Refactor build bootable artifacts

.github/actions/build-iso/action.yml → .github/actions/build-bootable-artifacts/action.yml

@@ -1,5 +1,5 @@
 ---
-name: Build ISO
+name: Build bootable artifacts
 
 inputs:
   platform:
@@ -9,20 +9,27 @@ inputs:
     description: Full podman image reference, including hash (e.g., "registry.example.com/image@sha256")
     required: true
   image-name:
-    description: Name of the image, will be used to name the ISO file (e.g., "my-image")
+    description: Name of the image, will be used to name the artifact files (e.g., "my-image")
     required: true
+  image-types:
+    description: The types of bootable artifacts to build (e.g., "iso,raw")
+    required: false
+    default: "iso"
   update_is_signed:
     description: Whether the image is signed or not
     required: false
   update_origin_ref:
     description: Image reference to update from (e.g., "{image}:latest")
     required: true
   config-file:
-    description: Path to the ISO configuration file
+    description: Path to the bootable artifacts configuration file
     required: true
-  use_librepo:
+  use-librepo:
     description: "Use librepo to download the image"
     required: false
+  additional-args:
+    description: "Additional arguments to pass to the bootc-image-builder"
+    required: false
   REGISTRY:
     description: The container registry URL (e.g., "registry.example.com")
     required: true
@@ -35,17 +42,11 @@ inputs:
 
 outputs:
   output_directory:
-    description: The directory where the built ISO and checksum are stored
+    description: The directory where the built artifacts and checksums are stored
     value: ${{ steps.rename.outputs.output_directory }}
-  artifact_name:
-    description: The name of the artifact (ISO file) without the extension
-    value: ${{ steps.rename.outputs.ARTIFACT_NAME }}
-  iso_name:
-    description: The name of the built ISO file
-    value: ${{ steps.rename.outputs.ISO_NAME }}
-  checksum_name:
-    description: The name of the checksum file for the ISO
-    value: ${{ steps.rename.outputs.CHECKSUM_NAME }}
+  artifact_basename:
+    description: The base name of the artifacts
+    value: ${{ steps.rename.outputs.artifact_basename }}
 
 runs:
   using: "composite"
@@ -64,7 +65,7 @@ runs:
         ARCH=${{ inputs.platform }}
         echo "CLEAN_ARCH=${ARCH//\//_}" >> "$GITHUB_ENV"
 
-    - name: Prepare ISO configuration
+    - name: Prepare bootable artifacts configuration
       shell: bash
       run: |
         [ "${{ inputs.update_is_signed }}" = "true" ] && SIG="--enforce-container-sigpolicy"
@@ -73,36 +74,42 @@ runs:
         sed -i "s#<IMAGE_SIGNED>#${SIG}#g" ${{ inputs.config-file }}
         cat ${{ inputs.config-file }}
 
-    - name: Build ISO
+        [ "${{ inputs.use-librepo }}" = "true" ] && USE_LIBREPO="True" || USE_LIBREPO="False"
+        ADDITIONAL_ARGS="--target-arch=${{ env.CLEAN_ARCH }} --use-librepo=${USE_LIBREPO} ${{ inputs.additional-args }}"
+
+        echo "ADDITIONAL_ARGS=${ADDITIONAL_ARGS}" >> "$GITHUB_ENV"
+
+    - name: Build bootable artifacts
       id: build
-      #uses: ublue-os/bootc-image-builder-action@b98784c42327746e107a6a753b64f44823bdbf2f
-      uses: alexiri/bootc-image-builder-action@platform
+      uses: osbuild/bootc-image-builder-action@4503a3445240ffc85cccf8f57d7cab5634e351e2
       with:
-        image: ${{ inputs.image }}
-        type: iso
-        use-librepo: ${{ inputs.use_librepo }}
         config-file: ${{ inputs.config-file }}
-        platform: linux/${{ inputs.platform }}
+        image: ${{ inputs.image }}
+        additional-args: ${{ env.ADDITIONAL_ARGS }}
+        types: ${{ inputs.image-types }}
 
-    - name: Rename ISO
+    - name: Rename bootable artifacts
       id: rename
       env:
-        IMAGE_NAME: ${{ inputs.image-name }}-${{ env.CLEAN_ARCH }}-live.iso
         OUTPUT_PATH: output-${{ env.CLEAN_ARCH }}
       shell: bash
       run: |
         set -x
         mkdir -p ${{ env.OUTPUT_PATH }}
         OUTPUT_DIRECTORY="$(realpath ${{ env.OUTPUT_PATH }})"
+        ARTIFACT_BASENAME="${{ inputs.image-name }}-${{ env.CLEAN_ARCH }}"
+
+        echo '${{ steps.build.outputs.output-paths }}' | jq -c '.[]' | while read -r artifact; do
+          ARTIFACT_PATH=$(echo "$artifact" | jq -r '.path')
+          ARTIFACT_CHECKSUM=$(echo "$artifact" | jq -r '.checksum')
+          ARTIFACT_EXTENSION=$(echo "$ARTIFACT_PATH" | awk -F. '{print $NF}')
 
-        ARTIFACT_NAME="${{ inputs.image-name }}-${{ env.CLEAN_ARCH }}"
-        ISO_NAME="${ARTIFACT_NAME}.iso"
-        CHECKSUM_NAME="${ISO_NAME}-CHECKSUM"
+          ARTIFACT_NAME="${ARTIFACT_BASENAME}.${ARTIFACT_EXTENSION}"
+          CHECKSUM_NAME="${ARTIFACT_NAME}-CHECKSUM"
 
-        mv ${{ steps.build.outputs.output-path }} "${OUTPUT_DIRECTORY}/${ISO_NAME}"
-        mv ${{ steps.build.outputs.checksum-path }} "${OUTPUT_DIRECTORY}/${CHECKSUM_NAME}"
+          cp "$ARTIFACT_PATH" "${OUTPUT_DIRECTORY}/${ARTIFACT_NAME}"
+          echo "$ARTIFACT_CHECKSUM" > "${OUTPUT_DIRECTORY}/${CHECKSUM_NAME}"
+        done
 
-        echo "output_directory=$OUTPUT_DIRECTORY" >> "${GITHUB_OUTPUT}"
-        echo "ISO_NAME=${ISO_NAME}" >> "${GITHUB_OUTPUT}"
-        echo "ARTIFACT_NAME=${ARTIFACT_NAME}" >> "${GITHUB_OUTPUT}"
-        echo "CHECKSUM_NAME=${CHECKSUM_NAME}" >> "${GITHUB_OUTPUT}"
+        echo "output_directory=${OUTPUT_DIRECTORY}" >> "${GITHUB_OUTPUT}"
+        echo "artifact_basename=${ARTIFACT_BASENAME}" >> "${GITHUB_OUTPUT}"

.github/actions/build/action.yml

@@ -7,10 +7,19 @@ inputs:
     required: true
   variant:
     description: The variant of the image to build
-    required: true
+    required: false
+    default: ""
   containerfile:
     description: The path to the Containerfile used for building the image
     required: true
+  stage:
+    description: The stage to build in the Containerfile
+    required: false
+    default: ""
+  extra-args:
+    description: Additional arguments to pass to the podman build command
+    required: false
+    default: ""
   image-name:
     description: The name of the image to build
     required: true
@@ -99,6 +108,8 @@ runs:
       shell: bash
       env:
         IMAGE_TAG: ${{ inputs.image-tag }}-${{ env.CLEAN_ARCH }}
+        STAGE_ARGS: --target=${{ inputs.stage }}
+        EXTRA_ARGS: ${{ inputs.extra-args }}
       run: |
         echo "::group::Build Image"
         sudo podman build \
@@ -113,6 +124,8 @@ runs:
           --build-arg VARIANT=${{ inputs.variant }} \
           -t ${{ inputs.image-name }}:${IMAGE_TAG} \
           -f ${{ inputs.containerfile }} \
+          ${{ env.STAGE_ARGS }} \
+          ${{ env.EXTRA_ARGS }} \
           .
 
         echo "image-id=$(cat /tmp/image-id)" >> $GITHUB_OUTPUT

.github/actions/upload-gh/action.yml

@@ -2,8 +2,8 @@
 name: Upload to GitHub Actions Artifacts
 
 inputs:
-  artifact_name:
-    description: "The name of the artifact to upload"
+  artifact_basename:
+    description: "The basename of the artifacts to upload"
     required: true
   directory:
     description: "The directory containing the files to upload"
@@ -12,11 +12,11 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - name: Upload ISOs and Checksum to Job Artifacts
+    - name: Upload Bootable Artifacts and Checksums to Job Artifacts
       id: upload-gh
       uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v4
       with:
-        name: ${{ inputs.artifact_name }}
+        name: ${{ inputs.artifact_basename }}
         path: ${{ inputs.directory }}
         if-no-files-found: error
         compression-level: 0
@@ -26,5 +26,5 @@ runs:
     - name: Summary
       shell: bash
       run: |
-        echo "Artifact URL: ${{ steps.upload-gh.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
+        echo "Artifact: ${{ steps.upload-gh.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
         echo "Digest: ${{ steps.upload-gh.outputs.artifact-digest }}" >> $GITHUB_STEP_SUMMARY

.github/actions/upload-r2/action.yml

@@ -8,6 +8,10 @@ inputs:
   bucket:
     description: "The Cloudflare R2 bucket to upload the files to"
     required: true
+  path:
+    description: "The path to the files to upload, relative to the bucket root"
+    required: true
+    default: ""
   R2_ACCOUNT_ID:
     description: "The Cloudflare R2 account ID"
     required: true
@@ -30,4 +34,4 @@ runs:
         r2-secret-access-key: ${{ inputs.R2_SECRET_ACCESS_KEY }}
         r2-bucket: ${{ inputs.bucket }}
         source-dir: ${{ inputs.directory }}
-        destination-dir: ./
+        destination-dir: ${{ inputs.path }}

.github/actions/upload-s3/action.yml

@@ -6,17 +6,12 @@ inputs:
     description: "The directory containing the files to upload"
     required: true
   bucket:
-    description: "The Cloudflare R2 bucket to upload the files to"
+    description: "The Amazon S3 bucket to upload the files to"
     required: true
   path:
-    description: "The path to the files to upload, relative to the directory"
-    required: true
-  iso-name:
-    description: "The name of the ISO file to upload"
-    required: true
-  checksum-name:
-    description: "The name of the checksum file to upload"
+    description: "The path to the files to upload, relative to the bucket root"
     required: true
+    default: ""
   aws-default-region:
     description: "The AWS region to use for S3 uploads"
     required: true
@@ -46,18 +41,4 @@ runs:
         # Upload the files to S3 bucket
         aws s3 cp ${{ inputs.directory }} \
             s3://${BUCKET}/${{ inputs.path }}/ \
-            --recursive
-
-          # Make them uploaded file publicly available
-        aws s3api put-object-tagging \
-            --bucket ${BUCKET} \
-            --key ${{ inputs.path }}/${{ inputs.iso-name }} \
-            --tagging 'TagSet={Key=public,Value=yes}'
-
-        aws s3api put-object-tagging \
-            --bucket ${BUCKET} \
-            --key ${{ inputs.path }}/${{ inputs.checksum-name }} \
-            --tagging 'TagSet={Key=public,Value=yes}'
-
-        echo "ISO: https://${BUCKET}.s3-accelerate.dualstack.amazonaws.com/${{ inputs.path }}/${{ inputs.iso-name }}" >> $GITHUB_STEP_SUMMARY
-        echo "Digest: https://${BUCKET}.s3-accelerate.dualstack.amazonaws.com/${{ inputs.path }}/${{ inputs.checksum-name }}" >> $GITHUB_STEP_SUMMARY
+            --recursive --acl public-read