ci: update debian+nix; no nix channel update; fix config perms #29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| paths: | |
| - '.github/workflows/vm-image.yml' | |
| - 'bubbles-agent/**' | |
| jobs: | |
| build-agent: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5.0.0 | |
| - run: | | |
| cd bubbles-agent | |
| cargo build --release | |
| - name: 'Upload Artifact' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bubbles-agent | |
| path: bubbles-agent/target/release/bubbles-agent | |
| retention-days: 1 | |
| build-sommelier: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5.0.0 | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y meson libgbm-dev libpixman-1-dev \ | |
| libwayland-client++1 libwayland-client-extra++1 \ | |
| wayland-utils libxcb-composite0-dev libxcb-shape0-dev \ | |
| libxkbcommon-dev wayland-scanner++ wayland-protocols \ | |
| libwayland-bin python3-jinja2 libgbm1 libpixman-1-0 \ | |
| libwayland-client0 libxcb-composite0 libxcb-shape0 \ | |
| libxkbcommon0 cmake build-essential pkgconf libdrm-dev \ | |
| waylandpp-dev libwayland-dev | |
| - name: Build | |
| run: | | |
| git clone --depth=1 https://chromium.googlesource.com/chromiumos/platform2 | |
| cd platform2/vm_tools/sommelier/ | |
| meson setup build -Dwith_tests=false | |
| meson compile -C build | |
| sudo meson install -C build | |
| - name: 'Upload Artifact' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sommelier | |
| path: /usr/local/bin/sommelier | |
| retention-days: 1 | |
| build-vm: | |
| needs: | |
| - build-agent | |
| - build-sommelier | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v5.0.0 | |
| with: | |
| repository: lxc/lxc-ci | |
| ref: 3b85aa3c08e9cef885f31aae3a69f066b6c097d1 | |
| sparse-checkout: | | |
| images/debian.yaml | |
| sparse-checkout-cone-mode: false | |
| path: lxc-ci | |
| - uses: cachix/install-nix-action@v31 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| - run: | | |
| set -ex | |
| sudo apt-get update | |
| sudo apt-get install -y e2fsprogs qemu-utils debootstrap yq | |
| - run: | | |
| cat lxc-ci/images/debian.yaml | yq -y ' | |
| .image = { | |
| "distribution": "debian", | |
| "name": "debian-forky-x86_64", | |
| "release": "forky", | |
| "description": "Debian", | |
| "architecture": "x86_64" | |
| }' | yq -y ' | |
| .packages.sets += [{"action": "install", "packages": [ | |
| "starship", | |
| "git", | |
| "unzip", | |
| "gnome-console", | |
| "libgbm1", | |
| "libpixman-1-0", | |
| "libwayland-client0", | |
| "libxcb-composite0", | |
| "libxcb-shape0", | |
| "libxkbcommon0", | |
| "socat", | |
| "libglib2.0-bin", | |
| "nix-bin" | |
| ]}] | |
| ' | yq -y ' | |
| .files += [ | |
| { | |
| "generator": "copy", | |
| "path": "/etc/skel/.bashrc", | |
| "source": "./bashrc" | |
| }, | |
| { | |
| "generator": "copy", | |
| "path": "/usr/local/bin/", | |
| "source": "./usrlocalbin" | |
| }, | |
| { | |
| "generator": "copy", | |
| "path": "/etc/systemd/system/", | |
| "source": "./etcsystemdsystem" | |
| }, | |
| { | |
| "generator": "copy", | |
| "path": "/etc/systemd/network/", | |
| "source": "./etcsystemdnetwork" | |
| }, | |
| { | |
| "generator": "copy", | |
| "path": "/etc/systemd/user/", | |
| "source": "./etcsystemduser" | |
| }, | |
| { | |
| "generator": "copy", | |
| "path": "/etc/dconf/profile/user", | |
| "source": "./etcdconfprofileuser" | |
| }, | |
| { | |
| "generator": "copy", | |
| "path": "/etc/dconf/db/local.d/01-bubbles", | |
| "source": "./etcdconfdblocald01bubbles" | |
| }, | |
| { | |
| "generator": "copy", | |
| "path": "/opt/post-files.bash", | |
| "source": "./post-files.bash" | |
| }, | |
| { | |
| "generator": "dump", | |
| "path": "/etc/nix/nix.conf", | |
| "content": "sandbox = true\nexperimental-features = nix-command flakes" | |
| } | |
| ] | |
| ' | yq -y ' | |
| .actions += [ | |
| { | |
| "trigger": "post-files", | |
| "action": "#!/bin/bash\nbash /opt/post-files.bash" | |
| } | |
| ] | |
| ' | sed 's/\/dev\/sda/\/dev\/vda/g' > debian.yaml | |
| cat > post-files.bash <<EOF | |
| #!/bin/bash | |
| set -eux | |
| chmod +x /usr/local/bin/* | |
| nix-channel --add https://nixos.org/channels/nixos-25.11 nixpkgs | |
| mkdir -p /etc/skel/.config | |
| starship preset nerd-font-symbols -o /etc/skel/.config/starship.toml | |
| useradd -m -G sudo,render,video,nix-users -s /bin/bash -p "" user | |
| mkdir -p /home/user/.config/systemd/user/default.target.wants | |
| chown -R user: /home/user/.config | |
| ln -s /etc/systemd/user/sommelier.service /home/user/.config/systemd/user/default.target.wants/sommelier.service | |
| systemctl enable bubbles.service | |
| systemctl enable bubbles-proxy.service | |
| systemctl enable firstboot.service | |
| mkdir -p /var/lib/systemd/linger | |
| touch /var/lib/systemd/linger/user | |
| EOF | |
| mkdir etcsystemdsystem etcsystemduser etcsystemdnetwork | |
| cat > etcsystemdsystem/bubbles.service <<EOF | |
| [Unit] | |
| Description=BubblesIntegration | |
| [Service] | |
| ExecStart=/usr/local/bin/bubbles-agent | |
| User=user | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| cat > etcsystemdsystem/firstboot.service <<EOF | |
| [Unit] | |
| Description=FirstBoot | |
| ConditionFirstBoot=yes | |
| After=systemd-firstboot.service | |
| [Service] | |
| Type=oneshot | |
| RemainAfterExit=true | |
| ExecStart=/bin/bash -c 'ls /usr/local/share/fonts/README.md || (cd /usr/local/share/fonts && curl -sSL -O https://github.com/ryanoasis/nerd-fonts/releases/download/v3.3.0/FiraCode.zip && unzip FiraCode.zip && rm FiraCode.zip)' | |
| [Install] | |
| WantedBy=default.target | |
| EOF | |
| cat > etcsystemdsystem/bubbles-proxy.service <<EOF | |
| [Unit] | |
| Description=BubblesIntegrationProxy | |
| After=firstboot.service | |
| [Service] | |
| ExecStart=/usr/bin/socat VSOCK-LISTEN:11111,fork TCP4-CONNECT:127.0.0.1:3000 | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| cat > etcsystemduser/sommelier.service <<EOF | |
| [Unit] | |
| Description=Sommelier | |
| [Service] | |
| ExecStart=/usr/local/bin/sommelier --parent --virtgpu-channel | |
| [Install] | |
| WantedBy=default.target | |
| EOF | |
| cat > etcsystemdnetwork/enp0s7.network <<EOF | |
| [Match] | |
| Name=enp0s7 | |
| [Network] | |
| DHCP=true | |
| [DHCPv4] | |
| UseDomains=true | |
| UseMTU=true | |
| [DHCP] | |
| ClientIdentifier=mac | |
| EOF | |
| cat > etcdconfprofileuser <<EOF | |
| user-db:user | |
| system-db:local | |
| EOF | |
| cat > etcdconfdblocald01bubbles <<EOF | |
| [org/gnome/Console] | |
| use-system-font=true | |
| shell="['/usr/bin/bash', '-l']" | |
| [org/gnome/desktop/interface] | |
| monospace-font-name='FiraCode Nerd Font Mono' | |
| EOF | |
| cat > bashrc <<EOF | |
| eval "\$(starship init bash)" | |
| export NIX_SHELL_PRESERVE_PROMPT=true | |
| . /etc/bash_completion | |
| EOF | |
| - name: Download bubbles-agent and sommelier | |
| uses: actions/download-artifact@v5 | |
| with: | |
| path: usrlocalbin | |
| merge-multiple: true | |
| - run: | | |
| nix-shell -p distrobuilder --command 'ln -s $(which distrobuilder) distrobuilder' | |
| nix-shell -p oras --command 'ln -s $(which oras) oras' | |
| ls -lR usrlocalbin | |
| sudo ./distrobuilder build-incus ./debian.yaml debian-output --vm | |
| ls -lR debian-output | |
| cd debian-output | |
| docker run -v $PWD:/disk debian:trixie sh -c ' | |
| set -e | |
| apt-get update | |
| apt-get install -y guestfs-tools oras | |
| cd /disk | |
| virt-get-kernel -a disk.qcow2 | |
| mv vmlinuz* vmlinuz | |
| mv initrd.img* initrd.img | |
| ' | |
| - env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| echo -n "$GITHUB_TOKEN" | ./oras login -u ${{ github.actor }} --password-stdin ghcr.io | |
| cd debian-output | |
| ../oras push ghcr.io/${{ github.repository }}/vm-image:${{ github.sha }} vmlinuz:application/vnd.bubbles.img.v1 initrd.img:application/vnd.bubbles.img.v1 disk.qcow2:application/vnd.bubbles.img.v1 |