action-env/oci-image-builder-bookworm/README.md

# Forgejo Actions environment for building OCI container images

Building OCI container images inside Forgejo Actions is somewhat non-trivial.
We need to execute Buildah inside of a rootless Podman container, which
eventually leads to a podman-in-podman scenario. Thankfully, this is not as
complex as docker-in-docker.

This image contains everything we need for executing `make image` in our
Golang repos:

- Go toolchain (for helper scripts called by Makefile)
- Docker wrapper (for abstracting Buildah away from human Makefile users)
- Podman configuration files

## Usage

Referencing this container from `.forgejo/workflows/workflow.yml`:

```yaml
jobs:
  oci-image:
    runs-on: docker
    container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm
```

See full [live
example](https://git.frostfs.info/TrueCloudLab/action-env/src/branch/master/.forgejo/workflows/build.yml)
in action in this repo.

## Initial Forgejo setup

We use this image to build all images in this repo. To avoid chicken-and-egg
situation in case of disaster recovery, the first version of this image must
be pushed from outside of Forgejo Actions, e.g. from sysadmin laptop:

```console
$ make oci-image-builder-bookworm
$ make push-oci-image-builder-bookworm
```
[#4] Create CI environment for building OCI images This saves some workflow time previously spent on installing Debian packages and also allows for easier reuse of Buildah in other repos' actions. Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com> 2024-12-18 10:07:13 +00:00			`# Forgejo Actions environment for building OCI container images`

			`Building OCI container images inside Forgejo Actions is somewhat non-trivial.`
			`We need to execute Buildah inside of a rootless Podman container, which`
			`eventually leads to a podman-in-podman scenario. Thankfully, this is not as`
			`complex as docker-in-docker.`

			This image contains everything we need for executing `make image` in our
			`Golang repos:`

			`- Go toolchain (for helper scripts called by Makefile)`
			`- Docker wrapper (for abstracting Buildah away from human Makefile users)`
			`- Podman configuration files`

			`## Usage`

			Referencing this container from `.forgejo/workflows/workflow.yml`:

			```yaml
			`jobs:`
			`oci-image:`
			`runs-on: docker`
			`container: git.frostfs.info/truecloudlab/env:oci-image-builder-bookworm`
			```

			`See full [live`
			`example](https://git.frostfs.info/TrueCloudLab/action-env/src/branch/master/.forgejo/workflows/build.yml)`
			`in action in this repo.`

			`## Initial Forgejo setup`

			`We use this image to build all images in this repo. To avoid chicken-and-egg`
			`situation in case of disaster recovery, the first version of this image must`
			`be pushed from outside of Forgejo Actions, e.g. from sysadmin laptop:`

			```console
			`$ make oci-image-builder-bookworm`
			`$ make push-oci-image-builder-bookworm`
			```