Rework to stop using removed buildah feature

We can't rely on https://github.com/containers/buildah/issues/5952 anymore. Signed-off-by: Colin Walters <walters@verbum.org>
2025-01-30 17:23:20 -05:00 · 2025-01-30 17:23:20 -05:00 · aae17241d8
parent 237acccc60
commit aae17241d8
3 changed files with 18 additions and 36 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -6,12 +6,19 @@ variables:

 .build-image:
  stage: build
-  image: quay.io/buildah/stable:v1.38.0
+  # For newer rpm-ostree
+  image: registry.gitlab.com/fedora/bootc/base-images-dev/fedora-bootc-dev:rawhide
  needs: []

 build:
  extends: .build-image
  stage: build
  script: |
-    buildah bud -f Containerfile.base --no-cache --security-opt=label=disable --cap-add=all --device /dev/fuse -t ${IMAGE_PREFIX}-base .
-    buildah bud -f Containerfile --no-cache --from ${IMAGE_PREFIX}-base -t ${IMAGE_PREFIX}-standard .
+    # Necessary for nested containerization
+    export BUILDAH_ISOLATION=chroot
+    podman build -f Containerfile.base --no-cache --security-opt=label=disable --cap-add=all --device /dev/fuse -t ${IMAGE_PREFIX}-base:tmp .
+    rpm-ostree experimental compose build-chunked-oci --bootc --format-version=1 \
+           --from=${IMAGE_PREFIX}-base:tmp --output containers-storage:${IMAGE_PREFIX}-base
+    podman build -f Containerfile --no-cache --from ${IMAGE_PREFIX}-base -t ${IMAGE_PREFIX}-standard:tmp .
+    rpm-ostree experimental compose build-chunked-oci --bootc --format-version=1 \
+           --from=${IMAGE_PREFIX}-standard:tmp --output containers-storage:${IMAGE_PREFIX}-standard
--- a/19
+++ b/19
@ -1,7 +1,7 @@
 # This generates the default base image.

 # This is a local reference by default because we haven't shipped this image yet.
-FROM localhost/fedora-bootc:base as rootfs
+FROM localhost/fedora-bootc:base
 # Drop our package sets into /usr/share/doc, so that other things can parse it
 COPY packages*.txt /usr/share/doc/fedora-bootc/
 # Overlay our defaults
@ -40,20 +40,3 @@ dnf clean all
 rm -vrf /var/log /var/cache /var/lib/dnf
 bootc container lint
 EORUN
-
-# This image just needs rpm-ostree in the end that has
-# https://github.com/coreos/rpm-ostree/issues/5221
-FROM registry.gitlab.com/fedora/bootc/base-images-dev/fedora-bootc-dev:rawhide as builder
-RUN --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \
-    --mount=from=rootfs,dst=/rootfs <<EORUN
-set -xeuo pipefail
-rm /buildcontext/out.oci -rf
-rpm-ostree experimental compose build-chunked-oci --bootc --format-version=1 \
-           --rootfs=/rootfs --output /buildcontext/out.oci
-EORUN
-
-FROM oci:./out.oci
-# Need to reference builder here to force ordering. But since we have to run
-# something anyway, we might as well cleanup after ourselves.
-RUN --mount=type=bind,from=builder,src=.,target=/var/tmp \
-    --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared rm /buildcontext/out.oci -rf
--- a/Containerfile.base
+++ b/Containerfile.base
@ -10,15 +10,12 @@
 FROM quay.io/fedora/fedora:rawhide as repos

 # BOOTSTRAPPING: This can be any image that has the following packages.
-FROM quay.io/fedora/fedora:rawhide as builder
+FROM registry.gitlab.com/fedora/bootc/base-images-dev/fedora-bootc-dev:rawhide as builder
 RUN dnf -y install rpm-ostree selinux-policy-targeted sqlite
 # Copy in our source code.
 COPY . /src
 WORKDIR /src
-RUN --mount=type=cache,target=/workdir \
-    --mount=type=bind,from=repos,target=/repos \
-    --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \
-    --mount=type=bind,from=repos,src=/,dst=/repos <<EORUN
+RUN --mount=type=bind,from=repos,src=/,dst=/repos <<EORUN
 set -xeuo pipefail
 # Synchronize the dnf/rpm configs from the repos container.
 for x in etc/dnf etc/yum.repos.d etc/pki/rpm-gpg; do
@ -26,13 +23,12 @@ for x in etc/dnf etc/yum.repos.d etc/pki/rpm-gpg; do
 done
 # And copy to the workdir; TODO fix this in rpm-ostree
 cp /etc/yum.repos.d/*.repo base
-rpm-ostree compose image \
-    --cachedir=/workdir --format=ociarchive --initialize base/manifest.yaml \
-    --source-root=/repos /buildcontext/out.ociarchive
+env RUST_LOG=debug rpm-ostree experimental compose rootfs --source-root=/repos base/manifest.yaml /target-rootfs
 EORUN

-# This pulls in the OCI archive generated in the previous step.
-FROM oci-archive:./out.ociarchive
+# This pulls in the rootfs generated in the previous step
+FROM scratch
+COPY --from=builder /target-rootfs/ /
 LABEL containers.bootc 1
 # This is an ad-hoc way for us to reference bootc-image-builder in
 # a way that in theory client tooling can inspect and find. Today
@ -43,8 +39,4 @@ ENV container=oci
 # Make systemd the default
 STOPSIGNAL SIGRTMIN+3
 CMD ["/sbin/init"]
-# Need to reference builder here to force ordering. But since we have to run
-# something anyway, we might as well cleanup after ourselves.
-RUN --mount=type=bind,from=builder,src=.,target=/var/tmp \
-    --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \
-      rm /buildcontext/out.ociarchive
+