This commit adds an option --extra-artifacts that can be
used to generate extra artifacts during the build or manifest
generation. Initially supported is `sbom` (but `manifest` is
planned too).
To use it run `--extra-artifacts=sbom` and it will generate
files like `centos-9-qcow2-x86_64.image-os.spdx.json` in
the output directory next to the generate runable artifact.
Closes: https://github.com/osbuild/image-builder-cli/issues/46
This commit adds a (smoke) integration test for librepo based
manifests. It needs a flanking test that also ensures that
--use-librepo really generates librepo sources.
This commit switches the default to librepo. We do not have many
users yet so this is a great place to test the new librepo
functionality. It also is much more stable for fedora/centos
systems that often have flaky mirrors.
This also bumps the minimum required version of osbuild.
This commit changes the signature of depsolve in `manifestgen`
to return the full `dnfjson.DepsolveResult`. This gives us
access to the sbom and also is a preparation for images PR#1142
where we will need this anyway.
This commit adds a new manifestOptions struct that is passed
to generateManifest. to cleanup the signature of generateManifest().
This can then also be used to carry a new e.g. `--rpmmd/--cachedir`
option.
This commit switches to the librepo enabled `images` library via:
```
go mod -replace github.com/osbuild/iamges=github.com/mvo5/images@librepo-sources-osbuild1974
```
which in turn needs osbuild PR#1974.
With that it then adds a new `--use-librepo` switch that will
enable librepo based downloading so that people can play with
the new backend.
Moves the blueprint argument to a named argument; freeing up space to
later be able to pass in multiple image types. This also slightly
simplifies the case where we're building without a blueprint available.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
This commit adds integration for the ostree options. It is modelled
loosely after weldr-client/composer-cli and the
```
start-ostree --{ref,parent,url}
```
and uses
```
--ostree-{ref,parent,url}
```
A simple smoke test is provided that uses fedora-iot. Ideas welcome
for an easier way :)
When depsolve is run it returns a list of packageSpecs and the
matching repository config. This repo config is different/distinct
from the repository config that is passed into depsolve via the
package sets or the repositories that are loaded via the
reporegistry and needs to be passed into `manifest.Serialize()`.
The key different is that the depsovle `repoConfig` contains
the repo.Id that match the packageSpec.RepoId. With those two
matching IDs we can use librepo (see osbuild PR#1974) to infere
what mirror to use for what package.
This commit now passes the correct repoConfig into
preManifest.Serialize() now.
No test (sorry!) as this is really hard to test in isolation, there
is nothing observable today from repoConfig and it is impossible
to add a "witness" pipelien that could check that the right argument
is passed in `pipeline.serializeStart()`. So until we refactor
images you will have to take my word for this (sorry again).
For releases this does not change anything, as the version
in the spec file is the same as the git tag. For
intermediate/tainted versions packer seems to patch the spec
file to the version given in `.packit.yaml`
(which is the latest git-tag), then the filename and version
would be inconsistent.
The package crashes during check with:
```
golangci-lint............................................................Failed
- hook id: golangci-lint
- exit code: 3
level=warning msg="[runner] Can't run linter goanalysis_metalinter: buildir: failed to load package gpgme: could not load export data: no export data for \"github.com/proglottis/gpgme\""
level=error msg="Running error: can't run linter goanalysis_metalinter\nbuildir: failed to load package gpgme: could not load export data: no export data for \"github.com/proglottis/gpgme\""
```
which is not helpful
With the new build-in repos this test is no longer relevant. We
need to look into a different way to test overrides but just
providing an empty datadir will no longer work so drop that.
This commit switches the default repositories to use the build-in
ones from images PR#1112. It is still possible to override using
`/etc/image-builder` and `/usr/share/image-builder` or `--datadir`.
This is implicitly tested via the container test that no longer
includes the files from osbuild-composer in the container.
This commit adds the pr-best-practices check, which prevents pull
requests without descriptions being merged and which allows developers
to quickly create Jira Tasks based on the /jira-epic command in pull
request descriptions or comments.
