bootc-base-images/Containerfile.base

# This is a relatively minimal base image build; it's intended as a derivation
# point.
#
# This container build uses nested containerization to construct
# a target rootfs from scratch; so you must build with e.g.
# podman build --security-opt=label=disable --cap-add=all --device /dev/fuse <...>

# If you want to configure the input rpm-md repositories, just override this
# container image.
FROM quay.io/fedora/fedora:rawhide as repos

# BOOTSTRAPPING: This can be any image that has rpm-ostree and selinux-policy-targeted.
FROM quay.io/fedora/fedora:rawhide as builder
RUN dnf -y install rpm-ostree selinux-policy-targeted
# Change the input manifest if desired, but this is discouraged.
ARG MANIFEST=fedora-tier-0.yaml
# Copy in our source code.
COPY . /src
WORKDIR /src
RUN --mount=type=cache,target=/workdir \
    --mount=type=bind,from=repos,target=/repos \
    --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \
    --mount=type=bind,from=repos,src=/,dst=/repos <<EORUN
set -xeuo pipefail
# Synchronize the dnf/rpm configs from the repos container.
for x in etc/dnf etc/yum.repos.d etc/pki/rpm-gpg; do
  rm -rf /"$x" && cp -a /repos/${x} /$x
done
# And copy to the workdir; TODO fix this in rpm-ostree
cp /etc/yum.repos.d/*.repo .
rpm-ostree compose image --image-config fedora-bootc-config.json \
    --cachedir=/workdir --format=ociarchive --initialize ${MANIFEST} \
    --source-root=/repos /buildcontext/out.ociarchive
EORUN

# This pulls in the OCI archive generated in the previous step.
FROM oci-archive:./out.ociarchive
# Need to reference builder here to force ordering. But since we have to run
# something anyway, we might as well cleanup after ourselves.
RUN --mount=type=bind,from=builder,src=.,target=/var/tmp \
    --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared \
      rm /buildcontext/out.ociarchive