BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 16:56:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
No description
180 commits 1 branch 156 tags 1.9 MiB
TypeScript 65.4%
Rust 21%
JavaScript 5.9%
Shell 5.1%
HTML 2.4%
Other 0.2%
Find a file
Mitchell R 084c119c44
feat(os-ota): build + sign + auto-import .raucb bundles in CI 
Phase 1 of the OS OTA pipeline. Three pieces:

scripts/gen-rauc-signing-keys.sh — one-shot helper that issues an
Ed25519 X.509 CA + signing cert pair. Operator runs locally, commits
the CA cert (for embedding in kiosk image at /etc/rauc/keyring.pem),
stores the signing pair as GitHub Actions secrets
(BF_RAUC_SIGNING_CERT + BF_RAUC_SIGNING_KEY), keeps the CA private
key offline. RAUC verifies bundles against the keyring in the image.

deploy/rauc/build-bundle.sh — takes the pi-gen .img.xz, parses its
partition table with sfdisk, dd-extracts bootfs (vfat) + rootfs
(ext4) into a staging dir, renders manifest.raucm.in with version
+ git sha, runs `rauc bundle --cert= --key=` to produce a signed
.raucb. Verifies the bundle round-trips with `rauc info`.

build.yml gains two gated steps:
  - "Build RAUC bundle": runs only when both signing secrets are set,
    uploads .raucb as a release asset alongside the .img.xz.
  - "Auto-import OS bundle into BF server": POSTs the GH release asset
    URL to ${BF_AUTOIMPORT_URL}/api/admin/os/import so the server
    pulls + stores the bundle. Mirrors the kiosk-binary auto-import
    flow that already worked.

Compatibility string is `betterframe-rpi5-aarch64` (matches the value
already declared in deploy/rauc/system.conf). Channel passed through
from inputs (dev for master pushes, stable/beta for tags).

What's NOT in this commit:
  - Pi image A/B partition layout (custom genimage / pi-gen patch)
  - rauc package install + keyring drop in pi-gen stage
  - Kiosk-side os_update.rs Rust consumer that polls /api/kiosk/os/check
  - Admin UI for releases + rollouts

A bundle built today reaches /api/admin/os/import on the server but
isn't installable yet — kiosks have no consumer and no A/B layout.
That's the next 3 phases. Bundle production needs to be solid first
so the kiosk side can be tested against real artifacts.
2026-05-21 10:44:24 +02:00
.github/workflows feat(os-ota): build + sign + auto-import .raucb bundles in CI 2026-05-21 10:44:24 +02:00
deploy feat(os-ota): build + sign + auto-import .raucb bundles in CI 2026-05-21 10:44:24 +02:00
docs feat(ota): add RAUC OS update foundation 2026-05-20 05:15:29 +02:00
kiosk feat(preview): pull entity snapshot from active kiosk first 2026-05-21 10:35:27 +02:00
nodered fix(nodered): parse JSON body in trigger nodes 2026-05-13 03:07:22 +02:00
scripts feat(os-ota): build + sign + auto-import .raucb bundles in CI 2026-05-21 10:44:24 +02:00
server feat(preview): pull entity snapshot from active kiosk first 2026-05-21 10:35:27 +02:00
.gitattributes fix(deploy): mark setup-pi-kiosk.sh executable in git index + add .gitattributes 2026-05-13 03:33:41 +02:00
.gitignore adding initial project 2026-05-10 01:09:13 +02:00
CLAUDE.md fix(proxy): split Node-RED route surfaces 2026-05-11 10:44:45 +02:00
docker-compose.coolify.yml fix(admin): restore display layout switching 2026-05-21 08:57:54 +02:00
docker-compose.yml fix(release): surface build versions 2026-05-21 08:51:41 +02:00
LICENSE-AGPL.txt docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
LICENSE-COMMERCIAL.md docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
LICENSE.md docs: dual-license declaration + vendored AGPL-3.0 text 2026-05-15 04:47:46 +02:00
package-lock.json feat(store): Postgres adapter foundation + BF_DB selector (phase 1) 2026-05-18 22:50:48 +02:00
package.json adding initial project 2026-05-10 01:09:13 +02:00
sec-config.yaml feat: Node-RED custom nodes + dashboard entity type 2026-05-13 01:47:53 +02:00
tsconfig.base.json adding initial project 2026-05-10 01:09:13 +02:00