🎨 Use a single framework image

.github/flavors.json

@@ -15,10 +15,6 @@
         "flavor": "ubuntu-20-lts",
         "standard": "true"
     },
-    {
-        "flavor": "fips-systemd",
-        "frameworkonly": "true"
-    },
     {
         "flavor": "ubuntu-22-lts",
         "standard": "true"

.github/workflows/image.yaml

@@ -32,27 +32,6 @@ jobs:
           # end of optional handling for multi line json
           # end of optional handling for multi line json
           echo "::set-output name=matrix::{\"include\": $content }"
-
-  get-framework-matrix:
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.matrix }}
-    steps:
-    - uses: actions/checkout@v4
-    - run: |
-        git fetch --prune --unshallow
-    - id: set-matrix
-      run: |
-          content=`cat .github/flavors.json`
-          # the following lines are only required for multi line json
-          # the following lines are only required for multi line json
-          content="${content//'%'/'%25'}"
-          content="${content//$'\n'/'%0A'}"
-          content="${content//$'\r'/'%0D'}"
-          # end of optional handling for multi line json
-          # end of optional handling for multi line json
-          echo "::set-output name=matrix::{\"include\": $content }"
-
   core:
     uses: ./.github/workflows/reusable-build-flavor.yaml
     secrets: inherit
@@ -66,13 +45,12 @@ jobs:
   framework:
     uses: ./.github/workflows/reusable-build-framework-flavor.yaml
     secrets: inherit
-    with:
-      flavor: ${{ matrix.flavor }}
-    needs:
-      - get-framework-matrix
     strategy:
       fail-fast: false
-      matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}}
+      matrix:
+        flavor:
+          - "generic"
+          - "fips"
   install:
     uses: ./.github/workflows/reusable-install-test.yaml
     with:

.github/workflows/release.yaml

@@ -54,34 +54,17 @@ jobs:
           # end of optional handling for multi line json
           echo "::set-output name=matrix::{\"include\": $content }"
 
-  get-framework-matrix:
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.set-matrix.outputs.matrix }}
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - id: set-matrix
-      run: |
-          content=`cat .github/flavors.json`
-          # the following lines are only required for multi line json
-          content="${content//'%'/'%25'}"
-          content="${content//$'\n'/'%0A'}"
-          content="${content//$'\r'/'%0D'}"
-          # end of optional handling for multi line json
-          echo "::set-output name=matrix::{\"include\": $content }"
-
   build-framework:
     runs-on: kvm
-    needs:
-    - get-framework-matrix
     permissions:
       id-token: write  # OIDC support
       contents: write
     strategy:
       fail-fast: false
-      matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}}
+      matrix:
+        flavor:
+          - "generic"
+          - "fips"
     steps:
       - uses: actions/checkout@v4
         with:

Earthfile

@@ -280,6 +280,11 @@ build-framework-image:
     FROM alpine
     ARG FLAVOR
 
+    # Just in case, make sure this is valid
+    IF [ "$FLAVOR" = "" ]
+        ARG FLAVOR=generic
+    END
+
     COPY +version/VERSION ./
     ARG VERSION=$(cat VERSION)
 
@@ -331,7 +336,8 @@ base-image:
     END
 
     # Includes overlay/files
-    COPY (+framework/framework --FLAVOR=$FLAVOR) /
+    # We only support non-fips for now, they are built separatedly and pushed for other to consume, not used in our workflows
+    COPY (+framework/framework --FLAVOR=generic) /
     # Avoid to accidentally push keys generated by package managers
     RUN rm -rf /etc/ssh/ssh_host_*
 
@@ -351,23 +357,6 @@ base-image:
     # Fully remove machine-id, it will be generated on first boot
     RUN rm -rf /etc/machine-id
 
-    # Enable services
-    IF [ -f /sbin/openrc ]
-      RUN mkdir -p /etc/runlevels/default && \
-        ln -sf /etc/init.d/cos-setup-boot /etc/runlevels/default/cos-setup-boot  && \
-        ln -sf /etc/init.d/cos-setup-network /etc/runlevels/default/cos-setup-network  && \
-        ln -sf /etc/init.d/cos-setup-reconcile /etc/runlevels/default/cos-setup-reconcile && \
-        ln -sf /etc/init.d/kairos-agent /etc/runlevels/default/kairos-agent
-    # Otherwise we assume systemd
-    ELSE
-      # mask systemd-firstboot dont accidentally run block booting
-      RUN systemctl mask systemd-firstboot
-      RUN systemctl enable cos-setup-reconcile.timer && \
-          systemctl enable cos-setup-fs.service && \
-          systemctl enable cos-setup-boot.service && \
-          systemctl enable cos-setup-network.service
-    END
-
     # TEST KAIROS-AGENT FROM BRANCH
     ARG KAIROS_AGENT_DEV
     ARG KAIROS_AGENT_DEV_BRANCH=main
@@ -439,7 +428,7 @@ base-image:
       END
 
       IF [ -f "/sbin/mkinitfs" ]
-        # Proper config files with immucore and custom initrd should already be in there installled by framework
+        # Proper config files with immucore and custom initrd should already be in there installed by framework
         RUN --no-cache kernel=$(ls /lib/modules | head -n1) && mkinitfs -o /boot/initrd $kernel
       END
     END

framework-profile.yaml

@@ -3,131 +3,40 @@
 ##  - category/name@version
 #
 # Apply arbitrary images (e.g. to stub a package to a specific version)
-# These are applyied after the packages.
+# These are applied after the packages.
 # images:
 #   - quay.io/kairos/packages:k9s-utils-0.27.4
 flavors:
-  debian:
+  generic:
     - common-packages
     - kairos-toolchain
-    - systemd-base
-  debian-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-20-lts-arm-nvidia-jetson-agx-orin:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-20-lts-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-22-lts-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-22-lts:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  ubuntu-20-lts:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  fips-systemd:
+  fips:
     - common-packages
     - kairos-toolchain-fips
-    - systemd-base
-  fedora:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  rockylinux:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  almalinux:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  opensuse-tumbleweed:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-    - systemd-latest
-  opensuse-tumbleweed-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  opensuse-leap:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  opensuse-leap-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - systemd-base
-  alpine:
-    - common-packages
-    - kairos-toolchain
-    - openrc
-  alpine-arm-rpi:
-    - common-packages
-    - kairos-toolchain
-    - openrc
-openrc:
-  packages:
-    - init-svc/openrc
-    - initrd/alpine
-systemd-base:
-  packages:
-    - init-svc/systemd
-    - dracut/kairos-network
-    - dracut/kairos-sysext
-opensuse-leap-kernel:
-  packages:
-    - distro-kernels/opensuse-leap
-    - distro-initrd/opensuse-leap
 ## Packages (cat/name@version) that are added to ALL flavors
 ## Static files, no binary
 common-packages:
   packages:
-    - static/grub-config
     - dracut/immucore
+    - dracut/kairos-network
+    - dracut/kairos-sysext
     - system/suc-upgrade
     - system/grub2-efi
+    - static/grub-config
     - static/kairos-overlay-files
+    - initrd/alpine
 kairos-toolchain-fips:
   packages:
     - fips/kcrypt
     - fips/kcrypt-challenger
     - fips/immucore
     - fips/kairos-agent
-kairos-toolchain-fips-static:
-  packages:
-    - fips-static/kcrypt
-    - fips-static/kcrypt-challenger
-    - fips-static/immucore
-    - fips-static/kairos-agent
 kairos-toolchain:
   packages:
     - system/kcrypt
     - system/kcrypt-challenger
     - system/immucore
     - system/kairos-agent
-ubuntu-kernel:
-  packages:
-    - distro-kernels/ubuntu
-    - distro-initrd/ubuntu
 repositories:
   - &kairos
     name: "kairos"
@@ -139,9 +48,9 @@ repositories:
     priority: 2
     urls:
       - "quay.io/kairos/packages"
-    reference: 20231019093159-repository.yaml
+    reference: 20231020075856-repository.yaml
   - !!merge <<: *kairos
     arch: arm64
     urls:
       - "quay.io/kairos/packages-arm64"
-    reference: 20231019092540-repository.yaml
+    reference: 20231020075759-repository.yaml