Wiki: https://fedoraproject.org/wiki/Changes/Build_FCOS_on_Fedora_Konflux
Discussion Thread: https://discussion.fedoraproject.org/t/179534 **This is a proposed Change for Fedora Linux.** This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == We want to build Fedora CoreOS updates payloads and boot disk images in Konflux, instead of Jenkins. == Owner == * Name: [[User:jcapitao | Joel Capitao]] * Email: [email protected] * Name: [[User:jbtrystram | JB Trystram ]] * Email: [email protected] == Detailed Description == In F43 we switched Fedora CoreOS to be built with [ https://fedoraproject.org/wiki/Changes/BuildFCOSUsingContainerfile podman via a Containerfile]. We can now leverage this to move our builds into the Fedora Konflux cluster. We also want to leverage bootc-image-builder to build our disk images in Konflux. == Feedback == None right now. == Benefit to Fedora == The main benefit is the distribution of the SBOMs and attestations of the built artifacts to the end user. One will have the ability to verify how the OS was generated from the source code to the distribution. Another nice side effect is that Konflux keeps the intermediate builds artifacts in a public namespace, which makes reproducing tests failures and debugging easier for the Fedora CoreOS maintainers. Furthermore, this reduce the load on the Fedora CoreOS Jenkins pipeline, which is currently maintained by the CoreOS team. This will also increase the amount of shared code between CoreOS and bootc, helping with maintenance and exercising the code more. == Scope == * Proposal owners: ** Will switch Fedora CoreOS production streams (stable, testing, next) to be built in Konflux. This change was already done for our rawhide builds as an experiment. Proposal owner will also replace their current custom osbuild pipeline with bootc-image-builder. Theses changes are purely contained in the pipeline, they do not change the content of the produced artefacts compared to now. Notably, the Konflux release pipeline must integrate with the fedora message bus to get the artifact signed before release. * Release engineering: ** Enable selected projects to sign artifacts from Konflux pipelines using Fedora signing keys. * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with the Fedora Strategy: ** Migration to Konflux is part of the Fedora Stategy. == Upgrade/compatibility impact == There should be no impact for users as the product of the new pipeline (container images, disk images) should be identical. == Early Testing (Optional) == N/A == How To Test == The testing artifacts builds with Konflux are currently published in https://quay.io/organization/coreos-devel. One can rebase a Fedora CoreOS system to it with: <pre> rpm-ostree rebase ostree-image-signed:docker:// quay.io/coreos-devel/fedora-coreos:stable --reboot </pre> And observe no functional difference. Note that the automatic updates won't work because the image is not from the official release repo. == User Experience == No visible change for users. == Dependencies == == Contingency Plan == * Contingency mechanism: The Jenkins pipeline will stay in place as we will rollout this progressively across Fedora CoreOS streams. We can revert to use the historical Jenkins pipeline at any time. * Contingency deadline: N/A (not a System Wide Change) * Blocks release? N/A (not a System Wide Change) == Documentation == See: https://github.com/coreos/fedora-coreos-tracker/issues/2031 == Release Notes == \nFedora CoreOS images are now built into the Fedora Konflux Cluster.
-- _______________________________________________ devel-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
