Skip to content

Commit

Permalink
Merge pull request #10 from detiber/rechunk-chonky
Browse files Browse the repository at this point in the history
Rechunk the chonky boi
  • Loading branch information
castrojo authored Dec 20, 2024
2 parents 120d065 + 0189f89 commit 2c8dede
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 35 deletions.
67 changes: 43 additions & 24 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ env:
IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}"
DEFAULT_TAG: "latest"
CENTOS_VERSION: "stream10"
LOGO_URL: "https://avatars.githubusercontent.com/u/120078124?s=200&v=4"
README_URL: "https://raw.githubusercontent.com/${{ github.repository }}/main/README.md"

concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
Expand Down Expand Up @@ -94,6 +96,37 @@ jobs:
echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
- name: Build Image
id: build-image
shell: bash
run: |
just=$(which just)
sudo $just build "${IMAGE_NAME}" "${DEFAULT_TAG}"
# Reprocess raw-img using rechunker which will delete it
- name: Run Rechunker
id: rechunk
uses: hhd-dev/[email protected]
with:
rechunk: 'ghcr.io/hhd-dev/rechunk:v1.0.1'
ref: "localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
prev-ref: "${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
skip_compression: true
version: ${{ env.CENTOS_VERSION }}
labels: |
org.opencontainers.image.title=${{ env.IMAGE_NAME }}
org.opencontainers.image.description=${{ env.IMAGE_DESC }}
io.artifacthub.package.readme-url=${{ env.README_URL }}
io.artifacthub.package.logo-url=${{ env.LOGO_URL }}
- name: Load in podman and tag
run: |
IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
sudo rm -rf ${{ steps.rechunk.outputs.output }}
for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do
podman tag $IMAGE ${{ env.IMAGE_NAME }}:$tag
done
# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
# https://github.com/macbre/push-to-ghcr/issues/12
- name: Lowercase Registry
Expand All @@ -102,38 +135,24 @@ jobs:
with:
string: ${{ env.IMAGE_REGISTRY }}

- name: Build Image
id: build-image
shell: bash
run: |
IMAGE_FULL="${{ steps.registry_case.outputs.lowercase }}/${IMAGE_NAME}"
just build "${IMAGE_FULL}" "${DEFAULT_TAG}"
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Push to GHCR
id: push
# Push the image to GHCR (Image Registry)
- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
if: github.event_name != 'pull_request'
uses: Wandalen/wretry.action@ffdd254f4eaf1562b8a2c66aeaa37f1ff2231179 # v3.7.3
id: push
with:
attempt_limit: 3
attempt_delay: 15000
command: |
set -euox pipefail
IMAGE_FULL="${{ steps.registry_case.outputs.lowercase }}/${IMAGE_NAME}"
for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do
podman push "${IMAGE_FULL}:${DEFAULT_TAG}" "${IMAGE_FULL}:${tag}"
done
digest=$(skopeo inspect "docker://${IMAGE_FULL}:${DEFAULT_TAG}" --format '{{.Digest}}')
echo "digest=${digest}" >> $GITHUB_OUTPUT
registry: ${{ steps.registry_case.outputs.lowercase }}
image: ${{ env.IMAGE_NAME }}
tags: ${{ steps.generate-tags.outputs.alias_tags }}
extra-args: |
--disable-content-trust
- name: Install Cosign
uses: sigstore/[email protected]
Expand All @@ -145,6 +164,6 @@ jobs:
IMAGE_FULL="${{ steps.registry_case.outputs.lowercase }}/${IMAGE_NAME}"
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${IMAGE_FULL}@${TAGS}
env:
TAGS: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }}
TAGS: ${{ steps.push.outputs.digest }}
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
42 changes: 31 additions & 11 deletions Justfile
Original file line number Diff line number Diff line change
Expand Up @@ -74,9 +74,9 @@ build $target_image=image_name $tag=default_tag:
BUILD_ARGS+=("--build-arg" "MAJOR_VERSION=${centos_version}")
# BUILD_ARGS+=("--build-arg" "IMAGE_NAME=${image_name}")
# BUILD_ARGS+=("--build-arg" "IMAGE_VENDOR=${repo_organization}")
if [[ -z "$(git status -s)" ]]; then
BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=$(git rev-parse --short HEAD)")
fi
# if [[ -z "$(git status -s)" ]]; then
# BUILD_ARGS+=("--build-arg" "SHA_HEAD_SHORT=$(git rev-parse --short HEAD)")
# fi

LABELS=()
LABELS+=("--label" "org.opencontainers.image.title=${image_name}")
Expand All @@ -92,17 +92,37 @@ build $target_image=image_name $tag=default_tag:
--tag "${target_image}:${tag}" \
.

_build-bib $target_image $tag $type $config:
#!/usr/bin/env bash
set -euo pipefail
_rootful_load_image $target_image=image_name $tag=default_tag:
#!/usr/bin/bash
set -eoux pipefail

if ! sudo podman image exists "${target_image}" ; then
echo "Ensuring image is on root storage"
COPYTMP=$(mktemp -p "${PWD}" -d -t _build_podman_scp.XXXXXXXXXX)
sudo podman image scp "$USER@localhost::${target_image}" root@localhost::
rm -rf "${COPYTMP}"
if [[ -n "${SUDO_USER:-}" || "${UID}" -eq "0" ]]; then
echo "Already root or running under sudo, no need to load image from user podman."
exit 0
fi

set +e
resolved_tag=$(podman inspect -t image "${target_image}:${tag}" | jq -r '.[].RepoTags.[0]')
return_code=$?
set -e

if [[ $return_code -eq 0 ]]; then
# Load into Rootful Podman
ID=$(just sudoif podman images --filter reference="${target_image}:${tag}" --format "'{{ '{{.ID}}' }}'")
if [[ -z "$ID" ]]; then
COPYTMP=$(mktemp -p "${PWD}" -d -t _build_podman_scp.XXXXXXXXXX)
just sudoif TMPDIR=${COPYTMP} podman image scp ${UID}@localhost::"${target_image}:${tag}" root@localhost::"${target_image}:${tag}"
rm -rf "${COPYTMP}"
fi
else
# Make sure the image is present and/or up to date
just sudoif podman pull "${target_image}:${tag}"
fi

_build-bib $target_image $tag $type $config: (_rootful_load_image target_image tag)
#!/usr/bin/env bash
set -euo pipefail
echo "Cleaning up previous build"
sudo rm -rf "output/${type}" || true
sudo rm "output/manifest-${type}.json" || true
Expand Down

0 comments on commit 2c8dede

Please sign in to comment.