particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: Cleanup workflows to be run from just (#238)

Browse source
This commit is contained in:
Gerald Pinder 2024-10-07 16:34:36 -04:00 committed by GitHub
parent 7c5578994e
commit 32092195d3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
16 changed files with 298 additions and 265 deletions
Download patch file Download diff file Expand all files Collapse all files

213
.github/workflows/build-pr.yml vendored
View file

@ -14,7 +14,7 @@ env:
jobs: jobs:
test: test:
timeout-minutes: 20 timeout-minutes: 10
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -32,7 +32,7 @@ jobs:
earthly --ci +test earthly --ci +test
lint: lint:
timeout-minutes: 20 timeout-minutes: 10
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -50,22 +50,16 @@ jobs:
earthly --ci +lint earthly --ci +lint
arm64-prebuild: arm64-prebuild:
timeout-minutes: 60 timeout-minutes: 10
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli'
steps: steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1 - uses: earthly/actions-setup@v1
- name: Earthly login - name: Earthly login
env: env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN != null
run: | run: |
earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
earthly org s blue-build earthly org s blue-build
@ -79,7 +73,6 @@ jobs:
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v3 uses: docker/login-action@v3
if: github.token != null
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@ -91,22 +84,16 @@ jobs:
earthly --ci --push -P +prebuild earthly --ci --push -P +prebuild
amd64-prebuild: amd64-prebuild:
timeout-minutes: 60 timeout-minutes: 10
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli'
steps: steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1 - uses: earthly/actions-setup@v1
- name: Earthly login - name: Earthly login
env: env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN != null
run: | run: |
earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
earthly org s blue-build earthly org s blue-build
@ -120,7 +107,6 @@ jobs:
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v3 uses: docker/login-action@v3
if: github.token != null
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@ -131,28 +117,19 @@ jobs:
run: | run: |
earthly --ci --push -P +prebuild earthly --ci --push -P +prebuild
build: build-images:
timeout-minutes: 60 timeout-minutes: 30
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli'
needs: needs:
- arm64-prebuild - arm64-prebuild
- amd64-prebuild - amd64-prebuild
outputs:
push: ${{ steps.build.outputs.push }}
steps: steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1 - uses: earthly/actions-setup@v1
- name: Earthly login - name: Earthly login
env: env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN != null
run: | run: |
earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
earthly org s blue-build earthly org s blue-build
@ -166,7 +143,6 @@ jobs:
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v3 uses: docker/login-action@v3
if: github.token != null
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@ -175,21 +151,38 @@ jobs:
- name: Run build - name: Run build
id: build id: build
run: | run: |
if [ -n "${{ github.token }}" ]; then earthly --ci --push -P +build-images
earthly --ci --push -P +build
echo "push=true" >> "$GITHUB_OUTPUT" build-scripts:
else timeout-minutes: 5
earthly --ci -P +build runs-on: ubuntu-latest
fi if: github.repository == 'blue-build/cli'
steps:
- uses: earthly/actions-setup@v1
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Run build
id: build
run: |
earthly --ci --push -P +build-scripts
integration-tests: integration-tests:
permissions: permissions:
packages: write packages: write
timeout-minutes: 60 timeout-minutes: 60
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs:
- build
if: needs.build.outputs.push == 'true'
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -210,15 +203,12 @@ jobs:
earthly --ci -P ./integration-tests+all earthly --ci -P ./integration-tests+all
docker-build: docker-build:
timeout-minutes: 60 timeout-minutes: 20
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -239,35 +229,26 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-docker-build
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B docker -I docker -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
arm64-build: arm64-build:
timeout-minutes: 60 timeout-minutes: 40
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -288,38 +269,26 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-arm64-build
cd integration-tests/test-repo
bluebuild build \
--retry-push \
--platform linux/arm64 \
--push \
-vv \
recipes/recipe-arm64.yml
docker-build-external-login: docker-build-external-login:
timeout-minutes: 60 timeout-minutes: 20
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -347,34 +316,25 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-docker-build-external-login
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
docker-build-oauth-login: docker-build-oauth-login:
timeout-minutes: 60 timeout-minutes: 20
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps: steps:
- name: Google Auth - name: Google Auth
@ -413,39 +373,25 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-docker-build-oauth-login
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
bluebuild build \
--registry us-east1-docker.pkg.dev \
--registry-namespace bluebuild-oidc/bluebuild \
--retry-push \
--push \
-vv \
recipes/recipe.yml recipes/recipe-39.yml
podman-build: podman-build:
timeout-minutes: 60 timeout-minutes: 20
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -473,31 +419,22 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild - uses: extractions/setup-just@v1
run: |
cargo install --path . --debug --all-features
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
run: | run: just test-podman-build
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B podman -I podman -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
buildah-build: buildah-build:
timeout-minutes: 15 timeout-minutes: 20
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -525,31 +462,22 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild - uses: extractions/setup-just@v1
run: |
cargo install --path . --debug --all-features
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
run: | run: just test-buildah-build
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B buildah -I podman -S sigstore --squash --push -vv recipes/recipe.yml recipes/recipe-39.yml
iso-from-image: iso-from-image:
timeout-minutes: 60 timeout-minutes: 20
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -570,33 +498,26 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-generate-iso-image
cd integration-tests/test-repo
bluebuild generate-iso image ghcr.io/blue-build/cli/test:40
iso-from-recipe: iso-from-recipe:
timeout-minutes: 60 timeout-minutes: 20
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
packages: write packages: write
id-token: write id-token: write
needs:
- build
if: needs.build.outputs.push == 'true'
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -617,19 +538,15 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-generate-iso-recipe
cd integration-tests/test-repo
bluebuild generate-iso -vv recipe recipes/recipe.yml

159
.github/workflows/build.yml vendored
View file

@ -134,7 +134,47 @@ jobs:
run: | run: |
earthly --ci --push -P +prebuild earthly --ci --push -P +prebuild
build: build-scripts:
timeout-minutes: 60
runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli'
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN == null
- uses: earthly/actions-setup@v1
- name: Earthly login
env:
EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }}
if: env.EARTHLY_SAT_TOKEN != null
run: |
earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null
earthly org s blue-build
earthly sat s pr
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Run build
id: build
run: |
earthly --ci --push -P +build-scripts
build-images:
permissions: permissions:
packages: write packages: write
timeout-minutes: 60 timeout-minutes: 60
@ -188,7 +228,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.repository == 'blue-build/cli' if: github.repository == 'blue-build/cli'
needs: needs:
- build - build-scripts
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -216,7 +256,7 @@ jobs:
id-token: write id-token: write
if: github.repository == 'blue-build/cli' if: github.repository == 'blue-build/cli'
needs: needs:
- build - build-scripts
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -236,28 +276,21 @@ jobs:
with: with:
ref: main ref: main
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-docker-build
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B docker -I docker -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
arm64-build: arm64-build:
timeout-minutes: 60 timeout-minutes: 40
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
@ -265,7 +298,7 @@ jobs:
id-token: write id-token: write
if: github.repository == 'blue-build/cli' if: github.repository == 'blue-build/cli'
needs: needs:
- build - build-scripts
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -286,27 +319,18 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-arm64-build
cd integration-tests/test-repo
bluebuild build \
--retry-push \
--platform linux/arm64 \
--push \
-vv \
recipes/recipe-arm64.yml
docker-build-external-login: docker-build-external-login:
timeout-minutes: 60 timeout-minutes: 60
@ -317,7 +341,7 @@ jobs:
id-token: write id-token: write
if: github.repository == 'blue-build/cli' if: github.repository == 'blue-build/cli'
needs: needs:
- build - build-scripts
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -345,23 +369,17 @@ jobs:
ref: main ref: main
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-docker-build-external-login
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
docker-build-oauth-login: docker-build-oauth-login:
timeout-minutes: 60 timeout-minutes: 60
@ -371,7 +389,7 @@ jobs:
packages: write packages: write
id-token: write id-token: write
needs: needs:
- build - build-scripts
if: github.repository == 'blue-build/cli' if: github.repository == 'blue-build/cli'
steps: steps:
@ -409,28 +427,17 @@ jobs:
with: with:
ref: main ref: main
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-docker-build-oauth-login
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
bluebuild build \
--registry us-east1-docker.pkg.dev \
--registry-namespace bluebuild-oidc/bluebuild \
--retry-push \
--push \
-vv \
recipes/recipe.yml recipes/recipe-39.yml
podman-build: podman-build:
timeout-minutes: 60 timeout-minutes: 60
@ -441,7 +448,7 @@ jobs:
id-token: write id-token: write
if: github.repository == 'blue-build/cli' if: github.repository == 'blue-build/cli'
needs: needs:
- build - build-scripts
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -469,20 +476,14 @@ jobs:
ref: main ref: main
- name: Install bluebuild - uses: extractions/setup-just@v1
run: |
cargo install --path . --debug --all-features
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
run: | run: just test-podman-build
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B podman -I podman -S sigstore --push -vv recipes/recipe.yml recipes/recipe-39.yml
buildah-build: buildah-build:
timeout-minutes: 60 timeout-minutes: 60
@ -493,7 +494,7 @@ jobs:
id-token: write id-token: write
if: github.repository == 'blue-build/cli' if: github.repository == 'blue-build/cli'
needs: needs:
- build - build-scripts
steps: steps:
- name: Maximize build space - name: Maximize build space
@ -521,20 +522,14 @@ jobs:
ref: main ref: main
- name: Install bluebuild - uses: extractions/setup-just@v1
run: |
cargo install --path . --debug --all-features
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
run: | run: just test-buildah-build
cd integration-tests/test-repo
bluebuild template -vv | tee Containerfile
grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1
bluebuild build --retry-push -B buildah -I podman -S sigstore --squash --push -vv recipes/recipe.yml recipes/recipe-39.yml
iso-from-image: iso-from-image:
timeout-minutes: 60 timeout-minutes: 60
@ -544,7 +539,7 @@ jobs:
packages: write packages: write
id-token: write id-token: write
needs: needs:
- build - build-scripts
if: github.repository == 'blue-build/cli' if: github.repository == 'blue-build/cli'
steps: steps:
@ -566,22 +561,18 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-generate-iso-image
cd integration-tests/test-repo
bluebuild generate-iso image ghcr.io/blue-build/cli/test:40
iso-from-recipe: iso-from-recipe:
timeout-minutes: 60 timeout-minutes: 60
@ -591,7 +582,7 @@ jobs:
packages: write packages: write
id-token: write id-token: write
needs: needs:
- build - build-scripts
if: github.repository == 'blue-build/cli' if: github.repository == 'blue-build/cli'
steps: steps:
@ -613,19 +604,15 @@ jobs:
ref: ${{github.event.pull_request.head.ref}} ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}} repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Install bluebuild
run: |
cargo install --path . --debug --all-features
- name: Expose GitHub Runtime - name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v3 uses: crazy-max/ghaction-github-runtime@v3
- uses: extractions/setup-just@v1
- name: Run Build - name: Run Build
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
GH_PR_EVENT_NUMBER: ${{ github.event.number }} GH_PR_EVENT_NUMBER: ${{ github.event.number }}
COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.TEST_SIGNING_SECRET }}
BB_BUILDKIT_CACHE_GHA: true BB_BUILDKIT_CACHE_GHA: true
run: | run: just test-generate-iso-image
cd integration-tests/test-repo
bluebuild generate-iso -vv recipe recipes/recipe.yml

1
Cargo.lock generated
View file

@ -321,6 +321,7 @@ dependencies = [
"blue-build-template", "blue-build-template",
"blue-build-utils", "blue-build-utils",
"bon", "bon",
"cached",
"clap", "clap",
"clap-verbosity-flag", "clap-verbosity-flag",
"clap_complete", "clap_complete",

2
Cargo.toml
View file

@ -11,6 +11,7 @@ version = "0.8.20"
[workspace.dependencies] [workspace.dependencies]
bon = "2" bon = "2"
cached = "0.53"
chrono = "0.4" chrono = "0.4"
clap = "4" clap = "4"
colored = "2" colored = "2"
@ -71,6 +72,7 @@ requestty = { version = "0.5", features = ["macros", "termion"] }
shadow-rs = "0.26" shadow-rs = "0.26"
urlencoding = "2" urlencoding = "2"
cached.workspace = true
clap = { workspace = true, features = ["derive", "cargo", "unicode", "env"] } clap = { workspace = true, features = ["derive", "cargo", "unicode", "env"] }
colored.workspace = true colored.workspace = true
indicatif.workspace = true indicatif.workspace = true

9
Earthfile
View file

@ -12,12 +12,6 @@ all:
BUILD +build BUILD +build
BUILD ./integration-tests+all BUILD ./integration-tests+all
build:
WAIT
BUILD --platform=linux/amd64 --platform=linux/arm64 +build-scripts
END
BUILD --platform=linux/amd64 --platform=linux/arm64 +build-images
run-checks: run-checks:
BUILD +lint BUILD +lint
BUILD +test BUILD +test
@ -103,7 +97,7 @@ build-scripts:
chmod +x "scripts/${script}" chmod +x "scripts/${script}"
END END
DO --pass-args +SAVE_IMAGE --SUFFIX="-build-scripts" DO --pass-args +SAVE_IMAGE --IMAGE="$IMAGE/build-scripts"
blue-build-cli-prebuild: blue-build-cli-prebuild:
ARG BASE_IMAGE="registry.fedoraproject.org/fedora-toolbox" ARG BASE_IMAGE="registry.fedoraproject.org/fedora-toolbox"
@ -229,6 +223,7 @@ INSTALL:
SAVE_IMAGE: SAVE_IMAGE:
FUNCTION FUNCTION
ARG SUFFIX="" ARG SUFFIX=""
ARG IMAGE="$IMAGE"
ARG TAGGED="false" ARG TAGGED="false"
COPY --platform=native +version/version / COPY --platform=native +version/version /

1
integration-tests/test-repo/recipes/akmods.yml
View file

@ -2,6 +2,5 @@ modules:
# Tests installing rpms from a combo image stage # Tests installing rpms from a combo image stage
- type: akmods - type: akmods
install: install:
- nct6687d
- openrazer - openrazer
- openrgb - openrgb

115
justfile
View file

@ -1,5 +1,3 @@
#!/usr/bin/env just --justfile
export RUST_BACKTRACE := "1" export RUST_BACKTRACE := "1"
set dotenv-load := true set dotenv-load := true
@ -9,6 +7,20 @@ set positional-arguments := true
default: default:
@just --list @just --list
# Clean up development files and images
clean:
cargo clean
command -v docker \
&& docker buildx --builder bluebuild prune -f \
&& docker system prune -f \
|| true
command -v podman \
&& podman system prune -f \
|| true
command -v earthly \
&& earthly prune --reset \
|| true
# Install bluebuild using cargo with release optimization # Install bluebuild using cargo with release optimization
install: install:
cargo install --path . cargo install --path .
@ -69,9 +81,10 @@ watch-lint:
watch-lint-all-features: watch-lint-all-features:
cargo watch -c -x 'clippy --all-features' cargo watch -c -x 'clippy --all-features'
# Expand the macros of a module for debugging
expand *args: expand *args:
cargo expand $@ > ./expand.rs cargo expand $@ > ./expand.rs
echo "Expansion located in ./expand.rs" $EDITOR ./expand.rs
# Installs cargo tools that help with development # Installs cargo tools that help with development
tools: tools:
@ -99,3 +112,99 @@ release *args:
git tag "v${VERSION}" git tag "v${VERSION}"
git push origin "v${VERSION}" git push origin "v${VERSION}"
gh release create --generate-notes --latest "v${VERSION}" gh release create --generate-notes --latest "v${VERSION}"
should_push := if env('GITHUB_ACTIONS', '') != '' {
if env('COSIGN_PRIVATE_KEY', '') != '' {
'--push'
} else {
''
}
} else {
''
}
# Run all integration tests
integration-tests: test-docker-build test-arm64-build test-podman-build test-buildah-build test-generate-iso-image test-generate-iso-recipe
# Run docker driver integration test
test-docker-build: install-debug-all-features
cd integration-tests/test-repo \
&& bluebuild build \
--retry-push \
-B docker \
-I docker \
-S sigstore \
{{ should_push }} \
-vv \
recipes/recipe.yml recipes/recipe-39.yml
# Run arm integration test
test-arm64-build: install-debug-all-features
cd integration-tests/test-repo \
&& bluebuild build \
--retry-push \
--platform linux/arm64 \
{{ should_push }} \
-vv \
recipes/recipe-arm64.yml
# Run docker driver external login integration test
test-docker-build-external-login: install-debug-all-features
cd integration-tests/test-repo \
&& bluebuild build \
--retry-push \
-S sigstore \
{{ should_push }} \
-vv \
recipes/recipe.yml recipes/recipe-39.yml
# Run docker driver oauth login integration test
test-docker-build-oauth-login: install-debug-all-features
cd integration-tests/test-repo \
&& bluebuild build \
--registry us-east1-docker.pkg.dev \
--registry-namespace bluebuild-oidc/bluebuild \
--retry-push \
{{ should_push }} \
-vv \
recipes/recipe.yml recipes/recipe-39.yml
# Run podman driver integration test
test-podman-build: install-debug-all-features
cd integration-tests/test-repo \
&& bluebuild build \
--retry-push \
-B podman \
-I podman \
-S sigstore \
{{ should_push }} \
-vv \
recipes/recipe.yml recipes/recipe-39.yml
# Run buildah driver integration test
test-buildah-build: install-debug-all-features
cd integration-tests/test-repo \
&& bluebuild build \
--retry-push \
-B buildah \
-I podman \
-S sigstore \
{{ should_push }} \
-vv \
recipes/recipe.yml recipes/recipe-39.yml
# Run ISO generator for images
test-generate-iso-image: install-debug-all-features
#!/usr/bin/env bash
set -eu
ISO_OUT=$(mktemp -d)
bluebuild generate-iso -vv --output-dir "$ISO_OUT" image ghcr.io/blue-build/cli/test:40
# Run ISO generator for images
test-generate-iso-recipe: install-debug-all-features
#!/usr/bin/env bash
set -eu
ISO_OUT=$(mktemp -d)
cd integration-tests/test-repo
bluebuild generate-iso -vv --output-dir "$ISO_OUT" recipe recipes/recipe.yml

2
process/Cargo.toml
View file

@ -28,6 +28,7 @@ sigstore = { version = "0.10", features = ["full-rustls-tls", "cached-client", "
tokio = { version = "1.39.2", features = ["rt", "rt-multi-thread"], optional = true } tokio = { version = "1.39.2", features = ["rt", "rt-multi-thread"], optional = true }
zeroize = { version = "1", features = ["aarch64", "derive", "serde"] } zeroize = { version = "1", features = ["aarch64", "derive", "serde"] }
cached.workspace = true
chrono.workspace = true chrono.workspace = true
clap = { workspace = true, features = ["derive", "env"] } clap = { workspace = true, features = ["derive", "env"] }
colored.workspace = true colored.workspace = true
@ -42,7 +43,6 @@ tempdir.workspace = true
bon.workspace = true bon.workspace = true
users.workspace = true users.workspace = true
uuid.workspace = true uuid.workspace = true
cached = "0.53.1"
[dev-dependencies] [dev-dependencies]
rstest.workspace = true rstest.workspace = true

1
process/drivers/opts/inspect.rs
View file

@ -5,6 +5,7 @@ use bon::Builder;
use crate::drivers::types::Platform; use crate::drivers::types::Platform;
#[derive(Debug, Clone, Builder)] #[derive(Debug, Clone, Builder)]
#[builder(derive(Clone))]
pub struct GetMetadataOpts<'scope> { pub struct GetMetadataOpts<'scope> {
#[builder(into)] #[builder(into)]
pub image: Cow<'scope, str>, pub image: Cow<'scope, str>,

2
process/drivers/types.rs
View file

@ -170,7 +170,7 @@ impl DetermineDriver<CiDriverType> for Option<CiDriverType> {
} }
} }
#[derive(Debug, Default, Clone, Copy, ValueEnum)] #[derive(Debug, Default, Clone, Copy, ValueEnum, PartialEq, Eq, Hash)]
pub enum Platform { pub enum Platform {
#[default] #[default]
#[value(name = "native")] #[value(name = "native")]

47
src/commands/generate.rs
View file

@ -3,14 +3,17 @@ use std::{
path::{Path, PathBuf}, path::{Path, PathBuf},
}; };
use blue_build_process_management::drivers::{types::Platform, CiDriver, Driver, DriverArgs}; use blue_build_process_management::drivers::{
opts::GetMetadataOpts, types::Platform, CiDriver, Driver, DriverArgs, InspectDriver,
};
use blue_build_recipe::Recipe; use blue_build_recipe::Recipe;
use blue_build_template::{ContainerFileTemplate, Template}; use blue_build_template::{ContainerFileTemplate, Template};
use blue_build_utils::{ use blue_build_utils::{
constants::{CONFIG_PATH, RECIPE_FILE, RECIPE_PATH}, constants::{BUILD_SCRIPTS_IMAGE_REF, CONFIG_PATH, RECIPE_FILE, RECIPE_PATH},
syntax_highlighting::{self, DefaultThemes}, syntax_highlighting::{self, DefaultThemes},
}; };
use bon::Builder; use bon::Builder;
use cached::proc_macro::cached;
use clap::{crate_version, Args}; use clap::{crate_version, Args};
use log::{debug, info, trace, warn}; use log::{debug, info, trace, warn};
use miette::{IntoDiagnostic, Result}; use miette::{IntoDiagnostic, Result};
@ -132,17 +135,7 @@ impl GenerateCommand {
.recipe_path(recipe_path.as_path()) .recipe_path(recipe_path.as_path())
.registry(registry) .registry(registry)
.repo(Driver::get_repo_url()?) .repo(Driver::get_repo_url()?)
.exports_tag({ .build_scripts_image(determine_scripts_tag(self.platform)?)
#[allow(clippy::const_is_empty)]
if shadow::COMMIT_HASH.is_empty() {
// This is done for users who install via
// cargo. Cargo installs do not carry git
// information via shadow
format!("v{}", crate_version!())
} else {
shadow::COMMIT_HASH.to_string()
}
})
.build(); .build();
let output_str = template.render().into_diagnostic()?; let output_str = template.render().into_diagnostic()?;
@ -159,3 +152,31 @@ impl GenerateCommand {
Ok(()) Ok(())
} }
} }
#[cached(
result = true,
key = "Platform",
convert = r#"{ platform }"#,
sync_writes = true
)]
fn determine_scripts_tag(platform: Platform) -> Result<String> {
let version = format!("v{}", crate_version!());
let opts = GetMetadataOpts::builder()
.image(BUILD_SCRIPTS_IMAGE_REF)
.platform(platform);
Driver::get_metadata(&opts.clone().tag(shadow::COMMIT_HASH).build())
.inspect_err(|e| trace!("{e:?}"))
.map(|_| format!("{BUILD_SCRIPTS_IMAGE_REF}:{}", shadow::COMMIT_HASH))
.or_else(|_| {
Driver::get_metadata(&opts.clone().tag(shadow::BRANCH).build())
.inspect_err(|e| trace!("{e:?}"))
.map(|_| format!("{BUILD_SCRIPTS_IMAGE_REF}:{}", shadow::BRANCH))
})
.or_else(|_| {
Driver::get_metadata(&opts.tag(&version).build())
.inspect_err(|e| trace!("{e:?}"))
.map(|_| format!("{BUILD_SCRIPTS_IMAGE_REF}:{version}"))
})
.inspect(|image| debug!("Using build scripts image: {image}"))
}

2
template/src/lib.rs
View file

@ -25,7 +25,7 @@ pub struct ContainerFileTemplate<'a> {
build_id: Uuid, build_id: Uuid,
os_version: u64, os_version: u64,
registry: Cow<'a, str>, registry: Cow<'a, str>,
exports_tag: Cow<'a, str>, build_scripts_image: Cow<'a, str>,
repo: Cow<'a, str>, repo: Cow<'a, str>,
} }

2
template/templates/Containerfile.j2
View file

@ -38,7 +38,7 @@ RUN --mount=type=bind,from=stage-bins,src=/bins,dst=/tmp/bins \
{% call modules::main_modules_run(recipe.modules_ext, os_version) %} {% call modules::main_modules_run(recipe.modules_ext, os_version) %}
RUN --mount=type=bind,from=ghcr.io/blue-build/cli:{{ exports_tag }}-build-scripts,src=/scripts/,dst=/scripts/ \ RUN --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/scripts/ \
/scripts/post_build.sh /scripts/post_build.sh
# Labels are added last since they cause cache misses with buildah # Labels are added last since they cause cache misses with buildah

4
template/templates/modules/modules.j2
View file

@ -25,7 +25,7 @@ RUN \
{%- if module.module_type == "akmods" %} {%- if module.module_type == "akmods" %}
--mount=type=bind,from=stage-akmods-{{ module.generate_akmods_info(os_version).stage_name }},src=/rpms,dst=/tmp/rpms,rw \ --mount=type=bind,from=stage-akmods-{{ module.generate_akmods_info(os_version).stage_name }},src=/rpms,dst=/tmp/rpms,rw \
{%- endif %} {%- endif %}
--mount=type=bind,from=ghcr.io/blue-build/cli:{{ exports_tag }}-build-scripts,src=/scripts/,dst=/tmp/scripts/ \ --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/tmp/scripts/ \
--mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \ --mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \
/tmp/scripts/run_module.sh '{{ module.module_type }}' '{{ module|json|safe }}' \ /tmp/scripts/run_module.sh '{{ module.module_type }}' '{{ module|json|safe }}' \
&& ostree container commit && ostree container commit
@ -58,7 +58,7 @@ RUN \
{%- else %} {%- else %}
--mount=type=bind,from=stage-modules,src=/modules,dst=/tmp/modules,rw \ --mount=type=bind,from=stage-modules,src=/modules,dst=/tmp/modules,rw \
{%- endif %} {%- endif %}
--mount=type=bind,from=ghcr.io/blue-build/cli:{{ exports_tag }}-build-scripts,src=/scripts/,dst=/tmp/scripts/ \ --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/tmp/scripts/ \
/tmp/scripts/run_module.sh '{{ module.module_type }}' '{{ module|json|safe }}' /tmp/scripts/run_module.sh '{{ module.module_type }}' '{{ module|json|safe }}'
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}

2
template/templates/stages.j2
View file

@ -62,7 +62,7 @@ ARG RUST_LOG_STYLE=always
{%- if stage.from != "scratch" %} {%- if stage.from != "scratch" %}
# Add compatibility for modules # Add compatibility for modules
RUN --mount=type=bind,from=stage-bins,src=/bins/,dst=/tmp/bins/ \ RUN --mount=type=bind,from=stage-bins,src=/bins/,dst=/tmp/bins/ \
--mount=type=bind,from=ghcr.io/blue-build/cli:{{ exports_tag }}-build-scripts,src=/scripts/,dst=/tmp/scripts/ \ --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/tmp/scripts/ \
/tmp/scripts/setup.sh /tmp/scripts/setup.sh
{%- if files_dir_exists %} {%- if files_dir_exists %}

1
utils/src/constants.rs
View file

@ -72,6 +72,7 @@ pub const LC_TERMINAL_VERSION: &str = "LC_TERMINAL_VERSION";
pub const XDG_RUNTIME_DIR: &str = "XDG_RUNTIME_DIR"; pub const XDG_RUNTIME_DIR: &str = "XDG_RUNTIME_DIR";
// Misc // Misc
pub const BUILD_SCRIPTS_IMAGE_REF: &str = "ghcr.io/blue-build/cli/build-scripts";
pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:latest"; pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:latest";
pub const OCI_ARCHIVE: &str = "oci-archive"; pub const OCI_ARCHIVE: &str = "oci-archive";
pub const OSTREE_IMAGE_SIGNED: &str = "ostree-image-signed"; pub const OSTREE_IMAGE_SIGNED: &str = "ostree-image-signed";