pureblue/.github/workflows/build-disk.yml at master · pureblue-os/pureblue · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
name: Build ISOs

on:
  workflow_dispatch:

env:
  IMAGE_NAME: "${{ github.event.repository.name }}"
  IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}"
  DEFAULT_TAG: "stable"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
  cancel-in-progress: true

jobs:
  build-iso:
    name: Build ISO (${{ matrix.variant }})
    runs-on: ubuntu-24.04
    strategy:
      fail-fast: false
      matrix:
        variant:
          - base
          - nvidia
          - nvidia-open
    permissions:
      contents: read
      packages: read

    steps:
      - name: Prepare environment
        run: |
          USER_UID=$(id -u)
          USER_GID=$(id -g)
          echo "IMAGE_REGISTRY=${IMAGE_REGISTRY,,}" >> ${GITHUB_ENV}
          echo "USER_UID=${USER_UID}" >> ${GITHUB_ENV}
          echo "USER_GID=${USER_GID}" >> ${GITHUB_ENV}
          # Overwrite IMAGE_NAME with variant suffix
          if [[ "${{ matrix.variant }}" == "base" ]]; then
            echo "IMAGE_NAME=${IMAGE_NAME,,}" >> ${GITHUB_ENV}
          else
            echo "IMAGE_NAME=${IMAGE_NAME,,}-${{ matrix.variant }}" >> ${GITHUB_ENV}
          fi

      - name: Maximize build space
        uses: ublue-os/remove-unwanted-software@695eb75bc387dbcd9685a8e72d23439d8686cba6
        with:
          extra-squeeze: true

      - name: Checkout
        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v5

      - name: Build ISO
        id: build
        uses: osbuild/bootc-image-builder-action@main
        with:
          config-file: ./disk_config/iso.toml
          image: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}
          chown: ${{ env.USER_UID }}:${{ env.USER_GID }}
          types: anaconda-iso
          additional-args: --use-librepo=True --rootfs btrfs

      - name: Rename ISO
        run: |
          cd ${{ steps.build.outputs.output-directory }}
          ls -la
          find . -name "*.iso" -exec mv {} pureblue-${{ matrix.variant }}.iso \;

      - name: Upload ISO artifact
        uses: actions/upload-artifact@v4
        with:
          name: pureblue-${{ matrix.variant }}-iso
          path: ${{ steps.build.outputs.output-directory }}/pureblue-${{ matrix.variant }}.iso
          if-no-files-found: error
          retention-days: 1
          compression-level: 0

  release:
    name: Create Release
    needs: build-iso
    runs-on: ubuntu-24.04
    permissions:
      contents: write

    steps:
      - name: Download all ISO artifacts
        uses: actions/download-artifact@v4
        with:
          path: artifacts
          pattern: "*-iso"
          merge-multiple: true

      - name: Generate checksums
        run: |
          cd artifacts
          sha256sum *.iso > SHA256SUMS

      - name: Get release tag
        id: tag
        run: |
          echo "tag=$(date +%Y%m%d)" >> $GITHUB_OUTPUT
          echo "name=Pureblue $(date +%Y-%m-%d)" >> $GITHUB_OUTPUT

      - name: Upload to S3
        env:
          RCLONE_CONFIG_S3_TYPE: s3
          RCLONE_CONFIG_S3_PROVIDER: Other
          RCLONE_CONFIG_S3_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_KEY_ID }}
          RCLONE_CONFIG_S3_SECRET_ACCESS_KEY: ${{ secrets.S3_SECRET_ACCESS_KEY }}
          RCLONE_CONFIG_S3_ENDPOINT: ${{ secrets.S3_ENDPOINT }}
          S3_BUCKET: ${{ secrets.S3_BUCKET_NAME }}
        run: |
          sudo apt-get update && sudo apt-get install -y rclone
          cd artifacts
          rclone copy . "S3:${S3_BUCKET}/${{ steps.tag.outputs.tag }}/"

      - name: Create Release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ steps.tag.outputs.tag }}
          name: ${{ steps.tag.outputs.name }}
          body: |
            Pureblue ISO release ${{ steps.tag.outputs.tag }}

            ## Downloads
            - [pureblue-base.iso](${{ secrets.S3_PUBLIC_URL }}/${{ steps.tag.outputs.tag }}/pureblue-base.iso) - Base image (no NVIDIA drivers)
            - [pureblue-nvidia.iso](${{ secrets.S3_PUBLIC_URL }}/${{ steps.tag.outputs.tag }}/pureblue-nvidia.iso) - With proprietary NVIDIA drivers
            - [pureblue-nvidia-open.iso](${{ secrets.S3_PUBLIC_URL }}/${{ steps.tag.outputs.tag }}/pureblue-nvidia-open.iso) - With open-source NVIDIA drivers

            ## Verification
            - [SHA256SUMS](${{ secrets.S3_PUBLIC_URL }}/${{ steps.tag.outputs.tag }}/SHA256SUMS)

            Verify your download:
            ```
            sha256sum -c SHA256SUMS
            ```
          files: |
            artifacts/SHA256SUMS
          draft: false
          prerelease: false