diff --git a/.github/workflows/build-oci.yml b/.github/workflows/build-oci.yml new file mode 100644 index 0000000..6f433e3 --- /dev/null +++ b/.github/workflows/build-oci.yml @@ -0,0 +1,41 @@ +name: build-oci-image +on: + workflow_dispatch: +permissions: + contents: read + packages: write + id-token: write +jobs: + build: + runs-on: edera-large + strategy: + fail-fast: false + matrix: + component: + - edera-debug-report-oci + name: build ${{ matrix.component }} container image + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + submodules: recursive + - uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2 + - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + id: push-step + with: + platforms: linux/amd64 + target: ${{ matrix.component }} + tags: ghcr.io/edera-dev/${{ matrix.component }}:latest + push: true + - name: Sign the image + env: + DIGEST: ${{ steps.push-step.outputs.digest }} + TAGS: ghcr.io/edera-dev/${{ matrix.component }}:latest + COSIGN_EXPERIMENTAL: "true" + run: cosign sign --yes "${TAGS}@${DIGEST}" diff --git a/.gitmodules b/.gitmodules index f5fedc6..cdbe5e1 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "extern/pciutils"] path = extern/pciutils url = https://github.com/pciutils/pciutils.git +[submodule "extern/dmidecode"] + path = extern/dmidecode + url = https://git.savannah.nongnu.org/git/dmidecode.git diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..665d334 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,25 @@ +# Using Rocky Linux 9 as a proxy for RHEL9, which is the likely oldest +# supported Linux distro in use by enterprises out there. +FROM rockylinux:9 AS builder + +RUN cat <<'EOF' >> /etc/dnf/dnf.conf +install_weak_deps=False +fastestmirror=True +max_parallel_downloads=8 +EOF + +RUN dnf update -y +RUN dnf install --enablerepo=crb -y gcc gcc-c++ make glibc-devel zlib-devel git glibc-static zlib-static + +COPY . /workspace +WORKDIR /workspace + +RUN /workspace/package.sh + +# +# Create OCI image for Edera Protect Installer +# +FROM scratch AS edera-debug-report-oci +COPY --from=builder /workspace/build /var/lib/edera/protect/support + +# vim: set ts=4 sts=4 sw=4 et: diff --git a/extern/dmidecode b/extern/dmidecode new file mode 160000 index 0000000..566922a --- /dev/null +++ b/extern/dmidecode @@ -0,0 +1 @@ +Subproject commit 566922aed8f865553aac053bbc43a9a1d3e3594a diff --git a/extern/pciutils b/extern/pciutils index 3ec74c7..b424ac8 160000 --- a/extern/pciutils +++ b/extern/pciutils @@ -1 +1 @@ -Subproject commit 3ec74c71c01878f92e751f15bb8febe720c3ab40 +Subproject commit b424ac8b498317965bfd3ab33ae21b158a7f1dd2 diff --git a/package.sh b/package.sh index d0940ae..0d01f90 100755 --- a/package.sh +++ b/package.sh @@ -8,6 +8,16 @@ cd "$SCRIPTPATH" rm -rf "${SCRIPTPATH}/build" mkdir -p "${SCRIPTPATH}/build/bin" +# +# Build statically-linked dmidecode binary +# +pushd extern/dmidecode +git clean -dfx +git reset --hard HEAD +make -j$(nproc) dmidecode CC="gcc" CFLAGS="-Os -static -flto" LDFLAGS="-static -flto" +install -Dm0755 dmidecode "${SCRIPTPATH}/build/bin/dmidecode" +popd + # # Build statically-linked pciutils 'lspci' binary and pci.ids.gz # @@ -15,7 +25,7 @@ mkdir -p "${SCRIPTPATH}/build/bin" pushd extern/pciutils git clean -dfx git reset --hard HEAD -make -j$(nproc) update-pciids lspci OPT=-Os IDSDIR="./hwdata" LIBKMOD=no DNS=no HWDB=no ZLIB=yes SHARED=no CC="cc -static -flto" +make -j$(nproc) update-pciids lspci OPT=-Os IDSDIR="./hwdata" LIBKMOD=no DNS=no HWDB=no ZLIB=yes SHARED=no RANLIB=gcc-ranlib AR=gcc-ar CC="gcc -static -flto" mkdir hwdata ./update-pciids install -Dm0755 update-pciids "${SCRIPTPATH}/build/bin/update-pciids"