After setting up the tmpfs mount for /var, rpm-ostree started to not
have cache throughout the single build. This creates a cache for
rpm-ostree that is tied to the specific recipe being built. This will
allow subsequent builds of a recipe to be faster and not interfere with
the cache of another recipe, especially if they are on different OS
versions
the `SIGSTORE_ID_TOKEN` env var is not declared inside of github
actions, however the block that does OIDC signing requires it, this
changes it so that it matches for `GITHUB_TOKEN` in the second block
instead of `SIGSTORE_ID_TOKEN`, (hopefully) using OIDC instead of pubkey
auth
This allows scripts to create as many files as they need in /tmp and
/var without having to worry about them being included in the final
image. Now the last instruction will only be the ostree container commit
required for running the bluebuild CLI directly from podman (needed for
latest version of bluebuild for github action)
---------
Co-authored-by: Gerald Pinder <gmpinder@gmail.com>
This change will follow the patter that was established with the GitLab
pipeline. Users will be able to have their images signed by GitHub's
OIDC. This will allow users to rebase directly onto a signed image and
forego using the siging module.
This allows us to prevent creating extra layers just to run the modules.
Using the bind mount, we are able to connect to a working container that
holds the files needed for building.
https://github.com/ublue-os/bling/blob/main/Containerfile the
containerfile copies an empty folder in these locations for backwards
compatability. `/tmp/files` and `/tmp/rpms` have been deprecated from
bling, all of the RPMs have mostly moved to COPR or ublue-os/config
Co-authored-by: Gerald Pinder <gmpinder@gmail.com>
## Goals
This PR adds snippets which is being discussed in #41 .
It will generate snippet lines for *ONLY* our containerfile module
- [x] allow for modules to specify snippets
- [x] append snippets to module run inside Containerfile
- [ ] write supporting test
## Preview
Recipe.yml
```yml
# image will be published to ghcr.io/<user>/<name>
name: orora
description: A starting point for further customization of uBlue images. Make your own! https://ublue.it/making-your-own/
base-image: ghcr.io/ublue-os/silverblue-main
image-version: latest # latest is also supported if you want new updates ASAP
modules:
- type: signing
snippets:
- COPY --from=ghcr.io/blue-build/cli:latest-installer /out/BLUEBUILD /usr/bin/BLUEBUILD
```
Generated Container File snippet
```docker
RUN chmod +x /tmp/modules/signing/signing.sh && source /tmp/exports.sh && /tmp/modules/signing/signing.sh '{"type":"signing","snippets":["COPY --from=ghcr.io/blue-build/cli:latest-installer /out/BLUEBUILD /usr/bin/BLUEBUILD"]}'
COPY --from=ghcr.io/blue-build/cli:latest-installer /out/BLUEBUILD /usr/bin/BLUEBUILD
```
---------
Co-authored-by: Gerald Pinder <gmpinder@gmail.com>
Add a bug report + completions command(not complete yet) so that new
users can easily submit bugs to us, and I wanted completions for bb
(super easy with clap)
---------
Co-authored-by: Gerald Pinder <gmpinder@gmail.com>
- Builds on main and tags will use the `medium` satellite that uses `x4`
rate on build minutes
- This gives us larger cache and more memory
- Builds on PRs will use the `small` satellite that uses `x2` rate on
build minutes
- We are using the starter tier which gives us `10000` build minutes per
month and caching for our builds to make them faster
