Merge pull request #936 from cgwalters/add-container

Update Dockerfile to use bootc

Author: cgwalters

.github/workflows/ci.yml

@@ -28,6 +28,13 @@ jobs:
     runs-on: [ "${{ matrix.runner }}" ]
 
     steps:
+      - name: Get a newer podman for heredoc support (from debian testing)
+        run: |
+          set -eux
+          echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list
+          sudo apt update
+          sudo apt install -y crun/testing podman/testing skopeo/testing
+
       - uses: actions/checkout@v4
 
       - name: Install podman
@@ -37,7 +44,7 @@ jobs:
           sudo apt install -y podman
 
       - name: build
-        run: sudo podman build -t localhost/bootupd:latest -f ci/Containerfile.c9s .
+        run: sudo podman build -t localhost/bootupd:latest -f Dockerfile .
 
       - name: bootupctl status in container
         run: |
@@ -60,7 +67,7 @@ jobs:
         run: |
           set -xeuo pipefail
           sudo truncate -s 10G myimage.raw
-          sudo podman run --rm -ti --privileged -v .:/target --pid=host --security-opt label=disable \
+          sudo podman run --rm --privileged -v .:/target --pid=host --security-opt label=disable \
             -v /var/lib/containers:/var/lib/containers \
             -v /dev:/dev \
             localhost/bootupd:latest bootc install to-disk --skip-fetch-check \
@@ -88,6 +95,7 @@ jobs:
           sudo podman run --rm -ti --privileged -v /:/target --pid=host --security-opt label=disable \
             -v /dev:/dev -v /var/lib/containers:/var/lib/containers \
             localhost/bootupd:latest bootc install to-filesystem --skip-fetch-check \
+            --acknowledge-destructive \
             --disable-selinux --replace=alongside /target
           # Verify we injected static configs
           jq -re '.["static-configs"].version' /boot/bootupd-state.json

Dockerfile

@@ -0,0 +1,28 @@
+# Build from the current git into a c9s-bootc container image.
+# Use e.g. --build-arg=base=quay.io/fedora/fedora-bootc:41 to target
+# Fedora or another base image instead.
+#
+ARG base=quay.io/centos-bootc/centos-bootc:stream9
+
+FROM $base as build
+# This installs our package dependencies, and we want to cache it independently of the rest.
+# Basically we don't want changing a .rs file to blow out the cache of packages.
+RUN <<EORUN
+set -xeuo pipefail
+dnf -y install cargo git openssl-devel
+EORUN
+# Now copy the source
+COPY . /build
+WORKDIR /build
+# See https://www.reddit.com/r/rust/comments/126xeyx/exploring_the_problem_of_faster_cargo_docker/
+# We aren't using the full recommendations there, just the simple bits.
+RUN --mount=type=cache,target=/build/target --mount=type=cache,target=/var/roothome \
+    make && make install-all DESTDIR=/out
+
+FROM $base
+# Clean out the default to ensure we're using our updated content
+RUN rpm -e bootupd
+COPY --from=build /out/ /
+# Sanity check this too
+RUN bootc container lint --fatal-warnings
+

Dockerfile.build

@@ -23,14 +23,6 @@ all:
 	cargo build ${CARGO_ARGS}
 	ln -f target/${PROFILE}/bootupd target/${PROFILE}/bootupctl
 
-.PHONY: create-build-container
-create-build-container:
-	${CONTAINER_RUNTIME} build -t ${IMAGE_NAME} -f Dockerfile.build
-
-.PHONY: build-in-container
-build-in-container: create-build-container
-	${CONTAINER_RUNTIME} run -ti --rm -v .:/srv/bootupd:z ${IMAGE_PREFIX}${IMAGE_NAME} make
-
 .PHONY: install
 install:
 	mkdir -p "${DESTDIR}$(PREFIX)/bin" "${DESTDIR}$(LIBEXECDIR)"
@@ -46,8 +38,5 @@ install-grub-static:
 install-systemd-unit:
 	install -m 644 -D -t "${DESTDIR}$(PREFIX)/lib/systemd/system/" systemd/bootloader-update.service
 
-.PHONY: bin-archive
-bin-archive:
-	rm target/inst -rf
-	$(MAKE) install install-grub-static DESTDIR=$$(pwd)/target/inst
-	tar -C target/inst -c --zstd -f target/bootupd.tar.zst .
+.PHONY: install-all
+install-all: install install-grub-static install-systemd-unit

Makefile

@@ -17,30 +17,7 @@ See also [the coreos-assembler docs](https://coreos.github.io/coreos-assembler/w
 
 ## Building With Containers
 
-Many folks use a pet container or toolbox to do development on immutable, partially mutabable, or non-Linux OS's. For those who don't use a pet/toolbox and you'd prefer not to modify your host system for development you can use the `build-in-container` make target to execute building inside a container.
-
-```
-$ make build-in-container
-podman build -t bootupd-build -f Dockerfile.build
-STEP 1: FROM registry.fedoraproject.org/fedora:latest
-STEP 2: VOLUME /srv/bootupd
---> Using cache a033bf0e43d560e72d7187459d7fad65ab30a1d01c576e8257194d82836472f7
-STEP 3: WORKDIR /srv/bootupd
---> Using cache 756114416fb4a68e72b68a2097c57d9cb94c830f5b351401319baeafa062695e
-STEP 4: RUN dnf update -y &&     dnf install -y make cargo rust glib2-devel openssl-devel ostree-devel
---> Using cache a8e2b525ff0701f735e01bb5703c63bb0e67683625093d34be34bf1123a7f954
-STEP 5: COMMIT bootupd-build
---> a8e2b525ff0
-a8e2b525ff0701f735e01bb5703c63bb0e67683625093d34be34bf1123a7f954
-podman run -ti --rm -v .:/srv/bootupd:z localhost/bootupd-build make
-cargo build --release
-    Updating git repository `https://gitlab.com/cgwalters/ostree-rs`
-    Updating crates.io index
-[...]
-$ ls target/release/bootupd
-target/release/bootupd
-$
-```
+There's a reference [Dockerfile](Dockerfile) that builds on [CentOS Stream bootc](https://docs.fedoraproject.org/en-US/bootc/).
 
 ## Integrating bootupd into a distribution/OS