Skip to content
This repository has been archived by the owner on Apr 28, 2024. It is now read-only.

Commit

Permalink
feat: add arch toolbox
Browse files Browse the repository at this point in the history
  • Loading branch information
@sneexy-boi
sneexy-boi committed Apr 3, 2024
1 parent 637427b commit 4e30566
Show file tree
Hide file tree
Showing 7 changed files with 261 additions and 9 deletions.
156 changes: 156 additions & 0 deletions .github/workflows/build-arch-toolbox.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
name: Build Arch Toolbox (Sernik) Image
on:
schedule:
- cron: '20 22 * * *' # 9:00pm everyday
pull_request:
merge_group:
workflow_dispatch:
env:
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}

concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
cancel-in-progress: true

jobs:
push-ghcr:
name: Build and push image
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
id-token: write
strategy:
fail-fast: false
matrix:
base_name: [arch-toolbox, arch-toolbox-gnome]
include:
- is_latest_version: true
is_stable_version: true
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6

# Checkout push-to-registry action GitHub repository
- name: Checkout Push to Registry action
uses: actions/checkout@v4

- name: Matrix Variables
run: |
echo "IMAGE_NAME=${{ matrix.base_name }}" >> $GITHUB_ENV
- name: Generate tags
id: generate-tags
shell: bash
run: |
# Generate a timestamp for creating an image version history
TIMESTAMP="$(date +%Y%m%d)"
COMMIT_TAGS=()
BUILD_TAGS=()
# Have tags for tracking builds during pull request
SHA_SHORT="${GITHUB_SHA::7}"
COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}")
COMMIT_TAGS+=("${SHA_SHORT}")
if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \
[[ "${{ matrix.is_stable_version }}" == "true" ]]; then
COMMIT_TAGS+=("pr-${{ github.event.pull_request.number }}")
COMMIT_TAGS+=("${SHA_SHORT}")
fi
BUILD_TAGS=("${TIMESTAMP}")
if [[ "${{ matrix.is_latest_version }}" == "true" ]] && \
[[ "${{ matrix.is_stable_version }}" == "true" ]]; then
BUILD_TAGS+=("latest")
fi
if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
echo "Generated the following commit tags: "
for TAG in "${COMMIT_TAGS[@]}"; do
echo "${TAG}"
done
alias_tags=("${COMMIT_TAGS[@]}")
else
alias_tags=("${BUILD_TAGS[@]}")
fi
echo "Generated the following build tags: "
for TAG in "${BUILD_TAGS[@]}"; do
echo "${TAG}"
done
echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
# Build metadata
- name: Image Metadata
uses: docker/metadata-action@v5
id: meta
with:
images: |
${{ env.IMAGE_NAME }}
labels: |
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/boxkit/main/README.md
# Build image using Buildah action
- name: Build Image
id: build_image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./toolboxes/arch-toolbox/Containerfile.arch
image: ${{ env.IMAGE_NAME }}
tags: |
${{ steps.generate-tags.outputs.alias_tags }}
labels: ${{ steps.meta.outputs.labels }}
oci: false
extra-args: |
--target=${{ matrix.base_name }}
# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
# https://github.com/macbre/push-to-ghcr/issues/12
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v6
with:
string: ${{ env.IMAGE_REGISTRY }}

# Push the image to GHCR (Image Registry)
- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
id: push
if: github.event_name != 'pull_request'
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# Sign container
- uses: sigstore/[email protected]
if: github.event_name != 'pull_request'

- name: Sign container image
if: github.event_name != 'pull_request'
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
env:
TAGS: ${{ steps.push.outputs.digest }}
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}

- name: Echo outputs
if: github.event_name != 'pull_request'
run: |
echo "${{ toJSON(steps.push.outputs) }}"
6 changes: 3 additions & 3 deletions .github/workflows/build-google-chrome-toolbox.yml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
name: Build Ubuntu Toolbox (Sernik) Image
name: Build Google Chrome Toolbox (Sernik) Image
on:
schedule:
- cron: '20 22 * * *' # 10:20pm everyday
pull_request:
merge_group:
workflow_dispatch:
env:
IMAGE_NAME: ubuntu-toolbox
IMAGE_NAME: google-chrome-toolbox
IMAGE_TAGS: latest
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}

Expand Down Expand Up @@ -52,7 +52,7 @@ jobs:
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./toolboxes/ubuntu-toolbox/Containerfile.ubuntu
./toolboxes/google-chrome-toolbox/Containerfile.google-chrome
image: ${{ env.IMAGE_NAME }}
tags: ${{ env.IMAGE_TAGS }}
labels: ${{ steps.meta.outputs.labels }}
Expand Down
99 changes: 99 additions & 0 deletions toolboxes/arch-toolbox/Containerfile.arch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
FROM ghcr.io/ublue-os/arch-distrobox AS bazzite-arch

COPY system_files /

# Install needed packages
RUN pacman -S \
lib32-vulkan-radeon \
libva-mesa-driver \
intel-media-driver \
vulkan-mesa-layers \
lib32-vulkan-mesa-layers \
lib32-libnm \
openal \
pipewire \
pipewire-pulse \
pipewire-alsa \
pipewire-jack \
wireplumber \
lib32-pipewire \
lib32-pipewire-jack \
lib32-libpulse \
lib32-openal \
xdg-desktop-portal-kde \
vim \
nano \
hyfetch \
fish \
yad \
xdg-user-dirs \
xdotool \
xorg-xwininfo \
wmctrl \
wxwidgets-gtk3 \
rocm-opencl-runtime \
rocm-hip-runtime \
libbsd \
noto-fonts-cjk \
--noconfirm && \
pacman -S \
steam \
lutris \
mangohud \
lib32-mangohud \
--noconfirm && \
wget https://raw.githubusercontent.com/Shringe/LatencyFleX-Installer/main/install.sh -O /usr/bin/latencyflex && \
sed -i 's@"dxvk.conf"@"/usr/share/latencyflex/dxvk.conf"@g' /usr/bin/latencyflex && \
chmod +x /usr/bin/latencyflex
# Steam/Lutris/Wine installed separately so they use the dependencies above and don't try to install their own.

# Create build user
RUN useradd -m --shell=/bin/bash build && usermod -L build && \
echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
echo "root ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

# Install AUR packages
USER build
WORKDIR /home/build
RUN paru -S \
aur/protontricks \
aur/vkbasalt \
aur/lib32-vkbasalt \
aur/obs-vkcapture-git \
aur/lib32-obs-vkcapture-git \
aur/lib32-gperftools \
aur/steamcmd \
--noconfirm
USER root
WORKDIR /

# Cleanup
# Native march & tune. This is a gaming image and not something a user is going to compile things in with the intent to share.
# We do this last because it'll only apply to updates the user makes going forward. We don't want to optimize for the build host's environment.
RUN sed -i 's@ (Runtime)@@g' /usr/share/applications/steam.desktop && \
sed -i 's/-march=x86-64 -mtune=generic/-march=native -mtune=native/g' /etc/makepkg.conf && \
userdel -r build && \
rm -drf /home/build && \
sed -i '/build ALL=(ALL) NOPASSWD: ALL/d' /etc/sudoers && \
sed -i '/root ALL=(ALL) NOPASSWD: ALL/d' /etc/sudoers && \
rm -rf \
/tmp/* \
/var/cache/pacman/pkg/*

FROM bazzite-arch as bazzite-arch-gnome

# Replace KDE portal with GNOME portal, swap included icon theme.
RUN sed -i 's/-march=native -mtune=native/-march=x86-64 -mtune=generic/g' /etc/makepkg.conf && \
pacman -Rnsdd \
xdg-desktop-portal-kde \
--noconfirm && \
pacman -S \
xdg-desktop-portal-gtk \
xdg-desktop-portal-gnome \
--noconfirm

# Cleanup
RUN sed -i 's/-march=x86-64 -mtune=generic/-march=native -mtune=native/g' /etc/makepkg.conf && \
rm -rf \
/tmp/* \
/var/cache/pacman/pkg/*
2 changes: 2 additions & 0 deletions toolboxes/arch-toolbox/files/usr/share/latencyflex/dxvk.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
dxgi.nvapiHack = False
dxgi.customVendorId = 10de
0 ...oogle-chrome-toolbox/Containerfile.ubuntu → ...hrome-toolbox/Containerfile.google-chrome
View file
File renamed without changes.
0 ...xes/google-chrome-toolbox/packages.ubuntu → ...gle-chrome-toolbox/packages.google-chrome
View file
File renamed without changes.
7 changes: 1 addition & 6 deletions toolboxes/ubuntu-toolbox/Containerfile.ubuntu
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,6 @@
FROM quay.io/toolbx-images/ubuntu-toolbox:22.04
# From https://github.com/toolbx-images/images/tree/main/ubuntu/22.04

LABEL com.github.containers.toolbox="true" \
usage="This image is meant to be used with the toolbox or distrobox command" \
summary="A cloud-native terminal experience powered by Ubuntu" \
maintainer="[email protected]"

COPY ./toolboxes/ubuntu-toolbox/packages.ubuntu /toolbox-packages

RUN apt-get update && \
Expand All @@ -21,4 +16,4 @@ RUN ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/docker && \
ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/podman && \
ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/rpm-ostree

RUN echo "ALL ALL = (ALL) NOPASSWD: ALL" >> /etc/sudoers
RUN echo "ALL ALL = (ALL) NOPASSWD: ALL" >> /etc/sudoers

0 comments on commit 4e30566

Please sign in to comment.