refactor: combine asus and surface builds with nvidia (#210)

* refactor: combine asus and surface builds with nvidia

* refactor: Add fix for audio popping on Ally

Original commit from ublue-os/asus repo:
ublue-os/asus@d4b9b20

* refactor: Add service for Surface hardware setup

Original commit from ublue-os/surface repo:
ublue-os/surface@ebc60d3

* refactor: silverblue surface specific tweaks

Original commits from ublue-os/surface:
https://github.com/ublue-os/surface/commits/main/system_files/silverblue

* refactor: nvidia-install with targeted Containerfile

* refactor: improvement from main

* refactor: don't build nvidia 470 for surface

* refactor: add concurrency group and tweak some names

* docs: README images URL tweak

.github/workflows/build-38.yml

@@ -1,4 +1,4 @@
-name: ublue nvidia 38
+name: ublue hwe 38
 on:
   pull_request:
   merge_group:

.github/workflows/build-39.yml

@@ -1,4 +1,4 @@
-name: ublue nvidia 39
+name: ublue hwe 39
 on:
   pull_request:
   merge_group:

.github/workflows/reusable-build.yml

@@ -9,9 +9,13 @@ on:
 env:
   IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.fedora_version }}
+  cancel-in-progress: true
+
 jobs:
   build_ublue:
-    name: nvidia
+    name: hwe
     runs-on: ubuntu-22.04
     permissions:
       contents: read
@@ -22,6 +26,10 @@ jobs:
       matrix:
         fedora_version:
           - ${{ inputs.fedora_version }}
+        hwe_flavor:
+          - main
+          - asus
+          - surface
         image_name:
           - silverblue
           - kinoite
@@ -32,9 +40,10 @@ jobs:
           - lazurite
           - mate
           - vauxite
-        driver_version:
-          - 470
-          - 550
+        nvidia_version:
+          - 0   # No Nvidia drivers (this indicates to only build "main" image target
+          - 470 # Older Nvidia driver
+          - 550 # Latest Nvidia driver (update IS_LATEST_DRIVER below if version changes)
         exclude:
           # There is no Fedora 38 version of onyx or lazurite
           - image_name: onyx
@@ -49,6 +58,17 @@ jobs:
           # There is currently no Fedora 40 version of mate
           - image_name: mate
             fedora_version: 40
+          # Don't build/push "main" since it would be a duplicate of the "base" `*-main` images
+          - nvidia_version: 0
+            hwe_flavor: main
+          # Only build latest Fedora versions for "asus" and "surface" HWE flavors
+          - fedora_version: 38
+            hwe_flavor: asus
+          - fedora_version: 38
+            hwe_flavor: surface
+          # Only build latest nvidia version for "surface" HWE flavor
+          - nvidia_version: 470
+            hwe_flavor: surface
     steps:
       # Checkout push-to-registry action GitHub repository
       - name: Checkout Push to Registry action
@@ -61,15 +81,24 @@ jobs:
 
       - name: Matrix Variables
         run: |
-            REPO=${{ github.repository }}
-            echo "IMAGE_NAME=${{ matrix.image_name }}-${REPO##*/}" >> $GITHUB_ENV
+          if [[ "${{ matrix.hwe_flavor }}" == "main" ]]; then
+            if "${{ matrix.nvidia_version }}" == "0" ]]; then
+              echo "this workflow does not build main image without Nvidia drivers"
+              exit 1
+            fi
+            echo "IMAGE_NAME=${{ matrix.image_name }}-nvidia" >> $GITHUB_ENV
+          else
+            echo "IMAGE_NAME=${{ matrix.image_name }}-${{ matrix.hwe_flavor }}${{ matrix.nvidia_version != '0' && '-nvidia' || ''}}" >> $GITHUB_ENV
+          fi
+          echo "SOURCE_IMAGE=${{ matrix.image_name }}-main" >> $GITHUB_ENV
+
       - name: Generate tags
         id: generate-tags
         shell: bash
         run: |
           # Generate a timestamp for creating an image version history
           TIMESTAMP="$(date +%Y%m%d)"
-          VARIANT="${{ matrix.fedora_version }}-${{ matrix.driver_version }}"
+          VARIANT="${{ matrix.fedora_version }}${{ matrix.nvidia_version == '0' && '' || format('-{0}', matrix.driver_version) }}"
 
           if [[ "${{ matrix.fedora_version }}" -eq "38" ]]; then
             IS_LATEST_VERSION=false
@@ -85,7 +114,7 @@ jobs:
             IS_GTS_VERSION=false
           fi
 
-          if [[ "${{ matrix.driver_version }}" -eq "550" ]]; then
+          if [[ "${{ matrix.nvidia_version }}" -eq "550" ]]; then
             IS_LATEST_DRIVER=true
           fi
 
@@ -155,7 +184,7 @@ jobs:
           attempt_delay: 15000
           command: |
             set -eo pipefail
-            ver=$(skopeo inspect docker://ghcr.io/ublue-os/${{ matrix.image_name }}-main:${{ matrix.fedora_version }} | jq -r '.Labels["org.opencontainers.image.version"]')
+            ver=$(skopeo inspect docker://ghcr.io/ublue-os/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }} | jq -r '.Labels["org.opencontainers.image.version"]')
             if [ -z "$ver" ] || [ "null" = "$ver" ]; then
               echo "inspected image version must not be empty or null"
               exit 1
@@ -171,7 +200,7 @@ jobs:
             ${{ env.IMAGE_NAME }}
           labels: |
             org.opencontainers.image.title=${{ env.IMAGE_NAME }}
-            org.opencontainers.image.description=ublue-os ${{ matrix.image_name }} with Nvidia drivers added
+            org.opencontainers.image.description=ublue-os ${{ matrix.image_name }}${{ matrix.hwe_flavor == 'asus' && ' for ASUS devices' || '' }}${{ matrix.hwe_flavor == 'surface' && ' for Surface laptops' || ''}}${{ matrix.nvidia_version != '0' && ' with Nvidia drivers' || ''}}
             org.opencontainers.image.version=${{ env.SOURCE_IMAGE_VERSION }}
             io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
             io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4
@@ -198,11 +227,15 @@ jobs:
             ${{ steps.generate-tags.outputs.alias_tags }}
           build-args: |
             IMAGE_NAME=${{ matrix.image_name }}
+            SOURCE_IMAGE=${{ env.SOURCE_IMAGE }}
             FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }}
-            NVIDIA_MAJOR_VERSION=${{ matrix.driver_version }}
+            NVIDIA_MAJOR_VERSION=${{ matrix.nvidia_version }}
+            HWE_FLAVOR=${{ matrix.hwe_flavor }}
             RPMFUSION_MIRROR=${{ vars.RPMFUSION_MIRROR }}
           labels: ${{ steps.meta.outputs.labels }}
           oci: false
+          extra-args: |
+            --target=${{ matrix.nvidia_version == '0' && 'main' || 'nvidia' }}
 
       # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
       # https://github.com/macbre/push-to-ghcr/issues/12

Containerfile

@@ -1,26 +1,49 @@
 ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}"
-ARG BASE_IMAGE="ghcr.io/ublue-os/${IMAGE_NAME}-main"
+ARG SOURCE_IMAGE="${SOURCE_IMAGE:-silverblue-main}"
+ARG SOURCE_ORG="${SOURCE_ORG:-ublue-os}"
+ARG BASE_IMAGE="ghcr.io/${SOURCE_ORG}/${SOURCE_IMAGE}"
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}"
 
-FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS nvidia
+FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS main
 
+ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}"
+ARG HWE_FLAVOR="{HWE_FLAVOR:-main}"
 ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}"
-ARG IMAGE_VENDOR="ublue-os"
-ARG IMAGE_FLAVOR="${IMAGE_FLAVOR:-nvidia}"
+ARG IMAGE_VENDOR="${IMAGE_VENDOR:-ublue-os}"
+ARG RPMFUSION_MIRROR=""
+
+COPY *.sh /tmp/
+COPY ${HWE_FLAVOR}/ /tmp/
+
+RUN mkdir -p /var/lib/alternatives && \
+    IMAGE_FLAVOR=main /tmp/image-info.sh && \
+    /tmp/install.sh && \
+    mv /var/lib/alternatives /staged-alternatives && \
+    rm -rf /tmp/* /var/* && \
+    ostree container commit && \
+    mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \
+    mkdir -p /tmp /var/tmp && \
+    chmod -R 1777 /tmp /var/tmp
+
+FROM main AS nvidia
+
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}"
+ARG HWE_FLAVOR="{HWE_FLAVOR:-main}"
+ARG IMAGE_NAME="${IMAGE_NAME:-silverblue}"
+ARG IMAGE_VENDOR="${IMAGE_VENDOR:-ublue-os}"
 ARG NVIDIA_MAJOR_VERSION="${NVIDIA_MAJOR_VERSION:-550}"
 ARG RPMFUSION_MIRROR=""
 
-COPY image-info.sh /tmp/image-info.sh
-COPY install.sh /tmp/install.sh
-COPY post-install.sh /tmp/post-install.sh
+COPY --from=ghcr.io/ublue-os/akmods-nvidia:${HWE_FLAVOR}-${FEDORA_MAJOR_VERSION}-${NVIDIA_MAJOR_VERSION} /rpms /tmp/akmods-rpms
 
-COPY --from=ghcr.io/ublue-os/akmods-nvidia:main-${FEDORA_MAJOR_VERSION}-${NVIDIA_MAJOR_VERSION} /rpms /tmp/akmods-rpms
-
-RUN /tmp/image-info.sh && \
-    /tmp/install.sh && \
-    /tmp/post-install.sh && \
-    rm -rf /tmp/* /var/*
+COPY *.sh /tmp/
 
-RUN ostree container commit && \
-    mkdir -p /var/tmp && chmod -R 1777 /tmp /var/tmp
+RUN mkdir -p /var/lib/alternatives && \
+    IMAGE_FLAVOR=nvidia /tmp/image-info.sh && \
+    /tmp/nvidia-install.sh && \
+    mv /var/lib/alternatives /staged-alternatives && \
+    rm -rf /tmp/* /var/* && \
+    ostree container commit && \
+    mkdir -p /var/lib && mv /staged-alternatives /var/lib/alternatives && \
+    mkdir -p /tmp /var/tmp && \
+    chmod -R 1777 /tmp /var/tmp

README.md

@@ -1,12 +1,12 @@
-# Nvidia
+# HWE
 
-[![build-38](https://github.com/ublue-os/nvidia/actions/workflows/build-38.yml/badge.svg)](https://github.com/ublue-os/nvidia/actions/workflows/build-38.yml) [![build-39](https://github.com/ublue-os/nvidia/actions/workflows/build-39.yml/badge.svg)](https://github.com/ublue-os/nvidia/actions/workflows/build-39.yml)
+[![build-38](https://github.com/ublue-os/hwe/actions/workflows/build-38.yml/badge.svg)](https://github.com/ublue-os/hwe/actions/workflows/build-38.yml) [![build-39](https://github.com/ublue-os/hwe/actions/workflows/build-39.yml/badge.svg)](https://github.com/ublue-os/hwe/actions/workflows/build-39.yml)
 
-The purpose of these images is to provide [community Fedora images](https://github.com/ublue-os/main) with Nvidia drivers built-in. This approach can lead to greater reliability as failures can be caught at the build level instead of the client machine. This also allows for individual sets of images for each series of Nvidia drivers, allowing users to remain current with their OS but on an older, known working driver. Performance regression with a recent driver update? Reboot into a known-working driver after one command. That's the goal!
+The purpose of these images is to provide [community Fedora images](https://github.com/ublue-os/main) with hardware enablement (ASUS and Surface) and Nvidia. This approach can lead to greater reliability as failures can be caught at the build level instead of the client machine. This also allows for individual sets of images for each series of Nvidia drivers, allowing users to remain current with their OS but on an older, known working driver. Performance regression with a recent driver update? Reboot into a known-working driver after one command. That's the goal!
 
 # Documentation
 
 - [Main website and documentation](https://universal-blue.org)
-- [Documentation for these images](https://universal-blue.org/images/nvidia)
+- [Documentation for these images](https://universal-blue.org/images/)
 - [Installation](https://universal-blue.org/installation/) - follow this for clean installation
 - [Rebase instructions](https://universal-blue.org/images/) - follow this if you want to switch to another image.

asus/packages.json

@@ -0,0 +1,14 @@
+{
+    "all": {
+        "include": {
+            "all": [
+                "asusctl",
+                "asusctl-rog-gui",
+                "fprintd"
+            ]
+        },
+        "exclude": {
+            "all": []
+        }
+    }
+}

asus/system_files/shared/usr/share/wireplumber/main.lua.d/50-alsa-config.lua

@@ -0,0 +1,155 @@
+alsa_monitor.enabled = true
+
+alsa_monitor.properties = {
+  -- Create a JACK device. This is not enabled by default because
+  -- it requires that the PipeWire JACK replacement libraries are
+  -- not used by the session manager, in order to be able to
+  -- connect to the real JACK server.
+  --["alsa.jack-device"] = false,
+
+  -- Reserve devices via org.freedesktop.ReserveDevice1 on D-Bus
+  -- Disable if you are running a system-wide instance, which
+  -- doesn't have access to the D-Bus user session
+  ["alsa.reserve"] = true,
+  --["alsa.reserve.priority"] = -20,
+  --["alsa.reserve.application-name"] = "WirePlumber",
+
+  -- Enables MIDI functionality
+  ["alsa.midi"] = true,
+
+  -- Enables monitoring of alsa MIDI devices
+  ["alsa.midi.monitoring"] = true,
+
+  -- MIDI bridge node properties
+  ["alsa.midi.node-properties"] = {
+    -- Name set for the node with ALSA MIDI ports
+    ["node.name"] = "Midi-Bridge",
+    -- Removes longname/number from MIDI port names
+    --["api.alsa.disable-longname"] = true,
+  },
+
+  -- These properties override node defaults when running in a virtual machine.
+  -- The rules below still override those.
+  ["vm.node.defaults"] = {
+    ["api.alsa.period-size"] = 256,
+    ["api.alsa.headroom"] = 8192,
+  },
+}
+
+alsa_monitor.rules = {
+  -- An array of matches/actions to evaluate.
+  --
+  -- If you want to disable some devices or nodes, you can apply properties per device as the following example.
+  -- The name can be found by running pw-cli ls Device, or pw-cli dump Device
+  --{
+  --  matches = {
+  --    {
+  --      { "device.name", "matches", "name_of_some_disabled_card" },
+  --    },
+  --  },
+  --  apply_properties = {
+  --    ["device.disabled"] = true,
+  --  },
+  --}
+  {
+    -- Rules for matching a device or node. It is an array of
+    -- properties that all need to match the regexp. If any of the
+    -- matches work, the actions are executed for the object.
+    matches = {
+      {
+        -- This matches all cards.
+        { "device.name", "matches", "alsa_card.*" },
+      },
+    },
+    -- Apply properties on the matched object.
+    apply_properties = {
+      -- Use ALSA-Card-Profile devices. They use UCM or the profile
+      -- configuration to configure the device and mixer settings.
+      ["api.alsa.use-acp"] = true,
+
+      -- Use UCM instead of profile when available. Can be
+      -- disabled to skip trying to use the UCM profile.
+      --["api.alsa.use-ucm"] = true,
+
+      -- Don't use the hardware mixer for volume control. It
+      -- will only use software volume. The mixer is still used
+      -- to mute unused paths based on the selected port.
+      --["api.alsa.soft-mixer"] = false,
+
+      -- Ignore decibel settings of the driver. Can be used to
+      -- work around buggy drivers that report wrong values.
+      --["api.alsa.ignore-dB"] = false,
+
+      -- The profile set to use for the device. Usually this is
+      -- "default.conf" but can be changed with a udev rule or here.
+      --["device.profile-set"] = "profileset-name",
+
+      -- The default active profile. Is by default set to "Off".
+      --["device.profile"] = "default profile name",
+
+      -- Automatically select the best profile. This is the
+      -- highest priority available profile. This is disabled
+      -- here and instead implemented in the session manager
+      -- where it can save and load previous preferences.
+      ["api.acp.auto-profile"] = false,
+
+      -- Automatically switch to the highest priority available port.
+      -- This is disabled here and implemented in the session manager instead.
+      ["api.acp.auto-port"] = false,
+
+      -- Other properties can be set here.
+      --["device.nick"] = "My Device",
+    },
+  },
+  {
+    matches = {
+      {
+        -- Matches all sources.
+        { "node.name", "matches", "alsa_input.*" },
+      },
+      {
+        -- Matches all sinks.
+        { "node.name", "matches", "alsa_output.*" },
+      },
+    },
+    apply_properties = {
+      --["node.nick"]              = "My Node",
+      --["node.description"]       = "My Node Description",
+      --["priority.driver"]        = 100,
+      --["priority.session"]       = 100,
+      --["node.pause-on-idle"]     = false,
+      --["monitor.channel-volumes"] = false
+      --["resample.quality"]       = 4,
+      --["resample.disable"]       = false,
+      --["channelmix.normalize"]   = false,
+      --["channelmix.mix-lfe"]     = false,
+      --["channelmix.upmix"]       = true,
+      --["channelmix.upmix-method"] = "psd",  -- "none" or "simple"
+      --["channelmix.lfe-cutoff"]  = 150,
+      --["channelmix.fc-cutoff"]   = 12000,
+      --["channelmix.rear-delay"]  = 12.0,
+      --["channelmix.stereo-widen"] = 0.0,
+      --["channelmix.hilbert-taps"] = 0,
+      --["channelmix.disable"]     = false,
+      --["dither.noise"]           = 0,
+      --["dither.method"]          = "none",  -- "rectangular", "triangular" or "shaped5"
+      --["audio.channels"]         = 2,
+      --["audio.format"]           = "S16LE",
+      --["audio.rate"]             = 44100,
+      --["audio.allowed-rates"]    = "32000,96000",
+      --["audio.position"]         = "FL,FR",
+      --["api.alsa.period-size"]   = 1024,
+      --["api.alsa.period-num"]    = 2,
+      --["api.alsa.headroom"]      = 1024,
+      --["api.alsa.start-delay"]   = 0,
+      --["api.alsa.disable-mmap"]  = false,
+      --["api.alsa.disable-batch"] = false,
+      --["api.alsa.use-chmap"]     = false,
+      --["api.alsa.multirate"]     = true,
+      --["latency.internal.rate"]  = 0
+      --["latency.internal.ns"]    = 0
+      --["clock.name"]             = "api.alsa.0"
+      --["session.suspend-timeout-seconds"] = 5,  -- 0 disables suspend
+    },
+  },
+}