.extra-tags.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
build-args: |
FEDORA_VERSION=${{ matrix.fedora_version }}
IMAGE_FLAVOR=${{ matrix.image_flavor }}
- name: Push to registry
id: push
if: github.event_name != 'pull_request'
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build.outputs.image }}
tags: ${{ steps.build.outputs.tags }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
extra-args: |
--disable-content-trust
- name: Login to registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}

- name: Install cosign
if: github.event_name == 'pull_request'
uses: sigstore/cosign-installer@v3

- name: Sign image
if: github.event_name == 'pull_request'
env:
DIGEST: ${{ steps.push.outputs.digest }}
TAGS: ${{ steps.build.outputs.tags }}
run: |
images=()
for tag in "${TAGS[@]}"; do
images+=("$tag@$DIGEST")
done
cosign sign --yes "${images[@]}"
12 changes: 12 additions & 0 deletions Containerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-silverblue}"
ARG BASE_IMAGE="quay.io/fedora-ostree-desktops/${IMAGE_FLAVOR}"
ARG FEDORA_VERSION="${FEDORA_VERSION:-39}"

FROM ${BASE_IMAGE}:${FEDORA_VERSION} as builder

COPY initial_setup.sh /usr/local/bin/initial_setup.sh
COPY override.sh /tmp/override.sh
RUN /tmp/override.sh

RUN rpm-ostree cleanup -m
RUN ostree container commit
21 changes: 21 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2024 seth

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# fedora-oci-images

my custom oci images, but as close to upstream as possible. if you want something more usable ootb, you're probably looking for [ublue](https://github.com/ublue-os)
Loading

0 comments on commit 1cb0011

Please sign in to comment.