From 885d3b9fd283afcf649befc4c10fdb6e1182ed17 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Tue, 12 Nov 2024 10:22:08 -0500 Subject: [PATCH 1/4] feat: enable kernel_pin and pin kernel for stable/gts --- .github/workflows/build-image-gts.yml | 1 + .github/workflows/build-image-stable.yml | 1 + .github/workflows/reusable-build.yml | 1 + Justfile | 13 ++++++++----- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-image-gts.yml b/.github/workflows/build-image-gts.yml index f4116ae76db..e5ca35055b9 100644 --- a/.github/workflows/build-image-gts.yml +++ b/.github/workflows/build-image-gts.yml @@ -21,6 +21,7 @@ jobs: matrix: brand_name: [bluefin] with: + kernel_pin: 6.11.3-200.fc40.x86_64 brand_name: ${{ matrix.brand_name }} stream_name: gts diff --git a/.github/workflows/build-image-stable.yml b/.github/workflows/build-image-stable.yml index efacf80dad3..2d23ea68716 100644 --- a/.github/workflows/build-image-stable.yml +++ b/.github/workflows/build-image-stable.yml @@ -32,6 +32,7 @@ jobs: matrix: brand_name: ${{ fromJson(inputs.brand_name || '["bluefin", "aurora"]') }} with: + kernel_pin: 6.11.3-200.fc40.x86_64 brand_name: ${{ matrix.brand_name }} stream_name: stable diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 38c9c24f3fe..b0a620d2794 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -123,6 +123,7 @@ jobs: "${{ matrix.base_name }}" \ "${{ matrix.stream_name }}" \ "${{ matrix.image_flavor }}" \ + "${{ inputs.kernel_pin }}" \ "1" \ "$(podman inspect ${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }} | jq -r '.[].Config.Labels["org.opencontainers.image.version"]')" \ "${{ github.event_name }}" \ diff --git a/Justfile b/Justfile index 47dc48f56f7..d48914b6e5f 100644 --- a/Justfile +++ b/Justfile @@ -170,7 +170,7 @@ build image="bluefin" tag="latest" flavor="main" rechunk="0" ghcr="0" pipeline=" if [[ {{ ghcr }} == "0" ]]; then rm -f /tmp/manifest.json fi - fedora_version=$(just fedora_version {{ image }} {{ tag }} {{ flavor }}) + fedora_version=$(just fedora_version '{{ image }}' '{{ tag }}' '{{ flavor }}' '{{ kernel_pin }}') # Verify Base Image with cosign just verify-container "${base_image_name}-main:${fedora_version}" @@ -705,9 +705,9 @@ secureboot image="bluefin" tag="latest" flavor="main": # Get Fedora Version of an image [group('Utility')] [private] -fedora_version image="bluefin" tag="latest" flavor="main": +fedora_version image="bluefin" tag="latest" flavor="main" $kernel_pin="": #!/usr/bin/bash - set -eou pipefail + set -eoux pipefail just validate {{ image }} {{ tag }} {{ flavor }} if [[ ! -f /tmp/manifest.json ]]; then if [[ "{{ tag }}" =~ stable ]]; then @@ -718,6 +718,9 @@ fedora_version image="bluefin" tag="latest" flavor="main": fi fi fedora_version=$(jq -r '.Labels["ostree.linux"]' < /tmp/manifest.json | grep -oP 'fc\K[0-9]+') + if [[ -n "${kernel_pin:-}" ]]; then + fedora_version=$(echo "${kernel_pin}" | grep -oP 'fc\K[0-9]+') + fi echo "${fedora_version}" # Image Name @@ -736,7 +739,7 @@ image_name image="bluefin" tag="latest" flavor="main": # Generate Tags [group('Utility')] -generate-build-tags image="bluefin" tag="latest" flavor="main" ghcr="0" version="" github_event="" github_number="": +generate-build-tags image="bluefin" tag="latest" flavor="main" kernel_pin="" ghcr="0" github_number="" github_event="" version="": #!/usr/bin/bash set -eou pipefail @@ -745,7 +748,7 @@ generate-build-tags image="bluefin" tag="latest" flavor="main" ghcr="0" version= if [[ {{ ghcr }} == "0" ]]; then rm -f /tmp/manifest.json fi - FEDORA_VERSION="$(just fedora_version {{ image }} {{ tag }} {{ flavor }})" + FEDORA_VERSION="$(just fedora_version '{{ image }}' '{{ tag }}' '{{ flavor }}' '{{ kernel_pin }}')" DEFAULT_TAG=$(just generate-default-tag {{ tag }} {{ ghcr }}) IMAGE_NAME=$(just image_name {{ image }} {{ tag }} {{ flavor }}) # Use Build Version from Rechunk From 41b7aa23a504964373c60c7d1aef3721e169dcf7 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Tue, 12 Nov 2024 10:48:28 -0500 Subject: [PATCH 2/4] reorder arguments --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index d48914b6e5f..5a134544755 100644 --- a/Justfile +++ b/Justfile @@ -739,7 +739,7 @@ image_name image="bluefin" tag="latest" flavor="main": # Generate Tags [group('Utility')] -generate-build-tags image="bluefin" tag="latest" flavor="main" kernel_pin="" ghcr="0" github_number="" github_event="" version="": +generate-build-tags image="bluefin" tag="latest" flavor="main" kernel_pin="" ghcr="0" version="" github_number="" github_event="": #!/usr/bin/bash set -eou pipefail From a8f9d7562709fcff3832e34b24ceb9812033f8ca Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Tue, 12 Nov 2024 10:54:13 -0500 Subject: [PATCH 3/4] reorder generate-build-tags args --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index 5a134544755..f337d02a153 100644 --- a/Justfile +++ b/Justfile @@ -739,7 +739,7 @@ image_name image="bluefin" tag="latest" flavor="main": # Generate Tags [group('Utility')] -generate-build-tags image="bluefin" tag="latest" flavor="main" kernel_pin="" ghcr="0" version="" github_number="" github_event="": +generate-build-tags image="bluefin" tag="latest" flavor="main" kernel_pin="" ghcr="0" version="" github_event="" github_number="": #!/usr/bin/bash set -eou pipefail From cb6a52c8312a7a2cd37b689bc5e108fe03cdd1ba Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:14:28 -0500 Subject: [PATCH 4/4] reduce verbosity --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index f337d02a153..6f7b79ca3d4 100644 --- a/Justfile +++ b/Justfile @@ -707,7 +707,7 @@ secureboot image="bluefin" tag="latest" flavor="main": [private] fedora_version image="bluefin" tag="latest" flavor="main" $kernel_pin="": #!/usr/bin/bash - set -eoux pipefail + set -eou pipefail just validate {{ image }} {{ tag }} {{ flavor }} if [[ ! -f /tmp/manifest.json ]]; then if [[ "{{ tag }}" =~ stable ]]; then