feat: add custom bazzite image

Author: clemak27

.github/workflows/deck.yaml

@@ -0,0 +1,115 @@
+---
+name: deck image
+
+on:
+  schedule:
+    - cron: '0 3 * * *'
+  push:
+    branches: ["main"]
+    paths:
+      - Containerfile.deck
+      - build/**
+      - system/**
+
+env:
+  DEFAULT_TAG: "latest"
+  IMAGE_NAME: ${{ github.event.repository.name }}-deck
+  IMAGE_DESC: "Customized image of bazzite"
+  IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}"
+  REGISTRY: ghcr.io
+
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: prepare environment
+        run: |
+          echo "IMAGE_REGISTRY=${IMAGE_REGISTRY,,}" >> "${GITHUB_ENV}"
+          echo "IMAGE_NAME=${IMAGE_NAME,,}" >> "${GITHUB_ENV}"
+
+      - name: checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5
+
+      - name: mount btrfs for podman storage
+        id: container-storage-action
+        uses: ublue-os/container-storage-action@911baca08baf30c8654933e9e9723cb399892140
+        continue-on-error: true
+        with:
+          target-dir: /var/lib/containers
+          mount-opts: compress-force=zstd:2
+
+      - name: get current date
+        id: date
+        run: |
+          # shellcheck disable=SC1001
+          echo "date=$(date -u +%Y\-%m\-%d\T%H\:%M\:%S\Z)" >> "${GITHUB_OUTPUT}"
+
+      - name: metadata
+        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893  # v5
+        id: metadata
+        with:
+          tags: |
+            type=schedule,pattern={{date 'YYYYMMDD'}}
+            type=raw,value=latest
+          labels: |
+            org.opencontainers.image.created=${{ steps.date.outputs.date }}
+            org.opencontainers.image.description=${{ env.IMAGE_DESC }}
+            org.opencontainers.image.documentation=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/${{ github.sha }}/README.md
+            org.opencontainers.image.source=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/blob/${{ github.sha }}/Containerfile.deck
+            org.opencontainers.image.title=${{ env.IMAGE_NAME }}
+            org.opencontainers.image.url=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/tree/${{ github.sha }}
+            org.opencontainers.image.vendor=${{ github.repository_owner }}
+            org.opencontainers.image.licenses=MIT
+            containers.bootc=1
+
+      - name: build image
+        id: build_image
+        uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056  # v2
+        with:
+          containerfiles: |
+            ./Containerfile.deck
+          image: ${{ env.IMAGE_NAME }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          oci: false
+
+      - name: ghcr login
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef  # v3
+        if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: push image
+        uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c  # v2
+        if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+        id: push
+        env:
+          REGISTRY_USER: ${{ github.actor }}
+          REGISTRY_PASSWORD: ${{ github.token }}
+        with:
+          registry: ${{ env.IMAGE_REGISTRY }}
+          image: ${{ env.IMAGE_NAME }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+
+      - name: install cosign
+        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62  # v3.10.0
+        if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+
+      - name: sign image
+        if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+        run: |
+          IMAGE_FULL="${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}"
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY "$IMAGE_FULL@$DIGEST"
+        env:
+          DIGEST: ${{ steps.push.outputs.digest }}
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}

.github/workflows/publish.yaml .github/workflows/desktop.yaml.github/workflows/publish.yaml renamed to .github/workflows/desktop.yaml

@@ -1,5 +1,5 @@
 ---
-name: image
+name: desktop image
 
 on:
   schedule:

Containerfile.deck

@@ -0,0 +1,30 @@
+FROM scratch AS ctx
+COPY /system /sys_files
+COPY /build /
+COPY cosign.pub /cosign.pub
+
+FROM ghcr.io/ublue-os/bazzite-deck:stable
+
+ARG IMAGE_NAME="kinokite-deck"
+ARG IMAGE_VENDOR="clemak27"
+
+RUN mkdir -p /var/lib/alternatives
+
+RUN --mount=type=bind,from=ctx,src=/,dst=/ctx \
+  --mount=type=cache,target=/var/cache \
+  --mount=type=cache,target=/var/log \
+  --mount=type=tmpfs,target=/tmp \
+  dnf -y install podman-docker zsh && \
+  dnf -y remove ptyxis && \
+  mkdir -p /etc/containers && \
+  touch /etc/containers/nodocker && \
+  systemctl enable podman.socket && \
+  sed -i 's@/bin/bash@/bin/zsh@g' /etc/default/useradd && \
+  mkdir -p /etc/pki/containers && \
+  cp /ctx/cosign.pub /etc/pki/containers/clemak27.pub && \
+  restorecon -RFv /etc/pki/containers && \
+  restorecon -RFv /etc/containers && \
+  /ctx/1_plasma.sh && \
+  /ctx/9_cleanup.sh && \
+  ostree container commit && \
+  bootc container lint

mise.toml

@@ -20,3 +20,8 @@ shellcheck plasma.sh
 run = """
 docker build -t ${IMAGE_NAME}:${IMAGE_TAG} .
 """
+
+[tasks.build-image-deck]
+run = """
+docker build -t ${IMAGE_NAME}-deck:${IMAGE_TAG} -f ./Containerfile.deck .
+"""