diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0d15fbe2bee..3d8b814046c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,7 +11,7 @@ env: jobs: push-ghcr: name: Build and push image - runs-on: ubuntu-latest + runs-on: buildjet-2vcpu-ubuntu-2204 permissions: contents: read packages: write @@ -22,35 +22,21 @@ jobs: image_flavor: [main, nvidia] base_name: [bluefin, bluefin-dx, bluefin-framework, bluefin-dx-framework] major_version: [38] - nvidia_version: [535, 470] exclude: - base_name: bluefin-dx-framework image_flavor: nvidia - base_name: bluefin-framework image_flavor: nvidia - - image_flavor: main - nvidia_version: 535 - - image_flavor: main - nvidia_version: 470 include: - base_name: bluefin-framework target_base: bluefin - major_version: 38 - image_flavor: main target_name: framework - base_name: bluefin-dx-framework - image_flavor: main - major_version: 38 target_base: bluefin-dx target_name: framework - major_version: 38 is_latest_version: true is_stable_version: true - - major_version: 38 - image_flavor: nvidia - nvidia_version: 535 - is_latest_nvidia_version: true - steps: # Checkout push-to-registry action GitHub repository - name: Checkout Push to Registry action @@ -71,7 +57,6 @@ jobs: # Generate a timestamp for creating an image version history TIMESTAMP="$(date +%Y%m%d)" MAJOR_VERSION="${{ matrix.major_version }}" - NVIDIA_VERSION="${{ matrix.nvidia_version }}" COMMIT_TAGS=() BUILD_TAGS=() # Have tags for tracking builds during pull request @@ -84,22 +69,11 @@ jobs: COMMIT_TAGS+=("${SHA_SHORT}") fi - echo ${{ matrix.image_flavor }} - if [[ "${{ matrix.image_flavor }}" == "nvidia" ]]; then - echo "test" - BUILD_TAGS=("${MAJOR_VERSION}-${NVIDIA_VERSION}" "${MAJOR_VERSION}-${NVIDIA_VERSION}-${TIMESTAMP}") - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_latest_nvidia_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then - BUILD_TAGS+=("latest") - BUILD_TAGS+=("${MAJOR_VERSION}") - fi - else - BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION}-${TIMESTAMP}") - if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ - [[ "${{ matrix.is_stable_version }}" == "true" ]]; then - BUILD_TAGS+=("latest") - fi + BUILD_TAGS=("${MAJOR_VERSION}" "${MAJOR_VERSION}-${TIMESTAMP}") + + if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \ + [[ "${{ matrix.is_stable_version }}" == "true" ]]; then + BUILD_TAGS+=("latest") fi if [[ "${{ github.event_name }}" == "pull_request" ]]; then @@ -151,16 +125,6 @@ jobs: run: | sed -i 's/FROM bluefin AS bluefin-framework/FROM ${{ matrix.target_base }} AS ${{ matrix.base_name }}/' Containerfile - - name: Set base image tag to have nvidia version - id: base_tag - shell: bash - run: | - if [[ "${{ matrix.image_flavor }}" == "nvidia" ]]; then - echo "NVIDIA_VERSION=-${{ matrix.nvidia_version }}" >> $GITHUB_ENV - else - echo "NVIDIA_VERSION=" >> $GITHUB_ENV - fi - # Build image using Buildah action - name: Build Image id: build_image @@ -176,7 +140,6 @@ jobs: IMAGE_FLAVOR=${{ matrix.image_flavor }} FEDORA_MAJOR_VERSION=${{ matrix.major_version }} TARGET_BASE=${{ matrix.target_base }} - NVIDIA_VERSION=${{ env.NVIDIA_VERSION}} labels: ${{ steps.meta.outputs.labels }} oci: false # TODO(GH-280) @@ -210,29 +173,29 @@ jobs: extra-args: | --disable-content-trust - # - name: Login to GitHub Container Registry - # uses: docker/login-action@v2 - # if: github.event_name != 'pull_request' - # with: - # registry: ghcr.io - # username: ${{ github.actor }} - # password: ${{ secrets.GITHUB_TOKEN }} - - # # Sign container - # - uses: sigstore/cosign-installer@v3.1.1 - # if: github.event_name != 'pull_request' - - # - name: Sign container image - # if: github.event_name != 'pull_request' - # run: | - # cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} - # env: - # TAGS: ${{ steps.push.outputs.digest }} - # COSIGN_EXPERIMENTAL: false - # COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} - - # - name: Echo outputs - # if: github.event_name != 'pull_request' - # run: | - # echo "${{ toJSON(steps.push.outputs) }}" + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + if: github.event_name != 'pull_request' + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Sign container + - uses: sigstore/cosign-installer@v3.1.1 + if: github.event_name != 'pull_request' + + - name: Sign container image + if: github.event_name != 'pull_request' + run: | + cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} + env: + TAGS: ${{ steps.push.outputs.digest }} + COSIGN_EXPERIMENTAL: false + COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} + + - name: Echo outputs + if: github.event_name != 'pull_request' + run: | + echo "${{ toJSON(steps.push.outputs) }}" diff --git a/Containerfile b/Containerfile index 7e8937a549e..95a891f461c 100644 --- a/Containerfile +++ b/Containerfile @@ -4,9 +4,8 @@ ARG SOURCE_IMAGE="${SOURCE_IMAGE:-$BASE_IMAGE_NAME-$IMAGE_FLAVOR}" ARG BASE_IMAGE="ghcr.io/ublue-os/${SOURCE_IMAGE}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-37}" ARG TARGET_BASE="${TARGET_BASE:-bluefin}" -ARG NVIDIA_VERSION="${NVIDIA_VERSION}" -FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION}${NVIDIA_VERSION} AS bluefin +FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS bluefin ARG IMAGE_NAME="${IMAGE_NAME}" ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION}"