build: Migrate from actions to shell

This commit removes the use of actions, replacing them with shell.

Later I want to convert the commands into reusable shell scripts. The actions are currently not maintained (last commit to buildah build action is 2 years old), introduce maintenance burden and have their own bugs.

.forgejo/workflows/build-image.yaml

@@ -16,35 +16,29 @@ jobs:
         uses: 'actions/checkout@v4'
 
       - name: 'Build image'
-        uses: 'https://git.uncontrol.me/ver4a-actions/buildah-build@v2-compat'
+        run: >
-        with:
+          buildah bud
-          image: 'registry.uncontrol.me/ver4a/oci-builder'
+          -f oci-builder/Containerfile
-          tags: 'ci-dev'
+          -t '${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:ci-dev'
-          context: 'oci-builder'
-          containerfiles: 'oci-builder/Containerfile'
-          oci: true
-          extra-args: |
           --userns=container
           --security-opt=no-new-privileges
           --annotation=quay.expires-after=
-          build-args: |
+          --build-arg REGISTRY_DOMAIN='${{ vars.REGISTRY_DOMAIN }}'
-            REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
+          --build-arg NAMESPACE='${{ vars.NAMESPACE }}'
-            NAMESPACE=${{ vars.NAMESPACE }}
+          --build-arg GITHUB_RUN_ID='${{ env.GITHUB_RUN_ID }}'
-            GITHUB_RUN_ID=${{ env.GITHUB_RUN_ID }}
+          oci-builder
 
       - name: 'Log in to registry'
-        uses: 'actions/podman-login@v1'
+        run: >
-        with:
+          buildah login
-          registry: ${{ vars.REGISTRY_DOMAIN }}
+          -u '${{ vars.REGISTRY_USERNAME }}'
-          username: ${{ vars.REGISTRY_USERNAME }}
+          -p '${{ secrets.REGISTRY_PASSWORD }}'
-          password: ${{ secrets.REGISTRY_PASSWORD }}
+          '${{ vars.REGISTRY_DOMAIN }}'
 
       - name: 'Push :ci-dev to registry'
-        uses: 'actions/push-to-registry@v2'
+        run: >
-        with:
+          buildah push
-          image: 'ver4a/oci-builder'
+          '${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:ci-dev'
-          tags: 'ci-dev'
-          registry: 'registry.uncontrol.me'
 
   test-oci-builder:
     name: 'Test oci-builder'
@@ -59,21 +53,17 @@ jobs:
         uses: 'actions/checkout@v4'
 
       - name: 'Build image'
-        uses: 'https://git.uncontrol.me/ver4a-actions/buildah-build@v2-compat'
+        run: >
-        with:
+          buildah bud
-          image: 'registry.uncontrol.me/ver4a/oci-builder'
+          -f oci-builder/Containerfile
-          tags: 'throwaway'
+          -t '${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:throwaway'
-          context: 'oci-builder'
-          containerfiles: 'oci-builder/Containerfile'
-          oci: true
-          extra-args: |
           --userns=container
           --security-opt=no-new-privileges
           --annotation=quay.expires-after=
-          build-args: |
+          --build-arg REGISTRY_DOMAIN='${{ vars.REGISTRY_DOMAIN }}'
-            REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
+          --build-arg NAMESPACE='${{ vars.NAMESPACE }}'
-            NAMESPACE=${{ vars.NAMESPACE }}
+          --build-arg GITHUB_RUN_ID='${{ env.GITHUB_RUN_ID }}'
-            GITHUB_RUN_ID=${{ env.GITHUB_RUN_ID }}
+          oci-builder
 
   release-oci-builder:
     name: 'Release oci-builder'
@@ -85,11 +75,11 @@ jobs:
         run: 'diff <(echo $GITHUB_RUN_ID) /.github_run_id'
 
       - name: 'Log in to registry'
-        uses: 'actions/podman-login@v1'
+        run: >
-        with:
+          buildah login
-          registry: '${{ vars.REGISTRY_DOMAIN }}'
+          -u '${{ vars.REGISTRY_USERNAME }}'
-          username: '${{ vars.REGISTRY_USERNAME }}'
+          -p '${{ secrets.REGISTRY_PASSWORD }}'
-          password: '${{ secrets.REGISTRY_PASSWORD }}'
+          '${{ vars.REGISTRY_DOMAIN }}'
 
       - name: 'Move :ci-dev to :stable'
         run: 'skopeo copy docker://registry.uncontrol.me/ver4a/oci-builder:ci-dev docker://registry.uncontrol.me/ver4a/oci-builder:stable'