2929 - " .github/workflows/build_iso.yml"
3030 merge_group :
3131 workflow_dispatch :
32+ # TODO: Enable this when the prev tag is enabled in rechunk
33+ # inputs:
34+ # fresh-rechunk:
35+ # description: 'Clear rechunk plan'
36+ # type: boolean
37+ # default: false
3238env :
3339 IMAGE_REGISTRY : ghcr.io/${{ github.repository_owner }}
3440
@@ -185,17 +191,20 @@ jobs:
185191 done
186192 echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
187193
188- name : Pull main and akmods images
194+ name : Pull main, akmods, rechunk images
189195 uses : Wandalen/wretry.action@v3.5.0
190196 with :
191197 attempt_limit : 3
192198 attempt_delay : 15000
193199 command : |
194200 # pull the base images used for FROM in Containerfile so
195201 # we can retry on that unfortunately common failure case
196- podman pull ${{ env.IMAGE_REGISTRY }}/${{ matrix.base_image_name }}-${{ matrix.base_image_flavor }}:${{ matrix.fedora_version }}
197- podman pull ${{ env.IMAGE_REGISTRY }}/akmods:${{ matrix.kernel_flavor}}-${{ matrix.fedora_version }}
198- podman pull ${{ env.IMAGE_REGISTRY }}/akmods-nvidia:${{ matrix.kernel_flavor}}-${{ matrix.fedora_version }}
202+ sudo podman pull ${{ env.IMAGE_REGISTRY }}/${{ matrix.base_image_name }}-${{ matrix.base_image_flavor }}:${{ matrix.fedora_version }}
203+ sudo podman pull ${{ env.IMAGE_REGISTRY }}/akmods:${{ matrix.kernel_flavor}}-${{ matrix.fedora_version }}
204+ sudo podman pull ${{ env.IMAGE_REGISTRY }}/akmods-nvidia:${{ matrix.kernel_flavor}}-${{ matrix.fedora_version }}
205+
206+ # Add rechunk as well to remove this source of failure
207+ sudo podman pull ghcr.io/hhd-dev/rechunk:v0.1.8
199208
200209name : Get source versions
201210 id : labels
@@ -221,45 +230,63 @@ jobs:
221230 fi
222231 echo "KERNEL_VERSION=$linux" >> $GITHUB_ENV
223232
224- # Build metadata
225- - name : Image Metadata
226- uses : docker/metadata-action@v5
227- id : meta
233+ # Build image using buildah and save it to raw-img
234+ - name : Build Image
235+ id : build_image
236+ run : |
237+ sudo buildah build \
238+ --target ${{ matrix.base_name }} \
239+ --build-arg IMAGE_NAME=${{ env.IMAGE_NAME }} \
240+ --build-arg IMAGE_FLAVOR=${{ env.IMAGE_FLAVOR }} \
241+ --build-arg IMAGE_VENDOR=${{ github.repository_owner }} \
242+ --build-arg BASE_IMAGE_NAME=${{ matrix.base_image_name }} \
243+ --build-arg BASE_IMAGE_FLAVOR=${{ matrix.base_image_flavor }} \
244+ --build-arg FEDORA_VERSION=${{ matrix.fedora_version }} \
245+ --build-arg KERNEL_FLAVOR=${{ matrix.kernel_flavor }} \
246+ --build-arg IMAGE_BRANCH=${{ github.ref_name }} \
247+ --build-arg SHA_HEAD_SHORT=${{ env.SHA_HEAD_SHORT }} \
248+ --tag raw-img .
249+
250+ - name : Remove auxiliary images
251+ # We are tight on space, need at least 2x for OSTree
252+ run : |
253+ sudo podman image rm ${{ env.IMAGE_REGISTRY }}/${{ matrix.base_image_name }}-${{ matrix.base_image_flavor }}:${{ matrix.fedora_version }}
254+ sudo podman image rm ${{ env.IMAGE_REGISTRY }}/akmods:${{ matrix.kernel_flavor}}-${{ matrix.fedora_version }}
255+ sudo podman image rm ${{ env.IMAGE_REGISTRY }}/akmods-nvidia:${{ matrix.kernel_flavor}}-${{ matrix.fedora_version }}
256+
257+ # Reprocess raw-img using rechunker which will delete it
258+ - name : Run Rechunker
259+ id : rechunk
260+ uses : hhd-dev/rechunk@v0.1.8
228261 with :
229- images : |
230- ${{ env.IMAGE_NAME }}
262+ ref : ' raw-img'
263+ # TODO: After the tag marked with unstable/stable is built with rechunk
264+ # remove the comment below to enable using the previous manifest
265+ # to avoid layer shifts.
266+ # prev-ref: ${{ github.event.inputs.fresh-rechunk == 'true' && '' || 'ghcr.io/ublue-os/bazzite:unstable' }}
267+ rechunk : ' ghcr.io/hhd-dev/rechunk:v0.1.8'
268+ version : ' ${{ env.SOURCE_IMAGE_VERSION }}'
231269 labels : |
232- org.opencontainers.image.title=${{ env.IMAGE_NAME }}
233- org.opencontainers.image.description=Bazzite is an OCI image that serves as an alternative operating system for the Steam Deck, and a ready-to-game SteamOS-like for desktop computers, living room home theater PCs, and numerous other handheld PCs.
234- org.opencontainers.image.version=${{ env.SOURCE_IMAGE_VERSION }}
235- ostree.linux=${{ env.KERNEL_VERSION }}
236- io.artifacthub.package.readme-url=https://bazzite.gg/
237270 io.artifacthub.package.logo-url=https://raw.githubusercontent.com/ublue-os/bazzite/main/repo_content/logo.png
271+ io.artifacthub.package.readme-url=https://bazzite.gg/
272+ org.opencontainers.image.created=<timestamp>
273+ org.opencontainers.image.description=Bazzite is an OCI image that serves as an alternative operating system for the Steam Deck, and a ready-to-game SteamOS-like for desktop computers, living room home theater PCs, and numerous other handheld PCs.
274+ org.opencontainers.image.licenses=Apache-2.0
275+ org.opencontainers.image.revision=${{ github.sha }}
276+ org.opencontainers.image.source=https://github.com/ublue-os/bazzite
277+ org.opencontainers.image.title=bazzite
278+ org.opencontainers.image.url=https://github.com/ublue-os/bazzite
238279
239- # Build image using Buildah action
240- - name : Build Image
241- id : build_image
242- uses : redhat-actions/buildah-build@v2
243- with :
244- containerfiles : |
245- ./Containerfile
246- image : ${{ env.IMAGE_NAME }}
247- tags : |
248- ${{ steps.generate-tags.outputs.alias_tags }}
249- build-args : |
250- IMAGE_NAME=${{ env.IMAGE_NAME }}
251- IMAGE_FLAVOR=${{ env.IMAGE_FLAVOR }}
252- IMAGE_VENDOR=${{ github.repository_owner }}
253- BASE_IMAGE_NAME=${{ matrix.base_image_name }}
254- BASE_IMAGE_FLAVOR=${{ matrix.base_image_flavor }}
255- FEDORA_VERSION=${{ matrix.fedora_version }}
256- KERNEL_FLAVOR=${{ matrix.kernel_flavor }}
257- IMAGE_BRANCH=${{ github.ref_name }}
258- SHA_HEAD_SHORT=${{ env.SHA_HEAD_SHORT }}
259- labels : ${{ steps.meta.outputs.labels }}
260- oci : false
261- extra-args : |
262- --target=${{ matrix.base_name }}
280+ # Pull oci-dir image, remove oci dir to make space, and then tag appropriately
281+ - name : Load in podman and tag
282+ run : |
283+ IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
284+ sudo rm -rf ${{ steps.rechunk.outputs.output }}
285+ for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do
286+ podman tag $IMAGE ${{ env.IMAGE_NAME }}:$tag
287+ done
288+ # keep for secureboot check
289+ podman tag $IMAGE rechunked-img
263290
264291name : Check Secureboot
265292 shell : bash
@@ -269,9 +296,9 @@ jobs:
269296 sudo apt update
270297 sudo apt install sbsigntool curl openssl
271298 fi
272- podman run -d --rm --name ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) "${{ env.IMAGE_NAME }}":$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) sleep 1000
273- podman cp ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1) :/usr/lib/modules/${{ env.KERNEL_VERSION }}/vmlinuz .
274- podman rm -f ${{env.IMAGE_NAME}}-$(echo "${{ steps.generate-tags.outputs.alias_tags }}" | cut -d " " -f 1)
299+ TMP=$(podman create rechunked-img bash)
300+ podman cp $TMP :/usr/lib/modules/${{ env.KERNEL_VERSION }}/vmlinuz .
301+ podman rm $TMP
275302 sbverify --list vmlinuz
276303 curl --retry 3 -Lo kernel-sign.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key.der
277304 curl --retry 3 -Lo akmods.der https://github.com/ublue-os/kernel-cache/raw/main/certs/public_key_2.der
@@ -301,8 +328,8 @@ jobs:
301328 attempt_limit : 3
302329 attempt_delay : 15000
303330 with : |
304- image: ${{ steps.build_image.outputs.image }}
305- tags: ${{ steps.build_image .outputs.tags }}
331+ image: ${{ env.IMAGE_NAME }}
332+ tags: ${{ steps.generate-tags .outputs.alias_tags }}
306333 registry: ${{ steps.registry_case.outputs.lowercase }}
307334 username: ${{ env.REGISTRY_USER }}
308335 password: ${{ env.REGISTRY_PASSWORD }}
0 commit comments