-
Notifications
You must be signed in to change notification settings - Fork 173
Expand file tree
/
Copy pathContainerfile
More file actions
74 lines (66 loc) · 2.98 KB
/
Containerfile
File metadata and controls
74 lines (66 loc) · 2.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# To build this, run podman/buildah like this:
#
# podman build --security-opt=label=disable --cap-add=all --device /dev/fuse \
# --build-arg-file build-args.conf -v $PWD:/run/src . -t localhost/fedora-coreos
#
# Note: we should be able to drop the `-v $PWD:/run/src` once
# https://github.com/containers/buildah/issues/5952 is fixed.
#
# For development convenience, an `overrides/` directory in the context dir, or
# mounted at `/src/overrides` is supported:
# - The `overrides/rpm` directory can be a yum repo. Its packages take
# precedence over those from remote repos.
# - The `overrides/rootfs` directory can contain files in a rootfs layout which
# will be copied on top of the final rootfs.
# Overridden by build-args.conf. The value here is invalid on purpose.
ARG BUILDER_IMG=overridden
FROM ${BUILDER_IMG} as builder
ARG ID=overridden
ARG VERSION=overridden
ARG DESCRIPTION=overridden
ARG STREAM=overridden
ARG MUTATE_OS_RELEASE=overridden
ARG MANIFEST=overridden
ARG IMAGE_CONFIG=overridden
# XXX: see inject_passwd_group() in build-rootfs
ARG PASSWD_GROUP_DIR
ARG STRICT_MODE=0
ARG INJECT_OPENSHIFT_VERSION_LABELS=""
COPY . /src
# canonicalize permission bits, see also https://gitlab.com/fedora/bootc/base-images/-/merge_requests/274
RUN chmod -R a=rX,u+w /src
# useful if you're hacking on rpm-ostree/bootc-base-imagectl
# COPY rpm-ostree /usr/bin/
# COPY bootc-base-imagectl /usr/libexec/
# always nuke any leftover libdnf lockfile from interrupted runs
RUN --mount=type=cache,rw,id=coreos-build-cache,target=/cache \
rm -rf /cache/cache/*lock*
RUN --mount=type=cache,rw,id=coreos-build-cache,target=/cache \
--mount=type=secret,id=yumrepos,target=/etc/yum.repos.d/secret.repo \
--mount=type=secret,id=contentsets \
/src/build-rootfs --srcdir=/src make-rootfs --target-rootfs /target-rootfs
RUN --mount=type=bind,target=/run/src,rw \
rpm-ostree experimental compose build-chunked-oci \
--bootc --format-version=1 --rootfs /target-rootfs \
--output oci-archive:/run/src/out.ociarchive \
--label com.coreos.inputhash=$(cat /run/inputhash) \
--label com.coreos.stream=$STREAM \
${INJECT_OPENSHIFT_VERSION_LABELS:+--label io.openshift.build.versions=machine-os=${VERSION}} \
${INJECT_OPENSHIFT_VERSION_LABELS:+--label io.openshift.build.version-display-names=machine-os="${DESCRIPTION}"}
FROM oci-archive:./out.ociarchive
ARG VERSION
ARG NAME=overridden
ARG DESCRIPTION=overridden
# Need to reference builder here to force ordering. But since we have to run
# something anyway, we might as well cleanup after ourselves.
RUN --mount=type=bind,from=builder,target=/var/tmp \
--mount=type=bind,target=/run/src,rw \
rm /run/src/out.ociarchive
LABEL containers.bootc=1 \
ostree.bootable=1 \
org.opencontainers.image.version=$VERSION \
com.coreos.osname=$NAME \
org.opencontainers.image.title=$DESCRIPTION \
org.opencontainers.image.description=$DESCRIPTION
STOPSIGNAL SIGRTMIN+3
CMD ["/sbin/init"]