ver4a/ostree-native-containers
1
0
Fork 0
Code Activity Actions
ostree-native-containers/.forgejo/workflows/build-image.yaml
ver4a ddea58d2e6
All checks were successful
/ build-kde (push) Successful in 20m54s
Details
ci: Refactor onc-kde:main-nvidia-ver4a
2025-04-29 11:12:36 +02:00

193 lines
11 KiB
YAML
Raw Blame History

on:
push:
schedule:
- cron: '0 5 * * *'
jobs:
build-kde:
runs-on: oci-builder
steps:
- uses: actions/checkout@v4
- run: cd ${{ env.GITHUB_WORKSPACE }}
- name: 'Log in to registry'
run: >
buildah login
-u ${{ vars.REGISTRY_USERNAME }}
-p ${{ secrets.REGISTRY_PASSWORD }}
${{ vars.REGISTRY_DOMAIN }}
# base
- run: mkdir cache
- name: 'Build image - onc-kde:main'
run: >
buildah bud
-f Dockerfile.kde
-t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main
--userns=container
--security-opt=no-new-privileges
--annotation=quay.expires-after=
-v ${{ env.GITHUB_WORKSPACE }}/cache:/var/cache/libdnf5:Z
--build-arg REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
--build-arg NAMESPACE=${{ vars.NAMESPACE }}
- name: 'Push image - onc-kde:main'
run: >
buildah push
--compression-format=zstd
--compression-level=${{ vars.COMPRESSION_LEVEL }}
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main
- name: 'Make expiring image - onc-kde:main'
run: >
buildah bud
-f <(echo FROM scratch)
--from ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main
-t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main.expiring
--label quay.expires-after=4w
--annotation quay.expires-after=4w
- name: 'Push dated (expiring) image - onc-kde:main'
run: >
buildah push
--compression-format=zstd
--compression-level=${{ vars.COMPRESSION_LEVEL }}
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main.expiring
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:$(buildah inspect -t image -f '{{ index .OCIv1.Config.Labels "org.opencontainers.image.version" }}' ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main)
# base + ver4a's configuration
- name: 'Build image - onc-kde:main-ver4a'
run: >
buildah bud
-f Dockerfile.kde-ver4a
-t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a
--userns=container
--security-opt=no-new-privileges
--annotation=quay.expires-after=
-v ${{ env.GITHUB_WORKSPACE }}/cache:/var/cache/libdnf5:Z
--build-arg REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
--build-arg NAMESPACE=${{ vars.NAMESPACE }}
- name: 'Push image - onc-kde:main-ver4a'
run: >
buildah push
--compression-format=zstd
--compression-level=${{ vars.COMPRESSION_LEVEL }}
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a
- name: 'Make expiring image - onc-kde:main-ver4a'
run: >
buildah bud
-f <(echo FROM scratch)
--from ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a
-t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a.expiring
--label quay.expires-after=4w
--annotation quay.expires-after=4w
- name: 'Push dated (expiring) image - onc-kde:main-ver4a'
run: >
buildah push
--compression-format=zstd
--compression-level=${{ vars.COMPRESSION_LEVEL }}
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a.expiring
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:$(buildah inspect -t image -f '{{ index .OCIv1.Config.Labels "org.opencontainers.image.version" }}' ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a)-ver4a
# base + nvidia
- name: 'Build image - onc-kde:main-nvidia'
run: >
buildah bud
-f Dockerfile.kde-nvidia
-t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia
--userns=container
--security-opt=no-new-privileges
--annotation=quay.expires-after=
-v ${{ env.GITHUB_WORKSPACE }}/cache:/var/cache/libdnf5:Z
--build-arg REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
--build-arg NAMESPACE=${{ vars.NAMESPACE }}
- name: 'Push image - onc-kde:main-nvidia'
run: >
buildah push
--compression-format=zstd
--compression-level=${{ vars.COMPRESSION_LEVEL }}
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia
- name: 'Make expiring image - onc-kde:main-nvidia'
run: >
buildah bud
-f <(echo FROM scratch)
--from ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia
-t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia.expiring
--label quay.expires-after=4w
--annotation quay.expires-after=4w
- name: 'Push dated (expiring) image - onc-kde:main-nvidia'
run: >
buildah push
--compression-format=zstd
--compression-level=${{ vars.COMPRESSION_LEVEL }}
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia.expiring
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:$(buildah inspect -t image -f '{{ index .OCIv1.Config.Labels "org.opencontainers.image.version" }}' ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia)-nvidia
# base + nvidia + ver4a's configuration
- name: 'Build image - onc-kde:main-nvidia-ver4a'
run: >
buildah bud
-f Dockerfile.kde-nvidia-ver4a
-t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a
--userns=container
--security-opt=no-new-privileges
--annotation=quay.expires-after=
-v ${{ env.GITHUB_WORKSPACE }}/cache:/var/cache/libdnf5:Z
--build-arg REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
--build-arg NAMESPACE=${{ vars.NAMESPACE }}
- name: 'Push image - onc-kde:main-nvidia-ver4a'
run: >
buildah push
--compression-format=zstd
--compression-level=${{ vars.COMPRESSION_LEVEL }}
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a
- name: 'Make expiring image - onc-kde:main-nvidia-ver4a'
run: >
buildah bud
-f <(echo FROM scratch)
--from ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a
-t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a.expiring
--label quay.expires-after=4w
--annotation quay.expires-after=4w
- name: 'Push dated (expiring) image - onc-kde:main-nvidia-ver4a'
run: >
buildah push
--compression-format=zstd
--compression-level=${{ vars.COMPRESSION_LEVEL }}
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a.expiring
${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:$(buildah inspect -t image -f '{{ index .OCIv1.Config.Labels "org.opencontainers.image.version" }}' ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a)-nvidia-ver4a
- if: '!cancelled()'
run: >
podman image rm -f ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main && podman image prune -f &&
podman image rm -f ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-ver4a && podman image prune -f &&
podman image rm -f ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia && podman image prune -f &&
podman image rm -f ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-kde:main-nvidia-ver4a && podman image prune -f
# build-gnome:
# runs-on: oci-builder
# steps:
# - uses: actions/checkout@v4
# - run: cd ${{ env.GITHUB_WORKSPACE }}
# - run: podman login -u ${{ vars.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }} ${{ vars.REGISTRY_DOMAIN }}
# # base
# - run: mkdir cache
# # Waits for a CI pull lock to be released before starting a new pull
# - run: flock -x /tmp/CI-podman-pull-lock -c 'podman pull quay.io/fedora-ostree-desktops/silverblue:42'
# - run: podman build . -f Dockerfile.gnome --userns container --security-opt no-new-privileges --no-cache --pull=never -v ${PWD}/cache:/var/cache/libdnf5:Z --squash --build-arg REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }} --build-arg NAMESPACE=${{ vars.NAMESPACE }} -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main --annotation quay.expires-after=
# - run: podman push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main
# - run: podman build -f Dockerfile.scratch --from ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main --label quay.expires-after=4w --annotation quay.expires-after=4w
# - run: podman push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:$(podman image inspect -f '{{ index .Labels "org.opencontainers.image.version" }}' ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main)
# # base + nvidia
# - run: podman build . -f Dockerfile.gnome-nvidia --userns container --security-opt no-new-privileges --no-cache --pull=never -v ${PWD}/cache:/var/cache/libdnf5:Z --squash --build-arg REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }} --build-arg NAMESPACE=${{ vars.NAMESPACE }} -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main-nvidia --annotation quay.expires-after=
# - run: podman push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main-nvidia ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main-nvidia
# - run: podman build -f Dockerfile.scratch --from ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main-nvidia -t ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main-nvidia --label quay.expires-after=4w --annotation quay.expires-after=4w
# - run: podman push --compression-format=zstd --compression-level=${{ vars.COMPRESSION_LEVEL }} ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main-nvidia ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:$(podman image inspect -f '{{ index .Labels "org.opencontainers.image.version" }}' ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main)-nvidia
# - if: '!cancelled()'
# run: >
# podman image rm -f ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main && podman image prune -f &&
# podman image rm -f ${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/onc-gnome:main-nvidia && podman image prune -f
View git blame Copy permalink