├── .github
    └── workflows
    │   └── build.yml
├── .gitignore
├── Containerfile
├── README.md
├── build
├── deps-pet.txt
├── deps.txt
└── rhsetup


/.github/workflows/build.yml:
--------------------------------------------------------------------------------
  1 | name: Build
  2 | 
  3 | env:
  4 |   QUAY_BASE: quay.io/jlebon/pet
  5 |   FEDORA_TOOLBOX: quay.io/fedora/fedora-toolbox
  6 |   CENTOS_TOOLBOX: quay.io/toolbx-images/centos-toolbox
  7 | 
  8 | on:
  9 |   push:
 10 |     branches: [main]
 11 |   schedule:
 12 |     - cron: '0 0 * * 6'
 13 |   workflow_dispatch:
 14 | 
 15 | permissions:
 16 |   contents: write
 17 | 
 18 | jobs:
 19 |   query:
 20 |     name: "Query Fedora versions"
 21 |     runs-on: ubuntu-latest
 22 |     outputs:
 23 |       cosa: ${{steps.query_versions.outputs.cosa}}
 24 |       matrix: ${{steps.query_versions.outputs.matrix}}
 25 |     steps:
 26 |       - name: Query Fedora versions
 27 |         id: query_versions
 28 |         run: |
 29 |           set -xeuo pipefail
 30 |           stable=$(curl -L https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/builds.json | jq -r .builds[0].id | cut -f1 -d.)
 31 |           rawhide=$(curl -L https://builds.coreos.fedoraproject.org/prod/streams/rawhide/builds/builds.json | jq -r .builds[0].id | cut -f1 -d.)
 32 |           cosa=$(curl -L https://raw.githubusercontent.com/coreos/coreos-assembler/main/Dockerfile | grep '^FROM ' | cut -f2 -d:)
 33 |           echo "cosa=$cosa" >> $GITHUB_OUTPUT
 34 |           echo "matrix=$(seq $stable $rawhide | jq -cnR '[inputs]')" >> $GITHUB_OUTPUT
 35 |   build-fedora:
 36 |     name: "Build Fedora container images"
 37 |     needs: query
 38 |     runs-on: ubuntu-latest
 39 |     strategy:
 40 |       fail-fast: false
 41 |       matrix:
 42 |         releasever: ${{fromJson(needs.query.outputs.matrix)}}
 43 |     steps:
 44 |       - name: Free Disk Space (Ubuntu)
 45 |         uses: jlumbroso/free-disk-space@v1.3.0
 46 |       - name: Check out repository
 47 |         uses: actions/checkout@v4
 48 |       - name: Build
 49 |         run: |
 50 |           set -xeuo pipefail
 51 |           n=${{ matrix.releasever }}
 52 |           podman build --security-opt=seccomp=unconfined --from $FEDORA_TOOLBOX:$n -t "${{ env.QUAY_BASE }}:f$n" .
 53 |       - name: Push
 54 |         run: |
 55 |           set -xeuo pipefail
 56 |           mkdir -p ~/.docker
 57 |           cat > ~/.docker/config.json <<EOF
 58 |           ${{ secrets.QUAY_AUTH }}
 59 |           EOF
 60 |           n=${{ matrix.releasever }}
 61 |           podman push "${{ env.QUAY_BASE }}:f$n"
 62 |           if [[ $n == ${{ needs.query.outputs.cosa }} ]]; then
 63 |             podman tag "${{ env.QUAY_BASE }}:f$n" "${{ env.QUAY_BASE }}:latest"
 64 |             podman push "${{ env.QUAY_BASE }}:latest"
 65 |           fi
 66 |           rm ~/.docker/config.json
 67 |       - name: Update README and Containerfile
 68 |         if: ${{ matrix.releasever == needs.query.outputs.cosa }}
 69 |         run: |
 70 |           # This is load-bearing: GitHub will disable the job if the repo
 71 |           # doesn't stay active.  Do not enable branch protection for main;
 72 |           # it'll break this.
 73 |           set -xeuo pipefail
 74 |           git config user.name 'Jonathan Lebon'
 75 |           git config user.email jonathan@jlebon.com
 76 |           sed -i "s/updated-.*-green/updated-$(date +%Y--%m--%d)-green/" README.md
 77 |           sed -i "s/fedora-toolbox:.*/fedora-toolbox:${{ matrix.releasever }}/" Containerfile
 78 |           git add README.md Containerfile
 79 |           if git diff --quiet --staged --exit-code; then
 80 |             echo "README.md already up to date"
 81 |             exit 0
 82 |           fi
 83 |           git commit -m "README.md: update build date"
 84 |           git push
 85 |   build-centos:
 86 |     name: "Build CentOS container images"
 87 |     runs-on: ubuntu-latest
 88 |     strategy:
 89 |       fail-fast: false
 90 |       matrix:
 91 |         tag: ["stream9:c9s"]
 92 |     steps:
 93 |       - name: Free Disk Space (Ubuntu)
 94 |         uses: jlumbroso/free-disk-space@v1.3.0
 95 |       - name: Check out repository
 96 |         uses: actions/checkout@v4
 97 |       - name: Build
 98 |         run: |
 99 |           set -xeuo pipefail
100 |           from_tag=${{ matrix.tag }}; from_tag=${from_tag%:*}
101 |           to_tag=${{ matrix.tag }}; to_tag=${to_tag#*:}
102 |           podman build --from $CENTOS_TOOLBOX:$from_tag -t "${{ env.QUAY_BASE }}:$to_tag" -f Containerfile
103 |       - name: Push
104 |         run: |
105 |           set -xeuo pipefail
106 |           mkdir -p ~/.docker
107 |           cat > ~/.docker/config.json <<EOF
108 |           ${{ secrets.QUAY_AUTH }}
109 |           EOF
110 |           to_tag=${{ matrix.tag }}; to_tag=${to_tag#*:}
111 |           podman push "${{ env.QUAY_BASE }}:$to_tag"
112 |           rm ~/.docker/config.json
113 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /tags
2 | 


--------------------------------------------------------------------------------
/Containerfile:
--------------------------------------------------------------------------------
1 | FROM quay.io/fedora/fedora-toolbox:42
2 | MAINTAINER Jonathan Lebon <jonathan@jlebon.com>
3 | COPY . /pet
4 | RUN cd /pet && ./build && rm -rf /pet
5 | CMD ["/bin/bash"]
6 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # pet
 2 | 
 3 | [![quay.io repository](https://img.shields.io/badge/updated-2025--05--31-green)](https://quay.io/repository/jlebon/pet)
 4 | 
 5 | This is my [Toolbx](https://containertoolbx.org/) container
 6 | that I use everyday for hacking on
 7 | [CoreOS](https://github.com/coreos) projects. I reprovision
 8 | it every week.
 9 | 
10 | To use:
11 | 
12 | ```
13 | toolbox create --image quay.io/jlebon/pet
14 | toolbox enter pet
15 | ```
16 | 
17 | For Red Hat engineers, once connected to the VPN, you'll
18 | want to run `rhsetup` to install certs and `rhpkg`.
19 | 
20 | This repository runs a weekly
21 | [GitHub Actions job](https://github.com/jlebon/pet/actions/workflows/build.yml)
22 | to update a
23 | [container image](https://quay.io/repository/jlebon/pet)
24 | hosted on [Quay.io](https://quay.io/) (that workflow is
25 | heavily based on the one from
26 | [this repo](https://github.com/coreos/mkpasswd-container)).
27 | 


--------------------------------------------------------------------------------
/build:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -euo pipefail
 3 | 
 4 | . /etc/os-release
 5 | 
 6 | # The main pet container (:latest) is the one based on cosa's version.
 7 | # Everything else is just for the buildroot.
 8 | matches_cosa_fver=
 9 | if [ "${ID}" = fedora ]; then
10 |   cosa_fver=$(curl -L https://raw.githubusercontent.com/coreos/coreos-assembler/main/Dockerfile | grep '^FROM ' | cut -f2 -d:)
11 |   if [ "${cosa_fver}" = "${VERSION_ID}" ]; then
12 |     matches_cosa_fver=1
13 |   fi
14 | fi
15 | 
16 | # disable unneeded repos
17 | (
18 |   cd /etc/yum.repos.d
19 |   if test -f fedora-cisco-openh264.repo; then
20 |     sed -i -e 's/enabled=1/enabled=0/' fedora-cisco-openh264.repo
21 |   fi
22 | )
23 | 
24 | # chezmoi
25 | curl -Lo chezmoi.rpm https://github.com/twpayne/chezmoi/releases/download/v2.47.1/chezmoi-2.47.1-x86_64.rpm
26 | digest=$(sha256sum chezmoi.rpm | cut -f1 -d' ')
27 | [ "${digest}" = 08b693d7bac64198ff73898a088b862ebf951f669b9fe50049d70751488ddf92 ]
28 | dnf install -y chezmoi.rpm && rm chezmoi.rpm
29 | 
30 | # This gets pulled in by a weak dep of crypto-policies-scripts and conflicts with grub
31 | if rpm -q sdubby &>/dev/null; then rpm -e sdubby; fi
32 | 
33 | # cosa deps
34 | if [ "${matches_cosa_fver}" = 1 ]; then
35 |   git clone https://github.com/coreos/coreos-assembler
36 |   (
37 |     cd coreos-assembler
38 |     ./build.sh configure_yum_repos
39 |     ./build.sh install_rpms
40 |     ./build.sh install_ocp_tools
41 |   )
42 | fi
43 | 
44 | # rpm-ostree test deps
45 | git clone https://github.com/coreos/rpm-ostree
46 | (
47 |   cd rpm-ostree
48 |   ci/install-test-deps.sh
49 | )
50 | 
51 | # everything in the FCOS buildroot image
52 | git clone https://github.com/coreos/fedora-coreos-config
53 | (
54 |   cd fedora-coreos-config
55 |   if [ "${ID}" != fedora ]; then
56 |     # Temporarily don't include ostree buildreqs on CentOS because of composefs
57 |     # https://github.com/ostreedev/ostree/pull/3255#issuecomment-2136070745
58 |     sed -i -e '/ostree/ d' ci/buildroot/buildroot-buildreqs.txt
59 |     # No matching package to install: 'opencsd-devel >= 1.2.1'
60 |     sed -i -e '/kernel/ d' ci/buildroot/buildroot-buildreqs.txt
61 |     # on CentOS, that repo doesn't exist
62 |     sed -i -e '/updates-testing/ d' ci/buildroot/install-buildroot.sh
63 |   fi
64 |   # we build for multiple Fedora versions; always use `--noclean`
65 |   sed -i -e 's/${workaround}/--noclean/' ci/buildroot/install-buildroot.sh
66 |   ci/buildroot/install-buildroot.sh
67 | )
68 | 
69 | if [ "${ID}" != fedora ]; then
70 |   dnf config-manager --set-enabled crb
71 |   dnf install -y epel-release epel-next-release
72 | fi
73 | 
74 | # install our packages
75 | grep -hv '^#' deps.txt ${matches_cosa_fver:+deps-pet.txt} | xargs dnf install -y
76 | 
77 | # we want the host srv
78 | rmdir /srv && ln -sT /run/host/srv /srv
79 | 
80 | # install rhsetup
81 | cp rhsetup /usr/bin
82 | 


--------------------------------------------------------------------------------
/deps-pet.txt:
--------------------------------------------------------------------------------
 1 | mosh
 2 | 
 3 | fedpkg
 4 | 
 5 | # for decrypting GPG files
 6 | pinentry
 7 | 
 8 | # for YubiKey
 9 | yubikey-manager
10 | 
11 | # language servers for helix
12 | python-lsp-server
13 | nodejs-bash-language-server
14 | # already pulled in via buildroot deps, but for completeness
15 | clang-tools-extra
16 | # for generating clangd's `compile_commands.json`
17 | bear
18 | 


--------------------------------------------------------------------------------
/deps.txt:
--------------------------------------------------------------------------------
 1 | tmux
 2 | wl-clipboard
 3 | 
 4 | centpkg
 5 | 
 6 | # provides /usr/bin/errno
 7 | moreutils
 8 | 
 9 | python3-ipython
10 | gdb
11 | fzf
12 | ripgrep
13 | bat
14 | mold
15 | 
16 | git-delta
17 | ShellCheck
18 | 


--------------------------------------------------------------------------------
/rhsetup:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | set -euo pipefail
 3 | 
 4 | # This tiny script sets up bits of the pet container that require the VPN.
 5 | 
 6 | . /etc/os-release
 7 | 
 8 | # certs
 9 | cd /etc/pki/ca-trust/source/anchors
10 | # contains the 2015 and 2022 IT root CA certs
11 | sudo curl -O https://certs.corp.redhat.com/certs/Current-IT-Root-CAs.pem
12 | sudo update-ca-trust extract
13 | 
14 | if [ "${ID}" = fedora ]; then
15 |     cd /etc/yum.repos.d/
16 |     sudo curl -L -O https://download.devel.redhat.com/rel-eng/RCMTOOLS/rcm-tools-fedora.repo
17 |     # https://docs.engineering.redhat.com/display/RCMDOC/RCM+Tools+Release+Guide?focusedCommentId=339593129#comment-339593129
18 |     sudo sed -i -e 's,$basearch,x86_64,' /etc/yum.repos.d/rcm-tools-fedora.repo
19 |     sudo dnf install -y rhel-packager
20 | fi
21 | 
22 | if [ -e /run/host/etc/krb5.conf.d/redhat ]; then
23 |     sudo ln -s /run/host/etc/krb5.conf.d/redhat /etc/krb5.conf.d/
24 | fi
25 | 


--------------------------------------------------------------------------------