This separates out the module template logic so that it is easier to
undertstand what each section does. This will also allow creating in
repo documentation for any special modules that don't use a bash base.
An issue was filed for adding retry logic to our push_image command in
the CLI. https://github.com/blue-build/cli/issues/79.
This PR adds:
- **retry flag**
- `-r`
- defaults to true
- **retry_count flag**
- `--retry_count`
- defaults to 1
This functionality will be extended to our other services in build
(podman api as well once that is hooked up), but this is the initial
ground work
---------
Co-authored-by: Gerald Pinder <gmpinder@gmail.com>
The akmods module require having the /rpms directory put into /tmp/rpms.
By default we will mount the akmods image with the `main-{{ os_version
}}` tag.
If a user supplies `base` for the akmods module in their recipe, it will
pull that image tag instead and mount the resulting /rpms.
```yaml
modules:
- type: akmods
base: surface
install:
- openrazer
```
This would pull the image `ghcr.io/ublue-os/akmods:surface-39`.
A user can also supply `nvidia-version` with the numerical version of
the driver you would like to use. Doing so will mount the appropriate
`akmods-nvidia` image with the version of the driver you want in the
tag.
```yaml
modules:
- type: akmods
nvidia-version: 545
install:
- nvidia
```
This would pull the image `ghcr.io/ublue-os/akmods-nvidia:main-39-545`
and `ghcr.io/ublue-os/akmods:main-39`.
This uses bind mount like all the other modules so these files will not
persist into the final image.
To keep things as consistent as possible, we're switching to using the
GITHUB_TOKEN env var for login instead. Env vars were also all pulled
out into their own constants to make things more consistent.
This change also includes prioritizing public/private key signing over
OIDC keyless for GitHub for an easier transition. It would require the
user to delete their `cosign.pub` file from their repo in order to start
using the keyless method.
the `SIGSTORE_ID_TOKEN` env var is not declared inside of github
actions, however the block that does OIDC signing requires it, this
changes it so that it matches for `GITHUB_TOKEN` in the second block
instead of `SIGSTORE_ID_TOKEN`, (hopefully) using OIDC instead of pubkey
auth
This change will follow the patter that was established with the GitLab
pipeline. Users will be able to have their images signed by GitHub's
OIDC. This will allow users to rebase directly onto a signed image and
forego using the siging module.
## Goals
This PR adds snippets which is being discussed in #41 .
It will generate snippet lines for *ONLY* our containerfile module
- [x] allow for modules to specify snippets
- [x] append snippets to module run inside Containerfile
- [ ] write supporting test
## Preview
Recipe.yml
```yml
# image will be published to ghcr.io/<user>/<name>
name: orora
description: A starting point for further customization of uBlue images. Make your own! https://ublue.it/making-your-own/
base-image: ghcr.io/ublue-os/silverblue-main
image-version: latest # latest is also supported if you want new updates ASAP
modules:
- type: signing
snippets:
- COPY --from=ghcr.io/blue-build/cli:latest-installer /out/BLUEBUILD /usr/bin/BLUEBUILD
```
Generated Container File snippet
```docker
RUN chmod +x /tmp/modules/signing/signing.sh && source /tmp/exports.sh && /tmp/modules/signing/signing.sh '{"type":"signing","snippets":["COPY --from=ghcr.io/blue-build/cli:latest-installer /out/BLUEBUILD /usr/bin/BLUEBUILD"]}'
COPY --from=ghcr.io/blue-build/cli:latest-installer /out/BLUEBUILD /usr/bin/BLUEBUILD
```
---------
Co-authored-by: Gerald Pinder <gmpinder@gmail.com>
Add a bug report + completions command(not complete yet) so that new
users can easily submit bugs to us, and I wanted completions for bb
(super easy with clap)
---------
Co-authored-by: Gerald Pinder <gmpinder@gmail.com>
* feat: run clippy + BlueBuildTrait
* chore: add default run impl; more clippy
* chore: remove vscode folder; not needed
* cleanups
* Move to commands.rs
* Move functions; remove run function implementation from each command
* Remove run impl from init commands
* Use error log
---------
Co-authored-by: Gerald Pinder <gmpinder@gmail.com>
