Merge branch 'master' into UKI-hackaround-and-find-out

Signed-off-by: Itxaka <[email protected]>

.github/cypress_tests.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Run agent in the background to bring the webui up
+/usr/bin/kairos-agent webui &
+
+pushd internal/webui/public || exit 1
+# deps
+npm ci
+# cypress tests
+npx cypress run --e2e -q
+popd || exit

.github/workflows/bump_repos.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Bump cos 🔧
         run: earthly +bump-repositories
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.PAT_TOKEN }}
           push-to-fork: ci-robbot/c3os

.github/workflows/image-arm.yaml

@@ -103,11 +103,67 @@ jobs:
           TAG: "latest"
           COSIGN_YES: true
         run: |
-          docker push "$IMAGE:$TAG" # Otherwise .RepoDigests will be empty for some reason
-          cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG")
+          docker push "$IMAGE:$TAG"
+          image_ref=$(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG")
+          spdx=$(ls build/*.spdx.json)
+          cosign attach sbom --sbom $spdx $image_ref
+          cosign sign $image_ref --attachment sbom
+          # in-toto attestation
+          cosign attest --type spdx --predicate $spdx $image_ref
       - name: Upload results
         uses: actions/upload-artifact@v3
         with:
           name: ${{ matrix.flavor }}-image
           path: build
           if-no-files-found: error
+  image_and_iso_arm64_generic:
+    runs-on: ubuntu-latest
+    needs:
+      - get-matrix
+    strategy:
+      fail-fast: false
+      matrix:
+        flavor:
+          - "opensuse-leap"
+    steps:
+      - uses: actions/checkout@v3
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
+      - name: Install earthly
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
+        uses: Luet-lab/luet-install-action@v1
+        with:
+          repository: quay.io/kairos/packages
+          packages: utils/earthly
+      - name: Set up QEMU
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
+        uses: docker/setup-qemu-action@master
+        with:
+          platforms: all
+      - name: Set up Docker Buildx
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Quay Registry
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
+        run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
+      - name: Build iso  🔧
+        env:
+          IMAGE: "quay.io/kairos/core-${{ matrix.flavor }}-arm-generic"
+          TAG: "master"
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
+        run: |
+          earthly -P +all-arm-generic --FLAVOR=${{ matrix.flavor }} --IMAGE=$IMAGE:$TAG --ISO_NAME=kairos-${{ matrix.flavor }}-arm-generic-$TAG
+      - name: Push to quay
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
+        env:
+          IMAGE: "quay.io/kairos/core-${{ matrix.flavor }}-arm-generic"
+          TAG: "master"
+        run: |
+          docker push "$IMAGE:$TAG"
+      - uses: actions/upload-artifact@v3
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
+        with:
+          name: kairos-${{ matrix.flavor }}-arm64.iso.zip
+          path: |
+            build/*.iso
+            build/*.sha256

.github/workflows/image.yaml

@@ -146,7 +146,12 @@ jobs:
           COSIGN_YES: true
         run: |
           docker push "$IMAGE:$TAG"
-          cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG")
+          image_ref=$(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG")
+          spdx=$(ls *.spdx.json)
+          cosign attach sbom --sbom $spdx $image_ref
+          cosign sign $image_ref --attachment sbom
+          # in-toto attestation
+          cosign attest --type spdx --predicate $spdx $image_ref
       - name: Push to testing
         run: |
           docker tag quay.io/kairos/core-${{ matrix.flavor }}:latest ttl.sh/kairos-${{ matrix.flavor }}-${{ github.sha }}:8h
@@ -178,6 +183,9 @@ jobs:
         if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
         env:
           FLAVOR: ${{ matrix.flavor }}
+          IMAGE: "quay.io/kairos/framework"
+          TAG: "master_${{ matrix.flavor }}"
+          COSIGN_YES: true
         run: |
           # Configure earthly to use the docker mirror in CI
           # https://docs.earthly.dev/ci-integration/pull-through-cache#configuring-earthly-to-use-the-cache
@@ -191,14 +199,7 @@ jobs:
                 insecure = true
                 http = true
           EOF
-          earthly --push +build-framework-image --FLAVOR=${FLAVOR} --VERSION=master
-      - name: Push to quay
-        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
-        env:
-          IMAGE: "quay.io/kairos/framework"
-          TAG: "master_${{ matrix.flavor }}"
-          COSIGN_YES: true
-        run: |
+          earthly +build-framework-image --FLAVOR=${FLAVOR} --VERSION=master
           docker push "$IMAGE:$TAG" # Otherwise .RepoDigests will be empty for some reason
           cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG")
       - name: Build framework image 🔧
@@ -244,7 +245,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
-          go-version: ^1.16
+          go-version: ^1.20
       - run: |
           export ISO=$PWD/$(ls *.iso)
           export GOPATH="/Users/runner/go"

.github/workflows/lint.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
-          go-version: ^1.18
+          go-version: ^1.20
       - name: Install earthly
         uses: Luet-lab/luet-install-action@v1
         with:

.github/workflows/release-arm.yaml

@@ -76,7 +76,12 @@ jobs:
         run: |
           export TAG=${GITHUB_REF##*/}
           export IMAGE="quay.io/kairos/core-${{ matrix.flavor }}"
-          cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG")
+          image_ref=$(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG")
+          spdx=$(ls build/*.spdx.json)
+          cosign attach sbom --sbom $spdx $image_ref
+          cosign sign $image_ref --attachment sbom
+          # in-toto attestation
+          cosign attest --type spdx --predicate $spdx $image_ref
       - name: Export version
         run: |
           TAG=${GITHUB_REF##*/}
@@ -108,3 +113,47 @@ jobs:
         with:
           sarif_file: 'sarif'
           category: ${{ matrix.flavor }}
+  image_and_iso_arm64_generic:
+    runs-on: ubuntu-latest
+    needs:
+      - get-matrix
+    strategy:
+      fail-fast: false
+      matrix:
+        flavor:
+          - "opensuse-leap"
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install earthly
+        uses: Luet-lab/luet-install-action@v1
+        with:
+          repository: quay.io/kairos/packages
+          packages: utils/earthly
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@master
+        with:
+          platforms: all
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Quay Registry
+        run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
+      - name: Build iso  🔧
+        env:
+          IMAGE: "quay.io/kairos/core-${{ matrix.flavor }}-arm-generic"
+        run: |
+          export TAG=${GITHUB_REF##*/}
+          earthly +all-arm-generic --FLAVOR=${{ matrix.flavor }} --IMAGE=$IMAGE:$TAG --ISO_NAME=kairos-${{ matrix.flavor }}-arm-generic-$TAG
+          sudo mv build release
+      - name: Push to quay
+        env:
+          IMAGE: "quay.io/kairos/core-${{ matrix.flavor }}-arm-generic"
+        run: |
+          export TAG=${GITHUB_REF##*/}
+          docker push "$IMAGE:$TAG"
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          files: |
+            release/*

.github/workflows/release.yaml

@@ -24,7 +24,7 @@ jobs:
           echo "::set-output name=matrix::{\"include\": $content }"
 
   build-framework:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     needs:
     - get-matrix
     permissions:
@@ -37,22 +37,34 @@ jobs:
       - uses: actions/checkout@v3
       - run: |
           git fetch --prune --unshallow
-      - name: setup-docker
-        uses: docker-practice/actions-setup-docker@master
       - name: Install Cosign
         uses: sigstore/cosign-installer@main
-      - uses: earthly/actions-setup@2181cb2b4a133a5b0353fb2a6e87f88df7419025
+      - name: Install earthly
+        uses: Luet-lab/luet-install-action@v1
         with:
-          version: "latest"
+          repository: quay.io/kairos/packages
+          packages: utils/earthly
       - name: Login to Quay Registry
         run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
       - name: Build  🔧
         env:
           FLAVOR: ${{ matrix.flavor }}
           IMAGE: quay.io/kairos/framework
         run: |
+          # Configure earthly to use the docker mirror in CI
+          # https://docs.earthly.dev/ci-integration/pull-through-cache#configuring-earthly-to-use-the-cache
+          mkdir -p ~/.earthly/
+          cat << EOF > ~/.earthly/config.yml
+          global:
+            buildkit_additional_config: |
+              [registry."docker.io"]
+                mirrors = ["registry.docker-mirror.svc.cluster.local:5000"]
+              [registry."registry.docker-mirror.svc.cluster.local:5000"]
+                insecure = true
+                http = true
+          EOF
           export TAG=${GITHUB_REF##*/}
-          earthly --push +build-framework-image --FLAVOR=${FLAVOR}
+          earthly +build-framework-image --FLAVOR=${FLAVOR}
       - name: Push to quay
         env:
           COSIGN_YES: true
@@ -110,8 +122,12 @@ jobs:
           export TAG=${GITHUB_REF##*/}
           export IMAGE="quay.io/kairos/core-${{ matrix.flavor }}"
           docker push "$IMAGE:$TAG"
-          cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG")
-
+          image_ref=$(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE:$TAG")
+          spdx=$(ls release/*.spdx.json)
+          cosign attach sbom --sbom $spdx $image_ref
+          cosign sign $image_ref --attachment sbom
+          # in-toto attestation
+          cosign attest --type spdx --predicate $spdx $image_ref
       - name: Sign ISO sha files
         env:
           COSIGN_YES: true

.github/workflows/release_bin.yaml

@@ -9,18 +9,20 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
+      - uses: actions/checkout@v3
+      - run: |
+          git fetch --prune --unshallow
+      - name: Generate version
+        run: echo "VERSION=$(git describe --always --tags --dirty)" >> $GITHUB_ENV
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: 1.18
+          go-version: ^1.20
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v4
         with:
           version: latest
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION: ${{ env.VERSION }}

.github/workflows/schema.yaml

@@ -21,7 +21,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
-          go-version: ^1.18
+          go-version: ^1.20
       - name: Install earthly
         uses: Luet-lab/luet-install-action@v1
         with:
@@ -34,7 +34,7 @@ jobs:
         # Chown files generated by earthly since they are owned by root
         run: sudo chown -R runner:docker docs/static/*
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.PAT_TOKEN }}
           push-to-fork: ci-robbot/c3os

.github/workflows/unit-tests.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
-          go-version: '^1.18'
+          go-version: ^1.20
       - name: Install earthly
         uses: Luet-lab/luet-install-action@v1
         with:

.github/workflows/webui.yaml

@@ -0,0 +1,29 @@
+name: WebUI tests
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - '**'
+      - '!docs/**'
+  pull_request:
+    paths:
+      - '**'
+      - '!docs/**'
+
+concurrency:
+  group: ci-webui-${{ github.head_ref || github.ref }}-${{ github.repository }}
+  cancel-in-progress: true
+
+jobs:
+  webui:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install earthly
+        uses: Luet-lab/luet-install-action@v1
+        with:
+          repository: quay.io/kairos/packages
+          packages: utils/earthly
+      - name: WebUI tests
+        run: earthly +webui-tests

.gitignore

@@ -20,6 +20,7 @@ coverage.out
 /docs/resources/
 /docs/node_modules/
 /docs/tech-doc-hugo
+internal/webui/public/cypress/videos/
 
 node_modules/
 

.goreleaser.yaml

@@ -2,7 +2,7 @@
 project_name: kairos-agent
 builds:
   - ldflags:
-      - -w -s
+      - -w -s -X "github.com/kairos-io/kairos/v2/internal/common.VERSION={{.Env.VERSION}}"
     env:
       - CGO_ENABLED=0
     goos: