|
| 1 | +name: Build Bootc PodVM Image |
| 2 | + |
| 3 | +on: |
| 4 | + push: |
| 5 | + branches: [ devel ] |
| 6 | + paths: |
| 7 | + - 'config/peerpods/podvm/bootc/**' |
| 8 | + workflow_dispatch: |
| 9 | + inputs: |
| 10 | + cloud_provider: |
| 11 | + description: 'Cloud provider (azure, aws, gcp, libvirt)' |
| 12 | + required: true |
| 13 | + default: 'azure' |
| 14 | + type: choice |
| 15 | + options: |
| 16 | + - azure |
| 17 | + - aws |
| 18 | + - gcp |
| 19 | + - libvirt |
| 20 | + build_target: |
| 21 | + description: 'Container target to build' |
| 22 | + required: false |
| 23 | + default: 'podvm-bootc' |
| 24 | + type: choice |
| 25 | + options: |
| 26 | + - podvm-bootc |
| 27 | + - nvidia-podvm-bootc |
| 28 | + password: |
| 29 | + description: 'Password for the "peerpod" user (optional)' |
| 30 | + required: false |
| 31 | + type: string |
| 32 | + ssh_key: |
| 33 | + description: 'SSH key for the "peerpod" user (optional)' |
| 34 | + required: false |
| 35 | + type: string |
| 36 | + push_to_quay: |
| 37 | + description: 'Push oci image to quay.io' |
| 38 | + required: false |
| 39 | + default: true |
| 40 | + type: boolean |
| 41 | + |
| 42 | +env: |
| 43 | + CLOUD_PROVIDER: ${{ github.event.inputs.cloud_provider || 'azure' }} |
| 44 | + |
| 45 | +jobs: |
| 46 | + build-container: |
| 47 | + runs-on: ubuntu-latest |
| 48 | + steps: |
| 49 | + - name: Delete huge unnecessary tools folder |
| 50 | + run: rm -rf /opt/hostedtoolcache |
| 51 | + |
| 52 | + - name: Checkout repository |
| 53 | + uses: actions/checkout@v4 |
| 54 | + |
| 55 | + - name: Set up Docker Buildx |
| 56 | + uses: docker/setup-buildx-action@v3 |
| 57 | + |
| 58 | + - name: Determine build target |
| 59 | + id: target |
| 60 | + run: | |
| 61 | + # Default to nvidia, use standard only when explicitly requested |
| 62 | + if [[ "${{ github.event_name }}" == "workflow_dispatch" && -n "${{ github.event.inputs.build_target }}" ]]; then |
| 63 | + echo "BUILD_TARGET=${{ github.event.inputs.build_target }}" >> $GITHUB_OUTPUT |
| 64 | + echo "IMAGE_TAG=quay.io/openshift_sandboxed_containers/fedora-podvm-oci:custom-${{ github.sha }}" >> $GITHUB_OUTPUT |
| 65 | + else # default to podvm-bootc |
| 66 | + echo "BUILD_TARGET=podvm-bootc" >> $GITHUB_OUTPUT |
| 67 | + echo "IMAGE_TAG=quay.io/openshift_sandboxed_containers/fedora-podvm-oci:${{ github.sha }}" >> $GITHUB_OUTPUT |
| 68 | + fi |
| 69 | +
|
| 70 | + - name: Build bootc container image |
| 71 | + id: build |
| 72 | + uses: docker/build-push-action@v6 |
| 73 | + with: |
| 74 | + context: config/peerpods/podvm/bootc |
| 75 | + file: config/peerpods/podvm/bootc/Containerfile.fedora |
| 76 | + target: ${{ steps.target.outputs.BUILD_TARGET }} |
| 77 | + build-args: | |
| 78 | + CLOUD_PROVIDER=${{ env.CLOUD_PROVIDER }} |
| 79 | + tags: ${{ steps.target.outputs.IMAGE_TAG }} |
| 80 | + # Use less aggressive caching for NVIDIA builds |
| 81 | + cache-from: ${{ steps.target.outputs.BUILD_TARGET == 'nvidia-podvm-bootc' && 'type=gha,scope=nvidia' || 'type=gha' }} |
| 82 | + cache-to: ${{ steps.target.outputs.BUILD_TARGET == 'nvidia-podvm-bootc' && 'type=gha,scope=nvidia,mode=min' || 'type=gha,mode=max' }} |
| 83 | + platforms: linux/amd64 |
| 84 | + load: true |
| 85 | + |
| 86 | + - name: Set up skopeo |
| 87 | + uses: warjiang/setup-skopeo@main |
| 88 | + with: |
| 89 | + version: latest |
| 90 | + |
| 91 | + - name: Skopeo copy bootc container image to podman |
| 92 | + run: | |
| 93 | + sudo skopeo copy docker-daemon:${{ steps.target.outputs.IMAGE_TAG }} containers-storage:${{ steps.target.outputs.IMAGE_TAG }} |
| 94 | + # Clean up docker image after copying to podman |
| 95 | + docker rmi ${{ steps.target.outputs.IMAGE_TAG }} || true |
| 96 | +
|
| 97 | + - name: Create output directory |
| 98 | + working-directory: config/peerpods/podvm/bootc |
| 99 | + run: | |
| 100 | + mkdir -p output/qcow2 |
| 101 | +
|
| 102 | + - name: Adapt config.toml file |
| 103 | + working-directory: config/peerpods/podvm/bootc |
| 104 | + run: | |
| 105 | + [[ ! -f config.toml ]] && echo "default config.toml does not exist" && exit 1 |
| 106 | + echo -e "\n[[customizations.user]]" >> config.toml |
| 107 | + echo "name = \"peerpod\"" >> config.toml |
| 108 | + echo "groups = [\"wheel\"]" >> config.toml |
| 109 | + if [[ -n "${{ github.event.inputs.password }}" ]]; then |
| 110 | + echo "Using custom password provided by user" |
| 111 | + echo "password = \"${{ github.event.inputs.password }}\"" >> config.toml |
| 112 | + fi |
| 113 | + if [[ -n "${{ github.event.inputs.ssh_key }}" ]]; then |
| 114 | + echo "Using custom SSH key provided by user" |
| 115 | + echo "key = \"${{ github.event.inputs.ssh_key }}\"" >> config.toml |
| 116 | + fi |
| 117 | +
|
| 118 | + - name: Show config.toml file |
| 119 | + working-directory: config/peerpods/podvm/bootc |
| 120 | + run: | |
| 121 | + cat config.toml |
| 122 | +
|
| 123 | + - name: Build disk image |
| 124 | + working-directory: config/peerpods/podvm/bootc |
| 125 | + run: | |
| 126 | + echo "Building disk image..." |
| 127 | + sudo podman run \ |
| 128 | + --rm \ |
| 129 | + --privileged \ |
| 130 | + --security-opt label=type:unconfined_t \ |
| 131 | + -v $(pwd)/config.toml:/config.toml:ro \ |
| 132 | + -v $(pwd)/output:/output \ |
| 133 | + -v /var/lib/containers/storage:/var/lib/containers/storage \ |
| 134 | + quay.io/centos-bootc/bootc-image-builder:latest \ |
| 135 | + --type qcow2 \ |
| 136 | + --rootfs xfs \ |
| 137 | + --local \ |
| 138 | + ${{ steps.target.outputs.IMAGE_TAG }} |
| 139 | +
|
| 140 | + - name: Verify disk image exists |
| 141 | + working-directory: config/peerpods/podvm/bootc |
| 142 | + run: ls -lh ${{ github.workspace }}/config/peerpods/podvm/bootc/output/qcow2/disk.qcow2 |
| 143 | + |
| 144 | + - name: Login to quay.io |
| 145 | + if: ${{ github.event.inputs.push_to_quay == 'true' || github.event_name == 'push' }} |
| 146 | + uses: docker/login-action@v3 |
| 147 | + with: |
| 148 | + registry: quay.io |
| 149 | + username: ${{ secrets.QUAY_USERNAME }} |
| 150 | + password: ${{ secrets.QUAY_TOKEN }} |
| 151 | + |
| 152 | + - name: Wrap disk in oci image and push to quay.io |
| 153 | + uses: docker/build-push-action@v6 |
| 154 | + with: |
| 155 | + context: config/peerpods/podvm |
| 156 | + file: config/peerpods/podvm/Dockerfile.podvm-oci |
| 157 | + tags: | |
| 158 | + ${{ steps.target.outputs.IMAGE_TAG }} |
| 159 | + ${{ github.event_name == 'push' && 'quay.io/openshift_sandboxed_containers/fedora-podvm-oci:latest' || '' }} |
| 160 | + labels: | |
| 161 | + org.opencontainers.image.created=${{ env.BUILD_DATE }} |
| 162 | + org.opencontainers.image.authors=${{ github.actor }} |
| 163 | + org.opencontainers.image.source=https://github.com/openshift-sandboxed-containers |
| 164 | + org.opencontainers.image.revision=${{ github.sha }} |
| 165 | + org.opencontainers.image.build-target=${{ steps.target.outputs.BUILD_TARGET }} |
| 166 | + org.opencontainers.image.cloud-provider=${{ env.CLOUD_PROVIDER }} |
| 167 | + build-args: PODVM_IMAGE_SRC=bootc/output/qcow2/disk.qcow2 |
| 168 | + cache-from: type=gha |
| 169 | + cache-to: type=gha,mode=max |
| 170 | + platforms: linux/amd64 |
| 171 | + push: ${{ github.event.inputs.push_to_quay == 'true' || github.event_name == 'push' }} |
| 172 | + load: ${{ github.event.inputs.push_to_quay == 'false' && github.event_name == 'workflow_dispatch' }} |
0 commit comments