You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
161 lines
5.3 KiB
161 lines
5.3 KiB
apiVersion: tekton.dev/v1beta1
|
|
kind: Task
|
|
metadata:
|
|
name: buildah
|
|
spec:
|
|
params:
|
|
- name: context-dir
|
|
type: string
|
|
default: .
|
|
- name: containerfile-path
|
|
type: string
|
|
default: Containerfile
|
|
- name: image-name
|
|
type: string
|
|
- name: buildah-image
|
|
type: string
|
|
default: registry.redhat.io/rhel9/buildah:latest
|
|
- name: build-architectures
|
|
type: array
|
|
default:
|
|
- x86_64
|
|
- aarch64
|
|
- name: pypi-mirror-url
|
|
type: string
|
|
default: ""
|
|
results:
|
|
- name: image-digest
|
|
description: The digest of the built image
|
|
workspaces:
|
|
- name: source-workspace
|
|
description: Workspace containing source code
|
|
- name: caches
|
|
description: RW storage to cache build artefacts
|
|
mountPath: /caches
|
|
optional: true
|
|
- name: rpms
|
|
description: Local RPM Repository
|
|
mountPath: /rpms
|
|
optional: true
|
|
- name: entitlements
|
|
description: RW storage for RHEL entitlements
|
|
mountPath: /entitlements
|
|
optional: true
|
|
- description: An optional workspace that allows providing a .docker/config.json file for Buildah to access the container registry. The file should be placed at the root of the Workspace with name config.json or .dockerconfigjson.
|
|
name: dockerconfig
|
|
optional: true
|
|
mountPath: /auth
|
|
- name: registries-conf
|
|
optional: true
|
|
mountPath: /registries
|
|
volumes:
|
|
- name: container-storage
|
|
emptyDir: {}
|
|
steps:
|
|
- name: build
|
|
image: $(params.buildah-image)
|
|
env:
|
|
- name: STORAGE_DRIVER
|
|
value: overlay
|
|
- name: SCRIPT_DEBUG
|
|
value: "false"
|
|
- name: TARGET_IMAGE
|
|
value: "$(params.image-name)"
|
|
- name: PYPI_MIRROR_URL
|
|
value: "$(params.pypi-mirror-url)"
|
|
args:
|
|
- "$(params.build-architectures)"
|
|
script: |
|
|
#!/bin/bash
|
|
set -Eeuo pipefail
|
|
|
|
# If debug is enabled, print out command that are executed
|
|
if [[ "${SCRIPT_DEBUG:-false}" == "true" ]]; then
|
|
set -x
|
|
fi
|
|
|
|
# Print versions of the program we use
|
|
echo "=== Environment ==="
|
|
echo "---> Buildah"
|
|
buildah version
|
|
echo
|
|
echo "---> bash"
|
|
bash --version
|
|
echo
|
|
echo "---> OS"
|
|
cat /etc/redhat-release
|
|
echo
|
|
|
|
# Check what is available and set env variables
|
|
if [ -f /registries/registries.conf ]; then
|
|
export CONTAINERS_REGISTRIES_CONF=/registries/registries.conf
|
|
fi
|
|
if [ -f /auth/.dockerconfigjson ]; then
|
|
export REGISTRY_AUTH_FILE=/auth/.dockerconfigjson
|
|
fi
|
|
|
|
# Extract the parent image name
|
|
FROM="$(sed -r 's/^FROM\s+(.*)\s*/\1/;t;d' "$(workspaces.source-workspace.path)/$(params.containerfile-path)")"
|
|
echo "Detected $FROM as parent image."
|
|
|
|
# Build images
|
|
declare -A PODMAN_ARCH_OPTS=(["aarch64"]="--platform linux/arm64/v8" ["x86_64"]="--platform linux/amd64")
|
|
buildah manifest create localhost/image
|
|
for arch; do
|
|
declare -a PODMAN_OPTS=( )
|
|
if [ -n "${PYPI_MIRROR_URL:-}" ]; then
|
|
PODMAN_OPTS+=( "--build-arg" "PYPI_MIRROR_URL=${PYPI_MIRROR_URL}" )
|
|
fi
|
|
if [ -f "/entitlements/$arch.tar" ]; then
|
|
echo "Using RHEL entitlements..."
|
|
rm -rf /tmp/entitlements
|
|
mkdir -p /tmp/entitlements
|
|
tar -xf /entitlements/$arch.tar -C /tmp/entitlements
|
|
PODMAN_OPTS+=( "-v" "/tmp/entitlements/etc/pki/entitlement/:/etc/pki/entitlement:z" )
|
|
PODMAN_OPTS+=( "-v" "/tmp/entitlements/etc/rhsm:/etc/rhsm:z" )
|
|
PODMAN_OPTS+=( "-v" "/tmp/entitlements/etc/pki/entitlement/:/run/secrets/etc-pki-entitlement:z" )
|
|
PODMAN_OPTS+=( "-v" "/tmp/entitlements/etc/rhsm:/run/secrets/rhsm:z" )
|
|
PODMAN_OPTS+=( "-v" "/tmp/entitlements/etc/rhsm:/run/secrets/rhsm:z" )
|
|
PODMAN_OPTS+=( "-v" "/tmp/entitlements/etc/yum.repos.d:/etc/yum.repos.d:z" )
|
|
fi
|
|
if [ -d "/caches/$arch/" ]; then
|
|
echo "Enabling cache..."
|
|
PODMAN_OPTS+=( "-v" "/caches/$arch/dnf:/var/cache/dnf:z" )
|
|
PODMAN_OPTS+=( "-v" "/caches/$arch/rpm-ostree:/var/cache/rpm-ostree:z" )
|
|
fi
|
|
if [ -d "/rpms/$arch/" ]; then
|
|
echo "Enabling RPM repositories..."
|
|
mkdir -p /tmp/rpms
|
|
cat > /tmp/rpms/local-rpms.repo <<EOF
|
|
[local-rpms]
|
|
name=Local RPMs Repository
|
|
baseurl=file:///opt/local-repo
|
|
enabled=1
|
|
gpgcheck=0
|
|
EOF
|
|
PODMAN_OPTS+=( "-v" "/tmp/rpms:/etc/yum.repos.d:z" )
|
|
PODMAN_OPTS+=( "-v" "/rpms/$arch:/opt/local-repo:z" )
|
|
fi
|
|
PODMAN_OPTS+=( "-f" "$(workspaces.source-workspace.path)/$(params.containerfile-path)" )
|
|
PODMAN_OPTS+=( "--no-cache" )
|
|
|
|
echo "Building image for $arch..."
|
|
( set -x ; buildah bud ${PODMAN_ARCH_OPTS[$arch]} "${PODMAN_OPTS[@]}" "-t" "localhost/image-$arch" $(workspaces.source-workspace.path)/$(params.context-dir) )
|
|
buildah manifest add localhost/image localhost/image-$arch
|
|
buildah rmi "$FROM"
|
|
done
|
|
|
|
# Push Manifest
|
|
echo "Pushing to $TARGET_IMAGE..."
|
|
buildah manifest push "--digestfile=$(results.image-digest.path)" localhost/image docker://$TARGET_IMAGE
|
|
securityContext:
|
|
## Buildah needs privileges to use the "overlay" Storage Driver.
|
|
privileged: true
|
|
|
|
## The "vfs" Storage Driver however requires less privileges.
|
|
#capabilities:
|
|
# add:
|
|
# - SETFCAP
|
|
volumeMounts:
|
|
- name: container-storage
|
|
mountPath: /var/lib/containers
|
|
|