Skip to content

Commit d70c1eb

Browse files
hanthorclaude
andcommitted
refactor(ci): use mock's use_bootstrap_image instead of pre-baked chroot
Mock 2.0+ can pull a container image as the bootstrap chroot via podman, eliminating the need to bake the CentOS Stream 10 chroot into the runner image at build time. Changes: - centos-stream-10-ci.cfg: add use_bootstrap_image=True, pointing to quay.io/centos/centos:stream10 — mock pulls it at build time - mock/Containerfile: drop 'mock --init' RUN layer entirely; image is now just fedora+mock+tools, builds without --cap-add or --privileged - build-mock-runner.yml: remove --cap-add/--security-opt flags - build.yml: cache quay.io/centos/centos:stream10 with actions/cache (podman save/load) instead of /var/cache/mock chroot directory - build-chain.sh: drop /var/cache/mock bind-mount (no longer needed) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent fca39cb commit d70c1eb

5 files changed

Lines changed: 34 additions & 55 deletions

File tree

.github/workflows/build-mock-runner.yml

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
name: Build Mock Runner Image
22
# Builds and pushes ghcr.io/tuna-os/mock-runner:centos-stream-10
3+
# Image is just Fedora + mock toolchain. The CentOS Stream 10 environment
4+
# is pulled at build time via mock's use_bootstrap_image.
35

46
on:
57
push:
@@ -10,7 +12,6 @@ on:
1012
workflow_dispatch:
1113

1214
env:
13-
REGISTRY: ghcr.io
1415
IMAGE: ghcr.io/tuna-os/mock-runner
1516
TAG: centos-stream-10
1617

@@ -31,12 +32,7 @@ jobs:
3132
3233
- name: Build image
3334
run: |
34-
# mock --init inside a RUN layer needs SYS_ADMIN + SYS_CHROOT.
35-
# podman build doesn't support --privileged; use --cap-add=all
36-
# with sudo so the runner process has the needed kernel capabilities.
37-
sudo podman build \
38-
--cap-add=all \
39-
--security-opt label=disable \
35+
podman build \
4036
--pull=always \
4137
-f mock/Containerfile \
4238
-t "${IMAGE}:${TAG}" \
@@ -45,8 +41,8 @@ jobs:
4541
4642
- name: Push image
4743
run: |
48-
sudo podman push "${IMAGE}:${TAG}"
49-
sudo podman push "${IMAGE}:${TAG}-${{ github.sha }}"
44+
podman push "${IMAGE}:${TAG}"
45+
podman push "${IMAGE}:${TAG}-${{ github.sha }}"
5046
5147
- name: Inspect
52-
run: sudo podman images "${IMAGE}:${TAG}" --format "{{.Repository}}:{{.Tag}} {{.Size}}"
48+
run: podman images "${IMAGE}:${TAG}" --format "{{.Repository}}:{{.Tag}} {{.Size}}"

.github/workflows/build.yml

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -42,13 +42,23 @@ jobs:
4242
gpg gpgconf
4343
curl -fsSL https://rclone.org/install.sh | sudo bash
4444
45-
- name: Cache mock RPM downloads
45+
- name: Cache CentOS Stream 10 container image
46+
id: cache-cs10
4647
uses: actions/cache@v4
4748
with:
48-
path: /var/cache/mock
49-
key: mock-cache-centos-stream-10-${{ hashFiles('mock/centos-stream-10-ci.cfg') }}
50-
restore-keys: |
51-
mock-cache-centos-stream-10-
49+
path: /tmp/cs10-image.tar
50+
key: cs10-image-${{ hashFiles('mock/centos-stream-10-ci.cfg') }}
51+
52+
- name: Load or pull CentOS Stream 10 image
53+
run: |
54+
if [[ -f /tmp/cs10-image.tar ]]; then
55+
echo "Restoring cached image..."
56+
podman load -i /tmp/cs10-image.tar
57+
else
58+
echo "Pulling quay.io/centos/centos:stream10..."
59+
podman pull quay.io/centos/centos:stream10
60+
podman save -o /tmp/cs10-image.tar quay.io/centos/centos:stream10
61+
fi
5262
5363
- name: Import GPG key
5464
uses: crazy-max/ghaction-import-gpg@v6
@@ -74,9 +84,6 @@ jobs:
7484
run: |
7585
IMAGE="${{ github.event.inputs.image || env.MOCK_RUNNER_IMAGE }}"
7686
podman pull "${IMAGE}"
77-
# Warm the /var/cache/mock host directory so the bind-mount
78-
# inside containers picks up cached RPM downloads
79-
sudo mkdir -p /var/cache/mock
8087
8188
- name: Seed local repo from R2
8289
run: |

mock/Containerfile

Lines changed: 7 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1,50 +1,29 @@
1-
# Mock Runner Image for GNOME 50 / CentOS Stream 10 builds
1+
# Mock Runner Image
22
#
3-
# Bakes in:
4-
# - mock + toolchain (rpm-build, createrepo_c, rpmdevtools, spectool)
5-
# - centos-stream-10-ci mock config
6-
# - Pre-bootstrapped CentOS Stream 10 mock chroot
3+
# Fedora + mock toolchain only. The CentOS Stream 10 build environment is
4+
# sourced at build time via mock's use_bootstrap_image, which pulls
5+
# quay.io/centos/centos:stream10 through podman. No chroot baked in.
76
#
8-
# Build (requires --privileged for mock --init):
9-
# podman build --privileged -f mock/Containerfile -t mock-runner:local mock/
7+
# Build:
8+
# podman build -f mock/Containerfile -t mock-runner:local mock/
109
#
1110
# Push:
1211
# podman tag mock-runner:local ghcr.io/tuna-os/mock-runner:centos-stream-10
1312
# podman push ghcr.io/tuna-os/mock-runner:centos-stream-10
1413

1514
FROM fedora:latest
1615

17-
# Install build toolchain
1816
RUN dnf install -y \
1917
mock \
2018
rpm-build \
2119
rpm-sign \
2220
createrepo_c \
2321
rpmdevtools \
2422
python3-pyyaml \
25-
git \
2623
&& dnf clean all \
2724
&& rm -rf /var/cache/dnf
2825

29-
# Copy mock config into place
3026
COPY centos-stream-10-ci.cfg /etc/mock/centos-stream-10-ci.cfg
3127

32-
# Create an empty local repo so mock --init doesn't fail on the
33-
# file:///local-repo baseurl (it'll be bind-mounted at build time)
34-
RUN mkdir -p /local-repo && createrepo_c /local-repo
35-
36-
# Bootstrap the CentOS Stream 10 chroot.
37-
# This downloads ~400 MB of base packages once and bakes them into the image.
38-
# Subsequent `mock --rebuild --no-clean` invocations skip this phase entirely.
39-
RUN mock --init -r centos-stream-10-ci \
40-
--no-cleanup-after \
41-
&& echo "Bootstrap complete" \
42-
# Remove cached RPMs inside the chroot and build logs to trim image size
43-
&& find /var/lib/mock/centos-stream-10-ci/ \
44-
\( -name "*.rpm" -o -name "*.log" \) -delete \
45-
&& rm -rf /var/lib/mock/centos-stream-10-ci/root/var/cache/dnf \
46-
&& rm -rf /var/lib/mock/centos-stream-10-ci-bootstrap/root/var/cache/dnf
47-
48-
LABEL org.opencontainers.image.description="Fedora + mock with CentOS Stream 10 chroot pre-bootstrapped"
28+
LABEL org.opencontainers.image.description="Fedora + mock runner for CentOS Stream 10 package builds"
4929
LABEL org.opencontainers.image.source="https://github.com/tuna-os/github-copr"
50-
# Fri Mar 13 06:47:58 AM IST 2026

mock/centos-stream-10-ci.cfg

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,12 @@ include('/etc/mock/centos-stream-10-x86_64.cfg')
22

33
config_opts['root'] = 'centos-stream-10-ci'
44

5+
# Use podman to pull quay.io/centos/centos:stream10 as the bootstrap chroot
6+
# instead of bootstrapping from scratch. Mock spawns a container, installs
7+
# BuildRequires inside it, and builds there — no chroot setup needed.
8+
config_opts['use_bootstrap_image'] = True
9+
config_opts['bootstrap_image'] = 'quay.io/centos/centos:stream10'
10+
511
config_opts['yum.conf'] += """
612
[local-build]
713
name=Local Build Repository

scripts/build-chain.sh

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -219,19 +219,10 @@ MOCKCFG
219219

220220
echo "==> [${pkg_name}] Running mock inside podman (${BUILD_IMAGE})..."
221221

222-
# Bind-mount the host mock RPM download cache so packages aren't
223-
# re-downloaded across builds. /var/cache/mock is safe to share
224-
# between parallel container runs (dnf uses per-request locking).
225-
local mock_cache_vol=""
226-
if [[ -d /var/cache/mock ]]; then
227-
mock_cache_vol="-v /var/cache/mock:/var/cache/mock:Z"
228-
fi
229-
230222
podman run --rm --privileged \
231223
--pull=missing \
232224
-v "${builddir}:/builddir:Z" \
233225
-v "${LOCAL_REPO}:/local-repo:Z" \
234-
${mock_cache_vol} \
235226
"${BUILD_IMAGE}" \
236227
bash -exc "
237228
createrepo_c /local-repo/

0 commit comments

Comments
 (0)