modernize the build system

.github/workflows/buildkit.yml

@@ -0,0 +1,55 @@
+on:
+  push:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/aosc-os-buildkit
+
+permissions:
+    contents: read
+    packages: write
+    attestations: write
+    id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Tarball
+        run: |
+          ./get_buildkit.sh
+          ls
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+            images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/mainline.yml

@@ -0,0 +1,92 @@
+on:
+  push:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/aosc-os
+
+permissions:
+    contents: read
+    packages: write
+    attestations: write
+    id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        arch: ["amd64", "arm64", "riscv64", "loongarch64"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up aoscbootstrap # 偷包
+        run: |
+          sudo apt update
+          sudo apt install nettle-dev liblzma-dev zlib1g-dev
+          curl -O https://repo.aosc.io/debs/pool/stable/main/a/arch-chroot_28+mirrorlist20231113+pacman6.0.1-0_noarch.deb
+          curl -O https://repo.aosc.io/debs/pool/stable/main/a/aoscbootstrap_0.9.0-0_amd64.deb
+          sudo dpkg --force-depends -i *.deb
+          git clone --branch v0.9.0 --depth 1 https://github.com/AOSC-Dev/aoscbootstrap
+          cd aoscbootstrap
+          patch -p1 <../arch-chroot.patch
+          CMAKE_POLICY_VERSION_MINIMUM=3.5 cargo b
+          cd ..
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: aoscbootstrap
+        run: |
+          sudo ./aoscbootstrap/target/debug/aoscbootstrap -a ${{ matrix.arch }} -c /usr/share/aoscbootstrap/config/aosc-mainline.toml --export-tar-xz ${{ matrix.arch }}.tar.xz stable rootfs
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: tarball-${{ matrix.arch }}
+          path: ${{ matrix.arch }}.tar.xz
+
+  push:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          pattern: tarball-*
+          merge-multiple: true
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+            images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64,linux/loongarch64,linux/riscv64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -0,0 +1,7 @@
+FROM scratch
+LABEL maintainer="AOSC-dev"
+ARG TARGETOS
+ARG TARGETARCH
+ADD "${TARGETARCH}.tar.xz" /
+CMD ["/bin/bash"]
+RUN sed -i 's/no_check_dbus = false/no_check_dbus = true/' /etc/oma.toml

README.md

@@ -1,32 +1,4 @@
-# Introduction
+# Unofficial AOSC OS Container Image
+to be merged with upstream
 
-Docker image configuration, tools, and documentation repository.
-
-## Rationale
-
-AOSC OS has been distributing in the form of tarballs for a long time. It should make sense to provide
-users with Docker images that suites for specialized functions, for example, a webserver that runs on
-nginx, or a base system that runs all the building necesities (yes, packagers should always keep their
-workspace minimal).
-
-Docker images are (very) simple to deploy, and does not interfere with the running system (in a container),
-therefore it is sensible to run applications in such a container.
-
-## What is provided here
-
-We provide basic tools for creating images from existing AOSC OS releases (too big to upload to the
-Docker Hub probably), and Dockerfiles for you to enjoy the DIY process.
-
-Also, documentations are provided with information to developers about maintaining the images, and
-on how to improve them.
-
-# How to make a new Dockerfile for a new version for maintainers
-```
-cd scriptlets
-./gen_dockerfile.rb
-(enter the download url here)
-cd #{version}
-nano Dockerfile
-(do your customization here)
-(build the docker image now)
-```
+see [#6](https://github.com/AOSC-Dev/aosc-os-docker-files/pull/6)

arch-chroot.patch

@@ -0,0 +1,22 @@
+diff --git a/src/guest.rs b/src/guest.rs
+index e69848d..b348901 100644
+--- a/src/guest.rs
++++ b/src/guest.rs
+@@ -71,7 +71,7 @@ fn wait_for_container(child: &mut Child, ns_name: &str, retry: usize) -> Result<
+ }
+
+ fn chroot_do(target: &str, args: &[&str]) -> Result<()> {
+-    let status = Command::new("chroot").arg(target).args(args).status()?;
++    let status = Command::new("arch-chroot").arg(target).args(args).status()?;
+
+     if !status.success() {
+         return Err(anyhow!("chroot exited with status {}", status));
+@@ -120,7 +120,7 @@ fn nspawn_do(target: &str, args: &[&str]) -> Result<()> {
+ pub fn run_in_guest(target: &str, args: &[&str]) -> Result<()> {
+     if which::which("systemd-nspawn").is_ok() {
+         return nspawn_do(target, args);
+-    } else if which::which("chroot").is_ok() {
++    } else if which::which("arch-chroot").is_ok() {
+         return chroot_do(target, args);
+     }
+

get_buildkit.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+function get_buildkit() {
+  if [[ "x$1" == 'x' ]]; then
+    echo 'provide ARCH pls'
+    exit 1
+  fi
+
+  OUTPUT="$1.tar.xz"
+
+  URL_AND_HASH=$(curl https://releases.aosc.io/manifest/recipe.json \
+                   | jq --raw-output ".variants | map(select(.name==\"BuildKit\" and .retro==false)) | .[0].tarballs | map(select(.arch==\"$1\")) | sort_by(.date) | reverse .[0] | .path, .sha256sum")
+  # e.g.: os-amd64/buildkit/aosc-os_buildkit_20250606_amd64.tar.xz
+
+  {
+    read -r URL_PATH
+    read -r HASH
+  } <<< "${URL_AND_HASH}"
+
+
+  curl "https://releases.aosc.io/${URL_PATH}" -o "${OUTPUT}"
+
+  echo "${HASH} ${OUTPUT}" | sha256sum -c -
+}
+
+#ARCHS=(amd64 arm64 riscv64 loongarch64)
+ARCHS=(arm64)
+
+for arch in "${ARCHS[@]}"
+do
+  get_buildkit $arch
+done