19c93ce742
HEREDOC support for podman doesn't work exactly 1-1 with Dockerfiles. This fix gives the export script its own image that we mount.
44 lines
1.3 KiB
Django/Jinja
44 lines
1.3 KiB
Django/Jinja
# This stage is responsible for holding onto
|
|
# your config without copying it directly into
|
|
# the final image
|
|
FROM scratch as stage-config
|
|
COPY ./config /config
|
|
|
|
# Copy modules
|
|
# The default modules are inside blue-build/modules
|
|
# Custom modules overwrite defaults
|
|
FROM scratch as stage-modules
|
|
COPY --from=ghcr.io/blue-build/modules:latest /modules /modules
|
|
{%- if self::modules_exists() %}
|
|
COPY ./modules /modules
|
|
{%- endif %}
|
|
|
|
# Bins to install
|
|
# These are basic tools that are added to all images.
|
|
# Generally used for the build process. We use a multi
|
|
# stage process so that adding the bins into the image
|
|
# can be added to the ostree commits.
|
|
FROM scratch as stage-bins
|
|
|
|
COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /bins/cosign
|
|
COPY --from=docker.io/mikefarah/yq /usr/bin/yq /bins/yq
|
|
COPY --from=ghcr.io/blue-build/cli:
|
|
{%- if let Some(tag) = recipe.blue_build_tag -%}
|
|
{{ tag }}
|
|
{%- else -%}
|
|
latest-installer
|
|
{%- endif %} /out/bluebuild /bins/bluebuild
|
|
|
|
# Keys for pre-verified images
|
|
# Used to copy the keys into the final image
|
|
# and perform an ostree commit.
|
|
#
|
|
# Currently only holds the current image's
|
|
# public key.
|
|
FROM scratch as stage-keys
|
|
|
|
{%- if self::has_cosign_file() %}
|
|
COPY cosign.pub /keys/{{ recipe.name|replace('/', "_") }}.pub
|
|
{%- endif %}
|
|
|
|
{%- include "modules/akmods/akmods.j2" %}
|