feat!: modular rewrite (#103)

.github/workflows/build.yml

@@ -1,42 +1,30 @@
+# This workflow builds every branch of the repository daily at 20:22 UTC, one hour after ublue-os/nvidia builds.
+# The images are also built after pushuing changes or pull requests.
+# The builds can also be triggered manually in the Actions tab thanks to workflow dispatch.
+# Only the branch called `live` is published.
+
+
 name: build-ublue
-on:
-  # Build *every* branch at 10:20pm UTC every day (1 hr delay after "nvidia" builds),
-  # regardless of the branch names. (Not just "live, template and main" branches.)
-  # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
+on: # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
   schedule:
     - cron: "20 22 * * *"
-  # Build automatically after pushing commits or tags to the "live", "template"
-  # or "main" branches, except when the commit only affects "documentation" text files.
-  # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
   push:
     branches:
       - live
       - template
       - main
-    paths-ignore:
+    paths-ignore: # don't rebuild if only documentation has changed
       - "**.md"
-      - "**.txt"
-  # Build pull requests whenever they are opened or updated, to make sure they
-  # work. The build won't be deployed, since we filter out PRs in the deployment
-  # stage. Note that submitted PRs run the workflow of the *fork's* own primary
-  # branch, using the fork's own secrets/environment. Please be sure to sync
-  # your primary branch with upstream's latest workflow before submitting PRs!
-  # For pull requests, we build *any* branch regardless of name, to allow "build
-  # checks" to succeed for typical PR branch names such as "fix-something".
-  # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
   pull_request:
-  # Build when manually triggering this workflow for a branch. This allows you
-  # to build any branch, even if it's not listed in the automated triggers above.
-  # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
   workflow_dispatch:
 
 env:
   IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
 
+# Only deploys the branch named "live". Ignores all other branches, to allow
+# having "development" branches without interfering with GHCR image uploads.
 jobs:
   push-ghcr:
-    # Only deploys the branch named "live". Ignores all other branches, to allow
-    # having "development" branches without interfering with GHCR image uploads.
     name: Build and push image
     runs-on: ubuntu-22.04
     permissions:
@@ -45,29 +33,34 @@ jobs:
       id-token: write
     strategy:
       fail-fast: false
+
       matrix:
+# !!!
+        # Add recipes for all the images you want to build here.
+        # Don't add module configuration files, you will get errors.
         recipe:
           - recipe.yml
+# !!!
 
     steps:
       # Checkout push-to-registry action GitHub repository
       - name: Checkout Push to Registry action
         uses: actions/checkout@v3
 
-      - name: Add yq for reading recipe.yml
+      - name: Add yq (for reading recipe.yml)
         uses: mikefarah/yq@v4.34.2
 
       - name: Gather image data from recipe
         run: |
-          echo "IMAGE_NAME=$(yq '.name' ./${{ matrix.recipe }})" >> $GITHUB_ENV
-          echo "IMAGE_DESCRIPTION=$(yq '.description' ./${{ matrix.recipe }})" >> $GITHUB_ENV
-          echo "FEDORA_MAJOR_VERSION=$(yq '.fedora-version' ./${{ matrix.recipe }})" >> $GITHUB_ENV
-          echo "BASE_IMAGE_URL=$(yq '.base-image' ./${{ matrix.recipe }})" >> $GITHUB_ENV
+          echo "IMAGE_NAME=$(yq '.name' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV
+          echo "IMAGE_DESCRIPTION=$(yq '.description' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV
+          echo "IMAGE_MAJOR_VERSION=$(yq '.image-version' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV
+          echo "BASE_IMAGE_URL=$(yq '.base-image' ./config/${{ matrix.recipe }})" >> $GITHUB_ENV
 
       - name: Get current version
         id: labels
         run: |
-          ver=$(skopeo inspect docker://${{ env.BASE_IMAGE_URL }}:${{ env.FEDORA_MAJOR_VERSION }} | jq -r '.Labels["org.opencontainers.image.version"]')
+          ver=$(skopeo inspect docker://${{ env.BASE_IMAGE_URL }}:${{ env.IMAGE_MAJOR_VERSION }} | jq -r '.Labels["org.opencontainers.image.version"]')
           echo "VERSION=$ver" >> $GITHUB_OUTPUT
 
       - name: Generate tags
@@ -147,7 +140,7 @@ jobs:
           tags: |
             ${{ steps.generate-tags.outputs.alias_tags }}
           build-args: |
-            FEDORA_MAJOR_VERSION=${{ env.FEDORA_MAJOR_VERSION }}
+            IMAGE_MAJOR_VERSION=${{ env.IMAGE_MAJOR_VERSION }}
             BASE_IMAGE_URL=${{ env.BASE_IMAGE_URL }}
             RECIPE=${{ matrix.recipe }}
             IMAGE_REGISTRY=${{ steps.registry_case.outputs.lowercase }}

Containerfile

@@ -1,57 +1,47 @@
-# This is the Containerfile for your custom image. 
+# This is the Containerfile for your custom image.
 
-# It takes in the recipe, version, and base image as arguments,
+# Instead of adding RUN statements here, you should consider creating a script
+# in `config/scripts/`. Read more in `modules/script/README.md`
+
+# This Containerfile takes in the recipe, version, and base image as arguments,
 # all of which are provided by build.yml when doing builds
 # in the cloud. The ARGs have default values, but changing those
 # does nothing if the image is built in the cloud.
 
-ARG FEDORA_MAJOR_VERSION=38
-# Warning: changing this might not do anything for you. Read comment above.
+# !! Warning: changing these might not do anything for you. Read comment above.
+ARG IMAGE_MAJOR_VERSION=38
 ARG BASE_IMAGE_URL=ghcr.io/ublue-os/silverblue-main
 
-FROM ${BASE_IMAGE_URL}:${FEDORA_MAJOR_VERSION}
-
-# The default recipe set to the recipe's default filename
-# so that `podman build` should just work for many people.
-ARG RECIPE=./recipe.yml
+FROM ${BASE_IMAGE_URL}:${IMAGE_MAJOR_VERSION}
 
+# The default recipe is set to the recipe's default filename
+# so that `podman build` should just work for most people.
+ARG RECIPE=recipe.yml 
 # The default image registry to write to policy.json and cosign.yaml
 ARG IMAGE_REGISTRY=ghcr.io/ublue-os
 
-# Copy static configurations and component files.
-# Warning: If you want to place anything in "/etc" of the final image, you MUST
-# place them in "./usr/etc" in your repo, so that they're written to "/usr/etc"
-# on the final system. That is the proper directory for "system" configuration
-# templates on immutable Fedora distros, whereas the normal "/etc" is ONLY meant
-# for manual overrides and editing by the machine's admin AFTER installation!
-# See issue #28 (https://github.com/ublue-os/startingpoint/issues/28).
-COPY usr /usr
 
-# Copy public key
 COPY cosign.pub /usr/share/ublue-os/cosign.pub
 
-# Copy the recipe that we're building.
-COPY ${RECIPE} /usr/share/ublue-os/recipe.yml
+# Copy the bling from ublue-os/bling into tmp, to be installed later by the bling module
+# Feel free to remove these lines if you want to speed up image builds and don't want any bling
+COPY --from=ghcr.io/ublue-os/bling:latest /rpms /tmp/bling/rpms
+COPY --from=ghcr.io/ublue-os/bling:latest /files /tmp/bling/files
 
-# Copy nix install script and Universal Blue wallpapers RPM from Bling image
-COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm
+# Copy build scripts & configuration
+COPY build.sh /tmp/build.sh
+COPY config /tmp/config/
 
-# Integrate bling justfiles onto image
-COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just
+# Copy modules
+# The default modules are inside ublue-os/bling
+COPY --from=ghcr.io/ublue-os/bling:latest /modules /tmp/modules/
+# Custom modules overwrite defaults
+COPY modules /tmp/modules/
 
-# Add nix installer if you want to use it
-COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin
-
-# "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml.
-# Copied from the official container image since it's not available as an RPM.
+# `yq` is used for parsing the yaml configuration
+# It is copied from the official container image since it's not available as an RPM.
 COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
 
-# Copy the build script and all custom scripts.
-COPY scripts /tmp/scripts
-
 # Run the build script, then clean up temp files and finalize container build.
-RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \
-        chmod +x /tmp/scripts/build.sh && \
-        /tmp/scripts/build.sh && \
-        rm -rf /tmp/* /var/* && \
-        ostree container commit
+RUN chmod +x /tmp/build.sh && /tmp/build.sh && \
+    rm -rf /tmp/* /var/* && ostree container commit