kairos-io · mauromorales · Dec 13, 2023 · Dec 11, 2023 · Dec 12, 2023 · Dec 13, 2023
diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
@@ -81,16 +81,6 @@ jobs:
     strategy:
       fail-fast: false
       matrix: ${{fromJson(needs.get-core-matrix.outputs.matrix)}}
-  framework:
-    uses: ./.github/workflows/reusable-build-framework.yaml
-    secrets: inherit
-    with:
-      security_profile: ${{ matrix.security_profile }}
-    strategy:
-      fail-fast: false
-      matrix:
-        security_profile: [generic, fips]
-        framework_version: [master]
   install:
     uses: ./.github/workflows/reusable-install-test.yaml
     with:
@@ -345,7 +335,6 @@ jobs:
     needs:
       - core
       - standard
-      - framework
       - install
       - zfs
       - acceptance

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -54,54 +54,6 @@ jobs:
           # end of optional handling for multi line json
           echo "::set-output name=matrix::{\"include\": $content }"
 
-  build-framework:
-    runs-on: kvm
-    permissions:
-      id-token: write  # OIDC support
-      contents: write
-    strategy:
-      fail-fast: false
-      matrix:
-        security_profile:
-          - "generic"
-          - "fips"
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@main
-      - name: Install earthly
-        uses: Luet-lab/[email protected]
-        with:
-          repository: quay.io/kairos/packages
-          packages: utils/earthly
-      - name: Login to Quay Registry
-        run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
-      - name: Build  🔧
-        run: |
-          # Configure earthly to use the docker mirror in CI
-          # https://docs.earthly.dev/ci-integration/pull-through-cache#configuring-earthly-to-use-the-cache
-          mkdir -p ~/.earthly/
-          cat << EOF > ~/.earthly/config.yml
-          global:
-            buildkit_additional_config: |
-              [registry."docker.io"]
-                mirrors = ["registry.docker-mirror.svc.cluster.local:5000"]
-              [registry."registry.docker-mirror.svc.cluster.local:5000"]
-                insecure = true
-                http = true
-          EOF
-          earthly +multi-build-framework-image --SECURITY_PROFILE=${{ matrix.security_profile }} --FRAMEWORK_VERSION="git"
-      - name: Push to quay
-        env:
-          COSIGN_YES: true
-        if: startsWith(github.ref, 'refs/tags/')
-        run: |
-          export _IMG="$(cat build/FRAMEWORK_IMAGE)"
-          docker push "$_IMG" # Otherwise .RepoDigests will be empty for some reason
-          cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$_IMG")
-
   build-core:
     runs-on: ubuntu-latest
     needs:

diff --git a/.github/workflows/reusable-build-framework.yaml b/.github/workflows/reusable-build-framework.yaml
diff --git a/Earthfile b/Earthfile
@@ -230,83 +230,6 @@ luet:
 ### Image Build targets
 ###
 
-# This generates the framework base by installing luet packages generated with
-# the profile-build + framework-profile.yaml file.
-# Installs everything under the /framework dir and saves that as an artifact
-framework:
-    FROM golang:alpine
-
-    ARG SECURITY_PROFILE
-    IF [ "$SECURITY_PROFILE" = "fips" ]
-        ARG _SECURITY_PROFILE=fips
-    ELSE
-        ARG _SECURITY_PROFILE=generic
-    END
-
-    WORKDIR /build
-
-    COPY ./profile-build /build
-    COPY +luet/luet /usr/bin/luet
-
-    RUN go mod download
-    COPY framework-profile.yaml /build
-    RUN go run main.go ${_SECURITY_PROFILE} framework-profile.yaml /framework
-
-    RUN mkdir -p /framework/etc/kairos/
-    RUN luet database --system-target /framework get-all-installed --output /framework/etc/kairos/versions.yaml
-
-    # luet cleanup
-    RUN luet cleanup --system-target /framework
-    RUN rm -rf /var/luet
-    RUN rm -rf /var/cache
-
-    # COPY luet into the final framework
-    # TODO: Understand why?
-    COPY +luet/luet /framework/usr/bin/luet
-    COPY framework-profile.yaml /framework/etc/luet/luet.yaml
-
-    SAVE ARTIFACT --keep-own /framework/ framework
-
-multi-build-framework-image:
-    ARG --required SECURITY_PROFILE
-
-    BUILD --platform=linux/amd64 --platform=linux/arm64 +build-framework-image
-
-build-framework-image:
-    FROM alpine
-    ARG SECURITY_PROFILE
-    ARG FRAMEWORK_VERSION
-
-    IF [ "$SECURITY_PROFILE" = "fips" ]
-        ARG _SECURITY_PROFILE=fips
-    ELSE
-        ARG _SECURITY_PROFILE=generic
-    END
-
-    COPY +version/VERSION ./
-    DO +GIT_VERSION
-
-    ARG VERSION=$(cat ./GIT_VERSION)
-
-    IF [ "$FRAMEWORK_VERSION" = "" ]
-        ARG _FRAMEWORK_VERSION=master
-    ELSE IF [ "$FRAMEWORK_VERSION" = "git" ]
-        ARG _FRAMEWORK_VERSION=$VERSION
-    ELSE
-        ARG _FRAMEWORK_VERSION=$FRAMEWORK_VERSION
-    END
-
-    ARG _IMG="$IMAGE_REPOSITORY_ORG/framework:${_FRAMEWORK_VERSION}_${_SECURITY_PROFILE}"
-    RUN echo $_IMG > FRAMEWORK_IMAGE
-
-    SAVE ARTIFACT FRAMEWORK_IMAGE AS LOCAL build/FRAMEWORK_IMAGE
-
-    FROM scratch
-
-    COPY (+framework/framework --SECURITY_PROFILE=$_SECURITY_PROFILE) /
-
-    SAVE IMAGE --push $IMAGE_REPOSITORY_ORG/framework:${_FRAMEWORK_VERSION}_${_SECURITY_PROFILE}
-
 kairos-dockerfile:
     ARG --required FAMILY
     COPY ./images .
@@ -334,7 +257,7 @@ base-image:
     ARG KAIROS_VERSION=$(cat ./GIT_VERSION)
 
     IF [ "$FRAMEWORK_VERSION" = "" ]
-        ARG _FRAMEWORK_VERSION=master
+        ARG _FRAMEWORK_VERSION=main
     ELSE IF [ "$FRAMEWORK_VERSION" = "git" ]
         ARG _FRAMEWORK_VERSION=$VERSION
     ELSE

diff --git a/images/Dockerfile.alpine b/images/Dockerfile.alpine
@@ -10,7 +10,7 @@ ARG MODEL=generic
 ARG BASE_IMAGE=alpine
 ARG VARIANT
 ARG VERSION
-ARG FRAMEWORK_VERSION=master
+ARG FRAMEWORK_VERSION=main
 # Not to be confused with the concept of MODEL, this is either fips or generic
 ARG SECURITY_PROFILE=generic
 

diff --git a/images/Dockerfile.debian b/images/Dockerfile.debian
@@ -10,7 +10,7 @@ ARG MODEL=generic
 ARG BASE_IMAGE=debian:testing
 ARG VARIANT
 ARG VERSION
-ARG FRAMEWORK_VERSION=master
+ARG FRAMEWORK_VERSION=main
 # Not to be confused with the concept of MODEL, this is either fips or generic
 ARG SECURITY_PROFILE=generic
 # TARGETARCH is used to determine the architecture of the image

diff --git a/images/Dockerfile.kairos b/images/Dockerfile.kairos
@@ -1,6 +1,8 @@
 # WARNING: Do not build this image on its own, use the different Dockerfile.kairos-* instead
 FROM --platform="linux/${TARGETARCH}" quay.io/kairos/framework:${FRAMEWORK_VERSION}_${SECURITY_PROFILE} AS framework
 
+FROM quay.io/luet/base:0.35.0 AS luet
+
 FROM all AS base-kairos
 
 # Symlinks to make elemental installer work
@@ -9,6 +11,8 @@ RUN ORIG=/usr/bin/grub-editenv; DEST=/usr/sbin/grub2-editenv; [ -e $ORIG ] && [
 
 # Originally done in Earthly
 COPY --from=framework / /
+ENV LUET_NOLOCK=true
+COPY --from=luet /usr/bin/luet /usr/bin/luet
 
 RUN rm -rf /etc/ssh/ssh_host_*
 

diff --git a/images/Dockerfile.kairos-alpine b/images/Dockerfile.kairos-alpine
@@ -9,7 +9,7 @@ ARG MODEL=generic
 ARG BASE_IMAGE=alpine
 ARG VARIANT
 ARG VERSION
-ARG FRAMEWORK_VERSION=master
+ARG FRAMEWORK_VERSION=main
 # Not to be confused with the concept of MODEL, this is either fips or generic
 ARG SECURITY_PROFILE=generic
 
@@ -153,6 +153,8 @@ RUN rc-update add sshd boot && \
 
 FROM --platform="linux/${TARGETARCH}" quay.io/kairos/framework:${FRAMEWORK_VERSION}_${SECURITY_PROFILE} AS framework
 
+FROM quay.io/luet/base:0.35.0 AS luet
+
 FROM all AS base-kairos
 
 # Symlinks to make elemental installer work
@@ -161,6 +163,8 @@ RUN ORIG=/usr/bin/grub-editenv; DEST=/usr/sbin/grub2-editenv; [ -e $ORIG ] && [
 
 # Originally done in Earthly
 COPY --from=framework / /
+ENV LUET_NOLOCK=true
+COPY --from=luet /usr/bin/luet /usr/bin/luet
 
 RUN rm -rf /etc/ssh/ssh_host_*
 
@@ -184,15 +188,6 @@ ARG MODEL
 ARG REGISTRY_AND_ORG="quay.io/kairos"
 ARG K3S_VERSION
 ARG TARGETARCH
-ARG OS_NAME=kairos-${VARIANT}-${FLAVOR}-${FLAVOR_RELEASE}
-ENV KAIROS_VERSION="${VERSION}${K3S_VERSION:+-k3s$K3S_VERSION}"
-ENV OS_VERSION=${KAIROS_VERSION}
-ENV OS_LABEL=${KAIROS_VERSION}
-RUN OS_LABEL=$(naming.sh container_artifact_label) \
-    OS_REPO=$(naming.sh container_artifact_repo) \
-    ARTIFACT=$(naming.sh bootable_artifact_name) \
-    envsubst >>/etc/os-release </usr/lib/os-release.tmpl
-RUN naming.sh container_artifact_name > /IMAGE
 
 RUN rm -rf /etc/machine-id
 

diff --git a/images/Dockerfile.kairos-debian b/images/Dockerfile.kairos-debian
@@ -9,7 +9,7 @@ ARG MODEL=generic
 ARG BASE_IMAGE=debian:testing
 ARG VARIANT
 ARG VERSION
-ARG FRAMEWORK_VERSION=master
+ARG FRAMEWORK_VERSION=main
 # Not to be confused with the concept of MODEL, this is either fips or generic
 ARG SECURITY_PROFILE=generic
 # TARGETARCH is used to determine the architecture of the image
@@ -158,6 +158,8 @@ RUN rm -rf /var/cache/* && journalctl --vacuum-size=1K && rm /etc/machine-id &&
 
 FROM --platform="linux/${TARGETARCH}" quay.io/kairos/framework:${FRAMEWORK_VERSION}_${SECURITY_PROFILE} AS framework
 
+FROM quay.io/luet/base:0.35.0 AS luet
+
 FROM all AS base-kairos
 
 # Symlinks to make elemental installer work
@@ -166,6 +168,8 @@ RUN ORIG=/usr/bin/grub-editenv; DEST=/usr/sbin/grub2-editenv; [ -e $ORIG ] && [
 
 # Originally done in Earthly
 COPY --from=framework / /
+ENV LUET_NOLOCK=true
+COPY --from=luet /usr/bin/luet /usr/bin/luet
 
 RUN rm -rf /etc/ssh/ssh_host_*
 
@@ -189,15 +193,6 @@ ARG MODEL
 ARG REGISTRY_AND_ORG="quay.io/kairos"
 ARG K3S_VERSION
 ARG TARGETARCH
-ARG OS_NAME=kairos-${VARIANT}-${FLAVOR}-${FLAVOR_RELEASE}
-ENV KAIROS_VERSION="${VERSION}${K3S_VERSION:+-k3s$K3S_VERSION}"
-ENV OS_VERSION=${KAIROS_VERSION}
-ENV OS_LABEL=${KAIROS_VERSION}
-RUN OS_LABEL=$(naming.sh container_artifact_label) \
-    OS_REPO=$(naming.sh container_artifact_repo) \
-    ARTIFACT=$(naming.sh bootable_artifact_name) \
-    envsubst >>/etc/os-release </usr/lib/os-release.tmpl
-RUN naming.sh container_artifact_name > /IMAGE
 
 RUN rm -rf /etc/machine-id
 

diff --git a/images/Dockerfile.kairos-opensuse b/images/Dockerfile.kairos-opensuse
@@ -9,7 +9,7 @@ ARG MODEL=generic
 ARG BASE_IMAGE
 ARG VARIANT
 ARG VERSION
-ARG FRAMEWORK_VERSION=master
+ARG FRAMEWORK_VERSION=main
 # Not to be confused with the concept of MODEL, this is either fips or generic
 ARG SECURITY_PROFILE=generic
 # TARGETARCH is used to determine the architecture of the image
@@ -162,6 +162,8 @@ RUN zypper in --force-resolution -y \
 
 FROM --platform="linux/${TARGETARCH}" quay.io/kairos/framework:${FRAMEWORK_VERSION}_${SECURITY_PROFILE} AS framework
 
+FROM quay.io/luet/base:0.35.0 AS luet
+
 FROM all AS base-kairos
 
 # Symlinks to make elemental installer work
@@ -170,6 +172,8 @@ RUN ORIG=/usr/bin/grub-editenv; DEST=/usr/sbin/grub2-editenv; [ -e $ORIG ] && [
 
 # Originally done in Earthly
 COPY --from=framework / /
+ENV LUET_NOLOCK=true
+COPY --from=luet /usr/bin/luet /usr/bin/luet
 
 RUN rm -rf /etc/ssh/ssh_host_*
 
@@ -193,15 +197,6 @@ ARG MODEL
 ARG REGISTRY_AND_ORG="quay.io/kairos"
 ARG K3S_VERSION
 ARG TARGETARCH
-ARG OS_NAME=kairos-${VARIANT}-${FLAVOR}-${FLAVOR_RELEASE}
-ENV KAIROS_VERSION="${VERSION}${K3S_VERSION:+-k3s$K3S_VERSION}"
-ENV OS_VERSION=${KAIROS_VERSION}
-ENV OS_LABEL=${KAIROS_VERSION}
-RUN OS_LABEL=$(naming.sh container_artifact_label) \
-    OS_REPO=$(naming.sh container_artifact_repo) \
-    ARTIFACT=$(naming.sh bootable_artifact_name) \
-    envsubst >>/etc/os-release </usr/lib/os-release.tmpl
-RUN naming.sh container_artifact_name > /IMAGE
 
 RUN rm -rf /etc/machine-id