From daae19a07b9b88b7d6291a46d64588953c3c2710 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Wed, 10 Jul 2024 12:16:17 +0200
Subject: [PATCH 1/4] github/workflows: Use Ubuntu 24.04 runners

---
 .github/workflows/almalinux.yaml   | 2 +-
 .github/workflows/alpine.yaml      | 2 +-
 .github/workflows/amazonlinux.yaml | 2 +-
 .github/workflows/centos.yaml      | 2 +-
 .github/workflows/debian.yaml      | 2 +-
 .github/workflows/opensuse.yaml    | 2 +-
 .github/workflows/rockylinux.yaml  | 2 +-
 .github/workflows/wolfi.yaml       | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/almalinux.yaml b/.github/workflows/almalinux.yaml
index e2f02598..746040ca 100644
--- a/.github/workflows/almalinux.yaml
+++ b/.github/workflows/almalinux.yaml
@@ -38,7 +38,7 @@ jobs:
       matrix:
         release: ['8', '9']
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/alpine.yaml b/.github/workflows/alpine.yaml
index f31899d5..a4df55cc 100644
--- a/.github/workflows/alpine.yaml
+++ b/.github/workflows/alpine.yaml
@@ -38,7 +38,7 @@ jobs:
       matrix:
         release: ['3.16', '3.17', '3.18', '3.19', '3.20', 'edge']
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/amazonlinux.yaml b/.github/workflows/amazonlinux.yaml
index fa3e810c..3c3db3e0 100644
--- a/.github/workflows/amazonlinux.yaml
+++ b/.github/workflows/amazonlinux.yaml
@@ -38,7 +38,7 @@ jobs:
       matrix:
         release: ['2', '2023']
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/centos.yaml b/.github/workflows/centos.yaml
index 9dfbf9f6..808981c8 100644
--- a/.github/workflows/centos.yaml
+++ b/.github/workflows/centos.yaml
@@ -38,7 +38,7 @@ jobs:
       matrix:
         release: ['stream8', 'stream9', 'stream10-development']
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/debian.yaml b/.github/workflows/debian.yaml
index 9f0a8a25..d8511ee4 100644
--- a/.github/workflows/debian.yaml
+++ b/.github/workflows/debian.yaml
@@ -38,7 +38,7 @@ jobs:
       matrix:
         release: ['10', '11', '12', 'testing', 'unstable']
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/opensuse.yaml b/.github/workflows/opensuse.yaml
index 5ec8efd8..802a4450 100644
--- a/.github/workflows/opensuse.yaml
+++ b/.github/workflows/opensuse.yaml
@@ -38,7 +38,7 @@ jobs:
       matrix:
         release: ['tumbleweed']
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/rockylinux.yaml b/.github/workflows/rockylinux.yaml
index 3081f599..96bcc91d 100644
--- a/.github/workflows/rockylinux.yaml
+++ b/.github/workflows/rockylinux.yaml
@@ -38,7 +38,7 @@ jobs:
       matrix:
         release: ['8', '9']
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/wolfi.yaml b/.github/workflows/wolfi.yaml
index bf0494f8..b21dcf5a 100644
--- a/.github/workflows/wolfi.yaml
+++ b/.github/workflows/wolfi.yaml
@@ -38,7 +38,7 @@ jobs:
       matrix:
         release: ['latest']
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4

From 081f2de68c7c1618cf0489eba06a8c2494aed5f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Wed, 10 Jul 2024 13:02:55 +0200
Subject: [PATCH 2/4] github/workflows: Keep Debian on ubuntu-latest runners

See: https://github.com/toolbx-images/images/pull/129#issuecomment-2220209778
---
 .github/workflows/debian.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/debian.yaml b/.github/workflows/debian.yaml
index d8511ee4..9f0a8a25 100644
--- a/.github/workflows/debian.yaml
+++ b/.github/workflows/debian.yaml
@@ -38,7 +38,7 @@ jobs:
       matrix:
         release: ['10', '11', '12', 'testing', 'unstable']
 
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4

From f84fdd81c7b2e5f0494abbe326ace94dc427eed0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Wed, 10 Jul 2024 12:40:56 +0200
Subject: [PATCH 3/4] github/workflows: Stop building CentOS Stream 8 (EOL)

---
 .github/workflows/centos.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/centos.yaml b/.github/workflows/centos.yaml
index 808981c8..1777a287 100644
--- a/.github/workflows/centos.yaml
+++ b/.github/workflows/centos.yaml
@@ -36,7 +36,7 @@ jobs:
   build-push-images:
     strategy:
       matrix:
-        release: ['stream8', 'stream9', 'stream10-development']
+        release: ['stream9', 'stream10-development']
 
     runs-on: ubuntu-24.04
     steps:

From 49b05d78a500d5e81c209b6cbcb07181f5ad90df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Wed, 10 Jul 2024 12:36:47 +0200
Subject: [PATCH 4/4] github/workflows: Also push zstd:chunked compressed
 images (CentOS)

See: https://github.com/toolbx-images/images/issues/128
See: https://fedoraproject.org/wiki/Changes/zstd:chunked
See: https://docs.podman.io/en/latest/markdown/podman-push.1.html#compression-format-gzip-zstd-zstd-chunked
See: https://github.com/coreos/fedora-coreos-tracker/issues/1660
---
 .github/workflows/centos.yaml | 44 +++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/.github/workflows/centos.yaml b/.github/workflows/centos.yaml
index 1777a287..e7dd787d 100644
--- a/.github/workflows/centos.yaml
+++ b/.github/workflows/centos.yaml
@@ -84,6 +84,20 @@ jobs:
           registry: ${{ env.registry }}
           tags: ${{ matrix.release }}
 
+      - name: Push to Container Registry (zstd)
+        uses: redhat-actions/push-to-registry@v2
+        id: push-zstd
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release != matrix.release
+        with:
+          username: ${{ secrets.BOT_USERNAME }}
+          password: ${{ secrets.BOT_SECRET }}
+          image: ${{ env.distro }}-toolbox
+          registry: ${{ env.registry }}
+          tags: ${{ matrix.release }}-zstd
+          extra-args: |
+            --compression-format=zstd:chunked
+            --compression-level=19
+
       - name: Push to Container Registry (latest tag)
         uses: redhat-actions/push-to-registry@v2
         id: push-latest
@@ -95,6 +109,20 @@ jobs:
           registry: ${{ env.registry }}
           tags: ${{ matrix.release }} latest
 
+      - name: Push to Container Registry (latest tag, zstd)
+        uses: redhat-actions/push-to-registry@v2
+        id: push-latest-zstd
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
+        with:
+          username: ${{ secrets.BOT_USERNAME }}
+          password: ${{ secrets.BOT_SECRET }}
+          image: ${{ env.distro }}-toolbox
+          registry: ${{ env.registry }}
+          tags: ${{ matrix.release }}-zstd latest-zstd
+          extra-args: |
+            --compression-format=zstd:chunked
+            --compression-level=19
+
       - name: Login to Container Registry
         uses: redhat-actions/podman-login@v1
         if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
@@ -114,6 +142,14 @@ jobs:
           COSIGN_EXPERIMENTAL: false
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
 
+      - name: Sign container image (zstd)
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release != matrix.release
+        run: |
+          cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.registry }}/${{ env.distro }}-toolbox@${{ steps.push-zstd.outputs.digest }}
+        env:
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+
       - name: Sign container image (latest)
         if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
         run: |
@@ -121,3 +157,11 @@ jobs:
         env:
           COSIGN_EXPERIMENTAL: false
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+
+      - name: Sign container image (latest, zstd)
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
+        run: |
+          cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.registry }}/${{ env.distro }}-toolbox@${{ steps.push-latest-zstd.outputs.digest }}
+        env:
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}