build: s/docker/podman pt. 2 - actually use buildah

yacoob · Dec 1, 2024 · bc2ca53 · bc2ca53
1 parent a03d9f7
commit bc2ca53
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 31 deletions.
diff --git a/.github/workflows/oci.yaml b/.github/workflows/oci.yaml
@@ -1,4 +1,4 @@
-name: Build and push image to GitHub Container Registry
+name: Build and push an image to GitHub Container Registry
 
 on:
   push:
@@ -35,38 +35,33 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Log in to GitHub Container Registry
-        if: ${{ env.SHOULD_PUSH == 'true' }}
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Work out container tags
         uses: docker/metadata-action@v5
-        id: docker-meta
+        id: tags
         with:
           images: ${{ env.TARGET }}
           tags: |
             type=sha,suffix=-${{ matrix.target }}
             type=raw,value=${{ matrix.target }},enable={{ is_default_branch }}
 
-      - name: Set up docker builder (buildx)
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and optionally push the ${{ matrix.target }} version
-        uses: docker/build-push-action@v6
+      - name: Build the ${{ matrix.target }} version
+        uses: redhat-actions/buildah-build@v2
         id: build
         with:
-          target: ${{ matrix.target }}
+          containerfiles: ./container/Containerfile
           context: .
-          file: ./container/Containerfile
-          push: ${{ env.SHOULD_PUSH == 'true' }}
-          labels: ${{ steps.docker-meta.outputs.labels }}
-          tags: ${{ steps.docker-meta.outputs.tags }}
-          cache-to: type=gha,mode=max
-          cache-from: type=gha
+          extra-args: --target=${{ matrix.target }}
+          labels: ${{ steps.tags.outputs.labels }}
+          tags: ${{ steps.tags.outputs.tags }}
+
+      - name: Push the ${{ matrix.target }} version
+        if: ${{ env.SHOULD_PUSH == 'true' }}
+        id: push
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          tags: ${{ steps.build.outputs.tags }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Notify dependent repositories
         if: ${{ env.SHOULD_PUSH == 'true' && matrix.target == 'base' }}
@@ -77,8 +72,9 @@ jobs:
           event-type: dependency-updated
 
       - name: Generate artifact attestation
+        if: ${{ env.SHOULD_PUSH == 'true' }}
         uses: actions/attest-build-provenance@v1
         with:
           subject-name: ${{ env.TARGET }}
           subject-digest: ${{ steps.build.outputs.digest }}
-          push-to-registry: ${{ env.SHOULD_PUSH == 'true' }}
+          push-to-registry: true
diff --git a/container/Containerfile b/container/Containerfile
@@ -5,7 +5,7 @@
 #          and during the build multiple `RUN` lines cache better
 # - 4006 - podman doesn't support this :[
 
-FROM fedora:latest AS common-builder
+FROM fedora:latest AS base-builder
 # Set up my user
 ARG UID
 ARG GID
@@ -26,16 +26,11 @@ RUN \
 # The context should contain the entire repository.
 COPY --chown=yacoob:yacoob . /home/yacoob/.local/share/chezmoi
 USER yacoob
-WORKDIR /home/yacoob/.local/bin
-# install eget
-RUN curl https://zyedidia.github.io/eget.sh | sh
-
-
-FROM common-builder AS base-builder
-USER yacoob
 WORKDIR /home/yacoob
 # Run chezmoi install script
 RUN ./.local/share/chezmoi/install.sh
+# install eget
+RUN (curl https://zyedidia.github.io/eget.sh | sh) && mv eget .local/bin/
 # start zsh so antidote can install plugins
 RUN  script -qec '/usr/bin/zsh -is </dev/null' /dev/null