particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
particle-os-cli/template/templates/stages.j2
Gerald Pinder d0e1b7c8d1
fix: Copy bins and keys with mounts for ostree commit (#132) 
I've been investigating more into how ostree works and how it relates to
running `ostree container commit` for each layer. I've decided to move
our pre-installed bins and public keys into their own stages and then
bind mount them into a `RUN` instruction so that we can just use `cp` to
get the files into the image and then call `ostree container commit`.
Now all of our layers in the image (after the base image) will be in the
ostree commit tree.
2024-03-24 06:27:54 +00:00

52 lines
1.5 KiB
Django/Jinja
Raw Blame History

# This stage is responsible for holding onto
# your config without copying it directly into
# the final image
FROM scratch as stage-config
COPY ./config /config
# Copy modules
# The default modules are inside blue-build/modules
# Custom modules overwrite defaults
FROM scratch as stage-modules
COPY --from=ghcr.io/blue-build/modules:latest /modules /modules
{%- if self::modules_exists() %}
COPY ./modules /modules
{%- endif %}
# Bins to install
# These are basic tools that are added to all images.
# Generally used for the build process. We use a multi
# stage process so that adding the bins into the image
# can be added to the ostree commits.
FROM scratch as stage-bins
COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /bins/cosign
COPY --from=docker.io/mikefarah/yq /usr/bin/yq /bins/yq
COPY --from=ghcr.io/blue-build/cli:
{%- if let Some(tag) = recipe.blue_build_tag -%}
{{ tag }}
{%- else -%}
latest-installer
{%- endif %} /out/bluebuild /bins/bluebuild
# Keys for pre-verified images
# Used to copy the keys into the final image
# and perform an ostree commit.
#
# Currently only holds the current image's
# public key.
FROM scratch as stage-keys
{%- if self::has_cosign_file() %}
COPY cosign.pub /keys/{{ recipe.name|replace('/', "_") }}.pub
{%- endif %}
{%- include "modules/akmods/akmods.j2" %}
# This stage is responsible for holding onto
# exports like the exports.sh
FROM docker.io/alpine as stage-exports
COPY <<EOF /exports.sh
{{ self::print_export_script() }}
EOF
RUN chmod +x /exports.sh
Reference in a new issue View git blame Copy permalink