ublue-os · castrojo · Mar 28, 2024 · Mar 12, 2024 · Mar 19, 2024 · Mar 26, 2024
@@ -9,14 +9,12 @@ on:
       - testing
     paths-ignore:
       - '**.md'
-      - '.github/workflows/build_iso.yml'
   push:
     branches:
       - main
       - testing
     paths-ignore:
       - '**.md'
-      - '.github/workflows/build_iso.yml'
   workflow_dispatch:
 env:
     IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
@@ -26,13 +24,10 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  push-ghcr:
-    name: Make
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
+  build-container:
+    name: build
+    runs-on: ubuntu-latest
+    continue-on-error: false
     strategy:
       fail-fast: false
       matrix:
@@ -246,18 +241,27 @@ jobs:
       - name: Echo outputs
         if: github.event_name != 'pull_request'
         run: |
-          echo "${{ toJSON(steps.push.outputs) }}"  
+          echo "${{ toJSON(steps.push.outputs) }}"
 
   check:
     name: Check all builds successful
     if: ${{ !cancelled() }}
     runs-on: ubuntu-latest
-    needs: [push-ghcr]
+    needs: [build-container]
     steps:
       - name: Exit on failure
-        if: ${{ needs.push-ghcr.result == 'failure' }}
+        if: ${{ needs.build_container.result == 'failure' }}
         shell: bash
         run: exit 1
       - name: Exit
         shell: bash
         run: exit 0
+
+  build_iso:
+    name: build iso
+    needs: [check]
+    if: github.ref_name == 'testing'
+    # Eventually would be nice for building images in PRs
+    #if: ${{ endsWith(github.event.pull_request.title, '[ISO]') }}
+    uses: ./.github/workflows/build_iso.yml
+    secrets: inherit
@@ -1,62 +1,140 @@
 name: Build Bluefin ISOs
 on:
   workflow_dispatch:
-  pull_request:
-    branches:
-      - main
-    paths:
-      - '.github/workflows/build_iso.yml'
-
-env:
-  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+  workflow_call:
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
+  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-iso
   cancel-in-progress: true
 
 jobs:
   build-iso:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
       id-token: write
-    container:
-      image: fedora:${{ matrix.major_version }}
-      options: "--privileged"
-      volumes:
-        - "/:/host"
     strategy:
       fail-fast: false
       matrix:
-        image_name: [bluefin, bluefin-nvidia, bluefin-asus, bluefin-asus-nvidia, bluefin-surface, bluefin-surface-nvidia, bluefin-dx, bluefin-dx-nvidia, bluefin-dx-asus, bluefin-dx-surface, bluefin-dx-asus-nvidia, bluefin-dx-surface-nvidia]
+        image_name:
+          - bluefin
+          - bluefin-nvidia
+          - bluefin-asus
+          - bluefin-asus-nvidia
+          - bluefin-surface
+          - bluefin-surface-nvidia
+          - bluefin-dx
+          - bluefin-dx-nvidia
+          - bluefin-dx-asus
+          - bluefin-dx-surface
+          - bluefin-dx-asus-nvidia
+          - bluefin-dx-surface-nvidia
         major_version: [38, 39]
-        image_tag: [latest, gts]
         exclude:
           - major_version: 38
-            image_tag: latest
+            image_name: bluefin-asus
+          - major_version: 38
+            image_name: bluefin-asus-nvidia
+          - major_version: 38
+            image_name: bluefin-dx-asus
+          - major_version: 38
+            image_name: bluefin-dx-asus-nvidia
+        include:
+          - major_version: 38
+            is_gts_version: true
           - major_version: 39
-            image_tag: gts
+            is_gts_version: false
     steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/[email protected]
+
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - name: Set Image Tag
+        id: generate-tag
+        shell: bash
+        run: |
+          TAG="latest"
+
+          if [[ ${{ matrix.is_gts_version }} == "true" ]]; then
+            TAG="gts"
+          fi
+
+          if [[ "${{ github.ref_name }}" == "testing" ]]; then
+            if [[ "${{ matrix.is_gts_version }}" == "true" ]]; then
+              TAG="gts-testing"
+            else
+              TAG="testing"
+            fi
+          fi
+
+          # Would like to implement in the future. This will allow us to support image tags from a PR.
+          #if [[ github.event.number ]]; then
+          #  TAG="pr-${{ github.event.number }}-${{ matrix.major_version }}"
+          #fi
+
+          echo "tag=${TAG}" >> $GITHUB_OUTPUT
+
+      - name: Determine Flatpak Dependencies
+        id: flatpak_dependencies
+        shell: bash
+        run: |
+          set -ex
+          image="ghcr.io/ublue-os/${{ matrix.image_name }}:${{ steps.generate-tag.outputs.tag }}"
+          # Make temp space
+          TEMP_FLATPAK_INSTALL_DIR=$(mktemp -d -p ${{ github.workspace }} flatpak.XXX)
+          # Get list of refs from directory
+          FLATPAK_REFS_DIR=${{ github.workspace }}/flatpaks
+          FLATPAK_REFS_DIR_LIST=$(cat ${FLATPAK_REFS_DIR}/* | tr '\n' ' ' )
+          # Generate install script
+          cat << EOF > ${TEMP_FLATPAK_INSTALL_DIR}/script.sh
+          cat /temp_flatpak_install_dir/script.sh
+          mkdir -p /flatpak/flatpak /flatpak/triggers
+          mkdir /var/tmp || true
+          chmod -R 1777 /var/tmp
+          flatpak config --system --set languages "*"
+          flatpak remote-add --system flathub https://flathub.org/repo/flathub.flatpakrepo
+          flatpak install --system -y ${FLATPAK_REFS_DIR_LIST}
+          ostree refs --repo=\${FLATPAK_SYSTEM_DIR}/repo | grep '^deploy/' | grep -v 'org\.freedesktop\.Platform\.openh264' | sed 's/^deploy\///g' > /output/flatpaks_with_deps
+          EOF
+          docker run --rm --privileged \
+            --entrypoint bash \
+            -e FLATPAK_SYSTEM_DIR=/flatpak/flatpak \
+            -e FLATPAK_TRIGGERSDIR=/flatpak/triggers \
+            --volume ${FLATPAK_REFS_DIR}:/output \
+            --volume ${TEMP_FLATPAK_INSTALL_DIR}:/temp_flatpak_install_dir \
+            ${image} /temp_flatpak_install_dir/script.sh
+          docker rmi ${image}
+
       - name: Build ISOs
-        uses: ublue-os/[email protected]
+        uses: jasonn3/[email protected]
         id: build
         with:
-          ARCH: x86_64
-          IMAGE_NAME: ${{ matrix.image_name }}
-          IMAGE_REPO: ghcr.io/ublue-os
-          VARIANT: 'Silverblue'
-          VERSION: ${{ matrix.major_version }}
-          IMAGE_TAG: ${{ matrix.image_tag }}
-          SECURE_BOOT_KEY_URL: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
-          ENROLLMENT_PASSWORD: 'ublue-os'
+          arch: x86_64
+          image_name: ${{ matrix.image_name }}
+          image_repo: ghcr.io/ublue-os
+          variant: 'Silverblue'
+          version: ${{ matrix.major_version }}
+          image_tag: ${{ steps.generate-tag.outputs.tag }}
+          secure_boot_key_url: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
+          enrollment_password: 'ublue-os'
+          iso_name: ${{ matrix.image_name }}-${{ steps.generate-tag.outputs.tag }}
+          enable_cache_dnf: "false"
+          enable_cache_skopeo: "false"
+          flatpak_remote_refs_dir: /github/workspace/flatpaks
+          enable_flatpak_dependencies: "false"
 
       - name: Upload ISOs and Checksum to Job Artifacts
-        if: github.event_name == 'pull_request'
+        if: github.ref_name == 'testing'
+        #if: github.event_name == 'pull_request'
         uses: actions/upload-artifact@v4
         with:
-          name: ${{ matrix.image_name }}-${{ matrix.image_tag }}-${{ matrix.major_version}}
-          path: ${{ steps.build.outputs.output-directory }}
+          name: ${{ steps.build.outputs.iso_name }}
+          path: |
+            ${{ steps.build.outputs.iso_path }}
+            ${{ steps.build.outputs.iso_path }}-CHECKSUM
           if-no-files-found: error
           retention-days: 0
           compression-level: 0
@@ -72,7 +150,10 @@ jobs:
           RCLONE_CONFIG_R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
           RCLONE_CONFIG_R2_REGION: auto
           RCLONE_CONFIG_R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }}
-          SOURCE_DIR: ${{ steps.build.outputs.output-directory }}
+          SOURCE_ISO: ${{ steps.build.outputs.iso_path }}
+          SOURCE_ISO_CHECKSUM: ${{ steps.build.outputs.iso_path }}-CHECKSUM
         run: |
-          dnf install -y rclone
-          rclone copy $SOURCE_DIR R2:bluefin
+          apt-get update
+          apt-get install -y rclone
+          rclone copy $SOURCE_ISO R2:bluefin
+          rclone copy $SOURCE_ISO_CHECKSUM R2:bluefin
@@ -19,42 +19,42 @@ ARG PACKAGE_LIST="bluefin"
 
 # GNOME VRR & Ptyxis
 RUN if [ ${FEDORA_MAJOR_VERSION} -ge "39" ]; then \
-        wget https://copr.fedorainfracloud.org/coprs/kylegospo/gnome-vrr/repo/fedora-"${FEDORA_MAJOR_VERSION}"/kylegospo-gnome-vrr-fedora-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/_copr_kylegospo-gnome-vrr.repo && \
-        rpm-ostree override replace --experimental --from repo=copr:copr.fedorainfracloud.org:kylegospo:gnome-vrr mutter mutter-common gnome-control-center gnome-control-center-filesystem && \
-        rm -f /etc/yum.repos.d/_copr_kylegospo-gnome-vrr.repo && \
-        wget https://copr.fedorainfracloud.org/coprs/kylegospo/prompt/repo/fedora-$(rpm -E %fedora)/kylegospo-prompt-fedora-$(rpm -E %fedora).repo?arch=x86_64 -O /etc/yum.repos.d/_copr_kylegospo-prompt.repo && \
-        rpm-ostree override replace \
-        --experimental \
-        --from repo=copr:copr.fedorainfracloud.org:kylegospo:prompt \
-            vte291 \
-            vte-profile \
-            libadwaita && \
-        rpm-ostree install \
-            ptyxis && \
-        rm -f /etc/yum.repos.d/_copr_kylegospo-prompt.repo && \
-        rpm-ostree override remove \
-            power-profiles-daemon \
-            || true && \
-        rpm-ostree override remove \
-            tlp \
-            tlp-rdw \
-            || true \
-    ; fi
+  wget https://copr.fedorainfracloud.org/coprs/kylegospo/gnome-vrr/repo/fedora-"${FEDORA_MAJOR_VERSION}"/kylegospo-gnome-vrr-fedora-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/_copr_kylegospo-gnome-vrr.repo && \
+  rpm-ostree override replace --experimental --from repo=copr:copr.fedorainfracloud.org:kylegospo:gnome-vrr mutter mutter-common gnome-control-center gnome-control-center-filesystem && \
+  rm -f /etc/yum.repos.d/_copr_kylegospo-gnome-vrr.repo && \
+  wget https://copr.fedorainfracloud.org/coprs/kylegospo/prompt/repo/fedora-$(rpm -E %fedora)/kylegospo-prompt-fedora-$(rpm -E %fedora).repo?arch=x86_64 -O /etc/yum.repos.d/_copr_kylegospo-prompt.repo && \
+  rpm-ostree override replace \
+  --experimental \
+  --from repo=copr:copr.fedorainfracloud.org:kylegospo:prompt \
+  vte291 \
+  vte-profile \
+  libadwaita && \
+  rpm-ostree install \
+  ptyxis && \
+  rm -f /etc/yum.repos.d/_copr_kylegospo-prompt.repo && \
+  rpm-ostree override remove \
+  power-profiles-daemon \
+  || true && \
+  rpm-ostree override remove \
+  tlp \
+  tlp-rdw \
+  || true \
+  ; fi
 
 # Install Explicit Sync Patches on Nvidia builds
 RUN if [[ "${IMAGE_FLAVOR}" =~ "nvidia" ]]; then \
-        wget https://copr.fedorainfracloud.org/coprs/gloriouseggroll/nvidia-explicit-sync/repo/fedora-$(rpm -E %fedora)/gloriouseggroll-nvidia-explicit-sync-fedora-$(rpm -E %fedora).repo?arch=x86_64 -O /etc/yum.repos.d/_copr_gloriouseggroll-nvidia-explicit-sync.repo && \
-        rpm-ostree override replace \
-        --experimental \
-        --from repo=copr:copr.fedorainfracloud.org:gloriouseggroll:nvidia-explicit-sync \
-            xorg-x11-server-Xwayland && \
-        rpm-ostree override replace \
-        --experimental \
-        --from repo=copr:copr.fedorainfracloud.org:gloriouseggroll:nvidia-explicit-sync \
-            egl-wayland \
-            || true && \
-        rm /etc/yum.repos.d/_copr_gloriouseggroll-nvidia-explicit-sync.repo \
-    ; fi
+  wget https://copr.fedorainfracloud.org/coprs/gloriouseggroll/nvidia-explicit-sync/repo/fedora-$(rpm -E %fedora)/gloriouseggroll-nvidia-explicit-sync-fedora-$(rpm -E %fedora).repo?arch=x86_64 -O /etc/yum.repos.d/_copr_gloriouseggroll-nvidia-explicit-sync.repo && \
+  rpm-ostree override replace \
+  --experimental \
+  --from repo=copr:copr.fedorainfracloud.org:gloriouseggroll:nvidia-explicit-sync \
+  xorg-x11-server-Xwayland && \
+  rpm-ostree override replace \
+  --experimental \
+  --from repo=copr:copr.fedorainfracloud.org:gloriouseggroll:nvidia-explicit-sync \
+  egl-wayland \
+  || true && \
+  rm /etc/yum.repos.d/_copr_gloriouseggroll-nvidia-explicit-sync.repo \
+  ; fi
 
 COPY usr /usr
 COPY just /tmp/just
@@ -104,10 +104,9 @@ RUN wget https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"$
     systemctl enable rpm-ostree-countme.service && \
     systemctl enable tailscaled.service && \
     systemctl enable dconf-update.service && \
+    systemctl --global enable ublue-flatpak-manager.service && \
     systemctl enable ublue-update.timer && \
     systemctl enable ublue-system-setup.service && \
-    systemctl enable ublue-system-flatpak-manager.service && \
-    systemctl --global enable ublue-user-flatpak-manager.service && \
     systemctl --global enable ublue-user-setup.service && \
     fc-cache -f /usr/share/fonts/ubuntu && \
     fc-cache -f /usr/share/fonts/inter && \

@@ -0,0 +1,24 @@
+app/io.github.dvlv.boxbuddyrs/x86_64/stable
+app/io.github.celluloid_player.Celluloid/x86_64/stable
+app/org.fedoraproject.MediaWriter/x86_64/stable
+app/com.github.tchx84.Flatseal/x86_64/stable
+app/io.github.flattool.Warehouse/x86_64/stable
+app/org.gnome.baobab/x86_64/stable
+app/org.gnome.Calculator/x86_64/stable
+app/org.gnome.Calendar/x86_64/stable
+app/org.gnome.Characters/x86_64/stable
+app/org.gnome.clocks/x86_64/stable
+app/org.gnome.Connections/x86_64/stable
+app/org.gnome.Contacts/x86_64/stable
+app/org.gnome.Evince/x86_64/stable
+app/com.mattjakeman.ExtensionManager/x86_64/stable
+app/org.gnome.font-viewer/x86_64/stable
+app/org.gnome.Logs/x86_64/stable
+app/org.gnome.Loupe/x86_64/stable
+app/org.gnome.Maps/x86_64/stable
+app/org.gnome.NautilusPreviewer/x86_64/stable
+app/org.gnome.TextEditor/x86_64/stable
+app/org.gnome.Weather/x86_64/stable
+app/io.missioncenter.MissionCenter/x86_64/stable
+app/org.mozilla.firefox/x86_64/stable
+app/org.mozilla.Thunderbird/x86_64/stable
@@ -1,12 +1,12 @@
 [Unit]
-Description=Manage user flatpaks
+Description=Manage flatpaks
 Documentation=https://github.com/ublue-os/endlish-oesque/issues/10
 Wants=network-online.target
 After=network-online.target
 
 [Service]
 Type=oneshot
-ExecStart=/usr/libexec/ublue-user-flatpak-manager
+ExecStart=/usr/libexec/ublue-flatpak-manager
 Restart=on-failure
 RestartSec=30
 StartLimitInterval=0