diff --git a/pkg/reconciler/buildrun/resources/taskrun_test.go b/pkg/reconciler/buildrun/resources/taskrun_test.go index 954b3793a2..1558bd62ab 100644 --- a/pkg/reconciler/buildrun/resources/taskrun_test.go +++ b/pkg/reconciler/buildrun/resources/taskrun_test.go @@ -70,7 +70,7 @@ var _ = Describe("GenerateTaskrun", func() { buildStrategy.Spec.BuildSteps[0].ImagePullPolicy = "Always" expectedCommandOrArg = []string{ - "bud", "--tag=$(params.shp-output-image)", fmt.Sprintf("--file=$(inputs.params.%s)", "DOCKERFILE"), "$(params.shp-source-context)", + "--storage-driver=$(params.storage-driver)", "bud", "--tag=$(params.shp-output-image)", fmt.Sprintf("--file=$(inputs.params.%s)", "DOCKERFILE"), "$(params.shp-source-context)", } }) diff --git a/samples/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml b/samples/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml index 5d49e1d9d5..0b964158ca 100644 --- a/samples/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml +++ b/samples/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml @@ -193,6 +193,11 @@ spec: defaults: - docker.io - quay.io + # - name: storage-driver + # description: "The storage driver to use, such as `overlay` or `vfs`." + # type: string + # default: "vfs" + # For details see the "--storage-driver" section of https://github.com/containers/buildah/blob/main/docs/buildah.1.md#options securityContext: runAsUser: 0 runAsGroup: 0 diff --git a/samples/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml b/samples/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml index 098d60b1f6..48a450e782 100644 --- a/samples/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml +++ b/samples/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml @@ -9,7 +9,9 @@ spec: image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) securityContext: - privileged: true + capabilities: + add: + - "SETFCAP" command: - /bin/bash args: @@ -136,7 +138,8 @@ spec: # Building the image echo "[INFO] Building image ${image}" - buildah bud "${buildArgs[@]}" \ + buildah --storage-driver=$(params.storage-driver) \ + bud "${buildArgs[@]}" \ --registries-conf=/tmp/registries.conf \ --tag="${image}" \ --file="${dockerfile}" \ @@ -144,7 +147,7 @@ spec: # Push the image echo "[INFO] Pushing image ${image}" - buildah push \ + buildah --storage-driver=$(params.storage-driver) push \ --digestfile='$(results.shp-image-digest.path)' \ --tls-verify="${tlsVerify}" \ "${image}" \ @@ -191,6 +194,11 @@ spec: defaults: - docker.io - quay.io + - name: storage-driver + description: "The storage driver to use, such as `overlay` or `vfs`" + type: string + default: "vfs" + # For details see the "--storage-driver" section of https://github.com/containers/buildah/blob/main/docs/buildah.1.md#options securityContext: runAsUser: 0 runAsGroup: 0 diff --git a/test/buildstrategy_samples.go b/test/buildstrategy_samples.go index 8446c4b643..b67379cbdb 100644 --- a/test/buildstrategy_samples.go +++ b/test/buildstrategy_samples.go @@ -21,10 +21,12 @@ spec: image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - bud - --tag=$(params.shp-output-image) - --file=$(build.dockerfile) @@ -42,10 +44,12 @@ spec: - name: buildah-push image: quay.io/containers/buildah:v1.31.0 securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - push - --tls-verify=false - docker://$(params.shp-output-image) @@ -79,10 +83,12 @@ spec: image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - bud - --tag=$(params.shp-output-image) - --file=$(build.dockerfile) @@ -107,10 +113,12 @@ spec: - name: buildah-push image: quay.io/containers/buildah:v1.31.0 securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - push - --tls-verify=false - docker://$(params.shp-output-image) @@ -149,6 +157,7 @@ spec: workingDir: $(params.shp-source-root) command: - buildah + - --storage-driver=$(params.storage-driver) - bud - --tls-verify=false - --layers diff --git a/test/clusterbuildstrategy_samples.go b/test/clusterbuildstrategy_samples.go index c76eac43c0..5341427b01 100644 --- a/test/clusterbuildstrategy_samples.go +++ b/test/clusterbuildstrategy_samples.go @@ -22,10 +22,12 @@ spec: image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - bud - --tag=$(params.shp-output-image) - --file=$(build.dockerfile) @@ -43,10 +45,12 @@ spec: - name: buildah-push image: quay.io/containers/buildah:v1.31.0 securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - push - --tls-verify=false - docker://$(params.shp-output-image) @@ -80,10 +84,12 @@ spec: image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - bud - --tag=$(params.shp-output-image) - --file=$(build.dockerfile) @@ -101,10 +107,12 @@ spec: - name: buildah-push image: quay.io/containers/buildah:v1.31.0 securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - push - --tls-verify=false - docker://$(params.shp-output-image)