particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
particle-os-cli/templates/Containerfile
Gerald Pinder 54742ecaa1
refactor: Use GITHUB_TOKEN instead of REGISTRY_TOKEN (#75) 
To keep things as consistent as possible, we're switching to using the
GITHUB_TOKEN env var for login instead. Env vars were also all pulled
out into their own constants to make things more consistent.

This change also includes prioritizing public/private key signing over
OIDC keyless for GitHub for an easier transition. It would require the
user to delete their `cosign.pub` file from their repo in order to start
using the keyless method.
2024-02-19 23:30:39 -05:00

91 lines
3.2 KiB
Docker
Raw Blame History

# This stage is responsible for holding onto
# your config without copying it directly into
# the final image
FROM scratch as stage-config
COPY ./config /config
# Copy modules
# The default modules are inside ublue-os/bling
# Custom modules overwrite defaults
FROM scratch as stage-modules
COPY --from=ghcr.io/ublue-os/bling:latest /modules /modules
COPY ./modules /modules
# This stage is responsible for holding onto
# exports like the exports.sh
FROM docker.io/alpine as stage-exports
RUN printf {{ self::print_script(export_script) }} >> /exports.sh && chmod +x /exports.sh
FROM {{ recipe.base_image }}:{{ recipe.image_version }}
LABEL {{ crate::constants::BUILD_ID_LABEL }}="{{ build_id }}"
LABEL org.opencontainers.image.title="{{ recipe.name }}"
LABEL org.opencontainers.image.description="{{ recipe.description }}"
LABEL io.artifacthub.package.readme-url=https://raw.githubusercontent.com/blue-build/cli/main/README.md
ARG RECIPE={{ recipe_path.display() }}
{%- if let Some(repo_owner) = self::get_github_repo_owner() %}
ARG IMAGE_REGISTRY=ghcr.io/{{ repo_owner }}
{%- else if let Some(registry) = self::get_gitlab_registry_path() %}
ARG IMAGE_REGISTRY={{ registry }}
{%- else %}
ARG IMAGE_REGISTRY=localhost
{%- endif %}
{%- if self::has_cosign_file() %}
COPY cosign.pub /usr/share/ublue-os/cosign.pub
{%- endif %}
COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /usr/bin/cosign
COPY --from=ghcr.io/blue-build/cli:
{%- if let Some(tag) = recipe.blue_build_tag -%}
{{ tag }}
{%- else -%}
latest-installer
{%- endif %} /out/bluebuild /usr/bin/bluebuild
ARG CONFIG_DIRECTORY="/tmp/config"
ARG IMAGE_NAME="{{ recipe.name }}"
ARG BASE_IMAGE="{{ recipe.base_image }}"
{%- for module in recipe.modules_ext.modules %}
{%- if let Some(type) = module.module_type %}
{%- if type == "containerfile" %}
{%- if let Some(containerfiles) = self::get_containerfile_list(module) %}
{%- for c in containerfiles %}
{{ self::print_containerfile(c) }}
{%- endfor %}
{%- endif %}
{%- if let Some(snippets) = self::get_containerfile_snippets(module) %}
{%- for s in snippets %}
{{ s }}
{%- endfor %}
{%- endif %}
{%- else if type == "files" %}
{%- if let Some(files) = self::get_files_list(module) %}
{%- for (src, dest) in files %}
COPY {{ src }} {{ dest }}
{%- endfor %}
{%- endif %}
{%- else %}
RUN \
--mount=type=tmpfs,target=/tmp \
--mount=type=tmpfs,target=/var \
--mount=type=bind,from=stage-config,src=/config,dst=/tmp/config,rw \
{%- if let Some(source) = module.source %}
--mount=type=bind,from={{ source }},src=/modules,dst=/tmp/modules,rw \
{%- else %}
--mount=type=bind,from=stage-modules,src=/modules,dst=/tmp/modules,rw \
{%- endif %}
--mount=type=bind,from=stage-exports,src=/exports.sh,dst=/tmp/exports.sh \
--mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-{{ recipe.name }}-{{ recipe.image_version }},sharing=locked \
chmod +x /tmp/modules/{{ type }}/{{ type }}.sh \
&& source /tmp/exports.sh && /tmp/modules/{{ type }}/{{ type }}.sh '{{ self::print_module_context(module) }}'
{%- endif %}
{%- endif %}
{%- endfor %}
RUN ostree container commit
Reference in a new issue View git blame Copy permalink