ci: use Buildah container to build Podlet container

Signed-off-by: Paul Nettleton <[email protected]>

.github/workflows/ci.yaml

@@ -39,39 +39,18 @@ jobs:
       - run: cargo test --verbose
 
   build-container:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/containers/buildah:latest
+      options: --security-opt seccomp=unconfined --security-opt apparmor=unconfined --device /dev/fuse:rw
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      # From https://podman.io/docs/installation#ubuntu
-      # There is a bug in earlier versions of buildah/podman where the TARGETPLATFORM arg is not set correctly
-      - name: Upgrade podman
-        run: |
-          sudo mkdir -p /etc/apt/keyrings && \
-          curl -fsSL \
-            "https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04/Release.key" \
-            | gpg --dearmor \
-            | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null && \
-          echo \
-            "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg] https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04/ /" \
-            | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null && \
-          sudo apt update && \
-          sudo apt install -y podman
-
-      - run: podman version
-
-      - id: conmon_version
-        run: echo version="$(conmon --version | head -n 1)" >> $GITHUB_OUTPUT
+      - run: buildah version
 
       - name: Build ARM image
-        run: podman build --platform linux/arm64/v8 -t podlet .
+        run: buildah build --platform linux/arm64/v8 -t podlet .
 
       - name: Build x86 image
-        run: podman build --platform linux/amd64 -t podlet .
-
-      - name: Test run image
-        # There is a regression in conmon v2.1.9 which causes this step to fail.
-        # See https://github.com/containers/conmon/issues/475
-        if: ${{ ! contains(steps.conmon_version.outputs.version, '2.1.9') }}
-        run: podman run localhost/podlet -h
+        run: buildah build --platform linux/amd64 -t podlet .

.github/workflows/release-container.yml

@@ -11,52 +11,40 @@ env:
 
 jobs:
   build-and-push:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/containers/buildah:latest
+      options: --security-opt seccomp=unconfined --security-opt apparmor=unconfined --device /dev/fuse:rw
     permissions:
       packages: write
       contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      # From https://podman.io/docs/installation#ubuntu
-      # There is a bug in earlier versions of Buildah/Podman where the TARGETPLATFORM arg is not set correctly
-      - name: Upgrade podman
-        run: |
-          sudo mkdir -p /etc/apt/keyrings && \
-          curl -fsSL \
-            "https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04/Release.key" \
-            | gpg --dearmor \
-            | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null && \
-          echo \
-            "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg] https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04/ /" \
-            | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null && \
-          sudo apt update && \
-          sudo apt install -y podman
-
-      - run: podman version
+      - run: buildah version
 
       - name: Create manifest
         run: |
-          podman manifest create \
+          buildah manifest create \
             --annotation "org.opencontainers.image.source=https://github.com/containers/podlet" \
             --annotation "org.opencontainers.image.description=Generate Podman Quadlet files from a Podman command, compose file, or existing object" \
             --annotation "org.opencontainers.image.licenses=MPL-2.0" \
             "${MANIFEST}"
 
       - name: Build image
         run: |
-          podman build --manifest "${MANIFEST}" \
+          buildah build --manifest "${MANIFEST}" \
             --platform linux/amd64,linux/arm64/v8 -t podlet .
 
       - name: Push to ghcr.io
         env:
           USERNAME: ${{ github.actor }}
           PASSWORD: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          podman manifest push "${MANIFEST}:latest" \
+          buildah manifest push "${MANIFEST}:latest" \
             --creds "${USERNAME}:${PASSWORD}" \
             "docker://ghcr.io/containers/podlet:${GITHUB_REF_NAME}" && \
-          podman manifest push "${MANIFEST}:latest" \
+          buildah manifest push "${MANIFEST}:latest" \
             --creds "${USERNAME}:${PASSWORD}" \
             "docker://ghcr.io/containers/podlet:latest"

CONTRIBUTING.md

@@ -138,9 +138,9 @@ below is a list of all the jobs with explanations and the commands that they run
   - `cargo test`
 - build-container:
   - Ensures that the [Podlet container](./Containerfile) can build for both x86 and ARM platforms.
-  - First, [install podman](https://podman.io/docs/installation).
-  - `podman build --platform linux/amd64 -t podlet .`
-  - `podman build --platform linux/arm64/v8 -t podlet .`
+  - First, [install Buildah](https://github.com/containers/buildah/blob/main/install.md).
+  - `buildah build --platform linux/amd64 -t podlet .`
+  - `buildah build --platform linux/arm64/v8 -t podlet .`
 
 ## Communication