Test buildah builder

.forgejo/workflows/build.yaml

@@ -1,56 +1,38 @@
 on: [push]
 env:
-  REGISTRY: forgejo.sbox.hornwitser.no
+  REGISTRY: forge.hornwitser.no
-  REGISTRY_IMAGE: forgejo.sbox.hornwitser.no/furnavia/builder
+  REGISTRY_IMAGE: forge.hornwitser.no/furnavia/builder
 
 jobs:
   build:
-    runs-on: docker
+    runs-on: alpine
-    container:
-      image: node:20-bookworm
     steps:
       -
-        name: Install docker
+        name: Install buildah
         run: |
-          apt-get update
+          apk add buildah
-          apt-get install -y --no-install-recommends ca-certificates curl git
-          install -m 0755 -d /etc/apt/keyrings
-          curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
-          chmod a+r /etc/apt/keyrings/docker.asc
-          echo \
-            "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
-            https://download.docker.com/linux/debian \
-            bookworm stable" \
-          > /etc/apt/sources.list.d/docker.list
-          apt-get update
-          apt-get install -y --no-install-recommends docker-ce-cli docker-buildx-plugin docker-compose-plugin
       -
-        name: Get image tags
+        name: Compute image tags
         id: info
         shell: bash
         run: |
           tee -a ${GITHUB_OUTPUT} <<EOF
-          TAGS<<EOT
+          TAGS=${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }}
-          $(
-            echo ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }}
-            if [[ "${{ github.ref_name }}" =~ ^r[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-              echo ${{ env.REGISTRY_IMAGE }}:latest
-            elif [[ "${{ github.ref_name }}" == forgejo ]]; then
-              echo ${{ env.REGISTRY_IMAGE }}:development
-            fi
-          )
-          EOT
           EOF
       -
-        name: Authenticate
+        name: Checkout
-        uses: docker/login-action@v3
+        uses: actions/checkout@v4
-        with:
-          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
-          registry: ${{ env.REGISTRY }}
       -
-        name: Build and push
+        name: Build
-        uses: docker/build-push-action@v6
+        run: |
+          id
+          $GITHUB_WORKSPACE/builder.sh ${{ steps.info.outputs.TAGS }}
+      -
+        name: Authenticate with registry
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | buildah login ${{ env.REGISTRY }} --username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
+      -
+        name: Push
         with:
           push: true
           tags: ${{ steps.info.outputs.TAGS }}

Readme.md

@@ -4,13 +4,10 @@ Common docker image used for running application builds, CI pipelines, and deplo
 
 ## Tools included
 
-- `ansible` latest - https://www.ansible.com/
+- `buildah` trixie - https://packages.debian.org/trixie/buildah
-- `docker` latest - https://www.docker.com/
+- `curl` trixie - https://packages.debian.org/trixie/curl
-- `curl` bookworm - https://packages.debian.org/bookworm/curl
+- `git` trixie - https://packages.debian.org/trixie/git
-- `git` bookworm - https://packages.debian.org/bookworm/git
+- `node` v22.15.1 - https://nodejs.org/
-- `gpg` bookworm - https://packages.debian.org/bookworm/gpg
-- `kubectl` v1.30.2 - https://kubectl.docs.kubernetes.io/
-- `node` v20.x - https://nodejs.org/
 - `pnpm` v9.5.0 - https://pnpm.io/
-- `ssh` bookworm - https://packages.debian.org/bookworm/openssh-client
+- `ssh` trixie - https://packages.debian.org/trixie/openssh-client
 - `yq` v4.44.2 - https://github.com/mikefarah/yq

builder.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+set -x
+
+YQ_VERSION=v4.44.2
+NODE_VERSION=22.15.1
+PNPM_VERSION=v9.5.0
+NODE_VERSION=22.x
+
+ctr=$(buildah from "docker.io/library/debian:trixie-20250428")
+#mnt=$(buildah mount $ctr)
+
+buildah run $ctr -- apt-get install -y --no-install-recommends \
+	buildah \
+	curl \
+	git \
+	openssh-client \
+;
+	#ca-certificates \
+	#gpg \
+
+# yq https://github.com/mikefarah/yq?tab=readme-ov-file#install
+buildah run $ctr -- sh -c 'curl --silent --location "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz" \
+	| tar --extract --gzip --to-stdout ./yq_linux_amd64 \
+	| install --owner=root --group=root --mode=0755 /dev/stdin $mnt/usr/local/bin/yq \
+;'
+
+# node https://github.com/nodesource/distributions?tab=readme-ov-file#using-debian-as-root-nodejs-22
+buildah run $ctr -- sh -c 'curl --silent --location "https://deb.nodesource.com/setup_$NODE_VERSION" | bash'
+buildah run $ctr -- apt-get install -y --no-install-recommends nodejs
+# pnpm https://nodejs.org/api/corepack.html#upgrading-the-global-versions
+buildah run $ctr -- corepack install --global pnpm@$PNPM_VERSION
+buildah run $ctr -- corepack enable pnpm
+# Clear caches
+buildah run $ctr rm -rf /var/lib/apt/lists/*
+
+buildah commit --rm $ctr $1
+if [[ $2 ]]; do
+	builda tag "$@"
+fi
+
+for image in "$@"; do
+	buildah push $image
+done
+
+#	apt-get install -y --no-install-recommends \
+#		ca-certificates \
+##		gpg \
+#	; \
+#	rm -rf /var/lib/apt/lists/*