From 869c014c1bbfb2e8854258fd07d573c4ef1ec263 Mon Sep 17 00:00:00 2001
From: Benjamin Sherman <benjamin@holyarmy.org>
Date: Fri, 25 Aug 2023 15:28:42 -0500
Subject: [PATCH] feat: split nvidia akmods into distinct images (#54)

In order to make both build time and minimize excess space used by
consumers of akmods images, it is helpful to split the nvidia drivers
each into their own distinct image.

The original `akmods` image returns to its very small (currently 1.7MB)
size, and the new `akmods-nvidia` images will each be only the size of
their respective kmod.
---
 .github/workflows/build.yml           | 22 ++++++++++---
 Containerfile => Containerfile.common | 21 +++---------
 Containerfile.nvidia                  | 46 +++++++++++++++++++++++++++
 build-kmod-nvidia.sh                  |  6 +---
 build-prep.sh                         | 12 +++----
 5 files changed, 75 insertions(+), 32 deletions(-)
 rename Containerfile => Containerfile.common (60%)
 create mode 100644 Containerfile.nvidia

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index b81e1187..6ca31c1e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -21,7 +21,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
+        cfile_suffix: [common, nvidia]
         major_version: [37, 38, 39]
+        nvidia_version: [0, 470, 535]
+        exclude:
+          - cfile_suffix: common
+            nvidia_version: 470
+          - cfile_suffix: common
+            nvidia_version: 535
+          - cfile_suffix: nvidia
+            nvidia_version: 0
     steps:
       # Checkout push-to-registry action GitHub repository
       - name: Checkout Push to Registry action
@@ -33,7 +42,11 @@ jobs:
         run: |
           # Generate a timestamp for creating an image version history
           TIMESTAMP="$(date +%Y%m%d)"
-          VARIANT="${{ matrix.major_version }}"
+          if [[ "${{ matrix.cfile_suffix }}" == "nvidia" ]]; then
+              VARIANT="${{ matrix.major_version }}-${{ matrix.nvidia_version }}"
+          else
+              VARIANT="${{ matrix.major_version }}"
+          fi
 
           COMMIT_TAGS=()
           BUILD_TAGS=()
@@ -89,7 +102,7 @@ jobs:
         id: meta
         with:
           images: |
-            ${{ env.IMAGE_NAME }}
+            ${{ 'nvidia' == matrix.cfile_suffix && format('{0}-nvidia', env.IMAGE_NAME) || format('{0}', env.IMAGE_NAME) }}
           labels: |
             org.opencontainers.image.title=${{ env.IMAGE_NAME }}
             org.opencontainers.image.description=A caching layer for pre-built akmod RPMs
@@ -104,13 +117,14 @@ jobs:
         uses: redhat-actions/buildah-build@v2
         with:
           containerfiles: |
-            ./Containerfile
-          image: ${{ env.IMAGE_NAME }}
+            ./Containerfile.${{ matrix.cfile_suffix }}
+          image: ${{ 'nvidia' == matrix.cfile_suffix && format('{0}-nvidia', env.IMAGE_NAME) || format('{0}', env.IMAGE_NAME) }}
           tags: |
             ${{ steps.generate-tags.outputs.alias_tags }}
           build-args: |
             SOURCE_IMAGE=${{ env.SOURCE_IMAGE }}
             FEDORA_MAJOR_VERSION=${{ matrix.major_version }}
+            NVIDIA_MAJOR_VERSION=${{ matrix.nvidia_version }}
           labels: ${{ steps.meta.outputs.labels }}
           oci: false
 
diff --git a/Containerfile b/Containerfile.common
similarity index 60%
rename from Containerfile
rename to Containerfile.common
index 36f5f283..9346ac5a 100644
--- a/Containerfile
+++ b/Containerfile.common
@@ -1,3 +1,7 @@
+###
+### Containerfile.common - used to build ONLY NON-nvidia kmods
+###
+
 #Build from base, simpley because it's the smallest image
 ARG SOURCE_IMAGE="${SOURCE_IMAGE:-base}"
 ARG BASE_IMAGE="quay.io/fedora-ostree-desktops/${SOURCE_IMAGE}"
@@ -18,23 +22,9 @@ ADD https://negativo17.org/repos/fedora-steam.repo \
 ADD https://negativo17.org/repos/fedora-multimedia.repo \
     /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-multimedia.repo    
 
-# files for nvidia
-COPY ublue-os-nvidia-addons.spec /tmp/ublue-os-nvidia-addons/ublue-os-nvidia-addons.spec
-ADD https://nvidia.github.io/nvidia-docker/rhel9.0/nvidia-docker.repo \
-    /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/nvidia-container-runtime.repo
-ADD https://copr.fedorainfracloud.org/coprs/eyecantcu/supergfxctl/repo/fedora-${FEDORA_MAJOR_VERSION}/eyecantcu-supergfxctl-fedora-${FEDORA_MAJOR_VERSION}.repo \
-    /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/eyecantcu-supergfxctl.repo
-ADD files/etc/nvidia-container-runtime/config-rootless.toml \
-    /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/config-rootless.toml
-ADD https://raw.githubusercontent.com/NVIDIA/dgx-selinux/master/bin/RHEL9/nvidia-container.pp \
-    /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/nvidia-container.pp
-ADD files/etc/sway/environment /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/environment
-
-
 RUN /tmp/build-prep.sh
 
 RUN /tmp/build-ublue-os-akmods-addons.sh
-RUN /tmp/build-ublue-os-nvidia-addons.sh
 
 RUN /tmp/build-kmod-evdi.sh
 RUN /tmp/build-kmod-gasket.sh
@@ -44,11 +34,8 @@ RUN /tmp/build-kmod-steamdeck.sh
 RUN /tmp/build-kmod-v4l2loopback.sh
 RUN /tmp/build-kmod-wl.sh
 RUN /tmp/build-kmod-xpadneo.sh
-RUN /tmp/build-kmod-nvidia.sh 470
-RUN /tmp/build-kmod-nvidia.sh 535
 
 RUN cp /tmp/ublue-os-akmods-addons/rpmbuild/RPMS/noarch/ublue-os-akmods-addons*.rpm \
-       /tmp/ublue-os-nvidia-addons/rpmbuild/RPMS/noarch/ublue-os-nvidia-addons*.rpm \
       /var/cache/rpms/ublue-os/
 RUN for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \
         cp "${RPM}" /var/cache/rpms/kmods/; \
diff --git a/Containerfile.nvidia b/Containerfile.nvidia
new file mode 100644
index 00000000..0f246740
--- /dev/null
+++ b/Containerfile.nvidia
@@ -0,0 +1,46 @@
+###
+### Containerfile.nvidia - used to build ONLY NVIDIA kmods (one driver version per build)
+###
+
+#Build from base, simpley because it's the smallest image
+ARG SOURCE_IMAGE="${SOURCE_IMAGE:-base}"
+ARG BASE_IMAGE="quay.io/fedora-ostree-desktops/${SOURCE_IMAGE}"
+ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-37}"
+
+FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS builder
+ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-37}"
+ARG NVIDIA_MAJOR_VERSION="${NVIDIA_MAJOR_VERSION:-470}"
+
+COPY build*.sh /tmp
+COPY certs /tmp/certs
+
+# files for nvidia
+COPY ublue-os-nvidia-addons.spec /tmp/ublue-os-nvidia-addons/ublue-os-nvidia-addons.spec
+ADD https://nvidia.github.io/nvidia-docker/rhel9.0/nvidia-docker.repo \
+    /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/nvidia-container-runtime.repo
+ADD https://copr.fedorainfracloud.org/coprs/eyecantcu/supergfxctl/repo/fedora-${FEDORA_MAJOR_VERSION}/eyecantcu-supergfxctl-fedora-${FEDORA_MAJOR_VERSION}.repo \
+    /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/eyecantcu-supergfxctl.repo
+ADD files/etc/nvidia-container-runtime/config-rootless.toml \
+    /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/config-rootless.toml
+ADD https://raw.githubusercontent.com/NVIDIA/dgx-selinux/master/bin/RHEL9/nvidia-container.pp \
+    /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/nvidia-container.pp
+ADD files/etc/sway/environment /tmp/ublue-os-nvidia-addons/rpmbuild/SOURCES/environment
+
+
+RUN /tmp/build-prep.sh
+
+RUN /tmp/build-ublue-os-nvidia-addons.sh
+
+RUN /tmp/build-kmod-nvidia.sh ${NVIDIA_MAJOR_VERSION}
+
+RUN cp /tmp/ublue-os-nvidia-addons/rpmbuild/RPMS/noarch/ublue-os-nvidia-addons*.rpm \
+      /var/cache/rpms/ublue-os/
+RUN for RPM in $(find /var/cache/akmods/ -type f -name \*.rpm); do \
+        cp "${RPM}" /var/cache/rpms/kmods/; \
+    done
+
+RUN find /var/cache/rpms
+
+FROM scratch
+
+COPY --from=builder /var/cache/rpms /rpms
diff --git a/build-kmod-nvidia.sh b/build-kmod-nvidia.sh
index 0de2f251..16f0399d 100755
--- a/build-kmod-nvidia.sh
+++ b/build-kmod-nvidia.sh
@@ -18,7 +18,7 @@ else
     NVIDIA_PACKAGE_NAME="nvidia-${NVIDIA_MAJOR_VERSION}xx"
 fi
 
-dnf install -y \
+rpm-ostree install \
     akmod-${NVIDIA_PACKAGE_NAME}*:${NVIDIA_MAJOR_VERSION}.*.fc${RELEASE} \
     xorg-x11-drv-${NVIDIA_PACKAGE_NAME}-{,cuda,devel,kmodsrc,power}*:${NVIDIA_MAJOR_VERSION}.*.fc${RELEASE}
 
@@ -44,7 +44,3 @@ NVIDIA_AKMOD_VERSION=${NVIDIA_AKMOD_VERSION}
 NVIDIA_LIB_VERSION=${NVIDIA_LIB_VERSION}
 EOF
 
-# cleanup for other nvidia builds
-dnf remove -y \
-    akmod-${NVIDIA_PACKAGE_NAME}*:${NVIDIA_MAJOR_VERSION}.*.fc${RELEASE} \
-    xorg-x11-drv-${NVIDIA_PACKAGE_NAME}-{,cuda,devel,kmodsrc,power}*:${NVIDIA_MAJOR_VERSION}.*.fc${RELEASE}
diff --git a/build-prep.sh b/build-prep.sh
index b2b98323..7d012a08 100755
--- a/build-prep.sh
+++ b/build-prep.sh
@@ -14,22 +14,22 @@ else
     sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/fedora-cisco-openh264.repo
 fi
 
-wget -P /tmp/rpms \
-    https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-${RELEASE}.noarch.rpm \
-    https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-${RELEASE}.noarch.rpm
-
 # enable RPMs with alternatives to create them in this image build
 mkdir -p /var/lib/alternatives
 
+# allow simple `dnf install` style commands to work (in some spec scripts)
+ln -s /usr/bin/rpm-ostree /usr/bin/dnf
+
+# enable more repos
 rpm-ostree install \
-    /tmp/rpms/*.rpm \
+    https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-${RELEASE}.noarch.rpm \
+    https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-${RELEASE}.noarch.rpm \
     fedora-repos-archive
 
 
 ### PREPARE BUILD ENV
 rpm-ostree install \
     akmods \
-    dnf \
     mock
 
 if [[ ! -s "/tmp/certs/private_key.priv" ]]; then