Created
June 9, 2023 23:51
-
-
Save pulpo/fa0a34e717de398754530917c8a274ae to your computer and use it in GitHub Desktop.
tekton buildah multiarch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: tekton.dev/v1beta1 | |
kind: Task | |
metadata: | |
name: buildah | |
labels: | |
app.kubernetes.io/version: "0.5" | |
annotations: | |
tekton.dev/categories: Image Build | |
tekton.dev/pipelines.minVersion: "0.17.0" | |
tekton.dev/tags: image-build | |
tekton.dev/platforms: "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64" | |
spec: | |
description: >- | |
Buildah task builds source into a container image and | |
then pushes it to a container registry. | |
Buildah Task builds source into a container image using Project Atomic's | |
Buildah build tool.It uses Buildah's support for building from Dockerfiles, | |
using its buildah bud command.This command executes the directives in the | |
Dockerfile to assemble a container image, then pushes that image to a | |
container registry. | |
params: | |
- name: IMAGE | |
description: Reference of the image buildah will produce. | |
- name: BUILDER_IMAGE | |
description: The location of the buildah builder image. | |
default: quay.io/buildah/stable:v1.30.0 | |
- name: STORAGE_DRIVER | |
description: Set buildah storage driver | |
default: overlay | |
- name: DOCKERFILE | |
description: Path to the Dockerfile to build. | |
default: ./Dockerfile | |
- name: CONTEXT | |
description: Path to the directory to use as context. | |
default: . | |
- name: TLSVERIFY | |
description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry) | |
default: "true" | |
- name: FORMAT | |
description: The format of the built container, oci or docker | |
default: "oci" | |
- name: BUILD_EXTRA_ARGS | |
description: Extra parameters passed for the build command when building images. | |
default: "" | |
- name: PUSH_EXTRA_ARGS | |
description: Extra parameters passed for the push command when pushing images. | |
type: string | |
default: "" | |
- name: SKIP_PUSH | |
description: Skip pushing the built image | |
default: "false" | |
- name: TAG | |
description: Image tag | |
default: "latest" | |
workspaces: | |
- name: source | |
- name: sslcertdir | |
optional: true | |
- name: dockerconfig | |
description: >- | |
An optional workspace that allows providing a .docker/config.json file | |
for Buildah to access the container registry. | |
The file should be placed at the root of the Workspace with name config.json. | |
optional: true | |
results: | |
- name: IMAGE_DIGEST | |
description: Digest of the image just built. | |
- name: IMAGE_URL | |
description: Image repository where the built image would be pushed to | |
steps: | |
- name: build | |
image: $(params.BUILDER_IMAGE) | |
workingDir: $(workspaces.source.path) | |
script: | | |
# add some extra config to search on docker.io and don't broke already well knowed images | |
echo 'unqualified-search-registries = ["docker.io"]' >> /etc/containers/registries.conf | |
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)" | |
[[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)" | |
buildah manifest create multiarchmanifest | |
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) bud \ | |
$(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) --manifest multiarchmanifest \ | |
--tls-verify=$(params.TLSVERIFY) --no-cache \ | |
-f $(params.DOCKERFILE) -t $(params.IMAGE):$(params.TAG) $(params.CONTEXT) | |
[[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0 | |
# buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) push \ | |
# $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \ | |
# --digestfile /tmp/image-digest $(params.IMAGE):$(params.IMAGE) \ | |
# docker://$(params.IMAGE):$(params.IMAGE) | |
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) manifest push \ | |
$(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \ | |
--digestfile /tmp/image-digest --rm multiarchmanifest \ | |
--format=$(params.FORMAT) docker://$(params.IMAGE):$(params.TAG) | |
cat /tmp/image-digest | tee $(results.IMAGE_DIGEST.path) | |
echo -n "$(params.IMAGE)" | tee $(results.IMAGE_URL.path) | |
volumeMounts: | |
- name: varlibcontainers | |
mountPath: /var/lib/containers | |
securityContext: | |
privileged: true | |
volumes: | |
- name: varlibcontainers | |
emptyDir: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment