Merge pull request #90 from thin-edge/feat-rugix

feat: update to rugix

Author: reubenmiller

.github/workflows/bake-image.yml

@@ -5,6 +5,7 @@ on:
   pull_request:
   workflow_dispatch:
   push:
+    branches: [feat-rugix]
     tags:
       - "*"
 
@@ -36,58 +37,130 @@ jobs:
           echo "version=$version" >> "$GITHUB_OUTPUT"
 
   bake-image:
-    name: Bake Image ${{ matrix.job.image }}
-    runs-on: ubuntu-latest
+    name: Bake ${{ matrix.job.system }}
+    runs-on: ${{ matrix.job.runner }}
     needs: info
+    env:
+      IMAGE_NAME: ${{ matrix.job.system }}_${{ needs.info.outputs.version }}
+      VERSION: ${{needs.info.outputs.version}}
     strategy:
       fail-fast: false
       matrix:
         job:
-          - { image: rpi-tryboot }
-          - { image: rpi-tryboot-containers }
-          - { image: rpi-tryboot-pi4 }
-          - { image: rpi-u-boot }
-          - { image: rpi-u-boot-containers }
-          - { image: rpi-u-boot-armhf }
-          - { image: rpi-u-boot-armhf-containers }
-          - { image: debian-arm64 }
-          - { image: debian-amd64 }
+          - { system: tedge-debian-12-efi-arm64, runner: ubuntu-24.04-arm }
+          - { system: tedge-debian-12-efi-amd64, runner: ubuntu-latest }
+          - { system: tedge-raspios-arm64-tryboot-pi4, runner: ubuntu-24.04-arm }
+          - { system: tedge-raspios-arm64-tryboot, runner: ubuntu-24.04-arm }
+          - { system: tedge-raspios-arm64, runner: ubuntu-24.04-arm }
+          - { system: tedge-raspios-armhf, runner: ubuntu-latest }
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
+
       - uses: taiki-e/install-action@just
-      - name: Install dependencies
-        run: just setup
-      - id: info
-        env:
-          VERSION: ${{needs.info.outputs.version}}
-        run: |
-          source <(just show)
-          echo "PREFIX=$PREFIX" >> "$GITHUB_OUTPUT"
+
       - name: Configure .env
         env:
           IMAGE_CONFIG: ${{secrets.IMAGE_CONFIG || ''}}
         run: |
-          echo "IMAGE_NAME=${{ steps.info.outputs.PREFIX }}${{ matrix.job.image }}_${{ needs.info.outputs.version }}" > ".env"
+          echo "Adding github repo owner (${{ github.repository_owner }}) to 'SSH_GITHUB_OWNER' variable to load any publish ssh keys if they exist"
+          echo "SSH_GITHUB_OWNER=${{ github.repository_owner }}" >> .env
+
           if [ -n "$IMAGE_CONFIG" ]; then
             echo "Adding custom IMAGE_CONFIG settings to .env"
-            echo "$IMAGE_CONFIG" >> ".env"
+            echo "$IMAGE_CONFIG" >> .env
           fi
 
       - name: Build image
-        env:
-          VERSION: ${{needs.info.outputs.version}}
         run: |
-          just IMAGE=${{ matrix.job.image }} build
+          just SYSTEM=${{ matrix.job.system }} build-image
+
+      - name: Rename artifacts
+        run: |
+          sudo cp build/${{ matrix.job.system }}/system.img build/${{ matrix.job.system }}/${{ env.IMAGE_NAME }}.img
+          sudo cp build/${{ matrix.job.system }}/artifacts/sbom.txt build/${{ matrix.job.system }}/artifacts/${{ env.IMAGE_NAME }}.sbom.txt
+          ls -l build/${{ matrix.job.system }}/
+          ls -l build/${{ matrix.job.system }}/artifacts/
+
+      - name: Upload SBOM
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.IMAGE_NAME }}.sbom.txt
+          if-no-files-found: error
+          path: |
+            build/${{ matrix.job.system }}/artifacts/${{ env.IMAGE_NAME }}.sbom.txt
 
+      - name: Compress Image (xz)
+        run: |
+          sudo xz -v "build/${{ matrix.job.system }}/${{ env.IMAGE_NAME }}.img"
+      
       - name: Upload Image
         uses: actions/upload-artifact@v4
+        id: image-upload-step
+        with:
+          name: ${{ env.IMAGE_NAME }}.img.xz
+          if-no-files-found: error
+          compression-level: 0
+          path: |
+            build/${{ matrix.job.system }}/${{ env.IMAGE_NAME }}.img.xz
+
+      - name: Build bundle
+        run: |
+          just SYSTEM=${{ matrix.job.system }} build-bundle ${{ env.IMAGE_NAME }}.rugixb
+
+      - name: Upload Update Bundle
+        uses: actions/upload-artifact@v4
+        id: bundle-upload-step
         with:
-          name: ${{ steps.info.outputs.PREFIX }}${{ matrix.job.image }}_${{ needs.info.outputs.version }}
+          name: ${{ env.IMAGE_NAME }}.rugixb
+          if-no-files-found: error
+          # rugixb is already compressed
+          compression-level: 0
           path: |
-            build/
-            *.sbom.txt
+            build/${{ matrix.job.system }}/${{ env.IMAGE_NAME }}.rugixb
+
+      - uses: reubenmiller/setup-go-c8y-cli@main
+      - name: Publish firmware to c8y
+        if: ${{ github.repository_owner == 'thin-edge' }}
+        env:
+          C8Y_HOST: '${{ secrets.C8Y_HOST }}'
+          C8Y_USER: '${{ secrets.C8Y_USER }}'
+          C8Y_PASSWORD: '${{ secrets.C8Y_PASSWORD }}'
+        run: |
+          publish_firmware_version() {
+            FIRMWARE_NAME="$1"
+            FIRMWARE_VERSION="$2"
+            ARTIFACT_URL="$3"
+
+            FIRMWARE_ID=$(
+              c8y firmware get -n --id "$FIRMWARE_NAME" --silentStatusCodes 404 --select id -o csv ||
+                c8y firmware create -n --name "$FIRMWARE_NAME" --select id -o csv
+            )
+            ARTIFACT_ID=$(echo "$ARTIFACT_URL" | rev | cut -d/ -f1 | rev)
+            FIRMWARE_URL="https://api.github.com/repos/${{ github.repository }}/actions/artifacts/${ARTIFACT_ID}/zip"
+            c8y firmware versions create \
+              -n \
+              --firmware "$FIRMWARE_ID" \
+              --version "$FIRMWARE_VERSION" \
+              --url "$FIRMWARE_URL" \
+              --template "{
+                github: {
+                  ref: '${{ github.ref }}',
+                  repository: '${{ github.repository }}',
+                  run_id: '${{ github.run_id }}',
+                  sha: '${{ github.sha }}',
+                  artifactUrl: '$ARTIFACT_URL',
+                }
+              }"
+          }
+
+          # bundle
+          publish_firmware_version "${{ matrix.job.system }}" "${{ env.VERSION }}" "${{ steps.bundle-upload-step.outputs.artifact-url }}"
+
+          # image (only used for migrating from a rugpi image to rugix)
+          publish_firmware_version "${{ matrix.job.system }}" "${{ env.VERSION }}-img" "${{ steps.image-upload-step.outputs.artifact-url }}"
+
 
   release:
     name: Release
@@ -105,7 +178,7 @@ jobs:
       - name: Show release artifacts
         run: ls -l release/*/*
       - name: Release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.gitignore

@@ -1,6 +1,12 @@
 /.rugpi
+/.rugix
 /build
+build.log
 .image
 *.sbom.txt
 *.log
-*.env
+*.env
+
+# test keys
+id_rsa
+id_rsa.pub

README.md

@@ -1,9 +1,11 @@
-# thin-edge.io image using Rugpi
+# thin-edge.io image using Rugix
 
-The repository can be used to build custom Raspberry Pi images with thin-edge.io and [Rugpi](https://oss.silitics.com/rugpi/) for robust OTA Operating System updates.
+The repository can be used to build custom device images with thin-edge.io and [Rugix](https://oss.silitics.com/rugix/) for robust Over-The-Air (OTA) Operating System updates.
 
 ## Compatible devices
 
+Rugix can support building images for other devices than just Raspberry Pi's, however the thin-edge.io integration is currently only tested for Raspberry Pi devices. Please reach out for support if you are looking into integrating with other devices, or contact [Silitics](https://oss.silitics.com/rugix/commercial-support), the authors of Rugix.
+
 **Using u-boot**
 
 * Raspberry PI 1B
@@ -18,19 +20,19 @@ The repository can be used to build custom Raspberry Pi images with thin-edge.io
 * Raspberry Pi 5
 
 
-## Images
+## System Images
 
-The following images are included in this repository.
+The following system images are included in this repository.
 
 |Image|Description|
 |-------|-----------|
-|rpi-tryboot|Image for Raspberry Pi 4 and 5 devices which use the tryboot bootloader|
-|rpi-tryboot-containers|Image for Raspberry Pi 4 and 5 devices which use the tryboot bootloader and with docker pre-installed|
-|rpi-tryboot-rpi4|Raspberry Pi 4 image which includes the firmware to enable tryboot bootloader|
-|rpi-u-boot|Image for Raspberry Pi 2, 3, zero 2W|
-|rpi-u-boot-containers|Image for Raspberry Pi 2, 3, zero 2W with docker pre-installed|
-|rpi-u-boot-armhf|Image for Raspberry Pi 1 and zero|
-|rpi-u-boot-armhf-containers|Image for Raspberry Pi 1 and zero with docker pre-installed|
+|tedge-raspios-arm64-tryboot|Image for Raspberry Pi 4 and 5 devices which use the tryboot bootloader|
+|tedge-raspios-arm64-tryboot-pi4|Raspberry Pi 4 image which includes the firmware to enable tryboot bootloader|
+|tedge-raspios-arm64|Image for Raspberry Pi 3 and zero 2W|
+|tedge-raspios-armhf|Image for Raspberry Pi 1, 2 and zero|
+|tedge-raspios-armhf|Image for Raspberry Pi 1, 2 and zero|
+|tedge-debian-12-efi-arm64|Image for an EFI enabled device with arm64|
+|tedge-debian-12-efi-amd64|Image for an EFI enabled device with amd64|
 
 ## Building
 
@@ -41,7 +43,7 @@ To run the build tasks, install [just](https://just.systems/man/en/chapter_5.htm
 1. Clone the repository
 
     ```sh
-    git clone https://github.com/thin-edge/tedge-rugpi-image.git
+    git clone https://github.com/thin-edge/tedge-rugix-image.git
     ```
 
 2. Create a custom `.env` file which will be used to store secrets
@@ -60,6 +62,9 @@ To run the build tasks, install [just](https://just.systems/man/en/chapter_5.htm
     SECRETS_WIFI_SSID=example
     SECRETS_WIFI_PASSWORD=yoursecurepassword
     SSH_KEYS_bootstrap="ssh-rsa xxxxxxx"
+
+    # Include ssh keys from github user profiles
+    SSH_GITHUB_USERS=myuser
     ```
 
     **Note**
@@ -68,30 +73,26 @@ To run the build tasks, install [just](https://just.systems/man/en/chapter_5.htm
 
     If an image has Wifi credentials baked in, then you should not make this image public, as it would expose your credentials! 
 
-4. Create the image (including downloading the supported base Raspberry Pi image) using:
+4. Create the image
 
     ```sh
-    just build-pi4
+    just SYSTEM=tedge-raspios-arm64-tryboot build-image
     ```
 
-    Alternatively, you can use any of the image names defined in the `rugpi-bakery.toml` file, where the image name is part of the `images.*` key. For example, for `images.rpi-tryboot-containers`, the `IMAGE` name would be `rpi-tryboot`. You can then build the image using the following command:
-
-    ```sh
-    just IMAGE=rpi-tryboot-containers build
-    ```
+5. Using the path to the image shown in the console to flash the image to the device.
 
-5. Using the path to the image shown in the console to flash the image to the Raspberry Pi.
+6. Build the update bundle for Over-the-Air Updates
 
-6. Subsequent A/B updates can be done using Cumulocity IoT or the local Rugpi interface on (localhost:8088)
-
-    **Notes**
+    ```
+    just SYSTEM=tedge-raspios-arm64-tryboot build-bundle
+    ```
 
-    You can apply image updates via the device's localhost:8088 interface, however you will have to expand the `.xz` image file to a `.img` file.
+    **Note:** A Rugix update bundle will have the `.rugixb` suffix in its filename
 
-For further information on Rugpi, checkout the [quick start guide](https://oss.silitics.com/rugpi/docs/getting-started).
+For further information on Rugix, checkout the [quick start guide](https://oss.silitics.com/rugix/docs/getting-started).
 
 
-### Building images including thin-edge.io main
+### Building images/bundles including thin-edge.io main
 
 To build an image with the latest pre-release version from the [main channel](https://thin-edge.github.io/thin-edge.io/contribute/package-hosting/#pre-releases), set the following environment variable in the `.env` file in your project:
 
@@ -107,25 +108,25 @@ The different image options can be confusing, so to help users a few device spec
 #### Raspberry Pi 1
 
 ```sh
-just build-pi1
+just SYSTEM=tedge-raspios-armhf build-image
 ```
 
 #### Raspberry Pi 2
 
 ```sh
-just build-pi2
+just SYSTEM=tedge-raspios-armhf build-image
 ```
 
 #### Raspberry Pi 3
 
 ```sh
-just build-pi3
+just SYSTEM=tedge-raspios-arm64 build-image
 ```
 
 #### Raspberry Pi 4 / 400
 
 ```sh
-just build-pi4
+just SYSTEM=tedge-raspios-arm64 build-image
 ```
 
 **Note**
@@ -135,25 +136,25 @@ All Raspberry Pi 4 and 400 don't support tryboot by default, and need their firm
 You can build an image which also includes the firmware used to enable tryboot. Afterwards you can switch back to using an image without the firmware included in it.
 
 ```sh
-just build-pi4-include-firmware
+just SYSTEM=tedge-raspios-arm64-tryboot-pi4 build-image
 ```
 
 #### Raspberry Pi 5
 
 ```sh
-just build-pi5
+just SYSTEM=tedge-raspios-arm64 build-image
 ```
 
 #### Raspberry Pi Zero
 
 ```sh
-just build-pizero
+just SYSTEM=tedge-raspios-armhf build-image
 ```
 
 #### Raspberry Pi Zero 2W
 
 ```sh
-just build-pizero2w
+just SYSTEM=tedge-raspios-arm64 build-image
 ```
 
 ## Project Tasks
@@ -178,7 +179,6 @@ just build-pizero2w
 
 **Optional: Public images to Cumulocity IoT**
 
-
 You will need [go-c8y-cli](https://goc8ycli.netlify.app/) and [gh](https://cli.github.com/) tools for this!
 
 1. In the console, using go-c8y-cli, set your session to the tenant where you want to upload the firmware to

env.template

@@ -8,6 +8,9 @@ SSH_KEYS_bootstrap="ssh-rsa xxxxxxx"
 #SSH_KEYS_user1="ssh-rsa xxxxxxx"
 #SSH_KEYS_user2="ssh-rsa xxxxxxx"
 
+# List of github user ids to fetch their public ssh keys from 
+#SSH_GITHUB_USERS=
+
 # thin-edge.io settings
 # thin-edge.io install channel. Options: "main",  "release" (latest official release)
 #TEDGE_INSTALL_CHANNEL=main