feature: add kernel module os block support

.github/workflows/kernel-modules-extension.yml

@@ -0,0 +1,143 @@
+name: Kernel Modules Extension
+
+on:
+  push:
+    branches:
+      - 'alexgg/os-blocks-kernel-modules'
+
+  workflow_call:
+    inputs:
+      machine:
+        required: true
+        type: string
+      os-version:
+        description: 'balenaOS version (e.g. from git tag)'
+        required: true
+        type: string
+      deploy-environment:
+        required: false
+        type: string
+        default: balena-staging.com
+    secrets:
+      BALENA_API_DEPLOY_KEY:
+        description: balena API key for the deploy environment
+        required: false
+
+  workflow_dispatch:
+    inputs:
+      machine:
+        description: 'Device type'
+        required: true
+        type: choice
+        options:
+          - raspberrypi4-64
+      os-version:
+        description: 'balenaOS version (e.g. from git tag)'
+        required: true
+        type: string
+      deploy-environment:
+        description: 'Deploy environment'
+        required: false
+        type: string
+        default: balena-staging.com
+
+env:
+  SHARED_BUILD_DIR: ${{ github.workspace }}/shared
+
+jobs:
+  build-extension:
+    name: Build kernel modules extension (${{ matrix.machine }})
+    runs-on:
+      - self-hosted
+      - X64
+      - yocto
+    environment: ${{ inputs.deploy-environment || 'balena-staging.com' }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        machine: ${{ inputs.machine && fromJSON(format('["{0}"]', inputs.machine)) || fromJSON('["raspberrypi4-64"]') }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Build kernel modules via Yocto
+        run: |
+          mkdir -p "${SHARED_BUILD_DIR}"
+
+          ./balena-yocto-scripts/build/balena-build.sh \
+            -d "${{ matrix.machine }}" \
+            -s "${SHARED_BUILD_DIR}" \
+            -i "balena-kernel-modules-block" \
+            -g "-t layers/meta-kernel-modules-block/conf/samples" \
+            | tee build.log
+
+          if ! grep -q "Build for ${{ matrix.machine }} suceeded" build.log; then
+            exit 1
+          fi
+
+      - name: Prepare deployment
+        id: prepare
+        run: |
+          mkdir -p kernel-modules-deploy/contents
+
+          # Find and extract the tarball
+          targz=$(find build/tmp/deploy/images/${{ matrix.machine }}/ -name "balena-kernel-modules-block*.tar.gz" -type l)
+          if [ -z "${targz}" ]; then
+            echo "ERROR: No balena-kernel-modules-block tarball found"
+            exit 1
+          fi
+          if [ "$(echo "${targz}" | wc -l)" -ne 1 ]; then
+            echo "ERROR: Expected exactly one tarball, found:"
+            echo "${targz}"
+            exit 1
+          fi
+          tar xf "${targz}" -C kernel-modules-deploy/contents
+
+          # Extract kernel version from modules tree
+          kernel_version=$(ls kernel-modules-deploy/contents/lib/modules/)
+          echo "kernel_version=${kernel_version}" >> "${GITHUB_OUTPUT}"
+
+      - name: Setup balena CLI
+        uses: balena-io-examples/setup-balena-action@v0.0.30
+        with:
+          balena-token: ${{ secrets.BALENA_API_DEPLOY_KEY }}
+        env:
+          BALENARC_BALENA_URL: ${{ inputs.deploy-environment || 'balena-staging.com' }}
+
+      - name: Deploy to balenaCloud
+        env:
+          BALENARC_BALENA_URL: ${{ inputs.deploy-environment || 'balena-staging.com' }}
+          FLEET: kernel-modules-${{ matrix.machine }}
+          ORG: balena_os
+        run: |
+          # Create docker-compose.yml with extension labels
+          cat > kernel-modules-deploy/docker-compose.yml <<EOF
+          version: '2.4'
+          services:
+            kernel-modules:
+              build:
+                context: ./
+                dockerfile: Dockerfile
+                args:
+                  KERNEL_VERSION: '${{ steps.prepare.outputs.kernel_version }}'
+                  OS_VERSION: '${{ inputs.os-version }}'
+              labels:
+                io.balena.image.store: 'data'
+                io.balena.image.class: 'overlay'
+                io.balena.image.requires-reboot: '1'
+                io.balena.image.profiles: 'kernel-modules'
+                io.balena.image.kernel: '${{ steps.prepare.outputs.kernel_version }}'
+                io.balena.image.os-version: '${{ inputs.os-version }}'
+          EOF
+
+          # Create fleet if it doesn't exist
+          if ! balena fleet "${ORG}/${FLEET}" > /dev/null 2>&1; then
+            balena fleet create "${FLEET}" --type "${{ matrix.machine }}" --organization "${ORG}"
+          fi
+
+          # Deploy
+          balena deploy "${ORG}/${FLEET}" --source kernel-modules-deploy

.github/workflows/raspberrypi4-64.yml

@@ -35,6 +35,11 @@ on:
         required: false
         type: string
         default: ''
+      extensions:
+        description: Space-separated list of OS block extension images to include
+        required: false
+        type: string
+        default: ''
 
 permissions:
   id-token: write # This is required for requesting the JWT #https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#requesting-the-access-token
@@ -46,7 +51,7 @@ permissions:
 jobs:
   yocto:
     name: Yocto
-    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@cc83969226e96a3d22652ba5340135b697e366bb
+    uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@6abbbd645c9b78a211fdcb509de5259f9475f741
     # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
     # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
     # This condition will prevent the workflow from running twice for the same pull request while
@@ -69,3 +74,15 @@ jobs:
       deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com' }}
       # Allow overriding the meta-balena ref for workflow dispatch events
       meta-balena-ref: ${{ inputs.meta-balena-ref || '' }}
+      # OS block extensions to include in the OS composition
+      extensions: ${{ inputs.extensions || '' }}
+
+  kernel-modules:
+    name: Kernel Modules Extension
+    needs: yocto
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+    uses: ./.github/workflows/kernel-modules-extension.yml
+    secrets: inherit
+    with:
+      machine: raspberrypi4-64
+      os-version: ${{ github.ref_name }}

kernel-modules-deploy/Dockerfile

@@ -0,0 +1,12 @@
+FROM scratch
+
+ARG KERNEL_VERSION
+ARG OS_VERSION
+COPY contents/ /
+
+LABEL io.balena.image.class=overlay
+LABEL io.balena.image.requires-reboot=1
+LABEL io.balena.image.store=data
+LABEL io.balena.image.profiles=kernel-modules
+LABEL io.balena.image.kernel=${KERNEL_VERSION}
+LABEL io.balena.image.os-version=${OS_VERSION}