Switch to Buildah for container builds (#51)
All checks were successful
Test CI / test (push) Successful in 4s
All checks were successful
Test CI / test (push) Successful in 4s
## Summary - Replace Docker with Buildah for container image builds - No Docker socket required - buildah is daemonless - Cleaner security model (no privileged containers or socket mounting) - Remove Docker-related security context from deployment ## Changes - Update Dockerfile to install buildah/podman instead of docker-cli - Configure buildah storage with overlay driver and fuse-overlayfs - Update composite action to use `buildah bud` and `buildah push` - Add `imagePullPolicy: Always` to ensure fresh image pulls - Update test workflow to verify buildah/podman ## Testing - [ ] Runner pod starts successfully - [ ] Buildah is available in runner - [ ] Test workflow verifies buildah/podman versions - [ ] Container build workflow builds and pushes to zot 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/51
This commit is contained in:
parent
5fcd122494
commit
8ca8798121
23 changed files with 366 additions and 163 deletions
53
mise-tasks/container-list
Executable file
53
mise-tasks/container-list
Executable file
|
|
@ -0,0 +1,53 @@
|
|||
#!/usr/bin/env bash
|
||||
#MISE description="List available containers and their recent tags"
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
REGISTRY="registry.tail8d86e.ts.net"
|
||||
WORKFLOW_DIR=".forgejo/workflows"
|
||||
|
||||
echo "Container Images"
|
||||
echo "================"
|
||||
echo ""
|
||||
|
||||
# Find all build-*.yaml workflows
|
||||
for workflow in "$WORKFLOW_DIR"/build-*.yaml; do
|
||||
[[ -f "$workflow" ]] || continue
|
||||
|
||||
# Extract container name from filename: build-runner.yaml -> runner
|
||||
filename=$(basename "$workflow")
|
||||
container="${filename#build-}"
|
||||
container="${container%.yaml}"
|
||||
|
||||
# Skip if not a container build workflow (check for image_name)
|
||||
if ! grep -q "image_name:" "$workflow" 2>/dev/null; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# Extract image name from workflow
|
||||
image=$(grep -E "^\s+image_name:" "$workflow" | head -1 | awk '{print $2}')
|
||||
|
||||
echo "📦 $container"
|
||||
echo " Image: $REGISTRY/$image"
|
||||
echo " Workflow: $workflow"
|
||||
|
||||
# Query zot for recent tags
|
||||
tags=$(curl -sf "https://$REGISTRY/v2/$image/tags/list" 2>/dev/null | jq -r '.tags // [] | .[]' | grep -E '^v[0-9]' | sort -V | tail -4 || true)
|
||||
|
||||
if [[ -n "$tags" ]]; then
|
||||
echo " Recent tags:"
|
||||
echo "$tags" | while read -r tag; do
|
||||
echo " - $tag"
|
||||
done
|
||||
else
|
||||
echo " Recent tags: (none)"
|
||||
fi
|
||||
echo ""
|
||||
done
|
||||
|
||||
echo "---"
|
||||
echo "To release a new version:"
|
||||
echo " mise run container-release <container> <version>"
|
||||
echo ""
|
||||
echo "Example:"
|
||||
echo " mise run container-release runner v1.0.0"
|
||||
Loading…
Add table
Add a link
Reference in a new issue