d44e9bbdd9
CI builds in fresh Fedora 43 container — matched pcre2/libselinux/selinux-policy versions, no fix-repo hack needed. Container starts every run from clean state, no zombie collisions. Fastest path to first green ISO.
120 lines
3.4 KiB
YAML
120 lines
3.4 KiB
YAML
name: Build veilor-os ISO
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths:
|
|
- 'kickstart/**'
|
|
- 'overlay/**'
|
|
- 'scripts/**'
|
|
- 'assets/**'
|
|
- 'build/**'
|
|
- '.github/workflows/build-iso.yml'
|
|
workflow_dispatch:
|
|
inputs:
|
|
releasever:
|
|
description: 'Fedora release version'
|
|
required: false
|
|
default: '43'
|
|
release:
|
|
types: [published]
|
|
|
|
jobs:
|
|
build:
|
|
name: Build live ISO
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 90
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Free up disk
|
|
run: |
|
|
sudo rm -rf /opt/hostedtoolcache /usr/share/dotnet /usr/local/lib/android /usr/local/share/boost
|
|
sudo apt-get clean
|
|
df -h
|
|
|
|
- name: Run build inside Fedora 43 container
|
|
uses: addnab/docker-run-action@v3
|
|
with:
|
|
image: registry.fedoraproject.org/fedora:43
|
|
options: |
|
|
--privileged
|
|
-v ${{ github.workspace }}:/work
|
|
-v /dev:/dev
|
|
--tmpfs /tmp:rw,nosuid,nodev,exec,size=8G
|
|
run: |
|
|
set -euxo pipefail
|
|
|
|
# Update Fedora image to latest packages — guarantees pcre2 +
|
|
# libselinux + selinux-policy are matched (the local build's
|
|
# core problem). CI runners always start fresh, no version skew.
|
|
dnf -y upgrade --refresh
|
|
|
|
# Install build tooling
|
|
dnf -y install \
|
|
lorax \
|
|
livecd-tools \
|
|
pykickstart \
|
|
anaconda-tui \
|
|
squashfs-tools \
|
|
xorriso \
|
|
createrepo_c \
|
|
git \
|
|
which \
|
|
shadow-utils
|
|
|
|
cd /work
|
|
|
|
# Validate kickstart syntax
|
|
ksvalidator kickstart/veilor-os.ks
|
|
|
|
# Run host-native build (CI container has matched lib versions
|
|
# so no need for fix-repo or anaconda patching).
|
|
mkdir -p build/out
|
|
|
|
livemedia-creator \
|
|
--make-iso \
|
|
--no-virt \
|
|
--ks kickstart/veilor-os.ks \
|
|
--resultdir build/out/build \
|
|
--project veilor-os \
|
|
--releasever "${{ github.event.inputs.releasever || '43' }}" \
|
|
--volid VEILOR_OS \
|
|
--tmp /tmp/veilor-lmc \
|
|
--logfile build/out/build.log
|
|
|
|
# Move output ISO + checksum
|
|
ISO_NAME="veilor-os-${{ github.event.inputs.releasever || '43' }}-$(date +%Y%m%d-%H%M%S).iso"
|
|
mv build/out/build/*.iso "build/out/${ISO_NAME}"
|
|
cd build/out
|
|
sha256sum "${ISO_NAME}" > "${ISO_NAME}.sha256"
|
|
ls -lh "${ISO_NAME}"
|
|
|
|
- name: Upload ISO artifact
|
|
if: success()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: veilor-os-iso
|
|
path: |
|
|
build/out/*.iso
|
|
build/out/*.sha256
|
|
retention-days: 14
|
|
|
|
- name: Upload build log on failure
|
|
if: failure()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: veilor-os-buildlog
|
|
path: |
|
|
build/out/build.log
|
|
build/out/build/anaconda/
|
|
|
|
- name: Attach to release
|
|
if: github.event_name == 'release'
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
files: |
|
|
build/out/*.iso
|
|
build/out/*.sha256
|