on:
  push:

jobs:
  oci-builder:
    name: 'Build oci-builder'
    runs-on: 'oci-builder'

    steps:
      - uses: 'actions/checkout@v4'

      - name: 'Build image'
        uses: 'https://git.uncontrol.me/ver4a-actions/buildah-build@v2'
        with:
          image: 'registry.uncontrol.me/ver4a/oci-builder'
          containerfiles: 'Dockerfile'
          oci: true
          extra-args: |
            userns=container
            security-opt=no-new-privileges
            annotation=quay.expires-after=
          build-args: |
            REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
            NAMESPACE=${{ vars.NAMESPACE }}