diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..e49ff85 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,7 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-03-14T14:44:03Z by kres latest. + +* +!README.md +!pkg.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 23e242e..407d17b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,3 +1,7 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-03-14T21:46:38Z by kres latest. + name: default concurrency: group: ${{ github.head_ref || github.run_id }} @@ -37,3 +41,38 @@ jobs: steps: - name: checkout uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + driver: remote + endpoint: tcp://127.0.0.1:1234 + - name: Build + run: | + make + - name: Login to registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.repository_owner }} + - name: Push to registry + if: github.event_name != 'pull_request' + run: | + make PUSH=true + - name: release-notes + if: startsWith(github.ref, 'refs/tags/') + run: | + make release-notes + - name: Release + if: startsWith(github.ref, 'refs/tags/') + uses: crazy-max/ghaction-github-release@v2 + with: + body_path: _out/RELEASE_NOTES.md + draft: "true" diff --git a/.github/workflows/slack-notify.yaml b/.github/workflows/slack-notify.yaml new file mode 100644 index 0000000..7999c1d --- /dev/null +++ b/.github/workflows/slack-notify.yaml @@ -0,0 +1,92 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-03-14T14:44:03Z by kres latest. + +name: slack-notify +"on": + workflow_run: + workflows: + - default + types: + - completed +jobs: + slack-notify: + runs-on: + - self-hosted + - generic + if: github.event.workflow_run.conclusion != 'skipped' + steps: + - name: Get PR number + id: get-pr-number + if: github.event.workflow_run.event == 'pull_request' + env: + GH_TOKEN: ${{ github.token }} + run: | + echo pull_request_number=$(gh pr view -R ${{ github.repository }} ${{ github.event.workflow_run.head_repository.owner.login }}:${{ github.event.workflow_run.head_branch }} --json number --jq .number) >> $GITHUB_OUTPUT + - name: Slack Notify + uses: slackapi/slack-github-action@v1 + with: + channel-id: proj-talos-maintainers + payload: | + { + "attachments": [ + { + "color": "${{ github.event.workflow_run.conclusion == 'success' && '#2EB886' || github.event.workflow_run.conclusion == 'failure' && '#A30002' || '#FFCC00' }}", + "fallback": "test", + "blocks": [ + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "${{ github.event.workflow_run.event == 'pull_request' && format('*Pull Request:* {0} (`{1}`)\n<{2}/pull/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, steps.get-pr-number.outputs.pull_request_number, github.event.workflow_run.display_title) || format('*Build:* {0} (`{1}`)\n<{2}/commit/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, github.sha, github.event.workflow_run.display_title) }}" + }, + { + "type": "mrkdwn", + "text": "*Status:*\n`${{ github.event.workflow_run.conclusion }}`" + } + ] + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Author:*\n`${{ github.actor }}`" + }, + { + "type": "mrkdwn", + "text": "*Event:*\n`${{ github.event.workflow_run.event }}`" + } + ] + }, + { + "type": "divider" + }, + { + "type": "actions", + "elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Logs" + }, + "url": "${{ github.event.workflow_run.html_url }}" + }, + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Commit" + }, + "url": "${{ github.event.repository.html_url }}/commit/${{ github.sha }}" + } + ] + } + ] + } + ] + } + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2d2ed7d --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-03-14T21:18:22Z by kres latest. + +_out +internal/overlays/overlays-generated.yaml diff --git a/.kres.yaml b/.kres.yaml new file mode 100644 index 0000000..a2cae9b --- /dev/null +++ b/.kres.yaml @@ -0,0 +1,53 @@ +--- +kind: pkgfile.Build +spec: + targets: + - overlays + makefile: + extraVariables: + - name: OVERLAYS_IMAGE_REF + defaultValue: $(REGISTRY_AND_USERNAME)/overlays:$(TAG) +--- +kind: common.Build +spec: + ignoredPaths: + - "internal/overlays/overlays-generated.yaml" +--- +kind: auto.CustomSteps +spec: + steps: + - name: internal/overlays/overlays-generated.yaml + toplevel: true + - name: overlays + toplevel: true + - name: sign-images + toplevel: true +--- +kind: custom.Step +name: internal/overlays/overlays-generated.yaml +spec: + makefile: + enabled: true + phony: true + script: + - "@./hack/scripts/generate-digests.sh" +--- +kind: custom.Step +name: overlays +spec: + makefile: + enabled: true + phony: true + depends: + - internal/overlays/overlays-generated.yaml +--- +kind: custom.Step +name: sign-images +spec: + makefile: + enabled: true + phony: true + script: + - | + @OVERLAYS_IMAGE_REF=$(OVERLAYS_IMAGE_REF) \ + ./hack/scripts/sign-images.sh diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..6fb54c9 --- /dev/null +++ b/Makefile @@ -0,0 +1,171 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-03-14T21:36:03Z by kres latest. + +# common variables + +SHA := $(shell git describe --match=none --always --abbrev=8 --dirty) +TAG := $(shell git describe --tag --always --dirty --match v[0-9]\*) +ABBREV_TAG := $(shell git describe --tags >/dev/null 2>/dev/null && git describe --tag --always --match v[0-9]\* --abbrev=0 || echo 'undefined') +BRANCH := $(shell git rev-parse --abbrev-ref HEAD) +ARTIFACTS := _out +OPERATING_SYSTEM := $(shell uname -s | tr '[:upper:]' '[:lower:]') +GOARCH := $(shell uname -m | tr '[:upper:]' '[:lower:]') + +ifeq ($(GOARCH),x86_64) + GOARCH := amd64 +endif +REGISTRY ?= ghcr.io +USERNAME ?= siderolabs +REGISTRY_AND_USERNAME ?= $(REGISTRY)/$(USERNAME) +KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest +CONFORMANCE_IMAGE ?= ghcr.io/siderolabs/conform:latest + +# source date epoch of first commit + +INITIAL_COMMIT_SHA := $(shell git rev-list --max-parents=0 HEAD) +SOURCE_DATE_EPOCH := $(shell git log $(INITIAL_COMMIT_SHA) --pretty=%ct) + +# sync bldr image with pkgfile + +BLDR_RELEASE := v0.3.0 +BLDR_IMAGE := ghcr.io/siderolabs/bldr:$(BLDR_RELEASE) +BLDR := docker run --rm --user $(shell id -u):$(shell id -g) --volume $(PWD):/src --entrypoint=/bldr $(BLDR_IMAGE) --root=/src + +# docker build settings + +BUILD := docker buildx build +PLATFORM ?= linux/amd64,linux/arm64 +PROGRESS ?= auto +PUSH ?= false +CI_ARGS ?= +COMMON_ARGS = --file=Pkgfile +COMMON_ARGS += --provenance=false +COMMON_ARGS += --progress=$(PROGRESS) +COMMON_ARGS += --platform=$(PLATFORM) +COMMON_ARGS += --build-arg=SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) + +# extra variables + +OVERLAYS_IMAGE_REF ?= $(REGISTRY_AND_USERNAME)/overlays:$(TAG) + +# targets defines all the available targets + +TARGETS = overlays + +# help menu + +export define HELP_MENU_HEADER +# Getting Started + +To build this project, you must have the following installed: + +- git +- make +- docker (19.03 or higher) + +## Creating a Builder Instance + +The build process makes use of experimental Docker features (buildx). +To enable experimental features, add 'experimental: "true"' to '/etc/docker/daemon.json' on +Linux or enable experimental features in Docker GUI for Windows or Mac. + +To create a builder instance, run: + + docker buildx create --name local --use + +If running builds that needs to be cached aggresively create a builder instance with the following: + + docker buildx create --name local --use --config=config.toml + +config.toml contents: + +[worker.oci] + gc = true + gckeepstorage = 50000 + + [[worker.oci.gcpolicy]] + keepBytes = 10737418240 + keepDuration = 604800 + filters = [ "type==source.local", "type==exec.cachemount", "type==source.git.checkout"] + [[worker.oci.gcpolicy]] + all = true + keepBytes = 53687091200 + +If you already have a compatible builder instance, you may use that instead. + +## Artifacts + +All artifacts will be output to ./$(ARTIFACTS). Images will be tagged with the +registry "$(REGISTRY)", username "$(USERNAME)", and a dynamic tag (e.g. $(IMAGE):$(TAG)). +The registry and username can be overridden by exporting REGISTRY, and USERNAME +respectively. + +endef + +all: $(TARGETS) ## Builds all targets defined. + +.PHONY: clean +clean: ## Cleans up all artifacts. + @rm -rf $(ARTIFACTS) + +$(ARTIFACTS): ## Creates artifacts directory. + @mkdir -p $(ARTIFACTS) + +target-%: ## Builds the specified target defined in the Pkgfile. The build result will only remain in the build cache. + @$(BUILD) --target=$* $(COMMON_ARGS) $(TARGET_ARGS) $(CI_ARGS) . + +local-%: ## Builds the specified target defined in the Pkgfile using the local output type. The build result will be output to the specified local destination. + @$(MAKE) target-$* TARGET_ARGS="--output=type=local,dest=$(DEST) $(TARGET_ARGS)" + +docker-%: ## Builds the specified target defined in the Pkgfile using the docker output type. The build result will be loaded into Docker. + @$(MAKE) target-$* TARGET_ARGS="$(TARGET_ARGS)" + +reproducibility-test-local-%: ## Builds the specified target defined in the Pkgfile using the local output type with and without cahce. The build result will be output to the specified local destination + @rm -rf $(ARTIFACTS)/build-a $(ARTIFACTS)/build-b + @$(MAKE) local-$* DEST=$(ARTIFACTS)/build-a + @$(MAKE) local-$* DEST=$(ARTIFACTS)/build-b TARGET_ARGS="--no-cache" + @touch -ch -t $$(date -d @$(SOURCE_DATE_EPOCH) +%Y%m%d0000) $(ARTIFACTS)/build-a $(ARTIFACTS)/build-b + @diffoscope $(ARTIFACTS)/build-a $(ARTIFACTS)/build-b + @rm -rf $(ARTIFACTS)/build-a $(ARTIFACTS)/build-b + +.PHONY: $(TARGETS) +$(TARGETS): + @$(MAKE) docker-$@ TARGET_ARGS="--tag=$(REGISTRY_AND_USERNAME)/$@:$(TAG) --push=$(PUSH)" + +.PHONY: deps.png +deps.png: ## Generates a dependency graph of the Pkgfile. + @$(BLDR) graph | dot -Tpng -o deps.png + +.PHONY: internal/overlays/overlays-generated.yaml +internal/overlays/overlays-generated.yaml: + @./hack/scripts/generate-digests.sh + +.PHONY: overlays +overlays: internal/overlays/overlays-generated.yaml + +.PHONY: sign-images +sign-images: + @OVERLAYS_IMAGE_REF=$(OVERLAYS_IMAGE_REF) \ + ./hack/scripts/sign-images.sh + +.PHONY: rekres +rekres: + @docker pull $(KRES_IMAGE) + @docker run --rm --net=host --user $(shell id -u):$(shell id -g) -v $(PWD):/src -w /src -e GITHUB_TOKEN $(KRES_IMAGE) + +.PHONY: help +help: ## This help menu. + @echo "$$HELP_MENU_HEADER" + @grep -E '^[a-zA-Z%_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' + +.PHONY: release-notes +release-notes: + mkdir -p $(ARTIFACTS) + @ARTIFACTS=$(ARTIFACTS) ./hack/release.sh $@ $(ARTIFACTS)/RELEASE_NOTES.md $(TAG) + +.PHONY: conformance +conformance: + @docker pull $(CONFORMANCE_IMAGE) + @docker run --rm -it -v $(PWD):/src -w /src $(CONFORMANCE_IMAGE) enforce + diff --git a/Pkgfile b/Pkgfile new file mode 100644 index 0000000..7dcd3ac --- /dev/null +++ b/Pkgfile @@ -0,0 +1,3 @@ +# syntax = ghcr.io/siderolabs/bldr:v0.3.0 + +format: v1alpha2 diff --git a/hack/release.sh b/hack/release.sh new file mode 100755 index 0000000..7381986 --- /dev/null +++ b/hack/release.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-03-14T14:44:03Z by kres latest. + +set -e + +RELEASE_TOOL_IMAGE="ghcr.io/siderolabs/release-tool:latest" + +function release-tool { + docker pull "${RELEASE_TOOL_IMAGE}" >/dev/null + docker run --rm -w /src -v "${PWD}":/src:ro "${RELEASE_TOOL_IMAGE}" -l -d -n -t "${1}" ./hack/release.toml +} + +function changelog { + if [ "$#" -eq 1 ]; then + (release-tool ${1}; echo; cat CHANGELOG.md) > CHANGELOG.md- && mv CHANGELOG.md- CHANGELOG.md + else + echo 1>&2 "Usage: $0 changelog [tag]" + exit 1 + fi +} + +function release-notes { + release-tool "${2}" > "${1}" +} + +function cherry-pick { + if [ $# -ne 2 ]; then + echo 1>&2 "Usage: $0 cherry-pick " + exit 1 + fi + + git checkout $2 + git fetch + git rebase upstream/$2 + git cherry-pick -x $1 +} + +function commit { + if [ $# -ne 1 ]; then + echo 1>&2 "Usage: $0 commit " + exit 1 + fi + + git commit -s -m "release($1): prepare release" -m "This is the official $1 release." +} + +if declare -f "$1" > /dev/null +then + cmd="$1" + shift + $cmd "$@" +else + cat <' "${IMAGE}" + + cosign verify \ + "${IMAGE}" \ + --certificate-identity-regexp '@siderolabs\.com$' \ + --certificate-oidc-issuer https://accounts.google.com || \ + cosign sign --yes "${IMAGE}" + +done diff --git a/internal/overlays/overlays.yaml b/internal/overlays/overlays.yaml new file mode 100644 index 0000000..790eae1 --- /dev/null +++ b/internal/overlays/overlays.yaml @@ -0,0 +1,19 @@ +overlays: + - name: rpi_generic + image: ghcr.io/siderolabs/sbc-raspberrypi:v0.1.0-alpha.1 + - name: rockpi4 + image: ghcr.io/siderolabs/sbc-rockchip:v0.1.0-alpha.2 + - name: rockpi4c + image: ghcr.io/siderolabs/sbc-rockchip:v0.1.0-alpha.2 + - name: nanopi-r4s + image: ghcr.io/siderolabs/sbc-rockchip:v0.1.0-alpha.2 + - name: rock64 + image: ghcr.io/siderolabs/sbc-rockchip:v0.1.0-alpha.2 + - name: jetson_nano + image: ghcr.io/siderolabs/sbc-jetson:v0.1.0-alpha.0 + - name: bananapi_m64 + image: ghcr.io/siderolabs/sbc-allwinner:v0.1.0-alpha.0 + - name: libretech_all_h3_cc_h5 + image: ghcr.io/siderolabs/sbc-allwinner:v0.1.0-alpha.0 + - name: pine64 + image: ghcr.io/siderolabs/sbc-allwinner:v0.1.0-alpha.0 diff --git a/internal/overlays/pkg.yaml b/internal/overlays/pkg.yaml new file mode 100644 index 0000000..1a738bd --- /dev/null +++ b/internal/overlays/pkg.yaml @@ -0,0 +1,6 @@ +# this is a meta-package that contains a list of overlays +name: overlays +variant: scratch +finalize: + - from: /pkg/overlays-generated.yaml + to: /overlays.yaml