feat: Use custom container for package builds

This creates a container image with dependencies already installed. It is published to ghcr.io/t2linux/fedora-kernel-build.

Merges #9

.github/workflows/build-container.yml

@@ -0,0 +1,42 @@
+name: Create build container
+on:
+  push:
+    paths:
+      - Containerfile
+
+jobs:
+  build-container:
+    name: Build container image
+    runs-on: ubuntu-latest
+    env:
+      IMAGE_NAME: fedora-kernel-build
+      REGISTRY: ghcr.io
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Build container image
+        id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.IMAGE_NAME }}
+          tags: latest ${{ github.sha }} 38
+          containerfiles: |
+            ./Containerfile
+
+      - name: Log in to ghcr.io
+        if: github.ref == 'refs/heads/main'
+        uses: redhat-actions/podman-login@v1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: t2linux
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push to ghcr.io
+        if: github.ref == 'refs/heads/main'
+        id: push-to-ghcr
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: ${{ env.REGISTRY }}

.github/workflows/build.yml

@@ -33,7 +33,8 @@ jobs:
           docker run -t --privileged \
           -v "$PWD":/repo \
           -e PACKAGE \
-          fedora:38 /bin/bash -c "/repo/build-packages.sh"
+          ghcr.io/t2linux/fedora-kernel-build:latest \
+          /repo/build-packages.sh
         env:
           PACKAGE: ${{ matrix.package }}
 
@@ -70,7 +71,8 @@ jobs:
           docker run -t \
             -v $PWD:/repo \
             -e RPM_SIGNING_PRIVATE_KEY_B64 \
-            fedora:38 /bin/bash -c "/repo/sign-packages.sh"
+            ghcr.io/t2linux/fedora-kernel-build:latest \
+            /repo/sign-packages.sh
         env:
           RPM_SIGNING_PRIVATE_KEY_B64: ${{ secrets.RPM_SIGNING_PRIVATE_KEY_B64 }}
 

Containerfile

@@ -0,0 +1,12 @@
+FROM fedora:38
+SHELL ["/usr/bin/env", "bash", "-c"]
+RUN dnf install -y koji git rpmdevtools rpm-sign mock ccache zstd && \
+    dnf clean all && \
+    echo "\
+    config_opts['plugin_conf']['package_state_enable'] = False \n\
+    config_opts['macros']['_smp_mflags'] = '-j8' \n\
+    config_opts['plugin_conf']['ccache_opts']['compress'] = True \n\
+    config_opts['plugin_conf']['root_cache_opts']['compress_program'] = 'zstd' \n\
+    config_opts['plugin_conf']['root_cache_opts']['extension'] = '.zst' \n\
+    config_opts['plugin_conf']['hw_info_enable'] = False\n" > /etc/mock/site-defaults.cfg
+WORKDIR /repo

build-packages.sh

@@ -1,17 +1,6 @@
 #!/usr/bin/bash
 source /repo/util.sh
 
-# Install dependencies
-dnf install -y --quiet koji git curl pesign rpmdevtools rpm-sign rpm-build mock zstd
-
-# Optimize mock
-echo 'config_opts["plugin_conf"]["package_state_enable"] = False
-config_opts["macros"]["%_smp_mflags"] = "-j8"
-config_opts["plugin_conf"]["ccache_opts"]["compress"] = True
-config_opts["plugin_conf"]["root_cache_opts"]["compress_program"] = "zstd"
-config_opts["plugin_conf"]["root_cache_opts"]["extension"] = ".zst"
-config_opts["plugin_conf"]["hw_info_enable"] = False' > /etc/mock/site-defaults.cfg
-
 cd /repo
 
 if [ "$PACKAGE" == "kernel" ]; then

sign-packages.sh

@@ -1,6 +1,5 @@
 #!/usr/bin/bash
 source /repo/util.sh
-dnf install --quiet -y rpm-sign rpmdevtools
 
 cd /repo/_output
 sign_packages $RPM_SIGNING_PRIVATE_KEY_B64 "T2Linux Fedora"