Skip to content

Commit 4c46ba8

Browse files
authored
Merge branch 'main' into wip/mend0za/action-raw-test
2 parents 7cf2576 + 6bcd275 commit 4c46ba8

35 files changed

+672
-119
lines changed

.github/workflows/ci.yaml

Lines changed: 86 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -2,25 +2,57 @@ name: Build and Test
22

33
env:
44
GITHUB_TAG: ghcr.io/${{ github.repository }}
5-
DOCKERHUB_TAG: godebos/debos
65

76
on:
87
push:
98
branches-ignore:
109
- '*.tmp'
10+
tags:
11+
- '*'
12+
# Build at 04:00am every Monday
13+
schedule:
14+
- cron: "0 4 * * 1"
1115
pull_request:
1216
workflow_dispatch:
1317

1418
jobs:
19+
test:
20+
strategy:
21+
fail-fast: false
22+
matrix:
23+
variant:
24+
- debos-arch
25+
- debos-bookworm
26+
- debos-bullseye
27+
runs-on: ubuntu-latest
28+
defaults:
29+
run:
30+
shell: bash
31+
container:
32+
image: ghcr.io/go-debos/test-containers/${{matrix.variant}}:main
33+
steps:
34+
- name: Checkout code
35+
uses: actions/checkout@v3
36+
37+
- name: Test build
38+
run: go build -o debos cmd/debos/debos.go
39+
40+
- name: Run unit tests
41+
run: go test -v ./... | tee test.out
42+
43+
- name: Ensure no tests were skipped
44+
run: "! grep -q SKIP test.out"
45+
1546
build:
1647
name: Build Docker container
1748
runs-on: ubuntu-latest
49+
needs: test
1850
steps:
1951
- name: Repository checkout
2052
uses: actions/checkout@v3
2153

2254
- name: Setup Docker buildx
23-
uses: docker/setup-buildx-action@v1
55+
uses: docker/setup-buildx-action@v2
2456

2557
- name: Use cache
2658
uses: actions/cache@v3
@@ -29,7 +61,7 @@ jobs:
2961
key: ${{ runner.os }}-docker
3062

3163
- name: Build Docker image
32-
uses: docker/build-push-action@v2
64+
uses: docker/build-push-action@v4
3365
with:
3466
context: .
3567
push: false
@@ -56,7 +88,7 @@ jobs:
5688
uses: actions/checkout@v3
5789

5890
- name: Setup Docker buildx
59-
uses: docker/setup-buildx-action@v1
91+
uses: docker/setup-buildx-action@v2
6092

6193
- name: Use cache
6294
uses: actions/cache@v3
@@ -65,7 +97,7 @@ jobs:
6597
key: ${{ runner.os }}-docker
6698

6799
- name: Build Docker image
68-
uses: docker/build-push-action@v2
100+
uses: docker/build-push-action@v4
69101
with:
70102
context: .
71103
push: false
@@ -92,12 +124,16 @@ jobs:
92124
- { name: "uml", backend: "--fakemachine-backend=uml" }
93125
test:
94126
- { name: "recipes", case: "recipes" }
95-
- { name: "debian (amd64}", case: "debian", variables: "-t architecture:amd64" }
127+
- { name: "debian (amd64)", case: "debian", variables: "-t architecture:amd64" }
96128
- { name: "debian (arm64)", case: "debian", variables: "-t architecture:arm64" }
97129
- { name: "debian (armhf)", case: "debian", variables: "-t architecture:armhf" }
98130
include:
131+
- backend: { name: "arch", backend: "--fakemachine-backend=qemu" }
132+
test: { name: "arch", case: "arch" }
99133
- backend: { name: "qemu", backend: "--fakemachine-backend=qemu" }
100134
test: { name: "partitioning", case: "partitioning" }
135+
- backend: { name: "uml", backend: "--fakemachine-backend=uml" }
136+
test: { name: "apertis", case: "apertis" }
101137
- backend: { name: "uml", backend: "--fakemachine-backend=uml" }
102138
test: { name: "partitioning", case: "partitioning" }
103139
- backend: { name: "qemu", backend: "--fakemachine-backend=qemu" }
@@ -133,22 +169,25 @@ jobs:
133169
--tmpfs /run
134170
--privileged
135171
-e TMP=/scratch
172+
-e SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1
136173
debos -v
137174
${{matrix.backend.backend}}
138175
${{matrix.test.variables}}
139176
${{matrix.test.case}}/test.yaml
140177

141-
# Job to key the bors success status against
142-
bors:
143-
name: bors
144-
if: success()
178+
# Job to key success status against
179+
allgreen:
180+
name: allgreen
181+
if: always()
145182
needs:
146183
- unit-tests
147184
- recipe-tests
148185
runs-on: ubuntu-latest
149186
steps:
150-
- name: Mark the job as a success
151-
run: exit 0
187+
- name: Decide whether the needed jobs succeeded or failed
188+
uses: re-actors/alls-green@release/v1
189+
with:
190+
jobs: ${{ toJSON(needs) }}
152191

153192
publish-github:
154193
name: Publish to GHCR
@@ -167,7 +206,7 @@ jobs:
167206

168207
- name: Extract Docker metadata
169208
id: meta
170-
uses: docker/metadata-action@v3
209+
uses: docker/metadata-action@v4
171210
with:
172211
images: ${{ env.GITHUB_TAG }}
173212
tags: |
@@ -178,14 +217,14 @@ jobs:
178217
"type=ref,event=pr"
179218
180219
- name: Login to GitHub Container Registry
181-
uses: docker/login-action@v1
220+
uses: docker/login-action@v2
182221
with:
183222
registry: ghcr.io
184223
username: ${{ github.repository_owner }}
185224
password: ${{ secrets.GITHUB_TOKEN }}
186225

187226
- name: Setup Docker buildx
188-
uses: docker/setup-buildx-action@v1
227+
uses: docker/setup-buildx-action@v2
189228

190229
- name: Use cache
191230
uses: actions/cache@v3
@@ -194,7 +233,7 @@ jobs:
194233
key: ${{ runner.os }}-docker
195234

196235
- name: Build and push Docker image
197-
uses: docker/build-push-action@v2
236+
uses: docker/build-push-action@v4
198237
with:
199238
context: .
200239
push: true
@@ -203,12 +242,37 @@ jobs:
203242
file: docker/Dockerfile
204243
cache-from: type=local,src=/tmp/.build-cache
205244

245+
check-dockerhub-secrets:
246+
name: Check DockerHub secrets exist
247+
runs-on: ubuntu-latest
248+
outputs:
249+
has-secrets: ${{ steps.check-secrets.outputs.has-secrets }}
250+
steps:
251+
- id: check-secrets
252+
name: Check secrets exist
253+
run: |
254+
if [[ "${{ secrets.DOCKERHUB_IMAGE }}" != "" && \
255+
"${{ secrets.DOCKERHUB_USERNAME }}" != "" && \
256+
"${{ secrets.DOCKERHUB_PASSWORD }}" != "" ]]; \
257+
then
258+
echo "Dockerhub secrets exist"
259+
echo "has-secrets=true" >> $GITHUB_OUTPUT
260+
else
261+
echo "Dockerhub secrets do not exist; not pushing to Dockerhub"
262+
echo "Please set the following secrets on GitHub (settings > secrets > actions > new):"
263+
echo "DOCKERHUB_IMAGE, DOCKERHUB_USERNAME, DOCKERHUB_PASSWORD"
264+
echo "has-secrets=false" >> $GITHUB_OUTPUT
265+
fi
266+
206267
publish-dockerhub:
207268
name: Publish to DockerHub
208269
needs:
270+
- check-dockerhub-secrets
209271
- unit-tests
210272
- recipe-tests
211-
if: github.event_name == 'push' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
273+
if: |
274+
needs.check-dockerhub-secrets.outputs.has-secrets == 'true' &&
275+
github.event_name != 'pull_request'
212276
runs-on: ubuntu-latest
213277
permissions:
214278
contents: read
@@ -220,9 +284,9 @@ jobs:
220284

221285
- name: Extract Docker metadata
222286
id: meta
223-
uses: docker/metadata-action@v3
287+
uses: docker/metadata-action@v4
224288
with:
225-
images: ${{ env.DOCKERHUB_TAG }}
289+
images: ${{ secrets.DOCKERHUB_IMAGE }}
226290
tags: |
227291
"type=ref,event=branch"
228292
"type=ref,suffix=-{{sha}},event=branch"
@@ -231,14 +295,14 @@ jobs:
231295
"type=ref,event=pr"
232296
233297
- name: Login to DockerHub
234-
uses: docker/login-action@v1
298+
uses: docker/login-action@v2
235299
continue-on-error: true
236300
with:
237301
username: ${{ secrets.DOCKERHUB_USERNAME }}
238302
password: ${{ secrets.DOCKERHUB_PASSWORD }}
239303

240304
- name: Setup Docker buildx
241-
uses: docker/setup-buildx-action@v1
305+
uses: docker/setup-buildx-action@v2
242306

243307
- name: Use cache
244308
uses: actions/cache@v3
@@ -247,7 +311,7 @@ jobs:
247311
key: ${{ runner.os }}-docker
248312

249313
- name: Build and push Docker image
250-
uses: docker/build-push-action@v2
314+
uses: docker/build-push-action@v4
251315
continue-on-error: true
252316
with:
253317
context: .

README.md

Lines changed: 22 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,8 @@ Some of the actions provided by debos to customize and produce images are:
4545
* ostree-deploy: deploy an OSTree branch to the image
4646
* overlay: do a recursive copy of directories or files to the target filesystem
4747
* pack: create a tarball with the target filesystem
48+
* pacman: install packages and their dependencies with pacman
49+
* pacstrap: construct the target rootfs with pacstrap
4850
* raw: directly write a file to the output image at a given offset
4951
* recipe: includes the recipe actions at the given path
5052
* run: allows to run a command or script in the filesystem or in the host
@@ -66,8 +68,8 @@ See [docker/README.md](https://github.com/go-debos/debos/blob/master/docker/READ
6668

6769
sudo apt install golang git libglib2.0-dev libostree-dev qemu-system-x86 \
6870
qemu-user-static debootstrap systemd-container
69-
export GOPATH=/opt/src/gocode # or whatever suites your needs
70-
go get -u github.com/go-debos/debos/cmd/debos
71+
export GOPATH=/opt/src/gocode # or whatever suits your needs
72+
go install -v github.com/go-debos/debos/cmd/debos@latest
7173
/opt/src/gocode/bin/debos --help
7274

7375
## Simple example
@@ -82,10 +84,10 @@ make a tarball.
8284

8385
actions:
8486
- action: debootstrap
85-
suite: "buster"
87+
suite: bookworm
8688
components:
8789
- main
88-
- non-free
90+
- non-free-firmware
8991
mirror: https://deb.debian.org/debian
9092
variant: minbase
9193

@@ -112,7 +114,8 @@ this:
112114

113115
## Other examples
114116

115-
This example builds a customized image for a Raspberry Pi 3.
117+
Example recipes are collected in a separate repository:
118+
116119
https://github.com/go-debos/debos-recipes
117120

118121
## Environment variables
@@ -136,7 +139,7 @@ no_proxy defined, both will be propagated to fakemachine respecting the case.
136139
The command line options --environ-var and -e can be used to specify,
137140
overwrite, and unset environment variables for fakemachine with the syntax:
138141

139-
$ debos -e ENVIRONVAR:VALUE ...
142+
$ debos -e ENVIRONVAR:VALUE ...
140143

141144
To unset an enviroment variable, or in other words, to prevent an environment
142145
variable to be propagated to fakemachine, use the same syntax without a value.
@@ -162,6 +165,18 @@ Fakemachine can use different virtualisation backends to spawn the virtualmachin
162165
for more information see the documentation under the [fakemachine repository](https://github.com/go-debos/fakemachine).
163166

164167
By default the backend will automatically be selected based on what is supported
165-
on the host machine, but this can be overridden using the `--fakemachine-backend`
168+
on the host machine, but this can be overridden using the `--fakemachine-backend` / `-b`
166169
option. If no backends are supported, debos reverts to running the recipe on the
167170
host without creating a fakemachine.
171+
172+
Performance of the backends is roughly as follows: `kvm` is faster than `uml` is faster than `qemu`.
173+
Using `--disable-fakemachine` is slightly faster than `kvm`, but requires root permissions.
174+
175+
Numbers for running [pine-a64-plus/debian.yaml](https://github.com/go-debos/debos-recipes/blob/9a25b4be6c9136f4a27e542f39ab7e419fc852c9/pine-a64-plus/debian.yaml) on an Intel Pentium G4560T with SSD:
176+
177+
| Backend | Wall Time | Prerequisites |
178+
| --- | --- | --- |
179+
| `--disable-fakemachine` | 8 min | root permissions |
180+
| `-b kvm` | 9 min | access to `/dev/kvm` |
181+
| `-b uml` | 18 min | package `user-mode-linux` installed |
182+
| `-b qemu` | 166 min | none |

actions/actions_doc.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,16 @@
22

33
/*
44
Package 'actions' implements 'debos' modules used for OS creation.
5+
6+
The origin property
7+
8+
Several actions have the 'origin' property. Possible values for the
9+
'origin' property are:
10+
11+
1) 'recipe' ....... directory the recipe is in
12+
2) 'filesystem' ... target filesystem root directory from previous filesystem-deploy action or
13+
a previous ostree action.
14+
3) name property of a previous download action
15+
516
*/
617
package actions

actions/apt_action.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ Apt Action
33
44
Install packages and their dependencies to the target rootfs with 'apt'.
55
6-
Yaml syntax:
6+
# Yaml syntax:
77
- action: apt
88
recommends: bool
99
unauthenticated: bool

0 commit comments

Comments
 (0)