henrywang
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/container.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/container.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/e2e.yml‎
Lines changed: 144 additions & 7 deletions b/‎.github/workflows/e2e.yml‎
Lines changed: 144 additions & 7 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 19 additions & 4 deletions b/‎CONTRIBUTING.md‎
Lines changed: 19 additions & 4 deletions
diff --git a/‎Containerfile.base‎ ‎Containerfile.fedora‎Containerfile.base renamed to Containerfile.fedora
Lines changed: 2 additions & 2 deletions b/‎Containerfile.base‎ ‎Containerfile.fedora‎Containerfile.base renamed to Containerfile.fedora
Lines changed: 2 additions & 2 deletions
@@ -2,7 +2,9 @@ name: CI
 
 on:
   push:
+    branches: [main]
   pull_request:
+    branches: [main]
 
 env:
   CARGO_TERM_COLOR: always
 
@@ -31,7 +31,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          file: Containerfile.base
+          file: Containerfile.fedora
           target: grub
           push: true
           tags: ghcr.io/${{ github.repository_owner }}/composefs-os:fedora-44
@@ -42,7 +42,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          file: Containerfile.base
+          file: Containerfile.fedora
           target: uki
           push: true
           tags: ghcr.io/${{ github.repository_owner }}/composefs-os:fedora-44-uki
@@ -53,7 +53,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          file: Containerfile.base
+          file: Containerfile.fedora
           target: uki-secureboot
           push: true
           tags: ghcr.io/${{ github.repository_owner }}/composefs-os:fedora-44-uki-sb
 
@@ -4,9 +4,10 @@ on:
   push:
     branches: [main]
   pull_request:
+    branches: [main]
 
 jobs:
-  e2e:
+  e2e-fedora:
     runs-on: ubuntu-latest
 
     steps:
@@ -21,22 +22,28 @@ jobs:
 
       - name: Install dependencies
         run: |
+          # noble's buildah 1.33 does not support COPY <<heredoc inline-file
+          # syntax; plucky has buildah 1.38+ and podman 5.x which do.
+          # crun is also pulled from plucky because podman 5.x requires a
+          # newer crun than noble provides.
+          echo 'deb http://archive.ubuntu.com/ubuntu plucky main universe' \
+            | sudo tee /etc/apt/sources.list.d/plucky.list
           sudo apt-get update -q
           sudo apt-get install -y -q \
-            just qemu-system-x86 ovmf podman skopeo python3-pexpect \
-            python3-virt-firmware
+            just qemu-system-x86 ovmf python3-pexpect python3-virt-firmware
+          sudo apt-get install -y -q -t plucky podman buildah skopeo crun
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      # Build the base image from source (covers PRs that change Containerfile.base
+      # Build the base image from source (covers PRs that change Containerfile.fedora
       # or the Rust code compiled inside it). Layer cache keeps this fast after
       # the first run.
       - name: Build base image
         uses: docker/build-push-action@v6
         with:
           context: .
-          file: Containerfile.base
+          file: Containerfile.fedora
           target: grub
           push: false
           load: true
@@ -71,7 +78,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          file: Containerfile.base
+          file: Containerfile.fedora
           target: uki
           push: false
           load: true
@@ -100,7 +107,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
-          file: Containerfile.base
+          file: Containerfile.fedora
           target: uki-secureboot
           push: false
           load: true
@@ -134,3 +141,133 @@ jobs:
             disk-uki.raw
             disk-uki-sb.raw
           retention-days: 1
+
+  e2e-ubuntu:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Enable KVM
+        run: |
+          echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \
+            | sudo tee /etc/udev/rules.d/99-kvm4all.rules
+          sudo udevadm control --reload-rules
+          sudo udevadm trigger --name-match=kvm
+
+      - name: Install dependencies
+        run: |
+          # noble's buildah 1.33 does not support COPY <<heredoc inline-file
+          # syntax; plucky has buildah 1.38+ and podman 5.x which do.
+          # crun is also pulled from plucky because podman 5.x requires a
+          # newer crun than noble provides.
+          echo 'deb http://archive.ubuntu.com/ubuntu plucky main universe' \
+            | sudo tee /etc/apt/sources.list.d/plucky.list
+          sudo apt-get update -q
+          sudo apt-get install -y -q \
+            just qemu-system-x86 ovmf python3-pexpect python3-virt-firmware
+          sudo apt-get install -y -q -t plucky podman buildah skopeo crun
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Ubuntu base image (GRUB)
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Containerfile.ubuntu
+          target: grub
+          push: false
+          load: true
+          tags: composefs-os:ubuntu-26.04
+          cache-from: type=gha,scope=ubuntu
+          cache-to: type=gha,mode=max,scope=ubuntu
+
+      - name: Load Ubuntu base image into podman
+        run: |
+          sudo skopeo copy \
+            docker-daemon:composefs-os:ubuntu-26.04 \
+            containers-storage:localhost/composefs-os:ubuntu-26.04
+
+      - name: Build Ubuntu test image
+        run: sudo just build-example-ubuntu localhost/composefs-os:ubuntu-26.04
+
+      - name: Install to disk image (Ubuntu GRUB)
+        run: just install-disk composefs-os-ubuntu-test:latest disk-ubuntu.raw 5G
+
+      - name: Run e2e tests (Ubuntu GRUB)
+        run: just e2e disk-ubuntu.raw
+
+      - name: Install to disk image (Ubuntu GRUB + Secure Boot)
+        run: just install-disk-secureboot composefs-os-ubuntu-test:latest disk-ubuntu-sb.raw 5G
+
+      - name: Run e2e tests (Ubuntu GRUB + Secure Boot)
+        run: just e2e-secureboot disk-ubuntu-sb.raw
+
+      - name: Build Ubuntu UKI base image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Containerfile.ubuntu
+          target: uki
+          push: false
+          load: true
+          tags: composefs-os:ubuntu-26.04-uki
+          cache-from: type=gha,scope=ubuntu
+          cache-to: type=gha,mode=max,scope=ubuntu
+
+      - name: Load Ubuntu UKI base image into podman
+        run: |
+          sudo skopeo copy \
+            docker-daemon:composefs-os:ubuntu-26.04-uki \
+            containers-storage:localhost/composefs-os:ubuntu-26.04-uki
+
+      - name: Build Ubuntu UKI test image
+        run: sudo just build-example-ubuntu-uki localhost/composefs-os:ubuntu-26.04-uki
+
+      - name: Install to disk image (Ubuntu UKI)
+        run: just install-disk-uki composefs-os-ubuntu-uki-test:latest disk-ubuntu-uki.raw 5G
+
+      - name: Run e2e tests (Ubuntu UKI)
+        run: |
+          OVMF_VARS=$(find /usr/share -name 'OVMF_VARS.fd' ! -name '*.secboot*' ! -name '*.ms.*' | head -1)
+          just e2e-uki disk-ubuntu-uki.raw "$OVMF_VARS"
+
+      - name: Build Ubuntu UKI+SB base image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Containerfile.ubuntu
+          target: uki-secureboot
+          push: false
+          load: true
+          tags: composefs-os:ubuntu-26.04-uki-sb
+          cache-from: type=gha,scope=ubuntu
+          cache-to: type=gha,mode=max,scope=ubuntu
+
+      - name: Load Ubuntu UKI+SB base image into podman
+        run: |
+          sudo skopeo copy \
+            docker-daemon:composefs-os:ubuntu-26.04-uki-sb \
+            containers-storage:localhost/composefs-os:ubuntu-26.04-uki-sb
+
+      - name: Build Ubuntu UKI+SB test image
+        run: sudo just build-example-ubuntu-uki-secureboot localhost/composefs-os:ubuntu-26.04-uki-sb
+
+      - name: Install to disk image (Ubuntu UKI+SB)
+        run: just install-disk-uki-secureboot composefs-os-ubuntu-uki-sb-test:latest disk-ubuntu-uki-sb.raw 5G
+
+      - name: Run e2e tests (Ubuntu UKI+SB)
+        run: just e2e-uki-secureboot disk-ubuntu-uki-sb.raw
+
+      - name: Upload Ubuntu disk images on failure
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: disk-ubuntu-raw
+          path: |
+            disk-ubuntu.raw
+            disk-ubuntu-sb.raw
+            disk-ubuntu-uki.raw
+            disk-ubuntu-uki-sb.raw
+          retention-days: 1
@@ -18,13 +18,22 @@ just fmt      # reformat source
 ## Building container images
 
 ```sh
-# Base images (slow — runs dnf + dracut inside the container)
+# Fedora base images (slow — runs dnf + dracut inside the container)
 just build-base       # GRUB/shim boot
 just build-base-uki   # systemd-boot + UKI
 
-# Example images layered on top (fast)
+# Fedora example images layered on top (fast)
 just build-example        # GRUB example  →  composefs-os-test:latest
 just build-example-uki    # UKI example   →  composefs-os-uki-test:latest
+
+# Ubuntu base images (slow — runs apt + dracut inside the container)
+just build-base-ubuntu              # GRUB
+just build-base-ubuntu-uki          # systemd-boot + UKI
+just build-base-ubuntu-uki-secureboot  # UKI + Secure Boot
+
+# Ubuntu example images layered on top (fast)
+just build-example-ubuntu        # GRUB example  →  composefs-os-ubuntu-test:latest
+just build-example-ubuntu-uki    # UKI example   →  composefs-os-ubuntu-uki-test:latest
 ```
 
 Custom images follow the same pattern — no `FROM scratch` or layout step needed:
@@ -42,12 +51,12 @@ CMD ["/sbin/init"]
 Pass `-v /dev:/dev` for physical disk installs; not needed for the loopback images below.
 
 ```sh
-# Create disk images (requires sudo)
+# Create disk images (requires sudo) — Fedora
 just install-disk              # GRUB           →  disk.raw
 just install-disk-secureboot   # Secure Boot    →  disk-sb.raw
 just install-disk-uki          # UKI            →  disk-uki.raw
 
-# Run e2e tests against those images
+# Run e2e tests against those images — Fedora
 just e2e                       # GRUB tests
 just e2e-secureboot            # Secure Boot tests
 just e2e-uki                   # UKI tests
@@ -56,9 +65,15 @@ just e2e-uki                   # UKI tests
 Or use the all-in-one recipes that build, install, and test in one shot:
 
 ```sh
+# Fedora
 just ci-grub        # GRUB end-to-end
 just ci-secureboot  # Secure Boot end-to-end
 just ci-uki         # UKI end-to-end
+
+# Ubuntu
+just ci-ubuntu-grub           # GRUB end-to-end
+just ci-ubuntu-uki            # UKI end-to-end
+just ci-ubuntu-uki-secureboot # UKI + Secure Boot end-to-end
 ```
 
 ## Pull Requests
 
@@ -5,8 +5,8 @@
 #   --target uki   systemd-boot + UKI (BLS Type 2, cmdline embedded at build time)
 #
 # Build:
-#   podman build -t composefs-os:fedora-44       -f Containerfile.base .          # GRUB
-#   podman build -t composefs-os:fedora-44-uki   --target uki -f Containerfile.base .
+#   podman build -t composefs-os:fedora-44       -f Containerfile.fedora .          # GRUB
+#   podman build -t composefs-os:fedora-44-uki   --target uki -f Containerfile.fedora .
 
 # ---------------------------------------------------------------------------
 # Stage 0a: Build cbootc