Skip to content

Commit 96b8f46

Browse files
Merge pull request #149 from eduolivares/TOBIKO-142
Add "Build Customized Advanced Image for Tobiko" workflow
2 parents b731a95 + f8ab032 commit 96b8f46

4 files changed

Lines changed: 163 additions & 0 deletions

File tree

Lines changed: 120 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,120 @@
1+
name: Build Customized Advanced Image for Tobiko
2+
3+
on:
4+
# Allows you to run this workflow manually from the Actions tab
5+
workflow_dispatch:
6+
inputs:
7+
fedora_version:
8+
description: 'Fedora version (e.g., 42-1.1)'
9+
required: true
10+
default: '42-1.1'
11+
release_tag:
12+
description: 'Release tag (e.g., v1.0.0)'
13+
required: true
14+
customize_args:
15+
description: 'Space-separated arguments for virt-customize'
16+
required: true
17+
default: >-
18+
--copy-in /tmp/config:/etc/selinux
19+
--firstboot-command
20+
'nmcli connection add type vlan con-name vlan101 ifname vlan101 vlan.parent ens3 vlan.id 101 ipv6.addr-gen-mode default-or-eui64;
21+
nmcli connection add type vlan con-name vlan101 ifname vlan101 vlan.parent eth0 vlan.id 101 ipv6.addr-gen-mode default-or-eui64;
22+
nmcli connection add type vlan con-name vlan101 ifname vlan101 vlan.parent enp3s0 vlan.id 101 ipv6.addr-gen-mode default-or-eui64'
23+
--install iperf3,iputils,nmap,nmap-ncat,nginx
24+
--copy-in /tmp/nginx_id.conf:/etc/nginx/conf.d
25+
--run-command 'systemctl enable nginx'
26+
--copy-in /tmp/iperf3-server.service:/etc/systemd/system
27+
--run-command 'systemctl enable iperf3-server'
28+
--root-password password:tobiko
29+
--selinux-relabel
30+
31+
jobs:
32+
build-image:
33+
# TODO(eduolivares): the virt-customize command fails with ubuntu-24.04/ubuntu-latest
34+
runs-on: ubuntu-22.04
35+
36+
# Permission needed to create a release and upload assets
37+
permissions:
38+
contents: write
39+
40+
env:
41+
# Set image file names based on inputs
42+
IMAGE_FILE_BASE: Fedora-Cloud-Base-Generic-${{ inputs.fedora_version }}.x86_64
43+
44+
# Define our custom output image name
45+
CUSTOM_IMAGE_FILE: tobiko-custom-${{ inputs.release_tag }}.qcow2
46+
47+
steps:
48+
- name: 1. Checkout Repository
49+
uses: actions/checkout@v4
50+
51+
- name: 2. Prepare Config Files
52+
run: |
53+
# Copy config files from the repository to /tmp for virt-customize
54+
cp artifacts/tobiko-images/conf/selinux-config /tmp/config
55+
cp artifacts/tobiko-images/conf/nginx_id.conf /tmp/nginx_id.conf
56+
cp artifacts/tobiko-images/conf/iperf3-server.service /tmp/iperf3-server.service
57+
echo "Config files copied to /tmp"
58+
59+
- name: 3. Extract Fedora Major Version and Construct URL
60+
id: setup
61+
run: |
62+
# Extract major version from fedora_version (e.g., "42" from "42-1.1")
63+
MAJOR_VERSION=$(echo "${{ inputs.fedora_version }}" | cut -d'-' -f1)
64+
echo "major_version=$MAJOR_VERSION" >> $GITHUB_OUTPUT
65+
echo "Extracted major version: $MAJOR_VERSION"
66+
67+
# Construct the download URL
68+
IMAGE_URL="https://download.fedoraproject.org/pub/fedora/linux/releases/${MAJOR_VERSION}/Cloud/x86_64/images/${{ env.IMAGE_FILE_BASE }}.qcow2"
69+
echo "image_url=$IMAGE_URL" >> $GITHUB_OUTPUT
70+
echo "Download URL: $IMAGE_URL"
71+
72+
- name: 4. Install Dependencies
73+
run: |
74+
echo "Installing libguestfs-tools (for virt-customize) and wget"
75+
sudo apt-get update
76+
sudo apt-get install -y libguestfs-tools wget
77+
78+
- name: 5. Download Base Fedora Image
79+
run: |
80+
echo "Downloading from ${{ steps.setup.outputs.image_url }}"
81+
wget -O ${{ env.IMAGE_FILE_BASE }}.qcow2 ${{ steps.setup.outputs.image_url }}
82+
83+
- name: 6. Rename and Customize Image
84+
run: |
85+
# Copy the downloaded image to /tmp and give it our custom name
86+
sudo cp ${{ env.IMAGE_FILE_BASE }}.qcow2 /tmp/${{ env.CUSTOM_IMAGE_FILE }}
87+
88+
echo "Running virt-customize with args: ${{ inputs.customize_args }}"
89+
90+
# virt-customize modifies the image file in-place
91+
# The shell will correctly parse the space-separated arguments from the input
92+
sudo LIBGUESTFS_BACKEND=direct virt-customize -a /tmp/${{ env.CUSTOM_IMAGE_FILE }} ${{ inputs.customize_args }}
93+
94+
# Move the customized image back to the working directory
95+
sudo mv /tmp/${{ env.CUSTOM_IMAGE_FILE }} ${{ env.CUSTOM_IMAGE_FILE }}
96+
97+
# Change ownership back to the runner user so the file can be read
98+
echo "Resetting file ownership..."
99+
sudo chown $(whoami):$(whoami) ${{ env.CUSTOM_IMAGE_FILE }}
100+
101+
- name: 7. Create GitHub Release and Upload Artifact
102+
uses: softprops/action-gh-release@v2
103+
with:
104+
# This is the tag you provided as input
105+
tag_name: ${{ inputs.release_tag }}
106+
107+
# Title for the release
108+
name: "Custom Tobiko ${{ inputs.release_tag }} Image"
109+
110+
# Release description
111+
body: |
112+
Customized Tobiko ${{ inputs.release_tag }} image built by GitHub Actions.
113+
114+
**Customizations:**
115+
```
116+
${{ inputs.customize_args }}
117+
```
118+
119+
# The file(s) to upload
120+
files: ${{ env.CUSTOM_IMAGE_FILE }}
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
[Unit]
2+
Description=iperf3 server on port 5201
3+
After=syslog.target network.target
4+
5+
[Service]
6+
ExecStart=/usr/bin/iperf3 -s -p 5201
7+
Restart=always
8+
User=root
9+
10+
[Install]
11+
WantedBy=multi-user.target
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
server{
2+
listen 80;
3+
listen [::]:80;
4+
location /id { add_header Content-Type text/plain; return 200 '$hostname';}
5+
}
Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
2+
# This file controls the state of SELinux on the system.
3+
# SELINUX= can take one of these three values:
4+
# enforcing - SELinux security policy is enforced.
5+
# permissive - SELinux prints warnings instead of enforcing.
6+
# disabled - No SELinux policy is loaded.
7+
# See also:
8+
# https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/#getting-started-with-selinux-selinux-states-and-modes
9+
#
10+
# NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also
11+
# fully disable SELinux during boot. If you need a system with SELinux
12+
# fully disabled instead of SELinux running with no policy loaded, you
13+
# need to pass selinux=0 to the kernel command line. You can use grubby
14+
# to persistently set the bootloader to boot with selinux=0:
15+
#
16+
# grubby --update-kernel ALL --args selinux=0
17+
#
18+
# To revert back to SELinux enabled:
19+
#
20+
# grubby --update-kernel ALL --remove-args selinux
21+
#
22+
SELINUX=permissive
23+
# SELINUXTYPE= can take one of these three values:
24+
# targeted - Targeted processes are protected,
25+
# minimum - Modification of targeted policy. Only selected processes are protected.
26+
# mls - Multi Level Security protection.
27+
SELINUXTYPE=targeted

0 commit comments

Comments
 (0)