svrnty/talos-rpi5
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity
Files
7d1bb1fbef43956ada97f46161d4e29dd8396d4b
talos-rpi5/TECHNICAL.md
T
Mathias Beaulieu-Duncan 238a814d61
Build Talos CM5 Image / build (push) Failing after 9s
Details
ci: run pipeline natively on arm64 act runners 
- runs-on: arm64 (was talos-rpi5/macOS Mac Mini)
- replace Homebrew deps with native arm64 (crane+jq static binaries)
- gmake -> make across workflows and auto-update.sh
- guard Homebrew gnu-sed PATH in Makefile for Linux
- no QEMU/binfmt — builds are native arm64
- docs: TECHNICAL.md runner setup for ASUS GX10

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-16 09:54:19 -04:00

96 lines
3.1 KiB
Markdown
Raw Blame History

# Technical Guide
Build infrastructure, CI/CD configuration, and project structure for the Talos CM5 Builder.
## Building locally (ARM64 host required)
```bash
make checkouts patches # Clone and patch upstream sources
make kernel # Build RPi kernel
make overlay # Build SBC overlay
make installer # Build installer + disk image
```
## CI/CD (Gitea Actions)
Push a version tag to trigger an automated build:
```bash
git tag v1.12.3-k6.12.47-2
git push origin v1.12.3-k6.12.47-2
```
The pipeline runs on the ARM64 self-hosted runner and:
1. Builds the kernel, overlay, and installer
2. Attaches SBOM attestation (cosign + syft)
3. Pushes the installer image to Docker Hub
4. Creates a Gitea release with the raw disk image
### Upstream update checks
A weekly scheduled workflow checks for new Talos and RPi kernel releases and creates Gitea issues when updates are available.
## CI Secrets
| Secret | Description |
|--------|-------------|
| `REGISTRY_USERNAME` | Docker Hub username (org-level) |
| `REGISTRY_PASSWORD` | Docker Hub access token (org-level) |
## Runner Setup (ASUS GX10 — Linux arm64)
Builds run **natively on arm64** — no QEMU/binfmt emulation. The runner executes
jobs in **host mode** (directly on the Linux host, not in a container), so the
host provides the toolchain.
The build host needs:
- Docker Engine + the Buildx plugin (arm64 native)
- `make`, `git`, `curl`, `tar` (e.g. `apt-get install -y make git curl tar`)
- Sufficient disk space for kernel builds (~20GB)
`crane` and `jq` are fetched automatically by the workflows (static arm64
binaries into `~/.local/bin`), so they don't need to be pre-installed.
```bash
# Download the act_runner for linux/arm64
curl -sL https://gitea.com/gitea/act_runner/releases/latest/download/act_runner-linux-arm64 -o act_runner
chmod +x act_runner
# Register — the `:host` label runs jobs directly on the host (no container)
./act_runner register \
--instance https://git.openharbor.io \
--token <runner-token> \
--name gx10 \
--labels arm64:host
# Run as service
./act_runner daemon
```
> The workflows use `runs-on: arm64`. The `arm64:host` label maps that to host
> execution; drop `:host` only if you switch to container-based jobs (which then
> need Docker-in-Docker for the privileged build steps).
## Project Structure
```
.gitea/workflows/
build.yaml # Build pipeline (tag push trigger)
check-updates.yaml # Upstream update checker (weekly cron)
Makefile # Build orchestration
config/
config.txt.append # CM5 overclock settings
extensions.yaml # System extensions list
scripts/
check-upstream.sh # Version comparison script
patches/
siderolabs/
pkgs/0001-*.patch # RPi kernel patch
talos/0001-*.patch # Module list patch
talos/0002-*.patch # Skip NVRAM writes for GRUB on arm64
talos/0003-*.patch # Force GRUB bootloader on arm64
talos-rpi5/
sbc-raspberrypi5/ # Overlay patches (Go toolchain bump)
cosign.pub # Public key for verifying image attestations
```
Reference in New Issue View Git Blame Copy Permalink