added build flavor without test steps

.github/workflows/build.yml

@@ -0,0 +1,209 @@
+name: build
+on:
+  workflow_call:
+    inputs:
+      version:
+        description: "Garden Linux version"
+        type: string
+        default: today
+      target:
+        type: string
+        default: dev
+      flavors_parse_params_test:
+        description: "Run bin/parse_flavors.py with these parameters"
+        default: '--exclude "bare-*" --no-arch --json-by-arch --build --test'
+        type: string
+      flavors_matrix:
+        description: "Already generated GitHub workflow flavors matrix"
+        type: string
+      platform_test_tag:
+        description: 'Tag to run platform-test containers. "latest" or GL version. Tag must be available in `ghcr.io/gardenlinux/gardenlinux/platform-test-*`'
+        type: string
+        default: latest
+      platform_test_build:
+        description: "Run platform-test image build."
+        type: boolean
+        default: true
+      flavors_parse_params_test_bare:
+        description: "Run bin/parse_flavors.py with these parameters for bare flavors"
+        default: '--include-only "bare-*" --no-arch --json-by-arch --build --test'
+        type: string
+      fail_fast:
+        description: "Cancel workflow run on first error"
+        type: boolean
+        default: false
+    secrets:
+      aws_region:
+        required: false
+      aws_kms_role:
+        required: false
+      aws_oidc_session:
+        required: false
+      secureboot_db_kms_arn:
+        required: false
+    outputs:
+      flavors_matrix:
+        value: ${{ jobs.flavors_matrix.outputs.matrix }}
+      version:
+        value: ${{ jobs.requirements.outputs.version }}
+      bare_flavors_matrix:
+        value: ${{ jobs.bare_flavors_matrix.outputs.matrix }}
+
+jobs:
+  requirements:
+    name: Prepare build requirements
+    uses: gardenlinux/gardenlinux/.github/workflows/build_requirements.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068
+    with:
+      version: ${{ inputs.version == '' && 'now' || inputs.version }}
+      target: ${{ inputs.target }}
+    permissions:
+      actions: write
+
+  bootstrap:
+    needs: requirements
+    name: Bootstrap build
+    uses: gardenlinux/gardenlinux/.github/workflows/build_bootstrap.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068
+    with:
+      commit_id: ${{ needs.requirements.outputs.commit_id }}
+      version: ${{ needs.requirements.outputs.version }}
+    permissions:
+      actions: write
+
+  flavors_matrix:
+    name: Generate flavors matrix to build
+    uses: gardenlinux/gardenlinux/.github/workflows/build_flavors_matrix.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068
+    with:
+      flags: ${{ inputs.flavors_parse_params_test }}
+      flavors_matrix: ${{ inputs.flavors_matrix }}
+
+  flavors:
+    needs: [bootstrap, flavors_matrix, requirements]
+    name: Build flavors
+    runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
+    strategy:
+      matrix: ${{ fromJson(needs.flavors_matrix.outputs.matrix ) }}
+      fail-fast: ${{ inputs.fail_fast }}
+    permissions:
+      id-token: write
+      actions: write
+    env:
+      CNAME: ''
+      USE_KMS: ${{ needs.requirements.outputs.signing_env == '' && 'false' || 'true' }}
+    environment: ${{ needs.requirements.outputs.signing_env }}
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0
+        with:
+          submodules: true
+
+      - name: Install python-gardenlinux-lib
+        uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@02879bd567ed39b5610332afcc6e46197073db0c # pin@0.10.0
+
+      - name: Set build reference
+        run: |
+          echo "${{ needs.requirements.outputs.commit_id }}" | tee COMMIT
+          echo "${{ needs.requirements.outputs.version }}" | tee VERSION
+
+      - name: Load bootstrap stage cache
+        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # pin@v4.3.0
+        with:
+          path: .build
+          key: base-${{ matrix.arch }}-${{ github.run_id }}
+          fail-on-cache-miss: true
+
+      - name: Load certs artifact
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # pin@v5.0.0
+        with:
+          name: certs
+          path: cert/
+
+      - name: Configure aws credentials for kms signing
+        id: aws_auth
+        if: ${{ env.USE_KMS == 'true' }}
+        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # pin@v4
+        with:
+          role-to-assume: ${{ secrets.aws_kms_role }}
+          role-session-name: ${{ secrets.aws_oidc_session }}
+          aws-region: ${{ secrets.aws_region }}
+          role-duration-seconds: 14400
+
+      - name: Write secureboot db arn for kms backed certificates
+        if: ${{ steps.aws_auth.conclusion == 'success' }}
+        run: echo "${{ secrets.secureboot_db_kms_arn }}" > cert/secureboot.db.arn
+
+      - name: Update bootstrap stage build artifact timestamps
+        run: |
+          t="$(date '+%s')"
+          find ./.build -exec touch -d "@$t" {} +
+
+      - name: Build
+        run: |
+          cp ./flavors.yaml ./gardenlinux/flavors.yaml
+          make ${{ matrix.flavor }}-${{ matrix.arch }}-build
+
+      - name: Determine CNAME
+        id: cname
+        uses: gardenlinux/python-gardenlinux-lib/.github/actions/features_parse@02879bd567ed39b5610332afcc6e46197073db0c # pin@0.10.0
+        with:
+          flags: --cname ${{ matrix.flavor }}-${{ matrix.arch }} cname
+
+      - name: Set CNAME
+        run: |
+          echo "CNAME=${{ steps.cname.outputs.result }}" | tee -a "$GITHUB_ENV"
+
+      - uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # pin@v4.3.0
+        with:
+          path: |
+            COMMIT
+            VERSION
+          key: build-${{ matrix.flavor }}-${{ matrix.arch }}-${{ github.run_id }}
+
+  kmodbuild_container:
+    needs: [flavors, requirements]
+    name: Build kernel module build dev container
+    uses: gardenlinux/gardenlinux/.github/workflows/build_kmodbuild_container.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068
+    with:
+      version: ${{ needs.requirements.outputs.version }}
+    permissions:
+      actions: write
+
+  bare_flavors_matrix:
+    name: Generate bare flavors matrix to build
+    uses: gardenlinux/gardenlinux/.github/workflows/build_flavors_matrix.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068
+    with:
+      flags: ${{ inputs.flavors_parse_params_test_bare }}
+
+  bare_flavors:
+    needs: [bootstrap, bare_flavors_matrix, requirements]
+    name: Build bare flavors
+    uses: gardenlinux/gardenlinux/.github/workflows/build_bare_flavor.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068
+    strategy:
+      matrix: ${{ fromJson(needs.bare_flavors_matrix.outputs.matrix) }}
+      fail-fast: ${{ inputs.fail_fast }}
+    with:
+      arch: ${{ matrix.arch }}
+      bare_flavor: ${{ matrix.flavor }}
+      commit_id: ${{ needs.requirements.outputs.commit_id }}
+      version: ${{ needs.requirements.outputs.version }}
+    secrets: inherit
+    permissions:
+      actions: write
+
+  upload_flavor_version_data:
+    needs: [requirements, flavors]
+    name: Store flavor version data
+    runs-on: ubuntu-24.04
+    permissions:
+      actions: write
+    steps:
+      - name: Store data in JSON file
+        run: |
+          jq -r -n '{
+            "commit_id": "${{ needs.requirements.outputs.commit_id }}",
+            "version": "${{ needs.requirements.outputs.version }}",
+            "target": "${{ needs.requirements.outputs.target }}"
+          }' '.' > flavor_version_data.json
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # pin@v4.6.2
+        with:
+          name: flavor-version-data
+          path: flavor_version_data.json
+          if-no-files-found: error

.github/workflows/dev.yml

@@ -26,7 +26,7 @@ jobs:
         run: echo "VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT
   build:
     needs: [set_version]
-    uses: gardenlinux/gardenlinux/.github/workflows/build.yml@c1a1f112762be72b7f154ec931dfe4c57b4d2d44
+    uses: ./.github/workflows/build.yml
     with:
       version: ${{ needs.set_version.outputs.VERSION }}
       # to set target to "release" or "nightly" we need proper KMS secrets

.github/workflows/nightly.yaml

@@ -19,7 +19,7 @@ jobs:
           submodules: recursive
   build:
     needs: [checkout]
-    uses: gardenlinux/gardenlinux/.github/workflows/build.yml@c1a1f112762be72b7f154ec931dfe4c57b4d2d44
+    uses: ./.github/workflows/build.yml
     with:
       version: ${{ inputs.version || 'now' }}
       # to set target to "release" or "nightly" we need proper KMS secrets