staged-images: Add chunkah-staged bootc base image builds#152
staged-images: Add chunkah-staged bootc base image builds#152cgwalters merged 1 commit intobootc-dev:mainfrom
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a workflow for rechunking bootc base images using the chunkah tool and updates the Renovate configuration to support container image digest pinning in YAML files. Feedback highlights several architectural concerns in the new Containerfile, including the use of non-portable Podman-specific features like oci-archive, the lack of reproducibility due to using the :latest tag for build tools, and a dependency on external, gitignored configuration files. Additionally, a more robust regex for the Renovate custom manager was suggested to better handle varied YAML syntax and optional parameters.
cgwalters
force-pushed
the
chunkah-images
branch
2 times, most recently
from
480b425 to
b72ffb8
Compare
cgwalters
force-pushed
the
chunkah-images
branch
from
b72ffb8 to
054bd9d
Compare
cgwalters
force-pushed
the
chunkah-images
branch
2 times, most recently
from
fb627b8 to
26f83c1
Compare
staged-images/sources.py
Outdated
| @@ -0,0 +1,164 @@ | |||
| #!/usr/bin/env python3 | |||
| """Query staged image source configuration. | |||
There was a problem hiding this comment.
This is all obviously a bit complicated, will think about how we can extract/unify this type of stuff a bit more.
Add infrastructure to build rechunked bootc base images using
chunkah. These 'staged' images mirror upstream fedora-bootc and
centos-bootc, strip /sysroot (ostree data), and rechunk with
content-based layers for optimal layer reuse across updates.
Source image digests live in sources.json, with a Renovate custom
regex manager to bump them automatically. The Justfile reads
sources.json via jq for lookups and GHA matrix generation.
Local usage:
just staged-images/list
just staged-images/build fedora-bootc-44
The CI workflow has three phases:
mirror — skopeo copy --all from quay.io to GHCR so we own
the copies (upstream deletes old manifests).
build — per-arch (amd64 + arm64) chunkah builds on native
runners, pushed by digest with per-arch tags to
avoid collisions.
manifest — assemble per-arch digests into multi-arch manifest
lists using bootc-dev/actions/create-manifest.
Target images:
- ghcr.io/bootc-dev/fedora-bootc-staged:43
- ghcr.io/bootc-dev/fedora-bootc-staged:44
- ghcr.io/bootc-dev/centos-bootc-staged:stream9
- ghcr.io/bootc-dev/centos-bootc-staged:stream10
Closes: bootc-dev#151
Assisted-by: OpenCode (Claude Opus 4)
cgwalters
force-pushed
the
chunkah-images
branch
from
26f83c1 to
d04b339
Compare
henrywang
left a comment
henrywang
left a comment
There was a problem hiding this comment.
Build test passed locally.
2 participants
Add infrastructure to build rechunked bootc base images using chunkah. These 'staged' images mirror upstream fedora-bootc and centos-bootc, strip /sysroot (ostree data), and rechunk with content-based layers for optimal layer reuse across updates.
Source images are pinned by @sha256 digest for reproducibility, with a Renovate custom regex manager to automatically bump digests when upstream tags are updated.
Target images:
Closes: #151
Assisted-by: OpenCode (Claude Opus 4)