svrnty/talos-rpi5
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity
Files
2b009aaeee205825f5dae4e0c5b7f8d670167a5e
talos-rpi5/TECHNICAL.md
T
Mathias Beaulieu-Duncan 238a814d61
Build Talos CM5 Image / build (push) Failing after 9s
Details
ci: run pipeline natively on arm64 act runners 
- runs-on: arm64 (was talos-rpi5/macOS Mac Mini)
- replace Homebrew deps with native arm64 (crane+jq static binaries)
- gmake -> make across workflows and auto-update.sh
- guard Homebrew gnu-sed PATH in Makefile for Linux
- no QEMU/binfmt — builds are native arm64
- docs: TECHNICAL.md runner setup for ASUS GX10

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-16 09:54:19 -04:00

3.1 KiB
Raw Blame History

Technical Guide

Build infrastructure, CI/CD configuration, and project structure for the Talos CM5 Builder.

Building locally (ARM64 host required)

make checkouts patches   # Clone and patch upstream sources
make kernel              # Build RPi kernel
make overlay             # Build SBC overlay
make installer           # Build installer + disk image

CI/CD (Gitea Actions)

Push a version tag to trigger an automated build:

git tag v1.12.3-k6.12.47-2
git push origin v1.12.3-k6.12.47-2

The pipeline runs on the ARM64 self-hosted runner and:

  1. Builds the kernel, overlay, and installer
  2. Attaches SBOM attestation (cosign + syft)
  3. Pushes the installer image to Docker Hub
  4. Creates a Gitea release with the raw disk image

Upstream update checks

A weekly scheduled workflow checks for new Talos and RPi kernel releases and creates Gitea issues when updates are available.

CI Secrets

Secret Description
REGISTRY_USERNAME Docker Hub username (org-level)
REGISTRY_PASSWORD Docker Hub access token (org-level)

Runner Setup (ASUS GX10 — Linux arm64)

Builds run natively on arm64 — no QEMU/binfmt emulation. The runner executes jobs in host mode (directly on the Linux host, not in a container), so the host provides the toolchain.

The build host needs:

  • Docker Engine + the Buildx plugin (arm64 native)
  • make, git, curl, tar (e.g. apt-get install -y make git curl tar)
  • Sufficient disk space for kernel builds (~20GB)

crane and jq are fetched automatically by the workflows (static arm64 binaries into ~/.local/bin), so they don't need to be pre-installed.

# Download the act_runner for linux/arm64
curl -sL https://gitea.com/gitea/act_runner/releases/latest/download/act_runner-linux-arm64 -o act_runner
chmod +x act_runner

# Register — the `:host` label runs jobs directly on the host (no container)
./act_runner register \
  --instance https://git.openharbor.io \
  --token <runner-token> \
  --name gx10 \
  --labels arm64:host

# Run as service
./act_runner daemon

The workflows use runs-on: arm64. The arm64:host label maps that to host execution; drop :host only if you switch to container-based jobs (which then need Docker-in-Docker for the privileged build steps).

Project Structure

.gitea/workflows/
  build.yaml              # Build pipeline (tag push trigger)
  check-updates.yaml      # Upstream update checker (weekly cron)
Makefile                   # Build orchestration
config/
  config.txt.append        # CM5 overclock settings
  extensions.yaml          # System extensions list
scripts/
  check-upstream.sh        # Version comparison script
patches/
  siderolabs/
    pkgs/0001-*.patch      # RPi kernel patch
    talos/0001-*.patch     # Module list patch
    talos/0002-*.patch     # Skip NVRAM writes for GRUB on arm64
    talos/0003-*.patch     # Force GRUB bootloader on arm64
  talos-rpi5/
    sbc-raspberrypi5/      # Overlay patches (Go toolchain bump)
cosign.pub                 # Public key for verifying image attestations
Reference in New Issue View Git Blame Copy Permalink