refactor: switch from buildah to podman build with Dockerfile approach

pierrelf.com / grain

fork atom

Rust implementation of OCI Distribution Spec with granular access control

fork atom

pierrelf.com 3 months ago 44ed2ba8 f55836d3

+23 -33

1 changed file

expand all

.tangled

workflows

build.yml

+23 -33

.tangled/workflows/build.yml

··· 13 13 - gcc 14 14 - pkg-config 15 15 - curl 16 + - podman 16 17 - skopeo 17 - - buildah 18 18 - bash 19 + - coreutils 20 + - findutils 19 21 20 22 environment: 21 23 CARGO_HOME: ".cargo" ··· 29 31 30 32 - name: "Build and push container image" 31 33 command: | 32 - set -ex # Exit on error and print commands 33 - 34 - # Suppress buildah user warnings by redirecting stderr for non-critical commands 35 - echo "Creating container from distroless base..." 36 - container=$(buildah --storage-driver vfs from gcr.io/distroless/cc-debian12:nonroot 2>&1 | tee /dev/stderr | grep -oP 'working-container-\d+' || buildah --storage-driver vfs from gcr.io/distroless/cc-debian12:nonroot) 37 - echo "Container ID: $container" 38 - 39 - # Copy the binaries 40 - echo "Copying binaries..." 41 - buildah --storage-driver vfs copy $container target/release/grain /app/grain 2>&1 | grep -v "error determining current user" || true 42 - buildah --storage-driver vfs copy $container target/release/grainctl /app/grainctl 2>&1 | grep -v "error determining current user" || true 43 - 44 - # Set configuration 45 - echo "Configuring container..." 46 - buildah --storage-driver vfs config --workingdir /app $container 2>&1 | grep -v "error determining current user" || true 47 - buildah --storage-driver vfs config --env RUST_LOG=info $container 2>&1 | grep -v "error determining current user" || true 48 - buildah --storage-driver vfs config --port 8888 $container 2>&1 | grep -v "error determining current user" || true 49 - buildah --storage-driver vfs config --cmd '["/app/grain", "--host", "0.0.0.0:8888", "--users-file", "/data/users.json"]' $container 2>&1 | grep -v "error determining current user" || true 34 + set -ex 50 35 51 - # Add labels 52 - buildah --storage-driver vfs config --label "org.opencontainers.image.source=https://tangled.org/@pierrelf.com/grain" $container 2>&1 | grep -v "error determining current user" || true 53 - buildah --storage-driver vfs config --label "org.opencontainers.image.description=Grain OCI Registry" $container 2>&1 | grep -v "error determining current user" || true 54 - buildah --storage-driver vfs config --label "org.opencontainers.image.version=${TANGLED_COMMIT_SHA:0:7}" $container 2>&1 | grep -v "error determining current user" || true 36 + # Create a simple Dockerfile for podman build 37 + cat > Dockerfile.ci <<'EOF' 38 + FROM gcr.io/distroless/cc-debian12:nonroot 39 + WORKDIR /app 40 + COPY target/release/grain /app/grain 41 + COPY target/release/grainctl /app/grainctl 42 + ENV RUST_LOG=info 43 + EXPOSE 8888 44 + CMD ["/app/grain", "--host", "0.0.0.0:8888", "--users-file", "/data/users.json"] 45 + LABEL org.opencontainers.image.source="https://tangled.org/@pierrelf.com/grain" 46 + LABEL org.opencontainers.image.description="Grain OCI Registry" 47 + LABEL org.opencontainers.image.version="${TANGLED_COMMIT_SHA:0:7}" 48 + EOF 55 49 56 - # Commit the container to an image 57 - echo "Committing image..." 58 - buildah --storage-driver vfs commit $container grain:latest 2>&1 | grep -v "error determining current user" 50 + echo "Building image with podman..." 51 + podman build --isolation=chroot -t grain:latest -t grain:${TANGLED_COMMIT_SHA:0:7} -f Dockerfile.ci . 59 52 60 - # Login and push to Docker Hub 61 53 echo "Logging in to Docker Hub..." 62 - echo "$DOCKER_PASS" | buildah --storage-driver vfs login --username "$DOCKER_USER" --password-stdin docker.io 63 - 64 - echo "Pushing image to docker.io/pierrelf/grain:latest..." 65 - buildah --storage-driver vfs push grain:latest docker://docker.io/pierrelf/grain:latest 54 + echo "$DOCKER_PASS" | podman login --username "$DOCKER_USER" --password-stdin docker.io 66 55 67 - echo "Pushing image to docker.io/pierrelf/grain:${TANGLED_COMMIT_SHA:0:7}..." 68 - buildah --storage-driver vfs push grain:latest docker://docker.io/pierrelf/grain:${TANGLED_COMMIT_SHA:0:7} 56 + echo "Pushing to Docker Hub..." 57 + podman push grain:latest docker://docker.io/pierrelf/grain:latest 58 + podman push grain:${TANGLED_COMMIT_SHA:0:7} docker://docker.io/pierrelf/grain:${TANGLED_COMMIT_SHA:0:7} 69 59 70 60 echo "Build and push completed successfully!"