ci(bluebuild): use ghcr.io/blue-build/cli container instead of action
Some checks failed
Build veilor-os OCI (BlueBuild) / Build + push OCI (push) Failing after 53s
Some checks failed
Build veilor-os OCI (BlueBuild) / Build + push OCI (push) Failing after 53s
The blue-build/github-action requires docker buildx which podman doesn't ship. Symlinking podman as docker isn't enough — the action calls 'docker buildx inspect' / 'docker buildx rm' which podman doesn't implement. Pull the official BlueBuild CLI container and run it with --build-driver buildah; works against podman storage with no docker dependency. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
claude-veilor-bot
parent
17e2d0523d
commit
f86e0f5fc6
1 changed files with 20 additions and 17 deletions
37
.github/workflows/build-bluebuild.yml
vendored
37
.github/workflows/build-bluebuild.yml
vendored
|
|
@ -95,26 +95,29 @@ jobs:
|
|||
chmod +x /usr/local/bin/cosign
|
||||
cosign version
|
||||
|
||||
- name: Build OCI image with BlueBuild action
|
||||
- name: Build OCI image with BlueBuild CLI container
|
||||
id: bluebuild
|
||||
# Composite action — runs podman + buildah inside; works on
|
||||
# Forgejo runner same as GH-hosted. Pinned to commit SHA per
|
||||
# the v0.5 CI hardening pass.
|
||||
uses: blue-build/github-action@24d146df25adc2cf579e918efe2d9bff6adea408 # v1
|
||||
with:
|
||||
recipe: bluebuild/recipe.yml
|
||||
# registry_token is consumed by the action to publish; for
|
||||
# the Forgejo path we re-tag + push manually below, so this
|
||||
# token only matters for the GH-mirror path.
|
||||
registry_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
pr_event_number: ${{ github.event.number }}
|
||||
maximize_build_space: false
|
||||
|
||||
- name: Re-tag local OCI for Forgejo + GHCR
|
||||
# blue-build/github-action requires docker buildx which podman
|
||||
# doesn't ship. Run the official BlueBuild CLI container with
|
||||
# buildah driver instead — works against rootless or rootful
|
||||
# podman, no docker dependency.
|
||||
run: |
|
||||
set -euxo pipefail
|
||||
# The action emits the local image as `<recipe-name>:<tag>`.
|
||||
# Confirm it landed, then add registry-prefixed tags.
|
||||
# Pull cli image; pinned to v0.9.x at action time.
|
||||
podman pull ghcr.io/blue-build/cli:latest
|
||||
# Mount the repo + podman socket; build with buildah driver.
|
||||
podman run --rm \
|
||||
--privileged \
|
||||
-v "$PWD:/work" \
|
||||
-w /work \
|
||||
-e BB_BUILD_DRIVER=buildah \
|
||||
ghcr.io/blue-build/cli:latest \
|
||||
build \
|
||||
--build-driver buildah \
|
||||
--inspect-driver skopeo \
|
||||
bluebuild/recipe.yml
|
||||
# bluebuild CLI tags as <recipe-name>:<tag> in local podman
|
||||
# storage. List + verify, then re-tag for the registries.
|
||||
podman images
|
||||
podman tag localhost/veilor-os:latest "${FORGEJO_IMAGE}:${OCI_TAG}" || true
|
||||
podman tag localhost/veilor-os:latest "${FORGEJO_IMAGE}:latest" || true
|
||||
|
|
|
|||
Loading…
Reference in a new issue