Skip to content

style(zsh): consistently use spaces for indentation #426

style(zsh): consistently use spaces for indentation

style(zsh): consistently use spaces for indentation #426

Workflow file for this run

---
name: Build container image
on:
pull_request:
branches:
- main
schedule:
- cron: "05 10 * * *" # 10:05am UTC everyday
push:
branches:
- main
- testing
paths-ignore:
- "**/README.md"
workflow_dispatch:
env:
IMAGE_DESC: "Custom Bazzite image based on Niri and Noctalia, built for the Data Lab Techs out there."
IMAGE_KEYWORDS: "bootc,ublue,universal-blue,bazzite,fedora,nvidia,niri,noctalia"
IMAGE_LOGO_URL: "https://raw.githubusercontent.com/DataLabTechTV/dltos/refs/heads/main/repo_files/dltos-logo.png"
IMAGE_NAME: "${{ github.event.repository.name }}"
IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}"
DEFAULT_TAG: "latest"
concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name}}-${{ inputs.stream_name }}
cancel-in-progress: true
jobs:
build_push:
name: Build and push image
runs-on: ubuntu-24.04
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Prepare environment
run: |
# Lowercase the image uri
echo "IMAGE_REGISTRY=${IMAGE_REGISTRY,,}" >> ${GITHUB_ENV}
echo "IMAGE_NAME=${IMAGE_NAME,,}" >> ${GITHUB_ENV}
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@695eb75bc387dbcd9685a8e72d23439d8686cba6
- name: Get current date
id: date
run: |
# This generates a timestamp like what is defined on the ArtifactHub documentation
# E.G: 2022-02-08T15:38:15Z'
# https://artifacthub.io/docs/topics/repositories/container-images/
# https://linux.die.net/man/1/date
echo "date=$(date -u +%Y\-%m\-%d\T%H\:%M\:%S\Z)" >> $GITHUB_OUTPUT
- name: Image Metadata
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
id: metadata
with:
tags: |
type=raw,value=${{ env.DEFAULT_TAG }},enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
type=raw,value=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD'}},enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
type=raw,value=${{ github.ref_name }},enable=${{ github.ref != format('refs/heads/{0}', github.event.repository.default_branch) }}
type=raw,value=${{ github.ref_name }}.{{date 'YYYYMMDD'}},enable=${{ github.ref != format('refs/heads/{0}', github.event.repository.default_branch) }}
type=raw,value={{date 'YYYYMMDD'}},enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
type=sha,enable=${{ github.event_name == 'pull_request' }}
type=ref,event=pr
labels: |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/${{ github.sha }}/README.md
org.opencontainers.image.created=${{ steps.date.outputs.date }}
org.opencontainers.image.description=${{ env.IMAGE_DESC }}
org.opencontainers.image.documentation=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/${{ github.sha }}/README.md
org.opencontainers.image.source=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/blob/${{ github.sha }}/Containerfile
org.opencontainers.image.title=${{ env.IMAGE_NAME }}
org.opencontainers.image.url=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/tree/${{ github.sha }}
org.opencontainers.image.vendor=${{ github.repository_owner }}
org.opencontainers.image.version=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD'}}
io.artifacthub.package.deprecated=false
io.artifacthub.package.keywords=${{ env.IMAGE_KEYWORDS }}
io.artifacthub.package.license=Apache-2.0
io.artifacthub.package.logo-url=${{ env.IMAGE_LOGO_URL }}
io.artifacthub.package.prerelease=false
containers.bootc=1
sep-tags: " "
sep-annotations: " "
- name: Login to GitHub Container Registry
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
if: github.event_name != 'pull_request' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.ref == 'refs/heads/testing')
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Restore Buildah Cache
uses: actions/cache/restore@v5
with:
path: /var/tmp/buildah-cache-*
key: ${{ runner.os }}-${{ runner.arch }}-buildah-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ runner.arch }}-buildah-
- name: Build Image
id: build_image
run: |
LABELS="${{ steps.metadata.outputs.labels }}"
LABEL_ARGS=()
while IFS= read -r label; do
if [ -n "$label" ]; then
LABEL_ARGS+=(--label "$label")
fi
done <<< "$LABELS"
export REGISTRY_AUTH_FILE="$HOME/.docker/config.json"
CACHE_IMAGE="${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}-cache"
sudo -E buildah build \
--layers \
--cache-from "$CACHE_IMAGE" \
--cache-to "$CACHE_IMAGE" \
"${LABEL_ARGS[@]}" \
--tag raw-img \
-f ./Containerfile .
- name: Fix Cache Permissions
run: |
[ -d /var/tmp/buildah-cache-0 ] && sudo chmod -R 777 /var/tmp/buildah-cache-0 || true
- name: Save Buildah Cache
uses: actions/cache/save@v5
with:
path: /var/tmp/buildah-cache-*
key: ${{ runner.os }}-${{ runner.arch }}-buildah-${{ github.sha }}
- name: Run Rechunker
id: rechunk
run: |
container=$(sudo buildah from raw-img)
mnt=$(sudo buildah mount $container)
sudo bash -c "rm -rf $mnt/run/.* $mnt/run/* $mnt/tmp/.* $mnt/tmp/*"
sudo buildah umount $container
sudo buildah config --label "-" $container
sudo buildah commit --identity-label=false --rm $container raw-img
sudo podman run --rm --privileged \
--volume /var/lib/containers:/var/lib/containers \
quay.io/centos-bootc/centos-bootc:stream10 \
rpm-ostree compose build-chunked-oci \
--bootc \
--format-version 2 \
--from localhost/raw-img \
--output containers-storage:localhost/chunked-img
sudo podman untag raw-img
echo "ref=containers-storage:localhost/chunked-img" >> "$GITHUB_OUTPUT"
- name: Push to GHCR
if: github.event_name != 'pull_request' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.ref == 'refs/heads/testing')
run: |
export REGISTRY_AUTH_FILE="$HOME/.docker/config.json"
for tag in ${{ steps.metadata.outputs.tags }}; do
sudo -E skopeo copy \
${{ steps.rechunk.outputs.ref }} \
docker://${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${tag}
done
- name: Install Cosign
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
if: github.event_name != 'pull_request' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.ref == 'refs/heads/testing')
with:
cosign-release: "v2.6.1"
- name: Sign container image
if: github.event_name != 'pull_request' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.ref == 'refs/heads/testing')
run: |
IMAGE_FULL="${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}"
for tag in ${{ steps.metadata.outputs.tags }}; do
cosign sign -y --key env://COSIGN_PRIVATE_KEY $IMAGE_FULL:$tag
done
env:
TAGS: ${{ steps.push.outputs.digest }}
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}