Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automation for updating templates #1347

Closed
10 tasks done
AkihiroSuda opened this issue Feb 2, 2023 · 23 comments
Closed
10 tasks done

Automation for updating templates #1347

AkihiroSuda opened this issue Feb 2, 2023 · 23 comments
Labels
expert help wanted Extra attention is needed

Comments

@AkihiroSuda
Copy link
Member

AkihiroSuda commented Feb 2, 2023

It is really hard for me to create a PR like #1236 to update the template image digests.

We have to have a tool for updating these templates automatically.
The tool must retain comment lines and indentation styles in the YAMLs.


Frequently updated images:

Less frequent ones:

@AkihiroSuda AkihiroSuda added help wanted Extra attention is needed expert labels Feb 2, 2023
@afbjorklund
Copy link
Member

Maybe also some means of sharing them, with some kind of FROM system ?

@AkihiroSuda
Copy link
Member Author

Maybe also some means of sharing them, with some kind of FROM system ?

Yes, but that is a separate issue

@jlm0x017
Copy link

jlm0x017 commented Feb 9, 2023

Do you already have the link to the updated image? Or is that step needed as well?
I expect you grab the checksum provided at the source, rather than generating it yourself, but please do confirm.

@AkihiroSuda
Copy link
Member Author

Do you already have the link to the updated image?

No, e.g., we have to detect the latest version 20230124-1270 from https://cloud.debian.org/images/cloud/bullseye/ , but I'm not sure what is the robust way to do this.

w3m | grep might be enough, but seriously we should also consider adopting some machine learning stuff.

@afbjorklund

This comment was marked as outdated.

@afbjorklund

This comment was marked as outdated.

@lobshunter
Copy link
Contributor

What about a naive bash/python script to replace placeholder strings in yaml? Something like:

ubuntu_image = `w3m | grep -e "xxx"`
sed -i "s/UBUNTU_IMAGE/$ubuntu_image/g" ubuntu.yaml

The robustness solely relies on consistent file naming of upstreams(counting on hyrum's law). Sadly I didn't find any public tool to retrive latest released images.

@AkihiroSuda
Copy link
Member Author

I'm now planning to use yq

@balajiv113
Copy link
Member

How about using libosinfo (osinfo-db os) ??

I could see their db has info of different os variants
https://gitlab.com/libosinfo/osinfo-db/-/tree/main/data/os

We might need to write a python wrapper on top of this library (the tool osinfo-db is not giving out info on image download URL's by architecture that is present in the xml file)

@afbjorklund
Copy link
Member

yq can read xml too

yq -p xml -P

@afbjorklund
Copy link
Member

afbjorklund commented May 29, 2023

The library and database are licensed under the terms of the GNU LGPL version 2 or later.

https://libosinfo.org/

@AkihiroSuda
Copy link
Member Author

osinfo-db

Doesn't seem to contain permalinks: https://gitlab.com/libosinfo/osinfo-db/-/blob/ea8a7974a1f7189953c80fa9b1478b1ff8a75f8e/data/os/ubuntu.com/ubuntu-23.04.xml.in

    <image arch="x86_64" format="qcow2" cloud-init="true">
      <url>https://cloud-images.ubuntu.com/lunar/current/lunar-server-cloudimg-amd64.img</url>
    </image>

@balajiv113
Copy link
Member

yq can read xml too

True, but if we can use API it would be great. Else with yq we might need to read all xml files under each folder that we are interested in. With API i think it will be more managable

GNU LGPL version 2 or later

I thought since we are going to use this more of a build tool (Mostly a github actions workflow) this should not be a problem.

@afbjorklund
Copy link
Member

afbjorklund commented May 29, 2023

It was mostly referring to the "and database", most of the tools actually seem to be GPL v2 (and to require glib)

@balajiv113
Copy link
Member

Doesn't seem to contain permalinks

True :(
Supported examples are as below

  • almalinux-8.yaml
  • almalinux-9.yaml
  • alpine.yaml (we can support this as its our variant of alpine)
  • archlinux.yaml (Not present)
  • centos-stream-8.yaml
  • centos-stream-9.yaml
  • debian.yaml (Present, Using only latest version)
  • fedora.yaml
  • opensuse.yaml (Present, But qcow2 image not present)
  • oraclelinux-8.yaml (Not present)
  • oraclelinux-9.yaml (Not present)
  • rocky-8.yaml
  • rocky-9.yaml
  • ubuntu.yaml (Present, Using only latest version)
  • ubuntu-lts.yaml (Present, Using only latest version)
  • experimental/opensuse-tumbleweed.yaml (Present, But qcow2 image not present)

@AkihiroSuda
Copy link
Member Author

I guess we can consider using GPT

image

@afbjorklund
Copy link
Member

afbjorklund commented Jun 28, 2024

For Ubuntu, this is implemented in the ironically named "simple streams" (it's 14M):

sudo apt install simplestreams ubuntu-keyring

sstream-query --json --max=1 --keyring=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg http://cloud-images.ubuntu.com/releases/streams/v1/com.ubuntu.cloud:released:download.sjson release='noble' ftype='disk1.img' | jq -r '.[] | [.item_url,.arch,.sha256]'

https://philroche.net/2018/02/12/ubuntu-cloud-images-and-how-to-find-the-most-recent-cloud-image-part-1-of-3/

The JSON+GPG file is: http://cloud-images.ubuntu.com/releases/streams/v1/com.ubuntu.cloud:released:download.sjson


There is also a highlevel command:

sudo snap install image-status

$ image-status cloud-release
focal    amd64  20240626  disk1.img
jammy    amd64  20240627  disk1.img
mantic   amd64  20240619  disk1.img
noble    amd64  20240622  disk1.img

Where "disk1.img" is the old spelling of QCOW.

@AkihiroSuda
Copy link
Member Author

Thanks @norio-nomura 🎉

@AkihiroSuda AkihiroSuda pinned this issue Oct 10, 2024
@AkihiroSuda
Copy link
Member Author

For Debian, probably we can parse this JSON: https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-amd64.json

sha512 isn't encoded in hex though: "cloud.debian.org/digest": "sha512:2oTWCdfsVkXa4d9QPqcgN7KoMUAdG0LOLn7CqEC2mfB8qK6mMIU6PVQwg5Jowr0ze+RdiUmCZMNqm14ShyxZ7g"

Probably it should be just grepped from https://cloud.debian.org/images/cloud/bookworm/latest/SHA512SUMS instead.

@AkihiroSuda
Copy link
Member Author

For ArchLinux, curl -fsSL https://gitlab.archlinux.org/api/v4/projects/archlinux%2Farch-boxes/packages | jq '.[-1].version' can be used for retrieving the latest version

@norio-nomura
Copy link
Contributor

sha512 isn't encoded in hex though: "cloud.debian.org/digest": "sha512:2oTWCdfsVkXa4d9QPqcgN7KoMUAdG0LOLn7CqEC2mfB8qK6mMIU6PVQwg5Jowr0ze+RdiUmCZMNqm14ShyxZ7g"

It appears that this is a base64-encoded hash binary with the trailing "==" removed.
The following steps will convert it into hex-encoded format.

$ debian_sha512="2oTWCdfsVkXa4d9QPqcgN7KoMUAdG0LOLn7CqEC2mfB8qK6mMIU6PVQwg5Jowr0ze+RdiUmCZMNqm14ShyxZ7g"
$ echo "${debian_sha512}=="|base64 -d|xxd -p -c -
da84d609d7ec5645dae1df503ea72037b2a831401d1b42ce2e7ec2a840b699f07ca8aea630853a3d5430839268c2bd337be45d89498264c36a9b5e12872c59ee

@AkihiroSuda
Copy link
Member Author

Marking as completed, huge thanks to @norio-nomura 🎉

@norio-nomura
Copy link
Contributor

👍🏻
I’m still researching the OpenSUSE releases. Once it looks feasible, I’ll create an update-template-opensuse.sh script as well.

tmeijn pushed a commit to tmeijn/dotfiles that referenced this issue Dec 13, 2024
⚠️ **CAUTION: this is a major update, indicating a breaking change!** ⚠️

This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [lima-vm/lima](https://github.com/lima-vm/lima) | major | `v0.23.2` -> `v1.0.2` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>lima-vm/lima (lima-vm/lima)</summary>

### [`v1.0.2`](https://github.com/lima-vm/lima/releases/tag/v1.0.2)

[Compare Source](lima-vm/lima@v1.0.1...v1.0.2)

#### Changes

-   DNS:
    -   Fixed the host resolver regression in v1.0.0 [#&#8203;2939](lima-vm/lima#2939) ([#&#8203;2964](lima-vm/lima#2964))

-   `limactl create`:
    -   Fixed races during parallel downloads ([#&#8203;2903](lima-vm/lima#2903), thanks to [@&#8203;nirs](https://github.com/nirs))
    -   Optimized qcow2-to-raw conversion for vz mode ([#&#8203;2933](lima-vm/lima#2933), thanks to [@&#8203;nirs](https://github.com/nirs))

-   `limactl start-at-login`:
    -   Fixed the support for Linux hosts (systemd) ([#&#8203;2943](lima-vm/lima#2943), thanks to [@&#8203;kachick](https://github.com/kachick))

-   nerdctl:
    -   Updated to [v2.0.1](https://github.com/containerd/nerdctl/releases/tag/v2.0.1) ([#&#8203;2966](lima-vm/lima#2966))

-   Templates:
    -   Updated to the latest revisions ([#&#8203;2936](lima-vm/lima#2936) [#&#8203;2953](lima-vm/lima#2953), thanks to [@&#8203;tcooper](https://github.com/tcooper))

-   Web site:
    -   Added an example of running Lima on GitHub Actions to run commands on non-Ubuntu ([#&#8203;2954](lima-vm/lima#2954)): https://lima-vm.io/docs/examples/gha/

-   Project:
    -   Invite Nir Soffer ([@&#8203;nirs](https://github.com/nirs)) as a Reviewer ([#&#8203;2916](lima-vm/lima#2916), thanks to [@&#8203;jandubois](https://github.com/jandubois))

Full changes: https://github.com/lima-vm/lima/milestone/51?closed=1
Thanks to [@&#8203;SpiffyEight77](https://github.com/SpiffyEight77) [@&#8203;alexandear](https://github.com/alexandear) [@&#8203;jandubois](https://github.com/jandubois) [@&#8203;kachick](https://github.com/kachick) [@&#8203;nirs](https://github.com/nirs) [@&#8203;norio-nomura](https://github.com/norio-nomura) [@&#8203;tamird](https://github.com/tamird) [@&#8203;tcooper](https://github.com/tcooper)

#### Usage

```console
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux
```

***

The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/12134682585

The sha256sum of the SHA256SUMS file itself is `02ef78494c498ca4180915ba78d5e2fc471ed401f63dfb2b5864c3711f3c0fb2` .

***

Release manager: [@&#8203;AkihiroSuda](https://github.com/AkihiroSuda)

### [`v1.0.1`](https://github.com/lima-vm/lima/releases/tag/v1.0.1)

[Compare Source](lima-vm/lima@v1.0.0...v1.0.1)

Reverted the default port forwarder from gRPC to SSH for the stability reason ([#&#8203;2864](lima-vm/lima#2864)).
This reversion fixes several regressions related to `docker run -p` in Lima v1.0.0 ([#&#8203;2859](lima-vm/lima#2859)).

Although the gRPC forwarder is faster and has an advanced feature (UDP support), it turned out to be still immature.
Set `LIMA_SSH_PORT_FORWARDER=false` to opt-in to the gRPC forwarder.
See <https://lima-vm.io/docs/config/port/>.

Full changes: https://github.com/lima-vm/lima/milestone/50?closed=1
Thanks to [@&#8203;alexandear](https://github.com/alexandear) [@&#8203;jandubois](https://github.com/jandubois) [@&#8203;norio-nomura](https://github.com/norio-nomura)

#### Usage

```console
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux
```

***

The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/11735352652

The sha256sum of the SHA256SUMS file itself is `f5c12d003e25dc46291803a8acae9e9d325a45eca0c1f9f40bd6852ec8ed9be1` .

***

Release manager: [@&#8203;AkihiroSuda](https://github.com/AkihiroSuda)

### [`v1.0.0`](https://github.com/lima-vm/lima/releases/tag/v1.0.0)

[Compare Source](lima-vm/lima@v0.23.2...v1.0.0)

With the support from 110+ contributors in 3+ years, the Lima project has finally reached v1.0. 🎉

This release introduces several breaking changes, such as switching the default machine driver from QEMU to VZ for better filesystem performance.

The `limactl` CLI is designed to print hints when the user hits those breaking changes.
e.g., `limactl create template://experimental/vz` now fails with a hint that suggests using `limactl create --vm-type=vz template://default` instead.

🔴 = Major breaking changes
🟡 = Minor breaking changes

-   VZ:
    -   Graduate VZ machine driver from experimental ([#&#8203;2758](lima-vm/lima#2758))
    -   🔴 Use VZ by default for new instances on macOS >= 13.5 ([#&#8203;1951](lima-vm/lima#1951))
    -   Support nested virtualization on M3 ([#&#8203;2530](lima-vm/lima#2530), thanks to [@&#8203;abiosoft](https://github.com/abiosoft))
    -   Optimize qcow2-to-raw image conversion (lima-vm/go-qcow2reader@v0.1.2...v0.4.0 , thanks to [@&#8203;nirs](https://github.com/nirs))
    -   Support specifying a custom kernel ([#&#8203;2562](lima-vm/lima#2562), thanks to [@&#8203;norio-nomura](https://github.com/norio-nomura))

-   QEMU:
    -   Graduate 9p mount driver from experimental ([#&#8203;2758](lima-vm/lima#2758))
    -   🔴 Use 9p by default for most templates ([#&#8203;1953](lima-vm/lima#1953), [#&#8203;2822](lima-vm/lima#2822))
    -   riscv64: switch from u-boot to EDK2 ([#&#8203;2592](lima-vm/lima#2592))

-   Network:
    -   Graduate user-v2 network driver from experimental ([#&#8203;2758](lima-vm/lima#2758))
    -   Support UDP port forwarding ([#&#8203;2411](lima-vm/lima#2411), thanks to [@&#8203;balajiv113](https://github.com/balajiv113))
    -   🔴 Strictly require `socket_vmnet` binary to be owned by root ([#&#8203;2734](lima-vm/lima#2734))

-   SSH:
    -   🟡 Disable `ssh.loadDotSSHPubKeys` by default ([#&#8203;2706](lima-vm/lima#2706))

-   YAML:
    -   Support generating jsonschema ([#&#8203;2306](lima-vm/lima#2306), thanks to [@&#8203;afbjorklund](https://github.com/afbjorklund))
    -   Support specifying `param` for provisioning scripts ([#&#8203;2570](lima-vm/lima#2570), thanks to [@&#8203;jandubois](https://github.com/jandubois))
    -   Support specifying `minimumLimaVersion` and `vmOpts.qemu.minimumVersion` ([#&#8203;2659](lima-vm/lima#2659), thanks to [@&#8203;jandubois](https://github.com/jandubois))
    -   Support template expansion in mounts ([#&#8203;2588](lima-vm/lima#2588), thanks to [@&#8203;norio-nomura](https://github.com/norio-nomura))

-   `limactl` CLI:
    -   Add `limactl tunnel` command so as to allow the host to join the guest network ([#&#8203;2710](lima-vm/lima#2710))
    -   Add `--log-format=json` ([#&#8203;2584](lima-vm/lima#2584), thanks to [@&#8203;nirs](https://github.com/nirs))
    -   `limactl prune`: Add `--keep-referred` ([#&#8203;2569](lima-vm/lima#2569), thanks to [@&#8203;norio-nomura](https://github.com/norio-nomura))

-   nerdctl:
    -   Updated to [v2.0.0](https://github.com/containerd/nerdctl/releases/tag/v2.0.0) ([#&#8203;2178](lima-vm/lima#2178))
    -   rootless: allocate 1G subuids from 524288 (0x80000) for new users ([#&#8203;2725](lima-vm/lima#2725))

-   Templates:
    -   🔴 `experimental/vz`: Merged into the `default` template ([#&#8203;2730](lima-vm/lima#2730), [#&#8203;2736](lima-vm/lima#2736))
    -   🟡 `experimental/{riscv64, armv7l}`: Merged into the `default` template ([#&#8203;2730](lima-vm/lima#2730), [#&#8203;2736](lima-vm/lima#2736))
    -   🔴 `vmnet`: Removed in favor of `limactl create --network=lima:shared template://default` ([#&#8203;2736](lima-vm/lima#2736))
    -   🟡 `experimental/net-user-v2`: Removed in favor of `limactl create --network=lima:user-v2 template://default` ([#&#8203;2736](lima-vm/lima#2736))
    -   🔴 `experimental/9p`: Removed in favor of `limactl create --mount-type=9p template://default` ([#&#8203;2736](lima-vm/lima#2736))
    -   🟡 `experimental/virtiofs-linux`: Removed in favor of `limactl create --mount-type=virtiofs template://default` ([#&#8203;2736](lima-vm/lima#2736))
    -   🔴 `alpine`: Renamed to `alpine-iso` ([#&#8203;2704](lima-vm/lima#2704))
    -   🔴 `alpine-image`: Renamed to `alpine` ([#&#8203;2704](lima-vm/lima#2704))
    -   `archlinux`: Demoted from Tier 1 to Tier 2 ([#&#8203;2717](lima-vm/lima#2717), [#&#8203;2823](lima-vm/lima#2823))
    -   `default`, `ubuntu`, ...: Updated to Ubuntu 24.10. The older versions are available as `ubuntu-20.04`, `ubuntu-22.04`, and `ubuntu-24.04` ([#&#8203;2755](lima-vm/lima#2755), [#&#8203;2795](lima-vm/lima#2795))
    -   `fedora`: Updated to Fedora 41 ([#&#8203;2821](lima-vm/lima#2821), [#&#8203;2822](lima-vm/lima#2822), thanks to [@&#8203;subpop](https://github.com/subpop))
    -   `opensuse`: Renamed to `opensuse-leap`. Still aliased as `opensuse` ([#&#8203;2612](lima-vm/lima#2612), thanks to [@&#8203;afbjorklund](https://github.com/afbjorklund))
    -   `experimental/opensuse-tumbleweed`: Support aarch64 ([#&#8203;2613](lima-vm/lima#2613), thanks to [@&#8203;afbjorklund](https://github.com/afbjorklund))
    -   `hack/update-template.sh` is added for automating updates ([#&#8203;1347](lima-vm/lima#1347), thanks to [@&#8203;norio-nomura](https://github.com/norio-nomura))

-   Project:
    -   Invite Norio Nomura ([@&#8203;norio-nomura](https://github.com/norio-nomura)) as a Reviewer ([#&#8203;2567](lima-vm/lima#2567))

Full changes: https://github.com/lima-vm/lima/milestone/47?closed=1
Thanks to [@&#8203;AdamKorcz](https://github.com/AdamKorcz) [@&#8203;Mr-Sunglasses](https://github.com/Mr-Sunglasses) [@&#8203;SmartManoj](https://github.com/SmartManoj) [@&#8203;YorikSar](https://github.com/YorikSar) [@&#8203;abiosoft](https://github.com/abiosoft) [@&#8203;afbjorklund](https://github.com/afbjorklund) [@&#8203;alexandear](https://github.com/alexandear) [@&#8203;balajiv113](https://github.com/balajiv113) [@&#8203;hasan4791](https://github.com/hasan4791) [@&#8203;jandubois](https://github.com/jandubois) [@&#8203;nirs](https://github.com/nirs) [@&#8203;norio-nomura](https://github.com/norio-nomura) [@&#8203;pvdvreede](https://github.com/pvdvreede) [@&#8203;subpop](https://github.com/subpop) [@&#8203;tsukasaI](https://github.com/tsukasaI)

#### Usage

```console
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux
```

***

The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/11695321667

The sha256sum of the SHA256SUMS file itself is `4bd200a163111fe78c6f3e6de405113d416053802fe1507597f9a42f89a98c90` .

***

Release manager: [@&#8203;AkihiroSuda](https://github.com/AkihiroSuda)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
expert help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

6 participants