#!/bin/bash set -Eeuo pipefail if [[ "$UID" -ne 0 ]]; then echo "This command must be run as root!" exit 1 fi if [ "$#" -lt 1 ]; then echo "Usage: $0 [qcow2-target-image]" exit 1 fi TARGET_IMAGE="$1" QCOW2_TARGET_IMAGE="${2:-}" # Parses the target image to get the tag and registry # Example: myregistry.com/myimage:tag -> (myregistry.com/myimage + tag) if [[ "$TARGET_IMAGE" == *":"* ]]; then TARGET_IMAGE_NAME="${TARGET_IMAGE%%:*}" TARGET_IMAGE_TAG="${TARGET_IMAGE##*:}" else TARGET_IMAGE_NAME="$TARGET_IMAGE" TARGET_IMAGE_TAG="latest" TARGET_IMAGE="${IMAGE_NAME}:latest" fi # Compute the qcow2 target image if not provided if [ -z "$QCOW2_TARGET_IMAGE" ]; then QCOW2_TARGET_IMAGE="${TARGET_IMAGE_NAME}-qcow2:${TARGET_IMAGE_TAG}" fi OCI_REGISTRY="${TARGET_IMAGE%%/*}" SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" PROJECT_DIR="$(dirname "$SCRIPT_DIR")" export REGISTRY_AUTH_FILE="$PROJECT_DIR/auth.json" if [ ! -f "$REGISTRY_AUTH_FILE" ]; then echo "Please enter your credentials for ${OCI_REGISTRY}:" podman login "${OCI_REGISTRY}" fi echo "Building and pushing image $QCOW2_TARGET_IMAGE..." temp_dir="$(mktemp -d)" trap 'rm -rf "$temp_dir"' EXIT function bootc_image_builder () { local config="$1" shift podman run --rm -it --privileged --pull=newer --security-opt label=type:unconfined_t -v "$config:/$(basename $config):ro" \ -v $temp_dir:/output -v /var/lib/containers/storage:/var/lib/containers/storage \ registry.redhat.io/rhel10/bootc-image-builder:latest --config "/$(basename $config)" "$@" } bootc_image_builder "$PROJECT_DIR/config.toml" --type qcow2 "$TARGET_IMAGE" podman artifact add "$QCOW2_TARGET_IMAGE" "$temp_dir/qcow2/disk.qcow2" podman artifact push --sign-by-sigstore-private-key "$PROJECT_DIR/signing-key.private" --sign-passphrase-file "$PROJECT_DIR/signing-key.pass" "$QCOW2_TARGET_IMAGE" podman artifact rm "$QCOW2_TARGET_IMAGE"