JasonN3 · JasonN3 · Mar 19, 2024 · Mar 19, 2024 · Mar 19, 2024 · Mar 19, 2024
@@ -22,7 +22,7 @@ jobs:
     uses: ./.github/workflows/build_vars.yml
 
   run-all_tests:
-    name: Run All Tests
+    name: All Tests
     if: >
       github.event.issue.pull_request && 
       contains(github.event.comment.body, '/run tests')
@@ -36,6 +36,9 @@ jobs:
     with:
       pr: ${{ github.event.issue.number }}
       parent_job_name: Run All Tests
+    secrets:
+      RH_REPO: ${{ secrets.RH_REPO }}
+      RH_ENT: ${{ secrets.RH_ENT }}
 
   run_build_container:
     name: Run Build Container
@@ -52,6 +55,9 @@ jobs:
     with:
       pr: ${{ github.event.issue.number }}
       parent_job_name: Run Build Container
+    secrets:
+      RH_REPO: ${{ secrets.RH_REPO }}
+      RH_ENT: ${{ secrets.RH_ENT }}
 
   run_build_iso:
     name: Run Build ISO
@@ -69,36 +75,50 @@ jobs:
       pr: ${{ github.event.issue.number }}
       parent_job_name: Run Build ISO
 
-  run_test_iso:
-    name: Run ISO Tests
+  run_build_iso_rhel:
+    name: Run Build RHEL ISO
     if: >
       github.event.issue.pull_request && 
-      contains(github.event.comment.body, '/run test iso')
+      contains(github.event.comment.body, '/run build iso')
+    permissions:
+      contents: read
+      packages: write
+      statuses: write
+    needs:
+      - permissions
+    uses: ./.github/workflows/build_iso_rhel.yml
+    with:
+      pr: ${{ github.event.issue.number }}
+      parent_job_name: Run Build ISO
+    secrets:
+      RH_REPO: ${{ secrets.RH_REPO }}
+      RH_ENT: ${{ secrets.RH_ENT }}
+
+  run_test_iso:
+    name: Run ISO Tests
     permissions:
       contents: read
       packages: write
       statuses: write
     needs:
       - permissions
       - load_vars
+      - run_build_iso
     uses: ./.github/workflows/test_iso.yml
     with:
       pr: ${{ github.event.issue.number }}
       parent_job_name: Run ISO Tests
 
   run_test_deployment:
     name: Run ISO Deployment Tests
-    if: >
-      github.event.issue.pull_request && 
-      contains(github.event.comment.body, '/run test iso')
     permissions:
       contents: read
       packages: write
       statuses: write
     needs:
       - permissions
       - load_vars
-      - run_test_iso
+      - run_build_iso
     uses: ./.github/workflows/test_deployment.yml
     with:
       pr: ${{ github.event.issue.number }}

@@ -9,12 +9,19 @@ on:
       parent_job_name:
         required: true
         type: string
+    secrets:
+      RH_REPO: 
+        required: true
+      RH_ENT:
+        required: true
+
+
 
 jobs:
   build-container:
     if: >
       github.event_name == 'push' ||
-      github.event_name == 'issue_comment'  ||
+      github.event_name == 'issue_comment' ||
       github.event_name == 'workflow_dispatch'
     name: Build Container Image
     env:
@@ -24,6 +31,19 @@ jobs:
       contents: read
       packages: write
       statuses: write
+    continue-on-error: false
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - registry.fedoraproject.org/fedora
+          - registry.access.redhat.com/ubi9/ubi
+        include:
+          - os: registry.fedoraproject.org/fedora
+            tag: 39
+          - os: registry.access.redhat.com/ubi9/ubi
+            tag: latest
+            append: ubi
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -67,7 +87,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ghcr.io/${{ github.repository }}
+            ghcr.io/${{ github.repository }}${{ matrix.append && format('-{0}', matrix.append) }}
           tags: |
             type=ref,event=branch
             type=ref,event=pr
@@ -81,17 +101,31 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ghcr.io/${{ github.repository }}
+            ghcr.io/${{ github.repository }}${{ matrix.append && format('-{0}', matrix.append) }}
           tags: |
             pr-${{ inputs.pr }}
 
+      - name: Get UBI Subs
+        if: matrix.append == 'ubi'
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ secrets.RH_REPO }}
+          ssh-key: ${{ secrets.RH_ENT }}
+          persist-credentials: false
+          path: ubi
+
       - name: Buildah Build
         id: build-image
         uses: redhat-actions/buildah-build@v2
         with:
           containerfiles: Containerfile
           tags: ${{ steps.meta.outputs.tags || steps.meta_pr.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }}
+          build-args: |
+            BASE_IMAGE=${{ matrix.os }}
+            IMAGE_VERSION=${{ matrix.tag }}
+          extra-args: |
+            ${{ matrix.append == 'ubi' && format('--volume={0}/ubi:/run/secrets', github.workspace) || ''}}
 
       - name: Push image
         uses: redhat-actions/push-to-registry@v2
@@ -109,4 +143,4 @@ jobs:
           status: ${{ job.status }}
           context: ${{ env.JOB_NAME }}
           sha: ${{ env.sha }}
-          targetUrl: ${{ steps.jobs.outputs.html_url }}
+          targetUrl: ${{ steps.jobs.outputs.html_url }}
@@ -71,7 +71,7 @@ jobs:
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           status: pending
-          context: ${{ env.JOB_NAME }} (${{ matrix.version }})
+          context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})"
           sha: ${{ env.sha }}
           targetUrl: ${{ steps.jobs.outputs.html_url }}
 
@@ -124,6 +124,7 @@ jobs:
           secure_boot_key_url: ${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }}
           enrollment_password: ${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }}
           iso_name: build/${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso
+          repos: '/etc/yum.repos.d/fedora.repo /etc/yum.repos.d/fedora-updates.repo'
 
       - name: Upload ISO as artifact
         id: upload
@@ -144,7 +145,7 @@ jobs:
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           status: ${{ job.status }}
-          context: ${{ env.JOB_NAME }} (${{ matrix.version }})
+          context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})"
           sha: ${{ env.sha }}
           targetUrl: ${{ steps.jobs.outputs.html_url }}
 
@@ -0,0 +1,158 @@
+name: Build ISO
+
+on:
+  workflow_call:
+    inputs:
+      pr:
+        required: false
+        type: string
+      parent_job_name:
+        required: true
+        type: string
+      suffix:
+        required: false
+        type: string
+    secrets:
+      RH_REPO: 
+        required: true
+      RH_ENT:
+        required: true
+
+jobs:
+  load_vars:
+    name: Load Variables
+    uses: ./.github/workflows/build_vars_rhel.yml
+
+  build_iso:
+    name: Build ISO
+    env:
+      JOB_NAME: Build ISO
+    runs-on: ubuntu-latest
+    needs:
+      - load_vars
+    permissions:
+      contents: read
+      packages: write
+      statuses: write
+    continue-on-error: false
+    strategy:
+      fail-fast: false
+      matrix:
+        version: ${{ fromJson(needs.load_vars.outputs.BUILD_VERSIONS) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Switch branch
+        if: inputs.pr
+        env:
+          GITHUB_USER: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ github.token }}
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y hub
+          hub pr checkout ${{ inputs.pr }}
+          echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV
+
+      - name: Get Current Job Log URL
+        if: inputs.pr && always()
+        uses: Tiryoh/gha-jobid-action@v1
+        id: jobs
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})"
+
+      - name: Set status
+        if: inputs.pr && always()
+        uses: myrotvorets/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: pending
+          context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})"
+          sha: ${{ env.sha }}
+          targetUrl: ${{ steps.jobs.outputs.html_url }}
+
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          # this might remove tools that are actually needed,
+          # if set to "true" but frees about 6 GB
+          tool-cache: false
+
+          # all of these default to true, but feel free to set to
+          # "false" if necessary for your workflow
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          docker-images: true
+          swap-storage: true
+
+      - name: Lowercase Registry
+        id: registry_case
+        uses: ASzc/change-string-case-action@v6
+        with:
+          string: ${{ needs.load_vars.outputs.IMAGE_REPO }}
+
+      - name: Get image version
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+
+      - name: Login to Registry
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Get UBI Subs
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ secrets.RH_REPO }}
+          ssh-key: ${{ secrets.RH_ENT }}
+          persist-credentials: false
+          path: ubi
+
+      - name: Build ISO
+        uses: ./
+        id: build
+        with:
+          arch: ${{ needs.load_vars.outputs.ARCH }}
+          enrollment_password: ${{ needs.load_vars.outputs.ENROLLMENT_PASSWORD }}
+          image_name: ${{ needs.load_vars.outputs.IMAGE_NAME }}
+          image_repo: ${{ needs.load_vars.outputs.IMAGE_REPO }}
+          image_tag: ${{ needs.load_vars.outputs.IMAGE_TAG }}
+          iso_name: build/${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso
+          repos: '/etc/yum.repos.d/redhat.repo'
+          secrets_dir: ${{ format('{0}/ubi', github.workspace) }}
+          secure_boot_key_url: ${{ needs.load_vars.outputs.SECURE_BOOT_KEY_URL }}
+          ubi: "true"
+          variant: ${{ needs.load_vars.outputs.VARIANT }}
+          version: ${{ matrix.version }}
+
+      - name: Upload ISO as artifact
+        id: upload
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}
+          path: |
+            build/${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso
+            build/${{ needs.load_vars.outputs.IMAGE_NAME }}-${{ matrix.version }}${{ inputs.suffix && format('-{0}', inputs.suffix || '') }}.iso-CHECKSUM
+          if-no-files-found: error
+          retention-days: 0
+          compression-level: 0
+          overwrite: true
+
+      - name: Set status
+        if: inputs.pr && always()
+        uses: myrotvorets/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: ${{ job.status }}
+          context: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }} (${{ matrix.version }})"
+          sha: ${{ env.sha }}
+          targetUrl: ${{ steps.jobs.outputs.html_url }}
+
@@ -0,0 +1,31 @@
+name: Build Vars
+
+on:
+  workflow_call:
+    outputs:
+      ARCH:
+        value: 'x86_64'
+      BUILD_VERSIONS:
+        value: '[9.3]'
+      IMAGE_NAME:
+        value: 'fedora-bootc'
+      IMAGE_REPO:
+        value: 'quay.io/centos-bootc'
+      IMAGE_TAG:
+        value: 'eln'
+      VARIANT:
+        value: 'Server'
+      SECURE_BOOT_KEY_URL:
+        value: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
+      ENROLLMENT_PASSWORD:
+        value: 'container-installer'
+
+
+jobs:
+  load-vars:
+    name: Load Variables
+    runs-on: ubuntu-latest
+    steps:
+      - name: Sucess
+        run:
+          echo "Vars loaded"