pulpo/namandu.yaml

## namandu.yaml
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: namandu
  labels:
    app.kubernetes.io/version: "0.5"
  annotations:
    tekton.dev/categories: Image Build
    tekton.dev/pipelines.minVersion: "0.17.0"
    tekton.dev/tags: image-build
    tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
spec:
  description: >-
    This work is based on buildah task.
    Namandu task builds, with multiarch support, source into a container image and
    then pushes it to a container registry.

    Buildah Task builds source into a container image using Project Atomic's
    Buildah build tool.It uses Buildah's support for building from Dockerfiles,
    using its buildah bud command.This command executes the directives in the
    Dockerfile to assemble a container image, then pushes that image to a
    container registry.

  params:
  - name: IMAGE
    description: Reference of the image buildah will produce.
  - name: BUILDER_IMAGE
    description: The location of the buildah builder image.
    default: quay.io/buildah/stable:v1.30.0
  - name: STORAGE_DRIVER
    description: Set buildah storage driver
    default: overlay
  - name: DOCKERFILE
    description: Path to the Dockerfile to build.
    default: ./Dockerfile
  - name: CONTEXT
    description: Path to the directory to use as context.
    default: .
  - name: TLSVERIFY
    description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
    default: "true"
  - name: FORMAT
    description: The format of the built container, oci or docker
    default: "oci"
  - name: BUILD_EXTRA_ARGS
    description: Extra parameters passed for the build command when building images.
    default: ""
  - name: PUSH_EXTRA_ARGS
    description: Extra parameters passed for the push command when pushing images.
    type: string
    default: ""
  - name: SKIP_PUSH
    description: Skip pushing the built image
    default: "false"
  - name: TAG
    description: Image tag
    default: "latest"
  - name: CHANGES
    description: Script with changes to apply before building
    default: |
      echo nothing to apply

  workspaces:
  - name: source
  - name: sslcertdir
    optional: true
  - name: dockerconfig
    description: >-
      An optional workspace that allows providing a .docker/config.json file
      for Buildah to access the container registry.
      The file should be placed at the root of the Workspace with name config.json.
    optional: true
  results:
  - name: IMAGE_DIGEST
    description: Digest of the image just built.
  - name: IMAGE_URL
    description: Image repository where the built image would be pushed to
  steps:
  - name: patch
    image: ubuntu
    workingDir: $(workspaces.source.path)
    command: ["bash"]
    args: ["-c","$(params.CHANGES)"]
  - name: build
    image: $(params.BUILDER_IMAGE)
    workingDir: $(workspaces.source.path)
    script: |
      # add some extra config to search on docker.io and don't broke already well knowed images
      echo 'unqualified-search-registries = ["docker.io"]' >> /etc/containers/registries.conf

      [[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
      [[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
      buildah manifest create multiarchmanifest
      buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) bud \
      $(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) --manifest multiarchmanifest \
        --tls-verify=$(params.TLSVERIFY) --no-cache \
      -f $(params.DOCKERFILE) -t $(params.IMAGE):$(params.TAG) $(params.CONTEXT)
      [[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0
      #      buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) push \
      #        $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \
      #        --digestfile /tmp/image-digest $(params.IMAGE):$(params.IMAGE) \
      #        docker://$(params.IMAGE):$(params.IMAGE)
      buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) manifest push \
               $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \
               --digestfile /tmp/image-digest --rm multiarchmanifest \
               --format=$(params.FORMAT) docker://$(params.IMAGE):$(params.TAG)

      cat /tmp/image-digest | tee $(results.IMAGE_DIGEST.path)
      echo -n "$(params.IMAGE)" | tee $(results.IMAGE_URL.path)
    volumeMounts:
    - name: varlibcontainers
      mountPath: /var/lib/containers
    securityContext:
      privileged: true
  volumes:
  - name: varlibcontainers
    emptyDir: {}
	---
	apiVersion: tekton.dev/v1beta1
	kind: Task
	metadata:
	name: namandu
	labels:
	app.kubernetes.io/version: "0.5"
	annotations:
	tekton.dev/categories: Image Build
	tekton.dev/pipelines.minVersion: "0.17.0"
	tekton.dev/tags: image-build
	tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"
	spec:
	description: >-
	This work is based on buildah task.
	Namandu task builds, with multiarch support, source into a container image and
	then pushes it to a container registry.

	Buildah Task builds source into a container image using Project Atomic's
	Buildah build tool.It uses Buildah's support for building from Dockerfiles,
	using its buildah bud command.This command executes the directives in the
	Dockerfile to assemble a container image, then pushes that image to a
	container registry.

	params:
	- name: IMAGE
	description: Reference of the image buildah will produce.
	- name: BUILDER_IMAGE
	description: The location of the buildah builder image.
	default: quay.io/buildah/stable:v1.30.0
	- name: STORAGE_DRIVER
	description: Set buildah storage driver
	default: overlay
	- name: DOCKERFILE
	description: Path to the Dockerfile to build.
	default: ./Dockerfile
	- name: CONTEXT
	description: Path to the directory to use as context.
	default: .
	- name: TLSVERIFY
	description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
	default: "true"
	- name: FORMAT
	description: The format of the built container, oci or docker
	default: "oci"
	- name: BUILD_EXTRA_ARGS
	description: Extra parameters passed for the build command when building images.
	default: ""
	- name: PUSH_EXTRA_ARGS
	description: Extra parameters passed for the push command when pushing images.
	type: string
	default: ""
	- name: SKIP_PUSH
	description: Skip pushing the built image
	default: "false"
	- name: TAG
	description: Image tag
	default: "latest"
	- name: CHANGES
	description: Script with changes to apply before building
	default: \|
	echo nothing to apply

	workspaces:
	- name: source
	- name: sslcertdir
	optional: true
	- name: dockerconfig
	description: >-
	An optional workspace that allows providing a .docker/config.json file
	for Buildah to access the container registry.
	The file should be placed at the root of the Workspace with name config.json.
	optional: true
	results:
	- name: IMAGE_DIGEST
	description: Digest of the image just built.
	- name: IMAGE_URL
	description: Image repository where the built image would be pushed to
	steps:
	- name: patch
	image: ubuntu
	workingDir: $(workspaces.source.path)
	command: ["bash"]
	args: ["-c","$(params.CHANGES)"]
	- name: build
	image: $(params.BUILDER_IMAGE)
	workingDir: $(workspaces.source.path)
	script: \|
	# add some extra config to search on docker.io and don't broke already well knowed images
	echo 'unqualified-search-registries = ["docker.io"]' >> /etc/containers/registries.conf

	[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
	[[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
	buildah manifest create multiarchmanifest
	buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) bud \
	$(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) --manifest multiarchmanifest \
	--tls-verify=$(params.TLSVERIFY) --no-cache \
	-f $(params.DOCKERFILE) -t $(params.IMAGE):$(params.TAG) $(params.CONTEXT)
	[[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0
	# buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) push \
	# $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \
	# --digestfile /tmp/image-digest $(params.IMAGE):$(params.IMAGE) \
	# docker://$(params.IMAGE):$(params.IMAGE)
	buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) manifest push \
	$(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \
	--digestfile /tmp/image-digest --rm multiarchmanifest \
	--format=$(params.FORMAT) docker://$(params.IMAGE):$(params.TAG)

	cat /tmp/image-digest \| tee $(results.IMAGE_DIGEST.path)
	echo -n "$(params.IMAGE)" \| tee $(results.IMAGE_URL.path)
	volumeMounts:
	- name: varlibcontainers
	mountPath: /var/lib/containers
	securityContext:
	privileged: true
	volumes:
	- name: varlibcontainers
	emptyDir: {}