From a7d862abf044369052333f79dd88d1a9e7bb93d5 Mon Sep 17 00:00:00 2001 From: Gerald Pinder Date: Sun, 10 Aug 2025 16:09:42 -0400 Subject: [PATCH] feat: Embed build scripts and extract into temp dir for build (#516) This decouples the need for a published image for the bulid scripts and will now embed them into the binary instead. This will make it so that anyone that forks the CLI is able to make adjustments to the build scripts and use them immediately. This will be needed for testing #515 --- .editorconfig | 11 ++ .github/workflows/build.yml | 32 ----- .github/workflows/tag.yml | 32 ----- Cargo.lock | 122 +++++++++++++++++- Cargo.toml | 1 + Earthfile | 41 ++---- integration-tests/empty-files-repo/.gitignore | 1 + integration-tests/legacy-test-repo/.gitignore | 1 + integration-tests/test-repo/.gitignore | 1 + src/commands/build.rs | 20 ++- src/commands/generate.rs | 58 ++------- src/lib.rs | 85 +++++++++++- template/src/lib.rs | 3 +- template/templates/Containerfile.j2 | 4 +- template/templates/modules/modules.j2 | 4 +- template/templates/stages.j2 | 2 +- utils/src/constants.rs | 2 + 17 files changed, 266 insertions(+), 154 deletions(-) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..2a4ecef --- /dev/null +++ b/.editorconfig @@ -0,0 +1,11 @@ +root = true + +[*] +insert_final_newline = true +indent_style = space +indent_size = 4 +charset = utf-8 +trim_trailing_whitespace = true + +[*.j2] +indent_size = 2 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a85af79..5954ca1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -73,38 +73,6 @@ jobs: run: | earthly --ci --push -P +prebuild - build-scripts: - timeout-minutes: 60 - runs-on: ubuntu-latest - steps: - - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - with: - use-cache: false - - - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - fetch-depth: 0 - ref: ${{ inputs.ref }} - repository: ${{ inputs.repo }} - - - - name: Login to GitHub Container Registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ github.token }} - - - - name: Run build - id: build - run: | - earthly --ci --push -P +build-scripts-all - build-images: permissions: packages: write diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index 6d1ee03..ea8a0a8 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -65,38 +65,6 @@ jobs: run: | earthly --ci --push -P +prebuild - build-scripts: - timeout-minutes: 60 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - fetch-depth: 0 - fetch-tags: true - - - uses: dtolnay/rust-toolchain@38b70195107dddab2c7bbd522bcf763bac00963b # stable - - uses: earthly/actions-setup@43211c7a0eae5344d6d79fb4aaf209c8f8866203 # v1.0.13 - with: - use-cache: false - - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - - - name: Login to GitHub Container Registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ github.token }} - - - name: Run build - id: build - run: | - LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`) - CARGO_PACKAGE_VERSION="v$(cargo metadata --format-version 1 | jq -r '.packages[] | select(.name == "blue-build") .version')" - LATEST=$(test "$CARGO_PACKAGE_VERSION" = "$LATEST_TAG" && echo true || echo false) - earthly --ci --push +build-scripts-all --TAGGED="true" --LATEST="$LATEST" - build-images: permissions: packages: write diff --git a/Cargo.lock b/Cargo.lock index 8939820..79f0e1d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,6 +17,12 @@ version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa" +[[package]] +name = "adler32" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aae1277d39aeec15cb388266ecc24b11c80469deae6067e17a1a7aa9e5c1f234" + [[package]] name = "aead" version = "0.5.2" @@ -460,6 +466,7 @@ dependencies = [ "requestty", "reqwest", "rstest", + "rust-embed", "rusty-hook", "semver", "serde", @@ -896,7 +903,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c" dependencies = [ "lazy_static", - "windows-sys 0.48.0", + "windows-sys 0.59.0", ] [[package]] @@ -991,6 +998,15 @@ version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" +[[package]] +name = "core2" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b49ba7ef1ad6107f8824dbe97de947cbaac53c44e7f9756a1fba0d37c1eec505" +dependencies = [ + "memchr", +] + [[package]] name = "cpufeatures" version = "0.2.17" @@ -1194,6 +1210,12 @@ dependencies = [ "syn 2.0.104", ] +[[package]] +name = "dary_heap" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04d2cd9c18b9f454ed67da600630b021a8a80bf33f8c95896ab33aaf1c26b728" + [[package]] name = "decoded-char" version = "0.1.1" @@ -2015,7 +2037,7 @@ dependencies = [ "libc", "percent-encoding", "pin-project-lite", - "socket2 0.5.10", + "socket2 0.6.0", "tokio", "tower-service", "tracing", @@ -2158,6 +2180,29 @@ dependencies = [ "icu_properties", ] +[[package]] +name = "include-flate" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df49c16750695486c1f34de05da5b7438096156466e7f76c38fcdf285cf0113e" +dependencies = [ + "include-flate-codegen", + "lazy_static", + "libflate", +] + +[[package]] +name = "include-flate-codegen" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c5b246c6261be723b85c61ecf87804e8ea4a35cb68be0ff282ed84b95ffe7d7" +dependencies = [ + "libflate", + "proc-macro2", + "quote", + "syn 2.0.104", +] + [[package]] name = "indexmap" version = "1.9.3" @@ -2573,6 +2618,30 @@ version = "0.2.174" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776" +[[package]] +name = "libflate" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45d9dfdc14ea4ef0900c1cddbc8dcd553fbaacd8a4a282cf4018ae9dd04fb21e" +dependencies = [ + "adler32", + "core2", + "crc32fast", + "dary_heap", + "libflate_lz77", +] + +[[package]] +name = "libflate_lz77" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e0d73b369f386f1c44abd9c570d5318f55ccde816ff4b562fa452e5182863d" +dependencies = [ + "core2", + "hashbrown 0.14.5", + "rle-decode-fast", +] + [[package]] name = "libgit2-sys" version = "0.18.2+1.9.1" @@ -3737,7 +3806,7 @@ dependencies = [ "once_cell", "socket2 0.5.10", "tracing", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -4046,6 +4115,12 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "rle-decode-fast" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422" + [[package]] name = "rsa" version = "0.9.8" @@ -4095,6 +4170,41 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "rust-embed" +version = "8.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "025908b8682a26ba8d12f6f2d66b987584a4a87bc024abc5bbc12553a8cd178a" +dependencies = [ + "include-flate", + "rust-embed-impl", + "rust-embed-utils", + "walkdir", +] + +[[package]] +name = "rust-embed-impl" +version = "8.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6065f1a4392b71819ec1ea1df1120673418bf386f50de1d6f54204d836d4349c" +dependencies = [ + "proc-macro2", + "quote", + "rust-embed-utils", + "syn 2.0.104", + "walkdir", +] + +[[package]] +name = "rust-embed-utils" +version = "8.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6cc0c81648b20b70c491ff8cce00c1c3b223bb8ed2b5d41f0e54c6c4c0a3594" +dependencies = [ + "sha2", + "walkdir", +] + [[package]] name = "rustc-demangle" version = "0.1.26" @@ -4132,7 +4242,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys 0.4.15", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -4866,7 +4976,7 @@ dependencies = [ "getrandom 0.3.3", "once_cell", "rustix 1.0.8", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -5677,7 +5787,7 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.59.0", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 784d8b9..6efabaa 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -107,6 +107,7 @@ tempfile.workspace = true tokio.workspace = true bon.workspace = true users.workspace = true +rust-embed = { version = "8.7.2", features = ["debug-embed", "compression", "deterministic-timestamps"] } [features] # Top level features diff --git a/Earthfile b/Earthfile index be9d513..0f64c77 100644 --- a/Earthfile +++ b/Earthfile @@ -12,7 +12,7 @@ all: WAIT BUILD --platform=linux/amd64 --platform=linux/arm64 +prebuild END - BUILD +build + BUILD +build-images-all BUILD ./integration-tests+all run-checks: @@ -22,9 +22,6 @@ run-checks: build-images-all: BUILD --platform=linux/amd64 --platform=linux/arm64 +build-images -build-scripts-all: - BUILD --platform=linux/amd64 --platform=linux/arm64 +build-scripts - build-images: BUILD +blue-build-cli BUILD +blue-build-cli-distrobox @@ -109,32 +106,22 @@ common: rustup update WORKDIR /app - COPY --keep-ts --dir src/ template/ recipe/ utils/ process/ /app - COPY --keep-ts Cargo.* /app - COPY --keep-ts *.md /app - COPY --keep-ts LICENSE /app - COPY --keep-ts build.rs /app - COPY --keep-ts --dir .git/ /app - RUN touch build.rs + COPY --keep-ts --dir \ + build.rs \ + LICENSE \ + *.md \ + Cargo.* \ + src/ \ + template/ \ + recipe/ \ + utils/ \ + process/ \ + scripts/ \ + .git/ \ + /app DO rust+INIT --keep_fingerprints=true -build-scripts: - ARG BASE_IMAGE="alpine" - FROM $BASE_IMAGE - - COPY --platform=native (+digest/base-image-digest --BASE_IMAGE=$BASE_IMAGE) /base-image-digest - LABEL org.opencontainers.image.base.name="$BASE_IMAGE" - LABEL org.opencontainers.image.base.digest="$(cat /base-image-digest)" - - COPY --dir scripts/ / - FOR script IN "$(ls /scripts | grep -e '.*\.sh$')" - RUN echo "Making ${script} executable" && \ - chmod +x "scripts/${script}" - END - - DO --pass-args +SAVE_IMAGE --IMAGE="$IMAGE/build-scripts" - blue-build-cli-prebuild: ARG BASE_IMAGE="registry.fedoraproject.org/fedora-toolbox" FROM "$BASE_IMAGE" diff --git a/integration-tests/empty-files-repo/.gitignore b/integration-tests/empty-files-repo/.gitignore index 8703795..f183d66 100644 --- a/integration-tests/empty-files-repo/.gitignore +++ b/integration-tests/empty-files-repo/.gitignore @@ -1,3 +1,4 @@ cosign.key cosign.private +/.bluebuild* /Containerfile diff --git a/integration-tests/legacy-test-repo/.gitignore b/integration-tests/legacy-test-repo/.gitignore index 4c749b6..a56f245 100644 --- a/integration-tests/legacy-test-repo/.gitignore +++ b/integration-tests/legacy-test-repo/.gitignore @@ -1,2 +1,3 @@ /Containerfile /Containerfile.* +/.bluebuild* diff --git a/integration-tests/test-repo/.gitignore b/integration-tests/test-repo/.gitignore index 90aaf15..15cd392 100644 --- a/integration-tests/test-repo/.gitignore +++ b/integration-tests/test-repo/.gitignore @@ -1,3 +1,4 @@ /Containerfile /Containerfile.* +/.bluebuild* /secrets diff --git a/src/commands/build.rs b/src/commands/build.rs index 7b69c78..46c4431 100644 --- a/src/commands/build.rs +++ b/src/commands/build.rs @@ -1,4 +1,7 @@ -use std::path::{Path, PathBuf}; +use std::{ + env, + path::{Path, PathBuf}, +}; use blue_build_process_management::{ drivers::{ @@ -23,12 +26,12 @@ use blue_build_utils::{ use bon::Builder; use clap::Args; use log::{debug, info, trace, warn}; -use miette::{IntoDiagnostic, Result, bail}; +use miette::{Context, IntoDiagnostic, Result, bail}; use oci_distribution::Reference; use rayon::prelude::*; use tempfile::TempDir; -use crate::commands::generate::GenerateCommand; +use crate::{BuildScripts, commands::generate::GenerateCommand}; use super::BlueBuildCommand; @@ -186,6 +189,16 @@ impl BlueBuildCommand for BuildCommand { recipes.into_iter().filter(|recipe| same.insert(recipe.clone())).collect() }); + let build_scripts_dir = BuildScripts::extract_mount_dir()?; + let build_scripts_dir = build_scripts_dir + .path() + .strip_prefix( + env::current_dir() + .into_diagnostic() + .wrap_err("Failed to get current_dir")?, + ) + .into_diagnostic() + .wrap_err("Failed to strip path prefix for build scripts dir")?; recipe_paths.par_iter().try_for_each(|recipe| { GenerateCommand::builder() @@ -196,6 +209,7 @@ impl BlueBuildCommand for BuildCommand { ) .skip_validation(self.skip_validation) .maybe_platform(self.platform) + .build_scripts_dir(build_scripts_dir) .recipe(recipe) .drivers(self.drivers) .build() diff --git a/src/commands/generate.rs b/src/commands/generate.rs index 0f5c60b..60bf416 100644 --- a/src/commands/generate.rs +++ b/src/commands/generate.rs @@ -1,5 +1,4 @@ use std::{ - env, ops::Not, path::{Path, PathBuf}, }; @@ -10,19 +9,16 @@ use blue_build_process_management::drivers::{ use blue_build_recipe::Recipe; use blue_build_template::{ContainerFileTemplate, Template}; use blue_build_utils::{ - constants::{ - BB_SKIP_VALIDATION, BUILD_SCRIPTS_IMAGE_REF, CONFIG_PATH, RECIPE_FILE, RECIPE_PATH, - }, + constants::{BB_SKIP_VALIDATION, CONFIG_PATH, RECIPE_FILE, RECIPE_PATH}, syntax_highlighting::{self, DefaultThemes}, }; use bon::Builder; -use cached::proc_macro::cached; -use clap::{Args, crate_version}; +use clap::Args; use log::{debug, info, trace, warn}; use miette::{IntoDiagnostic, Result}; use oci_distribution::Reference; -use crate::{commands::validate::ValidateCommand, shadow}; +use crate::commands::validate::ValidateCommand; use super::BlueBuildCommand; @@ -80,6 +76,10 @@ pub struct GenerateCommand { #[builder(default)] skip_validation: bool, + #[clap(skip)] + #[builder(into)] + build_scripts_dir: Option, + #[clap(flatten)] #[builder(default)] drivers: DriverArgs, @@ -149,12 +149,15 @@ impl GenerateCommand { .build(), )? .digest; - let build_scripts_image = &determine_scripts_tag(self.platform)?; let repo = &Driver::get_repo_url()?; let build_features = &[ #[cfg(feature = "bootc")] "bootc".into(), ]; + let build_scripts_dir = self + .build_scripts_dir + .as_deref() + .unwrap_or_else(|| Path::new(".bluebuild-scripts")); let template = ContainerFileTemplate::builder() .os_version( @@ -168,7 +171,7 @@ impl GenerateCommand { .recipe_path(recipe_path.as_path()) .registry(®istry) .repo(repo) - .build_scripts_image(build_scripts_image) + .build_scripts_dir(build_scripts_dir) .base_digest(base_digest) .maybe_nushell_version(recipe.nushell_version.as_ref()) .build_features(build_features) @@ -188,40 +191,3 @@ impl GenerateCommand { Ok(()) } } - -#[cached( - result = true, - key = "Option", - convert = r#"{ platform }"#, - sync_writes = "by_key" -)] -fn determine_scripts_tag(platform: Option) -> Result { - trace!("determine_scripts_tag({platform:?})"); - - let opts = GetMetadataOpts::builder().maybe_platform(platform); - format!("{BUILD_SCRIPTS_IMAGE_REF}:{}", shadow::COMMIT_HASH) - .parse() - .into_diagnostic() - .and_then(|image| { - Driver::get_metadata(opts.clone().image(&image).build()) - .inspect_err(|e| trace!("{e:?}")) - .map(|_| image) - }) - .or_else(|_| { - let image: Reference = format!("{BUILD_SCRIPTS_IMAGE_REF}:{}", shadow::BRANCH) - .parse() - .into_diagnostic()?; - Driver::get_metadata(opts.clone().image(&image).build()) - .inspect_err(|e| trace!("{e:?}")) - .map(|_| image) - }) - .or_else(|_| { - let image: Reference = format!("{BUILD_SCRIPTS_IMAGE_REF}:v{}", crate_version!()) - .parse() - .into_diagnostic()?; - Driver::get_metadata(opts.image(&image).build()) - .inspect_err(|e| trace!("{e:?}")) - .map(|_| image) - }) - .inspect(|image| debug!("Using build scripts image: {image}")) -} diff --git a/src/lib.rs b/src/lib.rs index f12e4e3..d7b5e89 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,6 +1,89 @@ //! The root library for blue-build. #![doc = include_str!("../README.md")] -shadow_rs::shadow!(shadow); +use std::{ + fs::{self, OpenOptions}, + io::{Read, Write}, + ops::Not, + os::unix::fs::PermissionsExt, +}; + +use blue_build_utils::constants::{BLUE_BUILD_SCRIPTS_DIR_IGNORE, GITIGNORE_PATH}; +use miette::{Context, IntoDiagnostic, Result, miette}; +use rust_embed::Embed; +use tempfile::TempDir; pub mod commands; + +shadow_rs::shadow!(shadow); + +#[derive(Embed)] +#[folder = "scripts/"] +pub(crate) struct BuildScripts; + +impl BuildScripts { + pub fn extract_mount_dir() -> Result { + Self::update_gitignore()?; + + let tempdir = TempDir::with_prefix_in(".bluebuild-scripts_", ".") + .into_diagnostic() + .wrap_err("Failed to create tempdir for build scripts.")?; + + for file_path in Self::iter() { + let file = Self::get(file_path.as_ref()) + .ok_or_else(|| miette!("Failed to get file {file_path}"))?; + let file_path = tempdir.path().join(&*file_path); + fs::write(&file_path, &file.data) + .into_diagnostic() + .wrap_err_with(|| { + format!("Failed to write build script file {}", file_path.display()) + })?; + + let mut perm = fs::metadata(&file_path) + .into_diagnostic() + .wrap_err_with(|| { + format!( + "Failed to get file permissions for file {}", + file_path.display() + ) + })? + .permissions(); + + perm.set_mode(0o755); + fs::set_permissions(&file_path, perm).into_diagnostic()?; + } + + Ok(tempdir) + } + + fn update_gitignore() -> Result<()> { + let file = &mut OpenOptions::new() + .read(true) + .append(true) + .create(true) + .open(GITIGNORE_PATH) + .into_diagnostic() + .wrap_err_with(|| format!("Failed to open {GITIGNORE_PATH} for editing"))?; + + let ignore_contents = { + let mut cont = String::new(); + file.read_to_string(&mut cont) + .into_diagnostic() + .wrap_err_with(|| format!("Failed to read {GITIGNORE_PATH}"))?; + cont + }; + + if ignore_contents + .contains(BLUE_BUILD_SCRIPTS_DIR_IGNORE) + .not() + { + writeln!(file, "{BLUE_BUILD_SCRIPTS_DIR_IGNORE}") + .into_diagnostic() + .wrap_err_with(|| { + format!("Failed to add {BLUE_BUILD_SCRIPTS_DIR_IGNORE} to {GITIGNORE_PATH}") + })?; + } + + Ok(()) + } +} diff --git a/template/src/lib.rs b/template/src/lib.rs index b9e3e19..7bc8a2e 100644 --- a/template/src/lib.rs +++ b/template/src/lib.rs @@ -9,7 +9,6 @@ use bon::Builder; use chrono::Utc; use colored::control::ShouldColorize; use log::{debug, error, trace, warn}; -use oci_distribution::Reference; use uuid::Uuid; pub use askama::Template; @@ -25,7 +24,7 @@ pub struct ContainerFileTemplate<'a> { build_id: Uuid, os_version: u64, registry: &'a str, - build_scripts_image: &'a Reference, + build_scripts_dir: &'a Path, repo: &'a str, base_digest: &'a str, nushell_version: Option<&'a MaybeVersion>, diff --git a/template/templates/Containerfile.j2 b/template/templates/Containerfile.j2 index 7b84571..3260a43 100644 --- a/template/templates/Containerfile.j2 +++ b/template/templates/Containerfile.j2 @@ -40,12 +40,12 @@ RUN --mount=type=bind,from={{ blue_build_utils::constants::NUSHELL_IMAGE }}:{{ g && cp -r /tmp/nu/* /usr/libexec/bluebuild/nu/ {%- endif %} -RUN --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/scripts/ \ +RUN --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/scripts/ \ /scripts/pre_build.sh {% call modules::main_modules_run(recipe.modules_ext, os_version) %} -RUN --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/scripts/ \ +RUN --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/scripts/ \ /scripts/post_build.sh # Labels are added last since they cause cache misses with buildah diff --git a/template/templates/modules/modules.j2 b/template/templates/modules/modules.j2 index 63fc7d1..54bfdd7 100644 --- a/template/templates/modules/modules.j2 +++ b/template/templates/modules/modules.j2 @@ -33,7 +33,7 @@ RUN \ {%- if module.module_type.typ() == "akmods" %} --mount=type=bind,from=stage-akmods-{{ module.generate_akmods_info(os_version).stage_name }},src=/rpms,dst=/tmp/rpms,rw \ {%- endif %} - --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/tmp/scripts/ \ + --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/tmp/scripts/ \ --mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \ --mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \ {%- for secret_var in module.secrets.envs() %} @@ -78,7 +78,7 @@ RUN \ {%- else %} --mount=type=bind,from={{ module.get_module_image() }},src=/modules,dst=/tmp/modules,rw \ {%- endif %} - --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/tmp/scripts/ \ + --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/tmp/scripts/ \ {%- for secret_var in module.secrets.envs() %} {{ secret_var }} \ {%- endfor %} diff --git a/template/templates/stages.j2 b/template/templates/stages.j2 index ad0dc04..79f741b 100644 --- a/template/templates/stages.j2 +++ b/template/templates/stages.j2 @@ -62,7 +62,7 @@ COPY --from={{ blue_build_utils::constants::NUSHELL_IMAGE }}:{{ get_nu_version() # Add compatibility for modules RUN --mount=type=bind,from=stage-bins,src=/bins/,dst=/tmp/bins/ \ - --mount=type=bind,from={{ build_scripts_image }},src=/scripts/,dst=/tmp/scripts/ \ + --mount=type=bind,src={{ build_scripts_dir.display() }},dst=/tmp/scripts/ \ /tmp/scripts/setup.sh {%- if self::config_dir_exists() %} diff --git a/utils/src/constants.rs b/utils/src/constants.rs index ec27948..852deb0 100644 --- a/utils/src/constants.rs +++ b/utils/src/constants.rs @@ -8,6 +8,7 @@ pub const CONTAINER_FILE: &str = "Containerfile"; pub const COSIGN_PUB_PATH: &str = "./cosign.pub"; pub const COSIGN_PRIV_PATH: &str = "./cosign.key"; pub const FILES_PATH: &str = "./files"; +pub const GITIGNORE_PATH: &str = "./.gitignore"; pub const LOCAL_BUILD: &str = "/etc/bluebuild"; pub const MODULES_PATH: &str = "./config/modules"; pub const RECIPE_FILE: &str = "recipe.yml"; @@ -81,6 +82,7 @@ pub const BLUE_BUILD: &str = "bluebuild"; pub const BUILD_SCRIPTS_IMAGE_REF: &str = "ghcr.io/blue-build/cli/build-scripts"; pub const BLUE_BUILD_IMAGE_REF: &str = "ghcr.io/blue-build/cli"; pub const BLUE_BUILD_MODULE_IMAGE_REF: &str = "ghcr.io/blue-build/modules"; +pub const BLUE_BUILD_SCRIPTS_DIR_IGNORE: &str = "/.bluebuild-scripts_*"; pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:v2.5.3"; pub const NUSHELL_IMAGE: &str = "ghcr.io/blue-build/nushell-image"; pub const OCI_ARCHIVE: &str = "oci-archive";