diff --git a/.github/flavors.json b/.github/flavors.json index 032dbebc4..493a1b683 100644 --- a/.github/flavors.json +++ b/.github/flavors.json @@ -1,9 +1,9 @@ [ { - "flavor": "opensuse-leap" + "flavor": "opensuse-leap" }, { - "flavor": "opensuse-tumbleweed" + "flavor": "opensuse-tumbleweed" }, { "flavor": "ubuntu" @@ -11,6 +11,10 @@ { "flavor": "ubuntu-20-lts" }, + { + "flavor": "ubuntu-20-lts-fips", + "frameworkonly": "true" + }, { "flavor": "ubuntu-22-lts" }, @@ -32,4 +36,4 @@ { "flavor": "almalinux" } -] \ No newline at end of file +] diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index da5d6f2a6..fae43b40c 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -23,9 +23,10 @@ jobs: - uses: actions/checkout@v3 - run: | git fetch --prune --unshallow + sudo apt update && sudo apt install -y jq - id: set-matrix run: | - content=`cat ./.github/flavors.json` + content=`cat .github/flavors.json | jq 'map(select(.frameworkonly != "true"))'` # the following lines are only required for multi line json # the following lines are only required for multi line json content="${content//'%'/'%25'}" @@ -34,6 +35,27 @@ jobs: # end of optional handling for multi line json # end of optional handling for multi line json echo "::set-output name=matrix::{\"include\": $content }" + + get-framework-matrix: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@v3 + - run: | + git fetch --prune --unshallow + - id: set-matrix + run: | + content=`cat .github/flavors.json` + # the following lines are only required for multi line json + # the following lines are only required for multi line json + content="${content//'%'/'%25'}" + content="${content//$'\n'/'%0A'}" + content="${content//$'\r'/'%0D'}" + # end of optional handling for multi line json + # end of optional handling for multi line json + echo "::set-output name=matrix::{\"include\": $content }" + build: runs-on: ubuntu-latest needs: @@ -128,13 +150,13 @@ jobs: build-framework: if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} needs: - - get-matrix + - get-framework-matrix runs-on: self-hosted permissions: id-token: write strategy: fail-fast: false - matrix: ${{fromJson(needs.get-matrix.outputs.matrix)}} + matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}} steps: - uses: actions/checkout@v3 - run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c6521986c..3f9f6f35f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,9 +13,28 @@ jobs: - uses: actions/checkout@v3 - run: | git fetch --prune --unshallow + sudo apt update && sudo apt install -y jq - id: set-matrix run: | - content=`cat ./.github/flavors.json` + content=`cat .github/flavors.json | jq 'map(select(.frameworkonly != "true"))'` + # the following lines are only required for multi line json + content="${content//'%'/'%25'}" + content="${content//$'\n'/'%0A'}" + content="${content//$'\r'/'%0D'}" + # end of optional handling for multi line json + echo "::set-output name=matrix::{\"include\": $content }" + + get-framework-matrix: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@v3 + - run: | + git fetch --prune --unshallow + - id: set-matrix + run: | + content=`cat .github/flavors.json` # the following lines are only required for multi line json content="${content//'%'/'%25'}" content="${content//$'\n'/'%0A'}" @@ -26,13 +45,13 @@ jobs: build-framework: runs-on: self-hosted needs: - - get-matrix + - get-framework-matrix permissions: id-token: write # OIDC support contents: write strategy: fail-fast: false - matrix: ${{fromJson(needs.get-matrix.outputs.matrix)}} + matrix: ${{fromJson(needs.get-framework-matrix.outputs.matrix)}} steps: - uses: actions/checkout@v3 - run: | @@ -86,7 +105,7 @@ jobs: security-events: write strategy: fail-fast: false - matrix: ${{fromJson(needs.get-matrix.outputs.matrix)}} + matrix: ${{ fromJson(needs.get-matrix.outputs.matrix) }} steps: - uses: actions/checkout@v3 - run: | diff --git a/framework-profile.yaml b/framework-profile.yaml index 25318a0f2..4bdd2de0f 100755 --- a/framework-profile.yaml +++ b/framework-profile.yaml @@ -1,69 +1,104 @@ -common: - - dracut/immucore - - static/grub-config - - system/kcrypt - - system/kcrypt-challenger - - system/suc-upgrade - - system/grub2-efi - - system/immucore - - system/kairos-agent +# Additional common packages to be added to all the FLAVORS +## common: +## - category/name@version flavors: debian: + - common-packages + - kairos-toolchain - systemd-base - dracut-network-legacy ubuntu: + - common-packages + - kairos-toolchain - systemd-base - dracut-network-legacy ubuntu-arm-rpi: + - common-packages + - kairos-toolchain - systemd-base - dracut-network-legacy ubuntu-20-lts-arm-nvidia-jetson-agx-orin: + - common-packages + - kairos-toolchain - systemd-base - dracut-network-legacy-compat ubuntu-20-lts-arm-rpi: + - common-packages + - kairos-toolchain - systemd-base - dracut-network-legacy-compat ubuntu-22-lts-arm-rpi: + - common-packages + - kairos-toolchain - systemd-base - dracut-network-legacy-compat ubuntu-22-lts: + - common-packages + - kairos-toolchain - systemd-base - dracut-network-legacy-compat ubuntu-20-lts: + - common-packages + - kairos-toolchain + - systemd-base + - dracut-network-legacy-compat + ubuntu-20-lts-fips: + - common-packages + - kairos-toolchain-fips - systemd-base - dracut-network-legacy-compat fedora: + - common-packages + - kairos-toolchain - systemd-base - dracut-network-legacy-compat rockylinux: + - common-packages + - kairos-toolchain - systemd-base - dracut-network-legacy-compat almalinux: + - common-packages + - kairos-toolchain - systemd-base - dracut-network-legacy-compat opensuse-tumbleweed: + - common-packages + - kairos-toolchain - systemd-base - systemd-latest - dracut-network-legacy opensuse-tumbleweed-arm-rpi: + - common-packages + - kairos-toolchain - systemd-base - systemd-latest - dracut-network-legacy opensuse-leap: + - common-packages + - kairos-toolchain - systemd-base - systemd-latest - dracut-network-legacy opensuse-leap-arm-rpi: + - common-packages + - kairos-toolchain - systemd-base - systemd-latest - dracut-network-legacy alpine-arm-rpi: + - common-packages + - kairos-toolchain - opensuse-leap-kernel - openrc alpine-opensuse-leap: + - common-packages + - kairos-toolchain - openrc - opensuse-leap-kernel alpine-ubuntu: + - common-packages + - kairos-toolchain - ubuntu-kernel - openrc # See https://github.com/kairos-io/packages/pull/67 for rationale @@ -84,6 +119,29 @@ opensuse-leap-kernel: packages: - distro-kernels/opensuse-leap - distro-initrd/opensuse-leap + +## Packages (cat/name@version) that are added to ALL flavors +## Static files, no binary +common-packages: + packages: + - static/grub-config + - dracut/immucore + - system/suc-upgrade + - system/grub2-efi + +kairos-toolchain-fips: + packages: + - fips/kcrypt + - fips/kcrypt-challenger + - fips/immucore + - fips/kairos-agent + +kairos-toolchain: + packages: + - system/kcrypt + - system/kcrypt-challenger + - system/immucore + - system/kairos-agent ubuntu-kernel: packages: - distro-kernels/ubuntu diff --git a/tests/upgrade_cli_test.go b/tests/upgrade_cli_test.go index 04e63a2c2..79a3c1eec 100644 --- a/tests/upgrade_cli_test.go +++ b/tests/upgrade_cli_test.go @@ -60,7 +60,7 @@ var _ = Describe("k3s upgrade manual test", Label("upgrade-with-cli"), func() { Expect(currentVersion).To(ContainSubstring("v")) By(fmt.Sprintf("Upgrading to: %s", containerImage)) - out, err := vm.Sudo("kairos-agent --debug upgrade --force --image " + containerImage) + out, err := vm.Sudo("kairos-agent --debug upgrade --force --source " + containerImage) Expect(err).ToNot(HaveOccurred(), string(out)) Expect(out).To(ContainSubstring("Upgrade completed")) Expect(out).To(ContainSubstring(containerImage))