Skip to content

Commit

Permalink
Merge pull request #127 from 89luca89/feat/wolfi_toolbox
Browse files Browse the repository at this point in the history
feat: add wolfi-toolbox images
  • Loading branch information
Foxboron authored Jun 7, 2024
2 parents 68eb902 + e06c5e7 commit 658f5e1
Show file tree
Hide file tree
Showing 4 changed files with 201 additions and 0 deletions.
123 changes: 123 additions & 0 deletions .github/workflows/wolfi.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
name: "Wolfi Linux: Build and push toolbx images"

permissions: read-all

on:
pull_request:
branches:
- main
paths:
- wolfi/**
- .github/workflows/wolfi.yaml
push:
branches:
- main
paths:
- wolfi/**
- .github/workflows/wolfi.yaml
schedule:
- cron: '0 0 * * MON'

env:
distro: 'wolfi'
distro_pretty: 'wolfi Linux'
latest_release: 'latest'
platforms: 'linux/amd64, linux/arm64'
registry: 'quay.io/toolbx-images'

# Prevent multiple workflow runs from racing to ensure that pushes are made
# sequentially for the main branch. Also cancel in progress workflow runs for
# pull requests only.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
build-push-images:
strategy:
matrix:
release: ['latest']

runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set up QEMU for multi-arch builds
shell: bash
run: |
sudo apt update
sudo apt install qemu-user-static
- name: Build container image
uses: redhat-actions/buildah-build@v2
if: env.latest_release != matrix.release
with:
platforms: ${{ env.platforms }}
context: ${{ env.distro }}/${{ matrix.release }}
image: ${{ env.distro }}-toolbox
tags: ${{ matrix.release }}
containerfiles: ${{ env.distro }}/${{ matrix.release }}/Containerfile
layers: false
oci: true

- name: Build container image (latest tag)
uses: redhat-actions/buildah-build@v2
if: env.latest_release == matrix.release
with:
platforms: ${{ env.platforms }}
context: ${{ env.distro }}/${{ matrix.release }}
image: ${{ env.distro }}-toolbox
tags: ${{ matrix.release }} latest
containerfiles: ${{ env.distro }}/${{ matrix.release }}/Containerfile
layers: false
oci: true

- name: Push to Container Registry
uses: redhat-actions/push-to-registry@v2
id: push
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release != matrix.release
with:
username: ${{ secrets.BOT_USERNAME }}
password: ${{ secrets.BOT_SECRET }}
image: ${{ env.distro }}-toolbox
registry: ${{ env.registry }}
tags: ${{ matrix.release }}

- name: Push to Container Registry (latest tag)
uses: redhat-actions/push-to-registry@v2
id: push-latest
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
with:
username: ${{ secrets.BOT_USERNAME }}
password: ${{ secrets.BOT_SECRET }}
image: ${{ env.distro }}-toolbox
registry: ${{ env.registry }}
tags: ${{ matrix.release }} latest

- name: Login to Container Registry
uses: redhat-actions/podman-login@v1
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
with:
registry: ${{ env.registry }}
username: ${{ secrets.BOT_USERNAME }}
password: ${{ secrets.BOT_SECRET }}

- uses: sigstore/[email protected]
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'

- name: Sign container image
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release != matrix.release
run: |
cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.registry }}/${{ env.distro }}-toolbox@${{ steps.push.outputs.digest }}
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}

- name: Sign container image (latest)
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
run: |
cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.registry }}/${{ env.distro }}-toolbox@${{ steps.push-latest.outputs.digest }}
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
7 changes: 7 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,12 @@ directly use the commands below:
$ toolbox enter ubuntu-toolbox-16.04
```

- [Wolfi]:
```
$ toolbox create --image quay.io/toolbx-images/wolfi-toolbox:latest
$ toolbox enter wolfi-toolbox-latest
```

## Verifying sigstore container signatures with podman

How to configure sigstore signature verification in podman:
Expand Down Expand Up @@ -246,3 +252,4 @@ See [COPYING](COPYING).
[Rocky Linux]: https://hub.docker.com/_/rockylinux
[Ubuntu]: https://hub.docker.com/_/ubuntu
[openSUSE]: https://registry.opensuse.org/cgi-bin/cooverview?srch_term=project%3D%5EopenSUSE%3AContainers%3A+container%3Dtoolbox
[Wolfi]: cgr.dev/chainguard/
26 changes: 26 additions & 0 deletions wolfi/latest/Containerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
FROM cgr.dev/chainguard/wolfi-base:latest

LABEL com.github.containers.toolbox="true" \
name="wolfi-toolbox" \
version="latest" \
usage="This image is meant to be used with the toolbox or distrobox command" \
summary="Base image for creating Wolfi Linux toolbox containers" \
maintainer="Luca Di Maio <[email protected]>"

# Install extra packages
COPY extra-packages /
RUN apk update && \
apk upgrade && \
cat /extra-packages | xargs apk add
RUN rm /extra-packages

# Enable password less sudo
# using sudoers instead of toolbox filename here, so that in case of rootful
# distroboxes, the NOPASSWD can be deactivated for security reasons.
RUN echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/sudoers

# Copy the os-release file
RUN cp -p /etc/os-release /usr/lib/os-release

# Clear out /home
RUN rm -rf /home/* && mkdir /media
45 changes: 45 additions & 0 deletions wolfi/latest/extra-packages
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
bash
bc
busybox
bzip2
coreutils
curl
diffutils
findmnt
findutils
gnupg
gnutar
gpg
iproute2
iputils
keyutils
less
libcap
libcap-utils
locate
man-db
mesa
mount
ncurses
ncurses-terminfo
net-tools
openssh-client
pigz
posix-libc-utils
procps
rsync
shadow
sudo
tcpdump
tree
tzdata
umount
unzip
util-linux
util-linux-login
util-linux-misc
vulkan-loader
wget
xauth
xz
zip

0 comments on commit 658f5e1

Please sign in to comment.