Woodpecker-Buildah Plugin

A basic wrapper for buildah commands to run as a woodpecker-ci pipeline.

Inspired by https://codeberg.org/Taywee/woodpecker-buildah/ , rewritten in golang.

Latest container can be found here:

https://hub.docker.com/r/maltegrosse/woodpecker-buildah/tags

Usage

steps:
  build_and_release_and_push:
    image: maltegrosse/woodpecker-buildah:0.0.11
    pull: true
    settings:
      registry: somehub.com
      repository: theuser/mytarget_repo
      tag: 4.0.12c
      architectures: amd64 aarch64
      context: Dockerfile
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password

Limitation

There are certain considerations between security and performance, especially running on Kubernetes. Currently, the plugin runs with vfs - and it is quite slow... see links for further information.

Plugin is in early stage and only tested with Woodpecker Kubernetes backend. To run multi-arch builds, a second qemu container needs to be deployed (in privileged mode) --> see example-qemu.yaml (as one possible solution)

Fuse package is preinstalled, and fuse storage could be added as a flag. (untested)

If buildah runs in privileged mode, woodpecker needs to trust the container repo. See https://woodpecker-ci.org/docs/administration/server-config#all-server-configuration-options --> WOODPECKER_ESCALATE

Links

A collection of useful buildah articles

License

This wrapper is under MIT, buildah image is under the Apache license.

About

Buildah Plugin for Woodpecker

MIT License

Languages

Language:Go 85.7%Language:Dockerfile 14.3%