Restructure how we manage ubuntu releases

Author: devpow112

.github/dependabot.yml

@@ -15,72 +15,11 @@ updates:
       docker-actions:
         patterns:
           - docker/*
-  - package-ecosystem: github-actions
-    directory: /
-    target-branch: release/jammy
-    schedule:
-      interval: daily
-      time: '04:00'
-      timezone: America/Toronto
-    rebase-strategy: auto
-    labels:
-      - auto
-      - dependencies
-      - github-actions
-    groups:
-      docker-actions:
-        patterns:
-          - docker/*
-  - package-ecosystem: github-actions
-    directory: /
-    target-branch: release/focal
-    schedule:
-      interval: daily
-      time: '04:00'
-      timezone: America/Toronto
-    rebase-strategy: auto
-    labels:
-      - auto
-      - dependencies
-      - github-actions
-    groups:
-      docker-actions:
-        patterns:
-          - docker/*
   - package-ecosystem: docker
-    directory: /
-    schedule:
-      interval: daily
-      time: '04:00'
-      timezone: America/Toronto
-    cooldown:
-      default-days: 7
-      include:
-        - ubuntu:*
-    rebase-strategy: auto
-    labels:
-      - auto
-      - dependencies
-      - docker
-  - package-ecosystem: docker
-    directory: /
-    target-branch: release/jammy
-    schedule:
-      interval: daily
-      time: '04:00'
-      timezone: America/Toronto
-    cooldown:
-      default-days: 7
-      include:
-        - ubuntu:*
-    rebase-strategy: auto
-    labels:
-      - auto
-      - dependencies
-      - docker
-  - package-ecosystem: docker
-    directory: /
-    target-branch: release/focal
+    directories:
+      - /releases/noble
+      - /releases/jammy
+      - /releases/focal
     schedule:
       interval: daily
       time: '04:00'

.github/labeler.yml

@@ -1,8 +1,8 @@
 bash:
   - changed-files:
     - any-glob-to-any-file:
-      - root/etc/s6-overlay/s6-rc.d/*/run
-      - test/etc/s6-overlay/s6-rc.d/*/run
+      - 'releases/*/root/etc/s6-overlay/s6-rc.d/*/run'
+      - 'releases/*/test/root/etc/s6-overlay/s6-rc.d/*/run'
 docker:
   - changed-files:
     - any-glob-to-any-file:

.github/scripts/update-packages.sh

@@ -2,12 +2,14 @@
 
 set -euo pipefail
 
-INSTALL_FILE="packages/generated/install.txt"
+RELEASE="${1:?Usage: $0 <release-dir>}"
+
+INSTALL_FILE="${RELEASE}/packages/generated/install.txt"
 DPKG_QUERY="dpkg-query -W -f '\${Package}=\${Version}\n'"
 
-BASE_IMAGE=$(sed -n 's/^FROM \(ubuntu:[a-z]*-[0-9]*\)$/\1/p' Dockerfile)
-REQUIRED=$(sed '/^$/d' packages/required.txt | tr '\n' ' ')
-TEMPORARY=$(sed '/^$/d' packages/temporary.txt | tr '\n' ' ')
+BASE_IMAGE=$(sed -n 's/^FROM \(ubuntu:[a-z]*-[0-9]*\)$/\1/p' "${RELEASE}/Dockerfile")
+REQUIRED=$(sed '/^$/d' "${RELEASE}/packages/required.txt" | tr '\n' ' ')
+TEMPORARY=$(sed '/^$/d' "${RELEASE}/packages/temporary.txt" | tr '\n' ' ')
 
 # get base image package list
 BASE_LIST=$(

.github/workflows/backport.yml

@@ -1,33 +1,53 @@
 name: Pull Request
-on:
-  pull_request:
-    branches:
-      - main
-      - release/*
+on: pull_request
 permissions:
   contents: read
 defaults:
   run:
     shell: bash
 concurrency:
-  group: ${{github.event.pull_request.number}}
+  group: ${{github.workflow_ref}}
   cancel-in-progress: true
 jobs:
+  determine-releases:
+    name: Determine Releases
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      releases: ${{steps.releases.outputs.releases}}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6.0.2
+      - name: Determine releases
+        id: releases
+        run: |
+          RELEASES=$(ls -d releases/*/ | xargs -n1 basename)
+          echo "Releases: ${RELEASES//$'\n'/, }"
+          RELEASES=$(echo "$RELEASES" | jq -Rnc '[inputs]')
+          echo "releases=${RELEASES}" >> "${GITHUB_OUTPUT}"
   check-packages:
     name: Check Packages
     runs-on: ubuntu-latest
     timeout-minutes: 10
     permissions:
       contents: write
       pull-requests: write
+    needs:
+      - determine-releases
+      - check-base-images
     steps:
       - name: Checkout
         uses: actions/checkout@v6.0.2
         with:
           ref: ${{github.head_ref}}
       - name: Update packages
-        id: updates
-        run: bash .github/scripts/update-packages.sh
+        run: |
+          for RELEASE_DIR in releases/*/; do
+            RELEASE=$(basename "${RELEASE_DIR}")
+            echo "::group::${RELEASE}"
+            bash .github/scripts/update-packages.sh "${RELEASE_DIR%/}"
+            echo '::endgroup::'
+          done
       - name: Gather info
         id: info
         run: |
@@ -46,16 +66,40 @@ jobs:
           commit-message: ${{steps.info.outputs.title}}
           author: ${{steps.info.outputs.commit-author}}
           committer: ${{steps.info.outputs.commit-author}}
-          add-paths: packages/generated/install.txt
+          add-paths: releases/*/packages/generated/install.txt
           base: ${{github.event.pull_request.head.ref}}
           branch: auto/update-packages/pr-${{github.event.pull_request.number}}
           delete-branch: true
           draft: true
           title: ${{steps.info.outputs.title}}
-          body: ${{steps.updates.outputs.update-body}}
+          body: Automated package updates.
           labels: |
             dependencies
             auto
+  check-base-images:
+    name: Check Base Images
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    needs: determine-releases
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6.0.2
+      - name: Verify base images match releases
+        run: |
+          for RELEASE_DIR in releases/*/; do
+            RELEASE=$(basename "${RELEASE_DIR}")
+            echo "::group::${RELEASE}"
+            FROM_LINE=$(grep -E '^FROM ubuntu:' "${RELEASE_DIR}Dockerfile")
+            IMAGE_TAG=${FROM_LINE#FROM ubuntu:}
+            IMAGE_STREAM=${IMAGE_TAG%%-*}
+            if [[ "${IMAGE_STREAM}" != "${RELEASE}" ]]; then
+              echo "::error::Base image '${FROM_LINE}' does not match" \
+                "release '${RELEASE}' (expected 'FROM ubuntu:${RELEASE}-...')"
+              exit 1
+            fi
+            echo "Base image '${FROM_LINE}' matches release '${RELEASE}'"
+            echo '::endgroup::'
+          done
   check-formatting-all:
     name: Check Formatting (All)
     runs-on: ubuntu-latest
@@ -76,6 +120,8 @@ jobs:
         uses: actions/checkout@v6.0.2
       - name: Check formatting
         uses: hadolint/hadolint-action@v3.3.0
+        with:
+          recursive: true
   check-formatting-markdown:
     name: Check Formatting (Markdown)
     runs-on: ubuntu-latest
@@ -95,29 +141,28 @@ jobs:
       contents: read
       pull-requests: write
     needs:
+      - determine-releases
+      - check-base-images
       - check-packages
+    strategy:
+      fail-fast: false
+      matrix:
+        release: ${{fromJson(needs.determine-releases.outputs.releases)}}
     steps:
       - name: Checkout
         uses: actions/checkout@v6.0.2
       - name: Determine info
         id: info
         run: |
-          PLATFORMS=(
-            linux/amd64
-            linux/arm/v7
-            linux/arm64
-            linux/ppc64le
-            linux/riscv64
-            linux/s390x
-          )
-          SAVE_IFS="$IFS"
-          IFS=","
-          PLATFORMS="${PLATFORMS[*]}"
-          IFS="$SAVE_IFS"
+          RELEASE_DIR="releases/${RELEASE}"
+          PLATFORMS=$(paste -sd, "${RELEASE_DIR}/platforms.txt")
           TEMP_IMAGE='ci'
           echo "platforms=$PLATFORMS" >> $GITHUB_OUTPUT
-          echo "ci-image-tag=$TEMP_IMAGE:image" >> $GITHUB_OUTPUT
-          echo "ci-test-image-tag=$TEMP_IMAGE:test-image" >> $GITHUB_OUTPUT
+          echo "ci-image-tag=$TEMP_IMAGE:${RELEASE}" >> $GITHUB_OUTPUT
+          echo "ci-test-image-tag=$TEMP_IMAGE:${RELEASE}-test" >> $GITHUB_OUTPUT
+          echo "release-dir=${RELEASE_DIR}" >> $GITHUB_OUTPUT
+        env:
+          RELEASE: ${{matrix.release}}
       - name: Set up Docker
         uses: docker/setup-docker-action@v5.0.0
         with:
@@ -130,22 +175,22 @@ jobs:
       - name: Build image
         uses: docker/build-push-action@v7.0.0
         with:
-          context: .
+          context: ./${{steps.info.outputs.release-dir}}
           platforms: ${{steps.info.outputs.platforms}}
           tags: ${{steps.info.outputs.ci-image-tag}}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=gha,scope=${{matrix.release}}
+          cache-to: type=gha,scope=${{matrix.release}},mode=max
           load: true
       - name: Build test image
         uses: docker/build-push-action@v7.0.0
         with:
-          context: ./test
+          context: ./${{steps.info.outputs.release-dir}}/test
           build-contexts: |
             ci:image=docker-image://${{steps.info.outputs.ci-image-tag}}
           platforms: ${{steps.info.outputs.platforms}}
           tags: ${{steps.info.outputs.ci-test-image-tag}}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=gha,scope=${{matrix.release}}-test
+          cache-to: type=gha,scope=${{matrix.release}}-test,mode=max
           load: true
       - name: Run tests
         run: >
@@ -164,13 +209,13 @@ jobs:
       - name: Hide outdated build details comments
         uses: int128/hide-comment-action@v1.53.0
         with:
-          starts-with: <!-- build details -->
+          starts-with: <!-- build details (${{matrix.release}}) -->
       - name: Create build details comment
         id: image-details
         run: |
           # Determine the remote image tag to compare against
           echo "::group::Determine remote image tag"
-          VERSION=$(grep -E '^FROM ubuntu:[a-z]+-[0-9]+$' Dockerfile)
+          VERSION=$(grep -E '^FROM ubuntu:[a-z]+-[0-9]+$' releases/${RELEASE}/Dockerfile)
           VERSION=${VERSION##*:}
           STREAM=${VERSION%-*}
           REMOTE_IMAGE_TAG=$REMOTE_IMAGE:$STREAM
@@ -185,7 +230,7 @@ jobs:
           fi
           echo "::endgroup::"
           # Build the comment body per platform
-          BODY=$'<!-- build details -->\n\n'
+          BODY="<!-- build details (${RELEASE}) -->"$'\n\n'
           HAVE_REMOTE=true
           FAILED_PLATFORMS=()
           TOTAL_SIZE_NEW=0
@@ -269,7 +314,7 @@ jobs:
           elif (( OVERALL_DIFF < 0 )); then
             OVERALL_SIZE+=" \`$(echo $OVERALL_DIFF | numfmt $FMT)\`"
           fi
-          BODY+=$'## Build Details\n\n'
+          BODY+="## Build Details (${RELEASE})"$'\n\n'
           if [[ "$HAVE_REMOTE" != "true" ]]; then
             BODY+=$'> [!WARNING]\n'
             BODY+=$'> Size comparison may be inaccurate.'
@@ -287,6 +332,7 @@ jobs:
           echo "::endgroup::"
           gh pr comment "$PULL_REQUEST_NUMBER" --body "$BODY"
         env:
+          RELEASE: ${{matrix.release}}
           REMOTE_IMAGE: ghcr.io/${{github.repository_owner}}/base-ubuntu
           LOCAL_IMAGE_TAG: ${{steps.info.outputs.ci-image-tag}}
           PLATFORMS: ${{steps.info.outputs.platforms}}