├── .github └── workflows │ ├── build-2nd-layer.yml │ ├── build-empanadas.yml │ ├── build.yml │ ├── ci.yml │ └── scan.yml ├── .gitignore ├── Containerfile-init ├── Containerfile-micro ├── Makefile ├── README.md ├── templates ├── tdl-aarch64.xml └── tdl-x86_64.xml └── tools ├── common.sh ├── fetch-and-branch.sh ├── generate-dockerhub.sh └── pkdiff.sh /.github/workflows/build-2nd-layer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Build images 2nd layer images 3 | 4 | on: 5 | push: 6 | branches: [ main ] 7 | workflow_dispatch: 8 | schedule: 9 | - cron: "0 1 * * 0" 10 | 11 | jobs: 12 | run_image_builds: 13 | strategy: 14 | matrix: 15 | version: 16 | - major: 8 17 | arch: 'amd64, arm64' 18 | - major: 9 19 | arch: 'amd64, arm64, ppc64le, s390x' 20 | type: 21 | - micro 22 | - init 23 | registry: 24 | - domain: docker.io 25 | account: rockylinux 26 | secret: DOCKER 27 | - domain: quay.io 28 | account: rockylinux 29 | secret: QUAY 30 | runs-on: ubuntu-latest 31 | name: Build and push images 32 | steps: 33 | - uses: actions/checkout@v3 34 | 35 | - name: Install qemu dependency 36 | run: | 37 | sudo apt-get update 38 | sudo apt-get install -y qemu-user-static 39 | 40 | - name: Setup Registry login 41 | uses: redhat-actions/podman-login@v1 42 | with: 43 | username: ${{ secrets[format('{0}_USERNAME', matrix.registry.secret)] }} 44 | password: ${{ secrets[format('{0}_TOKEN', matrix.registry.secret)] }} 45 | registry: ${{ matrix.registry.domain }} 46 | 47 | - name: Build image 48 | uses: redhat-actions/buildah-build@v2 49 | id: build-image 50 | with: 51 | archs: ${{ matrix.version.arch }} 52 | build-args: | 53 | ImageVersion=${{ matrix.version.major }} 54 | containerfiles: | 55 | ./Containerfile-${{ matrix.type }} 56 | labels: | 57 | name=rockylinux 58 | org.opencontainers.image.title=rockylinux 59 | org.opencontainers.image.version=${{ matrix.version.major }}-ubi-${{ matrix.type }} 60 | oci: true 61 | tags: ${{ matrix.registry.domain }}/${{ matrix.registry.account }}/rockylinux:${{ matrix.version.major }}-ubi-${{ matrix.type }} 62 | 63 | - name: Push image 64 | uses: redhat-actions/push-to-registry@v2 65 | with: 66 | image: ${{ steps.build-image.outputs.image }} 67 | tags: ${{ steps.build-image.outputs.tags }} 68 | extra-args: | 69 | --format=v2s2 70 | -------------------------------------------------------------------------------- /.github/workflows/build-empanadas.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Build all images 3 | 4 | on: 5 | workflow_dispatch: 6 | inputs: 7 | debug: 8 | description: "run build-image with --debug" 9 | default: false 10 | type: boolean 11 | # push: 12 | # branches: [ $default-branch, imagefactory ] 13 | # pull_request: 14 | # branches: [ $default-branch ] 15 | # schedule: 16 | # - cron: "0 0 * * 0" 17 | 18 | jobs: 19 | build: 20 | strategy: 21 | max-parallel: 1 22 | matrix: 23 | architecture: 24 | - x64 25 | - arm64 26 | - s390x 27 | - ppc64le 28 | version: 29 | - major: 8 30 | minor: 6 31 | - major: 9 32 | minor: 0 33 | type: 34 | - name: Container 35 | variant: Base 36 | - name: Container 37 | variant: Minimal 38 | - name: Container 39 | variant: UBI 40 | - name: GenericCloud 41 | variant: Base 42 | - name: GenericCloud 43 | variant: LVM 44 | - name: EC2 45 | variant: Base 46 | - name: EC2 47 | variant: LVM 48 | - name: Azure 49 | variant: Base 50 | - name: Azure 51 | variant: LVM 52 | - name: OCP 53 | exclude: 54 | - architecture: s390x 55 | version: 56 | major: 8 57 | - architecture: ppc64le 58 | version: 59 | major: 8 60 | - architecture: s390x 61 | name: EC2 62 | - architecture: ppc64le 63 | name: EC2 64 | - architecture: s390x 65 | name: OCP 66 | - architecture: ppc64le 67 | name: OCP 68 | - architecture: s390x 69 | name: Azure 70 | - architecture: ppc64le 71 | name: Azure 72 | runs-on: 73 | - self-hosted 74 | - ${{ matrix.architecture }} 75 | steps: 76 | 77 | - name: Build image using empanadas 78 | env: 79 | IMAGE: ghcr.io/rocky-linux/empanadas-imagefactory:latest 80 | run: | 81 | export VARIANT_ARGS="$(test -z '${{ matrix.type.variant }}' && echo '' || echo '--variant ${{ matrix.type.variant }}')" 82 | export CMD="build-image --version ${{ matrix.version.major }} --type ${{ matrix.type.name }} ${VARIANT_ARGS}" 83 | sudo podman run --rm --privileged --security-opt label=disable --device fuse \ 84 | -v /var/run/libvirt:/var/run/libvirt:rw -v /var/lib/imagefactory:/var/lib/imagefactory:rw \ 85 | -e LIBVIRT_DEFAULT_URI $IMAGE $CMD 86 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Build container images 3 | 4 | on: 5 | push: 6 | branches: [ $default-branch, imagefactory ] 7 | pull_request: 8 | branches: [ $default-branch ] 9 | workflow_dispatch: 10 | schedule: 11 | - cron: "0 0 * * 0" 12 | 13 | jobs: 14 | Run-ImageFactory-Builds: 15 | strategy: 16 | matrix: 17 | architecture: 18 | - x64 19 | - ARM64 20 | variant: 21 | - Base 22 | - Minimal 23 | - UBI 24 | runs-on: 25 | - self-hosted 26 | - ${{ matrix.architecture }} 27 | steps: 28 | - name: Checkout sig-cloud-instance-images 29 | uses: actions/checkout@v2 30 | 31 | - name: Build images 32 | run: make VARIANT=${{ matrix.variant }} 33 | 34 | - name: Get image name 35 | run: echo "ARTIFACT_NAME=$(make publish VARIANT=${{ matrix.variant }})" >> $GITHUB_ENV 36 | 37 | - name: Upload Artifact 38 | uses: actions/upload-artifact@v2 39 | with: 40 | name: ${{ env.ARTIFACT_NAME }} 41 | path: out/ 42 | if-no-files-found: error 43 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: CI build for 2nd layer images 3 | 4 | on: 5 | pull_request: 6 | branches: [ main ] 7 | workflow_dispatch: 8 | 9 | env: 10 | IMAGE_REGISTRY: docker.io 11 | IMAGE_ACCOUNT: rockylinux 12 | 13 | jobs: 14 | run_image_builds: 15 | strategy: 16 | matrix: 17 | version: 18 | - major: 8 19 | arch: 'amd64, arm64' 20 | - major: 9 21 | arch: 'amd64, arm64, ppc64le, s390x' 22 | type: 23 | - micro 24 | - init 25 | runs-on: ubuntu-latest 26 | name: Test the image build 27 | steps: 28 | - uses: actions/checkout@v3 29 | 30 | - name: Install qemu dependency 31 | run: | 32 | sudo apt-get update 33 | sudo apt-get install -y qemu-user-static 34 | 35 | - name: Build image 36 | uses: redhat-actions/buildah-build@v2 37 | id: build-image 38 | with: 39 | archs: ${{ matrix.version.arch }} 40 | build-args: | 41 | ImageVersion=${{ matrix.version.major }} 42 | containerfiles: | 43 | ./Containerfile-${{ matrix.type }} 44 | labels: | 45 | name=rockylinux 46 | org.opencontainers.image.title=rockylinux 47 | org.opencontainers.image.version=${{ matrix.version.major }}-ubi-${{ matrix.type }} 48 | oci: true 49 | tags: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_ACCOUNT }}/rockylinux:${{ matrix.version.major }}-ubi-${{ matrix.type }} 50 | -------------------------------------------------------------------------------- /.github/workflows/scan.yml: -------------------------------------------------------------------------------- 1 | name: Scan images using trivy 2 | on: 3 | push: 4 | workflow_dispatch: 5 | schedule: 6 | - cron: "0 13 * * *" 7 | 8 | jobs: 9 | scan: 10 | permissions: 11 | contents: write 12 | security-events: write # allow github/codeql-action/upload-sarif 13 | name: Scan for Security Vulnerabilities 14 | runs-on: ubuntu-18.04 15 | steps: 16 | - name: Checkout code 17 | uses: actions/checkout@v2 18 | 19 | - name: Create public folder 20 | run: | 21 | mkdir -p public/ 22 | 23 | - name: Run Trivy vulnerability scanner 24 | uses: aquasecurity/trivy-action@master 25 | with: 26 | image-ref: 'docker.io/rockylinux/rockylinux:8' 27 | format: 'sarif' 28 | output: 'public/trivy-results.sarif' 29 | exit-code: '1' 30 | ignore-unfixed: true 31 | vuln-type: 'os,library' 32 | severity: 'CRITICAL,HIGH,MEDIUM' 33 | 34 | - name: Upload Trivy scan results to GitHub Security tab 35 | uses: github/codeql-action/upload-sarif@v1 36 | if: always() 37 | with: 38 | sarif_file: 'public/trivy-results.sarif' 39 | 40 | 41 | - name: Run Trivy vulnerability scanner 42 | uses: aquasecurity/trivy-action@master 43 | if: always() 44 | continue-on-error: true 45 | with: 46 | image-ref: 'docker.io/rockylinux/rockylinux:8' 47 | format: 'template' 48 | template: '@/contrib/html.tpl' 49 | output: 'public/index.html' 50 | exit-code: '1' 51 | ignore-unfixed: true 52 | vuln-type: 'os,library' 53 | severity: 'CRITICAL,HIGH,MEDIUM' 54 | 55 | - name: Save scan results to github pages 56 | uses: peaceiris/actions-gh-pages@v3 57 | #if: ${{ github.ref == 'refs/heads/main' }} 58 | if: always() 59 | with: 60 | github_token: ${{ secrets.GITHUB_TOKEN }} 61 | publish_dir: ./public 62 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | *.meta 3 | *.xz 4 | kickstarts/ 5 | logs/ 6 | output/ 7 | -------------------------------------------------------------------------------- /Containerfile-init: -------------------------------------------------------------------------------- 1 | ARG ImageVersion 2 | 3 | FROM rockylinux/rockylinux:$ImageVersion-ubi 4 | LABEL summary="Rocky Linux UBI init image" \ 5 | usage="Do not use directly. Use as a base image for daemons. Install chosen packages and 'systemctl enable' them." \ 6 | org.opencontainers.image.authors="Magauer Lukas " \ 7 | org.opencontainers.image.description="This image is designed to run an init system as PID 1 for running multi-services inside a container." \ 8 | org.opencontainers.image.licenses="BSD-3-Clause" \ 9 | org.opencontainers.image.url="https://github.com/rocky-linux/sig-cloud-instance-images" \ 10 | org.opencontainers.image.vendor="Rocky Enterprise Software Foundation" 11 | 12 | CMD ["/sbin/init"] 13 | 14 | STOPSIGNAL SIGRTMIN+3 15 | 16 | #TODO: this is a workaround until the ubi image has systemd in it again 17 | RUN dnf -y install systemd 18 | 19 | #mask systemd-machine-id-commit.service - partial fix for https://bugzilla.redhat.com/show_bug.cgi?id=1472439 20 | RUN systemctl mask systemd-remount-fs.service dev-hugepages.mount sys-fs-fuse-connections.mount systemd-logind.service getty.target console-getty.service systemd-udev-trigger.service systemd-udevd.service systemd-random-seed.service systemd-machine-id-commit.service 21 | 22 | RUN dnf -y install procps-ng && dnf clean all; rm -rf /var/cache /var/log/dnf* /var/log/yum.* 23 | -------------------------------------------------------------------------------- /Containerfile-micro: -------------------------------------------------------------------------------- 1 | ARG ImageVersion 2 | 3 | FROM rockylinux/rockylinux:$ImageVersion-ubi as ubi-micro-build 4 | ARG ImageVersion 5 | RUN yum install --installroot /mnt/rootfs coreutils-single glibc-minimal-langpack --releasever $ImageVersion --setopt install_weak_deps=false --nodocs -y && yum --installroot /mnt/rootfs clean all 6 | RUN rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* 7 | 8 | FROM scratch 9 | LABEL summary="Rocky Linux UBI micro image" \ 10 | org.opencontainers.image.authors="Magauer Lukas " \ 11 | org.opencontainers.image.description="Very small image which doesn't install the package manager." \ 12 | org.opencontainers.image.licenses="BSD-3-Clause" \ 13 | org.opencontainers.image.url="https://github.com/rocky-linux/sig-cloud-instance-images" \ 14 | org.opencontainers.image.vendor="Rocky Enterprise Software Foundation" 15 | 16 | COPY --from=ubi-micro-build /mnt/rootfs/ / 17 | COPY --from=ubi-micro-build /etc/yum.repos.d/* /etc/yum.repos.d/ 18 | CMD /bin/sh 19 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | ARCH = $(shell uname -m) 2 | BUILDDATE = $(shell /bin/date +%Y%m%d_%H%M) 3 | LOG_DIR = logs 4 | OUT = out 5 | RELEASE_VER = 8.6 6 | MAJOR = $(shell v='$(RELEASE_VER)'; echo "$${v%.*}") 7 | TEMPLATE_DIR = templates 8 | TEMPLATE_PATH = "${TEMPLATE_DIR}/tdl-${ARCH}.xml" 9 | STORAGEDIR := /var/lib/imagefactory/storage 10 | 11 | ifneq ($(DEBUG),) 12 | DEBUGPARAM := --debug 13 | endif 14 | 15 | # Basic type is just 'container' 16 | TYPE=Container 17 | VARIANT=Base 18 | CONTAINER_NAME = Rocky-$(MAJOR)-$(TYPE)-$(VARIANT)-$(RELEASE_VER).$(BUILDDATE).$(ARCH) 19 | 20 | KICKSTART_DIR = kickstarts 21 | KICKSTART_PATH = "${KICKSTART_DIR}/Rocky-8-${TYPE}-${VARIANT}.ks" 22 | 23 | OUTNAME := rocky-${RELEASE_VER}-${TYPE}-${VARIANT} 24 | BASEIMAGE_META := base_image-$(OUTNAME).meta 25 | TARGETIMAGE_META := target_image-$(OUTNAME).meta 26 | BASEIMAGEUUID = $(shell awk '$$1=="UUID:"{print $$NF}' $(BASEIMAGE_META)) 27 | TARGETIMAGEUUID = $(shell awk '$$1=="UUID:"{print $$NF}' $(TARGETIMAGE_META)) 28 | 29 | 30 | .PHONY := all clean setup 31 | .DEFAULT_GOAL := $(OUTNAME).tar.xz 32 | 33 | clean: 34 | -rm *.meta 35 | 36 | publish: 37 | @echo $(OUTNAME)-$(ARCH).tar.xz 38 | 39 | $(KICKSTART_DIR): 40 | git clone --branch r$(MAJOR) --single-branch https://git.resf.org/sig_core/kickstarts.git kickstarts 41 | sed -i 's/$$basearch/$(ARCH)/g' kickstarts/*.ks 42 | 43 | $(BASEIMAGE_META): $(KICKSTART_DIR) 44 | sudo imagefactory $(DEBUGPARAM) base_image \ 45 | --parameter offline_icicle true \ 46 | --file-parameter install_script ${KICKSTART_PATH} \ 47 | ${TEMPLATE_PATH} \ 48 | | tee -a logs/base_image-$(OUTNAME).out | tail -n4 > $(BASEIMAGE_META) || exit 2 49 | 50 | $(TARGETIMAGE_META): $(BASEIMAGE_META) 51 | sudo imagefactory $(DEBUGPARAM) target_image \ 52 | --id $(BASEIMAGEUUID) \ 53 | --parameter compress xz \ 54 | --parameter repository $(CONTAINER_NAME) \ 55 | docker | tee -a logs/target_image-$(OUTNAME).out | tail -n4 > $(TARGETIMAGE_META) || exit 3 56 | 57 | $(OUT): 58 | mkdir out 59 | 60 | $(OUT)/packages.txt: $(OUT) 61 | xmllint --xpath "//packages/*/@name" <(printf "$(jq '.icicle' < $(STORAGEDIR)/$(TARGETIMAGEUUID).meta)\n" | tr -d '\\' | tail -c +2 | head -c -2) | \ 62 | awk -F\= '{print substr($2,2,length($2)-2)}' | \ 63 | sort > $(OUT)/packages.txt 64 | 65 | $(OUTNAME).tar.xz: $(OUT) $(TARGETIMAGE_META) 66 | tar -Oxf $(STORAGEDIR)/$(TARGETIMAGEUUID).body */layer.tar | xz > $(OUT)/$(OUTNAME).tar.xz 67 | tar -tf $(OUT)/$(OUTNAME).tar.xz > $(OUT)/filelist.txt 68 | cp $(STORAGEDIR)/$(TARGETIMAGEUUID).meta $(OUT)/build.meta 69 | 70 | 71 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # sig-cloud-instance-images 2 | 3 | 4 | Please see the following branches for the container filesystems and Dockerfiles. 5 | 6 | * [Rocky-8.5-aarch64](https://github.com/rocky-linux/sig-cloud-instance-images/tree/Rocky-8.5-aarch64) 7 | * [Rocky-8.5-x86_64](https://github.com/rocky-linux/sig-cloud-instance-images/tree/Rocky-8.5-x86_64) 8 | * [Rocky-8.4-aarch64](https://github.com/rocky-linux/sig-cloud-instance-images/tree/Rocky-8.4-aarch64) 9 | * [Rocky-8.4-x86_64](https://github.com/rocky-linux/sig-cloud-instance-images/tree/Rocky-8.4-x86_64) 10 | * [Rocky Linux 8.4 RC1](https://github.com/rocky-linux/sig-cloud-instance-images/tree/Rocky-8.4-rc1-Container) 11 | 12 | ## Deployment 13 | 14 | Rootfs tarballs are built weekly on Sunday at 00:00 UTC. There is not currently automation to auto-create releases, though that is under investigation (see #6). 15 | 16 | There are two repositories on Dockerhub.com: the so-called "official" image, and the rockylinux organization. The former is facilitated by Docker, Inc., using information in the github.com/docker-library/official-images repository. 17 | 18 | Builds are performed on Rocky Enterprise Software Foundation github runners that are spun up and down on demand for builds, as imagefactory requires bare metal hardware. Work is underway to not have to rely on bare metal installations. 19 | 20 | ### Updating the official Docker Hub image 21 | 22 | Updating the official image is relatively simple, and could probably be automated, but at present it's not a high priority. To update the image, download the latest tested and verified build artifacts for every architecture. Anyone that is a maintainer of this repository (i.e., can merge changes into main) should be considered a maintainer of the official image and therefore allowed to request updates. 23 | 24 | Make sure you have a fork of the rocky-linux/sig-cloud-instance-images repository that is checked out on your machine, and 25 | #### Official Image Update Steps 26 | 27 | 1. Download build artifacts from the latest passing build for all available architectures. The next steps should be repeated for each architecture. 28 | 1. Change to the directory containing the clone of the sig-cloud-instance-images repository. 29 | 1. Create a new branch based off the library-template branch named using the template: "Rocky-$MAJOR.$MINOR.$ISO8601DATE-$ARCHITECTURE" e.g, `Rocky-8.5.20220314-x86_64` or `Rocky-8.5.20220314-aarch64` 30 | ``` 31 | git checkout -b Rocky-8.5.20220314-x86_64 library-template 32 | ``` 33 | 1. Remove the history of the branch by dereferencing the current HEAD from the tree. 34 | ``` 35 | git update-ref -d HEAD 36 | ``` 37 | 1. Unpack the build artifact zip file to the current directory and accept overwriting 38 | ``` 39 | unzip -d $PWD ~/Downloads/rocky-8.5-docker-x86_64.tar.xz.zip 40 | ``` 41 | 1. Generate the packages.txt file using the instructions below. This step will parse the `build.meta` file included in the build artifacts, and write the list of packages out to `packages.txt`. 42 | ```shell 43 | xmllint --xpath "//packages/*/@name" <(printf "$(jq '.icicle' < build.meta)\n" | tr -d '\\' | tail -c +2 | head -c -2) | \ 44 | awk -F\= '{print substr($2,2,length($2)-2)}' | \ 45 | sort >! packages.txt 46 | ``` 47 | 1. Add the files to be tracked by git using `git add .`. Then, check the git repo using `git status`. It should look something like this, having the new build artifacts as ready to be committed. 48 | ``` 49 | On branch Rocky-8.5.20220314-x86_64 50 | 51 | No commits yet 52 | 53 | Changes to be committed: 54 | (use "git rm --cached ..." to unstage) 55 | new file: Dockerfile 56 | new file: build.meta 57 | new file: filelist.txt 58 | new file: packages.txt 59 | new file: rocky-8.5-docker.tar.xz 60 | ``` 61 | 1. Create a commit with a message regarding the changes. Perhaps using tools/pkgdiff.sh to show a list of changed packages from the previous-latest. 62 | 1. Push the commit to your fork and open a pull request to merge it as a new branch upstream. If you have commit-level access, this can also be done directly without forking. 63 | 1. Note the commit hash (shasum), as it is needed later for requesting the update from Docker. 64 | 1. Repeat for every architecture being updated. 65 | 66 | #### Open pull request to request update 67 | 68 | > :warning: Consult **ALL** the documentation on the docker-hub/official-images README page about the format of the file the official-images repository uses to build and release images. 69 | > * Branches that will be referenced by the official-images repository data **MUST** contain only a single commit. A discrete branch will be created for each distinct image-tag that is released. 70 | 71 | Once the branches are prepared, a PR can be created against https://github.com/docker-library/official-images to push the new images out and tag them appropriately. 72 | 73 | 1. Fork and clone https://github.com/docker-hub/official-images to your machine. Cd into the directory containing the repository. 74 | 1. Create a new branch if preferred, or just commit against the latest master. Ensure your fork is up to date with upstream. 75 | 1. Edit the library/rockylinux file and rearrange any tags as needed. The `latest` and `MAJOR` tags (e.g., `8`) should always point to the most recent image, and the most recent image should also be tagged with a unique name containing an ISO8601 datestamp like 8.5.20220314. The MAJOR.MINOR tag **SHOULD NOT** change during a release cycle, and should instead always point to the initial container build post minor release. 76 | 1. Commit and create a pull request upstream requesting the change. If the change is a security one, ensure it is marked as such. Instructions for this are included in the README for the docker-hub/official-images repository. 77 | 78 | 79 | #### Docker Hub Official Images Support 80 | 81 | If support is required, or any questions about anything related to official images or our listing there, a great resource is the #docker-library channel on Libera.chat IRC. It's a relatively low traffic channel. 82 | 83 | #### Official Image Readme 84 | 85 | The readme for the official image is maintained in a separate repository - https://github.com/docker-library/docs. If any information on the README needs to be changed, submit a pull request on that repository. 86 | -------------------------------------------------------------------------------- /templates/tdl-aarch64.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | -------------------------------------------------------------------------------- /templates/tdl-x86_64.xml: -------------------------------------------------------------------------------- 1 | 16 | 17 | -------------------------------------------------------------------------------- /tools/common.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | 3 | log() { 4 | printf "[%s] :: %s\n" "$(date -Isec)" "$1" 5 | } 6 | 7 | log-cmd() { 8 | set -x 9 | command $@ 10 | set +x 11 | } 12 | 13 | if [[ -z "$version" || ! "$version" =~ [0-9]+.[0-9]+ ]]; then 14 | usage "Invalid or empty version" 15 | exit 1 16 | fi 17 | 18 | case "$type" in 19 | Base|Minimal|UBI) ;; 20 | *) 21 | usage "Invalid type" 22 | exit 1 23 | ;; 24 | esac 25 | 26 | has-branch(){ 27 | local res=$(log-cmd git branch --list "$1") 28 | if [[ -z $res ]]; then 29 | return 1 30 | fi 31 | return 0 32 | } 33 | 34 | current-branch() { 35 | local res=$(log-cmd git branch --show-current) 36 | ret=0 37 | if [[ ! -z $res ]]; then 38 | ret=1 39 | fi 40 | echo $res 41 | return $ret 42 | } 43 | 44 | generate-packagelist() { 45 | log "Generating package list" 46 | if [[ -f build.meta ]]; then 47 | log-cmd xmllint --xpath "//packages/*/@name" <(printf "$(jq '.icicle' < build.meta)\n" | tr -d '\\' | tail -c +2 | head -c -2) | \ 48 | awk -F\= '{print substr($2,2,length($2)-2)}' | \ 49 | sort > packages.txt 50 | return $? 51 | fi 52 | log "No build.meta found. Skipping packagelist generation" 53 | return 1 54 | } 55 | 56 | generate-filelist() { 57 | log "Generating filelist" 58 | if [[ -f layer.tar.xz ]]; then 59 | log-cmd tar -tf layer.tar.xz > filelist.txt 60 | return $? 61 | fi 62 | log "No layer.tar.xz found. Skipping filelist generation" 63 | return 1 64 | } 65 | 66 | latest-build() { 67 | local path=$(printf "s3://resf-empanadas/buildimage-%s-%s/Rocky-%s-Container-%s-%s-%s.%s.%s" $version $arch $major $type $version $date $revision $arch) 68 | local res=$(log-cmd aws --region us-east-2 --profile resf-peridot-prod s3 ls --recursive "$path" | sort | tail -1 | awk '{print $4}' | sed 's,^\(.*\)/.*$,\1,g') 69 | echo "$res" 70 | return 0 71 | } 72 | 73 | pattern=$(printf "Rocky-%s.%s-%s-%s" "$version" "$date" "$type" "$arch") 74 | manifest_tag="$(printf "localhost/rocky/%s/%s/%s:latest" $version $date $type)" 75 | manifest_tag="${manifest_tag,,}" # convert to lowercase 76 | -------------------------------------------------------------------------------- /tools/fetch-and-branch.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | version=${1} 4 | type=${2} 5 | arch=${3} 6 | date=${4:-$(date +%Y%m%d)} 7 | revision=${5:-0} 8 | 9 | major=${1:0:1} 10 | minor=${1:2:1} 11 | TEMPLATE="library-template" 12 | 13 | usage() { 14 | printf "%s: RELEASE TYPE ARCH [DATE]\n\n" $0 15 | log "$1" 16 | } 17 | 18 | # shellcheck disable=SC2046,1091,1090 19 | source "$(dirname "${BASH_SOURCE[0]}")/common.sh" 20 | 21 | build-container-manifests() { 22 | 23 | case "$arch" in 24 | x86_64) 25 | build_args="--os linux --arch amd64 " ;; 26 | aarch64) 27 | build_args="--os linux --arch arm64 --variant v8" ;; 28 | s390x) 29 | build_args="--os linux --arch s390x" ;; 30 | ppc64le) 31 | build_args="--os linux --arch ppc64le" ;; 32 | *) echo "invalid arch"; exit;; 33 | esac 34 | 35 | # don't bother tagging the intermediary container as we will just capture its shasum 36 | container_shasum=$(podman build -q $build_args .) 37 | pRes=$? 38 | if [[ $pRes -gt 0 ]]; then 39 | echo "failed to build container. exiting" 40 | exit $pRes 41 | fi 42 | 43 | # Manifest tags need one per type (base/minimal/etc), and contain two architectures (for 8, 9 will ultimately have 4+) 44 | if ! podman manifest exists "$manifest_tag"; then 45 | podman manifest create "$manifest_tag" 46 | pRes=$? 47 | if [[ $pRes -gt 0 ]]; then 48 | echo "Failed to create manifest" 49 | exit $pRes 50 | fi 51 | else 52 | echo "manifest exists. adding will overwrite existing platform tuple in manifest, if exists." 53 | fi 54 | 55 | podman manifest add $manifest_tag containers-storage:$container_shasum $build_args 56 | pRes=$? 57 | if [[ $pRes -gt 0 ]]; then 58 | echo "Failed to add container image to manifest" 59 | exit $pRes 60 | fi 61 | 62 | echo 63 | echo "when all images have been added to the manifest, the manifests must be pushed to their locations." 64 | echo "***Only push the bar MAJOR version tag (8,9) when the OS has been fully released.***" 65 | echo 66 | 67 | } 68 | 69 | manifest-push-commands (){ 70 | local destinations=("docker.io/rockylinux/rockylinux" "quay.io/rockylinux/rockylinux") 71 | local tags=("$version" "${version}.${date}") 72 | local final_tags=() 73 | for d in "${destinations[@]}"; do 74 | for t in "${tags[@]}"; do 75 | final_tags=(${final_tags[@]} "$d:$t") 76 | done 77 | done 78 | 79 | for t in "${final_tags[@]}"; do 80 | printf "podman manifest push %s %s\n" $manifest_tag $t 81 | done 82 | } 83 | 84 | 85 | check-and-download (){ 86 | if has-branch $pattern; then 87 | usage "Branch ${pattern} already exists. Exiting." 88 | exit 1 89 | fi 90 | 91 | log "Creating branch ${pattern}" 92 | 93 | log-cmd git checkout -b "${pattern}" $TEMPLATE 94 | 95 | branch=$(current-branch) 96 | if [[ "${branch}" != "${pattern}" ]]; then 97 | log "Not on the proper branch after creation. Exiting for safety." 98 | exit 127 99 | fi 100 | 101 | # Clear the history of the branch (Required for Docker Hub Official Images to only have one commit on the branch) 102 | log-cmd git update-ref -d HEAD 103 | 104 | builddir=$(latest-build) 105 | if [[ -z "$builddir" ]]; then 106 | log "Builddir not found. Exiting" 107 | exit 3 108 | fi 109 | 110 | log-cmd aws --region us-east-2 --profile resf-peridot-prod s3 sync "s3://resf-empanadas/$builddir" $PWD 111 | 112 | generate-packagelist 113 | generate-filelist 114 | } 115 | 116 | check-and-download 117 | build-container-manifests 118 | 119 | git add . 120 | git commit -S -m "Rocky Linux Container Image - $branch" 121 | 122 | manifest-push-commands 123 | -------------------------------------------------------------------------------- /tools/generate-dockerhub.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | version=${1} 4 | type=${2} 5 | date=${3:-$(date +%Y%m%d)} 6 | revision=${4:-0} 7 | 8 | major=${1:0:1} 9 | minor=${1:2:1} 10 | 11 | usage() { 12 | printf "%s: RELEASE TYPE [DATE]\n\n" $0 13 | log "$1" 14 | } 15 | 16 | # shellcheck disable=SC2046,1091,1090 17 | source "$(dirname "${BASH_SOURCE[0]}")/common.sh" 18 | 19 | name="Rocky-${version}.${date}-${type}" 20 | 21 | arches=(x86_64 aarch64) 22 | set -x 23 | if [[ $major -ge 9 ]]; then 24 | arches=(${arches[@]} s390x ppc64le) 25 | fi 26 | 27 | case $type in 28 | UBI | Minimal) 29 | suffix="-${type,,}" 30 | ;; 31 | *) 32 | suffix='' 33 | ;; 34 | esac 35 | 36 | declare -A shasums 37 | 38 | for a in "${arches[@]}"; do 39 | pt="${name}-${a}" 40 | if has-branch $pt; then 41 | shasums[$a]="$(git rev-parse $pt)" 42 | fi 43 | done 44 | 45 | cat < [to] (defaults to current HEAD)" 9 | exit 10 | } 11 | 12 | if [[ -z $base || -z $compare ]]; then 13 | usage 14 | fi 15 | 16 | git diff "${base}:${file}" "${compare}:${file}" \ 17 | | grep -E '^([+-]\w)' \ 18 | | awk '!(NR%2){print substr(p,2,length(p)),"=>",substr($0,2,length($0))}{p=$0}'\ 19 | | column -t 20 | 21 | --------------------------------------------------------------------------------