Bootstrap cortex linux distro hybrid ISO (Live boot + Full installer mode)

.github/workflows/build-iso.yml

@@ -12,187 +12,240 @@ on:
     paths:
       - 'iso/**'
       - 'packages/**'
+      - 'scripts/**'
+      - 'docs/branding/**'
       - 'Makefile'
       - '.github/workflows/build-iso.yml'
   pull_request:
     branches: [main]
     paths:
       - 'iso/**'
       - 'packages/**'
+      - 'scripts/**'
+      - 'docs/branding/**'
       - 'Makefile'
   workflow_dispatch:
-    inputs:
-      iso_type:
-        description: 'ISO type to build'
-        required: true
-        default: 'offline'
-        type: choice
-        options:
-          - netinst
-          - offline
-          - both
 
 env:
   DEBIAN_FRONTEND: noninteractive
 
 jobs:
-  build-packages:
-    name: Build Debian Packages
+  validate:
+    name: Validate
     runs-on: ubuntu-24.04
+    container:
+      image: debian:bookworm
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Install build dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y \
-            dpkg-dev \
-            devscripts \
-            debhelper \
-            fakeroot \
-            gnupg
-
-      - name: Build cortex-archive-keyring
-        run: |
-          cd packages/cortex-archive-keyring
-          dpkg-buildpackage -us -uc -b
-
-      - name: Build cortex-core
+      - name: Install git
         run: |
-          cd packages/cortex-core
-          dpkg-buildpackage -us -uc -b
+          apt-get update
+          apt-get install -y git sudo make shellcheck
 
-      - name: Build cortex-full
-        run: |
-          cd packages/cortex-full
-          dpkg-buildpackage -us -uc -b
+      - name: Checkout
+        uses: actions/checkout@v4
 
-      - name: Upload packages
-        uses: actions/upload-artifact@v4
-        with:
-          name: debian-packages
-          path: packages/*.deb
-          retention-days: 7
+      - name: Run validation
+        run: make validate
 
   build-iso:
-    name: Build ISO Image
-    runs-on: ubuntu-24.04
-    needs: build-packages
+    name: Build ISO (${{ matrix.arch }})
+    runs-on: ${{ matrix.runner }}
+    needs: validate
     strategy:
+      fail-fast: false
       matrix:
-        arch: [amd64]
-        # arm64 builds require self-hosted runner with ARM
+        include:
+          - arch: amd64
+            runner: ubuntu-24.04
+          - arch: arm64
+            runner: ubuntu-24.04-arm
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Download packages
-        uses: actions/download-artifact@v4
+      - name: Free disk space
+        uses: jlumbroso/free-disk-space@main
         with:
-          name: debian-packages
-          path: packages/
-
-      - name: Install live-build dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y \
-            live-build \
-            debootstrap \
-            squashfs-tools \
-            xorriso \
-            isolinux \
-            syslinux-efi \
-            grub-pc-bin \
-            grub-efi-amd64-bin \
-            mtools \
-            dosfstools
-
-      - name: Configure live-build
+          tool-cache: true
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          docker-images: true
+          swap-storage: true
+
+      - name: Additional cleanup
         run: |
-          cd iso/live-build
-          chmod +x auto/*
-          sudo lb config
+          echo "=== Additional cleanup ==="
+          sudo rm -rf /home/runner/.rustup || true
+          sudo rm -rf /home/runner/.cargo || true
+          sudo rm -rf /usr/share/swift || true
+          sudo rm -rf /usr/lib/jvm || true
+          sudo rm -rf /usr/local/julia* || true
+          sudo rm -rf /usr/local/share/chromium || true
+          sudo rm -rf /usr/lib/google-cloud-sdk || true
+          sudo rm -rf /opt/hostedtoolcache/CodeQL || true
+          echo "=== Disk space after additional cleanup ==="
+          df -h
 
-      - name: Copy packages to chroot
-        run: |
-          mkdir -p iso/live-build/config/packages.chroot/
-          cp packages/*.deb iso/live-build/config/packages.chroot/
+      - name: Checkout
+        uses: actions/checkout@v4
 
-      - name: Build ISO
+      - name: Build in Debian container
         run: |
-          cd iso/live-build
-          sudo lb build 2>&1 | tee build.log
-
-      - name: Generate checksums
+          # Use xz compression for releases (smaller), lz4 for PR/branch builds (faster)
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            COMPRESSION="xz"
+          else
+            COMPRESSION="lz4"
+          fi
+          docker run --rm --privileged \
+            -v "${{ github.workspace }}:/workspace" \
+            -w /workspace \
+            -e ARCH=${{ matrix.arch }} \
+            -e SQUASHFS_COMP=$COMPRESSION \
+            -e DEBIAN_FRONTEND=noninteractive \
+            debian:bookworm /bin/bash -c '
+              set -e
+              ./scripts/install-deps.sh
+              make check-deps
+              make iso
+            '
+
+      - name: List output
+        if: always()
         run: |
-          cd iso/live-build
-          sha256sum *.iso > SHA256SUMS
-          sha512sum *.iso > SHA512SUMS
+          ls -la output/ || echo "No output directory"
+          ls -la build/ || echo "No build directory"
 
       - name: Upload ISO
         uses: actions/upload-artifact@v4
         with:
           name: cortex-linux-${{ matrix.arch }}
           path: |
-            iso/live-build/*.iso
-            iso/live-build/SHA256SUMS
-            iso/live-build/SHA512SUMS
+            output/*.iso
+            output/*.sha256
           retention-days: 14
 
+      - name: Upload packages
+        uses: actions/upload-artifact@v4
+        with:
+          name: packages-${{ matrix.arch }}
+          path: output/*.deb
+          retention-days: 14
+
+      - name: Upload SBOM
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-${{ matrix.arch }}
+          path: output/sbom/
+          retention-days: 14
+        continue-on-error: true
+
       - name: Upload build log
         if: always()
         uses: actions/upload-artifact@v4
         with:
           name: build-log-${{ matrix.arch }}
-          path: iso/live-build/build.log
+          path: build.log
           retention-days: 7
 
+  test-iso:
+    name: Test ISO (${{ matrix.arch }})
+    runs-on: ${{ matrix.runner }}
+    needs: build-iso
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: amd64
+            runner: ubuntu-24.04
+          - arch: arm64
+            runner: ubuntu-24.04-arm
+    steps:
+      - name: Download ISO
+        uses: actions/download-artifact@v4
+        with:
+          name: cortex-linux-${{ matrix.arch }}
+
+      - name: Verify checksums
+        run: |
+          ls -la
+          for iso in *.iso; do
+            if [ -f "${iso}.sha256" ]; then
+              sha256sum -c "${iso}.sha256"
+            fi
+          done
+
+      - name: Check ISO structure
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y xorriso
+          for iso in *.iso; do
+            echo "=== Checking $iso ==="
+            xorriso -indev "$iso" -find / -maxdepth 1 2>/dev/null | head -20
+          done
+
   release:
     name: Create Release
     runs-on: ubuntu-24.04
-    needs: build-iso
+    needs: [build-iso, test-iso]
     if: startsWith(github.ref, 'refs/tags/v')
     permissions:
       contents: write
     steps:
-      - name: Download ISO artifacts
+      - name: Download all ISO artifacts
         uses: actions/download-artifact@v4
         with:
           pattern: cortex-linux-*
           merge-multiple: true
+          path: release/
 
       - name: Download packages
         uses: actions/download-artifact@v4
         with:
-          name: debian-packages
+          pattern: packages-*
+          merge-multiple: true
+          path: release/
+
+      - name: Download SBOMs
+        uses: actions/download-artifact@v4
+        with:
+          pattern: sbom-*
+          merge-multiple: true
+          path: release/sbom/
+        continue-on-error: true
+
+      - name: Generate combined checksums
+        run: |
+          cd release
+          sha256sum *.iso *.deb > SHA256SUMS 2>/dev/null || sha256sum *.iso > SHA256SUMS
+          sha512sum *.iso *.deb > SHA512SUMS 2>/dev/null || sha512sum *.iso > SHA512SUMS
 
       - name: Create Release
         uses: softprops/action-gh-release@v1
         with:
           files: |
-            *.iso
-            *.deb
-            SHA256SUMS
-            SHA512SUMS
+            release/*.iso
+            release/*.deb
+            release/SHA256SUMS
+            release/SHA512SUMS
+            release/sbom/*
           body: |
             ## Cortex Linux ${{ github.ref_name }}
-            
+
             ### Downloads
-            - **cortex-linux-*-amd64-offline.iso** - Full offline installer
-            - **cortex-linux-*-amd64-netinst.iso** - Minimal network installer
-            
+            - **cortex-linux-*.iso** - Cortex Linux ISO
+            - **cortex-branding_*.deb** - Branding package (standalone install)
+
             ### Verification
             ```bash
             sha256sum -c SHA256SUMS
             ```
-            
+
             ### Quick Start
-            1. Write ISO to USB: `dd if=cortex-linux-*.iso of=/dev/sdX bs=4M status=progress`
+            1. Write ISO to USB: `sudo dd if=cortex-linux-*.iso of=/dev/sdX bs=4M status=progress oflag=sync`
             2. Boot from USB
-            3. Follow installation prompts
-            
+            3. Select "Live Boot" or "Install"
+
             ### Documentation
-            See https://cortexlinux.com/docs for full documentation.
+            See https://github.com/cortexlinux/cortex-distro for documentation.
           draft: false
           prerelease: ${{ contains(github.ref, 'alpha') || contains(github.ref, 'beta') || contains(github.ref, 'rc') }}