omarabdul3ziz/zosbuilder
1
0
Fork 0
forked from tfgrid/zosbuilder
Code Pull Requests Activity
Files
041ad29a70044b37c73442bd194ffd7b2232c380
zosbuilder/GITHUB_ACTIONS.md
Jan De Landtsheer 860b9aa161 feat: Implement complete Zero OS Alpine Initramfs Builder 
- Complete bash framework with strict error handling
- Modular library system (docker, alpine, components, initramfs, kernel, testing)
- Rust component integration (zinit, rfs, mycelium) with musl targeting
- Rootless Docker/Podman support for GitHub Actions
- Centralized configuration in config/build.conf
- 2-stage module loading system
- Strip + UPX optimization for minimal size
- Complete zinit integration replacing OpenRC
- GitHub Actions CI/CD pipeline
- Comprehensive documentation and usage guides

Components:
- Latest stable kernel 6.12.44
- Alpine Linux 3.22 base
- ThreeFold components: zinit, mycelium, rfs, corex
- Target: ~8-12MB final initramfs.cpio.xz
2025-08-31 12:31:49 +02:00

249 lines
5.2 KiB
Markdown
Raw Blame History

# GitHub Actions Integration
## Rootless Container Setup
### Prerequisites
GitHub Actions runners need proper subuid/subgid configuration for rootless containers:
```yaml
name: Build Zero OS Initramfs
on:
push:
branches: [ main, development ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup rootless containers
run: |
# Configure subuid/subgid for runner user
echo "runner:100000:65536" | sudo tee -a /etc/subuid
echo "runner:100000:65536" | sudo tee -a /etc/subgid
# Install container runtime
sudo apt-get update
sudo apt-get install -y podman
# Verify rootless setup
podman system info
- name: Install build dependencies
run: |
sudo apt-get install -y \
build-essential \
rustc \
cargo \
upx-ucl \
binutils \
git \
wget \
qemu-system-x86 \
cloud-hypervisor
- name: Setup Rust musl target
run: |
rustup target add x86_64-unknown-linux-musl
sudo apt-get install -y musl-tools
- name: Build initramfs
run: |
chmod +x scripts/build.sh
./scripts/build.sh
- name: Test with QEMU
run: |
chmod +x scripts/test.sh
./scripts/test.sh --qemu
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: zero-os-initramfs
path: |
dist/vmlinuz.efi
dist/initramfs.cpio.xz
retention-days: 30
- name: Create release
if: github.ref == 'refs/heads/main'
uses: softprops/action-gh-release@v1
with:
tag_name: v${{ github.run_number }}
files: |
dist/vmlinuz.efi
dist/initramfs.cpio.xz
```
## Container Caching Strategy
### Builder Container Reuse
```yaml
- name: Cache builder container
uses: actions/cache@v4
with:
path: ~/.local/share/containers
key: ${{ runner.os }}-containers-${{ hashFiles('Dockerfile') }}
restore-keys: |
${{ runner.os }}-containers-
- name: Build or reuse container
run: |
if ! podman image exists zero-os-builder:latest; then
podman build -t zero-os-builder:latest .
fi
```
### Component Source Caching
```yaml
- name: Cache Rust components
uses: actions/cache@v4
with:
path: |
components/
~/.cargo/registry
~/.cargo/git
key: ${{ runner.os }}-rust-${{ hashFiles('config/sources.conf') }}
restore-keys: |
${{ runner.os }}-rust-
```
## Security Considerations
### Rootless Execution Benefits
1. **No privileged access required**
2. **User namespace isolation**
3. **Reduced attack surface**
4. **Compatible with GitHub Actions security model**
### Container Security
```bash
# Use minimal Alpine base
FROM alpine:3.22
# Create non-root user
RUN adduser -D -s /bin/sh builder
# Install only required packages
RUN apk add --no-cache \
build-base \
rust \
cargo \
upx \
git \
wget
# Switch to non-root user
USER builder
WORKDIR /home/builder
```
## Parallel Builds
### Matrix Strategy for Testing
```yaml
strategy:
matrix:
test_runner: [qemu, cloud-hypervisor]
optimization: [size, speed]
steps:
- name: Build with optimization
run: |
export OPTIMIZATION_TARGET="${{ matrix.optimization }}"
./scripts/build.sh
- name: Test with runner
run: |
./scripts/test.sh --runner ${{ matrix.test_runner }}
```
## Environment Variables
### Build Configuration
```yaml
env:
ALPINE_VERSION: "3.22"
KERNEL_VERSION: "6.8.8"
RUST_TARGET: "x86_64-unknown-linux-musl"
OPTIMIZATION_LEVEL: "max"
CONTAINER_REGISTRY: "ghcr.io"
```
### Secrets Management
```yaml
- name: Login to container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
```
## Troubleshooting
### Common Issues
1. **Subuid/subgid not configured**
```bash
# Solution: Configure in setup step
echo "runner:100000:65536" | sudo tee -a /etc/subuid
```
2. **Container runtime not accessible**
```bash
# Solution: Use rootless podman
sudo apt-get install -y podman
```
3. **Rust musl target missing**
```bash
# Solution: Add target and tools
rustup target add x86_64-unknown-linux-musl
sudo apt-get install -y musl-tools
```
4. **UPX compression fails**
```bash
# Solution: Check UPX version compatibility
upx --version
upx --best --force binary || echo "UPX failed, continuing"
```
## Performance Optimization
### Build Time Reduction
1. **Container layer caching**
2. **Rust dependency caching**
3. **Parallel component builds**
4. **Incremental compilation**
### Resource Usage
```yaml
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Configure build resources
run: |
# Limit parallel jobs based on available cores
export MAKEFLAGS="-j$(nproc)"
export CARGO_BUILD_JOBS="$(nproc)"
View Git Blame Copy Permalink