diff --git a/.github/workflows/buildah.yml b/.github/workflows/buildah.yml new file mode 100644 index 0000000..4b8abc6 --- /dev/null +++ b/.github/workflows/buildah.yml @@ -0,0 +1,45 @@ +name: Build Buildah + +on: + push: + branches: ["*"] + paths: 'buildah/**' + tags: ["v*"] + +jobs: + build-and-push: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Generate container metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: ghcr.io/obmondo/buildah + tags: | + type=semver,pattern={{version}},value=v1.32.0 + type=ref,event=tag + flavor: | + latest=false + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build & push container image + id: docker_build + uses: docker/build-push-action@v2 + with: + file: "./buildah/Dockerfile" + context: . + labels: ${{ steps.meta.outputs.labels }} + push: true + tags: ${{ steps.meta.outputs.tags }} diff --git a/buildah/Dockerfile b/buildah/Dockerfile new file mode 100644 index 0000000..b3f2444 --- /dev/null +++ b/buildah/Dockerfile @@ -0,0 +1,17 @@ +FROM quay.io/buildah/stable:v1.32.0 + +RUN touch /etc/subgid /etc/subuid \ +&& chmod g=u /etc/subgid /etc/subuid /etc/passwd \ +&& echo build:10000:65536 > /etc/subuid \ +&& echo build:10000:65536 > /etc/subgid + +# Use chroot since the default runc does not work when running rootless +RUN echo "export BUILDAH_ISOLATION=chroot" >> /home/build/.bashrc + +# Use VFS since fuse does not work +RUN mkdir -p /home/build/.config/containers \ +&& (echo '[storage]';echo 'driver = "vfs"') > /home/build/.config/containers/storage.conf + +# The buildah container will run as `build` user +USER build +WORKDIR /home/build