From f1302c8ab3dc085e53c9d98147ad1e356ca00bda Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:57:11 -0500 Subject: [PATCH] feat: enable kernel_pin and pin kernel for stable/gts (#1921) --- .github/workflows/build-image-gts.yml | 1 + .github/workflows/build-image-stable.yml | 1 + .github/workflows/reusable-build.yml | 1 + Justfile | 11 +++++++---- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index f4116ae76db..e5ca35055b9 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -21,6 +21,7 @@ jobs: matrix: brand_name: [bluefin] with: + kernel_pin: 6.11.3-200.fc40.x86_64 brand_name: ${{ matrix.brand_name }} stream_name: gts diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index efacf80dad3..2d23ea68716 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -32,6 +32,7 @@ jobs: matrix: brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: + kernel_pin: 6.11.3-200.fc40.x86_64 brand_name: ${{ matrix.brand_name }} stream_name: stable diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 38c9c24f3fe..b0a620d2794 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -123,6 +123,7 @@ jobs: "${{ matrix.base_name }}" \ "${{ matrix.stream_name }}" \ "${{ matrix.image_flavor }}" \ + "${{ inputs.kernel_pin }}" \ "1" \ "$(podman inspect ${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} | jq -r '.[].Config.Labels["org.opencontainers.image.version"]')" \ "${{ github.event_name }}" \ diff --git a/Justfile b/Justfile index 47dc48f56f7..6f7b79ca3d4 100644 --- a/Justfile +++ b/Justfile @@ -170,7 +170,7 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" pipeline=" if [[ {{ ghcr }} == "0" ]]; then rm -f /tmp/manifest.json fi - fedora_version=$(just fedora_version {{ image }} {{ tag }} {{ flavor }}) + fedora_version=$(just fedora_version '{{ image }}' '{{ tag }}' '{{ flavor }}' '{{ kernel_pin }}') # Verify Base Image with cosign just verify-container "${base_image_name}-main:${fedora_version}" @@ -705,7 +705,7 @@ secureboot image="bluefin" tag="latest" flavor="main": # Get Fedora Version of an image [group('Utility')] [private] -fedora_version image="bluefin" tag="latest" flavor="main": +fedora_version image="bluefin" tag="latest" flavor="main" $kernel_pin="": #!/usr/bin/bash set -eou pipefail just validate {{ image }} {{ tag }} {{ flavor }} @@ -718,6 +718,9 @@ fedora_version image="bluefin" tag="latest" flavor="main": fi fi fedora_version=$(jq -r '.Labels["ostree.linux"]' < /tmp/manifest.json | grep -oP 'fc\K[0-9]+') + if [[ -n "${kernel_pin:-}" ]]; then + fedora_version=$(echo "${kernel_pin}" | grep -oP 'fc\K[0-9]+') + fi echo "${fedora_version}" # Image Name @@ -736,7 +739,7 @@ image_name image="bluefin" tag="latest" flavor="main": # Generate Tags [group('Utility')] -generate-build-tags image="bluefin" tag="latest" flavor="main" ghcr="0" version="" github_event="" github_number="": +generate-build-tags image="bluefin" tag="latest" flavor="main" kernel_pin="" ghcr="0" version="" github_event="" github_number="": #!/usr/bin/bash set -eou pipefail @@ -745,7 +748,7 @@ generate-build-tags image="bluefin" tag="latest" flavor="main" ghcr="0" version= if [[ {{ ghcr }} == "0" ]]; then rm -f /tmp/manifest.json fi - FEDORA_VERSION="$(just fedora_version {{ image }} {{ tag }} {{ flavor }})" + FEDORA_VERSION="$(just fedora_version '{{ image }}' '{{ tag }}' '{{ flavor }}' '{{ kernel_pin }}')" DEFAULT_TAG=$(just generate-default-tag {{ tag }} {{ ghcr }}) IMAGE_NAME=$(just image_name {{ image }} {{ tag }} {{ flavor }}) # Use Build Version from Rechunk