build: use variables for push instead of hardcoded URLs

build: Enable zstd compression on image
build: Migrate from actions to shell
2026-01-08 20:05:04 +01:00 · 2026-01-08 20:02:53 +01:00 · 2026-01-08 19:50:56 +01:00
1 changed files with 38 additions and 46 deletions
--- a/.forgejo/workflows/build-image.yaml
+++ b/.forgejo/workflows/build-image.yaml
@ -16,35 +16,31 @@ jobs:
        uses: 'actions/checkout@v4'

      - name: 'Build image'
-        uses: 'https://git.uncontrol.me/ver4a-actions/buildah-build@v2-compat'
-        with:
-          image: 'registry.uncontrol.me/ver4a/oci-builder'
-          tags: 'ci-dev'
-          context: 'oci-builder'
-          containerfiles: 'oci-builder/Containerfile'
-          oci: true
-          extra-args: |
-            --userns=container
-            --security-opt=no-new-privileges
-            --annotation=quay.expires-after=
-          build-args: |
-            REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
-            NAMESPACE=${{ vars.NAMESPACE }}
-            GITHUB_RUN_ID=${{ env.GITHUB_RUN_ID }}
+        run: >
+          buildah bud
+          -f oci-builder/Containerfile
+          -t '${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:ci-dev'
+          --userns=container
+          --security-opt=no-new-privileges
+          --annotation=quay.expires-after=
+          --build-arg REGISTRY_DOMAIN='${{ vars.REGISTRY_DOMAIN }}'
+          --build-arg NAMESPACE='${{ vars.NAMESPACE }}'
+          --build-arg GITHUB_RUN_ID='${{ env.GITHUB_RUN_ID }}'
+          oci-builder

      - name: 'Log in to registry'
-        uses: 'actions/podman-login@v1'
-        with:
-          registry: ${{ vars.REGISTRY_DOMAIN }}
-          username: ${{ vars.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_PASSWORD }}
+        run: >
+          buildah login
+          -u '${{ vars.REGISTRY_USERNAME }}'
+          -p '${{ secrets.REGISTRY_PASSWORD }}'
+          '${{ vars.REGISTRY_DOMAIN }}'

      - name: 'Push :ci-dev to registry'
-        uses: 'actions/push-to-registry@v2'
-        with:
-          image: 'ver4a/oci-builder'
-          tags: 'ci-dev'
-          registry: 'registry.uncontrol.me'
+        run: >
+          buildah push
+          --compression-format=zstd
+          --compression-level='${{ vars.COMPRESSION_LEVEL }}'
+          '${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:ci-dev'

  test-oci-builder:
    name: 'Test oci-builder'
@ -59,21 +55,17 @@ jobs:
        uses: 'actions/checkout@v4'

      - name: 'Build image'
-        uses: 'https://git.uncontrol.me/ver4a-actions/buildah-build@v2-compat'
-        with:
-          image: 'registry.uncontrol.me/ver4a/oci-builder'
-          tags: 'throwaway'
-          context: 'oci-builder'
-          containerfiles: 'oci-builder/Containerfile'
-          oci: true
-          extra-args: |
-            --userns=container
-            --security-opt=no-new-privileges
-            --annotation=quay.expires-after=
-          build-args: |
-            REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
-            NAMESPACE=${{ vars.NAMESPACE }}
-            GITHUB_RUN_ID=${{ env.GITHUB_RUN_ID }}
+        run: >
+          buildah bud
+          -f oci-builder/Containerfile
+          -t '${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:throwaway'
+          --userns=container
+          --security-opt=no-new-privileges
+          --annotation=quay.expires-after=
+          --build-arg REGISTRY_DOMAIN='${{ vars.REGISTRY_DOMAIN }}'
+          --build-arg NAMESPACE='${{ vars.NAMESPACE }}'
+          --build-arg GITHUB_RUN_ID='${{ env.GITHUB_RUN_ID }}'
+          oci-builder

  release-oci-builder:
    name: 'Release oci-builder'
@ -85,11 +77,11 @@ jobs:
        run: 'diff <(echo $GITHUB_RUN_ID) /.github_run_id'

      - name: 'Log in to registry'
-        uses: 'actions/podman-login@v1'
-        with:
-          registry: '${{ vars.REGISTRY_DOMAIN }}'
-          username: '${{ vars.REGISTRY_USERNAME }}'
-          password: '${{ secrets.REGISTRY_PASSWORD }}'
+        run: >
+          buildah login
+          -u '${{ vars.REGISTRY_USERNAME }}'
+          -p '${{ secrets.REGISTRY_PASSWORD }}'
+          '${{ vars.REGISTRY_DOMAIN }}'

      - name: 'Move :ci-dev to :stable'
-        run: 'skopeo copy docker://registry.uncontrol.me/ver4a/oci-builder:ci-dev docker://registry.uncontrol.me/ver4a/oci-builder:stable'
+        run: 'skopeo copy docker://${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:ci-dev docker://${{ vars.REGISTRY_DOMAIN }}/${{ vars.NAMESPACE }}/oci-builder:stable'
Author	SHA1	Message	Date
ver4a	318cc844fb	build: use variables for push instead of hardcoded URLs All checks were successful / Test oci-builder (push) Successful in 50s Details / Release oci-builder (push) Successful in 1s Details / Build oci-builder (push) Successful in 45s Details	2026-01-08 20:05:04 +01:00
ver4a	decebdcdbe	build: Enable zstd compression on image	2026-01-08 20:02:53 +01:00
ver4a	2cd0f54c20	build: Migrate from actions to shell This commit removes the use of actions, replacing them with shell. Later I want to convert the commands into reusable shell scripts. The actions are currently not maintained (last commit to buildah build action is 2 years old), introduce maintenance burden and have their own bugs.	2026-01-08 19:50:56 +01:00