paketo-buildpacks · casibbald · Feb 10, 2026 · Mar 8, 2026 · Feb 10, 2026 · Feb 10, 2026
@@ -95,21 +95,27 @@ jobs:
     - name: Compare previous releases
       id: compare_previous_release
       run: |
+        builders_changed=false
         builders=$(echo '${{ needs.preparation.outputs.builders }}' | jq -c '.[]')
-        for builder in $builders; do
-          builder_path=$(echo "$builder" | jq -r '.path')
-
-          changed=$(git diff --name-only $(git describe --tags --abbrev=0) -- $builder_path/builder.toml)
-          if [ -z "${changed}" ]
-          then
-            # We do not write on the github output because this step runs multiple times
-            # and it might overwrite any true value written by the else statement.
-            echo "No changes for $builder_path/builder.toml"
-          else
-            echo "Changes detected for $builder_path/builder.toml"
-            echo "builders_changed=true" >> $GITHUB_OUTPUT
-          fi
-        done
+
+        # If no tags exist (e.g. new fork), run full pipeline so smoke/release can run
+        if ! last_tag=$(git describe --tags --abbrev=0 2>/dev/null); then
+          echo "No tags found - running full pipeline (smoke + release)"
+          builders_changed=true
+        else
+          for builder in $builders; do
+            builder_path=$(echo "$builder" | jq -r '.path')
+            changed=$(git diff --name-only "$last_tag" -- "$builder_path/builder.toml" 2>/dev/null || true)
+            if [ -n "${changed}" ]; then
+              echo "Changes detected for $builder_path/builder.toml"
+              builders_changed=true
+            else
+              echo "No changes for $builder_path/builder.toml"
+            fi
+          done
+        fi
+
+        echo "builders_changed=${builders_changed}" >> $GITHUB_OUTPUT
 
   smoke:
     name: Smoke Test

@@ -0,0 +1,76 @@
+# Build and push the builder image to ghcr.io/octopilot/builder-jammy-base.
+# Use this workflow to publish the forked builder so you can use octopilot/builder-jammy-base.
+name: Push Builder Image to GHCR
+
+on:
+  push:
+    branches: [main, rust-builder]
+    paths:
+      - "builder.toml"
+      - ".github/workflows/push-image-ghcr.yml"
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Image tag (default: from release or 'latest')"
+        required: false
+        default: ""
+
+env:
+  IMAGE: ghcr.io/octopilot/builder-jammy-base
+
+jobs:
+  push:
+    name: Build and Push
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set tag
+        id: tag
+        run: |
+          if [[ "${{ github.event_name }}" == "release" ]]; then
+            t="${GITHUB_REF#refs/tags/}"
+            echo "tag=${t#v}" >> "$GITHUB_OUTPUT"
+          elif [[ -n "${{ github.event.inputs.tag }}" ]]; then
+            echo "tag=${{ github.event.inputs.tag }}" >> "$GITHUB_OUTPUT"
+          elif [[ "${{ github.event_name }}" == "push" ]]; then
+            if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+              echo "tag=latest" >> "$GITHUB_OUTPUT"
+            else
+              echo "tag=${GITHUB_REF#refs/heads/}-${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
+            fi
+          else
+            echo "tag=latest" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install tools
+        run: |
+          source "./scripts/.util/tools.sh"
+          util::tools::pack::install --directory "./.bin" --token ""
+          util::tools::crane::install --directory "./.bin"
+          export PATH="${PWD}/.bin:${PATH}"
+
+      - name: Create builder image and push to GHCR
+        run: |
+          ./scripts/publish.sh \
+            --builder-toml-path "./builder.toml" \
+            --builder-image-ref "${{ env.IMAGE }}:${{ steps.tag.outputs.tag }}"
+
+      - name: Tag as latest
+        if: steps.tag.outputs.tag != 'latest'
+        run: |
+          export PATH="${PWD}/.bin:${PATH}"
+          ./.bin/crane copy "${{ env.IMAGE }}:${{ steps.tag.outputs.tag }}" "${{ env.IMAGE }}:latest"
@@ -0,0 +1,49 @@
+# Test Rust buildpack (ghcr.io/octopilot/rust) via builder-jammy-base smoke tests.
+# Runs only Rust smoke tests for faster feedback when validating Rust buildpack releases.
+#
+# See docs/RUST-TEST-PROCESS-AUDIT.md for full process documentation.
+
+name: Test Rust Buildpack
+
+on:
+  workflow_dispatch: {}
+  push:
+    branches:
+      - main
+    paths:
+      - "builder.toml"
+      - "smoke/rust_test.go"
+      - "smoke/testdata/rust/**"
+      - "smoke/testdata/rust-workspace/**"
+      - ".github/workflows/test-rust-buildpack.yml"
+
+jobs:
+  rust-smoke:
+    name: Rust Smoke Tests
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+
+      - name: Get pack version
+        id: pack-version
+        run: |
+          version=$(jq -r .pack "scripts/.util/tools.json")
+          echo "version=${version#v}" >> "$GITHUB_OUTPUT"
+
+      - name: Install Pack
+        uses: buildpacks/github-actions/setup-pack@main
+        with:
+          pack-version: ${{ steps.pack-version.outputs.version }}
+
+      - name: Create builder
+        run: pack builder create testbuilder --config builder.toml
+
+      - name: Run Rust smoke tests
+        run: |
+          GOMAXPROCS=4 go test -count=1 -timeout 300s ./smoke/... -v -run "TestSmoke/Smoke/Rust" --name "testbuilder"
@@ -54,6 +54,9 @@ jobs:
   update:
     name: Update builder.toml
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: read   # so jam update-builder can list tags from ghcr.io/octopilot/*
     outputs:
       commit_sha: ${{ steps.commit.outputs.commit_sha }}
     needs: preparation
@@ -71,10 +74,17 @@ jobs:
       with:
         branch: "automation/builder-toml-update"
 
+    - name: Log in to GHCR
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.OCTOPILOT_GITHUB_TOKEN }}
+
     - name: Update builder.toml
       uses: paketo-buildpacks/github-config/actions/builder/update@main
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
+        token: ${{ secrets.OCTOPILOT_GITHUB_TOKEN }}
         filename: "${{ matrix.builders.path }}/builder.toml"
 
     - name: Git commit

@@ -1 +1,8 @@
 .bin/
+.local-buildpacks/
+builder-test.toml
+smoke/testdata/rust/target/
+smoke/testdata/rust/Cargo.lock
+smoke/testdata/rust-workspace/target
+smoke/testdata/rust-workspace/Cargo.lock
+
@@ -0,0 +1,12 @@
+## PR Description: Custom Builder with Rust Support
+
+### Problem
+To support our Rust applications (`sample-static-rust-axum`) and modernize our build stack, we required a custom builder based on Ubuntu 22.04 (Jammy). Standard builders did not include our specific Rust buildpack configuration out-of-the-box.
+
+### Changes
+-   **New Builder**: Created `builder-jammy-base` derived from the Jammy stack.
+-   **Rust Integration**: Included the custom `octopilot/rust` buildpack in the order group.
+-   **Optimization**: Configured for efficient layer caching in our CI/CD environment.
+
+### Verification
+Successfully used this builder to build the `sample-static-rust-axum` API component via `octopilot-pipeline-tools` (`op`). The resulting image runs correctly in both local and Kubernetes environments.
@@ -5,7 +5,7 @@
 This builder uses the [Paketo Jammy Base
 Stack](https://github.com/paketo-buildpacks/jammy-base-stack) (Ubuntu Jammy
 Jellyfish build and run images) with buildpacks for Java,
-Java Native Image, Go, Python, .NET, Node.js, Apache HTTPD, NGINX and Procfile.
+Java Native Image, Go, Python, .NET, Node.js, Apache HTTPD, NGINX, Procfile and Rust.
 
 To see which versions of build and run images, buildpacks, and the lifecycle
 that are contained within a given builder version, see the

@@ -0,0 +1,18 @@
+description = "Minimal builder for Rust smoke test"
+
+[[buildpacks]]
+  uri = "../rust"
+  version = "0.0.1"
+
+[lifecycle]
+  version = "0.21.1"
+
+[[order]]
+  [[order.group]]
+    id = "octopilot/rust"
+    version = "0.0.1"
+
+[stack]
+  build-image = "docker.io/paketobuildpacks/build-jammy-base:0.1.196"
+  id = "io.buildpacks.stacks.jammy"
+  run-image = "index.docker.io/paketobuildpacks/run-jammy-base:latest"
@@ -1,4 +1,4 @@
-description = "Ubuntu 22.04 Jammy Jellyfish base image with buildpacks for Java, Go, .NET Core, Node.js, Python, Apache HTTPD, NGINX and Procfile"
+description = "Ubuntu 22.04 Jammy Jellyfish base image with buildpacks for Java, Go, .NET Core, Node.js, Python, Apache HTTPD, NGINX, Procfile, Rust, and Helm chart OCI"
 
 [[buildpacks]]
   uri = "docker://docker.io/paketobuildpacks/dotnet-core:4.2.0"
@@ -36,6 +36,14 @@ description = "Ubuntu 22.04 Jammy Jellyfish base image with buildpacks for Java,
   uri = "docker://docker.io/paketobuildpacks/web-servers:4.2.0"
   version = "4.2.0"
 
+[[buildpacks]]
+  uri = "docker://ghcr.io/octopilot/rust:0.1.9"
+  version = "0.1.9"
+
+[[buildpacks]]
+  uri = "docker://ghcr.io/octopilot/helm:0.1.3"
+  version = "0.1.3"
+
 [lifecycle]
   version = "0.21.5"
 
@@ -93,7 +101,19 @@ description = "Ubuntu 22.04 Jammy Jellyfish base image with buildpacks for Java,
     id = "paketo-buildpacks/procfile"
     version = "5.13.0"
 
+[[order]]
+
+  [[order.group]]
+    id = "octopilot/rust"
+    version = "0.1.9"
+
+[[order]]
+
+  [[order.group]]
+    id = "octopilot/helm"
+    version = "0.1.3"
+
 [stack]
   build-image = "docker.io/paketobuildpacks/build-jammy-base:0.1.206"
   id = "io.buildpacks.stacks.jammy"
-  run-image = "index.docker.io/paketobuildpacks/run-jammy-base:latest"
+  run-image = "index.docker.io/paketobuildpacks/run-jammy-base:0.1.196"
@@ -0,0 +1,51 @@
+# Test builder (local Rust + Helm buildpacks)
+
+Build a builder image that uses **local** octopilot/rust and octopilot/helm buildpacks (no need to publish them to GHCR), then verify it against cronjob-log-monitor.
+
+**Requirements:** Docker running, and the `buildpacks` repo layout:
+
+- `buildpacks/builder-jammy-base/` (this repo)
+- `buildpacks/rust/`
+- `buildpacks/helm/`
+
+## 1. Build the test builder
+
+From `builder-jammy-base`:
+
+```bash
+./scripts/build-test-builder.sh
+```
+
+This will:
+
+- Package the Rust buildpack from `../rust` → `.local-buildpacks/rust.tgz`
+- Package the Helm buildpack from `../helm` → `.local-buildpacks/helm.tgz`
+- Generate `builder-test.toml` (file:// URIs for those two buildpacks)
+- Run `pack builder create ghcr.io/octopilot/builder-jammy-base:test --config builder-test.toml`
+
+Override the image tag:
+
+```bash
+TEST_BUILDER_IMAGE=my-registry/my-builder:test ./scripts/build-test-builder.sh
+```
+
+## 2. Test against cronjob-log-monitor
+
+With the test builder built and **cronjob-log-monitor** at a path sibling to `buildpacks` (e.g. `octopilot/cronjob-log-monitor`):
+
+```bash
+./scripts/test-cronjob-log-monitor.sh
+```
+
+This runs:
+
+1. **Pack build (Rust):** `pack build cronjob-log-monitor:test-rust --path <cronjob-log-monitor>`
+2. **Pack build (Helm):** `pack build cronjob-log-monitor-chart:test-helm --path <cronjob-log-monitor>/chart`
+
+If cronjob-log-monitor is elsewhere:
+
+```bash
+CRONJOB_MONITOR_ROOT=/path/to/cronjob-log-monitor ./scripts/test-cronjob-log-monitor.sh
+```
+
+Both images are built locally (no push). You can run them to confirm the Rust binary and the Helm chart artifact.