feat: Enable removal of unwanted software in the build workflow.

Author: hanthor

.github/workflows/build-iso.yml

@@ -227,10 +227,17 @@ jobs:
         id: build
         uses: hanthor/titanoboa@main
         with:
-          image-ref: ghcr.io/${{ github.repository_owner }}/${{ matrix.image_name }}${{ steps.get_image_ref.outputs.image_suffix }}:${{ steps.get_image_ref.outputs.image_tag }}
+          image-ref: >-
+            ghcr.io/${{ github.repository_owner }}/${{ matrix.image_name }}${{
+            steps.get_image_ref.outputs.image_suffix }}:${{
+            steps.get_image_ref.outputs.image_tag }}
           flatpaks-list: ${{ github.workspace }}/system_files/etc/ublue-os/system-flatpaks.list
           hook-post-rootfs: ${{ github.workspace }}/iso_files/configure_lts_iso_anaconda.sh
-          builder-distro: ${{ matrix.image_variant == 'yellowfin' && 'almalinux' || matrix.image_variant == 'albacore' && 'almalinux' || matrix.image_variant == 'skipjack' && 'centos' || matrix.image_variant == 'bonito' && 'fedora' }}
+          builder-distro: |
+            ${{ matrix.image_variant == 'yellowfin' && 'almalinux' ||
+                matrix.image_variant == 'albacore' && 'almalinux' ||
+                matrix.image_variant == 'skipjack' && 'centos' ||
+                matrix.image_variant == 'bonito' && 'fedora' }}
           platform: ${{ matrix.platform }}
 
       - name: Rename ISO

.github/workflows/build-next.yml

@@ -61,7 +61,7 @@ jobs:
           else
             IMAGE_VARIANTS="$INPUT_VARIANT"
           fi
-          
+
           # Define flavors to build based on input, ensuring dependencies are met
           FLAVORS_TO_BUILD=""
           if [ "$INPUT_FLAVOR" = "all" ]; then
@@ -73,12 +73,12 @@ jobs:
           else # base
             FLAVORS_TO_BUILD="base"
           fi
-          
+
           # Generate separate matrices for each flavor
           BASE_MATRIX="{\"include\":[]}"
           DX_MATRIX="{\"include\":[]}"
           GDX_MATRIX="{\"include\":[]}"
-          
+
           for variant in $IMAGE_VARIANTS; do
             for flavor in $FLAVORS_TO_BUILD; do
               # Determine image name based on flavor
@@ -87,7 +87,7 @@ jobs:
               else
                 IMAGE_NAME="${variant}"
               fi
-              
+
               # Set variant-specific descriptions and platforms
               case "$variant" in
                 yellowfin)
@@ -99,12 +99,12 @@ jobs:
                   PLATFORMS="linux/arm64,linux/amd64,linux/amd64/v2"
                   ;;
               esac
-              
+
               # Override platforms if provided via input
               if [ -n "$INPUT_PLATFORMS" ]; then
                 PLATFORMS="$INPUT_PLATFORMS"
               fi
-              
+
               # Add flavor suffix to description
               case "$flavor" in
                 dx)
@@ -114,15 +114,15 @@ jobs:
                   DESCRIPTION="${DESCRIPTION} GDX"
                   ;;
               esac
-              
+
               ENTRY="{
                 \"variant\": \"${variant}\",
                 \"flavor\": \"${flavor}\",
                 \"image_name\": \"${IMAGE_NAME}\",
                 \"description\": \"${DESCRIPTION}\",
                 \"platforms\": \"${PLATFORMS}\"
               }"
-              
+
               # Add to appropriate matrix
               case "$flavor" in
                 base)
@@ -137,7 +137,7 @@ jobs:
               esac
             done
           done
-          
+
           echo "base_matrix=$(echo "${BASE_MATRIX}" | jq -c '.')" >> $GITHUB_OUTPUT
           echo "dx_matrix=$(echo "${DX_MATRIX}" | jq -c '.')" >> $GITHUB_OUTPUT
           echo "gdx_matrix=$(echo "${GDX_MATRIX}" | jq -c '.')" >> $GITHUB_OUTPUT
@@ -216,4 +216,4 @@ jobs:
       rechunk: true
       sbom: false
       publish: true
-      remove-unwanted-software: true
+      remove-unwanted-software: true

.github/workflows/build.yml

@@ -1,6 +1,6 @@
 name: Build
 on:
-  pull_request: 
+  pull_request:
     branches:
       - main
     paths:
@@ -21,32 +21,32 @@ on:
         default: 'all'
         type: choice
         options:
-        - yellowfin
-        - albacore
-        # - skipjack
-        # - bonito
-        - all
+          - yellowfin
+          - albacore
+          # - skipjack
+          # - bonito
+          - all
       build_variant:
         description: 'Build variant (base, dx, gdx)'
         required: false
         default: 'base,dx,gdx'
         type: choice
         options:
-        - base
-        - base,dx
-        - base,dx,gdx
+          - base
+          - base,dx
+          - base,dx,gdx
       platforms:
         description: 'Platforms to build (Be sure to build all on Main!)'
         required: false
         default: ''
         type: choice
         options:
-        - ''
-        - linux/amd64
-        - linux/amd64/v2
-        - linux/arm64
-        - linux/amd64,linux/arm64
-        - linux/amd64,linux/amd64/v2,linux/arm64
+          - ''
+          - linux/amd64
+          - linux/amd64/v2
+          - linux/arm64
+          - linux/amd64,linux/arm64
+          - linux/amd64,linux/amd64/v2,linux/arm64
 
 
 concurrency:
@@ -61,8 +61,8 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
       - name: Checkout for config
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3  # v4
-        
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4
+
       - name: Generate image variant build matrix
         id: set-matrix
         run: |
@@ -79,7 +79,7 @@ jobs:
               IMAGE_VARIANTS="yellowfin albacore" # skipjack bonito"
             fi
           fi
-          
+
           # Generate matrix
           MATRIX="{\"include\":[]}"
           for image_variant in $IMAGE_VARIANTS; do
@@ -106,7 +106,7 @@ jobs:
                 PLATFORMS="linux/arm64,linux/amd64"
                 ;;
             esac
-            
+
             # Determine image name and tag
             if [[ "${{ github.event_name }}" == "pull_request" ]]; then
               IMAGE_NAME="${image_variant}"
@@ -115,7 +115,7 @@ jobs:
               IMAGE_NAME="${image_variant}"
               TAG="${{ (github.ref_name == 'main' && github.event_name != 'pull_request') && 'latest' || github.sha }}"
             fi
-            
+
             # If Platforms is set
             if [[ "${{ github.event_name }}" == "workflow_dispatch" && -n "${{ inputs.platforms }}" ]]; then
               PLATFORMS="${{ inputs.platforms }}"
@@ -129,10 +129,10 @@ jobs:
               \"description\": \"${DESCRIPTION}\",
               \"rechunk\": ${{ github.event_name != 'pull_request' }},
               \"sbom\": false,
-              \"publish\": true, 
+              \"publish\": true,
             }]")"
           done
-          
+
           echo "matrix=$(echo "${MATRIX}" | jq -c '.')" >> $GITHUB_OUTPUT
 
   # Build base images (base for chaining)

.github/workflows/release-stable.yml

@@ -92,35 +92,61 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-east-1
 
-      - name: Upload to S3
-        run: |
-          aws s3 cp output/qcow2/disk.qcow2 s3://${{ secrets.S3_BUCKET }}/tunaos-${{ github.ref_name }}.qcow2
-          echo "IMAGE_URL=https://${{ secrets.S3_BUCKET }}.s3.amazonaws.com/tunaos-${{ github.ref_name }}.qcow2" >> $GITHUB_ENV
+            - name: Upload to S3
 
-      - name: Setup openQA CLI
-        run: |
-          sudo apt-get update && sudo apt-get install -y jq
-          # Installing openQA client (example, might need specific repo or container)
-          # For now, assuming we can run it via container or it's available.
-          # Let's use a container for the CLI to be safe.
-          echo "alias openqa-cli='podman run --rm -e OPENQA_API_KEY=${{ secrets.OPENQA_API_KEY }} -e OPENQA_API_SECRET=${{ secrets.OPENQA_API_SECRET }} -e OPENQA_HOST=${{ secrets.OPENQA_HOST }} registry.opensuse.org/devel/openqa/containers/openqa_client:latest openqa-cli'" >> ~/.bashrc
-          source ~/.bashrc
-
-      - name: Run openQA Test
-        run: |
-          # Source bashrc to get the alias
-          source ~/.bashrc
-          ./scripts/openqa-trigger.sh "${{ env.IMAGE_URL }}" "${{ github.ref_name }}"
+              run: |
 
-      - name: Promote to Stable
-        if: success()
-        run: |
-          VERSION=${{ github.ref_name }}
-          IMAGE_NAME="${{ steps.image.outputs.name }}"
-          skopeo copy \
-            docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:testing \
-            docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:stable
-          
-          skopeo copy \
-            docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:testing \
-            docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:${VERSION}
+                aws s3 cp output/qcow2/disk.qcow2 s3://${{ secrets.S3_BUCKET }}/tunaos-${{ github.ref_name }}.qcow2
+
+                echo "IMAGE_URL=https://${{ secrets.S3_BUCKET }}.s3.amazonaws.com/tunaos-${{ github.ref_name }}.qcow2" >> $GITHUB_ENV
+
+
+            - name: Setup openQA CLI
+
+              run: |
+
+                sudo apt-get update && sudo apt-get install -y jq
+
+                # Installing openQA client (example, might need specific repo or container)
+
+                # For now, assuming we can run it via container or it's available.
+
+                # Let's use a container for the CLI to be safe.
+
+                echo "alias openqa-cli='podman run --rm \
+
+                  -e OPENQA_API_KEY=${{ secrets.OPENQA_API_KEY }} \
+
+                  -e OPENQA_API_SECRET=${{ secrets.OPENQA_API_SECRET }} \
+
+                  -e OPENQA_HOST=${{ secrets.OPENQA_HOST }} \
+
+                  registry.opensuse.org/devel/openqa/containers/openqa_client:latest openqa-cli'" >> ~/.bashrc
+
+                source ~/.bashrc
+
+      
+
+            - name: Run openQA Test
+
+              run: |
+
+                # Source bashrc to get the alias
+
+                source ~/.bashrc
+
+                ./scripts/openqa-trigger.sh "${{ env.IMAGE_URL }}" "${{ github.ref_name }}"
+
+            - name: Promote to Stable
+              if: success()
+              run: |
+                VERSION=${{ github.ref_name }}
+                IMAGE_NAME="${{ steps.image.outputs.name }}"
+                skopeo copy \
+                  docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:testing \
+                  docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:stable
+                skopeo copy \
+                  docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:testing \
+                  docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:${VERSION}
+
+      

.github/workflows/reusable-build-image.yml

@@ -103,7 +103,6 @@ jobs:
             MATRIX="$(echo "${MATRIX}" | jq ".include += [{\"platform\": \"${platform}\", \"safeplatform\": \"${safeplatform}\"}]")"
           done
           echo "matrix=$(echo "${MATRIX}" | jq -c '.')" >> $GITHUB_OUTPUT
-        
 
   build_push:
     name: Build and push image
@@ -128,7 +127,7 @@ jobs:
 
       - name: Checkout
         uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4
-      
+
       - name: Maximize build space (remove-software)
         if: inputs.remove-unwanted-software && matrix.platform != 'arm64'
         uses: ublue-os/remove-unwanted-software@cc0becac701cf642c8f0a6613bbdaf5dc36b259e # v9
@@ -177,7 +176,6 @@ jobs:
           export SYFT_PARALLELISM=$(($(nproc)*2))
           sudo "$SYFT_CMD" "${IMAGE_REGISTRY}/${IMAGE}:${DEFAULT_TAG}" -o "spdx-json=${OUTPUT_PATH}"
           echo "OUTPUT_PATH=${OUTPUT_PATH}" >> "${GITHUB_OUTPUT}"
-      
 
       - name: Run Rechunker
         if: ${{ inputs.rechunk && inputs.publish }}
@@ -311,7 +309,7 @@ jobs:
       - generate_matrix
       - build_push
     container:
-      image:  cgr.dev/chainguard/wolfi-base:latest
+      image: cgr.dev/chainguard/wolfi-base:latest
       options: --privileged --security-opt seccomp=unconfined
     permissions:
       contents: read

scripts/build-bootc-diskimage.sh

@@ -21,8 +21,6 @@ mkdir -p "$TMPDIR/output"
 TYPE="$1"
 IMAGE_URI="$2"
 TOML_FILE="$TYPE.toml"
-# TODO: make this setable
-ROOTFS="xfs"
 
 if [ "$TYPE" = "iso" ]; then
 	# TODO: enable user creation for KDE and server images, this is currently only for GNOME

scripts/qemu-test.sh

@@ -41,9 +41,6 @@ trap cleanup EXIT
 echo "Waiting for SSH..."
 MAX_RETRIES=30
 RETRY_COUNT=0
-SSH_OPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=5 -p 2222"
-SSH_USER="admin"
-SSH_PASS="password" # In a real scenario, use keys or secrets. For now, we'll rely on the config.toml setting.
 # Note: For real testing, you might need a specific user/key injected via cloud-init or similar.
 # For this example, we'll assume there's a way to connect or just check the port.
 # If passwordless SSH isn't set up, we might just check if the port is open using netcat.

scripts/run-local-ci.sh

@@ -20,7 +20,8 @@ fi
 # Try to get GITHUB_TOKEN from gh cli if not set
 if [ -z "$GITHUB_TOKEN" ] && command -v gh &> /dev/null; then
     echo "Fetching GITHUB_TOKEN from gh CLI..."
-    export GITHUB_TOKEN=$(gh auth token)
+    GITHUB_TOKEN=$(gh auth token)
+    export GITHUB_TOKEN
 fi
 
 if [ -z "$GITHUB_TOKEN" ] && ! grep -q "GITHUB_TOKEN" secrets.env 2>/dev/null; then
@@ -70,12 +71,12 @@ else
     echo "2. Promote to Testing (test-and-promote.yml)"
     echo "3. Release Stable (release-stable.yml)"
     echo "4. Run Full Pipeline (build → test → release)"
-    read -p "Select workflow to run (1-4): " choice
+    read -r -p "Select workflow to run (1-4): " choice
 fi
 
 # Create temp directory for transformed workflows
 TMP_DIR=$(mktemp -d)
-trap "rm -rf $TMP_DIR" EXIT
+trap 'rm -rf $TMP_DIR' EXIT
 
 case $choice in
     1)
@@ -114,13 +115,13 @@ case $choice in
         if [ -n "$2" ]; then
             variant=$2
         else
-            read -p "Enter image variant (yellowfin/albacore): " variant
+            read -r -p "Enter image variant (yellowfin/albacore): " variant
         fi
 
         if [ -n "$3" ]; then
             flavor=$3
         else
-            read -p "Enter flavor (base/dx/gdx): " flavor
+            read -r -p "Enter flavor (base/dx/gdx): " flavor
         fi
 
         # Determine image name