vauxite-build/README.md

# vauxite-build

This is my personalized Vauxite configuration. Vauxite is an unofficial Xfce variant of Fedora Atomic. I'm currently working with Fedora developers to make it an official variant. There is already a sort-of-official treefile for Vauxite at https://pagure.io/workstation-ostree-config, as well as an experimental Vauxite container image hosted at https://quay.io/repository/fedora-ostree-desktops/vauxite.

The `vauxite.json` treefile under the `src` directory contains my personal customizations and differ from the upstream one, so it may not be suitable for everyone.

## How I use this repository

### Setup GitLab runner with Podman

1. Install [GitLab Runner](https://docs.gitlab.com/16.9/runner/install/linux-manually.html).

2. Create a new runner from the GitLab UI.

3. Use the authentication token from the GitLab UI to register a new runner on the machine hosting the runner. Select the Docker executor.

``` shell
sudo systemctl enable --now gitlab-runner.service
sudo gitlab-runner register --url https://git.hyperreal.coffee --token <TOKEN>
```

4. Add the following lines to `/etc/gitlab-runner/config.toml` for Podman:

> We need to set `privileged = true` in order to create new namespaces inside the runner container. See https://github.com/coreos/rpm-ostree/pull/429

``` toml
[[runners]]
  environment = ["FF_NETWORK_PER_BUILD=1"]
  [runners.docker]
    host = "unix://run/podman/podman.sock"
    tls_verify = false
    image = "git.hyperreal.coffee:5050/fedora-atomic/containers/fedora:latest"
    privileged = true
    volumes = ["/build-repo", "/cache", "/source-repo"]
```

5. Restart the gitlab-runner:

``` shell
sudo gitlab-runner restart
```

We should now be ready to use the Podman runner.

### Notes about `.gitlab-ci.yml`

- The package `container-selinux` is required for the vauxite-compose-job so SELinux works inside the runner container. I have a custom built image based on Fedora that includes recent updates and various dependency packages for this project.
- BUILD_REPO and SOURCE_REPO are the directories `/build-repo` and `/source-repo`. If these values are changed, then we would need to make equivalent changes to the `volumes` directive in `/etc/gitlab-runner/config.toml` if we want to keep persistent storage of those repos across pipeline runs.
- TODO: Add a conditional to `.gitlab-ci.yml` to clean the above volumes if another variable (say, CLEAN_BUILD) is set to true or something.

### Images in container registry

| Image | Description |
| ----- | ----------- |
| vauxite:39 | Vanilla Vauxite with only my customizations in the treefile |
| vauxite-nonfree:39 | Vauxite with nonfree components from the rpmfusion repositories. E.g., ffmpeg-libs |

### Rebase to the container image

``` shell
rpm-ostree rebase ostree-unverified-registry:git.hyperreal.coffee:5050/fedora-atomic/vauxite-build/vauxite-nonfree:39
```
Use README.md 2024-03-07 07:11:38 +01:00			`# vauxite-build`

			`This is my personalized Vauxite configuration. Vauxite is an unofficial Xfce variant of Fedora Atomic. I'm currently working with Fedora developers to make it an official variant. There is already a sort-of-official treefile for Vauxite at https://pagure.io/workstation-ostree-config, as well as an experimental Vauxite container image hosted at https://quay.io/repository/fedora-ostree-desktops/vauxite.`

			The `vauxite.json` treefile under the `src` directory contains my personal customizations and differ from the upstream one, so it may not be suitable for everyone.

			`## How I use this repository`

			`### Setup GitLab runner with Podman`

			`1. Install [GitLab Runner](https://docs.gitlab.com/16.9/runner/install/linux-manually.html).`

			`2. Create a new runner from the GitLab UI.`

			`3. Use the authentication token from the GitLab UI to register a new runner on the machine hosting the runner. Select the Docker executor.`

			``` shell
			`sudo systemctl enable --now gitlab-runner.service`
			`sudo gitlab-runner register --url https://git.hyperreal.coffee --token <TOKEN>`
			```

			4. Add the following lines to `/etc/gitlab-runner/config.toml` for Podman:

			> We need to set `privileged = true` in order to create new namespaces inside the runner container. See https://github.com/coreos/rpm-ostree/pull/429

			``` toml
			`[[runners]]`
			`environment = ["FF_NETWORK_PER_BUILD=1"]`
			`[runners.docker]`
			`host = "unix://run/podman/podman.sock"`
			`tls_verify = false`
			`image = "git.hyperreal.coffee:5050/fedora-atomic/containers/fedora:latest"`
			`privileged = true`
			`volumes = ["/build-repo", "/cache", "/source-repo"]`
			```

			`5. Restart the gitlab-runner:`

			``` shell
			`sudo gitlab-runner restart`
			```

			`We should now be ready to use the Podman runner.`

			### Notes about `.gitlab-ci.yml`

			- The package `container-selinux` is required for the vauxite-compose-job so SELinux works inside the runner container. I have a custom built image based on Fedora that includes recent updates and various dependency packages for this project.
			- BUILD_REPO and SOURCE_REPO are the directories `/build-repo` and `/source-repo`. If these values are changed, then we would need to make equivalent changes to the `volumes` directive in `/etc/gitlab-runner/config.toml` if we want to keep persistent storage of those repos across pipeline runs.
			- TODO: Add a conditional to `.gitlab-ci.yml` to clean the above volumes if another variable (say, CLEAN_BUILD) is set to true or something.

			`### Images in container registry`

			`\| Image \| Description \|`
			`\| ----- \| ----------- \|`
			`\| vauxite:39 \| Vanilla Vauxite with only my customizations in the treefile \|`
			`\| vauxite-nonfree:39 \| Vauxite with nonfree components from the rpmfusion repositories. E.g., ffmpeg-libs \|`

			`### Rebase to the container image`

			``` shell
			`rpm-ostree rebase ostree-unverified-registry:git.hyperreal.coffee:5050/fedora-atomic/vauxite-build/vauxite-nonfree:39`
			```