flatpak: Implement a custom cache setup for the artifacts
There are a couple of issues here:
-
flatpak-builder relies on xattrs on the files for the cache validation/invalidation which they get removed if you simply zip up the directory like gitlab does.
-
The artifacts also contain symlinks which don't resolve correctly depending on the tooling using, for this reason we always tar --xattrs the directory before uploading it.
-
Instead of using gitlab artifacts and the build in mechanism we will instead opt for using OCI registries as the arbitrary storage and transports mechanism. There are a couple of reason about this, but it mostly comes down to avoiding having to maintain the gitlab infrastructure, cache, mirroring and so on that we'd need if we used gitlab cache artifacts.
-
Additionally, we can centralize our cache into a single registry rather than having per-project gitlab registries enabled a user-registry for each of their fork. We only want to be publishing from protected branches.
So we have an oras setup that packs a tarball of the .flatpak-builder cache directory and uploads that tarball into our centralized registry.
We also have a read-only token used to always pull the cache and unpack the tarball.
Infra issue: https://gitlab.gnome.org/Infrastructure/Infrastructure/-/issues/2059
Continuation of !127 (closed)