From 9ad435e50f080578c5c51668a4397912d16913e4 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Wed, 1 May 2024 13:03:04 -0500 Subject: [PATCH 01/26] fix: use tar options to enable extraction on F40 based source --- build-kmod-zfs.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build-kmod-zfs.sh b/build-kmod-zfs.sh index 1afeca1..2863640 100755 --- a/build-kmod-zfs.sh +++ b/build-kmod-zfs.sh @@ -25,7 +25,8 @@ rpm-ostree install libtirpc-devel libblkid-devel libuuid-devel libudev-devel ope ### BUILD zfs echo "getting zfs-${ZFS_VERSION}.tar.gz" curl -L -O https://github.com/openzfs/zfs/releases/download/zfs-${ZFS_VERSION}/zfs-${ZFS_VERSION}.tar.gz -tar xzf zfs-${ZFS_VERSION}.tar.gz +# no-same-owner and no-same-permissions required as of F40 +tar -z -x --no-same-owner --no-same-permissions -f zfs-${ZFS_VERSION}.tar.gz # patch the zfs-kmod.spec.in file for older zfs versions ZFS_MAJ=$(echo $ZFS_VERSION | cut -f1 -d.) From 8da2110d0845265395477ad63039e4fedbf7e1bd Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Wed, 1 May 2024 22:10:03 -0500 Subject: [PATCH 02/26] fix: mount /tmp as tmpfs to workaround tar file ops bug --- Containerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Containerfile b/Containerfile index 2561ab4..c8a05f6 100644 --- a/Containerfile +++ b/Containerfile @@ -7,6 +7,9 @@ FROM ${BASE_IMAGE}:${COREOS_VERSION} AS builder ARG COREOS_VERSION="${COREOS_VERSION:-stable}" ARG ZFS_MINOR_VERSION="${ZFS_MINOR_VERSION:-2.2}" +# workaround older podman/ubuntu which breaks file ops with F40 images +RUN --mount=type=tmpfs,target=/tmp + COPY build*.sh /tmp COPY certs /tmp/certs COPY zfs-kmod-spec-in.patch /tmp From 5ce3d908c366ffc91ade936506659f453f09a265 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Wed, 1 May 2024 22:27:44 -0500 Subject: [PATCH 03/26] hack to investigate how rpmbuild uses tar --- Containerfile | 3 ++- tar-hack-script.sh | 5 +++++ tar-hack-setup.sh | 7 +++++++ 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100755 tar-hack-script.sh create mode 100755 tar-hack-setup.sh diff --git a/Containerfile b/Containerfile index c8a05f6..83e77b9 100644 --- a/Containerfile +++ b/Containerfile @@ -8,7 +8,8 @@ ARG COREOS_VERSION="${COREOS_VERSION:-stable}" ARG ZFS_MINOR_VERSION="${ZFS_MINOR_VERSION:-2.2}" # workaround older podman/ubuntu which breaks file ops with F40 images -RUN --mount=type=tmpfs,target=/tmp +COPY tar-hack*.sh /tmp +RUN /tmp/tar-hack-setup.sh COPY build*.sh /tmp COPY certs /tmp/certs diff --git a/tar-hack-script.sh b/tar-hack-script.sh new file mode 100755 index 0000000..f1ade5e --- /dev/null +++ b/tar-hack-script.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +echo "`tar` was called with these options: $@" +exit 20 +#tar -xvf -options $@ \ No newline at end of file diff --git a/tar-hack-setup.sh b/tar-hack-setup.sh new file mode 100755 index 0000000..2c32e29 --- /dev/null +++ b/tar-hack-setup.sh @@ -0,0 +1,7 @@ +#!/usr/bin/evn bash + +set -oeux pipefail + +mv /usr/bin/tar /usr/bin/tar-actual +mv /tmp/tar-hack-script.sh /usr/bin/tar +chmod 755 /usr/bin/tar \ No newline at end of file From e64cf4c88a9f4e0b017030c2d3dbc324e6acfef5 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Wed, 1 May 2024 22:28:13 -0500 Subject: [PATCH 04/26] temporarily only build ZFS for debug --- Containerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Containerfile b/Containerfile index 83e77b9..1527f5c 100644 --- a/Containerfile +++ b/Containerfile @@ -27,9 +27,9 @@ ADD files/usr/lib/systemd/system-preset/70-ublue-nvctk-cdi.preset \ RUN /tmp/build-prep.sh -RUN /tmp/build-ucore-addons.sh -RUN /tmp/build-ucore-nvidia.sh -RUN /tmp/build-kmod-nvidia.sh +#RUN /tmp/build-ucore-addons.sh +#RUN /tmp/build-ucore-nvidia.sh +#RUN /tmp/build-kmod-nvidia.sh RUN /tmp/build-kmod-zfs.sh RUN for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \ From 14816e8a42758418709130b708c387800c6e957d Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Wed, 1 May 2024 22:30:36 -0500 Subject: [PATCH 05/26] huh? --- Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containerfile b/Containerfile index 1527f5c..e27e5e7 100644 --- a/Containerfile +++ b/Containerfile @@ -8,7 +8,7 @@ ARG COREOS_VERSION="${COREOS_VERSION:-stable}" ARG ZFS_MINOR_VERSION="${ZFS_MINOR_VERSION:-2.2}" # workaround older podman/ubuntu which breaks file ops with F40 images -COPY tar-hack*.sh /tmp +COPY tar*.sh /tmp RUN /tmp/tar-hack-setup.sh COPY build*.sh /tmp From 3e71aea9aa11a9adc52fa3f8574231d89ba2f289 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Wed, 1 May 2024 22:32:40 -0500 Subject: [PATCH 06/26] typo, simple, hack --- tar-hack-script.sh | 2 +- tar-hack-setup.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tar-hack-script.sh b/tar-hack-script.sh index f1ade5e..cc558cc 100755 --- a/tar-hack-script.sh +++ b/tar-hack-script.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/bash echo "`tar` was called with these options: $@" exit 20 diff --git a/tar-hack-setup.sh b/tar-hack-setup.sh index 2c32e29..2ca085b 100755 --- a/tar-hack-setup.sh +++ b/tar-hack-setup.sh @@ -1,4 +1,4 @@ -#!/usr/bin/evn bash +#!/usr/bin/bash set -oeux pipefail From 983d08a62a64e06db2673291963fd0193549c138 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Wed, 1 May 2024 22:36:37 -0500 Subject: [PATCH 07/26] hack, use tar-actual for initial zfs extract --- build-kmod-zfs.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/build-kmod-zfs.sh b/build-kmod-zfs.sh index 2863640..d107b42 100755 --- a/build-kmod-zfs.sh +++ b/build-kmod-zfs.sh @@ -26,7 +26,11 @@ rpm-ostree install libtirpc-devel libblkid-devel libuuid-devel libudev-devel ope echo "getting zfs-${ZFS_VERSION}.tar.gz" curl -L -O https://github.com/openzfs/zfs/releases/download/zfs-${ZFS_VERSION}/zfs-${ZFS_VERSION}.tar.gz # no-same-owner and no-same-permissions required as of F40 -tar -z -x --no-same-owner --no-same-permissions -f zfs-${ZFS_VERSION}.tar.gz +if [ -x /usr/bin/tar-actual ]; then + tar-actual -z -x --no-same-owner --no-same-permissions -f zfs-${ZFS_VERSION}.tar.gz +else + tar -z -x --no-same-owner --no-same-permissions -f zfs-${ZFS_VERSION}.tar.gz +fi # patch the zfs-kmod.spec.in file for older zfs versions ZFS_MAJ=$(echo $ZFS_VERSION | cut -f1 -d.) From fdb1acb2dbab6a9f3187b44eb07feccc9094f650 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Wed, 1 May 2024 22:37:15 -0500 Subject: [PATCH 08/26] don't use self-executing quotes for tar --- tar-hack-script.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tar-hack-script.sh b/tar-hack-script.sh index cc558cc..3c7ff02 100755 --- a/tar-hack-script.sh +++ b/tar-hack-script.sh @@ -1,5 +1,5 @@ #!/usr/bin/bash -echo "`tar` was called with these options: $@" +echo "'tar' was called with these options: $@" exit 20 #tar -xvf -options $@ \ No newline at end of file From 576b3c9567f4277c9fa3848f67283e9579e32f27 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 09:08:08 -0500 Subject: [PATCH 09/26] remove the tar-hack stuff --- Containerfile | 4 ---- tar-hack-script.sh | 5 ----- tar-hack-setup.sh | 7 ------- 3 files changed, 16 deletions(-) delete mode 100755 tar-hack-script.sh delete mode 100755 tar-hack-setup.sh diff --git a/Containerfile b/Containerfile index e27e5e7..758f1b6 100644 --- a/Containerfile +++ b/Containerfile @@ -7,10 +7,6 @@ FROM ${BASE_IMAGE}:${COREOS_VERSION} AS builder ARG COREOS_VERSION="${COREOS_VERSION:-stable}" ARG ZFS_MINOR_VERSION="${ZFS_MINOR_VERSION:-2.2}" -# workaround older podman/ubuntu which breaks file ops with F40 images -COPY tar*.sh /tmp -RUN /tmp/tar-hack-setup.sh - COPY build*.sh /tmp COPY certs /tmp/certs COPY zfs-kmod-spec-in.patch /tmp diff --git a/tar-hack-script.sh b/tar-hack-script.sh deleted file mode 100755 index 3c7ff02..0000000 --- a/tar-hack-script.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/bash - -echo "'tar' was called with these options: $@" -exit 20 -#tar -xvf -options $@ \ No newline at end of file diff --git a/tar-hack-setup.sh b/tar-hack-setup.sh deleted file mode 100755 index 2ca085b..0000000 --- a/tar-hack-setup.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/bash - -set -oeux pipefail - -mv /usr/bin/tar /usr/bin/tar-actual -mv /tmp/tar-hack-script.sh /usr/bin/tar -chmod 755 /usr/bin/tar \ No newline at end of file From 05294971306c48415358b841701bf05ac943f3d8 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 09:50:15 -0500 Subject: [PATCH 10/26] fix(ci): use docker-buildx instead of podman-buildah --- .github/workflows/build.yml | 66 ++++++++++++++----------------------- 1 file changed, 24 insertions(+), 42 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 26340e0..84e4666 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -83,13 +83,21 @@ jobs: echo "VERSION=$version" >> $GITHUB_OUTPUT echo "LINUX=$linux" >> $GITHUB_OUTPUT + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v5 + with: + string: ${{ env.IMAGE_REGISTRY }} + # Build metadata - name: Image Metadata uses: docker/metadata-action@v4 id: meta with: images: | - ${{ env.IMAGE_NAME }} + ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }} labels: | org.opencontainers.image.title=${{ env.IMAGE_NAME }} org.opencontainers.image.description=A caching layer for pre-built kmod RPMs @@ -98,47 +106,6 @@ jobs: io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4 - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - image: ${{ env.IMAGE_NAME }} - tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - build-args: | - SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} - COREOS_VERSION=${{ matrix.coreos_version }} - labels: ${{ steps.meta.outputs.labels }} - oci: false - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v5 - with: - string: ${{ env.IMAGE_REGISTRY }} - - # Push the image to GHCR (Image Registry) - - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 - id: push - if: github.event_name != 'pull_request' - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --disable-content-trust - - name: Login to GitHub Container Registry uses: docker/login-action@v2 if: github.event_name != 'pull_request' @@ -147,6 +114,21 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + # Build/push image using docker buildx action + - name: Build and Push Image + id: build_image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Containerfile + tags: | + ${{ steps.generate-tags.outputs.alias_tags }} + build-args: | + SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} + COREOS_VERSION=${{ matrix.coreos_version }} + labels: ${{ steps.meta.outputs.labels }} + push: ${{ github.event_name != 'pull_request' }} + # Sign container - uses: sigstore/cosign-installer@v3.1.1 if: github.event_name != 'pull_request' From a39fa7e85bdf5e24cefa1a649db7d1fb23572e6f Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 10:04:43 -0500 Subject: [PATCH 11/26] Revert "fix(ci): use docker-buildx instead of podman-buildah" This reverts commit 05294971306c48415358b841701bf05ac943f3d8. --- .github/workflows/build.yml | 66 +++++++++++++++++++++++-------------- 1 file changed, 42 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 84e4666..26340e0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -83,21 +83,13 @@ jobs: echo "VERSION=$version" >> $GITHUB_OUTPUT echo "LINUX=$linux" >> $GITHUB_OUTPUT - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v5 - with: - string: ${{ env.IMAGE_REGISTRY }} - # Build metadata - name: Image Metadata uses: docker/metadata-action@v4 id: meta with: images: | - ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }} + ${{ env.IMAGE_NAME }} labels: | org.opencontainers.image.title=${{ env.IMAGE_NAME }} org.opencontainers.image.description=A caching layer for pre-built kmod RPMs @@ -106,29 +98,55 @@ jobs: io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4 - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - if: github.event_name != 'pull_request' - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Build/push image using docker buildx action - - name: Build and Push Image + # Build image using Buildah action + - name: Build Image id: build_image - uses: docker/build-push-action@v5 + uses: redhat-actions/buildah-build@v2 with: - context: . - file: ./Containerfile + containerfiles: | + ./Containerfile + image: ${{ env.IMAGE_NAME }} tags: | ${{ steps.generate-tags.outputs.alias_tags }} build-args: | SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} COREOS_VERSION=${{ matrix.coreos_version }} labels: ${{ steps.meta.outputs.labels }} - push: ${{ github.event_name != 'pull_request' }} - + oci: false + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v5 + with: + string: ${{ env.IMAGE_REGISTRY }} + + # Push the image to GHCR (Image Registry) + - name: Push To GHCR + uses: redhat-actions/push-to-registry@v2 + id: push + if: github.event_name != 'pull_request' + env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + extra-args: | + --disable-content-trust + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + if: github.event_name != 'pull_request' + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # Sign container - uses: sigstore/cosign-installer@v3.1.1 if: github.event_name != 'pull_request' From 052d02b7d48ff917296b82ecc3be5f66b959da9c Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 10:07:40 -0500 Subject: [PATCH 12/26] fix(ci): use ubuntu-24.04 --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 26340e0..c8dae70 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,7 +13,7 @@ env: jobs: push-ghcr: name: Build and push ucore-kmods image - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write From c40dbd5bc149c20fafa53e58adc4452e70b0e1fb Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 10:17:47 -0500 Subject: [PATCH 13/26] Revert "fix(ci): use ubuntu-24.04" This reverts commit 052d02b7d48ff917296b82ecc3be5f66b959da9c. --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c8dae70..26340e0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,7 +13,7 @@ env: jobs: push-ghcr: name: Build and push ucore-kmods image - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read packages: write From c4bdcd99d9e1ce6bbf6c6f6c283ac143461fec32 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 10:31:49 -0500 Subject: [PATCH 14/26] fix(ci): use docker-buildx instead of podman-buildah (again) --- .github/workflows/build.yml | 66 ++++++++++++++----------------------- 1 file changed, 24 insertions(+), 42 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 26340e0..84e4666 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -83,13 +83,21 @@ jobs: echo "VERSION=$version" >> $GITHUB_OUTPUT echo "LINUX=$linux" >> $GITHUB_OUTPUT + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v5 + with: + string: ${{ env.IMAGE_REGISTRY }} + # Build metadata - name: Image Metadata uses: docker/metadata-action@v4 id: meta with: images: | - ${{ env.IMAGE_NAME }} + ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }} labels: | org.opencontainers.image.title=${{ env.IMAGE_NAME }} org.opencontainers.image.description=A caching layer for pre-built kmod RPMs @@ -98,47 +106,6 @@ jobs: io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4 - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - image: ${{ env.IMAGE_NAME }} - tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - build-args: | - SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} - COREOS_VERSION=${{ matrix.coreos_version }} - labels: ${{ steps.meta.outputs.labels }} - oci: false - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v5 - with: - string: ${{ env.IMAGE_REGISTRY }} - - # Push the image to GHCR (Image Registry) - - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 - id: push - if: github.event_name != 'pull_request' - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --disable-content-trust - - name: Login to GitHub Container Registry uses: docker/login-action@v2 if: github.event_name != 'pull_request' @@ -147,6 +114,21 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + # Build/push image using docker buildx action + - name: Build and Push Image + id: build_image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Containerfile + tags: | + ${{ steps.generate-tags.outputs.alias_tags }} + build-args: | + SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} + COREOS_VERSION=${{ matrix.coreos_version }} + labels: ${{ steps.meta.outputs.labels }} + push: ${{ github.event_name != 'pull_request' }} + # Sign container - uses: sigstore/cosign-installer@v3.1.1 if: github.event_name != 'pull_request' From c2004449eecca500ff3b49ea194eeff71e88cd8d Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 11:45:35 -0500 Subject: [PATCH 15/26] fix(ci): buildx tags are different --- .github/workflows/build.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 84e4666..e862a3e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -63,6 +63,13 @@ jobs: echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT + # in addition to existing tag logic, add docker-buildx friendly tags + echo "BUILDX_TAGS<> $GITHUB_ENV + for TAG in "${BUILD_TAGS[@]}"; do + echo "type=raw,value=${TAG}" >> $GITHUB_ENV + done + echo "EOF" >> $GITHUB_ENV + - name: Retrieve akmods signing key run: | mkdir -p certs @@ -122,7 +129,7 @@ jobs: context: . file: ./Containerfile tags: | - ${{ steps.generate-tags.outputs.alias_tags }} + ${{ env.BUILDX_TAGS }} build-args: | SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} COREOS_VERSION=${{ matrix.coreos_version }} From 324e60231ccf4fb5adbc57b2309662a08c77121d Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 11:52:19 -0500 Subject: [PATCH 16/26] fix(ci): multiline env --- .github/workflows/build.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e862a3e..88f124d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -64,11 +64,12 @@ jobs: echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT # in addition to existing tag logic, add docker-buildx friendly tags - echo "BUILDX_TAGS<> $GITHUB_ENV - for TAG in "${BUILD_TAGS[@]}"; do - echo "type=raw,value=${TAG}" >> $GITHUB_ENV - done - echo "EOF" >> $GITHUB_ENV + # multiline var trick from https://github.com/orgs/community/discussions/26288 + BUILDX_TAGS=${alias_tags[*]}" + BUILDX_TAGS="${BUILDX_TAGS//'%'/'%25'}" + BUILDX_TAGS="${BUILDX_TAGS//$'\n'/'%0A'}" + BUILDX_TAGS="${BUILDX_TAGS//$'\r'/'%0D'}" + echo "::set-env name=BUILDX_TAGS::$BUILDX_TAGS" - name: Retrieve akmods signing key run: | From 5afb6237d6d94ec250c8ba8e30ea82755a39f3e3 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 11:53:34 -0500 Subject: [PATCH 17/26] forgot a quote --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 88f124d..f9c4733 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -65,7 +65,7 @@ jobs: # in addition to existing tag logic, add docker-buildx friendly tags # multiline var trick from https://github.com/orgs/community/discussions/26288 - BUILDX_TAGS=${alias_tags[*]}" + BUILDX_TAGS="${alias_tags[*]}" BUILDX_TAGS="${BUILDX_TAGS//'%'/'%25'}" BUILDX_TAGS="${BUILDX_TAGS//$'\n'/'%0A'}" BUILDX_TAGS="${BUILDX_TAGS//$'\r'/'%0D'}" From e761a3e9a42f46432580a2f0fd658947a141adb5 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 12:07:03 -0500 Subject: [PATCH 18/26] tricky multiline --- .github/workflows/build.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f9c4733..b1b2e39 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -64,12 +64,13 @@ jobs: echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT # in addition to existing tag logic, add docker-buildx friendly tags - # multiline var trick from https://github.com/orgs/community/discussions/26288 - BUILDX_TAGS="${alias_tags[*]}" - BUILDX_TAGS="${BUILDX_TAGS//'%'/'%25'}" - BUILDX_TAGS="${BUILDX_TAGS//$'\n'/'%0A'}" - BUILDX_TAGS="${BUILDX_TAGS//$'\r'/'%0D'}" - echo "::set-env name=BUILDX_TAGS::$BUILDX_TAGS" + BUILDX_TAGS=$( + for TAG in "${BUILD_TAGS[@]}"; do + echo "${TAG}" + done) + echo "BUILDX_TAGS<> $GITHUB_ENV + echo $BUILDX_TAGS >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV - name: Retrieve akmods signing key run: | From 8ff5bc987ac2be2658f122ca029ca038d60c0b18 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 12:08:58 -0500 Subject: [PATCH 19/26] tricky multiline 2 --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b1b2e39..e5ff164 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -69,7 +69,7 @@ jobs: echo "${TAG}" done) echo "BUILDX_TAGS<> $GITHUB_ENV - echo $BUILDX_TAGS >> $GITHUB_ENV + echo "$BUILDX_TAGS" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - name: Retrieve akmods signing key From fcbc118b2bcc3e698988619766d6e2dc82aa0c3f Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 12:17:48 -0500 Subject: [PATCH 20/26] fix(ci): use alias_tags are image tags --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e5ff164..729b09b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -65,7 +65,7 @@ jobs: # in addition to existing tag logic, add docker-buildx friendly tags BUILDX_TAGS=$( - for TAG in "${BUILD_TAGS[@]}"; do + for TAG in "${alias_tags[@]}"; do echo "${TAG}" done) echo "BUILDX_TAGS<> $GITHUB_ENV From a8341dac6601506ccd8ba3c89403ce08c638349c Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 12:29:01 -0500 Subject: [PATCH 21/26] fix(ci): pass tags via docker metadata --- .github/workflows/build.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 729b09b..55f57ba 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -63,13 +63,13 @@ jobs: echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - # in addition to existing tag logic, add docker-buildx friendly tags - BUILDX_TAGS=$( + # in addition to existing tag logic, add docker/metadata friendly tags + METADATA_TAGS=$( for TAG in "${alias_tags[@]}"; do echo "${TAG}" done) - echo "BUILDX_TAGS<> $GITHUB_ENV - echo "$BUILDX_TAGS" >> $GITHUB_ENV + echo "METADATA_TAGS<> $GITHUB_ENV + echo "$METADATA_TAGS" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - name: Retrieve akmods signing key @@ -114,6 +114,8 @@ jobs: ostree.linux=${{ steps.labels.outputs.LINUX }} io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4 + tags: | + ${{ env.METADATA_TAGS }} - name: Login to GitHub Container Registry uses: docker/login-action@v2 @@ -128,15 +130,14 @@ jobs: id: build_image uses: docker/build-push-action@v5 with: + push: ${{ github.event_name != 'pull_request' }} context: . file: ./Containerfile - tags: | - ${{ env.BUILDX_TAGS }} build-args: | SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} COREOS_VERSION=${{ matrix.coreos_version }} labels: ${{ steps.meta.outputs.labels }} - push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags} # Sign container - uses: sigstore/cosign-installer@v3.1.1 From de78532b44fd03b7f6cc3e786b40971c02fa4059 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 12:29:58 -0500 Subject: [PATCH 22/26] revert: temporarily only build ZFS for debug --- Containerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Containerfile b/Containerfile index 758f1b6..2561ab4 100644 --- a/Containerfile +++ b/Containerfile @@ -23,9 +23,9 @@ ADD files/usr/lib/systemd/system-preset/70-ublue-nvctk-cdi.preset \ RUN /tmp/build-prep.sh -#RUN /tmp/build-ucore-addons.sh -#RUN /tmp/build-ucore-nvidia.sh -#RUN /tmp/build-kmod-nvidia.sh +RUN /tmp/build-ucore-addons.sh +RUN /tmp/build-ucore-nvidia.sh +RUN /tmp/build-kmod-nvidia.sh RUN /tmp/build-kmod-zfs.sh RUN for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \ From 70050be6555994de1ad5ec944b9d677c0300917f Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 12:31:04 -0500 Subject: [PATCH 23/26] fix(ci): braces --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 55f57ba..f88ed9d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -137,7 +137,7 @@ jobs: SOURCE_IMAGE=${{ env.SOURCE_IMAGE }} COREOS_VERSION=${{ matrix.coreos_version }} labels: ${{ steps.meta.outputs.labels }} - tags: ${{ steps.meta.outputs.tags} + tags: ${{ steps.meta.outputs.tags }} # Sign container - uses: sigstore/cosign-installer@v3.1.1 From 3f0f7ae7a4480674b96c0ca358fc98c72e51f46a Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 12:35:11 -0500 Subject: [PATCH 24/26] chore: revert tar-hack conditional --- build-kmod-zfs.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/build-kmod-zfs.sh b/build-kmod-zfs.sh index d107b42..5bbebcb 100755 --- a/build-kmod-zfs.sh +++ b/build-kmod-zfs.sh @@ -25,12 +25,8 @@ rpm-ostree install libtirpc-devel libblkid-devel libuuid-devel libudev-devel ope ### BUILD zfs echo "getting zfs-${ZFS_VERSION}.tar.gz" curl -L -O https://github.com/openzfs/zfs/releases/download/zfs-${ZFS_VERSION}/zfs-${ZFS_VERSION}.tar.gz -# no-same-owner and no-same-permissions required as of F40 -if [ -x /usr/bin/tar-actual ]; then - tar-actual -z -x --no-same-owner --no-same-permissions -f zfs-${ZFS_VERSION}.tar.gz -else - tar -z -x --no-same-owner --no-same-permissions -f zfs-${ZFS_VERSION}.tar.gz -fi +# no-same-owner/no-same-permissions required for F40 based images building on podman 3.4.4 (ubuntu 22.04) +tar -z -x --no-same-owner --no-same-permissions -f zfs-${ZFS_VERSION}.tar.gz # patch the zfs-kmod.spec.in file for older zfs versions ZFS_MAJ=$(echo $ZFS_VERSION | cut -f1 -d.) From 91545dea2463e792ecac07e79a4427a22ad7c30d Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 12:57:48 -0500 Subject: [PATCH 25/26] fix(ci): use build_image digest now that it pushes, too --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f88ed9d..c25957c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -148,7 +148,7 @@ jobs: run: | cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} env: - TAGS: ${{ steps.push.outputs.digest }} + TAGS: ${{ steps.build_image.outputs.digest }} COSIGN_EXPERIMENTAL: false COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} From 70a4327204f183296564657938e1e442ea01d312 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Thu, 2 May 2024 13:01:57 -0500 Subject: [PATCH 26/26] echo build_image.outputs not push --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c25957c..4901779 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -153,6 +153,5 @@ jobs: COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} - name: Echo outputs - if: github.event_name != 'pull_request' run: | - echo "${{ toJSON(steps.push.outputs) }}" + echo "${{ toJSON(steps.build_image.outputs) }}"