Merge pull request #55 from tuna-os/copilot/update-bluefin-lts-alignment

Align with bluefin-lts: adopt common/brew OCI images, HWE support, and pre-built akmods

Author: hanthor

.github/workflows/promote-to-testing.yml

@@ -34,7 +34,7 @@ jobs:
             // For each combination, find the latest successful run of build-next.yml
             // Note: This is a simplification. In reality, build-next runs for all of them at once usually.
             // We need to find the latest successful run of the 'Build Next Image' workflow.
-            
+
             const runs = await github.rest.actions.listWorkflowRuns({
               owner: context.repo.owner,
               repo: context.repo.repo,
@@ -45,38 +45,38 @@ jobs:
 
             if (runs.data.workflow_runs.length === 0) {
               console.log("No successful runs found for build-next.yml");
-              return; 
+              return;
             }
 
             const latestRun = runs.data.workflow_runs[0];
             console.log(`Latest successful run: ${latestRun.id} (${latestRun.created_at})`);
             const sha = latestRun.head_sha;
 
-            // We assume that a successful run produced all variants/flavors. 
+            // We assume that a successful run produced all variants/flavors.
             // If we wanted to be more granular, we'd check artifacts or job status, but that's complex.
             // For now, we assume the latest successful workflow run produced valid 'next' tags for all.
             // However, 'next' is a moving tag. We should try to resolve 'next' to the specific digest from that run if possible,
             // or just trust that 'next' currently points to what we want if we haven't run it since.
-            // A safer bet is to use the SHA of the commit to construct a tag if we tagged it that way, 
+            // A safer bet is to use the SHA of the commit to construct a tag if we tagged it that way,
             // but build-next.yml tags with 'next'.
-            
-            // Let's proceed with assuming 'next' tag is what we want to promote, 
-            // but we verify it corresponds to the SHA of the latest run? 
-            // Actually, build-next.yml builds and pushes 'next'. 
+
+            // Let's proceed with assuming 'next' tag is what we want to promote,
+            // but we verify it corresponds to the SHA of the latest run?
+            // Actually, build-next.yml builds and pushes 'next'.
             // So we will just pick up 'next'.
-            
+
             for (const variant of variants) {
               for (const flavor of flavors) {
                 // Skip invalid combinations if any (currently all seem valid based on build-next logic)
                 // build-next logic:
                 // yellowfin: base, dx, gdx
                 // albacore: base, dx, gdx
-                
+
                 let imageName = variant;
                 if (flavor !== 'base') {
                   imageName = `${variant}-${flavor}`;
                 }
-                
+
                 matrix.include.push({
                   variant: variant,
                   flavor: flavor,
@@ -85,7 +85,7 @@ jobs:
                 });
               }
             }
-            
+
             core.setOutput('matrix', JSON.stringify(matrix));
 
   qa_and_promote:

.github/workflows/release-stable.yml

@@ -92,21 +92,20 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: us-east-1
 
-            - name: Upload to S3
-              run: |
-                aws s3 cp output/qcow2/disk.qcow2 s3://${{ secrets.S3_BUCKET }}/tunaos-${{ github.ref_name }}.qcow2
-                echo "IMAGE_URL=https://${{ secrets.S3_BUCKET }}.s3.amazonaws.com/tunaos-${{ github.ref_name }}.qcow2" >> $GITHUB_ENV
+      - name: Upload to S3
+        run: |
+          aws s3 cp output/qcow2/disk.qcow2 s3://${{ secrets.S3_BUCKET }}/tunaos-${{ github.ref_name }}.qcow2
+          echo "IMAGE_URL=https://${{ secrets.S3_BUCKET }}.s3.amazonaws.com/tunaos-${{ github.ref_name }}.qcow2" >> $GITHUB_ENV
 
-            - name: Promote to Stable
-              if: success()
-              run: |
-                VERSION=${{ github.ref_name }}
-                IMAGE_NAME="${{ steps.image.outputs.name }}"
-                skopeo copy \
-                  docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:testing \
-                  docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:stable
-                skopeo copy \
-                  docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:testing \
-                  docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:${VERSION}
+      - name: Promote to Stable
+        if: success()
+        run: |
+          VERSION=${{ github.ref_name }}
+          IMAGE_NAME="${{ steps.image.outputs.name }}"
+          skopeo copy \
+            docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:testing \
+            docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:stable
+          skopeo copy \
+            docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:testing \
+            docker://${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${IMAGE_NAME}:${VERSION}
 
-      

.github/workflows/reusable-build-image.yml

@@ -255,16 +255,16 @@ jobs:
           # We'll try to pull it, if it fails, we skip diff.
           BASE_IMAGE="${IMAGE_REGISTRY}/${IMAGE_NAME}:next"
           TARGET_IMAGE="${IMAGE_REGISTRY}/${IMAGE_NAME}:${DEFAULT_TAG}-${SAFE_PLATFORM}"
-          
+
           echo "Pulling base image $BASE_IMAGE..."
           if ! podman pull "$BASE_IMAGE"; then
             echo "Failed to pull $BASE_IMAGE. Skipping diff."
             exit 0
           fi
-          
+
           echo "Running diff..."
           ./scripts/diff-images.sh "$BASE_IMAGE" "$TARGET_IMAGE" "diff_report.md"
-          
+
           # Add a header to the report
           sed -i '1s/^/## 🔍 Image Diff Report\n\n/' diff_report.md
 
@@ -461,7 +461,7 @@ jobs:
           IMAGE_VARIANT: "${{ inputs.image-variant }}"
         run: |
           set -e
-          
+
           # Determine default platforms based on variant (same logic as build.yml)
           case "${IMAGE_VARIANT}" in
             yellowfin)
@@ -484,28 +484,28 @@ jobs:
               DEFAULT_PLATFORMS="linux/arm64,linux/amd64"
               ;;
           esac
-          
+
           echo "Variant: ${IMAGE_VARIANT}"
           echo "Default platforms for this variant: ${DEFAULT_PLATFORMS}"
-          
+
           # Parse expected platforms (use default platforms, not input platforms)
           expected_platforms=()
           IFS=',' read -r -a expected_platforms <<< "${DEFAULT_PLATFORMS}"
-          
+
           # Check if all expected platforms have digests
           all_platforms_built="true"
           for platform_original in "${expected_platforms[@]}"; do
             platform_key="${platform_original//\//-}"
             digest="$(echo "${DIGESTS_JSON}" | jq -r --arg key "${platform_key}" '.[$key]')"
-            
+
             if [ "$digest" == "null" ] || [ -z "$digest" ]; then
               echo "Missing platform: ${platform_original} (key: ${platform_key})"
               all_platforms_built="false"
             else
               echo "Found platform: ${platform_original} (key: ${platform_key})"
             fi
           done
-          
+
           echo "All default platforms built: ${all_platforms_built}"
           echo "all_platforms_built=${all_platforms_built}" >> "${GITHUB_OUTPUT}"
 
@@ -641,10 +641,10 @@ jobs:
         run: |
           set -ex
           SOURCE_IMAGE="${IMAGE_REGISTRY}/${IMAGE_NAME}:${DEFAULT_TAG}"
-          
+
           # Always copy to sha-based tag
           skopeo copy --all "docker://${SOURCE_IMAGE}" "docker://${IMAGE_REGISTRY}/${IMAGE_NAME}:${REFS}"
-          
+
           # Only tag as 'latest' if all default platforms for this variant were built
           if [ "${ALL_PLATFORMS_BUILT}" = "true" ]; then
             echo "All default platforms for this variant built successfully - tagging as latest"
@@ -654,4 +654,4 @@ jobs:
           else
             echo "Not all default platforms for this variant built - skipping latest tag"
             echo "tag=${IMAGE_REGISTRY}/${IMAGE_NAME}:${REFS}" >> $GITHUB_OUTPUT
-          fi
+          fi

Containerfile

@@ -1,7 +1,20 @@
 ARG BASE_IMAGE
+ARG ENABLE_HWE="${ENABLE_HWE:-0}"
+ARG ENABLE_GDX="${ENABLE_GDX:-0}"
+ARG AKMODS_VERSION="${AKMODS_VERSION:-centos-10}"
+ARG COMMON_IMAGE_REF
+ARG BREW_IMAGE_REF
+
+# Upstream mounts akmods-zfs and akmods-nvidia-open; select their tag via AKMODS_VERSION
+FROM ghcr.io/ublue-os/akmods-zfs:${AKMODS_VERSION} AS akmods_zfs
+FROM ghcr.io/ublue-os/akmods-nvidia-open:${AKMODS_VERSION} AS akmods_nvidia_open
+FROM ${COMMON_IMAGE_REF} AS common
+FROM ${BREW_IMAGE_REF} AS brew
 
 FROM scratch as context
 COPY system_files /files
+COPY --from=brew /system_files /files
+COPY --from=common /system_files/shared /files
 COPY system_files_overrides /overrides
 COPY build_scripts /build_scripts
 
@@ -11,54 +24,85 @@ ARG IMAGE_NAME
 ARG IMAGE_VENDOR
 ARG SHA_HEAD_SHORT="${SHA_HEAD_SHORT:-deadbeef}"
 ARG BASE_IMAGE
+ARG ENABLE_HWE="${ENABLE_HWE:-0}"
+ARG ENABLE_GDX="${ENABLE_GDX:-0}"
 ENV BASE_IMAGE=${BASE_IMAGE}
 ENV IMAGE_NAME=${IMAGE_NAME}
 ENV IMAGE_VENDOR=${IMAGE_VENDOR}
 ENV SHA_HEAD_SHORT=${SHA_HEAD_SHORT}
+ENV ENABLE_HWE=${ENABLE_HWE}
+ENV ENABLE_GDX=${ENABLE_GDX}
 
 # We pass in BASE_IMAGE as an env var to set it in os-release so that we know what we are building on
 RUN --mount=type=tmpfs,dst=/opt --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
   /run/context/build_scripts/copy-files.sh
 
 RUN --mount=type=tmpfs,dst=/opt --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
    /run/context/build_scripts/00-workarounds.sh
 
 RUN --mount=type=tmpfs,dst=/opt --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
    /run/context/build_scripts/10-base-packages.sh
 
 RUN --mount=type=tmpfs,dst=/opt --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
    /run/context/build_scripts/20-packages.sh
 
 RUN --mount=type=tmpfs,dst=/opt --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
    /run/context/build_scripts/26-packages-post.sh
 
 RUN --mount=type=tmpfs,dst=/opt --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
    /run/context/build_scripts/40-services.sh
 
 RUN --mount=type=tmpfs,dst=/opt --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
    /run/context/build_scripts/90-image-info.sh
 
 RUN --mount=type=tmpfs,dst=/opt --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
    /run/context/build_scripts/arch-customizations.sh
 
 RUN --mount=type=tmpfs,dst=/opt --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
    /run/context/build_scripts/cleanup.sh
 

Containerfile.dx

@@ -2,9 +2,21 @@ ARG BASE_IMAGE
 ARG IMAGE_NAME
 ARG IMAGE_VENDOR
 ARG SHA_HEAD_SHORT
+ARG ENABLE_HWE="${ENABLE_HWE:-0}"
+ARG ENABLE_GDX="${ENABLE_GDX:-0}"
+ARG AKMODS_VERSION="${AKMODS_VERSION:-centos-10}"
+ARG COMMON_IMAGE_REF
+ARG BREW_IMAGE_REF
+
+FROM ghcr.io/ublue-os/akmods-zfs:${AKMODS_VERSION} AS akmods_zfs
+FROM ghcr.io/ublue-os/akmods-nvidia-open:${AKMODS_VERSION} AS akmods_nvidia_open
+FROM ${COMMON_IMAGE_REF} AS common
+FROM ${BREW_IMAGE_REF} AS brew
 
 FROM scratch as context
 COPY system_files /files
+COPY --from=brew /system_files /files
+COPY --from=common /system_files/shared /files
 COPY system_files_overrides /overrides
 COPY build_scripts /build_scripts
 
@@ -17,6 +29,9 @@ RUN \
   --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var \
   --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
     /run/context/build_scripts/DX.sh; 
 

Containerfile.gdx

@@ -2,9 +2,21 @@ ARG BASE_IMAGE
 ARG IMAGE_NAME
 ARG IMAGE_VENDOR
 ARG SHA_HEAD_SHORT
+ARG ENABLE_HWE="${ENABLE_HWE:-0}"
+ARG ENABLE_GDX="${ENABLE_GDX:-0}"
+ARG AKMODS_VERSION="${AKMODS_VERSION:-centos-10}"
+ARG COMMON_IMAGE_REF
+ARG BREW_IMAGE_REF
+
+FROM ghcr.io/ublue-os/akmods-zfs:${AKMODS_VERSION} AS akmods_zfs
+FROM ghcr.io/ublue-os/akmods-nvidia-open:${AKMODS_VERSION} AS akmods_nvidia_open
+FROM ${COMMON_IMAGE_REF} AS common
+FROM ${BREW_IMAGE_REF} AS brew
 
 FROM scratch as context
 COPY system_files /files
+COPY --from=brew /system_files /files
+COPY --from=common /system_files/shared /files
 COPY system_files_overrides /overrides
 COPY build_scripts /build_scripts
 
@@ -17,6 +29,9 @@ RUN \
   --mount=type=tmpfs,dst=/tmp \
   --mount=type=tmpfs,dst=/var \
   --mount=type=tmpfs,dst=/boot \
+  --mount=type=bind,from=akmods_zfs,src=/rpms,dst=/tmp/akmods-zfs-rpms \
+  --mount=type=bind,from=akmods_zfs,src=/kernel-rpms,dst=/tmp/kernel-rpms \
+  --mount=type=bind,from=akmods_nvidia_open,src=/rpms,dst=/tmp/akmods-nvidia-open-rpms \
   --mount=type=bind,from=context,source=/,target=/run/context \
     /run/context/build_scripts/GDX.sh