REFACTOR(ci): migrate from Kaniko to Buildah
All checks were successful
Build and Push to Zot / build-and-push (push) Successful in 5m40s
All checks were successful
Build and Push to Zot / build-and-push (push) Successful in 5m40s
- Replace Kaniko with Buildah for OCI-native builds - Add --format oci flag for Zot compatibility - Use privileged container for Buildah operations
This commit is contained in:
@@ -15,8 +15,8 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- name: Create Build Job
|
- name: Create Build Job
|
||||||
run: |
|
run: |
|
||||||
JOB_NAME="kaniko-jovies-$(echo $GITHUB_SHA | cut -c1-7)"
|
JOB_NAME="buildah-jovies-$(echo $GITHUB_SHA | cut -c1-7)"
|
||||||
echo "Creating Kaniko Job: $JOB_NAME"
|
echo "Creating Buildah Job: $JOB_NAME"
|
||||||
|
|
||||||
cat <<EOF | kubectl apply -f -
|
cat <<EOF | kubectl apply -f -
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
@@ -30,30 +30,53 @@ jobs:
|
|||||||
template:
|
template:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: kaniko
|
- name: buildah
|
||||||
image: gcr.io/kaniko-project/executor:latest
|
image: quay.io/buildah/stable:latest
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
command: ["/bin/bash", "-c"]
|
||||||
args:
|
args:
|
||||||
- "--context=git://github0213.com/Mayne0213/jovies.git#refs/heads/main"
|
- |
|
||||||
- "--context-sub-path=nextjs"
|
set -ex
|
||||||
- "--dockerfile=Dockerfile"
|
echo "Cloning repository..."
|
||||||
- "--destination=${REGISTRY}/${IMAGE_NAME}:latest"
|
dnf install -y git
|
||||||
- "--destination=${REGISTRY}/${IMAGE_NAME}:${GITHUB_SHA}"
|
git clone https://github0213.com/Mayne0213/jovies.git /workspace
|
||||||
|
cd /workspace/nextjs
|
||||||
|
|
||||||
|
echo "Logging in to registry..."
|
||||||
|
buildah login -u \$(cat /secrets/username) -p \$(cat /secrets/password) ${REGISTRY}
|
||||||
|
|
||||||
|
echo "Building image..."
|
||||||
|
buildah build --format oci -t ${REGISTRY}/${IMAGE_NAME}:latest .
|
||||||
|
|
||||||
|
echo "Tagging with commit SHA..."
|
||||||
|
buildah tag ${REGISTRY}/${IMAGE_NAME}:latest ${REGISTRY}/${IMAGE_NAME}:${GITHUB_SHA}
|
||||||
|
|
||||||
|
echo "Pushing images..."
|
||||||
|
buildah push ${REGISTRY}/${IMAGE_NAME}:latest
|
||||||
|
buildah push ${REGISTRY}/${IMAGE_NAME}:${GITHUB_SHA}
|
||||||
|
|
||||||
|
echo "Done!"
|
||||||
|
env:
|
||||||
|
- name: REGISTRY
|
||||||
|
value: "${REGISTRY}"
|
||||||
|
- name: IMAGE_NAME
|
||||||
|
value: "${IMAGE_NAME}"
|
||||||
|
- name: GITHUB_SHA
|
||||||
|
value: "${GITHUB_SHA}"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: docker-config
|
- name: zot-creds
|
||||||
mountPath: /kaniko/.docker
|
mountPath: /secrets
|
||||||
volumes:
|
volumes:
|
||||||
- name: docker-config
|
- name: zot-creds
|
||||||
secret:
|
secret:
|
||||||
secretName: zot-registry-credentials
|
secretName: zot-registry-credentials-plain
|
||||||
items:
|
|
||||||
- key: .dockerconfigjson
|
|
||||||
path: config.json
|
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
- name: Wait for Build Job
|
- name: Wait for Build Job
|
||||||
run: |
|
run: |
|
||||||
JOB_NAME="kaniko-jovies-$(echo $GITHUB_SHA | cut -c1-7)"
|
JOB_NAME="buildah-jovies-$(echo $GITHUB_SHA | cut -c1-7)"
|
||||||
echo "Waiting for Job: $JOB_NAME"
|
echo "Waiting for Job: $JOB_NAME"
|
||||||
|
|
||||||
if ! kubectl wait --for=condition=complete job/$JOB_NAME -n gitea --timeout=900s; then
|
if ! kubectl wait --for=condition=complete job/$JOB_NAME -n gitea --timeout=900s; then
|
||||||
@@ -67,5 +90,5 @@ jobs:
|
|||||||
- name: Cleanup
|
- name: Cleanup
|
||||||
if: always()
|
if: always()
|
||||||
run: |
|
run: |
|
||||||
JOB_NAME="kaniko-jovies-$(echo $GITHUB_SHA | cut -c1-7)"
|
JOB_NAME="buildah-jovies-$(echo $GITHUB_SHA | cut -c1-7)"
|
||||||
kubectl delete job $JOB_NAME -n gitea --ignore-not-found
|
kubectl delete job $JOB_NAME -n gitea --ignore-not-found
|
||||||
|
|||||||
Reference in New Issue
Block a user