diff --git a/.github/workflows/rootfs.yaml b/.github/workflows/rootfs.yaml new file mode 100644 index 0000000..75b5c4d --- /dev/null +++ b/.github/workflows/rootfs.yaml @@ -0,0 +1,61 @@ +name: Build and Push Rootfs Docker Image + +on: + push: + branches: + - main + paths: + - 'Dockerfile' + workflow_dispatch: + +permissions: + # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. + # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings + id-token: write + contents: write + +jobs: + build-rootfs-image: + runs-on: ubuntu-latest + strategy: + matrix: + arch: ['amd64', 'arm64'] + steps: + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: ${{ secrets.REGION }} + role-to-assume: ${{ secrets.ROLE }} + role-session-name: rootfs-ecr-image-upload-session + - name: checkout repo + uses: actions/checkout@v3 + with: + fetch-depth: 0 + persist-credentials: false + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build Image + uses: docker/build-push-action@v4 + with: + platforms: linux/${{ matrix.arch }} + push: false + load: true # load the image into Docker so we can create a container from it + tags: finch-rootfs-image-production:intermediate + - name: Tag and Push Container Image + run: | + TIMESTAMP=${{ steps.timestamp.outputs.value }} + + docker tag finch-rootfs-image-production:intermediate ${{ secrets.ROOTFS_IMAGE_ECR_REPOSITORY_NAME }}:${{ matrix.arch }}-"$TIMESTAMP" + docker push ${{ secrets.ROOTFS_IMAGE_ECR_REPOSITORY_NAME }}:${{ matrix.arch }}-"$TIMESTAMP" + - name: Create, Compress, and Upload Rootfs + run: | + TIMESTAMP=${{ steps.timestamp.outputs.value }} + + docker container create --platform linux/${{ matrix.arch }} --name ${{ matrix.arch }}-rootfs finch-rootfs-image-production:intermediate + docker container export -o finch-rootfs-production-${{ matrix.arch }}.tar ${{ matrix.arch }}-rootfs + + zstd -z -18 finch-rootfs-production-${{ matrix.arch }}.tar -o finch-rootfs-production-${{ matrix.arch }}-"$TIMESTAMP".tar.zst + + aws s3 cp ./finch-rootfs-production-${{ matrix.arch }}-"$TIMESTAMP".tar.zst s3://${{ secrets.DEPENDENCY_BUCKET_NAME }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..bb43523 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,30 @@ +# syntax = docker/dockerfile:1.4 +FROM public.ecr.aws/docker/library/fedora:38 + +# install necessary cloud-server packages +RUN dnf group install -y cloud-server-environment --exclude=plymouth* \ + --exclude=geolite* \ + --exclude=firewalld* \ + --exclude=grub* \ + --exclude=dracut* \ + --exclude=shim-* + +RUN systemctl enable cloud-init cloud-init-local cloud-config cloud-final + +# enable systemd +# disabled network conf in cloud config +RUN <> /etc/wsl.conf +[boot] +systemd=true +EOF + +RUN <> /etc/cloud/cloud.cfg +network: + config: disabled +EOF + +# cleanup +RUN dnf clean all &&\ + rm -f /etc/NetworkManager/system-connections/*.nmconnection && \ + truncate -s 0 /etc/machine-id && \ + rm -f /var/lib/systemd/random-seed