particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Embed build scripts and extract into temp dir for build (#516)

Browse source 
This decouples the need for a published image for the bulid scripts and
will now embed them into the binary instead. This will make it so that
anyone that forks the CLI is able to make adjustments to the build
scripts and use them immediately.

This will be needed for testing #515
This commit is contained in:
Gerald Pinder 2025-08-10 16:09:42 -04:00 committed by GitHub
parent 2149a75760
commit a7d862abf0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
17 changed files with 266 additions and 154 deletions
Download patch file Download diff file Expand all files Collapse all files

11
.editorconfig Normal file
View file

@ -0,0 +1,11 @@
root = true
[*]
insert_final_newline = true
indent_style = space
indent_size = 4
charset = utf-8
trim_trailing_whitespace = true
[*.j2]
indent_size = 2

32
.github/workflows/build.yml vendored
View file

@ -73,38 +73,6 @@ jobs:
run: | run: |
earthly --ci --push -P +prebuild earthly --ci --push -P +prebuild
build-scripts:
timeout-minutes: 60
runs-on: ubuntu-latest
steps:
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
with:
use-cache: false
- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
ref: ${{ inputs.ref }}
repository: ${{ inputs.repo }}
- name: Login to GitHub Container Registry
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Run build
id: build
run: |
earthly --ci --push -P +build-scripts-all
build-images: build-images:
permissions: permissions:
packages: write packages: write

32
.github/workflows/tag.yml vendored
View file

@ -65,38 +65,6 @@ jobs:
run: | run: |
earthly --ci --push -P +prebuild earthly --ci --push -P +prebuild
build-scripts:
timeout-minutes: 60
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
fetch-tags: true
- uses: dtolnay/rust-toolchain@38b70195107dddab2c7bbd522bcf763bac00963b # stable
- uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13
with:
use-cache: false
- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
- name: Login to GitHub Container Registry
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Run build
id: build
run: |
LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`)
CARGO_PACKAGE_VERSION="v$(cargo metadata --format-version 1 | jq -r '.packages[] | select(.name == "blue-build") .version')"
LATEST=$(test "$CARGO_PACKAGE_VERSION" = "$LATEST_TAG" && echo true || echo false)
earthly --ci --push +build-scripts-all --TAGGED="true" --LATEST="$LATEST"
build-images: build-images:
permissions: permissions:
packages: write packages: write

122
Cargo.lock generated
View file

@ -17,6 +17,12 @@ version = "2.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa" checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa"
[[package]]
name = "adler32"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "aae1277d39aeec15cb388266ecc24b11c80469deae6067e17a1a7aa9e5c1f234"
[[package]] [[package]]
name = "aead" name = "aead"
version = "0.5.2" version = "0.5.2"
@ -460,6 +466,7 @@ dependencies = [
"requestty", "requestty",
"reqwest", "reqwest",
"rstest", "rstest",
"rust-embed",
"rusty-hook", "rusty-hook",
"semver", "semver",
"serde", "serde",
@ -896,7 +903,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c" checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c"
dependencies = [ dependencies = [
"lazy_static", "lazy_static",
"windows-sys 0.48.0", "windows-sys 0.59.0",
] ]
[[package]] [[package]]
@ -991,6 +998,15 @@ version = "0.8.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
[[package]]
name = "core2"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b49ba7ef1ad6107f8824dbe97de947cbaac53c44e7f9756a1fba0d37c1eec505"
dependencies = [
"memchr",
]
[[package]] [[package]]
name = "cpufeatures" name = "cpufeatures"
version = "0.2.17" version = "0.2.17"
@ -1194,6 +1210,12 @@ dependencies = [
"syn 2.0.104", "syn 2.0.104",
] ]
[[package]]
name = "dary_heap"
version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "04d2cd9c18b9f454ed67da600630b021a8a80bf33f8c95896ab33aaf1c26b728"
[[package]] [[package]]
name = "decoded-char" name = "decoded-char"
version = "0.1.1" version = "0.1.1"
@ -2015,7 +2037,7 @@ dependencies = [
"libc", "libc",
"percent-encoding", "percent-encoding",
"pin-project-lite", "pin-project-lite",
"socket2 0.5.10", "socket2 0.6.0",
"tokio", "tokio",
"tower-service", "tower-service",
"tracing", "tracing",
@ -2158,6 +2180,29 @@ dependencies = [
"icu_properties", "icu_properties",
] ]
[[package]]
name = "include-flate"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df49c16750695486c1f34de05da5b7438096156466e7f76c38fcdf285cf0113e"
dependencies = [
"include-flate-codegen",
"lazy_static",
"libflate",
]
[[package]]
name = "include-flate-codegen"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8c5b246c6261be723b85c61ecf87804e8ea4a35cb68be0ff282ed84b95ffe7d7"
dependencies = [
"libflate",
"proc-macro2",
"quote",
"syn 2.0.104",
]
[[package]] [[package]]
name = "indexmap" name = "indexmap"
version = "1.9.3" version = "1.9.3"
@ -2573,6 +2618,30 @@ version = "0.2.174"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776" checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776"
[[package]]
name = "libflate"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45d9dfdc14ea4ef0900c1cddbc8dcd553fbaacd8a4a282cf4018ae9dd04fb21e"
dependencies = [
"adler32",
"core2",
"crc32fast",
"dary_heap",
"libflate_lz77",
]
[[package]]
name = "libflate_lz77"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e6e0d73b369f386f1c44abd9c570d5318f55ccde816ff4b562fa452e5182863d"
dependencies = [
"core2",
"hashbrown 0.14.5",
"rle-decode-fast",
]
[[package]] [[package]]
name = "libgit2-sys" name = "libgit2-sys"
version = "0.18.2+1.9.1" version = "0.18.2+1.9.1"
@ -3737,7 +3806,7 @@ dependencies = [
"once_cell", "once_cell",
"socket2 0.5.10", "socket2 0.5.10",
"tracing", "tracing",
"windows-sys 0.52.0", "windows-sys 0.59.0",
] ]
[[package]] [[package]]
@ -4046,6 +4115,12 @@ dependencies = [
"windows-sys 0.52.0", "windows-sys 0.52.0",
] ]
[[package]]
name = "rle-decode-fast"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422"
[[package]] [[package]]
name = "rsa" name = "rsa"
version = "0.9.8" version = "0.9.8"
@ -4095,6 +4170,41 @@ dependencies = [
"unicode-ident", "unicode-ident",
] ]
[[package]]
name = "rust-embed"
version = "8.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "025908b8682a26ba8d12f6f2d66b987584a4a87bc024abc5bbc12553a8cd178a"
dependencies = [
"include-flate",
"rust-embed-impl",
"rust-embed-utils",
"walkdir",
]
[[package]]
name = "rust-embed-impl"
version = "8.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6065f1a4392b71819ec1ea1df1120673418bf386f50de1d6f54204d836d4349c"
dependencies = [
"proc-macro2",
"quote",
"rust-embed-utils",
"syn 2.0.104",
"walkdir",
]
[[package]]
name = "rust-embed-utils"
version = "8.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f6cc0c81648b20b70c491ff8cce00c1c3b223bb8ed2b5d41f0e54c6c4c0a3594"
dependencies = [
"sha2",
"walkdir",
]
[[package]] [[package]]
name = "rustc-demangle" name = "rustc-demangle"
version = "0.1.26" version = "0.1.26"
@ -4132,7 +4242,7 @@ dependencies = [
"errno", "errno",
"libc", "libc",
"linux-raw-sys 0.4.15", "linux-raw-sys 0.4.15",
"windows-sys 0.52.0", "windows-sys 0.59.0",
] ]
[[package]] [[package]]
@ -4866,7 +4976,7 @@ dependencies = [
"getrandom 0.3.3", "getrandom 0.3.3",
"once_cell", "once_cell",
"rustix 1.0.8", "rustix 1.0.8",
"windows-sys 0.52.0", "windows-sys 0.59.0",
] ]
[[package]] [[package]]
@ -5677,7 +5787,7 @@ version = "0.1.9"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
dependencies = [ dependencies = [
"windows-sys 0.48.0", "windows-sys 0.59.0",
] ]
[[package]] [[package]]

1
Cargo.toml
View file

@ -107,6 +107,7 @@ tempfile.workspace = true
tokio.workspace = true tokio.workspace = true
bon.workspace = true bon.workspace = true
users.workspace = true users.workspace = true
rust-embed = { version = "8.7.2", features = ["debug-embed", "compression", "deterministic-timestamps"] }
[features] [features]
# Top level features # Top level features

41
Earthfile
View file

@ -12,7 +12,7 @@ all:
WAIT WAIT
BUILD --platform=linux/amd64 --platform=linux/arm64 +prebuild BUILD --platform=linux/amd64 --platform=linux/arm64 +prebuild
END END
BUILD +build BUILD +build-images-all
BUILD ./integration-tests+all BUILD ./integration-tests+all
run-checks: run-checks:
@ -22,9 +22,6 @@ run-checks:
build-images-all: build-images-all:
BUILD --platform=linux/amd64 --platform=linux/arm64 +build-images BUILD --platform=linux/amd64 --platform=linux/arm64 +build-images
build-scripts-all:
BUILD --platform=linux/amd64 --platform=linux/arm64 +build-scripts
build-images: build-images:
BUILD +blue-build-cli BUILD +blue-build-cli
BUILD +blue-build-cli-distrobox BUILD +blue-build-cli-distrobox
@ -109,32 +106,22 @@ common:
rustup update rustup update
WORKDIR /app WORKDIR /app
COPY --keep-ts --dir src/ template/ recipe/ utils/ process/ /app COPY --keep-ts --dir \
COPY --keep-ts Cargo.* /app build.rs \
COPY --keep-ts *.md /app LICENSE \
COPY --keep-ts LICENSE /app *.md \
COPY --keep-ts build.rs /app Cargo.* \
COPY --keep-ts --dir .git/ /app src/ \
RUN touch build.rs template/ \
recipe/ \
utils/ \
process/ \
scripts/ \
.git/ \
/app
DO rust+INIT --keep_fingerprints=true DO rust+INIT --keep_fingerprints=true
build-scripts:
ARG BASE_IMAGE="alpine"
FROM $BASE_IMAGE
COPY --platform=native (+digest/base-image-digest --BASE_IMAGE=$BASE_IMAGE) /base-image-digest
LABEL org.opencontainers.image.base.name="$BASE_IMAGE"
LABEL org.opencontainers.image.base.digest="$(cat /base-image-digest)"
COPY --dir scripts/ /
FOR script IN "$(ls /scripts | grep -e '.*\.sh$')"
RUN echo "Making ${script} executable" && \
chmod +x "scripts/${script}"
END
DO --pass-args +SAVE_IMAGE --IMAGE="$IMAGE/build-scripts"
blue-build-cli-prebuild: blue-build-cli-prebuild:
ARG BASE_IMAGE="registry.fedoraproject.org/fedora-toolbox" ARG BASE_IMAGE="registry.fedoraproject.org/fedora-toolbox"
FROM "$BASE_IMAGE" FROM "$BASE_IMAGE"

1
integration-tests/empty-files-repo/.gitignore vendored
View file

@ -1,3 +1,4 @@
cosign.key cosign.key
cosign.private cosign.private
/.bluebuild*
/Containerfile /Containerfile

1
integration-tests/legacy-test-repo/.gitignore vendored
View file

@ -1,2 +1,3 @@
/Containerfile /Containerfile
/Containerfile.* /Containerfile.*
/.bluebuild*

1
integration-tests/test-repo/.gitignore vendored
View file

@ -1,3 +1,4 @@
/Containerfile /Containerfile
/Containerfile.* /Containerfile.*
/.bluebuild*
/secrets /secrets

20
src/commands/build.rs
View file

@ -1,4 +1,7 @@
use std::path::{Path, PathBuf}; use std::{
env,
path::{Path, PathBuf},
};
use blue_build_process_management::{ use blue_build_process_management::{
drivers::{ drivers::{
@ -23,12 +26,12 @@ use blue_build_utils::{
use bon::Builder; use bon::Builder;
use clap::Args; use clap::Args;
use log::{debug, info, trace, warn}; use log::{debug, info, trace, warn};
use miette::{IntoDiagnostic, Result, bail}; use miette::{Context, IntoDiagnostic, Result, bail};
use oci_distribution::Reference; use oci_distribution::Reference;
use rayon::prelude::*; use rayon::prelude::*;
use tempfile::TempDir; use tempfile::TempDir;
use crate::commands::generate::GenerateCommand; use crate::{BuildScripts, commands::generate::GenerateCommand};
use super::BlueBuildCommand; use super::BlueBuildCommand;
@ -186,6 +189,16 @@ impl BlueBuildCommand for BuildCommand {
recipes.into_iter().filter(|recipe| same.insert(recipe.clone())).collect() recipes.into_iter().filter(|recipe| same.insert(recipe.clone())).collect()
}); });
let build_scripts_dir = BuildScripts::extract_mount_dir()?;
let build_scripts_dir = build_scripts_dir
.path()
.strip_prefix(
env::current_dir()
.into_diagnostic()
.wrap_err("Failed to get current_dir")?,
)
.into_diagnostic()
.wrap_err("Failed to strip path prefix for build scripts dir")?;
recipe_paths.par_iter().try_for_each(|recipe| { recipe_paths.par_iter().try_for_each(|recipe| {
GenerateCommand::builder() GenerateCommand::builder()
@ -196,6 +209,7 @@ impl BlueBuildCommand for BuildCommand {
) )
.skip_validation(self.skip_validation) .skip_validation(self.skip_validation)
.maybe_platform(self.platform) .maybe_platform(self.platform)
.build_scripts_dir(build_scripts_dir)
.recipe(recipe) .recipe(recipe)
.drivers(self.drivers) .drivers(self.drivers)
.build() .build()

58
src/commands/generate.rs
View file

@ -1,5 +1,4 @@
use std::{ use std::{
env,
ops::Not, ops::Not,
path::{Path, PathBuf}, path::{Path, PathBuf},
}; };
@ -10,19 +9,16 @@ use blue_build_process_management::drivers::{
use blue_build_recipe::Recipe; use blue_build_recipe::Recipe;
use blue_build_template::{ContainerFileTemplate, Template}; use blue_build_template::{ContainerFileTemplate, Template};
use blue_build_utils::{ use blue_build_utils::{
constants::{ constants::{BB_SKIP_VALIDATION, CONFIG_PATH, RECIPE_FILE, RECIPE_PATH},
BB_SKIP_VALIDATION, BUILD_SCRIPTS_IMAGE_REF, CONFIG_PATH, RECIPE_FILE, RECIPE_PATH,
},
syntax_highlighting::{self, DefaultThemes}, syntax_highlighting::{self, DefaultThemes},
}; };
use bon::Builder; use bon::Builder;
use cached::proc_macro::cached; use clap::Args;
use clap::{Args, crate_version};
use log::{debug, info, trace, warn}; use log::{debug, info, trace, warn};
use miette::{IntoDiagnostic, Result}; use miette::{IntoDiagnostic, Result};
use oci_distribution::Reference; use oci_distribution::Reference;
use crate::{commands::validate::ValidateCommand, shadow}; use crate::commands::validate::ValidateCommand;
use super::BlueBuildCommand; use super::BlueBuildCommand;
@ -80,6 +76,10 @@ pub struct GenerateCommand {
#[builder(default)] #[builder(default)]
skip_validation: bool, skip_validation: bool,
#[clap(skip)]
#[builder(into)]
build_scripts_dir: Option<PathBuf>,
#[clap(flatten)] #[clap(flatten)]
#[builder(default)] #[builder(default)]
drivers: DriverArgs, drivers: DriverArgs,
@ -149,12 +149,15 @@ impl GenerateCommand {
.build(), .build(),
)? )?
.digest; .digest;
let build_scripts_image = &determine_scripts_tag(self.platform)?;
let repo = &Driver::get_repo_url()?; let repo = &Driver::get_repo_url()?;
let build_features = &[ let build_features = &[
#[cfg(feature = "bootc")] #[cfg(feature = "bootc")]
"bootc".into(), "bootc".into(),
]; ];
let build_scripts_dir = self
.build_scripts_dir
.as_deref()
.unwrap_or_else(|| Path::new(".bluebuild-scripts"));
let template = ContainerFileTemplate::builder() let template = ContainerFileTemplate::builder()
.os_version( .os_version(
@ -168,7 +171,7 @@ impl GenerateCommand {
.recipe_path(recipe_path.as_path()) .recipe_path(recipe_path.as_path())
.registry(&registry) .registry(&registry)
.repo(repo) .repo(repo)
.build_scripts_image(build_scripts_image) .build_scripts_dir(build_scripts_dir)
.base_digest(base_digest) .base_digest(base_digest)
.maybe_nushell_version(recipe.nushell_version.as_ref()) .maybe_nushell_version(recipe.nushell_version.as_ref())
.build_features(build_features) .build_features(build_features)
@ -188,40 +191,3 @@ impl GenerateCommand {
Ok(()) Ok(())
} }
} }
#[cached(
result = true,
key = "Option<Platform>",
convert = r#"{ platform }"#,
sync_writes = "by_key"
)]
fn determine_scripts_tag(platform: Option<Platform>) -> Result<Reference> {
trace!("determine_scripts_tag({platform:?})");
let opts = GetMetadataOpts::builder().maybe_platform(platform);
format!("{BUILD_SCRIPTS_IMAGE_REF}:{}", shadow::COMMIT_HASH)
.parse()
.into_diagnostic()
.and_then(|image| {
Driver::get_metadata(opts.clone().image(&image).build())
.inspect_err(|e| trace!("{e:?}"))
.map(|_| image)
})
.or_else(|_| {
let image: Reference = format!("{BUILD_SCRIPTS_IMAGE_REF}:{}", shadow::BRANCH)
.parse()
.into_diagnostic()?;
Driver::get_metadata(opts.clone().image(&image).build())
.inspect_err(|e| trace!("{e:?}"))
.map(|_| image)
})
.or_else(|_| {
let image: Reference = format!("{BUILD_SCRIPTS_IMAGE_REF}:v{}", crate_version!())
.parse()
.into_diagnostic()?;
Driver::get_metadata(opts.image(&image).build())
.inspect_err(|e| trace!("{e:?}"))
.map(|_| image)
})
.inspect(|image| debug!("Using build scripts image: {image}"))
}

85
src/lib.rs
View file

@ -1,6 +1,89 @@
//! The root library for blue-build. //! The root library for blue-build.
#![doc = include_str!("../README.md")] #![doc = include_str!("../README.md")]
shadow_rs::shadow!(shadow); use std::{
fs::{self, OpenOptions},
io::{Read, Write},
ops::Not,
os::unix::fs::PermissionsExt,
};
use blue_build_utils::constants::{BLUE_BUILD_SCRIPTS_DIR_IGNORE, GITIGNORE_PATH};
use miette::{Context, IntoDiagnostic, Result, miette};
use rust_embed::Embed;
use tempfile::TempDir;
pub mod commands; pub mod commands;
shadow_rs::shadow!(shadow);
#[derive(Embed)]
#[folder = "scripts/"]
pub(crate) struct BuildScripts;
impl BuildScripts {
pub fn extract_mount_dir() -> Result<TempDir> {
Self::update_gitignore()?;
let tempdir = TempDir::with_prefix_in(".bluebuild-scripts_", ".")
.into_diagnostic()
.wrap_err("Failed to create tempdir for build scripts.")?;
for file_path in Self::iter() {
let file = Self::get(file_path.as_ref())
.ok_or_else(|| miette!("Failed to get file {file_path}"))?;
let file_path = tempdir.path().join(&*file_path);
fs::write(&file_path, &file.data)
.into_diagnostic()
.wrap_err_with(|| {
format!("Failed to write build script file {}", file_path.display())
})?;
let mut perm = fs::metadata(&file_path)
.into_diagnostic()
.wrap_err_with(|| {
format!(
"Failed to get file permissions for file {}",
file_path.display()
)
})?
.permissions();
perm.set_mode(0o755);
fs::set_permissions(&file_path, perm).into_diagnostic()?;
}
Ok(tempdir)
}
fn update_gitignore() -> Result<()> {
let file = &mut OpenOptions::new()
.read(true)
.append(true)
.create(true)
.open(GITIGNORE_PATH)
.into_diagnostic()
.wrap_err_with(|| format!("Failed to open {GITIGNORE_PATH} for editing"))?;
let ignore_contents = {
let mut cont = String::new();
file.read_to_string(&mut cont)
.into_diagnostic()
.wrap_err_with(|| format!("Failed to read {GITIGNORE_PATH}"))?;
cont
};
if ignore_contents
.contains(BLUE_BUILD_SCRIPTS_DIR_IGNORE)
.not()
{
writeln!(file, "{BLUE_BUILD_SCRIPTS_DIR_IGNORE}")
.into_diagnostic()
.wrap_err_with(|| {
format!("Failed to add {BLUE_BUILD_SCRIPTS_DIR_IGNORE} to {GITIGNORE_PATH}")
})?;
}
Ok(())
}
}

3
template/src/lib.rs
View file

@ -9,7 +9,6 @@ use bon::Builder;
use chrono::Utc; use chrono::Utc;
use colored::control::ShouldColorize; use colored::control::ShouldColorize;
use log::{debug, error, trace, warn}; use log::{debug, error, trace, warn};
use oci_distribution::Reference;
use uuid::Uuid; use uuid::Uuid;
pub use askama::Template; pub use askama::Template;
@ -25,7 +24,7 @@ pub struct ContainerFileTemplate<'a> {
build_id: Uuid, build_id: Uuid,
os_version: u64, os_version: u64,
registry: &'a str, registry: &'a str,
build_scripts_image: &'a Reference, build_scripts_dir: &'a Path,
repo: &'a str, repo: &'a str,
base_digest: &'a str, base_digest: &'a str,
nushell_version: Option<&'a MaybeVersion>, nushell_version: Option<&'a MaybeVersion>,

4
template/templates/Containerfile.j2
View file

@ -40,12 +40,12 @@ RUN --mount=type=bind,from={{ blue_build_utils::constants::NUSHELL_IMAGE }}:{{ g
&& cp -r /tmp/nu/* /usr/libexec/bluebuild/nu/ && cp -r /tmp/nu/* /usr/libexec/bluebuild/nu/
{%- endif %} {%- endif %}
RUN --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/scripts/ \ RUN --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/scripts/ \
/scripts/pre_build.sh /scripts/pre_build.sh
{% call modules::main_modules_run(recipe.modules_ext, os_version) %} {% call modules::main_modules_run(recipe.modules_ext, os_version) %}
RUN --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/scripts/ \ RUN --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/scripts/ \
/scripts/post_build.sh /scripts/post_build.sh
# Labels are added last since they cause cache misses with buildah # Labels are added last since they cause cache misses with buildah

4
template/templates/modules/modules.j2
View file

@ -33,7 +33,7 @@ RUN \
{%- if module.module_type.typ() == "akmods" %} {%- if module.module_type.typ() == "akmods" %}
--mount=type=bind,from=stage-akmods-{{ module.generate_akmods_info(os_version).stage_name }},src=/rpms,dst=/tmp/rpms,rw \ --mount=type=bind,from=stage-akmods-{{ module.generate_akmods_info(os_version).stage_name }},src=/rpms,dst=/tmp/rpms,rw \
{%- endif %} {%- endif %}
--mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/tmp/scripts/ \ --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/tmp/scripts/ \
--mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \ --mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \
--mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \ --mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \
{%- for secret_var in module.secrets.envs() %} {%- for secret_var in module.secrets.envs() %}
@ -78,7 +78,7 @@ RUN \
{%- else %} {%- else %}
--mount=type=bind,from={{ module.get_module_image() }},src=/modules,dst=/tmp/modules,rw \ --mount=type=bind,from={{ module.get_module_image() }},src=/modules,dst=/tmp/modules,rw \
{%- endif %} {%- endif %}
--mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/tmp/scripts/ \ --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/tmp/scripts/ \
{%- for secret_var in module.secrets.envs() %} {%- for secret_var in module.secrets.envs() %}
{{ secret_var }} \ {{ secret_var }} \
{%- endfor %} {%- endfor %}

2
template/templates/stages.j2
View file

@ -62,7 +62,7 @@ COPY --from={{ blue_build_utils::constants::NUSHELL_IMAGE }}:{{ get_nu_version()
# Add compatibility for modules # Add compatibility for modules
RUN --mount=type=bind,from=stage-bins,src=/bins/,dst=/tmp/bins/ \ RUN --mount=type=bind,from=stage-bins,src=/bins/,dst=/tmp/bins/ \
--mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/tmp/scripts/ \ --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/tmp/scripts/ \
/tmp/scripts/setup.sh /tmp/scripts/setup.sh
{%- if self::config_dir_exists() %} {%- if self::config_dir_exists() %}

2
utils/src/constants.rs
View file

@ -8,6 +8,7 @@ pub const CONTAINER_FILE: &str = "Containerfile";
pub const COSIGN_PUB_PATH: &str = "./cosign.pub"; pub const COSIGN_PUB_PATH: &str = "./cosign.pub";
pub const COSIGN_PRIV_PATH: &str = "./cosign.key"; pub const COSIGN_PRIV_PATH: &str = "./cosign.key";
pub const FILES_PATH: &str = "./files"; pub const FILES_PATH: &str = "./files";
pub const GITIGNORE_PATH: &str = "./.gitignore";
pub const LOCAL_BUILD: &str = "/etc/bluebuild"; pub const LOCAL_BUILD: &str = "/etc/bluebuild";
pub const MODULES_PATH: &str = "./config/modules"; pub const MODULES_PATH: &str = "./config/modules";
pub const RECIPE_FILE: &str = "recipe.yml"; pub const RECIPE_FILE: &str = "recipe.yml";
@ -81,6 +82,7 @@ pub const BLUE_BUILD: &str = "bluebuild";
pub const BUILD_SCRIPTS_IMAGE_REF: &str = "ghcr.io/blue-build/cli/build-scripts"; pub const BUILD_SCRIPTS_IMAGE_REF: &str = "ghcr.io/blue-build/cli/build-scripts";
pub const BLUE_BUILD_IMAGE_REF: &str = "ghcr.io/blue-build/cli"; pub const BLUE_BUILD_IMAGE_REF: &str = "ghcr.io/blue-build/cli";
pub const BLUE_BUILD_MODULE_IMAGE_REF: &str = "ghcr.io/blue-build/modules"; pub const BLUE_BUILD_MODULE_IMAGE_REF: &str = "ghcr.io/blue-build/modules";
pub const BLUE_BUILD_SCRIPTS_DIR_IGNORE: &str = "/.bluebuild-scripts_*";
pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:v2.5.3"; pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:v2.5.3";
pub const NUSHELL_IMAGE: &str = "ghcr.io/blue-build/nushell-image"; pub const NUSHELL_IMAGE: &str = "ghcr.io/blue-build/nushell-image";
pub const OCI_ARCHIVE: &str = "oci-archive"; pub const OCI_ARCHIVE: &str = "oci-archive";