Move OCI push from builder VM (where GITHUB_TOKEN is unavailable) to the
host side. Add --skip-push and --builder-image CLI flags so the build
pipeline can be bootstrapped before builder OCI images exist. KDL specs
now include public cloud image URLs as default builder images.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add disk_gb field to BuilderNode/BuilderConfig with 20GB default,
fixing debootstrap failure caused by 2GB cloud image running out of
space. Cloud-init growpart/resize_rootfs expand the partition.
- Replace walkdir-based copy_rootfs with cp -a to preserve symlinks,
fixing grub-install failure caused by broken merged-/usr symlinks
(/lib, /bin, /sbin -> /usr/*) in modern Ubuntu.
- Add network verification step that checks DNS before building and
auto-fixes resolv.conf with SLIRP DNS (10.0.2.3) if needed.
- Add diagnostic collection on failure (debootstrap log, resolv.conf,
disk space) before VM teardown.
- Include build stderr/stdout in RemoteBuildFailed error for better
error reporting.
- Install build dependencies (debootstrap, qemu-utils, etc.) inside
the builder VM before running the build.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduce the forge-builder crate that automatically delegates builds to
an ephemeral VM when the host can't build locally (e.g., QCOW2 targets
without root, or OmniOS images on Linux). The builder detects these
conditions, spins up a VM via vm-manager with user-mode networking,
uploads inputs, streams the remote build output, and retrieves artifacts.
Key changes:
- New forge-builder crate with detection, binary resolution, VM lifecycle
management, file transfer, and miette diagnostic errors
- BuilderNode added to spec-parser schema for per-spec VM config
- --local and --use-builder CLI flags on the build command
- Feature-gated (default on) integration in forger CLI
- Fix ext4 QCOW2 grub-install failure by using absolute paths in chroot
- Improve debootstrap to pass --components and write full sources.list
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
