Erich Blume
8ca8798121
All checks were successful
Test CI / test (push) Successful in 4s
## Summary - Replace Docker with Buildah for container image builds - No Docker socket required - buildah is daemonless - Cleaner security model (no privileged containers or socket mounting) - Remove Docker-related security context from deployment ## Changes - Update Dockerfile to install buildah/podman instead of docker-cli - Configure buildah storage with overlay driver and fuse-overlayfs - Update composite action to use `buildah bud` and `buildah push` - Add `imagePullPolicy: Always` to ensure fresh image pulls - Update test workflow to verify buildah/podman ## Testing - [ ] Runner pod starts successfully - [ ] Buildah is available in runner - [ ] Test workflow verifies buildah/podman versions - [ ] Container build workflow builds and pushes to zot 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/51
54 lines
1.9 KiB
YAML
54 lines
1.9 KiB
YAML
name: 'Build and Push Image'
|
|
description: 'Build a container image with Docker and push to zot registry'
|
|
|
|
# TODO: Investigate zot tag immutability to prevent overwriting released versions
|
|
# See: https://zotregistry.dev/v2.1.1/articles/immutable-tags/
|
|
|
|
inputs:
|
|
context:
|
|
description: 'Build context path'
|
|
required: true
|
|
dockerfile:
|
|
description: 'Dockerfile path (relative to context)'
|
|
required: false
|
|
default: 'Dockerfile'
|
|
image_name:
|
|
description: 'Image name (without registry, e.g. blumeops/devpi)'
|
|
required: true
|
|
version:
|
|
description: 'Version tag (e.g. v1.0.0)'
|
|
required: true
|
|
registry:
|
|
description: 'Registry URL'
|
|
required: false
|
|
default: 'registry.tail8d86e.ts.net'
|
|
|
|
runs:
|
|
using: 'composite'
|
|
steps:
|
|
- name: Build image with Docker
|
|
shell: bash
|
|
run: |
|
|
echo "Building ${{ inputs.image_name }}:${{ inputs.version }}"
|
|
docker build \
|
|
--tag ${{ inputs.registry }}/${{ inputs.image_name }}:${{ inputs.version }} \
|
|
--tag ${{ inputs.registry }}/${{ inputs.image_name }}:${{ github.sha }} \
|
|
--file ${{ inputs.context }}/${{ inputs.dockerfile }} \
|
|
${{ inputs.context }}
|
|
|
|
- name: Push to registry
|
|
shell: bash
|
|
run: |
|
|
echo "Pushing ${{ inputs.image_name }}:${{ inputs.version }}"
|
|
docker push ${{ inputs.registry }}/${{ inputs.image_name }}:${{ inputs.version }}
|
|
docker push ${{ inputs.registry }}/${{ inputs.image_name }}:${{ github.sha }}
|
|
|
|
- name: Summary
|
|
shell: bash
|
|
run: |
|
|
echo "Built and pushed:"
|
|
echo " ${{ inputs.registry }}/${{ inputs.image_name }}:${{ inputs.version }}"
|
|
echo " ${{ inputs.registry }}/${{ inputs.image_name }}:${{ github.sha }}"
|
|
echo ""
|
|
echo "Registry tags:"
|
|
curl -sf "https://${{ inputs.registry }}/v2/${{ inputs.image_name }}/tags/list" | jq -r '.tags[]' | sort -V | tail -10 || true
|