feat: Add a kairos-fedora image

.github/workflows/image-kairos-fedora.yml

@@ -0,0 +1,56 @@
+---
+name: Build Kairos-Fedora
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/image-kairos-fedora.yml
+      - images/kairos-fedora/**
+    tags:
+      - kairos-fedora-*
+  pull_request:
+    branches:
+      - main
+    paths:
+      - .github/workflows/image-kairos-fedora.yml
+      - images/kairos-fedora/**
+
+jobs:
+  build-container:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # Note: this must start with a number for the build to work correctly!
+      - name: Compute Version Tag
+        env:
+          BRANCH: ${{ github.ref_type == 'tag' && github.ref_name || github.event_name != 'pull_request' && format('{0}.{1}.{2}', github.run_id, github.run_number, github.run_attempt) || format('{0}-pr', github.event.number) }}
+        id: version_tag
+        run: echo "tag=$BRANCH" | sed -e 's/kairos-fedora-//' >> "$GITHUB_OUTPUT"
+      - name: Generate Metadata
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
+        id: metadata
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/kairos-fedora
+      - name: Build Image
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
+        with:
+          build-args: |
+            VERSION=${{ steps.version_tag.outputs.tag }}
+          context: images/kairos-fedora
+          file: images/kairos-fedora/Containerfile
+          labels: ${{ steps.metadata.outputs.labels }}
+          push: ${{ github.ref_type == 'tag' }}
+          tags: ghcr.io/${{ github.repository_owner }}/kairos-fedora:${{ steps.version_tag.outputs.tag }}

.release-please-manifest.json

@@ -1,5 +1,6 @@
 {
   "ansible": "1.3.3",
+  "images/kairos-fedora": "0.1.0",
   "images/kairos-ubuntu": "1.0.3",
   "images/vscode-ssh-server": "0.1.2",
   "kustomization/components/factorio": "0.1.3",

images/kairos-fedora/Containerfile

@@ -0,0 +1,58 @@
+# See https://kairos.io/docs/reference/kairos-factory/ for more details.
+
+FROM quay.io/kairos/kairos-init:v0.10.0@sha256:ed04343a44af73e1f916f6abdfdccf866f97ee17d855a4a713c5a31c50702386 AS kairos-init
+
+# Allow build scripts to be referenced without being copied into the final image.
+FROM scratch AS ctx
+COPY build_files /
+
+FROM fedora:44@sha256:498c452f32a739b61f0ef215bce9924ebc4866cbe44710f58157d77723b7a6d2 AS base-kairos
+LABEL org.opencontainers.image.title="A custom Fedora-based Kairos image."
+LABEL org.opencontainers.image.title="kairos-fedora"
+ARG MODEL=generic
+ARG TRUSTED_BOOT=false
+ARG KUBERNETES_DISTRO=k3s
+# renovate: datasource=github-releases depName=k3s-io/k3s
+ARG KUBERNETES_VERSION=v1.35.3+k3s1
+ARG VERSION
+
+COPY --from=kairos-init /kairos-init /kairos-init
+
+# Install Kairos into the image.
+# hadolint ignore=DL3059
+RUN /kairos-init \
+    -l debug \
+    -m "${MODEL}" \
+    -s install \
+    -t "${TRUSTED_BOOT}" \
+    --provider "${KUBERNETES_DISTRO}" \
+    --provider-k3s-version "${KUBERNETES_VERSION}" \
+    --version "${VERSION}"
+
+# Our customizations!
+# hadolint ignore=DL3059
+RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
+    --mount=type=cache,dst=/var/cache \
+    --mount=type=cache,dst=/var/log \
+    --mount=type=tmpfs,dst=/tmp \
+    /ctx/customization.sh
+
+# Initialize the image.
+# hadolint ignore=DL3059
+RUN /kairos-init \
+    -l debug \
+    -m "${MODEL}" \
+    -s init \
+    -t "${TRUSTED_BOOT}" \
+    --provider "${KUBERNETES_DISTRO}" \
+    --provider-k3s-version "${KUBERNETES_VERSION}" \
+    --version "${VERSION}"
+
+# Validate the image.
+# hadolint ignore=DL3059
+RUN /kairos-init \
+    validate \
+    -t "${TRUSTED_BOOT}"
+
+# hadolint ignore=DL3059
+RUN rm /kairos-init

images/kairos-fedora/README.md

@@ -0,0 +1,4 @@
+# Marinated Concrete's Custom Fedora-Based Kairos Image
+
+This utilizes the [Kairos Factory](https://kairos.io/docs/reference/kairos-factory/) to produce our very own custom
+image!

images/kairos-fedora/build_files/customization.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -ouex pipefail
+
+# Additional Packages
+PACKAGES=(
+    # Used by `ansible.builtin.expect`
+    "python3-pexpect"
+)
+
+dnf upgrade -y
+dnf install -y --setopt=install_weak_deps=False "${PACKAGES[@]}"
+
+# Cleanup
+dnf clean all
+rm -rf /var/cache/dnf

release-please-config.json

@@ -49,6 +49,12 @@
       "release-type": "simple",
       "tag-separator": "-"
     },
+    "images/kairos-fedora": {
+      "include-v-in-tag": false,
+      "package-name": "kairos-fedora",
+      "release-type": "simple",
+      "tag-separator": "-"
+    },
     "images/vscode-ssh-server": {
       "include-v-in-tag": false,
       "package-name": "vscode-ssh-server",

renovate.json

@@ -101,6 +101,16 @@
       "matchUpdateTypes": ["digest"],
       "schedule": ["on the first day of the month"]
     },
+    {
+      "description": "Auto-merge fedora digest updates monthly",
+      "automerge": true,
+      "automergeType": "branch",
+      "groupName": "fedora",
+      "matchFileNames": ["images/kairos-fedora/Containerfile"],
+      "matchPackageNames": ["fedora"],
+      "matchUpdateTypes": ["digest"],
+      "schedule": ["on the first day of the month"]
+    },
     {
       "description": "Auto-merge vscode-ssh-server digest updates",
       "automerge": true,

renovate/marinatedconcrete.json

@@ -38,6 +38,12 @@
       "matchCurrentValue": "kairos-ubuntu-**",
       "matchPackageNames": ["marinatedconcrete/config"]
     },
+    {
+      "groupName": "marinatedconcrete Kairos Fedora Image",
+      "groupSlug": "marinatedconcrete-kairos-fedora",
+      "matchCurrentValue": "kairos-fedora-**",
+      "matchPackageNames": ["marinatedconcrete/config"]
+    },
     {
       "groupName": "marinatedconcrete vscode SSH Server Image",
       "groupSlug": "marinatedconcrete-vscode-ssh-server",