feat(ci): fix linux version metadata and make builds more reliable

.github/workflows/reusable-build.yml

@@ -7,7 +7,7 @@ on:
         required: true
         type: string
 env:
-    IMAGE_NAME: akmods
+    IMAGE_BASE_NAME: akmods
     IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
 
 concurrency:
@@ -36,14 +36,7 @@ jobs:
         cfile_suffix:
           - common
           - nvidia
-        nvidia_version:
-          - 0
-          - 550
         exclude:
-          - cfile_suffix: common
-            nvidia_version: 550
-          - cfile_suffix: nvidia
-            nvidia_version: 0
           - kernel_flavor: asus
             fedora_version: 38
           - kernel_flavor: surface
@@ -56,7 +49,6 @@ jobs:
             kernel_flavor: fsync # kernel-fsync packages are not being built for F40 yet.
           - fedora_version: 40
             kernel_flavor: fsync-lts
-
     steps:
       # Checkout push-to-registry action GitHub repository
       - name: Checkout Push to Registry action
@@ -65,26 +57,31 @@ jobs:
       - name: Matrix Variables
         shell: bash
         run: |
+          if [ "common" == "${{ matrix.cfile_suffix }}" ]; then
+              echo "IMAGE_NAME=${{ env.IMAGE_BASE_NAME }}" >> $GITHUB_ENV
+          else
+              echo "IMAGE_NAME=${{ env.IMAGE_BASE_NAME }}-${{ matrix.cfile_suffix }}" >> $GITHUB_ENV
+          fi
           if [[ "${{ matrix.fedora_version }}" -ge "41" ]]; then
               # when we are confident of official fedora images we can switch to them
-              echo "SOURCE_IMAGE=fedora-silverblue" >> $GITHUB_ENV
-              echo "SOURCE_ORG=fedora" >> $GITHUB_ENV
+              export SOURCE_IMAGE=fedora-silverblue
+              export SOURCE_ORG=fedora
           else
-              echo "SOURCE_IMAGE=base" >> $GITHUB_ENV
-              echo "SOURCE_ORG=fedora-ostree-desktops" >> $GITHUB_ENV
+              export SOURCE_IMAGE=base
+              export SOURCE_ORG=fedora-ostree-desktops
           fi
+          echo "FQ_SOURCE_IMAGE=quay.io/${SOURCE_ORG}/${SOURCE_IMAGE}:${{ matrix.fedora_version }}" >> $GITHUB_ENV
+          echo "SOURCE_IMAGE=${SOURCE_IMAGE}" >> $GITHUB_ENV
+          echo "SOURCE_ORG=${SOURCE_ORG}" >> $GITHUB_ENV
+
 
       - name: Generate tags
         id: generate-tags
         shell: bash
         run: |
           # Generate a timestamp for creating an image version history
           TIMESTAMP="$(date +%Y%m%d)"
-          if [[ "${{ matrix.cfile_suffix }}" == "nvidia" ]]; then
-              VARIANT="${{ matrix.kernel_flavor }}-${{ matrix.fedora_version }}-${{ matrix.nvidia_version }}"
-          else
-              VARIANT="${{ matrix.kernel_flavor }}-${{ matrix.fedora_version }}"
-          fi
+          VARIANT="${{ matrix.kernel_flavor }}-${{ matrix.fedora_version }}"
 
           COMMIT_TAGS=()
           BUILD_TAGS=()
@@ -125,69 +122,103 @@ jobs:
           # DEBUG: get character count of key
           wc -c certs/private_key.priv
 
-      - name: Get current version
-        id: labels
+      - name: Pull build image
         uses: Wandalen/[email protected]
         with:
           attempt_limit: 3
           attempt_delay: 15000
           command: |
-            set -eo pipefail
-            skopeo inspect docker://quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }} > inspect.json
-            ver=$(jq -r '.Labels["org.opencontainers.image.version"]' inspect.json)
+            # pull the base image used for FROM in containerfile so
+            # we can retry on that unfortunately common failure case
+            podman pull ${{ env.FQ_SOURCE_IMAGE }}
+
+      - name: Get current version
+        run: |
+          set -eo pipefail
+
+          # skopeo must always run to inspect image labels for build version
+          skopeo inspect docker://${{ env.FQ_SOURCE_IMAGE }} > inspect.json
+          ver=$(jq -r '.Labels["org.opencontainers.image.version"]' inspect.json)
+          if [ -z "$ver" ] || [ "null" = "$ver" ]; then
+            echo "inspected image version must not be empty or null"
+            exit 1
+          fi
+
+          if [ "main" == "${{ matrix.kernel_flavor }}" ]; then
+            # main kernel_flavor: use ostree.linux to determine kernel version
             linux=$(jq -r '.Labels["ostree.linux"]' inspect.json)
-            if [ -z "$ver" ] || [ "null" = "$ver" ]; then
-              echo "inspected image version must not be empty or null"
-              exit 1
-            fi
-            if [ -z "$linux" ] || [ "null" = "$linux" ]; then
-              echo "inspected image linux version must not be empty or null"
-              exit 1
-            fi
-            echo "SOURCE_IMAGE_VERSION=$ver" >> $GITHUB_ENV
-            echo "SOURCE_IMAGE_LINUX=$linux" >> $GITHUB_ENV
+          else
+            # other kernel_flavor: start container use dnf to find kernel version
+            container_name="fq-$(uuidgen)"
+            podman run --entrypoint /bin/bash --name "$container_name" -dt "${{ env.FQ_SOURCE_IMAGE }}"
+            podman exec $container_name rpm-ostree install dnf dnf-plugins-core
+
+            # Fetch kernel version
+            dnf="podman exec $container_name dnf"
+            case "${{ matrix.kernel_flavor }}" in
+              "asus")
+                $dnf copr enable -y lukenukem/asus-kernel
+                linux=$($dnf repoquery --repoid copr:copr.fedorainfracloud.org:lukenukem:asus-kernel --whatprovides kernel | tail -n1 | sed 's/.*://')
+                ;;
+              "fsync")
+                $dnf copr enable -y sentry/kernel-fsync
+                linux=$($dnf repoquery --repoid copr:copr.fedorainfracloud.org:sentry:kernel-fsync --whatprovides kernel | tail -n1 | sed 's/.*://')
+                ;;
+              "fsync-lts")
+                $dnf copr enable -y sentry/kernel-ba
+                linux=$($dnf repoquery --repoid copr:copr.fedorainfracloud.org:sentry:kernel-ba --whatprovides kernel | tail -n1 | sed 's/.*://')
+                ;;
+              "main")
+                linux=$($dnf repoquery --whatprovides kernel | tail -n1 | sed 's/.*://')
+                ;;
+              "surface")
+                $dnf config-manager --add-repo=https://pkg.surfacelinux.com/fedora/linux-surface.repo
+                linux=$($dnf repoquery --repoid linux-surface --whatprovides kernel-surface | tail -n1 | sed 's/.*://')
+                ;;
+              *)
+                echo "unexpected kernel_flavor '${{ matrix.kernel_flavor }}' for dnf repoquery"
+                ;;
+            esac
+          fi
+
+          if [ -z "$linux" ] || [ "null" = "$linux" ]; then
+            echo "inspected image linux version must not be empty or null"
+            exit 1
+          fi
+          echo "SOURCE_IMAGE_VERSION=$ver" >> $GITHUB_ENV
+          echo "KERNEL_VERSION=$linux" >> $GITHUB_ENV
 
       # Build metadata
       - name: Image Metadata
         uses: docker/metadata-action@v5
         id: meta
         with:
           images: |
-            ${{ 'nvidia' == matrix.cfile_suffix && format('{0}-nvidia', env.IMAGE_NAME) || format('{0}', env.IMAGE_NAME) }}
+            ${{ env.IMAGE_NAME }}
           labels: |
-            org.opencontainers.image.title=${{ env.IMAGE_NAME }}
+            org.opencontainers.image.title=${{ env.IMAGE_BASE_NAME }}
             org.opencontainers.image.description=A caching layer for pre-built akmod RPMs
             org.opencontainers.image.version=${{ env.SOURCE_IMAGE_VERSION }}
-            ostree.linux=${{ env.SOURCE_IMAGE_LINUX }}
+            ostree.linux=${{ env.KERNEL_VERSION }}
             io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
             io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4
 
-      - name: Pull build image
-        uses: Wandalen/[email protected]
-        with:
-          attempt_limit: 3
-          attempt_delay: 15000
-          command: |
-            # pull the base image used for FROM in containerfile so
-            # we can retry on that unfortunately common failure case
-            podman pull quay.io/${{ env.SOURCE_ORG }}/${{ env.SOURCE_IMAGE }}:${{ matrix.fedora_version }}
-
       # Build image using Buildah action
       - name: Build Image
         id: build_image
         uses: redhat-actions/buildah-build@v2
         with:
           containerfiles: |
             ./Containerfile.${{ matrix.cfile_suffix }}
-          image: ${{ 'nvidia' == matrix.cfile_suffix && format('{0}-nvidia', env.IMAGE_NAME) || format('{0}', env.IMAGE_NAME) }}
+          image: ${{ env.IMAGE_NAME }}
           tags: |
             ${{ steps.generate-tags.outputs.alias_tags }}
           build-args: |
             SOURCE_IMAGE=${{ env.SOURCE_IMAGE }}
             SOURCE_ORG=${{ env.SOURCE_ORG }}
             KERNEL_FLAVOR=${{ matrix.kernel_flavor }}
+            KERNEL_VERSION=${{ env.KERNEL_VERSION }}
             FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }}
-            NVIDIA_MAJOR_VERSION=${{ matrix.nvidia_version }}
             RPMFUSION_MIRROR=${{ vars.RPMFUSION_MIRROR }}
           labels: ${{ steps.meta.outputs.labels }}
           oci: false

Containerfile.common

@@ -11,6 +11,7 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}"
 FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS builder
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}"
 ARG KERNEL_FLAVOR="{KERNEL_FLAVOR:-main}"
+ARG KERNEL_VERSION=""
 ARG RPMFUSION_MIRROR=""
 
 COPY build*.sh /tmp

Containerfile.nvidia

@@ -1,17 +1,17 @@
 ###
-### Containerfile.nvidia - used to build ONLY NVIDIA kmods (one driver version per build)
+### Containerfile.nvidia - used to build ONLY NVIDIA kmods
 ###
 
-#Build from base, simpley because it's the smallest image
+#Build from base, simply because it's the smallest image
 ARG SOURCE_IMAGE="${SOURCE_IMAGE:-base}"
 ARG SOURCE_ORG="${SOURCE_ORG:-fedora-ostree-desktops}"
 ARG BASE_IMAGE="quay.io/${SOURCE_ORG}/${SOURCE_IMAGE}"
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}"
 
 FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION} AS builder
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-39}"
-ARG NVIDIA_MAJOR_VERSION="${NVIDIA_MAJOR_VERSION:-550}"
 ARG KERNEL_FLAVOR="{KERNEL_FLAVOR:-main}"
+ARG KERNEL_VERSION=""
 ARG RPMFUSION_MIRROR=""
 
 COPY build*.sh /tmp
@@ -39,7 +39,7 @@ RUN if grep -qv "surface" <<< "${KERNEL_FLAVOR}"; then \
     ; else \
        export KERNEL_NAME="kernel-surface" \
     ; fi && \
-    /tmp/build-kmod-nvidia.sh ${NVIDIA_MAJOR_VERSION}
+    /tmp/build-kmod-nvidia.sh 550
 
 RUN cp /tmp/ublue-os-nvidia-addons/rpmbuild/RPMS/noarch/ublue-os-nvidia-addons*.rpm \
       /var/cache/rpms/ublue-os/

README.md

@@ -40,21 +40,21 @@ The [`akmods` image](https://github.com/orgs/ublue-os/packages/container/package
 
 Here's a rundown on how it's organized.
 
-We do our best to support all current builds of Fedora, current versions of the kernel modules listed, and in the case of NVIDIA current (550).
-**Note: NVIDIA legacy driver version 470 is no longer provided as RPMfusion has ceased updates to the package and it no longer builds with kernel 6.8 which has now released for Fedora 38 and 39.**
+We do our best to support all current builds of Fedora, current versions of the kernel modules listed, and the latest NVIDIA driver.
+**Note: NVIDIA legacy driver version 470 is no longer provided as RPMfusion has ceased updates to the package and it no longer builds with kernel 6.8 which has now released for Fedora 38 and 39. Also the `-550` extra driver version tag has been removed as the latest driver will always be included.**
 
 The majority of the drivers are tagged with `KERNEL_TYPE-FEDORA_RELEASE`. NVIDIA drivers are bundled distinctly with tag `KERNEL_TYPE-FEDORA_RELEASE-NVIDIA_VERSION`.
 
 | KERNEL_TYPE | FEDORA_RELEASE | TAG |
 | - | - | - |
-| Fedora stock kernel | 38 | `main-38`, `main-38-550` |
-| | 39 | `main-39`, `main-39-550` |
-| | 40 | `main-40`, `main-40-550` |
-| [patched for ASUS devices](https://copr.fedorainfracloud.org/coprs/lukenukem/asus-kernel) | 39 | `asus-39`, `asus-39-550` |
-| | 40 | `asus-40`, `asus-40-550` |
-| [patched fsync](https://copr.fedorainfracloud.org/coprs/sentry/kernel-fsync) | 39 | `fsync-39`, `fsync-39-550` |
-| [patched Microsoft Surface devices](https://github.com/linux-surface/linux-surface/) | 39 | `surface-39`, `surface-39-550` |
-| | 40 | `surface-40`, `surface-40-550` |
+| Fedora stock kernel | 38 | `main-38` |
+| | 39 | `main-39` |
+| | 40 | `main-40` |
+| [patched for ASUS devices](https://copr.fedorainfracloud.org/coprs/lukenukem/asus-kernel) | 39 | `asus-39`|
+| | 40 | `asus-40` |
+| [patched fsync](https://copr.fedorainfracloud.org/coprs/sentry/kernel-fsync) | 39 | `fsync-39` |
+| [patched Microsoft Surface devices](https://github.com/linux-surface/linux-surface/) | 39 | `surface-39` |
+| | 40 | `surface-40` |
 
 
 

build-kmod-nvidia.sh

@@ -34,7 +34,7 @@ akmods --force --kernels "${KERNEL_VERSION}" --kmod "${NVIDIA_PACKAGE_NAME}"
 modinfo /usr/lib/modules/${KERNEL_VERSION}/extra/${NVIDIA_PACKAGE_NAME}/nvidia{,-drm,-modeset,-peermem,-uvm}.ko.xz > /dev/null || \
 (cat /var/cache/akmods/${NVIDIA_PACKAGE_NAME}/${NVIDIA_AKMOD_VERSION}-for-${KERNEL_VERSION}.failed.log && exit 1)
 
-cat <<EOF > /var/cache/rpms/kmods/nvidia-vars.${NVIDIA_MAJOR_VERSION}
+cat <<EOF > /var/cache/rpms/kmods/nvidia-vars
 KERNEL_VERSION=${KERNEL_VERSION}
 RELEASE=${RELEASE}
 NVIDIA_PACKAGE_NAME=${NVIDIA_PACKAGE_NAME}

build-prep.sh

@@ -42,10 +42,15 @@ if [ -n "${RPMFUSION_MIRROR}" ]; then
     sed -i "s%^#baseurl=http://download1.rpmfusion.org%baseurl=${RPMFUSION_MIRROR}%" /etc/yum.repos.d/rpmfusion-*.repo
 fi
 
+# required for main and surface when fedora repo has updated kernel beyond what was in the image
+curl -L -o /etc/yum.repos.d/fedora-coreos-pool.repo \
+    https://raw.githubusercontent.com/coreos/fedora-coreos-config/testing-devel/fedora-coreos-pool.repo
+
 ### PREPARE CUSTOM KERNEL SUPPORT
 if [[ "asus" == "${KERNEL_FLAVOR}" ]]; then
     echo "Installing ASUS Kernel:"
-    wget https://copr.fedorainfracloud.org/coprs/lukenukem/asus-kernel/repo/fedora-$(rpm -E %fedora)/lukenukem-asus-kernel-fedora-$(rpm -E %fedora).repo -O /etc/yum.repos.d/_copr_lukenukem-asus-kernel.repo
+    curl -L -o /etc/yum.repos.d/_copr_lukenukem-asus-kernel.repo \
+        https://copr.fedorainfracloud.org/coprs/lukenukem/asus-kernel/repo/fedora-$(rpm -E %fedora)/lukenukem-asus-kernel-fedora-$(rpm -E %fedora).repo
     rpm-ostree cliwrap install-to-root /
     rpm-ostree override replace \
     --experimental \
@@ -59,7 +64,8 @@ if [[ "asus" == "${KERNEL_FLAVOR}" ]]; then
         kernel-modules-extra
 elif [[ "fsync-lts" == "${KERNEL_FLAVOR}" ]]; then
     echo "Installing fsync-lts kernel:"
-    wget https://copr.fedorainfracloud.org/coprs/sentry/kernel-ba/repo/fedora-$(rpm -E %fedora)/sentry-kernel-ba-fedora-$(rpm -E %fedora).repo -O /etc/yum.repos.d/_copr_sentry-kernel-ba.repo
+    curl -L -o /etc/yum.repos.d/_copr_sentry-kernel-ba.repo \
+        https://copr.fedorainfracloud.org/coprs/sentry/kernel-ba/repo/fedora-$(rpm -E %fedora)/sentry-kernel-ba-fedora-$(rpm -E %fedora).repo
     rpm-ostree cliwrap install-to-root /
     rpm-ostree override replace \
     --experimental \
@@ -73,7 +79,8 @@ elif [[ "fsync-lts" == "${KERNEL_FLAVOR}" ]]; then
         kernel-modules-extra
 elif [[ "fsync" == "${KERNEL_FLAVOR}" ]]; then
     echo "Installing fsync kernel:"
-    wget https://copr.fedorainfracloud.org/coprs/sentry/kernel-fsync/repo/fedora-$(rpm -E %fedora)/sentry-kernel-fsync-fedora-$(rpm -E %fedora).repo -O /etc/yum.repos.d/_copr_sentry-kernel-fsync.repo
+    curl -L -o /etc/yum.repos.d/_copr_sentry-kernel-fsync.repo \
+        https://copr.fedorainfracloud.org/coprs/sentry/kernel-fsync/repo/fedora-$(rpm -E %fedora)/sentry-kernel-fsync-fedora-$(rpm -E %fedora).repo
     rpm-ostree cliwrap install-to-root /
     rpm-ostree override replace \
     --experimental \
@@ -88,9 +95,10 @@ elif [[ "fsync" == "${KERNEL_FLAVOR}" ]]; then
 elif [[ "surface" == "${KERNEL_FLAVOR}" ]]; then
     echo "Installing Surface Kernel:"
     # Add Linux Surface repo
-    wget https://pkg.surfacelinux.com/fedora/linux-surface.repo -P /etc/yum.repos.d
-    wget https://github.com/linux-surface/linux-surface/releases/download/silverblue-20201215-1/kernel-20201215-1.x86_64.rpm -O \
-    /tmp/surface-kernel.rpm
+    curl -L -o /etc/yum.repos.d/linux-surface.repo \
+        https://pkg.surfacelinux.com/fedora/linux-surface.repo
+    curl -L -o /tmp/surface-kernel.rpm \
+        https://github.com/linux-surface/linux-surface/releases/download/silverblue-20201215-1/kernel-20201215-1.x86_64.rpm
     rpm-ostree cliwrap install-to-root /
     rpm-ostree override replace /tmp/surface-kernel.rpm \
         --remove kernel-core \
@@ -103,8 +111,18 @@ elif [[ "surface" == "${KERNEL_FLAVOR}" ]]; then
         --install kernel-surface-modules \
         --install kernel-surface-modules-core \
         --install kernel-surface-modules-extra
+elif [[ "main" == "${KERNEL_FLAVOR}" ]] && \
+     [[ "" != "${KERNEL_VERSION}" ]]; then
+    echo "main kernel version ${KERNEL_VERSION} to avoid upgrading kernel beyond what is in the image."
+    rpm-ostree cliwrap install-to-root /
+    rpm-ostree install \
+        kernel-devel-${KERNEL_VERSION} \
+        kernel-devel-matched-${KERNEL_VERSION}
 else
-    echo "Default main kernel needs no customization."
+    echo "Default main kernel without a specific version."
+    rpm-ostree install \
+        kernel-devel \
+        kernel-devel-matched
 fi