f8b7334662
Recipe files can now be put into their own directory `./recipes/`. This directory is NEVER copied into the build so changes to a recipe will no longer cause cache misses for builds. Here is an example of my build changing the second to last module and only requiring the last 2 `RUN` layers to be run again. ``` => CACHED [stage-config 1/1] COPY ./config /config 0.0s => CACHED [stage-modules 1/2] COPY --from=ghcr.io/blue-build/modules:latest /modules /modules 0.0s => CACHED [stage-modules 2/2] COPY ./modules /modules 0.0s => CACHED [stage-keys 1/1] COPY cosign.pub /keys/jp-desktop-gaming.pub 0.0s => CACHED [stage-4 2/16] RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys mkdir -p /usr/etc/pki/containers/ && cp /tmp/keys/* /usr/et 0.0s => CACHED [stage-bins 1/3] COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /bins/cosign 0.0s => CACHED [stage-bins 2/3] COPY --from=docker.io/mikefarah/yq /usr/bin/yq /bins/yq 0.0s => CACHED [stage-bins 3/3] COPY --from=ghcr.io/blue-build/cli:main-installer /out/bluebuild /bins/bluebuild 0.0s => CACHED [stage-4 3/16] RUN --mount=type=bind,from=stage-bins,src=/bins,dst=/tmp/bins mkdir -p /usr/bin/ && cp /tmp/bins/* /usr/bin/ && ostree 0.0s => CACHED [stage-4 4/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => CACHED [stage-4 5/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => CACHED [stage-4 6/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => CACHED [stage-4 7/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => CACHED [stage-4 8/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => CACHED [stage-4 9/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => CACHED [stage-4 10/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => CACHED [stage-4 11/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => CACHED [stage-4 12/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => CACHED [stage-4 13/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => CACHED [stage-4 14/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind 0.0s => [stage-4 15/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind,from= 33.4s => [stage-4 16/16] RUN --mount=type=tmpfs,target=/var --mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw --mount=type=bind,from=s 0.7s ``` Support was also added to put all build files into `./files/` instead of `./config/`. This is an all or nothing operation, meaning if there exists a directory of `files` then the `config` directory will be completely ignored. Work will have to be done in https://github.com/blue-build/modules to allow users to put their files directly in `./files/` and not `./files/files` for the `files` module or `./files/scripts` for the scripts module. Support was also added to move the `./config/containerfiles/` directory to the root of the project. Now the directories you can find in the root of projects are: ``` files/ containerfiles/ recipes/ ```
49 lines
1.4 KiB
Django/Jinja
49 lines
1.4 KiB
Django/Jinja
# This stage is responsible for holding onto
|
|
# your config without copying it directly into
|
|
# the final image
|
|
{%- if files_dir_exists %}
|
|
FROM scratch as stage-files
|
|
COPY ./files /files
|
|
{%- else %}
|
|
FROM scratch as stage-config
|
|
COPY ./config /config
|
|
{%- endif %}
|
|
|
|
# Copy modules
|
|
# The default modules are inside blue-build/modules
|
|
# Custom modules overwrite defaults
|
|
FROM scratch as stage-modules
|
|
COPY --from=ghcr.io/blue-build/modules:latest /modules /modules
|
|
{%- if self::modules_exists() %}
|
|
COPY ./modules /modules
|
|
{%- endif %}
|
|
|
|
# Bins to install
|
|
# These are basic tools that are added to all images.
|
|
# Generally used for the build process. We use a multi
|
|
# stage process so that adding the bins into the image
|
|
# can be added to the ostree commits.
|
|
FROM scratch as stage-bins
|
|
|
|
COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /bins/cosign
|
|
COPY --from=docker.io/mikefarah/yq /usr/bin/yq /bins/yq
|
|
COPY --from=ghcr.io/blue-build/cli:
|
|
{%- if let Some(tag) = recipe.blue_build_tag -%}
|
|
{{ tag }}
|
|
{%- else -%}
|
|
latest-installer
|
|
{%- endif %} /out/bluebuild /bins/bluebuild
|
|
|
|
# Keys for pre-verified images
|
|
# Used to copy the keys into the final image
|
|
# and perform an ostree commit.
|
|
#
|
|
# Currently only holds the current image's
|
|
# public key.
|
|
FROM scratch as stage-keys
|
|
|
|
{%- if self::has_cosign_file() %}
|
|
COPY cosign.pub /keys/{{ recipe.name|replace('/', "_") }}.pub
|
|
{%- endif %}
|
|
|
|
{%- include "modules/akmods/akmods.j2" %}
|