ci: add bootc RPM build and bootc container image build

Will run for each PR to build RPM and re-build bootc container
to replace bootc with new build one

Signed-off-by: Xiaofeng Wang <[email protected]>

Author: henrywang

.github/workflows/e2e.yml

@@ -0,0 +1,100 @@
+name: build bootc and bootc image
+
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, ubuntu-24.04-arm]
+        # os: [ubuntu-latest]
+        # distro: [fedora-41, fedora-42, fedora-r43, centos-stream-9, centos-stream-10]
+        distro: [centos-stream-9]
+    runs-on: ${{ matrix.os }}
+
+    # Required to push container image to ghcr.io
+    # https://github.com/orgs/community/discussions/57724
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build bootc RPM
+        env:
+          DISTRO: ${{ matrix.distro }}
+          BUILD_IMAGE: quay.io/fedora/fedora:42
+        run: |
+          podman run \
+            --rm \
+            --privileged \
+            -v $(pwd):/workdir:z \
+            -e DISTRO=$DISTRO \
+            --workdir /workdir \
+            $BUILD_IMAGE \
+            contrib/scripts/mock_build.sh
+
+      - name: Re-build bootc image with new bootc PRM
+        env:
+          DISTRO: ${{ matrix.distro }}
+        run: |
+          set -xeu
+          if [[ $DISTRO =~ fedora ]]; then
+            VERSION_ID=$(cut -d'-' -f2 <<<"$DISTRO")
+            BASE_IMAGE="quay.io/fedora/fedora-bootc:${VERSION_ID}"
+          fi
+          if [[ $DISTRO =~ centos ]]; then
+            VERSION_ID=$(cut -d'-' -f3 <<<"$DISTRO")
+            BASE_IMAGE="quay.io/centos-bootc/centos-bootc:stream${VERSION_ID}"
+          fi
+
+          tee target/build/Containerfile >/dev/null <<CONTAINERFILEEOF
+          FROM $BASE_IMAGE
+          RUN dnf -y upgrade /rpms/*.rpm && dnf -y clean all && rm -rf /var/cache /var/lib/dnf
+          CONTAINERFILEEOF
+          cat target/build/Containerfile
+
+          IMAGE_NAME="bootc-image:${{ github.sha }}-$(uname -m)"
+          buildah build -v "$(pwd)/target/build/":/rpms:z -t $IMAGE_NAME target/build
+          buildah login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
+          buildah push $IMAGE_NAME "docker://ghcr.io/${{ github.event.pull_request.head.repo.full_name }}/$IMAGE_NAME"
+
+  push:
+    needs: build
+    runs-on: ubuntu-latest
+
+    # Required to push container image to ghcr.io
+    # https://github.com/orgs/community/discussions/57724
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Push manifest
+        env:
+          ARCHES: "x86_64 aarch64"
+        run: |
+          set -xeuo pipefail
+          REGISTRY_NAME="ghcr.io/${{ github.event.pull_request.head.repo.full_name }}/bootc-image"
+          buildah login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
+
+          for arch in $ARCHES; do
+            buildah pull "${REGISTRY_NAME}:${{ github.sha }}-${arch}"
+          done
+
+          buildah manifest create "${REGISTRY_NAME}:${{ github.sha }}" `for arch in ${ARCHES}; do echo "${REGISTRY_NAME}:${{ github.sha }}-${arch};" done`
+
+          for arch in ${ARCHES}; do
+            buildah manifest annotate "${REGISTRY_NAME}:${{ github.sha }}" "${REGISTRY_NAME}:${{ github.sha }}-${arch}" --os linux --arch ${arch}
+          done
+          buildah tag "${REGISTRY_NAME}:${{ github.sha }}"
+          buildah manifest push --all "${REGISTRY_NAME}:${{ github.sha }}" docker://"${REGISTRY_NAME}:${{ github.sha }}"

.packit.yaml

@@ -44,8 +44,10 @@ jobs:
       - centos-stream-10-s390x
       - fedora-41-x86_64
       - fedora-41-aarch64
-      - fedora-41-ppc64le
-      - fedora-41-s390x
+      - fedora-42-x86_64
+      - fedora-42-aarch64
+      - fedora-42-ppc64le
+      - fedora-42-s390x
       # Sanity check on secondary targets, fewer architectures just
       # because the chance that we break e.g. ppc64le *just* on
       # rawhide is basically nil.
@@ -81,7 +83,7 @@ jobs:
       - fedora-rawhide-aarch64
     tmt_plan: /integration
     skip_build: true
-    identifier: integration-test
+    identifier: integration
 
   - job: propose_downstream
     trigger: release

contrib/scripts/mock_build.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+set -exuo pipefail
+
+ARCH=$(uname -m)
+MOCK_CONFIG="${DISTRO}-${ARCH}"
+
+sudo dnf install -y cargo zstd git openssl-devel ostree-devel rpm-build mock
+
+sudo dnf -y builddep contrib/packaging/bootc.spec
+cargo install cargo-vendor-filterer
+
+cargo xtask spec
+
+# Adding user to mock group
+sudo usermod -a -G mock "$(whoami)"
+
+# Building SRPM
+mock -r "$MOCK_CONFIG" --buildsrpm \
+  --spec "target/bootc.spec" \
+  --config-opts=cleanup_on_failure=False \
+  --config-opts=cleanup_on_success=True \
+  --sources target \
+  --resultdir target/build
+
+# Building RPMs
+mock -r "$MOCK_CONFIG" \
+    --config-opts=cleanup_on_failure=False \
+    --config-opts=cleanup_on_success=True \
+    --resultdir "target/build" \
+    target/build/*.src.rpm