diff --git a/butane/README.md b/butane/README.md new file mode 100644 index 0000000..616f137 --- /dev/null +++ b/butane/README.md @@ -0,0 +1,5 @@ +# Butane source material + +This directory holds Butane source fragments and profile inputs that feed installer customization or first-boot provisioning. + +The intent is to keep SourceOS-specific, flavor-owned Butane source here while execution/rendering automation lives downstream. diff --git a/butane/workstation/base.bu b/butane/workstation/base.bu new file mode 100644 index 0000000..9b754ea --- /dev/null +++ b/butane/workstation/base.bu @@ -0,0 +1,12 @@ +variant: fcos +version: 1.6.0 +passwd: + users: + - name: sourceos + groups: + - wheel + ssh_authorized_keys: [] +storage: + files: [] +systemd: + units: [] diff --git a/channels/README.md b/channels/README.md new file mode 100644 index 0000000..3898fd9 --- /dev/null +++ b/channels/README.md @@ -0,0 +1,11 @@ +# Release channels + +This directory holds SourceOS release-channel declarations. + +A channel defines the logical promotion lane for artifact families such as: +- dev +- qa +- prod +- customer or site-specific rings + +Channel policy and promotion automation are executed downstream; this repo owns the declared channel truth. diff --git a/channels/dev.yaml b/channels/dev.yaml new file mode 100644 index 0000000..ed0d6d3 --- /dev/null +++ b/channels/dev.yaml @@ -0,0 +1,13 @@ +apiVersion: sourceos.ai/v0 +kind: ReleaseChannel +metadata: + name: dev +spec: + description: Development and integration ring for pre-production SourceOS artifacts. + promotionTargets: + - qa + allowedFlavors: + - sourceos-workstation + defaultInstallerProfiles: + - live-usb-default + - pxe-default diff --git a/cosa/README.md b/cosa/README.md new file mode 100644 index 0000000..e043ad2 --- /dev/null +++ b/cosa/README.md @@ -0,0 +1,10 @@ +# coreos-assembler / image composition source + +This directory is the landing zone for FCOS/SourceOS image composition source material. + +It should eventually contain: +- config-git inputs for coreos-assembler +- tree/manifests for thicker derivative lanes +- release-build metadata and helper notes + +This directory is artifact truth only. Build orchestration belongs in `socios`. diff --git a/docs/ARTIFACT_TRUTH.md b/docs/ARTIFACT_TRUTH.md new file mode 100644 index 0000000..cd12468 --- /dev/null +++ b/docs/ARTIFACT_TRUTH.md @@ -0,0 +1,45 @@ +# SourceOS artifact truth + +`SourceOS` is the immutable substrate and artifact-truth repository for the Linux-side stack. + +This repo owns the definitions of **what** gets built and released, not the automation that stands builders up or the control plane that executes workflows. + +## This repo owns + +- flavor definitions +- coreos-assembler / image-composition source material +- Butane / Ignition source material +- installer profile definitions +- release channels +- artifact manifests and release metadata + +## This repo does not own + +- Foreman/Katello management host automation +- Tekton / Argo CD execution scaffolding +- workspace controller logic +- runner↔adapter protocol contracts +- generic execution control plane behavior + +Those belong respectively in: +- `SociOS-Linux/socios` +- `SociOS-Linux/workstation-contracts` +- `SocioProphet/sociosphere` +- `SocioProphet/agentplane` +- `SourceOS-Linux/sourceos-spec` + +## Directory intent + +- `flavors/` — named SourceOS flavor definitions +- `cosa/` — coreos-assembler or build-source material +- `butane/` — Butane source fragments and rendered-input source material +- `installer/` — installer profile definitions for live ISO / PXE / recovery surfaces +- `channels/` — release-channel declarations +- `manifests/` — artifact manifests and release metadata + +## Follow-on + +Subsequent changes should: +- replace stubs with canonical flavor and installer schemas aligned to `sourceos-spec` +- bind artifact manifests to `ReleaseManifest` / `EvidenceBundle` families +- add FCOS-specific build-source structure under `cosa/` diff --git a/flavors/README.md b/flavors/README.md new file mode 100644 index 0000000..41dca61 --- /dev/null +++ b/flavors/README.md @@ -0,0 +1,14 @@ +# SourceOS flavors + +This directory holds named SourceOS flavor definitions. + +A flavor is the stable substrate family that downstream automation composes into install media, disk images, or promoted release artifacts. + +## Intended contents + +- base flavor descriptors +- flavor-specific package/image composition inputs +- flavor policy notes +- flavor-level metadata used by release channels + +See `sourceos-workstation.example.yaml` for the initial stub. diff --git a/flavors/sourceos-workstation.example.yaml b/flavors/sourceos-workstation.example.yaml new file mode 100644 index 0000000..e4a1f86 --- /dev/null +++ b/flavors/sourceos-workstation.example.yaml @@ -0,0 +1,21 @@ +apiVersion: sourceos.ai/v0 +kind: Flavor +metadata: + name: sourceos-workstation + labels: + family: workstation + substrate: fcos +spec: + baseStream: stable + architecture: + - x86_64 + buildMode: thin-personalization + releaseChannels: + - dev + - qa + - prod + installerProfiles: + - live-usb-default + - pxe-default + butaneRefs: + - butane/workstation/base.bu diff --git a/installer/README.md b/installer/README.md new file mode 100644 index 0000000..a3dcefa --- /dev/null +++ b/installer/README.md @@ -0,0 +1,8 @@ +# Installer profiles + +This directory holds installer profile definitions for SourceOS artifact surfaces such as: +- customized live USB / recovery media +- PXE / UEFI HTTP boot install surfaces +- other future install or recovery delivery modes + +Profiles here are artifact-truth inputs. Media customization and publishing automation live in `socios`. diff --git a/installer/live-usb-default.yaml b/installer/live-usb-default.yaml new file mode 100644 index 0000000..5e36ad8 --- /dev/null +++ b/installer/live-usb-default.yaml @@ -0,0 +1,12 @@ +apiVersion: sourceos.ai/v0 +kind: InstallerProfile +metadata: + name: live-usb-default + labels: + surface: live-usb +spec: + baseArtifact: fcos-live-iso + ignitionMode: embed-live-and-dest + networkMode: optional-keyfiles + secureBoot: true + enrollmentProfileRef: urn:srcos:enrollment-profile:default-workstation diff --git a/installer/pxe-default.yaml b/installer/pxe-default.yaml new file mode 100644 index 0000000..ea42d1d --- /dev/null +++ b/installer/pxe-default.yaml @@ -0,0 +1,14 @@ +apiVersion: sourceos.ai/v0 +kind: InstallerProfile +metadata: + name: pxe-default + labels: + surface: pxe +spec: + baseArtifact: fcos-live-pxe + transport: uefi-http-boot + ignitionMode: dest-only + kernelArgs: + - ignition.firstboot + - ignition.platform.id=metal + enrollmentProfileRef: urn:srcos:enrollment-profile:default-workstation diff --git a/manifests/README.md b/manifests/README.md new file mode 100644 index 0000000..778fe12 --- /dev/null +++ b/manifests/README.md @@ -0,0 +1,7 @@ +# Artifact manifests + +This directory holds release and artifact metadata emitted or curated as part of SourceOS artifact truth. + +The long-term direction is to align these manifests with the shared `ReleaseManifest` and `EvidenceBundle` families in `sourceos-spec`. + +Automation that generates, signs, publishes, and promotes these manifests lives downstream in `socios` and related execution/control surfaces. diff --git a/manifests/release-manifest.example.json b/manifests/release-manifest.example.json new file mode 100644 index 0000000..644a843 --- /dev/null +++ b/manifests/release-manifest.example.json @@ -0,0 +1,22 @@ +{ + "id": "urn:srcos:release:sourceos-workstation-dev-0001", + "type": "ReleaseManifest", + "specVersion": "2.0.0", + "sourceBuildRequestRef": "urn:srcos:build-request:sourceos-workstation-dev-0001", + "artifactRefs": [ + "artifacts/sourceos-workstation-dev.iso" + ], + "artifactHashes": [ + "sha256:REPLACE_WITH_REAL_DIGEST" + ], + "sbomRefs": [], + "evidenceRefs": [], + "labels": { + "flavor": "sourceos-workstation", + "channel": "dev", + "surface": "live-usb" + }, + "channel": "dev", + "status": "draft", + "createdAt": "1970-01-01T00:00:00Z" +}