Merge branch 'master' of https://github.com/metal-stack/metal-images into debian-13

majst01 · majst01 · commit d9cab96ab849 · 2026-01-20T06:57:51.000+01:00
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -36,7 +36,6 @@ jobs:
       - name: Run tests
         run: make test
 
-
   debian_ubuntu:
     name: Build Debian and Ubuntu based OS images
     needs: test-go
@@ -235,8 +234,16 @@ jobs:
           SEMVER_PATCH: ${{ env.SEMVER_PATCH }}
         if: ${{ matrix.os.name == 'debian' }}
 
+      - name: Create GCS destination
+        run: |
+          [ "${GITHUB_EVENT_NAME}" == 'pull_request' ] && echo "GCS_DEST=gs://$GCS_BUCKET/metal-os/pull_requests/" >> $GITHUB_ENV || true
+          [ "${GITHUB_EVENT_NAME}" == 'push' ] && echo "GCS_DEST=gs://$GCS_BUCKET/metal-os" >> $GITHUB_ENV || true
+
       - name: Upload image tarballs to GCS
-        run: cd images && gsutil -m -h "Cache-Control:no-store" cp -r . gs://$GCS_BUCKET/metal-os/pull_requests/
+        run: |
+          cd images && gsutil -m -h "Cache-Control:no-store" cp -r . "${GCS_DEST}"
+        env:
+          GCS_DEST: ${{ env.GCS_DEST }}
 
   almalinux:
     name: Build Almalinux based OS image
@@ -314,5 +321,13 @@ jobs:
           service_account_email: ${{ secrets.GCP_SA_EMAIL }}
           service_account_key: ${{ secrets.GCP_SA_KEY }}
 
+      - name: Create GCS destination
+        run: |
+          [ "${GITHUB_EVENT_NAME}" == 'pull_request' ] && echo "GCS_DEST=gs://$GCS_BUCKET/metal-os/pull_requests/" >> $GITHUB_ENV || true
+          [ "${GITHUB_EVENT_NAME}" == 'push' ] && echo "GCS_DEST=gs://$GCS_BUCKET/metal-os" >> $GITHUB_ENV || true
+
       - name: Upload image tarballs to GCS
-        run: cd images && gsutil -m -h "Cache-Control:no-store" cp -r . gs://$GCS_BUCKET/metal-os/pull_requests/
+        run: |
+          cd images && gsutil -m -h "Cache-Control:no-store" cp -r . "${GCS_DEST}"
+        env:
+          GCS_DEST: ${{ env.GCS_DEST }}
diff --git a/firewall/Dockerfile b/firewall/Dockerfile
@@ -7,6 +7,8 @@ FROM ghcr.io/metal-stack/droptailer-client:${DROPTAILER_VERSION} AS droptailer-a
 
 FROM ghcr.io/metal-stack/firewall-controller:${FIREWALL_CONTROLLER_VERSION} AS firewall-controller-artifacts
 
+FROM ghcr.io/metal-stack/frr:10.4.1-ubuntu-24.04 AS frr-artifacts
+
 FROM ghcr.io/tailscale/tailscale:${TAILSCALE_VERSION} AS tailscale-artifacts
 
 FROM quay.io/prometheus/node-exporter:${NODE_EXPORTER_VERSION} AS node_exporter-artifacts
@@ -27,6 +29,11 @@ RUN apt-get update --quiet \
  && apt-get remove --yes iptables \
  && apt install --yes iptables
 
+# Forcefully install frr from our own builds because upstream repo removes older patch versions
+COPY --from=frr-artifacts /artifacts/*.deb /tmp/
+RUN apt remove --yes frr* \
+ && apt install --yes --allow-downgrades /tmp/*.deb
+
 # Context:
 # - chrony.conf provides default configuration for chrony
 # - nftables rules are copied in place; nftables.service will load them on startup.
