From adf9e022d05cab0ede7e52821586332f3aa7bd1c Mon Sep 17 00:00:00 2001 From: Itxaka Date: Fri, 20 Oct 2023 10:22:17 +0200 Subject: [PATCH] :art: Use a single framework image With changes to the packages we now generate the proper service files on the fly so we dont need to have those package separated. We now have 2 framework images, a generic one used for ALL flavors and a fips one, only provided for external consumers as we dont publish any fips enabled artifacts. We also bring both the systemd and openrc package together as they dont affect each other anymore so we can have a single framework. This patch also removes the service enablement as its not needed anymore, it done via config files Reworks the framework jobs to just build and publish the 2 different framework image (generic and fips) Signed-off-by: Itxaka --- .github/flavors.json | 4 -- .github/workflows/image.yaml | 30 ++------- .github/workflows/release.yaml | 25 ++------ Earthfile | 27 +++----- framework-profile.yaml | 109 +++------------------------------ 5 files changed, 25 insertions(+), 170 deletions(-) diff --git a/.github/flavors.json b/.github/flavors.json index 10dbb1c9b..6f23fc1f8 100644 --- a/.github/flavors.json +++ b/.github/flavors.json @@ -15,10 +15,6 @@ "flavor": "ubuntu-20-lts", "standard": "true" }, - { - "flavor": "fips-systemd", - "frameworkonly": "true" - }, { "flavor": "ubuntu-22-lts", "standard": "true" diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index c10cdc69c..5439a3d75 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -32,27 +32,6 @@ jobs: # end of optional handling for multi line json # end of optional handling for multi line json echo "::set-output name=matrix::{\"include\": $content }" - - get-framework-matrix: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@v4 - - run: | - git fetch --prune --unshallow - - id: set-matrix - run: | - content=`cat .github/flavors.json` - # the following lines are only required for multi line json - # the following lines are only required for multi line json - content="${content//'%'/'%25'}" - content="${content//$'\n'/'%0A'}" - content="${content//$'\r'/'%0D'}" - # end of optional handling for multi line json - # end of optional handling for multi line json - echo "::set-output name=matrix::{\"include\": $content }" - core: uses: ./.github/workflows/reusable-build-flavor.yaml secrets: inherit @@ -66,13 +45,12 @@ jobs: framework: uses: ./.github/workflows/reusable-build-framework-flavor.yaml secrets: inherit - with: - flavor: ${{ matrix.flavor }} - needs: - - get-framework-matrix strategy: fail-fast: false - matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}} + matrix: + flavor: + - "generic" + - "fips" install: uses: ./.github/workflows/reusable-install-test.yaml with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3a5fab151..cec58904d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -54,34 +54,17 @@ jobs: # end of optional handling for multi line json echo "::set-output name=matrix::{\"include\": $content }" - get-framework-matrix: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - id: set-matrix - run: | - content=`cat .github/flavors.json` - # the following lines are only required for multi line json - content="${content//'%'/'%25'}" - content="${content//$'\n'/'%0A'}" - content="${content//$'\r'/'%0D'}" - # end of optional handling for multi line json - echo "::set-output name=matrix::{\"include\": $content }" - build-framework: runs-on: kvm - needs: - - get-framework-matrix permissions: id-token: write # OIDC support contents: write strategy: fail-fast: false - matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}} + matrix: + flavor: + - "generic" + - "fips" steps: - uses: actions/checkout@v4 with: diff --git a/Earthfile b/Earthfile index 80bf70e48..b12618bf6 100644 --- a/Earthfile +++ b/Earthfile @@ -280,6 +280,11 @@ build-framework-image: FROM alpine ARG FLAVOR + # Just in case, make sure this is valid + IF [ "$FLAVOR" = "" ] + ARG FLAVOR=generic + END + COPY +version/VERSION ./ ARG VERSION=$(cat VERSION) @@ -331,7 +336,8 @@ base-image: END # Includes overlay/files - COPY (+framework/framework --FLAVOR=$FLAVOR) / + # We only support non-fips for now, they are built separatedly and pushed for other to consume, not used in our workflows + COPY (+framework/framework --FLAVOR=generic) / # Avoid to accidentally push keys generated by package managers RUN rm -rf /etc/ssh/ssh_host_* @@ -351,23 +357,6 @@ base-image: # Fully remove machine-id, it will be generated on first boot RUN rm -rf /etc/machine-id - # Enable services - IF [ -f /sbin/openrc ] - RUN mkdir -p /etc/runlevels/default && \ - ln -sf /etc/init.d/cos-setup-boot /etc/runlevels/default/cos-setup-boot && \ - ln -sf /etc/init.d/cos-setup-network /etc/runlevels/default/cos-setup-network && \ - ln -sf /etc/init.d/cos-setup-reconcile /etc/runlevels/default/cos-setup-reconcile && \ - ln -sf /etc/init.d/kairos-agent /etc/runlevels/default/kairos-agent - # Otherwise we assume systemd - ELSE - # mask systemd-firstboot dont accidentally run block booting - RUN systemctl mask systemd-firstboot - RUN systemctl enable cos-setup-reconcile.timer && \ - systemctl enable cos-setup-fs.service && \ - systemctl enable cos-setup-boot.service && \ - systemctl enable cos-setup-network.service - END - # TEST KAIROS-AGENT FROM BRANCH ARG KAIROS_AGENT_DEV ARG KAIROS_AGENT_DEV_BRANCH=main @@ -439,7 +428,7 @@ base-image: END IF [ -f "/sbin/mkinitfs" ] - # Proper config files with immucore and custom initrd should already be in there installled by framework + # Proper config files with immucore and custom initrd should already be in there installed by framework RUN --no-cache kernel=$(ls /lib/modules | head -n1) && mkinitfs -o /boot/initrd $kernel END END diff --git a/framework-profile.yaml b/framework-profile.yaml index a4158c395..e156f0309 100755 --- a/framework-profile.yaml +++ b/framework-profile.yaml @@ -3,131 +3,40 @@ ## - category/name@version # # Apply arbitrary images (e.g. to stub a package to a specific version) -# These are applyied after the packages. +# These are applied after the packages. # images: # - quay.io/kairos/packages:k9s-utils-0.27.4 flavors: - debian: + generic: - common-packages - kairos-toolchain - - systemd-base - debian-arm-rpi: - - common-packages - - kairos-toolchain - - systemd-base - ubuntu: - - common-packages - - kairos-toolchain - - systemd-base - ubuntu-arm-rpi: - - common-packages - - kairos-toolchain - - systemd-base - ubuntu-20-lts-arm-nvidia-jetson-agx-orin: - - common-packages - - kairos-toolchain - - systemd-base - ubuntu-20-lts-arm-rpi: - - common-packages - - kairos-toolchain - - systemd-base - ubuntu-22-lts-arm-rpi: - - common-packages - - kairos-toolchain - - systemd-base - ubuntu-22-lts: - - common-packages - - kairos-toolchain - - systemd-base - ubuntu-20-lts: - - common-packages - - kairos-toolchain - - systemd-base - fips-systemd: + fips: - common-packages - kairos-toolchain-fips - - systemd-base - fedora: - - common-packages - - kairos-toolchain - - systemd-base - rockylinux: - - common-packages - - kairos-toolchain - - systemd-base - almalinux: - - common-packages - - kairos-toolchain - - systemd-base - opensuse-tumbleweed: - - common-packages - - kairos-toolchain - - systemd-base - - systemd-latest - opensuse-tumbleweed-arm-rpi: - - common-packages - - kairos-toolchain - - systemd-base - opensuse-leap: - - common-packages - - kairos-toolchain - - systemd-base - opensuse-leap-arm-rpi: - - common-packages - - kairos-toolchain - - systemd-base - alpine: - - common-packages - - kairos-toolchain - - openrc - alpine-arm-rpi: - - common-packages - - kairos-toolchain - - openrc -openrc: - packages: - - init-svc/openrc - - initrd/alpine -systemd-base: - packages: - - init-svc/systemd - - dracut/kairos-network - - dracut/kairos-sysext -opensuse-leap-kernel: - packages: - - distro-kernels/opensuse-leap - - distro-initrd/opensuse-leap ## Packages (cat/name@version) that are added to ALL flavors ## Static files, no binary common-packages: packages: - - static/grub-config - dracut/immucore + - dracut/kairos-network + - dracut/kairos-sysext - system/suc-upgrade - system/grub2-efi + - static/grub-config - static/kairos-overlay-files + - initrd/alpine kairos-toolchain-fips: packages: - fips/kcrypt - fips/kcrypt-challenger - fips/immucore - fips/kairos-agent -kairos-toolchain-fips-static: - packages: - - fips-static/kcrypt - - fips-static/kcrypt-challenger - - fips-static/immucore - - fips-static/kairos-agent kairos-toolchain: packages: - system/kcrypt - system/kcrypt-challenger - system/immucore - system/kairos-agent -ubuntu-kernel: - packages: - - distro-kernels/ubuntu - - distro-initrd/ubuntu repositories: - &kairos name: "kairos" @@ -139,9 +48,9 @@ repositories: priority: 2 urls: - "quay.io/kairos/packages" - reference: 20231019093159-repository.yaml + reference: 20231020075856-repository.yaml - !!merge <<: *kairos arch: arm64 urls: - "quay.io/kairos/packages-arm64" - reference: 20231019092540-repository.yaml + reference: 20231020075759-repository.yaml