diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 26340e0..4901779 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -63,6 +63,15 @@ jobs: echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT + # in addition to existing tag logic, add docker/metadata friendly tags + METADATA_TAGS=$( + for TAG in "${alias_tags[@]}"; do + echo "${TAG}" + done) + echo "METADATA_TAGS<> $GITHUB_ENV + echo "$METADATA_TAGS" >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + - name: Retrieve akmods signing key run: | mkdir -p certs @@ -83,13 +92,21 @@ jobs: echo "VERSION=$version" >> $GITHUB_OUTPUT echo "LINUX=$linux" >> $GITHUB_OUTPUT + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v5 + with: + string: ${{ env.IMAGE_REGISTRY }} + # Build metadata - name: Image Metadata uses: docker/metadata-action@v4 id: meta with: images: | - ${{ env.IMAGE_NAME }} + ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }} labels: | org.opencontainers.image.title=${{ env.IMAGE_NAME }} org.opencontainers.image.description=A caching layer for pre-built kmod RPMs @@ -97,47 +114,8 @@ jobs: ostree.linux=${{ steps.labels.outputs.LINUX }} io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4 - - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - image: ${{ env.IMAGE_NAME }} tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - build-args: | - SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} - COREOS_VERSION=${{ matrix.coreos_version }} - labels: ${{ steps.meta.outputs.labels }} - oci: false - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v5 - with: - string: ${{ env.IMAGE_REGISTRY }} - - # Push the image to GHCR (Image Registry) - - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 - id: push - if: github.event_name != 'pull_request' - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --disable-content-trust + ${{ env.METADATA_TAGS }} - name: Login to GitHub Container Registry uses: docker/login-action@v2 @@ -147,6 +125,20 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + # Build/push image using docker buildx action + - name: Build and Push Image + id: build_image + uses: docker/build-push-action@v5 + with: + push: ${{ github.event_name != 'pull_request' }} + context: . + file: ./Containerfile + build-args: | + SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} + COREOS_VERSION=${{ matrix.coreos_version }} + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }} + # Sign container - uses: sigstore/cosign-installer@v3.1.1 if: github.event_name != 'pull_request' @@ -156,11 +148,10 @@ jobs: run: | cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} env: - TAGS: ${{ steps.push.outputs.digest }} + TAGS: ${{ steps.build_image.outputs.digest }} COSIGN_EXPERIMENTAL: false COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} - name: Echo outputs - if: github.event_name != 'pull_request' run: | - echo "${{ toJSON(steps.push.outputs) }}" + echo "${{ toJSON(steps.build_image.outputs) }}" diff --git a/build-kmod-zfs.sh b/build-kmod-zfs.sh index 1afeca1..5bbebcb 100755 --- a/build-kmod-zfs.sh +++ b/build-kmod-zfs.sh @@ -25,7 +25,8 @@ rpm-ostree install libtirpc-devel libblkid-devel libuuid-devel libudev-devel ope ### BUILD zfs echo "getting zfs-${ZFS_VERSION}.tar.gz" curl -L -O https://github.com/openzfs/zfs/releases/download/zfs-${ZFS_VERSION}/zfs-${ZFS_VERSION}.tar.gz -tar xzf zfs-${ZFS_VERSION}.tar.gz +# no-same-owner/no-same-permissions required for F40 based images building on podman 3.4.4 (ubuntu 22.04) +tar -z -x --no-same-owner --no-same-permissions -f zfs-${ZFS_VERSION}.tar.gz # patch the zfs-kmod.spec.in file for older zfs versions ZFS_MAJ=$(echo $ZFS_VERSION | cut -f1 -d.)