2026-04-14 18:13:15 +02:00
|
|
|
name: Build ISO
|
|
|
|
|
|
docs: sync README roadmap, runner-setup, and ops/ to today's reality
A lot moved since the last docs sweep. Catching everything up in one
batch so a newcomer (or future us) reading the repo isn't lied to.
**README.md roadmap:**
- Walking-skeleton live ISO: upgraded from "screens 1-3 work
end-to-end" to "install runs to completion on a VM and the installed
system logs in and runs `docker ps` without sudo".
- 26.0-alpha release: dropped the "deferred" note — its blocker
(archinstall not completing) is gone; just needs a re-tag when we
like the installer copy.
- Added an explicit "ISO-build in CI" line for the new
`.forgejo/workflows/build-iso.yml`.
- Split the old "mDNS + local CA" item: mDNS is live (hostname baked
in, avahi/nss-mdns in the image), HTTPS via local CA still open.
- Noted post-install reboot button, progress bar, archinstall 4.x
schema work, console welcome, custom_commands docker group join in
the wizard milestone bullet.
**docs/runner-setup.md:**
- Full rewrite for the docker-outside-of-docker architecture we
actually run now (was still describing the DinD sidecar setup).
- Documents the `/data` symlink on the host that makes host-mode
`-v /data/…:/work` resolve — the non-obvious piece that took the
longest to nail down today.
- Describes the two runtime modes (`ubuntu-latest:docker://…` for CI,
`self-hosted:host` for build-iso) and why each exists.
- Adds the `upload-artifact@v3` pin note — v4+ fails on Forgejo with
`GHESNotSupportedError`.
**ops/forgejo-runner/compose.yml + config.yml:**
- Compose now matches what's actually running: DooD (no DinD sidecar),
runs as root so apk can install nodejs + docker-cli at startup,
/var/run/docker.sock bind-mounted.
- Config gets the three explicit label mappings and DooD
`docker_host` + `valid_volumes`.
**.forgejo/workflows/build-iso.yml:**
- Added `paths-ignore` for docs/website/*.md so doc-only commits don't
kick off 5-min ISO rebuilds. Code + ISO overlay changes still
trigger.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 19:28:33 +02:00
|
|
|
# Full ISO build is ~5-7 min. Only run on push-to-main and manual
|
|
|
|
|
# dispatch so feature-branch iteration stays fast. Docs-only changes
|
|
|
|
|
# skip the build — the `paths-ignore` list below covers *.md files,
|
|
|
|
|
# docs/, and the website (Hugo source). Anything that touches code,
|
|
|
|
|
# the ISO overlay, or the workflow itself still triggers a rebuild.
|
2026-04-14 18:13:15 +02:00
|
|
|
on:
|
|
|
|
|
push:
|
|
|
|
|
branches: [main]
|
docs: sync README roadmap, runner-setup, and ops/ to today's reality
A lot moved since the last docs sweep. Catching everything up in one
batch so a newcomer (or future us) reading the repo isn't lied to.
**README.md roadmap:**
- Walking-skeleton live ISO: upgraded from "screens 1-3 work
end-to-end" to "install runs to completion on a VM and the installed
system logs in and runs `docker ps` without sudo".
- 26.0-alpha release: dropped the "deferred" note — its blocker
(archinstall not completing) is gone; just needs a re-tag when we
like the installer copy.
- Added an explicit "ISO-build in CI" line for the new
`.forgejo/workflows/build-iso.yml`.
- Split the old "mDNS + local CA" item: mDNS is live (hostname baked
in, avahi/nss-mdns in the image), HTTPS via local CA still open.
- Noted post-install reboot button, progress bar, archinstall 4.x
schema work, console welcome, custom_commands docker group join in
the wizard milestone bullet.
**docs/runner-setup.md:**
- Full rewrite for the docker-outside-of-docker architecture we
actually run now (was still describing the DinD sidecar setup).
- Documents the `/data` symlink on the host that makes host-mode
`-v /data/…:/work` resolve — the non-obvious piece that took the
longest to nail down today.
- Describes the two runtime modes (`ubuntu-latest:docker://…` for CI,
`self-hosted:host` for build-iso) and why each exists.
- Adds the `upload-artifact@v3` pin note — v4+ fails on Forgejo with
`GHESNotSupportedError`.
**ops/forgejo-runner/compose.yml + config.yml:**
- Compose now matches what's actually running: DooD (no DinD sidecar),
runs as root so apk can install nodejs + docker-cli at startup,
/var/run/docker.sock bind-mounted.
- Config gets the three explicit label mappings and DooD
`docker_host` + `valid_volumes`.
**.forgejo/workflows/build-iso.yml:**
- Added `paths-ignore` for docs/website/*.md so doc-only commits don't
kick off 5-min ISO rebuilds. Code + ISO overlay changes still
trigger.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 19:28:33 +02:00
|
|
|
paths-ignore:
|
|
|
|
|
- '**/*.md'
|
|
|
|
|
- 'docs/**'
|
|
|
|
|
- 'website/**'
|
|
|
|
|
- 'CHANGELOG.md'
|
|
|
|
|
- 'RELEASING.md'
|
2026-04-14 18:13:15 +02:00
|
|
|
workflow_dispatch:
|
|
|
|
|
|
|
|
|
|
concurrency:
|
|
|
|
|
group: build-iso-${{ github.ref }}
|
|
|
|
|
cancel-in-progress: true
|
|
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
|
build-iso:
|
2026-04-14 18:50:47 +02:00
|
|
|
# Run directly on the runner host, not inside a job container.
|
|
|
|
|
# `build.sh` does `docker run -v $REPO_ROOT:/work archlinux:latest`,
|
|
|
|
|
# and host docker interprets the volume source as a host path — so
|
|
|
|
|
# $REPO_ROOT has to be a path on the host, which it only is when
|
|
|
|
|
# we skip the job-container wrapping. The runner VM has git + docker.
|
|
|
|
|
runs-on: self-hosted
|
2026-04-14 18:13:15 +02:00
|
|
|
timeout-minutes: 30
|
|
|
|
|
steps:
|
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
|
|
|
|
|
|
- name: Build ISO
|
|
|
|
|
run: ./iso/build.sh
|
|
|
|
|
|
|
|
|
|
- name: Report ISO hash
|
|
|
|
|
run: |
|
|
|
|
|
iso=$(ls iso/out/*.iso | head -1)
|
|
|
|
|
echo "ISO: $iso"
|
|
|
|
|
sha256sum "$iso"
|
|
|
|
|
|
|
|
|
|
- name: Upload ISO artifact
|
2026-04-14 19:10:16 +02:00
|
|
|
# v4+ isn't supported on Forgejo yet (uses newer @actions/artifact
|
|
|
|
|
# protocol that Forgejo's GHES-compatible API doesn't implement).
|
|
|
|
|
uses: actions/upload-artifact@v3
|
2026-04-14 18:13:15 +02:00
|
|
|
with:
|
|
|
|
|
name: furtka-iso
|
|
|
|
|
path: iso/out/*.iso
|
|
|
|
|
retention-days: 14
|
|
|
|
|
if-no-files-found: error
|
2026-04-18 11:41:44 +02:00
|
|
|
|
|
|
|
|
smoke-vm:
|
|
|
|
|
# Boot the freshly built ISO in a VM on the .165 Proxmox test host and
|
|
|
|
|
# check the webinstaller responds on :5000. Shares the runner workspace
|
|
|
|
|
# with build-iso via `needs:` so we skip the artifact round-trip.
|
|
|
|
|
# `continue-on-error: true` so a VM-side flake doesn't mark the ISO
|
|
|
|
|
# build red — the ISO itself is still valid and uploaded.
|
|
|
|
|
needs: build-iso
|
|
|
|
|
runs-on: self-hosted
|
|
|
|
|
continue-on-error: true
|
|
|
|
|
timeout-minutes: 10
|
|
|
|
|
steps:
|
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
|
|
|
|
|
|
- name: Re-download ISO into iso/out
|
|
|
|
|
# `needs:` doesn't preserve the workspace across jobs on Forgejo
|
|
|
|
|
# host-mode runners, so pull the artifact we just uploaded.
|
|
|
|
|
uses: actions/download-artifact@v3
|
|
|
|
|
with:
|
|
|
|
|
name: furtka-iso
|
|
|
|
|
path: iso/out
|
|
|
|
|
|
|
|
|
|
- name: Smoke-test ISO on Proxmox test host
|
|
|
|
|
env:
|
|
|
|
|
PVE_TEST_HOST: ${{ secrets.PVE_TEST_HOST }}
|
|
|
|
|
PVE_TEST_TOKEN: ${{ secrets.PVE_TEST_TOKEN }}
|
|
|
|
|
SMOKE_SHA: ${{ github.sha }}
|
|
|
|
|
run: |
|
|
|
|
|
iso=$(ls iso/out/*.iso | head -1)
|
|
|
|
|
echo "Smoking $iso"
|
|
|
|
|
./scripts/smoke-vm.sh "$iso"
|