fix: Use different mount options based on build engine

2025-08-10 18:38:09 -04:00 · 2025-08-10 18:38:09 -04:00 · 2a1cab3598
commit 2a1cab3598
parent a7d862abf0
7 changed files with 43 additions and 6 deletions
--- a/integration-tests/test-repo/.gitignore
+++ b/integration-tests/test-repo/.gitignore
@ -2,3 +2,4 @@
 /Containerfile.*
 /.bluebuild*
 /secrets
+/.bluebuild-scripts_*
--- a/src/commands/generate.rs
+++ b/src/commands/generate.rs
@ -18,7 +18,7 @@ use log::{debug, info, trace, warn};
 use miette::{IntoDiagnostic, Result};
 use oci_distribution::Reference;

-use crate::commands::validate::ValidateCommand;
+use crate::{DriverTemplate, commands::validate::ValidateCommand};

 use super::BlueBuildCommand;

@ -175,6 +175,7 @@ impl GenerateCommand {
            .base_digest(base_digest)
            .maybe_nushell_version(recipe.nushell_version.as_ref())
            .build_features(build_features)
+            .build_engine(Driver::get_build_driver().build_engine())
            .build();

        let output_str = template.render().into_diagnostic()?;
--- a/src/lib.rs
+++ b/src/lib.rs
@ -8,6 +8,8 @@ use std::{
    os::unix::fs::PermissionsExt,
 };

+use blue_build_process_management::drivers::types::BuildDriverType;
+use blue_build_template::BuildEngine;
 use blue_build_utils::constants::{BLUE_BUILD_SCRIPTS_DIR_IGNORE, GITIGNORE_PATH};
 use miette::{Context, IntoDiagnostic, Result, miette};
 use rust_embed::Embed;
@ -17,6 +19,19 @@ pub mod commands;

 shadow_rs::shadow!(shadow);

+pub(crate) trait DriverTemplate {
+    fn build_engine(&self) -> BuildEngine;
+}
+
+impl DriverTemplate for BuildDriverType {
+    fn build_engine(&self) -> BuildEngine {
+        match self {
+            Self::Buildah | Self::Podman => BuildEngine::Oci,
+            Self::Docker => BuildEngine::Docker,
+        }
+    }
+}
+
 #[derive(Embed)]
 #[folder = "scripts/"]
 pub(crate) struct BuildScripts;
--- a/template/src/lib.rs
+++ b/template/src/lib.rs
@ -13,6 +13,12 @@ use uuid::Uuid;

 pub use askama::Template;

+#[derive(Debug, Clone, Copy)]
+pub enum BuildEngine {
+    Oci,
+    Docker,
+}
+
 #[derive(Debug, Clone, Template, Builder)]
 #[template(path = "Containerfile.j2", escape = "none", whitespace = "minimize")]
 pub struct ContainerFileTemplate<'a> {
@ -31,6 +37,7 @@ pub struct ContainerFileTemplate<'a> {

    #[builder(default)]
    build_features: &'a [String],
+    build_engine: BuildEngine,
 }

 impl ContainerFileTemplate<'_> {
@ -56,6 +63,17 @@ impl ContainerFileTemplate<'_> {
            .collect::<Vec<_>>()
            .join(",")
    }
+
+    fn scripts_mount(&self, dest: &str) -> String {
+        format!(
+            "--mount=type=bind,src={},dst={dest},{}",
+            self.build_scripts_dir.display(),
+            match self.build_engine {
+                BuildEngine::Oci => "Z",
+                BuildEngine::Docker => "ro",
+            }
+        )
+    }
 }

 #[derive(Debug, Clone, Template, Builder)]
--- a/template/templates/Containerfile.j2
+++ b/template/templates/Containerfile.j2
@ -40,12 +40,14 @@ RUN --mount=type=bind,from={{ blue_build_utils::constants::NUSHELL_IMAGE }}:{{ g
  && cp -r /tmp/nu/* /usr/libexec/bluebuild/nu/
 {%- endif %}

-RUN --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/scripts/ \
+RUN \
+  {{ scripts_mount("/scripts/") }} \
  /scripts/pre_build.sh

 {% call modules::main_modules_run(recipe.modules_ext, os_version) %}

-RUN --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/scripts/ \
+RUN \
+  {{ scripts_mount("/scripts/") }} \
  /scripts/post_build.sh

 # Labels are added last since they cause cache misses with buildah
--- a/template/templates/modules/modules.j2
+++ b/template/templates/modules/modules.j2
@ -33,7 +33,7 @@ RUN \
        {%- if module.module_type.typ() == "akmods" %}
  --mount=type=bind,from=stage-akmods-{{ module.generate_akmods_info(os_version).stage_name }},src=/rpms,dst=/tmp/rpms,rw \
        {%- endif %}
-  --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/tmp/scripts/ \
+  {{ scripts_mount("/tmp/scripts/") }} \
  --mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \
  --mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \
        {%- for secret_var in module.secrets.envs() %}
@ -78,7 +78,7 @@ RUN \
        {%- else %}
  --mount=type=bind,from={{ module.get_module_image() }},src=/modules,dst=/tmp/modules,rw \
        {%- endif %}
-  --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/tmp/scripts/ \
+  {{ scripts_mount("/tmp/scripts/") }} \
        {%- for secret_var in module.secrets.envs() %}
  {{ secret_var }} \
        {%- endfor %}
--- a/template/templates/stages.j2
+++ b/template/templates/stages.j2
@ -62,7 +62,7 @@ COPY --from={{ blue_build_utils::constants::NUSHELL_IMAGE }}:{{ get_nu_version()

 # Add compatibility for modules
 RUN --mount=type=bind,from=stage-bins,src=/bins/,dst=/tmp/bins/ \
-  --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/tmp/scripts/ \
+  {{ scripts_mount("/tmp/scripts/") }} \
  /tmp/scripts/setup.sh

        {%- if self::config_dir_exists() %}