Add compose container image and push to registry

2024-11-01 16:53:12 +01:00 · 2024-02-28 08:02:07 -06:00 · 2024-02-28 08:02:07 -06:00 · a553eda122
commit a553eda122
parent 9006ac0882
5 changed files with 54 additions and 131 deletions
--- a/README.org
+++ b/README.org
@ -5,6 +5,9 @@ This is my personalized Vauxite configuration. Vauxite is an unofficial Xfce var
 The ~vauxite.json~ treefile and ~xfce-desktop-pkgs.yaml~ under the ~src~ directory contain my personal customizations and differ from the [[https://pagure.io/workstation-ostree-config][upstream ones]]. As such, they may not be suitable for everyone.

 ** How I use this repository
+
+
+** How I previously used this repository
 - I run Fedora Server in a VM on my homelab machine. This Fedora Server has the ~ostree~ and ~rpm-ostree~ commands installed.
 - I clone this repository as root under ~/var/local/vauxite-build~.
 - I then run the ~ostree-engine~ script to build and deploy a new commit for the given reference branch (e.g. ~vauxite/f39/x86_64/main~). The ~rsync-repos~ command is used in the ~ostree-engine~ script to deploy the resulting OSTree repository to a web server root, which serves as the remote repository.
--- a/62
+++ b/62
@ -3,21 +3,35 @@
 set -euo pipefail

 CLEAN_BUILD=""
-SOURCE_BRANCH="f39"
+RELVER="39"
 SOURCE_URL="https://pagure.io/workstation-ostree-config"
-DEST_REPO="/srv/repo"
 OSTREE_FILES_DIR="$(pwd)/src"
 CACHE_DIR="$(pwd)/.cache"
 BUILD_REPO="$(pwd)/.build-repo"
 SOURCE_REPO="$(pwd)/.source-repo"
 TMP_WORK_DIR="$(pwd)/.tmp"
 TREEFILE="${TMP_WORK_DIR}/vauxite.json"
+REGISTRY="git.hyperreal.coffee:5050"
+REGISTRY_PASSWD="$(cat /home/jas/.vauxite-build-registry-token)"
+REGISTRY_USER="hyperreal"

 if [ "$(id -u)" != "0" ]; then
-    gum log --time datetime --level error "Please run build with sudo"
+    echo "Please run build with sudo"
    exit 1
 fi

+# Ensure gum is installed
+if ! test -x "$(command -v gum)"; then
+    echo '[charm]
+    name=Charm
+    baseurl=https://repo.charm.sh/yum/
+    enabled=1
+    gpgcheck=1
+    gpgkey=https://repo.charm.sh/yum/gpg.key' | sudo tee /etc/yum.repos.d/charm.repo
+    dnf install -y gum
+fi
+
+# Helper functions
 function log_struc_info() {
    gum log --time datetime --structured --level info "$@"
 }
@ -30,6 +44,21 @@ function log_struc_error() {
    gum log --time datetime --structured --level error "$@"
 }

+# Ensure dependencies are installed
+if ! test -f "/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-${RELVER}-x86_64"; then
+    if ! dnf install -y distribution-gpg-keys; then
+        log_struc_error "Error installing distribution-gpg-keys" status "$?"
+        exit 1
+    fi
+    rsync -aAX /usr/share/distribution-gpg-keys/fedora/ /etc/pki/rpm-gpg
+    ln -sf "/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-${RELVER}-primary" "/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-${RELVER}-x86_64"
+fi
+
+if ! dnf install -y ostree podman rpm-ostree; then
+    log_struc_error "Error installing ostree, podman, and rpm-ostree" status "$?"
+    exit 1
+fi
+
 # Clean working directory
 log_struc_info "Clean cache directory" directory "${CACHE_DIR}"
 rm -rf "${CACHE_DIR}"
@ -63,8 +92,8 @@ if [ ! -d "${BUILD_REPO}/objects" ]; then
    fi
 fi

-log_struc_info "Clone source repo" url "${SOURCE_URL}" branch "${SOURCE_BRANCH}" directory "${SOURCE_REPO}"
-if ! git clone -b "${SOURCE_BRANCH}" "${SOURCE_URL}" "${SOURCE_REPO}"; then
+log_struc_info "Clone source repo" url "${SOURCE_URL}" branch "f${RELVER}" directory "${SOURCE_REPO}"
+if ! git clone -b "f${RELVER}" "${SOURCE_URL}" "${SOURCE_REPO}"; then
    log_struc_error "Error cloning source repo" status "$?"
    exit 1
 fi
@ -72,9 +101,6 @@ fi
 log_struc_info "Copy contents of source repo into temporary work directory" source_repo "${SOURCE_REPO}" directory "${TMP_WORK_DIR}"
 rsync -aAX "${SOURCE_REPO}"/ "${TMP_WORK_DIR}"

-log_struc_info "Remove upstream xfce-desktop-pkgs.yaml from temporary work directory" file xfce-desktop-pkgs.yaml directory "${TMP_WORK_DIR}"
-rm -f "${TMP_WORK_DIR}"/xfce-desktop-pkgs.yaml
-
 log_struc_info "Copy contents of ostree files directory into temporary work directory" source "${OSTREE_FILES_DIR}" dest "${TMP_WORK_DIR}"
 rsync -aAX "${OSTREE_FILES_DIR}"/ "${TMP_WORK_DIR}"

@ -93,9 +119,21 @@ if ! ostree --repo="${BUILD_REPO}" prune --refs-only --keep-younger-than='30 day
    exit 1
 fi

-# Deploy
-log_struc_info "Deploy to web server" build_repo "${BUILD_REPO}" dest_repo "${DEST_REPO}"
-if ! "$(pwd)/rsync-repos" --src "${BUILD_REPO}" --dest "${DEST_REPO}"; then
-    log_struc_error "Error deploying to web server" status "$?"
+# Get commit ID
+log_info "Get commit ID"
+OSTREE_BRANCH=$(jq ."ref" "${TREEFILE}" | tr -d '"')
+COMMIT_ID=$(ostree --repo="${BUILD_REPO}" rev-parse "${OSTREE_BRANCH}")
+
+# Login to registry
+log_struc_info "Login to registry" registry "${REGISTRY}"
+if ! podman login -p "${REGISTRY_PASSWD}" -u "${REGISTRY_USER}"; then
+    log_struc_error "Error logging into container registry" registry "${REGISTRY}" user "${REGISTRY_USER}" passwd "${REGISTRY_PASSWD}" status "$?"
+    exit 1
+fi
+
+# Compose container image and push to registry
+log_struc_info "Compose container image from commit" commit "${COMMIT_ID}"
+if ! ostree container encapsulate --repo="${BUILD_REPO}" "${OSTREE_BRANCH}" "docker://${REGISTRY}/fedora-atomic/vauxite-build/vauxite:${RELVER}"; then
+    log_struc_error "Error composing container image" status "$?"
    exit 1
 fi
--- a/63
+++ b/63
@ -1,63 +0,0 @@
-#!/usr/bin/env python3
-#
-# Use rsync to intelligently sync OSTree repositories.  This
-# avoids a few race conditions and issues that could otherwise
-# occur if one simply does the whole repository in a single run.
-#
-# Known issues:
-#   - Ignores the fact that detached metadata (e.g. GPG signatures)
-#     can be updated asynchronously.
-#
-# Copyright 2016 Colin Walters <walters@verbum.org>
-# Licensed under the new-BSD license (http://www.opensource.org/licenses/bsd-license.php)
-
-import os, sys, subprocess, argparse, shlex
-
-def fatal(msg):
-    print >>sys.stderr, msg
-    sys.exit(1)
-
-parser = argparse.ArgumentParser()
-parser.add_argument("--src", help="Source path",
-                    action='store', required=True)
-parser.add_argument("--dest", help="Destination path",
-                    action='store', required=True)
-parser.add_argument("--rsync-opts", help="Additional rsync options (parsed via shell)",
-                    action='store', default=None)
-parser.add_argument("--rsync-opt", help="Additional (single) rsync option",
-                    action='append', default=[])
-
-args = parser.parse_args()
-
-if not args.src.endswith('/'):
-    args.src = args.src + '/'
-if not args.dest.endswith('/'):
-    args.dest = args.dest + '/'
-
-rsync_opts = []
-if args.rsync_opts is not None:
-    rsync_opts.extend(shlex.split(args.rsync_opts))
-rsync_opts.extend(args.rsync_opt)
-
-def rsync(paths, opts, ignore_missing_args=False):
-    argv = ['rsync', '-rlpt']
-    for path in paths:
-        argv.append('--include=' + path)
-    argv.extend(['--exclude=*', args.src, args.dest])
-    argv.extend(rsync_opts)
-    argv.extend(opts)
-    print("Executing: {}".format(subprocess.list2cmdline(argv)))
-    subprocess.check_call(argv)
-
-OBJECTS_AND_DELTAS = ['/objects', '/objects/**', '/deltas', '/deltas/**']
-REFS_AND_SUMMARY = ['/refs', '/refs/**', '/summary*', '/summaries', '/summaries/**']
-CONFIG = ['/config']
-# We rsync in reverse data dependence order - the summary and refs
-# point to objects + deltas.  Our first pass over the objects doesn't
-# perform any deletions, as that would create race conditions.  We
-# do handle deletions for refs and summary.
-rsync(OBJECTS_AND_DELTAS, ['--ignore-existing'])
-rsync(REFS_AND_SUMMARY, ['--delete'])
-# Finally, we handle any deletions for objects and deltas.
-rsync(OBJECTS_AND_DELTAS, ['--ignore-existing', '--delete'])
-rsync(CONFIG, ['--ignore-existing'])
--- a/src/borgmatic-config.yaml
+++ b/src/borgmatic-config.yaml
@ -21,4 +21,4 @@ checks:
 check_repositories:
  - /srv/backup/localhost
 check_last: 3
-encryption_passcommand: secret-tool lookup borg-repo localhost
+encryption_passcommand: cat /var/home/jas/.borg-pass
--- a/src/xfce-desktop-pkgs.yaml
+++ b/src/xfce-desktop-pkgs.yaml
@ -1,55 +0,0 @@
-include: fedora-common-ostree.yaml
-packages:
-  - NetworkManager-openconnect-gnome
-  - NetworkManager-openvpn-gnome
-  - NetworkManager-pptp-gnome
-  - NetworkManager-ssh-gnome
-  - NetworkManager-vpnc-gnome
-  - Thunar
-  - adwaita-gtk2-theme
-  - adwaita-icon-theme
-  - blueman
-  - firefox
-  - galculator
-  - gnome-keyring-pam
-  - greybird-dark-theme
-  - greybird-light-theme
-  - greybird-xfce4-notifyd-theme
-  - greybird-xfwm4-theme
-  - gtk-xfce-engine
-  - gvfs
-  - gvfs-archive
-  - gvfs-mtp
-  - initial-setup-gui
-  - lightdm-gtk
-  - mint-y-theme
-  - mousepad
-  - network-manager-applet
-  - nm-connection-editor
-  - ristretto
-  - seahorse
-  - thunar-archive-plugin
-  - thunar-media-tags-plugin
-  - thunar-volman
-  - xarchiver
-  - xdg-user-dirs-gtk
-  - xfce4-about
-  - xfce4-appfinder
-  - xfce4-clipman-plugin
-  - xfce4-datetime-plugin
-  - xfce4-dict-plugin
-  - xfce4-panel
-  - xfce4-places-plugin
-  - xfce4-power-manager
-  - xfce4-pulseaudio-plugin
-  - xfce4-screensaver
-  - xfce4-screenshooter-plugin
-  - xfce4-session
-  - xfce4-settings
-  - xfce4-taskmanager
-  - xfce4-terminal
-  - xfconf
-  - xfdesktop
-  - xfwm4
-  - xfwm4-themes
-  - zathura