os-images/.github/workflows/publish-gardenlinux-ironcore.yml at 73fa2863aaef70976c90b714235727621bf92af1 · ironcore-dev/os-images · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
name: Publish GardenLinux New OCI Image

on:
  pull_request:
  workflow_dispatch:
    inputs:
      version:
        description: "Specify the GardenLinux version to process (e.g., 1877.0)"
        required: true

jobs:
  publish:
    runs-on: ubuntu-latest

    steps:
      - name: Set Version
        run: echo "VERSION=1877.0" >> $GITHUB_ENV

      - name: Checkout Repository
        uses: actions/checkout@v2

      - name: Install Dependencies
        run: |
          sudo apt-get update -qq
          sudo apt-get install -y jq curl git make

      - name: Setup ORAS
        uses: oras-project/setup-oras@v1

      - name: Fetch and Process Metal PXE Layers
        id: fetch-and-process
        run: |
          INDEX_MANIFEST=$(oras manifest fetch ghcr.io/gardenlinux/gardenlinux:1877.0 | jq)
          echo "$INDEX_MANIFEST" > index-manifest.json
          jq -c '.manifests[] | select(.annotations.cname? and (.annotations.cname | startswith("metal_pxe")))' index-manifest.json > metal-pxe-layers.json
          mkdir -p binaries/amd64 binaries/arm64
          for layer in $(jq -c '.[]' metal-pxe-layers.json); do
            ARCH=$(echo $layer | jq -r '.platform.architecture')
            DIGEST=$(echo $layer | jq -r '.digest')
            MANIFEST=$(oras manifest fetch ghcr.io/gardenlinux/gardenlinux@$DIGEST | jq)
            echo "$MANIFEST" > manifest-$ARCH.json
            for binary in initrd vmlinuz root.squashfs; do
              BINARY_DIGEST=$(echo $MANIFEST | jq -r ".layers[] | select(.annotations.\"org.opencontainers.image.title\" == \"$binary\").digest")
              curl -L -o binaries/$ARCH/$binary ghcr.io/v2/gardenlinux/gardenlinux/blobs/$BINARY_DIGEST
            done
          done

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Authenticate with GitHub
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          echo "Authenticating with GitHub..."
          git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/"

      - name: Clone Ironcore Image Repository
        run: |
          git clone https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/ironcore-dev/ironcore-image.git
          cd ironcore-image
          make build

      - name: Build New OCI Image
        run: |
          cd ironcore-image
          ./bin/ironcore-image build \
            --tag ghcr.io/ironcore-dev/os-images/test-image:${{ github.event.inputs.version }} \
            --config arch=amd64,squashfs=../binaries/amd64/squashfs,initramfs=../binaries/amd64/initrd,kernel=../binaries/amd64/vmlinuz \
            --config arch=arm64,squashfs=../binaries/arm64/squashfs,initramfs=../binaries/arm64/initrd,kernel=../binaries/arm64/vmlinuz

      - name: Push New OCI Image
        run: |
          cd ironcore-image
          ./ironcore-image push ghcr.io/ironcore-dev/os-images/test-image:${{ github.event.inputs.version }} --push-sub-manifests