-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inherit from fedora-bootc's tier-x on Fedora 42+ #3177
base: rawhide
Are you sure you want to change the base?
Changes from all commits
735a11f
ae58850
83cbd06
17fd19e
739500e
6bff744
2effc86
89f9b5b
76397c7
5bb76e9
aee04ee
d1dd8ef
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
name: Bump fedora-bootc submodule | ||
|
||
on: | ||
schedule: | ||
- cron: '0 */6 * * *' | ||
workflow_dispatch: | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
bump-fedora-bootc-submodule: | ||
name: Bump fedora-bootc submodule | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
submodules: true | ||
fetch-depth: 0 | ||
# https://github.com/actions/checkout/issues/766 | ||
- name: Mark git checkout as safe | ||
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | ||
- name: Check if there are new commits | ||
run: | | ||
previous_rev=$(git -C fedora-bootc rev-parse HEAD) | ||
git submodule update --remote fedora-bootc | ||
new_rev=$(git -C fedora-bootc rev-parse HEAD) | ||
if [ "${previous_rev}" != "${new_rev}" ]; then | ||
if git -C fedora-bootc diff --quiet "${previous_rev}" "${new_rev}" tier-0 tier-x; then | ||
# reset back any changes to avoid a PR bump | ||
git submodule update | ||
fi | ||
fi | ||
if git diff --quiet --exit-code; then | ||
echo "No tier-0 or tier-x changes; exiting" | ||
exit 0 | ||
fi | ||
|
||
git -C fedora-bootc shortlog --no-merges "${previous_rev}..${new_rev}" -- tier-0 tier-x > $RUNNER_TEMP/shortlog | ||
|
||
marker=END-OF-LOG-MARKER-$RANDOM$RANDOM$RANDOM | ||
cat >> $GITHUB_ENV <<EOF | ||
SHORTLOG<<$marker | ||
$(cat $RUNNER_TEMP/shortlog) | ||
$marker | ||
EOF | ||
- name: Open pull request | ||
uses: peter-evans/create-pull-request@v6 | ||
with: | ||
token: ${{ secrets.COREOSBOT_RELENG_TOKEN }} | ||
push-to-fork: coreosbot-releng/fedora-coreos-config | ||
branch: bump-fedora-bootc | ||
commit-message: | | ||
Bump fedora-bootc submodule | ||
|
||
${{ env.SHORTLOG }} | ||
title: "Bump fedora-bootc submodule" | ||
body: | | ||
Created by [GitHub workflow](${{ github.server_url }}/${{ github.repository }}/actions/workflows/bump-fedora-bootc.yml) ([source](${{ github.server_url }}/${{ github.repository }}/blob/testing-devel/.github/workflows/bump-fedora-bootc.yml)). | ||
|
||
``` | ||
${{ env.SHORTLOG }} | ||
``` | ||
committer: "CoreOS Bot <coreosbot@fedoraproject.org>" | ||
author: "CoreOS Bot <coreosbot@fedoraproject.org>" |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
[submodule "fedora-bootc"] | ||
path = fedora-bootc | ||
url = https://gitlab.com/fedora/bootc/base-images.git |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# This manifest can go away in Fedora 42. It duplicates tier-x. | ||
|
||
# Modern defaults we want | ||
boot-location: modules | ||
tmp-is-dir: true | ||
|
||
# Required by Ignition, and makes the system not compatible with Anaconda | ||
machineid-compat: false | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is also in |
||
|
||
remove-from-packages: | ||
# We don't want systemd-firstboot.service. It conceptually conflicts with | ||
# Ignition. We also inject runtime bits to disable it in systemd-firstboot.service.d/fcos-disable.conf | ||
# to make it easier to use systemd builds from git. | ||
- [systemd, /usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service] | ||
# We don't want auto-generated mount units. See also | ||
# https://github.com/systemd/systemd/issues/13099 | ||
- [systemd-udev, /usr/lib/systemd/system-generators/systemd-gpt-auto-generator] |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,32 +5,15 @@ | |
# One good model is to add fedora-coreos-config as a git submodule. See: | ||
# https://github.com/coreos/coreos-assembler/pull/639 | ||
|
||
# Include rpm-ostree + kernel + bootloader | ||
include: bootable-rpm-ostree.yaml | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. notable that |
||
# Modern defaults we want | ||
boot-location: modules | ||
tmp-is-dir: true | ||
|
||
# Required by Ignition, and makes the system not compatible with Anaconda | ||
machineid-compat: false | ||
|
||
packages: | ||
- ignition | ||
- dracut-network | ||
# for encryption | ||
- clevis clevis-luks clevis-dracut clevis-systemd | ||
|
||
remove-from-packages: | ||
# We don't want systemd-firstboot.service. It conceptually conflicts with | ||
# Ignition. We also inject runtime bits to disable it in systemd-firstboot.service.d/fcos-disable.conf | ||
# to make it easier to use systemd builds from git. | ||
- [systemd, /usr/bin/systemd-firstboot, | ||
/usr/lib/systemd/system/systemd-firstboot.service, | ||
/usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service] | ||
# We don't want auto-generated mount units. See also | ||
# https://github.com/systemd/systemd/issues/13099 | ||
- [systemd-udev, /usr/lib/systemd/system-generators/systemd-gpt-auto-generator] | ||
packages-s390x: | ||
# for Secure Execution | ||
- veritysetup | ||
|
||
postprocess: | ||
# Undo RPM scripts enabling units; we want the presets to be canonical | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# This manifest can go away in Fedora 42. It duplicates tier-x. | ||
|
||
packages: | ||
# Standard tools for configuring network/hostname | ||
- NetworkManager hostname | ||
- iproute | ||
# Firewall manipulation | ||
- iptables |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,17 +3,15 @@ | |
# generic enough to be shared downstream with RHCOS. | ||
|
||
packages: | ||
# Standard tools for configuring network/hostname | ||
- NetworkManager hostname | ||
# Interactive Networking configuration during coreos-install | ||
- NetworkManager-tui | ||
# Support for cloud quirks and dynamic config in real rootfs: | ||
# https://github.com/coreos/fedora-coreos-tracker/issues/320 | ||
- NetworkManager-cloud-setup | ||
# Route manipulation and QoS | ||
- iproute iproute-tc | ||
# Route QoS | ||
- iproute-tc | ||
# Firewall manipulation | ||
- iptables nftables | ||
- nftables | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm surprised |
||
# Interactive network tools for admins | ||
- socat net-tools bind-utils | ||
# Declarative network configuration | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# This manifest can go away in Fedora 42. It duplicates tier-x. | ||
|
||
packages: | ||
- cryptsetup | ||
- e2fsprogs | ||
- lvm2 | ||
- xfsprogs | ||
# SELinux policy | ||
- selinux-policy-targeted | ||
# Allow for configuring different timezones | ||
- tzdata | ||
# zram-generator (but not zram-generator-defaults) for F33 change | ||
# https://github.com/coreos/fedora-coreos-tracker/issues/509 | ||
- zram-generator |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# All of these manifests duplicate tier-x. It's meant to be included by streams | ||
# which do not yet inherit from it (like FCOS <42, and "traditional" RHCOS) | ||
|
||
include: | ||
- bootable-rpm-ostree.yaml | ||
- ignition-and-ostree-tier-x-dupes.yaml | ||
- system-configuration-tier-x-dupes.yaml | ||
- networking-tools-tier-x-dupes.yaml | ||
- user-experience-tier-x-dupes.yaml | ||
# See https://github.com/coreos/bootupd | ||
- bootupd.yaml |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Here, we include tier-x, but override some key settings. | ||
|
||
include: ../fedora-bootc/tier-x/manifest.yaml | ||
|
||
# Required by Ignition, and makes the system not compatible with Anaconda. | ||
# Note this deviates from fedora-bootc and means `systemctl enable` doesn't | ||
# work in a container build. We'll have to resolve that issue some other way in | ||
# the future... For more details, see | ||
# https://github.com/CentOS/centos-bootc/issues/167 | ||
machineid-compat: false | ||
|
||
# This is the historical default and what FCOS currently ships. fedora-bootc | ||
# uses the new `root` value, but migrating FCOS is not that simple... | ||
opt-usrlocal: var |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# This manifest can go away in Fedora 42. It duplicates tier-x. | ||
|
||
# Default to `bash` in our container, the same as other containers we ship. | ||
# Note this changes to /sbin/init in f42 as inherited by tier-x. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. does this make the generated container not |
||
container-cmd: | ||
- /usr/bin/bash | ||
|
||
packages: | ||
# Basic user tools | ||
- bash-completion | ||
- coreutils | ||
# jq - parsing/interacting with JSON data | ||
- jq | ||
- less | ||
- sudo | ||
- vim-minimal | ||
# File compression/decompression | ||
- tar | ||
# Remote Access | ||
- openssh-clients openssh-server | ||
# Container tooling | ||
## crun recommends but doesn't require criu and criu-libs. We want them for | ||
## checkpoint/restore. https://github.com/coreos/fedora-coreos-tracker/issues/1370 | ||
- crun criu criu-libs | ||
- podman | ||
- skopeo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not the biggest fan of a submodule here but I guess that's really the only way to share at this stage. I really don't know of anything better, but a lot of questions to come to mind.
config
bot, how are updates to the submodule going to work?stable
testing
andtesting-devel
are on F40,next
andnext-devel
are on F41, andrawhide
F42. How do we account for this with a submodule. https://gitlab.com/fedora/bootc/base-images.git isn't a linear definition, it has branches like the rest of Fedora.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Filed https://gitlab.com/fedora/bootc/tracker/-/issues/39 related to this.