|
1 | | -# Image template repository |
| 1 | +# My Atomic AlmaLinux Respin |
| 2 | + |
| 3 | +Welcome to your brand-new Atomic AlmaLinux Respin! |
| 4 | + |
| 5 | +## Initial Setup |
| 6 | + |
| 7 | +### Set basic configuration |
| 8 | + |
| 9 | +In the ["Build image"](.github/workflows/build.yml) and ["Build ISOs"](.github/workflows/build-iso.yml) jobs, you'll |
| 10 | +find a `set-env` job where you can configure several things: |
| 11 | + - `REGISTRY`: the registry to push your image to |
| 12 | + - `REGISTRY_USER`: your username for this registry |
| 13 | + - `IMAGE_PATH`: the path to your image |
| 14 | + - `IMAGE_NAME`: your image's name |
| 15 | + - `PLATFORMS`: a comma-separated list of platforms for which to build your image, like `"amd64,arm64"` |
| 16 | + |
| 17 | +If your registry is not Github (ie. `ghcr.io`) or you need a specific token to authenticate |
| 18 | +to your registry, search those two jobs for the line `REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}` |
| 19 | +and replace the token for the appropriate secret. |
| 20 | + |
| 21 | +### Pick a base desktop image |
| 22 | + |
| 23 | +By default, this template configures the base image `quay.io/almalinuxorg/atomic-desktop-gnome:10`, |
| 24 | +which is [maintained](https://github.com/AlmaLinux/atomic-desktop) by the [AlmaLinux Atomic SIG](https://wiki.almalinux.org/sigs/Atomic.html). |
| 25 | +If you're not a fan of Gnome, you could also pick our KDE image (`quay.io/almalinuxorg/atomic-desktop-kde:10`). |
| 26 | + |
| 27 | +If you'd like to switch images, change the `FROM` line in the [Dockerfile](Dockerfile). |
| 28 | + |
| 29 | +### Setting up Cosign (Optional) |
| 30 | + |
| 31 | +If you'd like to sign your images using Cosign, here's what you need to do: |
| 32 | + |
| 33 | +1. Generate a cosign key: |
| 34 | + `podman run --rm -it -v /tmp:/cosign-keys bitnami/cosign generate-key-pair` |
| 35 | + Hit enter when asked for a private key password (that is, don't set a password). Once complete, you'll find the new key in `/tmp/cosign.{key,pub}` on your machine. |
| 36 | + |
| 37 | +2. Add `cosign.pub` to this repository as `/cosign.pub`, commit and push. Feel free to publish this file in other places too, it will be needed by everyone to verify the signature of the published images. |
| 38 | + |
| 39 | +3. In the github repo settings, go to "Secrets and variables" in the "Security" subsection and click on "Actions". Create a new Repository secret called `SIGNING_SECRET` and paste the contents of `cosign.key`. Save `cosign.key` in a secure location and delete it from your /tmp directory. |
| 40 | + |
| 41 | +## Customizing your respin |
| 42 | + |
| 43 | +Now that you're all set up, it's time for the fun part! |
| 44 | + |
| 45 | +### Adding files |
| 46 | + |
| 47 | +Any files you place in [`/files/system/`](files/system/) will be added to your image as is, |
| 48 | +preserving directory structure and file permissions. This is a simple mechanism for adding |
| 49 | +themes, backgrounds, etc. |
| 50 | + |
| 51 | +### Executing commands |
| 52 | + |
| 53 | +In [`/files/scripts/`](files/scripts/), you'll find a series of scripts that will be run |
| 54 | +during image creation. The `build.sh` script will first copy all the files from `/files/system/` |
| 55 | +into the image, then run the scripts in order, and finally run `cleanup.sh`. You can start by modifying [`10-base.sh`](files/scripts/10-base.sh) |
| 56 | +to suit your needs, and add more scripts as needed (always with the naming scheme `XX-whatever.sh`, where XX is a number). |
| 57 | + |
| 58 | +Do not modify `build.sh`, `cleanup.sh`, `90-signing.sh` or `91-image-info.sh` unless you |
| 59 | +understand what you're doing, those scripts should not need any customization under normal circumstances. |
| 60 | + |
| 61 | +### Build your new image |
| 62 | + |
| 63 | +Once you've added your files and scripts, commit your changes to let the CI build a new |
| 64 | +image for you. You can also run `make image` on your machine to build the image locally. |
0 commit comments