microshift-io · ggiguash · Mar 20, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
@@ -4,11 +4,57 @@ on:
   schedule:
      - cron: "0 1 * * *"
   workflow_dispatch:
+    inputs:
+      copr-repo-name:
+        description: COPR repository name
+        default: "@microshift-io/microshift-nightly"
+        type: string
 
 env:
-  COPR_REPO_NAME: "@microshift-io/microshift-nightly"
+  COPR_REPO_NAME: ${{ github.event.inputs.copr-repo-name || '@microshift-io/microshift-nightly' }}
 
 jobs:
+  build-dependencies-rpm:
+    if: github.event_name != 'schedule' || github.repository == 'microshift-io/microshift'
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Check out MicroShift upstream repository
+        uses: actions/checkout@v4
+
+      - name: Detect OKD version tag
+        id: detect-okd-version
+        uses: ./.github/actions/okd-version
+
+      - name: Build dependencies RPM
+        shell: bash
+        env:
+          COPR_CONFIG: |
+            ${{ secrets.COPR_CONFIG }}
+        run: |
+          set -euo pipefail
+          cd ${GITHUB_WORKSPACE}/
+          echo "${COPR_CONFIG}" > /tmp/copr-config
+
+          make copr-dependencies \
+            OKD_VERSION_TAG=${{ steps.detect-okd-version.outputs.okd-version-tag }} \
+            COPR_REPO_NAME=${{ env.COPR_REPO_NAME }} \
+            COPR_CONFIG=/tmp/copr-config
+
+      - name: Build CNI plugins RPM
+        shell: bash
+        env:
+          COPR_CONFIG: |
+            ${{ secrets.COPR_CONFIG }}
+        run: |
+          set -euo pipefail
+          cd ${GITHUB_WORKSPACE}/
+          echo "${COPR_CONFIG}" > /tmp/copr-config
+
+          make copr-cni \
+            COPR_REPO_NAME=${{ env.COPR_REPO_NAME }} \
+            COPR_CONFIG=/tmp/copr-config
+
+
   build-rpms:
     if: github.event_name != 'schedule' || github.repository == 'microshift-io/microshift'
     runs-on: ubuntu-24.04

@@ -38,19 +38,13 @@ sudo ./src/rpm/create_repos.sh -delete
 #### RPMs from the COPR
 
 Run the following commands to install MicroShift nightly RPM packages from the COPR.
-Before installing MicroShift, RHOCP beta mirror must be enabled to provide dependencies.
-
-> Note: By skipping `create_repos.sh -delete` users can keep the RPM repositories configuration
-> and use `dnf update` to update MicroShift and its dependencies (withing single Major.Minor release
-> when new MicroShift minor version is released, rerunning the `create_repos.sh -rhocp-mirror` might be necessary
-> to enable newer dependency repository).
 
 ```bash
 sudo dnf copr enable -y @microshift-io/microshift-nightly
-sudo ./src/rpm/create_repos.sh -rhocp-mirror
+# microshift-io-dependencies must be installed
+# before microshift in order to setup dependencies repositories.
+sudo dnf install -y microshift-io-dependencies
 sudo dnf install -y microshift microshift-kindnet
-# Optionally run the following command to remove the configured MicroShift COPR and dependencies repositories.
-# sudo ./src/rpm/create_repos.sh -delete
 ```
 
 ### Start MicroShift Service

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+_package_name="containernetworking-plugins"
+_scriptdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+if [ $# -ne 1 ]; then
+    echo "Usage: $(basename "$0") <copr-repo-name>"
+    exit 1
+fi
+
+COPR_REPO_NAME="$1"
+
+[ -z "${COPR_REPO_NAME}" ] && echo "ERROR: COPR_REPO_NAME is not set" && exit 1
+echo "COPR_REPO_NAME: '${COPR_REPO_NAME}'"
+
+latest_tag=$(curl -fsSL --retry 3 \
+  -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  https://api.github.com/repos/containernetworking/plugins/releases/latest | jq -r '.tag_name')
+
+if [ -z "${latest_tag}" ] || [ "${latest_tag}" = "null" ]; then
+    echo "ERROR: Failed to retrieve latest tag from containernetworking/plugins" >&2
+    exit 1
+fi
+
+echo "### containernetworking/plugins latest tag: '${latest_tag}'"
+version="${latest_tag#v}"
+
+echo "### Checking if package ${_package_name} ${version} already exists in the COPR repository"
+cni_pkg="$(copr-cli list-packages "${COPR_REPO_NAME}" | jq -r '.[] | select(.name == "'${_package_name}'")')"
+if [ -n "${cni_pkg}" ]; then
+    existing_package_version=$(copr-cli get-package \
+                                --name "${_package_name}" \
+                                --with-latest-succeeded-build \
+                                "${COPR_REPO_NAME}" \
+                                | jq -r '.latest_succeeded_build.source_package.version')
+
+    if [[ "${existing_package_version}" == "1:${version}-1" ]]; then
+        echo "### Package ${_package_name} ${version} already exists in the COPR repository"
+        exit 0
+    fi
+fi
+
+temp_dir="$(mktemp -d "/tmp/containernetworking-plugins-${version}.XXXXXX")"
+cp "${_scriptdir}/containernetworking-plugins.spec" "${temp_dir}/"
+
+pushd "${temp_dir}" >/dev/null
+
+echo "### Downloading the CNI plugins x86_64 and aarch64 releases for ${version}"
+curl -L -o amd64.tgz "https://github.com/containernetworking/plugins/releases/download/v${version}/cni-plugins-linux-amd64-v${version}.tgz"
+curl -L -o arm64.tgz "https://github.com/containernetworking/plugins/releases/download/v${version}/cni-plugins-linux-arm64-v${version}.tgz"
+
+mkdir -p "containernetworking-plugins-${version}"/{x86_64,aarch64}
+
+tar xf amd64.tgz -C "containernetworking-plugins-${version}/x86_64"
+tar xf arm64.tgz -C "containernetworking-plugins-${version}/aarch64"
+cp \
+    "containernetworking-plugins-${version}/x86_64/LICENSE" \
+    "containernetworking-plugins-${version}/x86_64/README.md" \
+    "containernetworking-plugins-${version}/"
+
+tar czf "containernetworking-plugins-${version}.tar.gz" -C "containernetworking-plugins-${version}" .
+
+mkdir -p buildroot/{RPMS,SRPMS,SOURCES,SPECS,BUILD}
+mv "containernetworking-plugins-${version}.tar.gz" buildroot/SOURCES/
+
+cat > buildroot/SPECS/containernetworking-plugins.spec <<EOF
+%global ver ${version}
+
+EOF
+cat containernetworking-plugins.spec >> buildroot/SPECS/containernetworking-plugins.spec
+
+echo "### Building the SRPM"
+rpmbuild -bs --define "_topdir ./buildroot" ./buildroot/SPECS/containernetworking-plugins.spec
+
+echo "### Pushing the SRPM to COPR (${COPR_REPO_NAME}) and waiting for the build"
+# Just epel-10 chroots because of the obsolesence of the original package in the CentOS Stream 10.
+if copr-cli build "${COPR_REPO_NAME}" \
+    --chroot epel-10-aarch64 --chroot epel-10-x86_64 \
+    "${temp_dir}/buildroot/SRPMS/containernetworking-plugins-${version}-1.src.rpm"; then
+    copr-cli regenerate-repos "${COPR_REPO_NAME}"
+else
+    exit 1
+fi
+
+popd >/dev/null
+rm -rf "${temp_dir}"
@@ -0,0 +1,43 @@
+%global debug_package %{nil}
+
+Name: containernetworking-plugins
+# Setting epoch to workaround containers-common's Obsolete of 'containernetworking-plugins < 2'
+Epoch: 1
+Version: %{ver}
+Release: 1
+Summary: Binaries required to provision kubernetes container networking
+
+Packager: MicroShift team
+License: Apache-2.0
+URL: https://microshift.io
+Source0: %{name}-%{version}.tar.gz
+
+%description
+%{summary}.
+
+%prep
+%setup -q -c
+
+%build
+# Nothing to build
+
+%install
+# Detect host arch
+KUBE_ARCH="$(uname -m)"
+
+# Install files
+mkdir -p %{buildroot}/usr/libexec/cni/
+mkdir -p %{buildroot}%{_sysconfdir}/cni/net.d/
+
+cp -a ${KUBE_ARCH}/* %{buildroot}/usr/libexec/cni/
+
+%files
+/usr/libexec/cni/
+%dir %{_sysconfdir}/cni
+%dir %{_sysconfdir}/cni/net.d
+%license LICENSE
+%doc README.md
+
+%changelog
+* Fri Feb 13 2026 Patryk Matuszak <pmatusza@redhat.com> 0.0.0
+- Init specfile based on https://download.opensuse.org/repositories/isv:/kubernetes:/core:/prerelease:/v1.36/rpm/src/kubernetes-cni-1.8.0-150500.1.1.src.rpm
@@ -1,3 +1,10 @@
 FROM quay.io/fedora/fedora:latest
 
-RUN dnf install -y copr-cli && dnf clean all
+RUN dnf install \
+        --setopt=install_weak_deps=False \
+        -y \
+        copr-cli jq rpm-build \
+    && dnf clean all
+
+COPY create-build.sh microshift-io-dependencies.sh cni/containernetworking-plugins.spec /
+COPY cni/build.sh cni/containernetworking-plugins.spec /cni/
@@ -61,25 +61,25 @@ copr-cli:
 	@echo "Building the COPR CLI container"
 	sudo podman build \
 		--tag "${COPR_CLI_IMAGE}" \
-		--file src/copr/copr-cli.Containerfile .
+		--file src/copr/copr-cli.Containerfile src/copr/
 
 .PHONY: copr-delete-build
 copr-delete-build: copr-cfg-ensure-podman-secret copr-cli
 	@echo "Deleting the COPR build ${COPR_BUILD_ID}"
 	sudo podman run \
 		--rm \
-		--secret ${COPR_SECRET_NAME} \
+		--secret ${COPR_SECRET_NAME},target=/root/.config/copr \
 		"${COPR_CLI_IMAGE}" \
-		bash -c "copr-cli --config /run/secrets/${COPR_SECRET_NAME} delete-build ${COPR_BUILD_ID}"
+		bash -c "copr-cli delete-build ${COPR_BUILD_ID}"
 
 .PHONY: copr-regenerate-repos
 copr-regenerate-repos: copr-cfg-ensure-podman-secret copr-cli
 	@echo "Regenerating the COPR repository"
 	sudo podman run \
 		--rm \
-		--secret ${COPR_SECRET_NAME} \
+		--secret ${COPR_SECRET_NAME},target=/root/.config/copr \
 		"${COPR_CLI_IMAGE}" \
-		bash -c "copr-cli --config /run/secrets/${COPR_SECRET_NAME} regenerate-repos ${COPR_REPO_NAME}"
+		bash -c "copr-cli regenerate-repos ${COPR_REPO_NAME}"
 
 .PHONY: copr-create-build
 copr-create-build: copr-cfg-ensure-podman-secret copr-cli
@@ -94,10 +94,9 @@ copr-create-build: copr-cfg-ensure-podman-secret copr-cli
 	fi
 	sudo podman run \
 		--rm \
-		--secret ${COPR_SECRET_NAME} \
+		--secret ${COPR_SECRET_NAME},target=/root/.config/copr \
 		--env COPR_REPO_NAME="${COPR_REPO_NAME}" \
 		--volume "${SRPM_WORKDIR}:/srpms:Z" \
-		--volume "./src/copr/create-build.sh:/create-build.sh:Z" \
 		"${COPR_CLI_IMAGE}" \
 		bash -c "bash -x /create-build.sh"
 
@@ -109,3 +108,21 @@ copr-watch-build: copr-cli
 		--volume "${SRPM_WORKDIR}:/srpms:Z" \
 		"${COPR_CLI_IMAGE}" \
 		bash -c "copr-cli watch-build ${COPR_BUILD_ID}"
+
+.PHONY: copr-dependencies
+copr-dependencies: copr-cfg-ensure-podman-secret copr-cli
+	@echo "Building RPM with MicroShift dependencies repositories configuration"
+	sudo podman run \
+		--rm -ti \
+		--secret ${COPR_SECRET_NAME},target=/root/.config/copr \
+		"${COPR_CLI_IMAGE}" \
+		/microshift-io-dependencies.sh "${OKD_VERSION_TAG}" "${COPR_REPO_NAME}"
+
+.PHONY: copr-cni
+copr-cni: copr-cfg-ensure-podman-secret copr-cli
+	@echo "Building RPM with CNI plugins"
+	sudo podman run \
+		--rm -ti \
+		--secret ${COPR_SECRET_NAME},target=/root/.config/copr \
+		"${COPR_CLI_IMAGE}" \
+		/cni/build.sh "${COPR_REPO_NAME}"
@@ -6,7 +6,7 @@ if [[ -z "${COPR_REPO_NAME:-}" ]]; then
     exit 1
 fi
 
-out="$(copr-cli --config /run/secrets/copr-cfg build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)"
+out="$(copr-cli build --nowait "${COPR_REPO_NAME}" /srpms/microshift*.src.rpm)"
 echo "${out}"
 build=$(echo "${out}" | grep "Created builds" | cut -d: -f2 | xargs)
 if [[ -z "${build}" ]]; then

@@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+_package_name="microshift-io-dependencies"
+
+if [ $# -ne 2 ]; then
+    echo "Usage: $(basename "$0") <okd-version-tag> <copr-repo-name>"
+    exit 1
+fi
+
+OKD_VERSION_TAG="$1"
+COPR_REPO_NAME="$2"
+
+echo "OKD_VERSION_TAG: '${OKD_VERSION_TAG}'"
+echo "COPR_REPO_NAME: '${COPR_REPO_NAME}'"
+
+[ -z "${OKD_VERSION_TAG}" ] && echo "ERROR: OKD_VERSION_TAG is not set" && exit 1
+[ -z "${COPR_REPO_NAME}" ] && echo "ERROR: COPR_REPO_NAME is not set" && exit 1
+
+major=$(echo "${OKD_VERSION_TAG}" | cut -d. -f1)
+minor=$(echo "${OKD_VERSION_TAG}" | cut -d. -f2)
+pkg_version="${major}.${minor}"
+echo "New package version: '${pkg_version}'"
+
+if copr-cli list-packages "${COPR_REPO_NAME}" | jq -r '.[].name' | grep -q "${_package_name}"; then
+    existing_package_version=$(copr-cli get-package \
+                                --name "${_package_name}" \
+                                --with-latest-succeeded-build \
+                                "${COPR_REPO_NAME}" \
+                                | jq -r '.latest_succeeded_build.source_package.version')
+
+    if [[ "${existing_package_version}" == "${pkg_version}-1" ]]; then
+        echo "Package ${_package_name} ${pkg_version} already exists in the COPR repository"
+        exit 0
+    fi
+fi
+
+# Include 3 repos (X.Y, X.Y-1, and X.Y-2) just in case there's some dependencies misalignment.
+minor_version_start=$((minor - 2))
+rhocp_versions=""
+for min in $(seq "${minor_version_start}" "${minor}") ; do
+    rhocp_versions+="${major}.${min} "
+done
+
+echo "RHOCP versions to create .repo files for: '${rhocp_versions}'"
+
+dest=$(mktemp -d "/tmp/${_package_name}.XXXXXX")
+cat > "${dest}/${_package_name}.spec" <<EOF
+%global rhocp_versions ${rhocp_versions}
+%global version ${pkg_version}
+
+Name:           ${_package_name}
+Version:        %{version}
+Release:        1%{?dist}
+Summary:        RPM repository configurations for MicroShift dependencies
+
+License:        Apache-2.0
+URL:            https://github.com/microshift-io/microshift-io
+BuildArch:      noarch
+
+%description
+This package installs RPM repository configuration files required
+for installing MicroShift dependencies from the OpenShift beta mirror repository.
+
+%install
+install -d %{buildroot}%{_sysconfdir}/yum.repos.d
+
+for v in %{rhocp_versions}; do
+    cat >> %{buildroot}%{_sysconfdir}/yum.repos.d/openshift-mirror-beta.repo <<EOF2
+[openshift-mirror-\${v}-beta]
+name=OpenShift \${v} Mirror Beta Repository
+baseurl=https://mirror.openshift.com/pub/openshift-v4/\\\$basearch/dependencies/rpms/\${v}-el9-beta/
+enabled=1
+gpgcheck=0
+skip_if_unavailable=0
+
+EOF2
+done
+
+%files
+%config(noreplace) %{_sysconfdir}/yum.repos.d/openshift-mirror-beta.repo
+
+EOF
+
+echo "--------------- SPEC FILE ---------------"
+cat "${dest}/${_package_name}.spec"
+echo "-----------------------------------------"
+
+if copr-cli build "${COPR_REPO_NAME}" "${dest}/${_package_name}.spec"; then
+    copr-cli regenerate-repos "${COPR_REPO_NAME}"
+else
+    exit 1
+fi