particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Local image rebasing

Browse source
This commit is contained in:
Gerald Pinder 2024-01-14 03:02:35 +00:00
parent 7829ea6fe3
commit eaeb79f329
8 changed files with 308 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitlab-ci.yml
View file

@ -1,3 +1,3 @@
include: include:
- project: wunker-bunker/ci-pipelines - project: wunker-bunker/ci-pipelines
file: cargo-build.yml file: cargo-earthly.yml

11
Cargo.lock generated
View file

@ -165,6 +165,7 @@ dependencies = [
"serde_json", "serde_json",
"serde_yaml", "serde_yaml",
"typed-builder", "typed-builder",
"users",
] ]
[[package]] [[package]]
@ -817,6 +818,16 @@ version = "0.2.10"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ab4c90930b95a82d00dc9e9ac071b4991924390d46cbd0dfe566148667605e4b" checksum = "ab4c90930b95a82d00dc9e9ac071b4991924390d46cbd0dfe566148667605e4b"
[[package]]
name = "users"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24cc0f6d6f267b73e5a2cadf007ba8f9bc39c6a6f9666f8cf25ea809a153b032"
dependencies = [
"libc",
"log",
]
[[package]] [[package]]
name = "utf8parse" name = "utf8parse"
version = "0.2.1" version = "0.2.1"

3
Cargo.toml
View file

@ -23,10 +23,11 @@ serde = { version = "1.0.188", features = ["derive"] }
serde_json = "1.0.107" serde_json = "1.0.107"
serde_yaml = "0.9.25" serde_yaml = "0.9.25"
typed-builder = "0.18.0" typed-builder = "0.18.0"
users = "0.11.0"
[features] [features]
default = ["build"] default = ["build"]
nightly = ["init", "build"] nightly = ["build"]
init = [] init = []
build = [] build = []

176
Earthfile
View file

@ -1,12 +1,119 @@
VERSION --global-cache 0.7 VERSION \
IMPORT github.com/earthly/lib/rust AS rust --global-cache \
--use-function-keyword \
--arg-scope-and-set \
0.7
ARG --global FEDORA_MAJOR_VERSION=38 IMPORT gitlab.com/wunker-bunker/ci-pipelines/earthly/cargo AS cargo
ARG --global IMAGE=registry.gitlab.com/wunker-bunker/blue-build ARG --global IMAGE=registry.gitlab.com/wunker-bunker/blue-build
all:
BUILD +default
BUILD +nightly
default:
WAIT
BUILD +lint
BUILD +test
END
BUILD +blue-build-cli
BUILD +blue-build-cli-alpine
BUILD +installer
nightly:
WAIT
BUILD +lint --NIGHTLY=true
BUILD +test --NIGHTLY=true
END
BUILD +blue-build-cli --NIGHTLY=true
BUILD +blue-build-cli-alpine --NIGHTLY=true
BUILD +installer --NIGHTLY=true
lint:
FROM +common
ARG NIGHTLY=false
DO cargo+LINT --NIGHTLY=$NIGHTLY
test:
FROM +common
ARG NIGHTLY=false
DO cargo+TEST --NIGHTLY=$NIGHTLY
install:
FROM +common
ARG NIGHTLY=false
ARG --required BUILD_TARGET
DO cargo+BUILD_RELEASE --BUILD_TARGET=$BUILD_TARGET --NIGHTLY=$NIGHTLY
SAVE ARTIFACT target/$BUILD_TARGET/release/bb
common:
FROM registry.gitlab.com/wunker-bunker/cargo-builder
WORKDIR /app
COPY --keep-ts --dir src/ templates/ /app
COPY --keep-ts Cargo.* /app
COPY --keep-ts *.md /app
COPY --keep-ts LICENSE /app
DO cargo+INIT
blue-build-cli:
FROM registry.fedoraproject.org/fedora-toolbox
ARG NIGHTLY=false
BUILD +install --BUILD_TARGET="x86_64-unknown-linux-gnu" --NIGHTLY=$NIGHTLY
RUN dnf install --refresh -y buildah podman skopeo
COPY +cosign/cosign /usr/bin/cosign
COPY (+install/bb --BUILD_TARGET="x86_64-unknown-linux-gnu" --NIGHTLY=$NIGHTLY) /usr/bin/bb
ARG TAG
ARG LATEST=false
DO cargo+SAVE_IMAGE --IMAGE=$IMAGE --TAG=$TAG --LATEST=$LATEST --NIGHTLY=$NIGHTLY
blue-build-cli-alpine:
FROM alpine
ARG NIGHTLY=false
BUILD +install --BUILD_TARGET="x86_64-unknown-linux-musl" --NIGHTLY=$NIGHTLY
RUN apk update && apk add buildah podman skopeo fuse-overlayfs
COPY +cosign/cosign /usr/bin/cosign
COPY (+install/bb --BUILD_TARGET="x86_64-unknown-linux-musl" --NIGHTLY=$NIGHTLY) /usr/bin/bb
ARG TAG
ARG LATEST=false
DO cargo+SAVE_IMAGE --IMAGE=$IMAGE --TAG=$TAG --LATEST=$LATEST --NIGHTLY=$NIGHTLY --ALPINE=true
installer:
FROM alpine
ARG NIGHTLY=false
BUILD +install --BUILD_TARGET="x86_64-unknown-linux-gnu" --NIGHTLY=$NIGHTLY
COPY (+install/bb --BUILD_TARGET="x86_64-unknown-linux-gnu") /out/bb
COPY install.sh /install.sh
CMD ["cat", "/install.sh"]
ARG TAG
ARG LATEST=false
ARG INSTALLER=true
DO cargo+SAVE_IMAGE --IMAGE=$IMAGE --TAG=$TAG --LATEST=$LATEST --NIGHTLY=$NIGHTLY --INSTALLER=$INSTALLER
iso-generator: iso-generator:
FROM registry.fedoraproject.org/fedora-toolbox:${FEDORA_MAJOR_VERSION} FROM registry.fedoraproject.org/fedora-toolbox
GIT CLONE https://github.com/ublue-os/isogenerator.git /isogenerator GIT CLONE https://github.com/ublue-os/isogenerator.git /isogenerator
WORKDIR /isogenerator WORKDIR /isogenerator
@ -18,64 +125,3 @@ iso-generator:
cosign: cosign:
FROM gcr.io/projectsigstore/cosign FROM gcr.io/projectsigstore/cosign
SAVE ARTIFACT /ko-app/cosign SAVE ARTIFACT /ko-app/cosign
install:
FROM rust
DO rust+INIT --keep_fingerprints=true
COPY --keep-ts . /app
WORKDIR /app
ARG --required TARGET
DO rust+CARGO --args="build --release --target $TARGET" --output="$TARGET/release/[^\./]+"
SAVE ARTIFACT target/$TARGET/release/bb
blue-build-cli:
FROM registry.fedoraproject.org/fedora-toolbox:${FEDORA_MAJOR_VERSION}
BUILD +install --TARGET="x86_64-unknown-linux-gnu"
RUN dnf install --refresh -y buildah podman skopeo
COPY +cosign/cosign /usr/bin/cosign
COPY (+install/bb --TARGET="x86_64-unknown-linux-gnu") /usr/bin/bb
ARG TAG
IF [ "$TAG" != "" ]
SAVE IMAGE --push $IMAGE:$TAG
ARG LATEST=false
IF [ "$LATEST" = "true" ]
SAVE IMAGE --push $IMAGE:latest
END
ELSE
SAVE IMAGE blue-build
END
blue-build-cli-alpine:
FROM alpine
BUILD +install --TARGET="x86_64-unknown-linux-musl"
RUN apk update && apk add buildah podman skopeo fuse-overlayfs
COPY +cosign/cosign /usr/bin/cosign
COPY (+install/bb --TARGET="x86_64-unknown-linux-musl") /usr/bin/bb
ARG TAG
IF [ "$TAG" != "" ]
SAVE IMAGE --push $IMAGE:$TAG-alpine
ARG LATEST=false
IF [ "$LATEST" = "true" ]
SAVE IMAGE --push $IMAGE:alpine
END
ELSE
SAVE IMAGE blue-build:alpine
END
all:
BUILD +blue-build-cli
BUILD +blue-build-cli-alpine
BUILD +iso-generator

14
README.md
View file

@ -13,12 +13,22 @@ This is my personal project trying to create a more conise version of the [start
## Installation ## Installation
Right now the only way to install this tool is to use `cargo`. ### Cargo
This is the best way to install as it gives you the opportunity to bulid for your specific environment.
```bash ```bash
cargo install --locked blue-build cargo install --locked blue-build
``` ```
### Podman/Docker
This will install the binary on your system in `/usr/local/bin`. This is only a `linux-gnu` version.
```bash
podman run --rm registry.gitlab.com/wunker-bunker/blue-build:installer | sudo bash
```
## How to use ## How to use
### Templating ### Templating
@ -138,4 +148,4 @@ jobs:
- [x] Setup pipeline automation for publishing - [x] Setup pipeline automation for publishing
- [ ] Create an init command to create a repo for you to start out - [ ] Create an init command to create a repo for you to start out
- [ ] Setup the project to allow installing with `binstall` - [ ] Setup the project to allow installing with `binstall`
- [ ] Create an install script for easy install for users without `cargo` - [x] Create an install script for easy install for users without `cargo`

30
install.sh Executable file
View file

@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -euo pipefail
function cleanup() {
echo "Cleaning up image"
podman stop -i -t 0 blue-build-installer
sleep 2
podman image rm registry.gitlab.com/wunker-bunker/blue-build:installer
}
podman pull registry.gitlab.com/wunker-bunker/blue-build:installer
podman run -d --rm --name blue-build-installer registry.gitlab.com/wunker-bunker/blue-build:installer tail -f /dev/null
set +e
podman cp blue-build-installer:/out/bb /usr/local/bin/bb
RETVAL=$?
set -e
if [ -n $RETVAL ]; then
cleanup
echo "Failed to copy file, try:"
printf "\tpodman run --rm registry.gitlab.com/wunker-bunker/blue-build:installer | sudo bash\n"
exit 1
else
cleanup
fi

186
src/build.rs
View file

@ -1,6 +1,6 @@
use std::{ use std::{
env, fs, env, fs,
path::PathBuf, path::{Path, PathBuf},
process::{self, Command}, process::{self, Command},
}; };
@ -8,12 +8,15 @@ use anyhow::{anyhow, bail, Result};
use clap::Args; use clap::Args;
use log::{debug, error, info, trace, warn}; use log::{debug, error, info, trace, warn};
use typed_builder::TypedBuilder; use typed_builder::TypedBuilder;
use users::{Users, UsersCache};
use crate::{ use crate::{
ops, ops,
template::{Recipe, TemplateCommand}, template::{Recipe, TemplateCommand},
}; };
const LOCAL_BUILD: &str = "/etc/blue-build";
#[derive(Debug, Clone, Args, TypedBuilder)] #[derive(Debug, Clone, Args, TypedBuilder)]
pub struct BuildCommand { pub struct BuildCommand {
/// The recipe file to build an image /// The recipe file to build an image
@ -25,6 +28,19 @@ pub struct BuildCommand {
#[builder(default, setter(into))] #[builder(default, setter(into))]
containerfile: Option<PathBuf>, containerfile: Option<PathBuf>,
/// Rebase your current OS onto the image
/// being built.
///
/// This will create a tarball of your image at
/// `/etc/blue-build/` and invoke `rpm-ostree` to
/// rebase onto the image using `oci-archive`.
///
/// NOTE: This can only be used if you have `rpm-ostree`
/// installed and if the `--push` option isn't
/// used. This image will not be signed.
#[arg(short, long)]
rebase: bool,
/// Push the image with all the tags. /// Push the image with all the tags.
/// ///
/// Requires `--registry`, `--registry-path`, /// Requires `--registry`, `--registry-path`,
@ -59,15 +75,32 @@ pub struct BuildCommand {
} }
impl BuildCommand { impl BuildCommand {
/// Runs the command and returns a result.
pub fn try_run(&self) -> Result<()> { pub fn try_run(&self) -> Result<()> {
trace!("BuildCommand::try_run()"); trace!("BuildCommand::try_run()");
if self.push && self.rebase {
bail!("You cannot use '--rebase' and '--push' at the same time");
}
if let Err(e1) = ops::check_command_exists("buildah") { if let Err(e1) = ops::check_command_exists("buildah") {
ops::check_command_exists("podman").map_err(|e2| { ops::check_command_exists("podman").map_err(|e2| {
anyhow!("Need either 'buildah' or 'podman' commands to proceed: {e1}, {e2}") anyhow!("Need either 'buildah' or 'podman' commands to proceed: {e1}, {e2}")
})?; })?;
} }
if self.rebase {
ops::check_command_exists("rpm-ostree")?;
let cache = UsersCache::new();
if cache.get_current_uid() != 0 {
bail!("You need to be root to rebase a local image! Try using 'sudo'.");
}
clean_local_build_dir()?;
}
if self.push { if self.push {
ops::check_command_exists("cosign")?; ops::check_command_exists("cosign")?;
ops::check_command_exists("skopeo")?; ops::check_command_exists("skopeo")?;
@ -85,6 +118,7 @@ impl BuildCommand {
self.build_image() self.build_image()
} }
/// Runs the command and exits if there is an error.
pub fn run(&self) { pub fn run(&self) {
trace!("BuildCommand::run()"); trace!("BuildCommand::run()");
@ -109,6 +143,10 @@ impl BuildCommand {
info!("Build complete!"); info!("Build complete!");
if self.rebase {
info!("Be sure to restart your computer to use your new changes!");
}
Ok(()) Ok(())
} }
@ -201,49 +239,56 @@ impl BuildCommand {
info!("Generating full image name"); info!("Generating full image name");
trace!("BuildCommand::generate_full_image_name({recipe:#?})"); trace!("BuildCommand::generate_full_image_name({recipe:#?})");
let image_name = match ( let image_name = if self.rebase {
env::var("CI_REGISTRY").ok(), let local_build_path = PathBuf::from(LOCAL_BUILD);
env::var("CI_PROJECT_NAMESPACE").ok(),
env::var("CI_PROJECT_NAME").ok(), let image_path = local_build_path.join(format!("{}.tar.gz", &recipe.name));
env::var("GITHUB_REPOSITORY_OWNER").ok(), format!("oci-archive:{}", image_path.display())
self.registry.as_ref(), } else {
self.registry_path.as_ref(), match (
) { env::var("CI_REGISTRY").ok(),
(_, _, _, _, Some(registry), Some(registry_path)) => { env::var("CI_PROJECT_NAMESPACE").ok(),
trace!("registry={registry}, registry_path={registry_path}"); env::var("CI_PROJECT_NAME").ok(),
format!( env::var("GITHUB_REPOSITORY_OWNER").ok(),
"{}/{}/{}", self.registry.as_ref(),
registry.trim().trim_matches('/'), self.registry_path.as_ref(),
registry_path.trim().trim_matches('/'), ) {
&recipe.name (_, _, _, _, Some(registry), Some(registry_path)) => {
) trace!("registry={registry}, registry_path={registry_path}");
} format!(
( "{}/{}/{}",
Some(ci_registry), registry.trim().trim_matches('/'),
Some(ci_project_namespace), registry_path.trim().trim_matches('/'),
Some(ci_project_name), &recipe.name
None, )
None, }
None, (
) => { Some(ci_registry),
trace!("CI_REGISTRY={ci_registry}, CI_PROJECT_NAMESPACE={ci_project_namespace}, CI_PROJECT_NAME={ci_project_name}"); Some(ci_project_namespace),
warn!("Generating Gitlab Registry image"); Some(ci_project_name),
format!( None,
"{ci_registry}/{ci_project_namespace}/{ci_project_name}/{}", None,
&recipe.name None,
) ) => {
} trace!("CI_REGISTRY={ci_registry}, CI_PROJECT_NAMESPACE={ci_project_namespace}, CI_PROJECT_NAME={ci_project_name}");
(None, None, None, Some(github_repository_owner), None, None) => { warn!("Generating Gitlab Registry image");
trace!("GITHUB_REPOSITORY_OWNER={github_repository_owner}"); format!(
warn!("Generating Github Registry image"); "{ci_registry}/{ci_project_namespace}/{ci_project_name}/{}",
format!("ghcr.io/{github_repository_owner}/{}", &recipe.name) &recipe.name
} )
_ => { }
trace!("Nothing to indicate an image name with a registry"); (None, None, None, Some(github_repository_owner), None, None) => {
if self.push { trace!("GITHUB_REPOSITORY_OWNER={github_repository_owner}");
bail!("Need '--registry' and '--registry-path' in order to push image"); warn!("Generating Github Registry image");
format!("ghcr.io/{github_repository_owner}/{}", &recipe.name)
}
_ => {
trace!("Nothing to indicate an image name with a registry");
if self.push {
bail!("Need '--registry' and '--registry-path' in order to push image");
}
recipe.name.to_owned()
} }
recipe.name.to_owned()
} }
}; };
@ -261,7 +306,11 @@ impl BuildCommand {
.next() .next()
.ok_or(anyhow!("We got here with no tags!?"))?; .ok_or(anyhow!("We got here with no tags!?"))?;
let full_image = format!("{image_name}:{first_tag}"); let full_image = if self.rebase {
image_name.to_owned()
} else {
format!("{image_name}:{first_tag}")
};
let status = match ( let status = match (
ops::check_command_exists("buildah"), ops::check_command_exists("buildah"),
@ -293,7 +342,7 @@ impl BuildCommand {
bail!("Failed to build {image_name}"); bail!("Failed to build {image_name}");
} }
if tags.len() > 1 { if tags.len() > 1 && !self.rebase {
debug!("Tagging all images"); debug!("Tagging all images");
for tag in tags_iter { for tag in tags_iter {
@ -365,6 +414,19 @@ impl BuildCommand {
} }
self.sign_images(image_name, first_tag)?; self.sign_images(image_name, first_tag)?;
} else if self.rebase {
debug!("Rebasing onto locally built image {image_name}");
if Command::new("rpm-ostree")
.arg("rebase")
.arg(format!("ostree-unverified-image:{full_image}"))
.status()?
.success()
{
info!("Successfully rebased to {full_image}");
} else {
bail!("Failed to rebase to {full_image}");
}
} }
Ok(()) Ok(())
@ -481,7 +543,7 @@ impl BuildCommand {
} }
} }
pub fn get_image_digest(image_name: &str, tag: &str) -> Result<String> { fn get_image_digest(image_name: &str, tag: &str) -> Result<String> {
trace!("get_image_digest({image_name}, {tag})"); trace!("get_image_digest({image_name}, {tag})");
let image_url = format!("docker://{image_name}:{tag}"); let image_url = format!("docker://{image_name}:{tag}");
@ -502,7 +564,7 @@ pub fn get_image_digest(image_name: &str, tag: &str) -> Result<String> {
)) ))
} }
pub fn check_cosign_files() -> Result<()> { fn check_cosign_files() -> Result<()> {
trace!("check_for_cosign_files()"); trace!("check_for_cosign_files()");
match ( match (
@ -547,3 +609,33 @@ pub fn check_cosign_files() -> Result<()> {
} }
} }
} }
fn clean_local_build_dir() -> Result<()> {
trace!("clean_local_build_dir()");
let local_build_path = Path::new(LOCAL_BUILD);
if !local_build_path.exists() {
trace!(
"Creating build output dir at {}",
local_build_path.display()
);
fs::create_dir_all(local_build_path)?;
} else {
debug!("Cleaning out build dir {LOCAL_BUILD}");
let entries = fs::read_dir(LOCAL_BUILD)?;
for entry in entries {
let entry = entry?;
let path = entry.path();
trace!("Found {}", path.display());
if path.is_file() && path.ends_with(".tar.gz") {
trace!("Removing {}", path.display());
fs::remove_file(path)?;
}
}
}
Ok(())
}

2
templates/Containerfile
View file

@ -21,6 +21,8 @@ COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /usr/bin/cosign COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /usr/bin/cosign
COPY --from=registry.gitlab.com/wunker-bunker/blue-build:installer /out/bb /usr/bin/bb
COPY config /tmp/config/ COPY config /tmp/config/
# Copy modules # Copy modules