Files
talos-rpi5/.gitea/workflows/build.yaml
T
Mathias Beaulieu-Duncan 238a814d61
Build Talos CM5 Image / build (push) Failing after 9s
ci: run pipeline natively on arm64 act runners
- runs-on: arm64 (was talos-rpi5/macOS Mac Mini)
- replace Homebrew deps with native arm64 (crane+jq static binaries)
- gmake -> make across workflows and auto-update.sh
- guard Homebrew gnu-sed PATH in Makefile for Linux
- no QEMU/binfmt — builds are native arm64
- docs: TECHNICAL.md runner setup for ASUS GX10

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-16 09:54:19 -04:00

142 lines
5.0 KiB
YAML

# Build and release custom Talos CM5 image
#
# Triggered by pushing a version tag (e.g. v1.11.5-1)
#
# Produces:
# - Installer container image → Docker Hub (svrnty/talos-rpi5:<tag>)
# - Raw disk image → Gitea release (metal-arm64.raw.zst)
#
# Runner: ASUS GX10 (self-hosted, Linux, arm64), host mode.
# Builds natively on arm64 — no QEMU/binfmt emulation.
name: Build Talos CM5 Image
on:
push:
tags:
- 'v*.*.*'
jobs:
build:
runs-on: arm64
timeout-minutes: 180
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Verify Docker is running
run: docker info
- name: Install build dependencies
run: |
# Native arm64 host — make, sed, git, docker and buildx come from the host.
# Only crane + jq are fetched (static arm64 binaries, no sudo, no QEMU).
mkdir -p "$HOME/.local/bin"
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
export PATH="$HOME/.local/bin:$PATH"
if ! command -v crane >/dev/null 2>&1; then
curl -fsSL https://github.com/google/go-containerregistry/releases/latest/download/go-containerregistry_Linux_arm64.tar.gz \
| tar -xz -C "$HOME/.local/bin" crane
fi
if ! command -v jq >/dev/null 2>&1; then
curl -fsSL https://github.com/jqlang/jq/releases/latest/download/jq-linux-arm64 -o "$HOME/.local/bin/jq"
chmod +x "$HOME/.local/bin/jq"
fi
make --version | head -1
crane version || true
- name: Set up Docker Buildx
run: |
# Native arm64 builder — the docker-container driver is used only for
# SBOM/provenance attestation, not for cross-arch (no QEMU registered).
docker buildx version
docker buildx create --name talos-builder --driver docker-container --use 2>/dev/null || docker buildx use talos-builder
docker buildx inspect --bootstrap
- name: Login to Docker Hub
run: echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
- name: Extract version tag
id: version
run: echo "tag=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"
- name: Clone upstream sources
run: make checkouts
- name: Apply patches
run: make patches
- name: Build kernel
run: make kernel
- name: Build SBC overlay
run: make overlay
- name: Build installer and disk image
run: make installer
- name: Tag release images
run: make release TAG=${{ steps.version.outputs.tag }}
- name: Compress disk image
run: |
# The imager outputs to checkouts/talos/_out/
DISK_IMAGE=$(find checkouts/talos/_out -name 'metal-arm64*.raw*' | head -1)
if [ -z "$DISK_IMAGE" ]; then
echo "Error: disk image not found in checkouts/talos/_out/"
find checkouts/talos/_out -type f
exit 1
fi
# Copy to workspace root for release upload
cp "$DISK_IMAGE" metal-arm64.raw.zst
ls -lh metal-arm64.raw.zst
- name: Create Gitea release and upload artifact
env:
GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG: ${{ steps.version.outputs.tag }}
run: |
GITEA_URL="${GITHUB_SERVER_URL}"
REPO="${GITHUB_REPOSITORY}"
API="${GITEA_URL}/api/v1"
# Extract component versions from tag (format: v1.12.3-k6.12.47-1)
TALOS_VER=$(echo "$TAG" | sed -E 's/^(v[0-9]+\.[0-9]+\.[0-9]+)-.*/\1/')
KERNEL_VER=$(echo "$TAG" | sed -E 's/.*-k([0-9]+\.[0-9]+\.[0-9]+)-.*/\1/')
RELEASE_BODY="Custom Talos Linux image for Raspberry Pi 5 / CM5 (Compute Blade)
**Talos**: ${TALOS_VER}
**Kernel**: RPi downstream ${KERNEL_VER} (CM5/RP1 support)
**Extensions**: iscsi-tools, util-linux-tools
**Overclock**: 2.6GHz (arm_freq=2600)
## Artifacts
- \`metal-arm64.raw.zst\` — Raw disk image for eMMC flashing
- \`docker.io/svrnty/talos-rpi5:${TAG}\` — Installer image for talosctl upgrade"
# Strip leading whitespace from heredoc-style indentation
RELEASE_BODY=$(echo "$RELEASE_BODY" | sed 's/^ //')
RELEASE_BODY_JSON=$(jq -Rs '.' <<< "$RELEASE_BODY")
RELEASE_ID=$(curl -sf -X POST \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
-d "{\"tag_name\":\"${TAG}\",\"name\":\"Talos RPi5 ${TAG}\",\"body\":${RELEASE_BODY_JSON},\"prerelease\":true}" \
"${API}/repos/${REPO}/releases" | jq -r '.id')
echo "Created release ID: ${RELEASE_ID}"
curl -sf -X POST \
-H "Authorization: token ${GITEA_TOKEN}" \
-F "attachment=@metal-arm64.raw.zst" \
"${API}/repos/${REPO}/releases/${RELEASE_ID}/assets?name=metal-arm64.raw.zst"
echo "Uploaded metal-arm64.raw.zst to release"
- name: Clean up
if: always()
run: make clean