feat(ci): scan VM using quay.io

Signed-off-by: Jan Pokorný <JenomPokorny@gmail.com>

Author: JanPokorny

.github/workflows/release.yml

@@ -101,12 +101,36 @@ jobs:
       - run: mise run microshift-vm:build:qemu --arch ${{ matrix.arch }}
       - if: matrix.arch == 'x86_64'
         run: mise run microshift-vm:build:wsl
-      - name: Upload Release Asset
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6dc5a # v2
+      - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6dc5a # v2
         with:
           files: |
             apps/microshift-vm/dist/${{ matrix.arch }}/microshift-vm-${{ matrix.arch }}.qcow2
             ${{ matrix.arch == 'x86_64' && format('apps/microshift-vm/dist/{0}/microshift-vm-{0}.wsl', matrix.arch) || '' }}
+      - if: matrix.arch == 'x86_64'
+        id: version
+        run: |
+          echo "version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
+          echo "latestTag=$([[ ${GITHUB_REF#refs/tags/v} =~ [a-zA-Z] ]] && echo prerelease || echo latest)" >> $GITHUB_OUTPUT
+      - if: matrix.arch == 'x86_64'
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        with:
+          registry: quay.io
+          username: beeai+github
+          password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+      - if: matrix.arch == 'x86_64'
+        run: mise run microshift-vm:build:container --arch x86_64
+      - if: matrix.arch == 'x86_64'
+        run: |
+          docker import \
+            --platform linux/amd64 \
+            -c 'CMD ["/sbin/init"]' \
+            ./apps/microshift-vm/dist/x86_64/microshift-vm-x86_64.tar.gz \
+            "quay.io/beeai/microshift-vm:${{ steps.version.outputs.version }}"
+          docker push "quay.io/beeai/microshift-vm:${{ steps.version.outputs.version }}"
+          docker tag \
+            "quay.io/beeai/microshift-vm:${{ steps.version.outputs.version }}" \
+            "quay.io/beeai/microshift-vm:${{ steps.version.outputs.latestTag }}"
+          docker push "quay.io/beeai/microshift-vm:${{ steps.version.outputs.latestTag }}"
 
   agentstack:
     needs: [agents, vm]
@@ -224,8 +248,7 @@ jobs:
         with:
           packages-dir: apps/agentstack-cli/dist
 
-      - name: Publish TS SDK
-        working-directory: apps/agentstack-sdk-ts
+      - working-directory: apps/agentstack-sdk-ts
         run: npm publish --tag ${{ steps.version.outputs.npmTag }}
 
       - run: |

apps/microshift-vm/tasks.toml

@@ -90,3 +90,29 @@ tar -c --numeric-owner --exclude=./proc --exclude=./sys --exclude=./dev --exclud
 '''
 sources = ["microshift.pkr.hcl", "cloud-init/*", "rootfs/**/*", "install.sh", "wsl/*"]
 outputs = ["dist/**/*.wsl"]
+
+["microshift-vm:build:container"]
+depends = ["microshift-vm:build:qemu"]
+dir = "{{config_root}}/apps/microshift-vm"
+usage = '''
+flag "--arch <arch>" {
+  choices "x86_64" "aarch64"
+}
+'''
+run = '''
+#!/bin/bash
+set -euxo pipefail
+
+ARCH=${usage_arch:-$(uname -m | sed -e 's/arm64/aarch64/;s/amd64/x86_64/')}
+DIST_DIR="./dist/$ARCH"
+
+MOUNTPOINT=$(mktemp -d)
+trap 'guestunmount "$MOUNTPOINT" 2>/dev/null; rmdir "$MOUNTPOINT" 2>/dev/null' EXIT
+guestmount -a "$DIST_DIR/microshift-vm-$ARCH.qcow2" -i --ro "$MOUNTPOINT"
+rm -f "$MOUNTPOINT/etc/resolv.conf"
+tar -c --numeric-owner \
+  --exclude=./proc --exclude=./sys --exclude=./dev --exclude=./run --exclude=./mnt \
+  -C "$MOUNTPOINT" . | gzip --best > "$DIST_DIR/microshift-vm-$ARCH.tar.gz"
+'''
+sources = ["microshift.pkr.hcl", "cloud-init/*", "rootfs/**/*", "install.sh"]
+outputs = ["dist/**/*.tar.gz"]