Skip to content

Build: Add convert-to-ami and Multi container image build #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yureutaejin merged 30 commits into from
Oct 24, 2025
Merged

Build: Add convert-to-ami and Multi container image build #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
902625f
add convert-to-ami in Makefile
charlie3965 Oct 8, 2025
6b2bd32
solved missing seperator issue
charlie3965 Oct 8, 2025
bc3b834
Add PR review suggestions
yureutaejin Oct 9, 2025
fa5d890
Add condition to prevent OCI registry pushing
yureutaejin Oct 9, 2025
14b1306
Migrate repository
yureutaejin Oct 11, 2025
cbc77be
update repo info
yureutaejin Oct 13, 2025
a91d293
Update phony command name
yureutaejin Oct 13, 2025
fb1edb6
Add dependency for `convert-to-{DISK_FORMAT}`
yureutaejin Oct 13, 2025
dc8f185
Fix pipeline diagram
yureutaejin Oct 13, 2025
f2d7b50
Disable firewalld & selinux
yureutaejin Oct 13, 2025
283c1c7
Divide last stage into core and desktop to provide separated container
yureutaejin Oct 16, 2025
6060834
Create bake file to build multi target
yureutaejin Oct 16, 2025
756906d
Fix Makefile to use bake
yureutaejin Oct 16, 2025
1bc1b31
Separate toml for different disk format
yureutaejin Oct 16, 2025
75121c1
Update workflows
yureutaejin Oct 16, 2025
f9bcee8
fix error
yureutaejin Oct 16, 2025
c70e2f0
Fix README.md
yureutaejin Oct 17, 2025
1b7b994
Fix minor mistakes
yureutaejin Oct 17, 2025
8dd80eb
Remove `make`'s subcommand dependency
yureutaejin Oct 20, 2025
143ec0a
Remove unnecessary env in step
yureutaejin Oct 20, 2025
b7e9273
Test convert-to-ami configured with DinD
yureutaejin Oct 21, 2025
2135799
Fix `convert-to-ami` to use DinD
yureutaejin Oct 21, 2025
3c9bb37
Remove Podman in prerequisite
yureutaejin Oct 21, 2025
dd298b1
Set SELinux to permissive by default
yureutaejin Oct 22, 2025
bb6d9da
Fix issue that DinD container is not removed after run
yureutaejin Oct 23, 2025
19145be
Refactor few things
yureutaejin Oct 24, 2025
9715928
Add step summary for image path
yureutaejin Oct 24, 2025
3388235
minor fix in README
yureutaejin Oct 24, 2025
13c0188
Merge branch 'main' into build/convert-to-ami
yureutaejin Oct 24, 2025
2bc6267
remove unexpected newline
yureutaejin Oct 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 32 additions & 34 deletions .github/workflows/_build-bootc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,66 +4,59 @@ run-name: "Build OCI container - ${{ github.actor }}"
on:
workflow_call:
inputs:
runner-group:
description: 'Type the runner group'
required: true
default: 'private-runners-yuntae'
type: string
runner-label:
description: 'Type label of runner'
required: true
default: 'ytminipc001'
type: string
oci_registry:
description: 'Type the OCI registry you want to use. e.g. `ghcr.io`, `quay.io`,`docker.io`'
description: 'OCI registry you want to use. e.g. `ghcr.io`, `quay.io`,`docker.io`'
required: true
default: 'quay.io'
type: string
oci_image_repo:
description: 'Type the image repository path in OCI registry you want to push (`{tenancy-namespace}/{repo-name}`)'
required: true
default: 'teamthepioneers/immutable-os-bootc'
default: 'yuntae/yob'
type: string
oci_image_tag:
description: 'Type the image tag you want to use'
required: true
default: 'latest'
type: string
target-interface:
description: 'Type the target interface you want to build (e.g. `core`, `desktop`, `all`)'
required: true
default: 'all'
type: string

workflow_dispatch:
inputs:
runner-group:
description: 'Type the runner group'
required: true
default: 'private-runners-yuntae'
type: string
runner-label:
description: 'Type label of runner'
required: true
default: 'ytminipc001'
type: string
oci_registry:
description: 'Type the OCI registry you want to use. e.g. `ghcr.io`, `quay.io`,`docker.io`'
description: 'Choose the OCI registry you want to use.'
required: true
options:
- ghcr.io
- quay.io
- docker.io
default: 'quay.io'
type: string
type: choice
oci_image_repo:
description: 'Type the image repository path in OCI registry you want to push (`{tenancy-namespace}/{repo-name}`)'
required: true
default: 'teamthepioneers/immutable-os-bootc'
default: 'yuntae/yob'
type: string
oci_image_tag:
description: 'Type the image tag you want to use'
required: true
default: 'latest'
type: string
target-interface:
description: 'Type the target interface you want to build (e.g. `core`, `desktop`, `all`)'
required: true
default: 'all'
type: string

jobs:
build-oci-bootc-image:
build-bootc:
runs-on:
group: ${{ inputs.runner-group }}
labels:
- ${{ inputs.runner-label }}
- bootc-builder

steps:
- name: Verify prerequisites
Expand All @@ -82,23 +75,28 @@ jobs:
OCI_REGISTRY_USERNAME: ${{ secrets.OCI_REGISTRY_BOT_USERNAME }}
OCI_REGISTRY_PASSWORD: ${{ secrets.OCI_REGISTRY_BOT_PASSWORD }}

- name: Build OCI image
- name: Build bootc
run: |
echo "::group::Build OCI image:"
make build-oci-bootc-image
echo "::group::Build bootc:"
make build-bootc
echo "::endgroup::"
env:
OCI_REGISTRY: ${{ inputs.oci_registry }}
OCI_IMAGE_REPO: ${{ inputs.oci_image_repo }}
OCI_IMAGE_TAG: ${{ inputs.oci_image_tag }}
GIT_COMMIT_HASH: ${{ github.sha }}
TARGET_INTERFACE: ${{ inputs.target-interface }}

- name: Push OCI image to registry
- name: Push bootc image to registry
if: ${{ github.event_name == 'workflow_dispatch' }}
Comment on lines +90 to +91
Copy link
Owner

@yureutaejin yureutaejin Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prevent pushing OCI registry when merge queue or status checks works

run: |
echo "::group::Push OCI image to registry:"
make push-oci-image
echo "::group::Push bootc image to registry:"
make push-bootc
echo "::endgroup::"
echo "## Image path" | tee -a $GITHUB_STEP_SUMMARY
echo "\`${OCI_REGISTRY}/${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG}-${TARGET_INTERFACE}\` (all: It creates both core and desktop)" | tee -a $GITHUB_STEP_SUMMARY
env:
OCI_REGISTRY: ${{ inputs.oci_registry }}
OCI_IMAGE_REPO: ${{ inputs.oci_image_repo }}
OCI_IMAGE_TAG: ${{ inputs.oci_image_tag }}
TARGET_INTERFACE: ${{ inputs.target-interface }}
97 changes: 57 additions & 40 deletions .github/workflows/_convert-to-disk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,60 +4,68 @@ run-name: "Convert OCI Container to Disk Image - ${{ github.actor }}"
on:
workflow_dispatch:
inputs:
runner-group:
description: 'Type the runner group'
required: true
default: 'private-runners-yuntae'
type: string
runner-label:
description: 'Type label of runner'
required: true
default: 'ytminipc001'
type: string
oci_registry:
description: 'Type the OCI registry you want to use. e.g. `ghcr.io`, `quay.io`,`docker.io`'
description: 'Choose the OCI registry you want to use.'
required: true
options:
- ghcr.io
- quay.io
- docker.io
default: 'quay.io'
type: string
type: choice
oci_image_repo:
description: 'Type the image repository path in OCI registry you want to push (`{tenancy-namespace}/{repo-name}`)'
required: true
default: 'teamthepioneers/immutable-os-bootc'
default: 'yuntae/yob'
type: string
oci_image_tag:
description: 'Type the image tag you want to use'
required: true
default: 'latest'
type: string
target-interface:
description: 'Type the target interface you want to build (e.g. `core`, `desktop`, `all`)'
required: true
default: 'all'
type: string
default_disk:
description: 'Type disk name you want to use as rootfs (e.g `sda`, `nvme0n1`)'
required: true
default: 'sda'
type: string
disk_format:
description: 'Type the disk format you want to convert the OCI image into (e.g. `qcow2`, `iso`, `raw`)'
description: 'Choose disk format you want to convert the OCI image into'
required: true
options:
- iso
- ami
default: 'iso'
type: string
type: choice
rootfs:
description: 'Type the root filesystem you want to use (e.g. `ext4`, `xfs`, `btrfs`)'
required: false
description: 'Choose root filesystem you want to use'
required: true
options:
- btrfs
- ext4
- xfs
default: 'btrfs'
type: choice
aws_s3_bucket:
description: '(Only for `ami` disk format) Type the AWS S3 bucket name you want to use'
required: false
default: 'none'
type: string

jobs:
convert-to-disk-image:
runs-on:
group: ${{ inputs.runner-group }}
labels:
- ${{ inputs.runner-label }}
- bootc-builder

steps:
- name: Verify prerequisites
run: |
make --version &> /dev/null || { echo "Make is not installed"; exit 1; }
[[ -d /var/lib/containers/storage ]] || \
{ echo "no /var/lib/containers/storage found. Please install Podman or Buildah and pull any container"; exit 1; }
docker --version &> /dev/null || { echo "Docker is not installed"; exit 1; }

- name: Checkout Repository
Expand All @@ -71,54 +79,63 @@ jobs:
OCI_REGISTRY_PASSWORD: ${{ secrets.OCI_REGISTRY_BOT_PASSWORD }}
OCI_REGISTRY: ${{ inputs.oci_registry }}

- name: Pull OCI image
- name: Configure AWS credentials
if: ${{ inputs.disk_format == 'ami' }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ vars.AWS_REGION }}

- name: Pull bootc image from OCI registry
run: |
echo "::group::Pull OCI image:"
make pull-oci-image
echo "::group::Pull bootc image from OCI registry:"
make pull-bootc
echo "::endgroup::"
env:
OCI_REGISTRY: ${{ inputs.oci_registry }}
OCI_IMAGE_REPO: ${{ inputs.oci_image_repo }}
OCI_IMAGE_TAG: ${{ inputs.oci_image_tag }}
TARGET_INTERFACE: ${{ inputs.target-interface }}

- name: Save image as tar
- name: Save image as tgz
run: |
make save-image-as-tar
echo "::group::Save image as tgz:"
make save-image-as-tgz
echo "::endgroup::"
env:
OCI_REGISTRY: ${{ inputs.oci_registry }}
OCI_IMAGE_REPO: ${{ inputs.oci_image_repo }}
OCI_IMAGE_TAG: ${{ inputs.oci_image_tag }}
TARGET_INTERFACE: ${{ inputs.target-interface }}

- name: Convert OCI image into specified disk format
run: |
echo "::group::Convert OCI image into specified disk format:"
make convert-to-disk-image
make convert-to-${DISK_FORMAT}
echo "::endgroup::"
env:
OCI_REGISTRY: ${{ inputs.oci_registry }}
OCI_IMAGE_REPO: ${{ inputs.oci_image_repo }}
OCI_IMAGE_TAG: ${{ inputs.oci_image_tag }}
TARGET_INTERFACE: ${{ inputs.target-interface }}
DISK_FORMAT: ${{ inputs.disk_format }}
DEFAULT_DISK: ${{ inputs.default_disk }}
DEFAULT_USER_NAME: ${{ secrets.DEFAULT_USER_NAME }}
DEFAULT_USER_PASSWD: ${{ secrets.DEFAULT_USER_PASSWD }}
ROOTFS: ${{ inputs.rootfs }}
AWS_S3_BUCKET: ${{ inputs.aws_s3_bucket }}
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
Comment on lines 112 to +128
Copy link
Owner

@yureutaejin yureutaejin Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GitHub Actions masked AWS Credential info
-https://github.com/yureutaejin/yob/actions/runs/18771909470/job/53557974734#step:8:95


- name: Save disk format image
- name: Save iso format image
if: ${{ inputs.disk_format == 'iso' }}
run: |
sudo chown -R $USER:$USER ./image-builder-output
IMAGE_DIGEST=$(docker inspect ${OCI_REGISTRY}/${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG} -f json | \
jq -r .[0].Digest | cut -d ':' -f2)
[ -z "${IMAGE_DIGEST}" ] || [ "${IMAGE_DIGEST}" == "null" ] && \
IMAGE_DIGEST=$(
docker buildx imagetools inspect ${OCI_REGISTRY}/${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG} \
--format '{{ json .Manifest}}' | \
jq -r .digest | cut -d ':' -f2)
sudo mkdir -p /opt/bootc-os-disk-images/${IMAGE_DIGEST:0:12}
sudo mv image-builder-output /opt/bootc-os-disk-images/${IMAGE_DIGEST:0:12}/${DISK_FORMAT}
sudo mkdir -p /opt/bootc-os-disk-images/${{ github.run_number }}
sudo mv image-builder-output /opt/bootc-os-disk-images/${{ github.run_number }}
sudo rm -rf ./image-builder-output
env:
OCI_REGISTRY: ${{ inputs.oci_registry }}
OCI_IMAGE_REPO: ${{ inputs.oci_image_repo }}
OCI_IMAGE_TAG: ${{ inputs.oci_image_tag }}
DISK_FORMAT: ${{ inputs.disk_format }}
TARGET_INTERFACE: ${{ inputs.target-interface }}
11 changes: 2 additions & 9 deletions .github/workflows/dev-debug.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,11 @@ name: "Workflow for Development & Debugging"
run-name: "Dev & Debug Workflow - ${{ github.ref }}"

on:
workflow_dispatch:
inputs:
runner-group:
description: 'Select the runner group'
required: true
default: 'Default'
type: string
workflow_dispatch: {}

jobs:
test:
runs-on:
group: ${{ inputs.runner-group }}
runs-on: ubuntu-latest
steps:
- name: template
run: |
Expand Down
9 changes: 4 additions & 5 deletions .github/workflows/merge_queue.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,13 @@ jobs:
body: commentBody
});

build-oci:
build-bootc:
needs: lint-dockerfile
if: ${{ github.event.pull_request.draft == false }}
uses: ./.github/workflows/_build-oci-container.yaml
uses: ./.github/workflows/_build-bootc.yaml
secrets: inherit
with:
runner-group: 'private-runners-yuntae'
runner-label: 'ytminipc001'
oci_registry: 'quay.io'
oci_image_repo: 'teamthepioneers/immutable-os-bootc'
oci_image_repo: 'yuntae/yob'
oci_image_tag: 'merge-queue-${{ github.event_name }}'
target-interface: 'core'
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
**/.DS_Store
dockerfile-lint.json
*.tar
config.toml
image-builder-output/*
Loading