[wip] rechunk the chonky boi

centos-workstation · Dec 19, 2024 · beaa45f · beaa45f
1 parent aba37d3
commit beaa45f
Showing 1 changed file with 122 additions and 1 deletion.
diff --git a/Justfile b/Justfile
@@ -2,6 +2,7 @@ export repo_organization := env("GITHUB_REPOSITORY_OWNER", "centos-workstation")
 export image_name := env("IMAGE_NAME", "main")
 export centos_version := env("CENTOS_VERSION", "stream10")
 export default_tag := env("DEFAULT_TAG", "latest")
+export rechunker_image := "ghcr.io/hhd-dev/rechunk:v1.0.1"
 
 [private]
 default:
@@ -133,7 +134,6 @@ _build-bib $target_image $tag $type $config:
       sudo qemu-img resize "output/qcow2/disk.qcow2" 80G
     fi
 
-
 build-vm $target_image=("localhost/" + image_name) $tag=default_tag: && (_build-bib target_image tag "qcow2" "image-builder.config.toml")
 build-iso $target_image=("localhost/" + image_name) $tag=default_tag: && (_build-bib target_image tag "iso" "image-builder-iso.config.toml")
 
@@ -204,3 +204,124 @@ run-iso $target_image=("localhost/" + image_name) $tag=default_tag:
     podman run "${run_args[@]}" &
     xdg-open http://localhost:${port}
     fg "%podman"
+
+export rechunk_dir := "_build_rechunk"
+
+rechunk $target_image=("localhost/" + image_name) $centos_version="stream10" $tag="latest":
+    #!/usr/bin/bash
+    set -eoux pipefail
+
+    if [[ $target_image == localhost/* ]]; then
+        # Check if image is already built
+        ID=$(podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'")
+        if [[ -z "$ID" ]]; then
+            just build "${centos_version}" "${tag}"
+        fi
+
+        # Load into Rootful Podman
+        ID=$(just sudoif podman images --filter reference=localhost/"${image_name}":"${tag}" --format "'{{ '{{.ID}}' }}'")
+        if [[ -z "$ID" ]]; then
+            COPYTMP=$(mktemp -p "${PWD}" -d -t _build_podman_scp.XXXXXXXXXX)
+            just sudoif TMPDIR=${COPYTMP} podman image scp ${UID}@localhost::localhost/"${image_name}":"${tag}" root@localhost::localhost/"${image_name}":"${tag}"
+            rm -rf "${COPYTMP}"
+        fi
+    else
+        # Make sure the image is present and/or up to date
+        just sudoif podman pull "${target_image}:${tag}"
+    fi
+
+    # Prep Container
+    CREF=$(just sudoif podman create "${target_image}":"${tag}" bash)
+    OLD_IMAGE=$(just sudoif podman inspect $CREF | jq -r '.[].Image')
+    OUT_NAME="${image_name}_build"
+    MOUNT=$(just sudoif podman mount "${CREF}")
+
+    # Label Version
+    if [[ "{{ tag }}" =~ stable ]]; then
+        VERSION="${centos_version}.$(date +%Y%m%d)"
+    else
+        VERSION="${tag}-${centos_version}.$(date +%Y%m%d)"
+    fi
+
+    # TODO: port over cleanup code to facilitate running in GitHub actions
+
+    # Run Rechunker's Prune
+    just sudoif podman run --rm \
+        --pull=newer \
+        --security-opt label=disable \
+        --volume "$MOUNT":/var/tree \
+        --env TREE=/var/tree \
+        --user 0:0 \
+        "${rechunker_image}" \
+        /sources/rechunk/1_prune.sh
+
+    # Run Rechunker's Create
+    just sudoif podman run --rm \
+        --pull=newer \
+        --security-opt label=disable \
+        --volume "$MOUNT":/var/tree \
+        --env TREE=/var/tree \
+        --user 0:0 \
+        "${rechunker_image}" \
+        /sources/rechunk/1_prune.sh
+
+    # Cleanup Temp Container Reference
+    just sudoif podman unmount "$CREF"
+    just sudoif podman rm "$CREF"
+    just sudoif podman rmi "$OLD_IMAGE"
+
+    mkdir -p "${rechunk_dir}"
+
+    SHA="dedbeef"
+    if [[ -z "$(git status -s)" ]]; then
+        SHA=$(git rev-parse HEAD)
+    fi
+
+    PREV_REF="ghcr.io/${repo_organization}/${image_name}:${tag}"
+    just sudoif podman run --rm \
+        --pull=newer \
+        --security-opt label=disable \
+        --volume "${PWD}/${rechunk_dir}:/workspace" \
+        --volume "${PWD}:/var/git" \
+        --volume cache_ostree:/var/ostree \
+        --env REPO=/var/ostree/repo \
+        --env PREV_REF="${PREV_REF}" \
+        --env OUT_NAME="${OUT_NAME}" \
+        --env LABELS="org.opencontainers.image.title=${image_name}$'\n'" \
+        --env "DESCRIPTION='CentOS based images'" \
+        --env "VERSION=${VERSION}" \
+        --env VERSION_FN=/workspace/version.txt \
+        --env OUT_REF="oci:$OUT_NAME" \
+        --env GIT_DIR="/var/git" \
+        --env REVISION="$SHA" \
+        --user 0:0 \
+        "${rechunker_image}" \
+        /sources/rechunk/3_chunk.sh
+
+    # Fix Permissions of OCI
+    if [[ "${UID}" -gt "0" ]]; then
+        just sudoif chown "${UID}:${GROUPS}" -R "${rechunk_dir}"
+    elif [[ -n "${SUDO_UID:-}" ]]; then
+        chown "${SUDO_UID}":"${SUDO_GID}" -R "${rechunk_dir}"
+    fi
+
+    # Remove cache_ostree
+    just sudoif podman volume rm cache_ostree
+
+    # Show OCI Labels
+    just sudoif skopeo inspect oci:"${rechunk_dir}"/"${OUT_NAME}" | jq -r '.Labels'
+
+    rm -rf "${rechunk_dir}"
+
+load-rechunk $tag="latest":
+    #!/usr/bin/bash
+    set -eou pipefail
+
+    # Load Image
+    OUT_NAME="${image_name}_build"
+    IMAGE=$(podman pull "oci:${rechunk_dir}/${OUT_NAME}")
+    podman tag ${IMAGE} "localhost/${image_name}:${tag}"
+
+    # Cleanup
+    just sudoif "rm -rf ${OUT_NAME}*"
+    just sudoif "rm -f previous.manifest.json"