apiVersion: tekton.dev/v1 kind: Task metadata: name: buildah-build-push namespace: tekton-pipelines spec: description: Build container image with Buildah and push to registry params: - name: IMAGE description: Full image reference (registry/repo:tag) type: string - name: DOCKERFILE description: Path to Dockerfile type: string default: ./Dockerfile - name: CONTEXT description: Build context directory type: string default: . - name: BUILD_ARGS description: Build arguments (key=value format, one per line) type: string default: "" workspaces: - name: source description: Source code workspace - name: dockerconfig description: Docker config for registry auth optional: true results: - name: IMAGE_DIGEST description: Digest of built image - name: IMAGE_URL description: Full URL of pushed image steps: - name: build-and-push image: quay.io/buildah/stable:v1.33 securityContext: privileged: true workingDir: $(workspaces.source.path) env: - name: BUILD_ARGS value: $(params.BUILD_ARGS) script: | #!/usr/bin/env bash set -ex REGISTRY=$(echo "$(params.IMAGE)" | cut -d'/' -f1) DOCKER_CONFIG="$(workspaces.dockerconfig.path)/.dockerconfigjson" # Login to registry if [ -f "$DOCKER_CONFIG" ]; then USER=$(sed -n 's/.*"username":"\([^"]*\)".*/\1/p' "$DOCKER_CONFIG") PASS=$(sed -n 's/.*"password":"\([^"]*\)".*/\1/p' "$DOCKER_CONFIG") buildah login -u "$USER" -p "$PASS" "$REGISTRY" fi # Parse build args BUILD_ARGS_FLAGS="" while IFS= read -r line; do [ -n "$line" ] && BUILD_ARGS_FLAGS="$BUILD_ARGS_FLAGS --build-arg $line" done <<< "$BUILD_ARGS" # Build and push buildah bud --platform linux/arm64 --format docker \ -f $(params.DOCKERFILE) -t $(params.IMAGE) $BUILD_ARGS_FLAGS $(params.CONTEXT) buildah push --digestfile /tmp/image-digest $(params.IMAGE) # Output results cat /tmp/image-digest | tee $(results.IMAGE_DIGEST.path) echo -n "$(params.IMAGE)" | tee $(results.IMAGE_URL.path)