microshift-io · eslutsky · Nov 4, 2025 · Oct 31, 2025 · Oct 31, 2025 · Oct 31, 2025
@@ -0,0 +1,114 @@
+name: build-okd-images
+description: Reusable action to build OKD images
+
+inputs:
+  ushift-branch:
+    description: MicroShift branch from https://github.com/openshift/microshift/branches
+    required: true
+    type: string
+  okd-version-tag:
+    description: OKD version tag from https://quay.io/repository/okd/scos-release?tab=tags
+    required: true
+    type: string
+  bootc-image-url:
+    description: Base Bootc image URL used in `make image` command
+    required: false
+    default: quay.io/centos-bootc/centos-bootc
+    type: string
+  bootc-image-tag:
+    description: Base Bootc image tag used in `make image` command
+    required: false
+    default: stream9
+    type: string
+  target-arch:
+    description: Target architecture for the OKD images
+    required: true
+    type: string
+  target-registry:
+    description: Target registry for the OKD images
+    required: true
+    type: string
+  token:
+    description: Token for the GitHub Container Registry
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Detect the CPU architecture
+      id: detect-cpu-arch
+      uses: ./.github/actions/arch
+
+    - name: Collect debug information before the build
+      if: always()
+      uses: ./.github/actions/debug-info
+
+    - name: Prepare the build and run environment
+      uses: ./.github/actions/prebuild
+
+    - name: Login to GitHub Container Registry
+      uses: ./.github/actions/podman-login
+      with:
+        token: ${{ inputs.token }}
+
+    - name: Build OKD images
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        cd ${GITHUB_WORKSPACE}/
+        TARGET_REGISTRY="${{ inputs.target-registry }}" ./src/okd/build_images.sh \
+          "${{ inputs.okd-version-tag }}" \
+          "${{ inputs.ushift-branch }}" \
+          "${{ inputs.target-arch }}"
+
+    - name: Build MicroShift RPMs
+      shell: bash
+      run: |
+        # See https://github.com/microshift-io/microshift/blob/main/docs/build.md
+        # for more information about the build process.
+
+        # Run the RPM build process.
+        cd ${GITHUB_WORKSPACE}/
+        make rpm \
+          USHIFT_BRANCH="${{ inputs.ushift-branch }}" \
+          OKD_VERSION_TAG="${{ inputs.okd-version-tag }}" \
+          OKD_RELEASE_IMAGE="${{ inputs.target-registry }}/okd-release-${{ steps.detect-cpu-arch.outputs.go_arch }}" \
+          RPM_OUTDIR=/mnt/rpms
+
+    - name: Build MicroShift bootc container image
+      shell: bash
+      run: |
+        # See https://github.com/microshift-io/microshift/blob/main/docs/build.md
+        # for more information about the build process.
+
+        # Run the container image build process.
+        cd ${GITHUB_WORKSPACE}/
+
+        make image \
+          BOOTC_IMAGE_URL="${{ inputs.bootc-image-url }}" \
+          BOOTC_IMAGE_TAG="${{ inputs.bootc-image-tag }}" \
+
+    - name: Run a test to verify that MicroShift is functioning properly
+      shell: bash
+      run: |
+        # See https://github.com/microshift-io/microshift/blob/main/docs/run.md
+        # for more information about the run process.
+
+        # Run the MicroShift container
+        make run
+
+        # Start-stop test with readiness check
+        make run-ready
+        make run-healthy
+        make stop
+
+    # Uncomment this to enable tmate-debug on failure
+    # - name: Pause and open tmate debug session
+    #   if: failure()
+    #   uses: ./.github/actions/tmate-debug
+
+    - name: Collect debug information after the build
+      if: always()
+      uses: ./.github/actions/debug-info
@@ -67,8 +67,8 @@ runs:
         # Run the RPM build process.
         cd ${GITHUB_WORKSPACE}/
         make rpm \
-          USHIFT_BRANCH=${{ inputs.ushift-branch }} \
-          OKD_VERSION_TAG=${{ inputs.okd-version-tag }} \
+          USHIFT_BRANCH="${{ inputs.ushift-branch }}" \
+          OKD_VERSION_TAG="${{ inputs.okd-version-tag }}" \
           RPM_OUTDIR=/mnt/rpms
 
     - name: Build MicroShift bootc container image
@@ -87,8 +87,8 @@ runs:
         [ "${{ inputs.ovnk-networking }}"  = "1" ] && make_opts+=("WITH_KINDNET=0")
 
         make image \
-          BOOTC_IMAGE_URL=${{ inputs.bootc-image-url }} \
-          BOOTC_IMAGE_TAG=${{ inputs.bootc-image-tag }} \
+          BOOTC_IMAGE_URL="${{ inputs.bootc-image-url }}" \
+          BOOTC_IMAGE_TAG="${{ inputs.bootc-image-tag }}" \
           ${make_opts[@]}
 
     - name: Run a test to verify that MicroShift is functioning properly

@@ -0,0 +1,29 @@
+name: podman-login
+description: Reusable action to login to GitHub Container Registry
+
+inputs:
+  token:
+    description: Token for the registry
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Login to GitHub Container Registry
+      uses: redhat-actions/podman-login@v1
+      with:
+        registry: ghcr.io/${{ github.repository_owner }}
+        username: ${{ github.actor }}
+        password: ${{ inputs.token }}
+        auth_file_path: /tmp/ghcr-auth.json
+
+    - name: Run podman login command
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        sudo chmod 644 /tmp/ghcr-auth.json
+        # Login both for the current and elevated users
+        podman login      --authfile /tmp/ghcr-auth.json ghcr.io/${{ github.repository_owner }}
+        sudo podman login --authfile /tmp/ghcr-auth.json ghcr.io/${{ github.repository_owner }}
@@ -23,6 +23,15 @@ runs:
         sudo apt-get update  -y -q
         sudo apt-get install -y -q make lvm2 podman jq curl
 
+        # Install the latest OpenShift client from the OpenShift Mirror
+        ocp_client="openshift-client-linux-amd64-rhel9.tar.gz"
+        if [ "$(uname -m)" == "aarch64" ] ; then
+          ocp_client="openshift-client-linux-arm64-rhel9.tar.gz"
+        fi
+        curl -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/${ocp_client} -o /tmp/${ocp_client}
+        sudo tar xvf /tmp/${ocp_client} -C /usr/bin
+        rm -f /tmp/${ocp_client}
+
         # Redirect the container build directories to /mnt/ to avoid running out of disk space.
         sudo mv /var/tmp /var/tmp.orig
         sudo mv /var/lib/containers /mnt/containers

@@ -9,9 +9,13 @@ on:
         description: MicroShift branch from https://github.com/openshift/microshift/branches
         type: string
       okd-version-tag:
-        default: "4.19.0-okd-scos.19"
+        default: "4.21.0-okd-scos.ec.5"
         description: OKD version tag from https://quay.io/repository/okd/scos-release?tab=tags
         type: string
+      okd-target-registry:
+        default: ghcr.io/microshift-io/okd
+        description: Target registry for the OKD release images for ARM
+        type: string
       build:
         type: choice
         description: Types of artifacts to build
@@ -20,9 +24,33 @@ on:
         - all
         - rpms
         - bootc-image
+        - okd-release-arm
 
 jobs:
-  build:
+  build-okd-release:
+    name: Build OKD release images for ARM
+    runs-on: ubuntu-24.04-arm
+    if: contains(fromJSON('["all", "okd-release-arm"]'), inputs.build)
+    steps:
+      - name: Check out MicroShift upstream repository
+        uses: actions/checkout@v4
+
+      - name: Detect OKD version tag
+        id: detect-okd-version
+        uses: ./.github/actions/okd-version
+
+      - name: Run the OKD release images build action
+        uses: ./.github/actions/build-okd
+        with:
+          ushift-branch: ${{ inputs.ushift-branch }}
+          okd-version-tag: ${{ steps.detect-okd-version.outputs.okd-version-tag }}
+          target-arch: arm64
+          target-registry: ${{ inputs.okd-target-registry }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  build-microshift:
+    needs: build-okd-release
+    if: always() && contains(fromJSON('["all", "rpms", "bootc-image"]'), inputs.build)
     strategy:
       matrix:
         # The ARM runner is disabled because OKD images for ARM are not available.
@@ -75,12 +103,9 @@ jobs:
 
       - name: Login to GitHub Container Registry
         if: contains(fromJSON('["all", "bootc-image"]'), inputs.build)
-        uses: redhat-actions/podman-login@v1
+        uses: ./.github/actions/podman-login
         with:
-          registry: ghcr.io/${{ github.repository_owner }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          auth_file_path: /tmp/ghcr-auth.json
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Publish Bootc image
         if: contains(fromJSON('["all", "bootc-image"]'), inputs.build)
@@ -89,8 +114,8 @@ jobs:
           sudo podman tag microshift-okd \
             ghcr.io/${{ github.repository }}:${{ inputs.ushift-branch }}-${{ inputs.okd-version-tag }} \
             ghcr.io/${{ github.repository }}:latest
-          sudo podman push --authfile /tmp/ghcr-auth.json ghcr.io/${{ github.repository }}:${{ inputs.ushift-branch }}-${{ inputs.okd-version-tag }}
-          sudo podman push --authfile /tmp/ghcr-auth.json ghcr.io/${{ github.repository }}:latest
+          sudo podman push ghcr.io/${{ github.repository }}:${{ inputs.ushift-branch }}-${{ inputs.okd-version-tag }}
+          sudo podman push ghcr.io/${{ github.repository }}:latest
 
           # Prepare the release note for the bootc image usage
           TAG=${{ inputs.ushift-branch }}-${{ inputs.okd-version-tag }} envsubst < .github/workflows/release.md > /tmp/release.md

@@ -20,6 +20,14 @@ ISOLATED_NETWORK ?= 0
 
 # Internal variables
 SHELL := /bin/bash
+ARCH := $(shell uname -m)
+# Override the default OKD_RELEASE_IMAGE variable based on the architecture
+ifeq ($(ARCH),aarch64)
+OKD_RELEASE_IMAGE ?= ghcr.io/microshift-io/okd/okd-release-arm64
+else
+OKD_RELEASE_IMAGE ?= quay.io/okd/scos-release
+endif
+
 BUILDER_IMAGE := microshift-okd-builder
 USHIFT_IMAGE := microshift-okd
 LVM_DISK := /var/lib/microshift-okd/lvmdisk.image
@@ -56,6 +64,7 @@ rpm:
         --ulimit nofile=524288:524288 \
         --build-arg USHIFT_BRANCH="${USHIFT_BRANCH}" \
         --build-arg OKD_VERSION_TAG="${OKD_VERSION_TAG}" \
+        --build-arg OKD_RELEASE_IMAGE="${OKD_RELEASE_IMAGE}" \
         -f packaging/microshift-builder.Containerfile .
 
 	@echo "Extracting the MicroShift RPMs"

@@ -2,10 +2,10 @@ FROM quay.io/centos-bootc/centos-bootc:stream9
 
 # Variables controlling the source of MicroShift components to build
 ARG USHIFT_BRANCH=main
+ARG OKD_RELEASE_IMAGE=quay.io/okd/scos-release
 ARG OKD_VERSION_TAG
 
 # Internal variables
-ARG OKD_REPO=quay.io/okd/scos-release
 ARG USHIFT_GIT_URL=https://github.com/openshift/microshift.git
 ENV USER=microshift
 ENV HOME=/home/microshift
@@ -14,9 +14,9 @@ ARG USHIFT_PREBUILD_SCRIPT=/tmp/prebuild.sh
 ARG USHIFT_POSTBUILD_SCRIPT=/tmp/postbuild.sh
 
 # Verify mandatory build arguments
-RUN if [ -z "${OKD_VERSION_TAG}" ]; then \
-        echo "ERROR: OKD_VERSION_TAG is not set"; \
-        echo "See quay.io/okd/scos-release for a list of tags"; \
+RUN if [ -z "${OKD_VERSION_TAG}" ] ; then \
+        echo "ERROR: OKD_VERSION_TAG is not set" ; \
+        echo "See ${OKD_RELEASE_IMAGE} for a list of tags" ; \
         exit 1; \
     fi
 
@@ -38,7 +38,7 @@ RUN git clone --branch "${USHIFT_BRANCH}" --single-branch "${USHIFT_GIT_URL}" "$
 
 # Preparing the build scripts
 COPY --chmod=755 ./src/image/prebuild.sh ${USHIFT_PREBUILD_SCRIPT}
-RUN "${USHIFT_PREBUILD_SCRIPT}" --replace "${OKD_REPO}" "${OKD_VERSION_TAG}"
+RUN "${USHIFT_PREBUILD_SCRIPT}" --replace "${OKD_RELEASE_IMAGE}" "${OKD_VERSION_TAG}"
 
 # Building all MicroShift downstream RPMs and SRPMs
 # hadolint ignore=DL3059
@@ -50,7 +50,7 @@ COPY --chown=${USER}:${USER} ./src/kindnet/assets/  "${HOME}/microshift/assets/o
 COPY --chown=${USER}:${USER} ./src/kindnet/dropins/ "${HOME}/microshift/packaging/kindnet/"
 COPY --chown=${USER}:${USER} ./src/kindnet/crio.conf.d/ "${HOME}/microshift/packaging/crio.conf.d/"
 # Prepare and build Kindnet upstream RPM
-RUN "${USHIFT_PREBUILD_SCRIPT}" --replace-kindnet "${OKD_REPO}" "${OKD_VERSION_TAG}" && \
+RUN "${USHIFT_PREBUILD_SCRIPT}" --replace-kindnet "${OKD_RELEASE_IMAGE}" "${OKD_VERSION_TAG}" && \
     MICROSHIFT_VARIANT="community" make -C "${HOME}/microshift" rpm
 
 # Building TopoLVM upstream RPM