Skip to content

Build: Add convert-to-ami and Multi container image build #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yureutaejin merged 30 commits into from
Oct 24, 2025
Merged

Build: Add convert-to-ami and Multi container image build #4

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
902625f
add convert-to-ami in Makefile
charlie3965 Oct 8, 2025
6b2bd32
solved missing seperator issue
charlie3965 Oct 8, 2025
bc3b834
Add PR review suggestions
yureutaejin Oct 9, 2025
fa5d890
Add condition to prevent OCI registry pushing
yureutaejin Oct 9, 2025
14b1306
Migrate repository
yureutaejin Oct 11, 2025
cbc77be
update repo info
yureutaejin Oct 13, 2025
a91d293
Update phony command name
yureutaejin Oct 13, 2025
fb1edb6
Add dependency for `convert-to-{DISK_FORMAT}`
yureutaejin Oct 13, 2025
dc8f185
Fix pipeline diagram
yureutaejin Oct 13, 2025
f2d7b50
Disable firewalld & selinux
yureutaejin Oct 13, 2025
283c1c7
Divide last stage into core and desktop to provide separated container
yureutaejin Oct 16, 2025
6060834
Create bake file to build multi target
yureutaejin Oct 16, 2025
756906d
Fix Makefile to use bake
yureutaejin Oct 16, 2025
1bc1b31
Separate toml for different disk format
yureutaejin Oct 16, 2025
75121c1
Update workflows
yureutaejin Oct 16, 2025
f9bcee8
fix error
yureutaejin Oct 16, 2025
c70e2f0
Fix README.md
yureutaejin Oct 17, 2025
1b7b994
Fix minor mistakes
yureutaejin Oct 17, 2025
8dd80eb
Remove `make`'s subcommand dependency
yureutaejin Oct 20, 2025
143ec0a
Remove unnecessary env in step
yureutaejin Oct 20, 2025
b7e9273
Test convert-to-ami configured with DinD
yureutaejin Oct 21, 2025
2135799
Fix `convert-to-ami` to use DinD
yureutaejin Oct 21, 2025
3c9bb37
Remove Podman in prerequisite
yureutaejin Oct 21, 2025
dd298b1
Set SELinux to permissive by default
yureutaejin Oct 22, 2025
bb6d9da
Fix issue that DinD container is not removed after run
yureutaejin Oct 23, 2025
19145be
Refactor few things
yureutaejin Oct 24, 2025
9715928
Add step summary for image path
yureutaejin Oct 24, 2025
3388235
minor fix in README
yureutaejin Oct 24, 2025
13c0188
Merge branch 'main' into build/convert-to-ami
yureutaejin Oct 24, 2025
2bc6267
remove unexpected newline
yureutaejin Oct 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/_build-oci-container.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ jobs:
GIT_COMMIT_HASH: ${{ github.sha }}

- name: Push OCI image to registry
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
echo "::group::Push OCI image to registry:"
make push-oci-image
Expand Down
22 changes: 18 additions & 4 deletions .github/workflows/_convert-to-disk.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,20 @@ on:
default: 'sda'
type: string
disk_format:
description: 'Type the disk format you want to convert the OCI image into (e.g. `qcow2`, `iso`, `raw`)'
description: 'Type the disk format you want to convert the OCI image into (e.g. `qcow2`, `iso`, `raw`, `ami`)'
required: true
default: 'iso'
type: string
rootfs:
description: 'Type the root filesystem you want to use (e.g. `ext4`, `xfs`, `btrfs`)'
required: false
required: true
default: 'btrfs'
type: string
aws_s3_bucket:
description: '(Only for `ami` disk format) Type the AWS S3 bucket name you want to use'
required: false
default: 'none'
type: string

jobs:
convert-to-disk-image:
Expand Down Expand Up @@ -71,6 +76,14 @@ jobs:
OCI_REGISTRY_PASSWORD: ${{ secrets.OCI_REGISTRY_BOT_PASSWORD }}
OCI_REGISTRY: ${{ inputs.oci_registry }}

- name: Configure AWS credentials
if: ${{ inputs.disk_format == 'ami' }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ vars.AWS_REGION }}

- name: Pull OCI image
run: |
echo "::group::Pull OCI image:"
Expand All @@ -92,7 +105,7 @@ jobs:
- name: Convert OCI image into specified disk format
run: |
echo "::group::Convert OCI image into specified disk format:"
make convert-to-disk-image
make convert-to-${DISK_FORMAT}
echo "::endgroup::"
env:
OCI_REGISTRY: ${{ inputs.oci_registry }}
Expand All @@ -104,7 +117,8 @@ jobs:
DEFAULT_USER_PASSWD: ${{ secrets.DEFAULT_USER_PASSWD }}
ROOTFS: ${{ inputs.rootfs }}

- name: Save disk format image
- name: Save iso format image
if: ${{ inputs.disk_format == 'iso' }}
run: |
sudo chown -R $USER:$USER ./image-builder-output
IMAGE_DIGEST=$(docker inspect ${OCI_REGISTRY}/${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG} -f json | \
Expand Down
47 changes: 35 additions & 12 deletions Makefile
View file
Open in desktop
Copy link
Owner

@yureutaejin yureutaejin Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just made user run single make subcommand.
No need to define/install/fix something except Makefile

Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,16 @@ ROOTFS ?= btrfs
ARCH ?= amd64
BIB_CONTAINER ?= quay.io/centos-bootc/bootc-image-builder@sha256:ba8c4bee758b4b816ce0c3a605f55389412edab034918f56982e7893e0b08532
GIT_COMMIT_HASH ?= $(shell git rev-parse HEAD)
AWS_ACCESS_KEY_ID ?= your_aws_access_key_id
AWS_SECRET_ACCESS_KEY ?= your_aws_secret_access_key
AWS_AMI_NAME ?= immutable-os-bootc-$(GIT_COMMIT_HASH:0:8)
AWS_S3_BUCKET ?= immutable-os-bootc
AWS_REGION ?= us-east-1
Copy link
Owner

@yureutaejin yureutaejin Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add dummy values


.PHONY: build-oci-bootc-image
build-oci-bootc-image:
docker build \
--build-arg GIT_COMMIT_HASH=$(GIT_COMMIT_HASH) \
--build-arg GIT_COMMIT_HASH=${GIT_COMMIT_HASH} \
-t ${OCI_REGISTRY}/${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG} \
.

Expand All @@ -27,35 +32,53 @@ lint-dockerfile:

.PHONY: login-public-oci-registry
login-public-oci-registry:
docker login -u=$(OCI_REGISTRY_USERNAME) -p=$(OCI_REGISTRY_PASSWORD) $(OCI_REGISTRY)
docker login -u=${OCI_REGISTRY_USERNAME} -p=${OCI_REGISTRY_PASSWORD} ${OCI_REGISTRY}

.PHONY: save-image-as-tar
save-image-as-tar:
docker save -o image-${GIT_COMMIT_HASH:0:8}.tar ${OCI_REGISTRY}/${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG}

.PHONY: push-oci-image
push-oci-image:
docker push $(OCI_REGISTRY)/$(OCI_IMAGE_REPO):${OCI_IMAGE_TAG}
docker push ${OCI_REGISTRY}/${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG}

.PHONY: pull-oci-image
pull-oci-image:
docker pull $(OCI_REGISTRY)/$(OCI_IMAGE_REPO):${OCI_IMAGE_TAG}
docker pull ${OCI_REGISTRY}/${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG}

# See https://github.com/osbuild/bootc-image-builder
.PHONY: convert-to-disk-image
convert-to-disk-image:
.PHONY: convert-to-iso
convert-to-iso:
sudo podman load -i image-${GIT_COMMIT_HASH:0:8}.tar
sed -i "s|{DEFAULT_DISK}|${DEFAULT_DISK}|g" config.toml
sed -i "s|{DEFAULT_USER_NAME}|${DEFAULT_USER_NAME}|g" config.toml && \
sed -i "s|{DEFAULT_USER_PASSWD}|${DEFAULT_USER_PASSWD}|g" config.toml && \
sed -i "s|{DEFAULT_USER_NAME}|${DEFAULT_USER_NAME}|g" config.toml
sed -i "s|{DEFAULT_USER_PASSWD}|${DEFAULT_USER_PASSWD}|g" config.toml
sudo docker run --rm \
--privileged \
--security-opt label=type:unconfined_t \
-v ./image-builder-output:/output \
-v /var/lib/containers/storage:/var/lib/containers/storage \
-v ./config.toml:/config.toml:ro \
$(BIB_CONTAINER) \
--type $(DISK_FORMAT) \
${BIB_CONTAINER} \
--type ${DISK_FORMAT} \
--use-librepo=True \
--rootfs $(ROOTFS) \
$(OCI_REGISTRY)/$(OCI_IMAGE_REPO):${OCI_IMAGE_TAG}
--rootfs ${ROOTFS} \
${OCI_REGISTRY}/${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG}

# See https://github.com/osbuild/bootc-image-builder?tab=readme-ov-file#amazon-machine-images-amis
.PHONY: convert-to-ami
convert-to-ami:
sudo podman load -i image-${GIT_COMMIT_HASH:0:8}.tar
sudo docker run --rm \
--privileged \
--security-opt label=type:unconfined_t \
-v /var/lib/containers/storage:/var/lib/containers/storage \
--env AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
--env AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
${BIB_CONTAINER} \
--type ${DISK_FORMAT} \
--rootfs ${ROOTFS} \
--aws-ami-name ${AWS_AMI_NAME} \
--aws-bucket ${AWS_S3_BUCKET} \
--aws-region ${AWS_REGION} \
${OCI_REGISTRY}/${OCI_IMAGE_REPO}:${OCI_IMAGE_TAG}
Copy link
Owner

@yureutaejin yureutaejin Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@charlie3965
(Please make sure to write a code carefully considering how it works.)

I just removed lines regarding config.toml file
According to official README.md, config.toml is just for anaconda installer