test

Azathothas · Azathothas · commit b7abfcfb6d21 · 2025-01-18T08:03:23.000+05:45
diff --git a/.github/workflows/build_bootstrap_images_x86_64.yaml b/.github/workflows/build_bootstrap_images_x86_64.yaml
@@ -0,0 +1,179 @@
+name: 🐬 Push Bootstrap Images (x86_64) 🐬
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  schedule:
+   - cron: "0 0 */3 * *" #every 3 Days @5:45 AM NPT
+jobs:
+  push-x86_64:
+    runs-on: ubuntu-latest
+    timeout-minutes: 200
+    permissions:
+      attestations: write  
+      contents: write
+      id-token: write
+      packages: write
+      statuses: read
+    strategy:
+      matrix:
+        include:
+          #- image: "archlinux-base"
+          #  script: "${GITHUB_WORKSPACE}/main/Github/Runners/bootstrap/archlinux.sh"
+          #  arch: "x86_64"
+          #  file: "/tmp/archlinux.tar"
+
+          - image: "cachyos-base"
+            script: "${GITHUB_WORKSPACE}/main/Github/Runners/bootstrap/cachyos.sh"
+            arch: "x86_64"
+            file: "/tmp/cachyos-base.tar"
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          path: main
+          filter: "blob:none"
+
+      - name: Debloat Runner
+        run: |
+          #Presets
+          set +x ; set +e
+          #--------------#
+          bash <(curl -qfsSL "https://raw.githubusercontent.com/pkgforge/devscripts/refs/heads/main/Github/Runners/debloat_ubuntu.sh")
+        continue-on-error: true
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        continue-on-error: true
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        continue-on-error: true
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: "${{ secrets.DOCKERHUB_USERNAME }}"
+          password: "${{ secrets.DOCKERHUB_TOKEN }}"
+        continue-on-error: true
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: "${{ github.actor }}"
+          password: "${{ secrets.GITHUB_TOKEN }}"
+        continue-on-error: true
+
+      - name: Install Addons
+        run: |
+          #presets
+          set +x ; set +e
+          #-------------#
+          bash <(curl -qfsSL "https://raw.githubusercontent.com/pkgforge/devscripts/refs/heads/main/Linux/install_bins_curl.sh")
+        continue-on-error: true
+
+      - name: Setup Env
+        run: |
+          #presets
+          set +x ; set +e
+          #-------------#
+          #tmp
+          SYSTMP="$(dirname $(mktemp -u))" && export SYSTMP="${SYSTMP}"
+          echo "SYSTMP=${SYSTMP}" >> "${GITHUB_ENV}"
+          #-------------#
+          ##User-Agent
+          USER_AGENT="$(curl -qfsSL 'https://pub.ajam.dev/repos/Azathothas/Wordlists/Misc/User-Agents/ua_chrome_macos_latest.txt')" && export USER_AGENT="${USER_AGENT}"
+          echo "USER_AGENT=${USER_AGENT}" >> "${GITHUB_ENV}"
+        continue-on-error: true
+
+      - name: Push (${{ matrix.image }}/${{ matrix.arch }})
+        env:
+          DOCKERHUB_USERNAME: "${{ secrets.DOCKERHUB_USERNAME }}"
+        run: |
+          #presets
+          set +x ; set +e
+          #-------------#
+          dos2unix --quiet "${{ matrix.script }}"
+          chmod +x "${{ matrix.script }}"
+          bash "${{ matrix.script }}"
+        continue-on-error: true
+
+      - name: Check
+        run: |
+          #presets
+          set +x ; set +e
+          #-------------#
+          if [[ -s "${{ matrix.file }}" ]] && [[ $(stat -c%s "${{ matrix.file }}") -gt 10000 ]]; then
+           export HAS_IMAGE="TRUE"
+           echo "HAS_IMAGE=${HAS_IMAGE}" >> "${GITHUB_ENV}"
+           UTC_TIME="$(TZ='UTC' date +'%Y_%m_%d')"
+           echo "UTC_TIME=${UTC_TIME}" >> "${GITHUB_ENV}"
+          else
+           export HAS_IMAGE="FALSE"
+           echo "HAS_IMAGE=${HAS_IMAGE}" >> "${GITHUB_ENV}"
+          fi
+        continue-on-error: true
+
+      - name: Fail (If Push Failed)
+        if: env.HAS_IMAGE == 'FALSE'
+        run: |
+          #presets
+          set +x ; set +e
+          #-------------#
+          exit 1
+        continue-on-error: false
+
+      #Artifacts
+      - name: Upload (Build) Artifacts
+        if: env.HAS_IMAGE == 'TRUE'
+        uses: actions/upload-artifact@v4
+        with:
+            name: ARTIFACTS
+            path: |
+              "${{ matrix.file }}"
+            compression-level: 0 #no compression, [Default: 6 (GNU Gzip)]
+            retention-days: 90 #max
+            overwrite: true
+        continue-on-error: true
+
+     #continuous
+      - name: Releaser (Continuous)
+        if: env.HAS_IMAGE == 'TRUE'
+        uses: softprops/action-gh-release@v2.2.1
+        with:
+          name: "Continuous ${{ matrix.image }}_${{ matrix.arch }}"
+          tag_name: "${{ matrix.image }}_${{ matrix.arch }}"
+          prerelease: true
+          draft: false
+          generate_release_notes: false
+          files: |
+            "${{ matrix.file }}"
+        continue-on-error: true
+
+     #Snapshot
+      - name: Releaser (Snapshot)
+        if: env.HAS_IMAGE == 'TRUE'
+        uses: softprops/action-gh-release@v2.2.1
+        with:
+          name: "Snapshot-(${{ matrix.image }}_${{ matrix.arch }}_${{ env.UTC_TIME }}"
+          tag_name: "${{ matrix.image }}_${{ matrix.arch }}_${{ env.UTC_TIME }}"
+          prerelease: false
+          draft: false
+          generate_release_notes: false
+          make_latest: false
+          files: |
+            "${{ matrix.file }}"
+        continue-on-error: true
+
+     #Build Provenance
+      - name: Attest Build Provenance
+        if: env.HAS_IMAGE == 'TRUE'
+        uses: actions/attest-build-provenance@v2.1.0
+        with:
+          subject-name: "image-${{ matrix.image }}-${{ matrix.arch }}"
+          subject-path: "${{ matrix.file }}"
+          show-summary: true
+        continue-on-error: true
diff --git a/Github/Runners/bootstrap/cachyos.sh b/Github/Runners/bootstrap/cachyos.sh
@@ -0,0 +1,135 @@
+#!/usr/bin/env bash
+#
+##DO NOT RUN DIRECTLY
+##Self: bash <(curl -qfsSL "https://raw.githubusercontent.com/pkgforge/devscripts/refs/heads/main/Github/Runners/bootstrap/cachyos.sh")
+#-------------------------------------------------------#
+
+#-------------------------------------------------------#
+set -x
+## No aarch64 docker yet: https://hub.docker.com/r/cachyos/cachyos/tags
+## Official Response: https://discuss.cachyos.org/t/arm-future-for-cachyos/727/2
+## https://github.com/CachyOS/docker
+if [ "$(uname  -m)" == "aarch64" ]; then
+   exit 0
+fi
+#-------------------------------------------------------#
+
+#-------------------------------------------------------#
+##Bootstrap
+ pushd "$(mktemp -d)" >/dev/null 2>&1
+  docker stop "cachyos-base" 2>/dev/null ; docker rm "cachyos-base" 2>/dev/null
+  docker run --name "cachyos-base" --privileged "cachyos/cachyos-v3:latest" bash -l -c '
+  #Bootstrap
+   pacman -y --sync --refresh --refresh --sysupgrade --noconfirm --debug
+   packages="bash binutils curl fakechroot fakeroot git wget"
+   for pkg in $packages; do pacman -Sy "$pkg" --noconfirm ; done
+   for pkg in $packages; do pacman -Sy "$pkg" --needed --noconfirm ; done
+  #Fix & Patches 
+   sed '\''/DownloadUser/d'\'' -i "/etc/pacman.conf"
+   #sed '\''s/^.*Architecture\s*=.*$/Architecture = auto/'\'' -i "/etc/pacman.conf"
+   sed '\''0,/^.*SigLevel\s*=.*/s//SigLevel = Never/'\'' -i "/etc/pacman.conf"
+   #sed '\''s/^.*SigLevel\s*=.*$/SigLevel = Never/'\'' -i "/etc/pacman.conf"
+   sed '\''/#\[multilib\]/,/#Include = .*/s/^#//'\'' -i "/etc/pacman.conf"
+   echo -e "nameserver 8.8.8.8\nnameserver 2620:0:ccc::2" | tee "/etc/resolv.conf"
+   echo -e "nameserver 1.1.1.1\nnameserver 2606:4700:4700::1111" | tee -a "/etc/resolv.conf"
+   unlink "/var/lib/dbus/machine-id" 2>/dev/null
+   unlink "/etc/machine-id" 2>/dev/null
+   rm -rvf "/etc/machine-id"
+   systemd-machine-id-setup --print 2>/dev/null | tee "/var/lib/dbus/machine-id"
+   cat "/var/lib/dbus/machine-id" | tee "/etc/machine-id"
+   pacman -Scc --noconfirm
+   echo "disable-scdaemon" | tee "/etc/pacman.d/gnupg/gpg-agent.conf"
+   curl -qfsSL "https://raw.githubusercontent.com/pkgforge/flatimage-base/refs/heads/main/archlinux_hooks.sh" -o "/arch_hooks.sh"
+   chmod +x "/arch_hooks.sh" ; "/arch_hooks.sh"
+   rm -rfv "/arch_hooks.sh"
+   echo "LANG=en_US.UTF-8" | tee "/etc/locale.conf"
+   echo "LANG=en_US.UTF-8" | tee -a "/etc/locale.conf"
+   echo "LANGUAGE=en_US:en" | tee -a "/etc/locale.conf"
+   echo "LC_ALL=en_US.UTF-8" | tee -a "/etc/locale.conf"
+   echo "en_US.UTF-8 UTF-8" | tee -a "/etc/locale.gen"
+   echo "LC_ALL=en_US.UTF-8" | tee -a "/etc/environment"
+   locale-gen ; locale-gen "en_US.UTF-8"
+  #Cleanup
+   pacman -y --sync --refresh --refresh --sysupgrade --noconfirm
+   pacman -Rsn base-devel --noconfirm
+   pacman -Rsn perl --noconfirm
+   pacman -Rsn python --noconfirm
+   pacman -Scc --noconfirm
+  #Fake-Sudo
+   pacman -Rsndd sudo 2>/dev/null
+   rm -rvf "/usr/bin/sudo" 2>/dev/null
+   curl -qfsSL "https://github.com/pkgforge/flatimage-base/releases/download/$(uname -m)/fake-sudo-pkexec.tar.zst" -o "./fake-sudo-pkexec.tar.zst" && chmod +x "./fake-sudo-pkexec.tar.zst"
+   pacman -Uddd "./fake-sudo-pkexec.tar.zst" --noconfirm
+   pacman -Syy fakeroot --needed --noconfirm
+   rm -rvf "./fake-sudo-pkexec.tar.zst"
+  #Yay
+   curl -qfsSL "https://github.com/pkgforge/flatimage-base/releases/download/$(uname -m)/yay" -o "/usr/bin/yay" && chmod +x "/usr/bin/yay"
+   yay --version  ; which fakeroot yay sudo
+  #More cleanup
+   rm -rfv "/usr/share/gtk-doc/"* 2>/dev/null
+   rm -rfv "/usr/share/man/"* 2>/dev/null
+   rm -rfv "/usr/share/help/"* 2>/dev/null
+   rm -rfv "/usr/share/info/"* 2>/dev/null
+   rm -rfv "/usr/share/doc/"* 2>/dev/null
+   rm -rfv "/var/tmp/"* 2>/dev/null
+   rm -rfv "/var/lib/pacman/sync/"* 2>/dev/null
+   rm -rfv "/var/cache/pacman/pkg/"* 2>/dev/null
+   find "/boot" -mindepth 1 -delete 2>/dev/null
+   find "/dev" -mindepth 1 -delete 2>/dev/null
+   find "/proc" -mindepth 1 -delete 2>/dev/null
+   find "/run" -mindepth 1 -delete 2>/dev/null
+   find "/sys" -mindepth 1 -delete 2>/dev/null
+   find "/tmp" -mindepth 1 -delete 2>/dev/null
+   find "/usr/include" -mindepth 1 -delete 2>/dev/null
+   find "/usr/lib" -type f -name "*.a" -print -exec rm -rfv "{}" 2>/dev/null \; 2>/dev/null
+   find "/usr/lib32" -type f -name "*.a" -print -exec rm -rfv "{}" 2>/dev/null \; 2>/dev/null
+   find "/etc/pacman.d/gnupg" -type f -name "S.*" -print -exec rm -rfv "{}" 2>/dev/null \; 2>/dev/null
+   find "/usr/share/locale" -mindepth 1 -maxdepth 1 ! -regex ".*/\(locale.alias\|en\|en_US\)$" -exec rm -rfv "{}" + 2>/dev/null
+   find "/usr/share/doc" -mindepth 1 -delete 2>/dev/null
+   find "/usr/share/gtk-doc" -mindepth 1 -delete 2>/dev/null
+   find "/usr/share/help" -mindepth 1 -delete 2>/dev/null
+   find "/usr/share/info" -mindepth 1 -delete 2>/dev/null
+   find "/usr/share/man" -mindepth 1 -delete 2>/dev/null
+   find "." -type d -name "__pycache__" -exec rm -rfv "{}" \; 2>/dev/null
+   find "." -type f -name "*.pacnew" -exec rm -rfv "{}" \; 2>/dev/null
+   find "." -type f -name "*.pacsave" -exec rm -rfv "{}" \; 2>/dev/null
+   find "/var/log" -type f -name "*.log" -exec rm -rfv "{}" \; 2>/dev/null
+   rm -rfv "/"{tmp,proc,sys,dev,run} 2>/dev/null
+   mkdir -pv "/"{tmp,proc,sys,dev,run/media,mnt,media,home}  2>/dev/null
+   rm -fv ""/etc/{host.conf,hosts,nsswitch.conf}  2>/dev/null
+   touch ""/etc/{host.conf,hosts,nsswitch.conf}  2>/dev/null
+   hostname 2>/dev/null; cat "/etc/os-release" 2>/dev/null'
+##Export   
+  docker export "$(docker ps -aqf 'name=cachyos')" --output "rootfs.tar"
+  if [[ -f "./rootfs.tar" ]] && [[ $(stat -c%s "./rootfs.tar") -gt 10000 ]]; then
+    mkdir -pv "./rootfs" && export ROOTFS_DIR="$(realpath "./rootfs")"
+    rsync -achLv --mkpath "./rootfs.tar" "/tmp/cachyos-base.tar"
+  else
+    echo "\n[-] FATAL: Failed to export ROOTFS\n"
+   exit 1
+  fi
+popd "$(mktemp -d)" >/dev/null 2>&1
+#-------------------------------------------------------#
+
+
+#-------------------------------------------------------#
+##Push
+#ENV
+D_ID="$(docker ps -qf 'name=cachyos-base' | tr -d '[:space:]')"
+D_TAG="v$(date +'%Y.%m.%d' | tr -d '[:space:]')"
+export D_ID D_TAG
+#Tags
+docker commit "${D_ID}" "pkgforge/cachyos-base:latest"
+docker commit "${D_ID}" "ghcr.io/pkgforge/devscripts/cachyos-base:latest"
+docker commit "${D_ID}" "pkgforge/cachyos-base:${DOCKER_TAG}"
+docker commit "${D_ID}" "ghcr.io/pkgforge/devscripts/cachyos-base:${DOCKER_TAG}"
+docker commit "${D_ID}" "pkgforge/cachyos-base:$(uname -m)"
+docker commit "${D_ID}" "ghcr.io/pkgforge/devscripts/cachyos-base:$(uname -m)"
+#Push
+docker push "pkgforge/cachyos-base:latest"
+docker push "ghcr.io/pkgforge/devscripts/cachyos-base:latest"
+docker push "pkgforge/cachyos-base:${DOCKER_TAG}"
+docker push "ghcr.io/pkgforge/devscripts/cachyos-base:${DOCKER_TAG}"
+docker push "pkgforge/cachyos-base:$(uname -m)"
+docker push "ghcr.io/pkgforge/devscripts/cachyos-base:$(uname -m)"
+#-------------------------------------------------------#
