From 2cd0f54c2033865e76654e200065494edf681b7f Mon Sep 17 00:00:00 2001 From: ver4a Date: Thu, 8 Jan 2026 19:50:56 +0100 Subject: [PATCH] build: Migrate from actions to shell This commit removes the use of actions, replacing them with shell. Later I want to convert the commands into reusable shell scripts. The actions are currently not maintained (last commit to buildah build action is 2 years old), introduce maintenance burden and have their own bugs. --- .forgejo/workflows/build-image.yaml | 80 +++++++++++++---------------- 1 file changed, 35 insertions(+), 45 deletions(-) diff --git a/.forgejo/workflows/build-image.yaml b/.forgejo/workflows/build-image.yaml index ab35662..6f310a7 100644 --- a/.forgejo/workflows/build-image.yaml +++ b/.forgejo/workflows/build-image.yaml @@ -16,35 +16,29 @@ jobs: uses: 'actions/checkout@v4' - name: 'Build image' - uses: 'https://git.uncontrol.me/ver4a-actions/buildah-build@v2-compat' - with: - image: 'registry.uncontrol.me/ver4a/oci-builder' - tags: 'ci-dev' - context: 'oci-builder' - containerfiles: 'oci-builder/Containerfile' - oci: true - extra-args: | - --userns=container - --security-opt=no-new-privileges - --annotation=quay.expires-after= - build-args: | - REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }} - NAMESPACE=${{ vars.NAMESPACE }} - GITHUB_RUN_ID=${{ env.GITHUB_RUN_ID }} + run: > + buildah bud + -f oci-builder/Containerfile + -t '${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:ci-dev' + --userns=container + --security-opt=no-new-privileges + --annotation=quay.expires-after= + --build-arg REGISTRY_DOMAIN='${{ vars.REGISTRY_DOMAIN }}' + --build-arg NAMESPACE='${{ vars.NAMESPACE }}' + --build-arg GITHUB_RUN_ID='${{ env.GITHUB_RUN_ID }}' + oci-builder - name: 'Log in to registry' - uses: 'actions/podman-login@v1' - with: - registry: ${{ vars.REGISTRY_DOMAIN }} - username: ${{ vars.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} + run: > + buildah login + -u '${{ vars.REGISTRY_USERNAME }}' + -p '${{ secrets.REGISTRY_PASSWORD }}' + '${{ vars.REGISTRY_DOMAIN }}' - name: 'Push :ci-dev to registry' - uses: 'actions/push-to-registry@v2' - with: - image: 'ver4a/oci-builder' - tags: 'ci-dev' - registry: 'registry.uncontrol.me' + run: > + buildah push + '${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:ci-dev' test-oci-builder: name: 'Test oci-builder' @@ -59,21 +53,17 @@ jobs: uses: 'actions/checkout@v4' - name: 'Build image' - uses: 'https://git.uncontrol.me/ver4a-actions/buildah-build@v2-compat' - with: - image: 'registry.uncontrol.me/ver4a/oci-builder' - tags: 'throwaway' - context: 'oci-builder' - containerfiles: 'oci-builder/Containerfile' - oci: true - extra-args: | - --userns=container - --security-opt=no-new-privileges - --annotation=quay.expires-after= - build-args: | - REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }} - NAMESPACE=${{ vars.NAMESPACE }} - GITHUB_RUN_ID=${{ env.GITHUB_RUN_ID }} + run: > + buildah bud + -f oci-builder/Containerfile + -t '${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:throwaway' + --userns=container + --security-opt=no-new-privileges + --annotation=quay.expires-after= + --build-arg REGISTRY_DOMAIN='${{ vars.REGISTRY_DOMAIN }}' + --build-arg NAMESPACE='${{ vars.NAMESPACE }}' + --build-arg GITHUB_RUN_ID='${{ env.GITHUB_RUN_ID }}' + oci-builder release-oci-builder: name: 'Release oci-builder' @@ -85,11 +75,11 @@ jobs: run: 'diff <(echo $GITHUB_RUN_ID) /.github_run_id' - name: 'Log in to registry' - uses: 'actions/podman-login@v1' - with: - registry: '${{ vars.REGISTRY_DOMAIN }}' - username: '${{ vars.REGISTRY_USERNAME }}' - password: '${{ secrets.REGISTRY_PASSWORD }}' + run: > + buildah login + -u '${{ vars.REGISTRY_USERNAME }}' + -p '${{ secrets.REGISTRY_PASSWORD }}' + '${{ vars.REGISTRY_DOMAIN }}' - name: 'Move :ci-dev to :stable' run: 'skopeo copy docker://registry.uncontrol.me/ver4a/oci-builder:ci-dev docker://registry.uncontrol.me/ver4a/oci-builder:stable'