snosi/.github/workflows/build.yml at main · frostyard/snosi · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Build sysexts

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_dispatch:

permissions: {}

env:
  IMAGE_NAME: snosi
  REPO_NAME: snosi
  IMAGE_DESC: "Snow Linux - A minimal bootc-enabled OS image"
  IMAGE_KEYWORDS: "linux,os,bootc,systemd,debian"
  IMAGE_LICENSE: Apache-2.0
  IMAGE_LOGO_URL: "" # Optional: URL to logo image

concurrency:
  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
  cancel-in-progress: ${{ github.event_name == 'push' }}

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write
      attestations: write

    steps:
      - name: Aggressive cleanup
        run: |
          # Remove Java (JDKs)
          sudo rm -rf /usr/lib/jvm

          # Remove .NET SDKs
          sudo rm -rf /usr/share/dotnet

          # Remove Swift toolchain
          sudo rm -rf /usr/share/swift

          # Remove Haskell (GHC)
          sudo rm -rf /usr/local/.ghcup

          # Remove Julia
          sudo rm -rf /usr/local/julia*

          # Remove Android SDKs
          sudo rm -rf /usr/local/lib/android

          # Remove Chromium (optional if not using for browser tests)
          sudo rm -rf /usr/local/share/chromium

          # Remove Microsoft/Edge and Google Chrome builds
          sudo rm -rf /opt/microsoft /opt/google

          # Remove Azure CLI
          sudo rm -rf /opt/az

          # Remove PowerShell
          sudo rm -rf /usr/local/share/powershell

          # Remove CodeQL and other toolcaches
          sudo rm -rf /opt/hostedtoolcache

          docker system prune -af || true
          docker builder prune -af || true
          df -h
      - name: Checkout repository
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          persist-credentials: false

      - name: Check mkosi package duplicates
        run: ./check-duplicate-packages.sh

      - name: Generate build date
        id: date
        run: echo "date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT

      - name: Generate version tag
        id: version
        run: echo "tag=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT

      - name: setup-mkosi
        uses: systemd/mkosi@3c3a08fb07d27fbe473625aa0725655cfb2c68bf

      - name: Build main and sysexts
        env:
          # These are picked up by mkosi.postoutput script
          CREATED_DATE: ${{ steps.date.outputs.date }}
          DEFAULT_TAG: ${{ steps.version.outputs.tag }}
          IMAGE_VERSION: ${{ steps.version.outputs.tag }}
          IMAGE_NAME: ${{ env.IMAGE_NAME }}
          IMAGE_DESC: ${{ env.IMAGE_DESC }}
          IMAGE_KEYWORDS: ${{ env.IMAGE_KEYWORDS }}
          IMAGE_LICENSE: ${{ env.IMAGE_LICENSE }}
          IMAGE_LOGO_URL: ${{ env.IMAGE_LOGO_URL }}
          # These are automatically available from GitHub context
          GITHUB_SHA: ${{ github.sha }}
          GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
        run: |
          sudo -E mkosi build
          sudo ./sysextmv.sh
          sudo ./manifestmv.sh
      - name: Publish sysexts to frostyard repo
        if: github.event_name != 'pull_request'
        uses: frostyard/repogen/.github/actions/publish-to-r2@f9e0706f1be976424a8728c19cbe9238c47edf6e
        with:
          r2-account-id: ${{ secrets.R2_ACCOUNT_ID }}
          r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }}
          r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }}
          r2-bucket: frostyardrepo
          skip-duplicates: true
          gpg-private-key: ${{ secrets.REPOGEN_GPG_KEY }}
          packages-dir: ./output/sysexts
          package-type: sysext # or sysext
          base-url: https://repository.frostyard.org # required for sysext
      - name: Upload manifests to R2
        if: github.event_name != 'pull_request'
        uses: ryand56/r2-upload-action@b801a390acbdeb034c5e684ff5e1361c06639e7c
        with:
          r2-account-id: ${{ secrets.R2_ACCOUNT_ID }}
          r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }}
          r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }}
          r2-bucket: frostyardrepo
          source-dir: output/manifests
          destination-dir: manifests/