Skip to content
This repository has been archived by the owner on Dec 16, 2024. It is now read-only.

Build Kandari Images #123

Build Kandari Images

Build Kandari Images #123

Workflow file for this run

name: Build Kandari Images
on:
pull_request:
branches:
- main
schedule:
- cron: '00 13 * * *' # 7:00 PM Dhaka time (UTC+6) everyday
push:
branches:
- main
paths-ignore:
- '**/README*.md'
- '**/LICENSE'
- '.gitignore'
workflow_dispatch:
env:
MY_IMAGE_DESC: "Kandari OS"
IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}" # do not edit
PATCH_VERSION: "0"
FEDORA_SUPPORT_RELEASE: "41" # Global Fedora releases ### NOTE: example - [FEDORA_SUPPORT_RELEASE: "40 41"]
jobs:
build_regular_images:
name: Build Regular Images
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
strategy:
matrix:
fedora_release: [41] # Fedora release matrix ### NOTE: example - fedora_release: [40, 41]
edition: [kde, gnome]
variant: [regular]
include:
- edition: kde
containerfile: Containerfile
image_name: kandari-kde
base_name: kinoite
- edition: gnome
containerfile: Containerfile
image_name: kandari-gnome
base_name: silverblue
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v7
- name: Set Fedora Release and Version
id: set_fedora_version
run: |
DATE=$(date -u +'%Y%m%d')
PATCH=${{ env.PATCH_VERSION }}
VERSION="${{ matrix.fedora_release }}.${DATE}.${PATCH}"
echo "VERSION=$VERSION" >> $GITHUB_ENV
echo "FEDORA_RELEASE=${{ matrix.fedora_release }}" >> $GITHUB_ENV
echo "MAX_FEDORA_RELEASE=$(echo ${{ env.FEDORA_SUPPORT_RELEASE }} | tr ' ' '\n' | sort -nr | head -n1)" >> $GITHUB_ENV
- name: Generate Tags
id: generate-tags
uses: ./.github/actions/generate-tags
with:
event_name: ${{ github.event_name }}
pr_number: ${{ github.event.number }}
sha: ${{ github.sha }}
fedora_release: ${{ env.FEDORA_RELEASE }}
- name: Image Metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ matrix.image_name }}
labels: |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }}
org.opencontainers.image.title=${{ matrix.image_name }}
org.opencontainers.image.version=${{ env.VERSION }}
org.opencontainers.image.licenses="GPL-3.0"
- name: Login to GitHub Container Registry
id: login_registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Kandari Image
id: build_image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./${{ matrix.containerfile }}
build-args: |
BASE_IMAGE=${{ matrix.base_name }}
FEDORA_RELEASE=${{ env.FEDORA_RELEASE }}
image: ${{ matrix.image_name }}
tags: |
${{ steps.generate-tags.outputs.alias_tags }}
${{ env.FEDORA_RELEASE == env.MAX_FEDORA_RELEASE && 'latest' || '' }}
labels: ${{ steps.meta.outputs.labels }}
oci: false
- name: Push Kandari Image to GHCR
id: push_image
uses: redhat-actions/push-to-registry@v2
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
- name: Install Cosign for Signing
uses: sigstore/[email protected]
if: github.event_name != 'pull_request'
- name: Sign Kandari Image
if: github.event_name != 'pull_request'
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image.outputs.image }}@${{ steps.push_image.outputs.digest }}
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
COSIGN_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
build_nvidia_images:
name: Build NVIDIA Images
runs-on: ubuntu-latest
needs: build_regular_images
permissions:
contents: read
packages: write
id-token: write
strategy:
matrix:
fedora_release: [41] ###NOTE: example - fedora_release: [40, 41]
edition: [kde, gnome]
variant: [nvidia]
include:
- edition: kde
containerfile: Containerfile.NVIDIA
image_name: kandari-kde-nvidia
base_name: ghcr.io/tazihad/kandari-kde
- edition: gnome
containerfile: Containerfile.NVIDIA
image_name: kandari-gnome-nvidia
base_name: ghcr.io/tazihad/kandari-gnome
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v7
- name: Set Fedora Release and Version
id: set_fedora_version_nvidia
run: |
DATE=$(date -u +'%Y%m%d')
PATCH=${{ env.PATCH_VERSION }}
VERSION="${{ matrix.fedora_release }}.${DATE}.${PATCH}"
echo "VERSION=$VERSION" >> $GITHUB_ENV
echo "FEDORA_RELEASE=${{ matrix.fedora_release }}" >> $GITHUB_ENV
echo "NVIDIA_AKMODS_TAG=${{ matrix.fedora_release }}" >> $GITHUB_ENV
echo "MAX_FEDORA_RELEASE=$(echo ${{ env.FEDORA_SUPPORT_RELEASE }} | tr ' ' '\n' | sort -nr | head -n1)" >> $GITHUB_ENV
- name: Generate Tags
id: generate-tags
uses: ./.github/actions/generate-tags
with:
event_name: ${{ github.event_name }}
pr_number: ${{ github.event.number }}
sha: ${{ github.sha }}
fedora_release: ${{ env.FEDORA_RELEASE }}
- name: Image Metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ matrix.image_name }}
labels: |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }}
org.opencontainers.image.title=${{ matrix.image_name }}
org.opencontainers.image.version=${{ env.VERSION }}
org.opencontainers.image.licenses="GPL-3.0"
- name: Login to GitHub Container Registry
id: login_registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build NVIDIA Kandari Image
id: build_image_nvidia
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./${{ matrix.containerfile }}
build-args: |
BASE_IMAGE=${{ matrix.base_name }}
FEDORA_RELEASE=${{ env.FEDORA_RELEASE }}
NVIDIA_AKMODS_TAG=${{ env.NVIDIA_AKMODS_TAG }}
image: ${{ matrix.image_name }}
tags: |
${{ steps.generate-tags.outputs.alias_tags }}
${{ env.FEDORA_RELEASE == env.MAX_FEDORA_RELEASE && 'latest' || '' }}
labels: ${{ steps.meta.outputs.labels }}
oci: false
- name: Push NVIDIA Image to GHCR
id: push_image_nvidia
uses: redhat-actions/push-to-registry@v2
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
with:
image: ${{ steps.build_image_nvidia.outputs.image }}
tags: ${{ steps.build_image_nvidia.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
- name: Install Cosign for Signing
uses: sigstore/[email protected]
if: github.event_name != 'pull_request'
- name: Sign NVIDIA Image
if: github.event_name != 'pull_request'
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image_nvidia.outputs.image }}@${{ steps.push_image_nvidia.outputs.digest }}
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
COSIGN_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}