ci(installer-iso): pivot livemedia-creator → bootc-image-builder
Some checks failed
Build veilor-os Installer ISO / Build installer ISO (push) Failing after 24s
Some checks failed
Build veilor-os Installer ISO / Build installer ISO (push) Failing after 24s
livemedia-creator rejected our kickstart with: Only url, nfs and ostreesetup install methods are currently supported ostreecontainer is too new for livemedia. bootc-image-builder is the canonical tool for ostreecontainer-based installer ISOs — consumes the OCI image directly, generates an Anaconda installer ISO that embeds it. Per memory, anaconda-iso is deprecated in image-builder v44+ but works on v43 (current). Workflow now: 1. Login to Forgejo registry (read OCI) 2. Pull the OCI image into local podman storage 3. podman run quay.io/centos-bootc/bootc-image-builder --type anaconda-iso --rootfs btrfs <oci-ref> 4. Copy resulting ISO into build/out Drop livemedia-creator + lorax + pykickstart + anaconda-tui + grub2 + shim install — bootc-image-builder ships its own runtime. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
claude-veilor-bot
parent
800afaec2f
commit
fa4db50680
1 changed files with 46 additions and 44 deletions
90
.github/workflows/build-installer-iso.yml
vendored
90
.github/workflows/build-installer-iso.yml
vendored
|
|
@ -41,54 +41,56 @@ jobs:
|
||||||
run: |
|
run: |
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
dnf -y upgrade --refresh
|
dnf -y upgrade --refresh
|
||||||
dnf -y install --skip-unavailable \
|
dnf -y install --skip-unavailable podman jq
|
||||||
lorax \
|
|
||||||
pykickstart \
|
|
||||||
anaconda-tui \
|
|
||||||
syslinux \
|
|
||||||
xorriso \
|
|
||||||
grub2-efi-x64 \
|
|
||||||
grub2-efi-x64-modules \
|
|
||||||
grub2-pc \
|
|
||||||
grub2-pc-modules \
|
|
||||||
shim-x64 \
|
|
||||||
efibootmgr
|
|
||||||
|
|
||||||
- name: Validate installer kickstart
|
- name: Login to Forgejo registry (pull veilor-os OCI)
|
||||||
|
env:
|
||||||
|
FORGEJO_REGISTRY_TOKEN: ${{ secrets.FORGEJO_REGISTRY_TOKEN }}
|
||||||
|
FORGEJO_REGISTRY_USER: ${{ secrets.FORGEJO_REGISTRY_USER }}
|
||||||
|
run: |
|
||||||
|
set -euo pipefail
|
||||||
|
if [ -n "${FORGEJO_REGISTRY_TOKEN:-}" ]; then
|
||||||
|
echo "$FORGEJO_REGISTRY_TOKEN" | podman login \
|
||||||
|
--username "${FORGEJO_REGISTRY_USER:-veilor-org}" \
|
||||||
|
--password-stdin git.s8n.ru
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Build installer ISO with bootc-image-builder
|
||||||
run: |
|
run: |
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
ksvalidator kickstart/install-ostreecontainer-installer.ks
|
# livemedia-creator does NOT support ostreecontainer (only
|
||||||
|
# ostreesetup / url / nfs install methods). bootc-image-builder
|
||||||
- name: Build installer ISO with livemedia-creator
|
# is the canonical tool for ostreecontainer-based installer
|
||||||
run: |
|
# ISOs; consumes our OCI image directly.
|
||||||
set -euxo pipefail
|
OUT="/tmp/bib-out-$$"
|
||||||
# livemedia-creator refuses ANY pre-existing resultdir, even
|
rm -rf "$OUT"
|
||||||
# one we just rm'd — somewhere in /var the path is recreated.
|
mkdir -p "$OUT"
|
||||||
# Use /tmp (act-job-container fresh tmpfs) + unique suffix.
|
# Pull the veilor-os OCI we built; bootc-image-builder needs
|
||||||
OUT="/tmp/lmc-out-$$"
|
# it locally to compose the installer ISO.
|
||||||
TMPD="/tmp/lmc-$$"
|
podman pull ghcr.io/veilor-org/veilor-os:43 || \
|
||||||
rm -rf "$OUT" "$TMPD"
|
podman pull git.s8n.ru/veilor-org/veilor-os:43
|
||||||
mkdir -p "$TMPD"
|
# Generate a minimal config.toml for bootc-image-builder that
|
||||||
ln -sfn "$GITHUB_WORKSPACE" /work
|
# tells Anaconda to ask for LUKS pw + admin pw.
|
||||||
ls -ld "$OUT" 2>&1 || echo "[OK] $OUT does not exist (expected)"
|
cat > /tmp/bib-config.toml <<'TOML'
|
||||||
# IMPORTANT: --logfile MUST NOT live under --resultdir; livemedia
|
[[customizations.user]]
|
||||||
# pre-creates the parent before checking resultdir doesn't exist.
|
name = "admin"
|
||||||
LOGFILE=/tmp/livemedia-$$.log
|
password = ""
|
||||||
livemedia-creator \
|
groups = ["wheel"]
|
||||||
--make-iso \
|
TOML
|
||||||
--no-virt \
|
podman run --rm \
|
||||||
--ks kickstart/install-ostreecontainer-installer.ks \
|
--privileged \
|
||||||
--resultdir "$OUT" \
|
--pull=newer \
|
||||||
--tmp "$TMPD" \
|
--security-opt label=type:unconfined_t \
|
||||||
--volid "veilor-os-installer-${RELEASEVER}" \
|
-v "$OUT:/output" \
|
||||||
--project "veilor-os" \
|
-v /tmp/bib-config.toml:/config.toml:ro \
|
||||||
--releasever "$RELEASEVER" \
|
-v /var/lib/containers/storage:/var/lib/containers/storage \
|
||||||
--logfile "$LOGFILE" \
|
quay.io/centos-bootc/bootc-image-builder:latest \
|
||||||
2>&1 | tee /tmp/build.log
|
--type anaconda-iso \
|
||||||
|
--config /config.toml \
|
||||||
|
--rootfs btrfs \
|
||||||
|
ghcr.io/veilor-org/veilor-os:43
|
||||||
mkdir -p build/out
|
mkdir -p build/out
|
||||||
cp -a "$OUT"/. build/out/
|
find "$OUT" -name '*.iso' -exec cp {} build/out/ \;
|
||||||
cp -a "$LOGFILE" build/out/livemedia.log 2>/dev/null || true
|
|
||||||
cp -a /tmp/build.log build/out/build.log 2>/dev/null || true
|
|
||||||
ls -lh build/out/
|
ls -lh build/out/
|
||||||
|
|
||||||
- name: Rename ISO + sha256
|
- name: Rename ISO + sha256
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue