Move OCI push from builder VM (where GITHUB_TOKEN is unavailable) to the
host side. Add --skip-push and --builder-image CLI flags so the build
pipeline can be bootstrapped before builder OCI images exist. KDL specs
now include public cloud image URLs as default builder images.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restructure the QCOW2 build pipeline so the target filesystem is created
and mounted before Phase 1, allowing rootfs population directly into it.
This removes the wasteful and fragile copy_rootfs step that was the source
of merged-/usr symlink breakage and fixes the ZFS shadow-mount bug where
the BE dataset was mounted over the staging root.
New flow: Phase 2 prepare → Phase 1 populate → Phase 2 finalize → cleanup.
OCI/Artifact targets are unchanged.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add disk_gb field to BuilderNode/BuilderConfig with 20GB default,
fixing debootstrap failure caused by 2GB cloud image running out of
space. Cloud-init growpart/resize_rootfs expand the partition.
- Replace walkdir-based copy_rootfs with cp -a to preserve symlinks,
fixing grub-install failure caused by broken merged-/usr symlinks
(/lib, /bin, /sbin -> /usr/*) in modern Ubuntu.
- Add network verification step that checks DNS before building and
auto-fixes resolv.conf with SLIRP DNS (10.0.2.3) if needed.
- Add diagnostic collection on failure (debootstrap log, resolv.conf,
disk space) before VM teardown.
- Include build stderr/stdout in RemoteBuildFailed error for better
error reporting.
- Install build dependencies (debootstrap, qemu-utils, etc.) inside
the builder VM before running the build.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduce the forge-builder crate that automatically delegates builds to
an ephemeral VM when the host can't build locally (e.g., QCOW2 targets
without root, or OmniOS images on Linux). The builder detects these
conditions, spins up a VM via vm-manager with user-mode networking,
uploads inputs, streams the remote build output, and retrieves artifacts.
Key changes:
- New forge-builder crate with detection, binary resolution, VM lifecycle
management, file transfer, and miette diagnostic errors
- BuilderNode added to spec-parser schema for per-spec VM config
- --local and --use-builder CLI flags on the build command
- Feature-gated (default on) integration in forger CLI
- Fix ext4 QCOW2 grub-install failure by using absolute paths in chroot
- Improve debootstrap to pass --components and write full sources.list
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Extend spec-parser schema with distro, AptMirror, filesystem, and
push-to fields for Ubuntu image support
- Add debootstrap/apt tool wrappers and Phase 1 distro dispatch
(OmniOS IPS vs Ubuntu apt)
- Add ext4+GPT+EFI QCOW2 build path alongside existing ZFS pipeline
- Add partition tools (sgdisk, mkfs) and loopback partprobe support
- Add ORAS-compatible OCI artifact push/pull for QCOW2 files with
custom media types (vnd.cloudnebula.qcow2)
- Add --artifact flag to forger push command
- Add auto-push from Phase 2 when target has push-to set
- Add omnios-rust-ci and ubuntu-rust-ci KDL image specs
- Update inspect command to display new fields
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Standalone workspace with 4 crates for building optimized OS images
and publishing to OCI registries:
- spec-parser: KDL image spec parsing with include resolution and
profile-based conditional filtering
- forge-oci: OCI image creation (tar layers, manifests, Image Layout)
and registry push via oci-client
- forge-engine: Build pipeline with Phase 1 (rootfs assembly via native
package managers with -R) and Phase 2 (QCOW2/OCI/artifact targets),
plus dyn-compatible ToolRunner trait for external tool execution
- forger: CLI binary with build, validate, inspect, push, and targets
commands
Ported KDL specs and overlay files from the vm-manager prototype.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
