pierrelf.com / grain
Rust implementation of OCI Distribution Spec with granular access control
fork atom

fix: use umoci new to create tag within base layout

pierrelf.com df66920d 6180f2df

build.yml
+8 -8
+8 -8
.tangled/workflows/build.yml
··· 52 52 echo "Pulling distroless base..." 53 53 skopeo copy docker://gcr.io/distroless/cc-debian12:nonroot oci:base:latest 54 54 55 + echo "Creating new tag from base..." 56 + umoci new --image base:grain 57 + 55 58 echo "Unpacking base image..." 56 - umoci unpack --image base:latest bundle 59 + umoci unpack --image base:grain bundle 57 60 58 61 echo "Adding binaries to rootfs..." 59 62 mkdir -p bundle/rootfs/app 60 63 cp target/release/grain bundle/rootfs/app/grain 61 64 cp target/release/grainctl bundle/rootfs/app/grainctl 62 65 chmod +x bundle/rootfs/app/grain bundle/rootfs/app/grainctl 63 - 64 - echo "Initializing output OCI layout..." 65 - umoci init --layout grain-oci 66 66 67 67 echo "Repacking with modifications..." 68 - umoci repack --image grain-oci:latest bundle 68 + umoci repack --image base:grain bundle 69 69 70 70 echo "Configuring image..." 71 - umoci config --image grain-oci:latest \ 71 + umoci config --image base:grain \ 72 72 --config.workingdir /app \ 73 73 --config.env RUST_LOG=info \ 74 74 --config.exposedports 8888 \ ··· 80 80 skopeo login --username "$DOCKER_USER" --password "$DOCKER_PASS" docker.io 81 81 82 82 echo "Pushing to Docker Hub..." 83 - skopeo copy oci:grain-oci:latest docker://docker.io/pierrelf/grain:latest 84 - skopeo copy oci:grain-oci:latest docker://docker.io/pierrelf/grain:${TANGLED_COMMIT_SHA:0:7} 83 + skopeo copy oci:base:grain docker://docker.io/pierrelf/grain:latest 84 + skopeo copy oci:base:grain docker://docker.io/pierrelf/grain:${TANGLED_COMMIT_SHA:0:7} 85 85 86 86 echo "Build and push completed successfully!"