-
Notifications
You must be signed in to change notification settings - Fork 4
/
action.yml
199 lines (181 loc) · 7.25 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
name: 'BlueBuild'
description: 'Build a custom OS image'
inputs:
recipe:
description: |
The [recipe](https://blue-build.org/reference/recipe/) file to build the image from, relative to the `config/` or `recipes/` directory.
required: true
default: 'recipe.yml'
cosign_private_key:
description: |
The Sigstore/cosign secret used to sign the image.
Example: `${{ secrets.SIGNING_SECRET }}`
required: true
registry_token:
description: |
The token used to sign into the container registry.
Example: `${{ github.token }}`
required: false
default: ''
registry_username:
description: |
The username used to sign into the container registry.
required: false
default: ${{ github.repository_owner }}
pr_event_number:
description: |
The event number used to tag images pushed from pull requests.
Example: `${{ github.event.number }}`
required: true
maximize_build_space:
description: |
Whether to run the unwanted software remover to maximize build space in the GitHub builder.
Disable this with 'false' if your image doesn't take up a lot of space and you'd rather have shorter build times.
required: false
default: 'true'
use_unstable_cli:
description: |
If true, this action pulls the `main` branch of blue-build/cli instead of the stable version the current action version is configured to use by default.
This feature is useful for testing new features, but should not be used in production.
Input must match the string 'true' for the unstable version to be used.
required: false
default: 'false'
cli_version:
description: |
Set this with a tag, sha, or branch name for the blue-build/cli repo to use that particular version of the CLI tool. This will override the `use_unstable_cli` input for the action.
required: false
registry:
description: |
The container registry to push the built image to.
required: false
default: 'ghcr.io'
registry_namespace:
description: |
The namespace on the registry to push to.
Example: `ublue-os`
required: false
default: ${{ github.repository_owner }}
use_cache:
description: |
Make use of docker buildx cache. This is an experimental feature of docker buildx
so it isn't guaranteed to work.
Input must match the string 'true' for the step to be enabled.
required: false
default: 'true'
squash:
description: |
Uses buildah to squash the build's layers into a single layer. Use of this option
disables cache.
required: false
default: 'false'
working_directory:
description: |
Changes working directory for whole build.
For example, setting this to `./abc/` would cause for the recipe to be read from `./abc/recipes/recipe.yml`.
required: false
default: ./
skip_checkout:
description: |
Set to true to skip doing the actions/checkout step.
This allows you to checkout manually before calling bluebuild/github-action
and to modify files (such as supplying build information to other scripts) before building.
required: false
default: 'false'
runs:
using: "composite"
steps:
# building custom images might take a lot of space,
# so it's best to remove unneeded softawre
- name: Maximize build space
uses: jlumbroso/free-disk-space@v1.3.1
if: ${{ inputs.maximize_build_space == 'true' }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
if: ${{ inputs.squash != 'true' }}
with:
install: true
driver: docker-container
cache-binary: ${{ inputs.use_cache }}
- name: Get Ubuntu version
id: ubuntu_version
shell: bash
run: |
VERSION=$(awk -F= '/^VERSION_ID=/ {gsub(/"/, "", $2); print $2}' /etc/os-release)
echo "Ubuntu version is $VERSION"
echo "version=$VERSION" >> $GITHUB_OUTPUT
# that is compatible with BlueBuild
- name: Setup Podman
if: ${{ inputs.squash == 'true' && steps.ubuntu_version.outputs.version == '22.04' }}
shell: bash
run: |
# from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04
ubuntu_version='22.04'
key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key"
sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}"
echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list
curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null
sudo apt-get update
sudo apt-get install -y podman
- uses: sigstore/cosign-installer@v3.7.0
# clones user's repo
- uses: actions/checkout@v4
if: ${{ inputs.skip_checkout == 'false' }}
- name: Determine Vars
id: build_vars
shell: bash
env:
RECIPE: ${{ inputs.recipe }}
run: |
if [[ "${{ inputs.use_unstable_cli }}" == "true" && -z "${{ inputs.cli_version }}" ]]; then
CLI_VERSION_TAG="main"
elif [ -n "${{ inputs.cli_version }}" ]; then
CLI_VERSION_TAG="${{ inputs.cli_version }}"
else
CLI_VERSION_TAG="v0.8"
fi
echo "cli_version=${CLI_VERSION_TAG}" >> ${GITHUB_OUTPUT}
RECIPE_PATH=""
if [ -f "./config/${RECIPE}" ]; then
RECIPE_PATH="./config/${RECIPE}"
else
RECIPE_PATH="./recipes/${RECIPE}"
fi
echo "recipe_path=${RECIPE_PATH}" >> ${GITHUB_OUTPUT}
- name: Install BlueBuild
shell: bash
env:
CLI_VERSION_TAG: ${{ steps.build_vars.outputs.cli_version }}
run: |
docker create \
--name blue-build-installer \
ghcr.io/blue-build/cli:${{ env.CLI_VERSION_TAG }}-installer
docker cp blue-build-installer:/out/bluebuild /usr/local/bin/bluebuild
docker rm blue-build-installer
bluebuild --version
# Required in order for docker buildx to
# take advantage of the GHA cache API
- name: Expose GitHub Runtime
if: ${{ inputs.use_cache == 'true' && inputs.squash != 'true' }}
uses: crazy-max/ghaction-github-runtime@v3
# blue-build/cli does the heavy lifting
- name: Build Image
shell: bash
working-directory: ${{ inputs.working_directory }}
env:
COSIGN_PRIVATE_KEY: ${{ inputs.cosign_private_key }}
GH_TOKEN: ${{ inputs.registry_token }}
BB_PASSWORD: ${{ inputs.registry_token }}
BB_USERNAME: ${{ inputs.registry_username }}
BB_REGISTRY: ${{ inputs.registry }}
BB_REGISTRY_NAMESPACE: ${{ inputs.registry_namespace }}
GH_PR_EVENT_NUMBER: ${{ inputs.pr_event_number }}
BB_BUILDKIT_CACHE_GHA: ${{ inputs.use_cache }}
RECIPE_PATH: ${{ steps.build_vars.outputs.recipe_path }}
RUST_LOG_STYLE: always
CLICOLOR_FORCE: '1'
run: |
BUILD_OPTS=""
if [ "${{ inputs.squash }}" = "true" ]; then
BUILD_OPTS="--build-driver podman --squash $BUILD_OPTS"
fi
bluebuild build -v --push ${BUILD_OPTS} ${RECIPE_PATH}