refactor: Create SigningDriver and CiDriver (#197)

This also includes a new `login` command. The signing and CI logic is now using the Driver trait system along with a new experimental sigstore signing driver. New static macros have also been created to make implementation management easier for `Command` usage and `Driver` trait implementation calls.

---------

Co-authored-by: xyny <60004820+xynydev@users.noreply.github.com>

template/Cargo.toml

@@ -14,9 +14,6 @@ blue-build-recipe = { version = "=0.8.12", path = "../recipe" }
 blue-build-utils = { version = "=0.8.12", path = "../utils" }
 
 log.workspace = true
-serde.workspace = true
-serde_yaml.workspace = true
-serde_json.workspace = true
 typed-builder.workspace = true
 uuid.workspace = true
 

template/src/lib.rs

@@ -1,10 +1,8 @@
-use std::{borrow::Cow, env, fs, path::Path, process};
+use std::{borrow::Cow, fs, path::Path, process};
 
 use blue_build_recipe::Recipe;
 use blue_build_utils::constants::{
-    CI_PROJECT_NAME, CI_PROJECT_NAMESPACE, CI_SERVER_HOST, CI_SERVER_PROTOCOL, CONFIG_PATH,
-    CONTAINERFILES_PATH, CONTAINER_FILE, COSIGN_PUB_PATH, FILES_PATH, GITHUB_RESPOSITORY,
-    GITHUB_SERVER_URL,
+    CONFIG_PATH, CONTAINERFILES_PATH, CONTAINER_FILE, COSIGN_PUB_PATH, FILES_PATH,
 };
 use log::{debug, error, trace, warn};
 use typed_builder::TypedBuilder;
@@ -30,6 +28,9 @@ pub struct ContainerFileTemplate<'a> {
 
     #[builder(setter(into))]
     exports_tag: Cow<'a, str>,
+
+    #[builder(setter(into))]
+    repo: Cow<'a, str>,
 }
 
 #[derive(Debug, Clone, Template, TypedBuilder)]
@@ -78,6 +79,19 @@ pub struct GithubIssueTemplate<'a> {
     terminal_version: Cow<'a, str>,
 }
 
+#[derive(Debug, Clone, Template, TypedBuilder)]
+#[template(path = "init/README.j2", escape = "md")]
+pub struct InitReadmeTemplate<'a> {
+    #[builder(setter(into))]
+    repo_name: Cow<'a, str>,
+
+    #[builder(setter(into))]
+    registry: Cow<'a, str>,
+
+    #[builder(setter(into))]
+    image_name: Cow<'a, str>,
+}
+
 fn has_cosign_file() -> bool {
     trace!("has_cosign_file()");
     std::env::current_dir()
@@ -110,38 +124,6 @@ fn print_containerfile(containerfile: &str) -> String {
     file
 }
 
-fn get_repo_url() -> Option<String> {
-    Some(
-        match (
-            // GitHub vars
-            env::var(GITHUB_SERVER_URL),
-            env::var(GITHUB_RESPOSITORY),
-            // GitLab vars
-            env::var(CI_SERVER_PROTOCOL),
-            env::var(CI_SERVER_HOST),
-            env::var(CI_PROJECT_NAMESPACE),
-            env::var(CI_PROJECT_NAME),
-        ) {
-            (Ok(github_server), Ok(github_repo), _, _, _, _) => {
-                format!("{github_server}/{github_repo}")
-            }
-            (
-                _,
-                _,
-                Ok(ci_server_protocol),
-                Ok(ci_server_host),
-                Ok(ci_project_namespace),
-                Ok(ci_project_name),
-            ) => {
-                format!(
-                    "{ci_server_protocol}://{ci_server_host}/{ci_project_namespace}/{ci_project_name}"
-                )
-            }
-            _ => return None,
-        },
-    )
-}
-
 fn modules_exists() -> bool {
     let mod_path = Path::new("modules");
     mod_path.exists() && mod_path.is_dir()

template/templates/Containerfile.j2

@@ -38,7 +38,5 @@ RUN rm -fr /tmp/* /var/* && ostree container commit
 LABEL {{ blue_build_utils::constants::BUILD_ID_LABEL }}="{{ build_id }}"
 LABEL org.opencontainers.image.title="{{ recipe.name }}"
 LABEL org.opencontainers.image.description="{{ recipe.description }}"
-{%- if let Some(repo) = self::get_repo_url() %}
 LABEL org.opencontainers.image.source="{{ repo }}"
-{%- endif %}
 LABEL io.artifacthub.package.readme-url=https://raw.githubusercontent.com/blue-build/cli/main/README.md

template/templates/init/README.j2

@@ -0,0 +1,45 @@
+# {{ repo_name }} Image Repo
+
+See the [BlueBuild docs](https://blue-build.org/how-to/setup/) for quick setup instructions for setting up your own repository based on this template.
+
+After setup, it is recommended you update this README to describe your custom image.
+
+## Installation
+
+> **Warning**
+> [This is an experimental feature](https://www.fedoraproject.org/wiki/Changes/OstreeNativeContainerStable), try at your own discretion.
+
+To rebase an existing atomic Fedora installation to the latest build:
+
+- First rebase to the unsigned image, to get the proper signing keys and policies installed:
+  ```
+  rpm-ostree rebase ostree-unverified-registry:{{ registry }}/{{ repo_name }}/{{ image_name }}:latest
+  ```
+- Reboot to complete the rebase:
+  ```
+  systemctl reboot
+  ```
+- Then rebase to the signed image, like so:
+  ```
+  rpm-ostree rebase ostree-image-signed:docker://{{ registry }}/{{ repo_name }}/{{ image_name }}:latest
+  ```
+- Reboot again to complete the installation
+  ```
+  systemctl reboot
+  ```
+
+The `latest` tag will automatically point to the latest build. That build will still always use the Fedora version specified in `recipe.yml`, so you won't get accidentally updated to the next major version.
+
+## ISO
+
+If build on Fedora Atomic, you can generate an offline ISO with the instructions available [here](https://blue-build.org/learn/universal-blue/#fresh-install-from-an-iso). These ISOs cannot unfortunately be distributed on GitHub for free due to large sizes, so for public projects something else has to be used for hosting.
+
+## Verification
+
+These images are signed with [Sigstore](https://www.sigstore.dev/)'s [cosign](https://github.com/sigstore/cosign). You can verify the signature by downloading the `cosign.pub` file from this repo and running the following command:
+
+```bash
+cosign verify --key cosign.pub {{ registry }}/{{ repo_name }}/{{ image_name }}
+```
+
+Cloned from https://github.com/blue-build/template