pierrelf.com / grain
Rust implementation of OCI Distribution Spec with granular access control
fork atom

chore: switch to Docker Hub and fix buildah pipeline for daemon-less build

pierrelf.com e62eb6d9 2190a6af

build.yml
+41 -12
+40 -11
.tangled/workflows/build.yml
··· 8 8 9 9 dependencies: 10 10 nixpkgs: 11 - - docker 12 - - git 11 + - rustc 12 + - cargo 13 + - gcc 14 + - pkg-config 15 + - openssl 16 + - skopeo 17 + - buildah 13 18 - bash 14 19 20 + environment: 21 + CARGO_HOME: ".cargo" 22 + 15 23 steps: 16 - - name: "Build Docker image" 24 + - name: "Build Rust binary" 17 25 command: | 18 - docker build -t grain:${TANGLED_COMMIT_SHA:0:7} -t grain:latest . 19 - 20 - - name: "Push to GHCR" 26 + cargo build --release 27 + ls -lh target/release/grain target/release/grainctl 28 + 29 + - name: "Build and push container image" 21 30 command: | 22 - echo "$GHCR_TOKEN" | docker login ghcr.io -u "$GHCR_USERNAME" --password-stdin 23 - docker tag grain:latest ghcr.io/pierrelefevre/grain:latest 24 - docker tag grain:latest ghcr.io/pierrelefevre/grain:${TANGLED_COMMIT_SHA:0:7} 25 - docker push ghcr.io/pierrelefevre/grain:latest 26 - docker push ghcr.io/pierrelefevre/grain:${TANGLED_COMMIT_SHA:0:7} 31 + # Create a container from distroless base 32 + container=$(buildah from gcr.io/distroless/cc-debian12:nonroot) 33 + 34 + # Copy the binaries 35 + buildah copy $container target/release/grain /app/grain 36 + buildah copy $container target/release/grainctl /app/grainctl 37 + 38 + # Set configuration 39 + buildah config --workingdir /app $container 40 + buildah config --env RUST_LOG=info $container 41 + buildah config --port 8888 $container 42 + buildah config --cmd '["/app/grain", "--host", "0.0.0.0:8888", "--users-file", "/data/users.json"]' $container 43 + 44 + # Add labels 45 + buildah config --label "org.opencontainers.image.source=https://tangled.org/@pierrelf.com/grain" $container 46 + buildah config --label "org.opencontainers.image.description=Grain OCI Registry" $container 47 + buildah config --label "org.opencontainers.image.version=${TANGLED_COMMIT_SHA:0:7}" $container 48 + 49 + # Commit the container to an image 50 + buildah commit $container grain:latest 51 + 52 + # Login and push to Docker Hub 53 + echo "$DOCKER_PASS" | buildah login --username "$DOCKER_USER" --password-stdin docker.io 54 + buildah push grain:latest docker://docker.io/pierrelf/grain:latest 55 + buildah push grain:latest docker://docker.io/pierrelf/grain:${TANGLED_COMMIT_SHA:0:7}
+1 -1
docker-compose.yml
··· 1 1 services: 2 2 grain: 3 - image: ghcr.io/pierrelefevre/grain:latest 3 + image: pierrelf/grain:latest 4 4 container_name: grain-registry 5 5 ports: 6 6 - "127.0.0.1:8888:8888"