Build only framework images for fips

since we don't need isos for them. Isos need to be built manually (from scratch) because to have a fips enabled flavor you need to have a fips enabled OS in general. Signed-off-by: Ettore Di Giacinto <ettore@spectrocloud.com>
kairos-io · Jun 22, 2023 · 69f8c9c · 69f8c9c
1 parent 6f26714
commit 69f8c9c
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 10 deletions.
diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
@@ -23,9 +23,10 @@ jobs:
       - uses: actions/checkout@v3
       - run: |
           git fetch --prune --unshallow
+          sudo apt update && sudo apt install -y jq
       - id: set-matrix
         run: |
-          content=`cat ./.github/flavors.json`
+          content=`cat .github/flavors.json  | jq 'map(select(.frameworkonly != "true"))'`
           # the following lines are only required for multi line json
           # the following lines are only required for multi line json
           content="${content//'%'/'%25'}"
@@ -34,6 +35,27 @@ jobs:
           # end of optional handling for multi line json
           # end of optional handling for multi line json
           echo "::set-output name=matrix::{\"include\": $content }"
+
+  get-framework-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+    - uses: actions/checkout@v3
+    - run: |
+        git fetch --prune --unshallow
+    - id: set-matrix
+      run: |
+          content=`cat .github/flavors.json`
+          # the following lines are only required for multi line json
+          # the following lines are only required for multi line json
+          content="${content//'%'/'%25'}"
+          content="${content//$'\n'/'%0A'}"
+          content="${content//$'\r'/'%0D'}"
+          # end of optional handling for multi line json
+          # end of optional handling for multi line json
+          echo "::set-output name=matrix::{\"include\": $content }"
+
   build:
     runs-on: ubuntu-latest
     needs:
@@ -128,13 +150,13 @@ jobs:
   build-framework:
     if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
     needs:
-      - get-matrix
+      - get-framework-matrix
     runs-on: self-hosted
     permissions:
       id-token: write
     strategy:
       fail-fast: false
-      matrix: ${{fromJson(needs.get-matrix.outputs.matrix)}}
+      matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}}
     steps:
       - uses: actions/checkout@v3
       - run: |

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -13,9 +13,28 @@ jobs:
     - uses: actions/checkout@v3
     - run: |
         git fetch --prune --unshallow
+        sudo apt update && sudo apt install -y jq
     - id: set-matrix
       run: |
-          content=`cat ./.github/flavors.json`
+          content=`cat .github/flavors.json  | jq 'map(select(.frameworkonly != "true"))'`
+          # the following lines are only required for multi line json
+          content="${content//'%'/'%25'}"
+          content="${content//$'\n'/'%0A'}"
+          content="${content//$'\r'/'%0D'}"
+          # end of optional handling for multi line json
+          echo "::set-output name=matrix::{\"include\": $content }"
+
+  get-framework-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+    - uses: actions/checkout@v3
+    - run: |
+        git fetch --prune --unshallow
+    - id: set-matrix
+      run: |
+          content=`cat .github/flavors.json`
           # the following lines are only required for multi line json
           content="${content//'%'/'%25'}"
           content="${content//$'\n'/'%0A'}"
@@ -26,13 +45,13 @@ jobs:
   build-framework:
     runs-on: self-hosted
     needs:
-    - get-matrix
+    - get-framework-matrix
     permissions:
       id-token: write  # OIDC support
       contents: write
     strategy:
       fail-fast: false
-      matrix: ${{fromJson(needs.get-matrix.outputs.matrix)}}
+      matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}}
     steps:
       - uses: actions/checkout@v3
       - run: |
@@ -77,7 +96,6 @@ jobs:
 
   build:
     runs-on: ubuntu-latest
-    if: ${{ matrix.frameworkonly != "true" }}
     needs:
     - get-matrix
     permissions:
@@ -87,7 +105,7 @@ jobs:
       security-events: write
     strategy:
       fail-fast: false
-      matrix: ${{fromJson(needs.get-matrix.outputs.matrix)}}
+      matrix: ${{ fromJson(needs.get-matrix.outputs.matrix) }}
     steps:
       - uses: actions/checkout@v3
       - run: |

diff --git a/framework-profile.yaml b/framework-profile.yaml
@@ -140,8 +140,6 @@ kairos-toolchain-nonfips:
   packages:
   - system/kcrypt
   - system/kcrypt-challenger
-  - system/suc-upgrade
-  - system/grub2-efi
   - system/immucore
   - system/kairos-agent
 ubuntu-kernel: