diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml index 039cf98..992dce7 100644 --- a/.github/workflows/build-pr.yml +++ b/.github/workflows/build-pr.yml @@ -14,6 +14,8 @@ jobs: build: timeout-minutes: 60 runs-on: ubuntu-latest + outputs: + export: ${{ steps.build.outputs.export }} steps: - name: Maximize build space @@ -23,8 +25,6 @@ jobs: if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Earthly login env: @@ -39,8 +39,22 @@ jobs: with: ref: ${{ github.event.pull_request.ref }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + if: github.token != null + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + - name: Run build - run: earthly --ci +build + id: build + run: | + if [ -n "${{ github.token }}" ]; then + earthly --ci --push +exports-script + echo "export=true" >> "$GITHUB_OUTPUT" + fi + earthly --ci +build integration-tests: permissions: @@ -49,14 +63,16 @@ jobs: runs-on: ubuntu-latest needs: - build + if: needs.build.outputs.export == 'true' steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 + env: + EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} + if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Earthly login env: @@ -73,7 +89,6 @@ jobs: ref: ${{ github.event.pull_request.ref }} - name: Run integration tests - if: github.repository == 'blue-build/cli' run: earthly --ci -P ./integration-tests+all docker-build: @@ -85,6 +100,7 @@ jobs: id-token: write needs: - build + if: needs.build.outputs.export == 'true' steps: - name: Maximize build space @@ -92,8 +108,6 @@ jobs: - uses: sigstore/cosign-installer@v3.3.0 - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -107,7 +121,7 @@ jobs: run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build - earthly sat s blue-build-integration-tests + earthly sat s blue-build-pr - uses: actions/checkout@v4 with: @@ -115,7 +129,7 @@ jobs: - name: Install bluebuild run: | - earthly -a +install/bluebuild --BUILD_TARGET=x86_64-unknown-linux-musl /usr/local/bin/bluebuild + earthly -a +installer/bluebuild /usr/local/bin/bluebuild - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@v3 @@ -130,8 +144,4 @@ jobs: cd integration-tests/test-repo bluebuild template -vv | tee Containerfile grep -q 'ARG IMAGE_REGISTRY=ghcr.io/blue-build' Containerfile || exit 1 - if [ -n "$GH_TOKEN" ] && [ -n "$COSIGN_PRIVATE_KEY" ]; then - bluebuild build --push -vv - else - bluebuild build -vv - fi + bluebuild build --push -vv diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2706ae0..2d5ff64 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,8 +28,6 @@ jobs: if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Earthly login env: @@ -56,21 +54,27 @@ jobs: if: github.repository == 'blue-build/cli' run: earthly --push --ci +build + - name: Run build fork + if: github.repository != 'blue-build/cli' + run: earthly --ci +build + integration-tests: permissions: packages: write timeout-minutes: 60 runs-on: ubuntu-latest + if: github.repository == 'blue-build/cli' needs: - build steps: - name: Maximize build space uses: ublue-os/remove-unwanted-software@v6 + env: + EARTHLY_SAT_TOKEN: ${{ secrets.EARTHLY_SAT_TOKEN }} + if: env.EARTHLY_SAT_TOKEN == null - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Earthly login env: @@ -97,6 +101,7 @@ jobs: contents: read packages: write id-token: write + if: github.repository == 'blue-build/cli' needs: - build @@ -106,8 +111,6 @@ jobs: - uses: sigstore/cosign-installer@v3.3.0 - uses: earthly/actions-setup@v1 - with: - version: v0.8.4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -121,7 +124,7 @@ jobs: run: | earthly account login --token ${{ secrets.EARTHLY_SAT_TOKEN }} >> /dev/null earthly org s blue-build - earthly sat s blue-build-integration-tests + earthly sat s blue-build-main - uses: actions/checkout@v4 with: @@ -129,7 +132,7 @@ jobs: - name: Install bluebuild run: | - earthly -a +install/bluebuild --BUILD_TARGET=x86_64-unknown-linux-musl /usr/local/bin/bluebuild + earthly -a +installer/bluebuild /usr/local/bin/bluebuild - name: Expose GitHub Runtime uses: crazy-max/ghaction-github-runtime@v3 diff --git a/Earthfile b/Earthfile index 4476f48..b402033 100644 --- a/Earthfile +++ b/Earthfile @@ -41,7 +41,9 @@ exports-script: LABEL org.opencontainers.image.source="https://github.com/blue-build/cli" COPY exports.sh / RUN chmod +x exports.sh - SAVE IMAGE --push $IMAGE:exports + + ARG EARTHLY_GIT_HASH + SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_HASH-exports common: FROM ghcr.io/blue-build/earthly-lib/cargo-builder @@ -52,6 +54,8 @@ common: COPY --keep-ts *.md /app COPY --keep-ts LICENSE /app COPY --keep-ts build.rs /app + COPY --keep-ts --dir .git/ /app + RUN touch build.rs DO cargo+INIT @@ -77,14 +81,23 @@ blue-build-cli: COPY (+install/bluebuild --BUILD_TARGET="x86_64-unknown-linux-gnu") /usr/bin/bluebuild - ARG TAG - ARG LATEST=false - RUN mkdir -p /bluebuild WORKDIR /bluebuild ENTRYPOINT ["bluebuild"] - DO cargo+SAVE_IMAGE --IMAGE=$IMAGE --TAG=$TAG --LATEST=$LATEST + ARG TAG + ARG LATEST=false + + IF [ -n "$TAG" ] + SAVE IMAGE --push $IMAGE:$TAG + + IF [ "$LATEST" = "true" ] + SAVE IMAGE --push $IMAGE:latest + END + ELSE + ARG EARTHLY_GIT_BRANCH + SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_BRANCH + END blue-build-cli-alpine: FROM alpine @@ -96,14 +109,22 @@ blue-build-cli-alpine: COPY +cosign/cosign /usr/bin/cosign COPY (+install/bluebuild --BUILD_TARGET="x86_64-unknown-linux-musl") /usr/bin/bluebuild - ARG TAG - ARG LATEST=false - RUN mkdir -p /bluebuild WORKDIR /bluebuild ENTRYPOINT ["bluebuild"] - DO cargo+SAVE_IMAGE --IMAGE=$IMAGE --TAG=$TAG --LATEST=$LATEST --ALPINE=true + ARG TAG + IF [ -n "$TAG" ] + SAVE IMAGE --push $IMAGE:$TAG-alpine + + ARG LATEST=false + IF [ "$LATEST" = "true" ] + SAVE IMAGE --push $IMAGE:latest-alpine + END + ELSE + ARG EARTHLY_GIT_BRANCH + SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_BRANCH-alpine + END installer: FROM alpine @@ -114,8 +135,18 @@ installer: CMD ["cat", "/install.sh"] ARG TAG - ARG LATEST=false - DO cargo+SAVE_IMAGE --IMAGE=$IMAGE --TAG=$TAG --LATEST=$LATEST --INSTALLER=true + IF [ -n "$TAG" ] + SAVE IMAGE --push $IMAGE:$TAG-installer + + ARG LATEST=false + IF [ "$LATEST" = "true" ] + SAVE IMAGE --push $IMAGE:latest-installer + END + ELSE + ARG EARTHLY_GIT_BRANCH + SAVE IMAGE --push $IMAGE:$EARTHLY_GIT_BRANCH-installer + END + SAVE ARTIFACT /out/bluebuild cosign: FROM gcr.io/projectsigstore/cosign diff --git a/build.rs b/build.rs index a42bd65..2050cad 100644 --- a/build.rs +++ b/build.rs @@ -7,12 +7,7 @@ fn main() -> SdResult<()> { shadow_rs::new_hook(hook) } -fn hook(file: &File) -> SdResult<()> { - append_write_const(file)?; - Ok(()) -} - -fn append_write_const(mut file: &File) -> SdResult<()> { +fn hook(mut file: &File) -> SdResult<()> { let hash = Command::new("git") .args(["rev-parse", "HEAD"]) .output() diff --git a/src/commands/template.rs b/src/commands/template.rs index c4062f0..1d7f8ea 100644 --- a/src/commands/template.rs +++ b/src/commands/template.rs @@ -10,7 +10,7 @@ use clap::Args; use log::{debug, info, trace}; use typed_builder::TypedBuilder; -use crate::drivers::Driver; +use crate::{drivers::Driver, shadow}; use super::{BlueBuildCommand, DriverArgs}; @@ -86,6 +86,7 @@ impl TemplateCommand { .recipe(&recipe_de) .recipe_path(recipe_path.as_path()) .registry(self.get_registry()) + .exports_tag(shadow::BB_COMMIT_HASH) .build(); let output_str = template.render()?; diff --git a/template/src/lib.rs b/template/src/lib.rs index 1f4a953..412c10e 100644 --- a/template/src/lib.rs +++ b/template/src/lib.rs @@ -27,6 +27,9 @@ pub struct ContainerFileTemplate<'a> { #[builder(setter(into))] registry: Cow<'a, str>, + + #[builder(setter(into))] + exports_tag: Cow<'a, str>, } #[derive(Debug, Clone, Template, TypedBuilder)] diff --git a/template/templates/modules/modules.j2 b/template/templates/modules/modules.j2 index 3ff961e..84929fa 100644 --- a/template/templates/modules/modules.j2 +++ b/template/templates/modules/modules.j2 @@ -27,7 +27,7 @@ RUN \ {%- if type == "akmods" %} --mount=type=bind,from=stage-akmods-{{ module.generate_akmods_info(os_version).stage_name }},src=/rpms,dst=/tmp/rpms,rw \ {%- endif %} - --mount=type=bind,from=ghcr.io/blue-build/cli:exports,src=/exports.sh,dst=/tmp/exports.sh \ + --mount=type=bind,from=ghcr.io/blue-build/cli:{{ exports_tag }}-exports,src=/exports.sh,dst=/tmp/exports.sh \ --mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \ echo "========== Start {{ type|capitalize }} module ==========" \ && chmod +x /tmp/modules/{{ type }}/{{ type }}.sh \