feat: add rechunk support (#54)

* feat: rechunk, remove SELinux workarounds

* feat: add nmtui as the GUI is not fully featured

* fix(rechunk): Fix signing by using the appropriate name and change args (#55)

fix(rechunk): Fix signing by using the appropriate name and change rechunk arguments

---------

Co-authored-by: Antheas Kapenekakis <antheas@users.noreply.github.com>

.github/workflows/build.yml

@@ -17,7 +17,7 @@ concurrency:
 jobs:
   build:
     name: Build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write
@@ -47,6 +47,13 @@ jobs:
 
     steps:
       # Checkout push-to-registry action GitHub repository
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@v7
+        with:
+          remove-android: 'true'
+      - name: Checkout
+        uses: actions/checkout@v2
+
       - name: Checkout Push to Registry action
         uses: actions/checkout@v4
 
@@ -93,6 +100,7 @@ jobs:
             io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/cosmic/main/README.md
             io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
 
+
       # Create Variables. Use UBlue images for amd64, fedora-ostree desktop for arm64
       - name: matrix-variables
         run: |
@@ -108,22 +116,40 @@ jobs:
             echo "SOURCE_IMAGE=${{ matrix.flavor }}" >> $GITHUB_ENV
           fi
 
-      # Build image using Buildah action
       - name: Build Image
         id: build_image
-        uses: redhat-actions/buildah-build@v2
+        run: |
+          sudo buildah build \
+            --arch "${{ matrix.arch }}" \
+            --format "docker" \
+            --build-arg FEDORA_MAJOR_VERSION="${{ matrix.version }}" \
+            --build-arg SOURCE_IMAGE="${{ env.SOURCE_IMAGE }}" \
+            --build-arg SOURCE_ORG="${{ env.SOURCE_ORG }}" \
+            --tag raw-img .
+
+      # Reprocess raw-img using rechunker which will delete it
+      - name: Run Rechunker
+        id: rechunk
+        uses: hhd-dev/rechunk@v0.8.0
         with:
-          containerfiles: |
-            Containerfile
-          image: cosmic-${{ matrix.flavor }}
-          tags: |
-            ${{ steps.generate-tags.outputs.alias_tags }}
-          archs: ${{ matrix.arch }}
-          build-args: |
-            FEDORA_MAJOR_VERSION=${{ matrix.version }}
-            SOURCE_IMAGE=${{ env.SOURCE_IMAGE }}
-            SOURCE_ORG=${{ env.SOURCE_ORG }}
-          oci: false
+          rechunk: 'ghcr.io/hhd-dev/rechunk:v0.8.0'
+          ref: 'raw-img'
+          prev-ref: "${{ env.IMAGE_REGISTRY }}/cosmic-${{ matrix.flavor }}:${{ matrix.version }}"
+          skip_compression: true
+          version: ${{ matrix.version }}
+          labels: |
+            org.opencontainers.image.title=cosmic-${{ matrix.flavor }}
+            org.opencontainers.image.description=${{ env.description }}
+            io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/cosmic/main/README.md
+            io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
+
+      - name: Load in podman and tag
+        run: |
+          IMAGE=$(podman pull ${{ steps.rechunk.outputs.ref }})
+          sudo rm -rf ${{ steps.rechunk.outputs.output }}
+          for tag in ${{ steps.generate-tags.outputs.alias_tags }}; do
+            podman tag $IMAGE cosmic-${{ matrix.flavor }}:$tag
+          done
 
       # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
       # https://github.com/macbre/push-to-ghcr/issues/12
@@ -148,8 +174,10 @@ jobs:
         id: push
         with:
           registry: ${{ steps.registry_case.outputs.lowercase }}
-          image: ${{ steps.build_image.outputs.image }}
-          tags: ${{ steps.build_image.outputs.tags }}
+          image: cosmic-${{ matrix.flavor }}
+          tags: ${{ steps.generate-tags.outputs.alias_tags }}
+          extra-args: |
+            --disable-content-trust
 
       # Sign container
       - uses: sigstore/cosign-installer@v3.5.0
@@ -158,7 +186,7 @@ jobs:
       - name: Sign container image
         if: github.event_name != 'pull_request'
         run: |
-          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/cosmic-${{ matrix.flavor }}@${TAGS}
         env:
           TAGS: ${{ steps.push.outputs.digest }}
           COSIGN_EXPERIMENTAL: false

Containerfile

@@ -6,10 +6,7 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 FROM ${BASE_IMAGE}:${FEDORA_MAJOR_VERSION}
 ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 
-COPY greetd-workaround.service /usr/lib/systemd/system/greetd-workaround.service
-
 # Build in one step
-# Install tuned/tuned-ppd if the image is a base one
 RUN if [[ "${FEDORA_MAJOR_VERSION}" == "rawhide" ]]; then \
         curl -Lo /etc/yum.repos.d/_copr_ryanabx-cosmic.repo \
             https://copr.fedorainfracloud.org/coprs/ryanabx/cosmic-epoch/repo/fedora-rawhide/ryanabx-cosmic-epoch-fedora-rawhide.repo \
@@ -18,15 +15,10 @@ RUN if [[ "${FEDORA_MAJOR_VERSION}" == "rawhide" ]]; then \
     ; fi && \
     rpm-ostree install \
         cosmic-desktop && \
-    rpm-ostree override remove \
-        power-profiles-daemon || true && \
-    rpm-ostree install tuned tuned-ppd && \
     rpm-ostree install \
-        gnome-keyring && \
-    systemctl enable tuned-ppd && \
+        gnome-keyring NetworkManager-tui && \
     systemctl disable gdm || true && \
     systemctl disable sddm || true && \
     systemctl enable cosmic-greeter && \
-    systemctl enable greetd-workaround && \
     ostree container commit && \
     mkdir -p /var/tmp && chmod -R 1777 /var/tmp