Fedora Flatpaks

This document contains information about current workflow used to build and publish Fedora flatpaks. It also describes changes needed to make it work with quay.io.

Flatpaks are the biggest tenant occupying registry.fedoraproject.org right now.

Current workflow

The flatpaks are build in koji using OSBS. The OSBS then submits the build to candidate-registry.fedoraproject.org and packager can create an update in Bodhi. After testing period is finished or the update gets enough karma it is moved by bodhi to registry.fedoraproject_org.

../_images/flatpaks_workflow_registry.drawio.png

Changes for quay.io

This section will describe changes that are needed to make quay.io work with current setup. It will go through pipeline step by step and describe what needs to be changed in case of flatpaks workflow.

OSBS

OSBS is using Openshift local container registry, which is configured by dockercfg file and pointing to candidate-registry. There is dockercfg for production and staging. This dockercfg is used as a secret in OSBS and it’s deployed in setup-worker-namespace playbook. To make this work with quay.io we need to replace the dockercfg with new one pointing to quay.io.

Note

OSBS could have trouble reaching to quay.io, this needs to be solved for this to work.

Koji

There is currently a initiative that is trying to remove OSBS from flatpak build pipeline. At the time of writing this document this is only enabled for F39. But as the F38 flaptak runtime will be considered EOL the koji-flatpak module will be the only way.

The koji-flatpak module is much direct, there is just one configuration file used to specify where the koji builders should push the build container. The candidate-registry variable is set in tasks/main.

Currently the builders don’t have access to quay.io. The firewall settings needs to be adjusted so they could push containers.

Bodhi

Bodhi is pushing the container builds from candidate-registry.fedoraproject.org to registry.fedoraproject.org and this is configured in production.ini template in ansible.

To make it work with quay.io we just need to change container.destination_registry and container.source_registry variables.

Proxies

We need to redirect all the pull requests for registry.fedoraproject.org to quay.io. This could be done by mod_proxy / mod_rewrite and redirect all requests to https://registry.fedoraproject.org/v2/REPO/ to https://quay/v2/fedora/REPO/

flatpak-indexer

flatpak-indexer is used to read metadata from containers and generate index in format flatpak client understands. It also creates deltas for updates. It’s deployed in OpenShift and the changes have to be done in configuration.