Now the bud --help output correctly reads that the default behavior when
--pull is not provided at all is "missing", and that the default value
for --pull if explicitly provided but without value is "always".
Fixes#6266.
Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
What type of PR is this?
/kind feature
What this PR does / why we need it:
It implements --link for COPY and ADD instructions and enables the creation of
cachable layers that can be reused independently across builds.
Follows buildkit `--link` specifications
How to verify it
bats tests/bud.bats
Which issue(s) this PR fixes:
Fixes#4325
Does this PR introduce a user-facing change?
Yes, gives extra functionality to Containerfiles
Signed-off-by: Joshua Arrevillaga <2004jarrevillaga@gmail.com>
When building or committing an image in OCI format, default to setting
the org.opencontainers.image.created annotation to the value used in the
image's config blob for the image's creation date. The behavior can be
controlled using the new --created-annotation flag.
Add --annotation and --unsetannotation flags to `buildah commit` which
mimic the same flags for `buildah build`.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When using either --source-date-epoch or --timestamp, default to not
adding a label with our version number in it, since it can change
between builds.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Consistently use --releasever instead of --release in dnf examples
* Remove trailing whitespace
* Use --use-host-config --setopt "*.countme=false" when running dnf with
an empty --installroot
* Use Fedora 42 instead of Fedora 30 in examples
* Block quote console examples in tutorials
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use $SOURCE_DATE_EPOCH as the default for the --source-date-epoch flag
to the "build" CLI.
When a source-date-epoch is set, we'll use it when writing new history
entries, force timestamps in data written for --output to the specified
timestamp, and populate a "SOURCE_DATE_EPOCH" ARG that we treat as
always being set, and which we don't complain about being left unused.
By default, this will not affect timestamps in newly-added layers.
Add a --rewrite-timestamp flag, which "clamps" timestamps in newly-added
layers to not be later than the --source-date-epoch value if the
--source-date-epoch flag is set, but has no effect otherwise.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a --source-date-epoch flag, defaulting to $SOURCE_DATE_EPOCH if set,
which sets the created-on date and the timestamp for the new history
entries, but does not default to modifying the timestamps on contents in
new layers.
Add a --rewrite-timestamp flag, which "clamps" timestamps in the new
layers to not be later than the --source-date-epoch value if both
the --rewrite-timestamp and --source-date-epoch flags were set.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Flag `--add-host` should support `host-gateway` when argument is in the
form of `buildah build --add-host=proxyhost:host-gateway .`
This is consistent with podman.
Closes: https://github.com/containers/podman/issues/26034
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Tweak the wording that describes the effects of --cgroup-parent to be
clear that it only affects handling of RUN instructions.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The buildah-build man page enumerates the default set of masked and
read-only paths, but that list is hardwired into one of our
dependencies, and we didn't update this man page when it changed.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a --timestamp flag to the "add" and "copy" CLIs, along with a
corresponding field in AddAndCopyOptions.
When a timestamp is set, we'll force the timestamp on data copied in to
be the specified value while reading it, so that the content will have
the specified datestamp in the rootfs and when the image is committed.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When handling RUN --mount=type=bind, where the mount is read-write,
instead of a simple bind mount, create an overlay mount with an upper
directory that will be discarded after the overlay mount is unmounted.
This brings us in line with the expected behavior, wherein writes to
bind mounts should be discarded.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a --artifact-annotation flag to `buildah manifest add` that can be
used to set annotations in the artifact manifest that we generate and
then add to an image index.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Describe the "env" and "type" options in the buildah-build(1) man page.
When parsing the "--secret=" flag for the CLI, instead of ignoring an
option that we don't recognize, return an error.
Even though the set of meaningful "id" values for secrets is passed in
via the command line, don't directly use it to construct a file path.
Change the default mode for SSH agent sockets that we create from 0o620
to 0o600.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Changed the `--all` option of `buildah manifest push` to be true by
default. This matches the behavior of the equivalent Podman option
(`podman manifest push --all`), making it easier to switch between
Podman and Buildah.
Updated buildah.manifest.push.1 docs to reflect this change.
Added test "manifest-push-all-default-true" to `tests/lists.bats`.
Closes: #5547
Signed-off-by: Paul Nettleton <k9@k9withabone.dev>
The default configuration that `docker build` applies to images built
using "scratch" has changed from classic builds to BuildKit. Add a
toggle for selecting which behavior to mimic.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Call storage.DefaultStoreOptions() instead of
storage.DefaultStoreOptionsAutoDetectUID() in the tutorial.
* Mention installing passt when installing build-time dependencies.
* Include the registry part of examples that use node:12-alpine.
* Use registry.fedoraproject.org for Fedora images.
* Mention Fedora 40 instead of 35 in examples.
* Mount an emptyDir volume in the OpenShift example, so that it can use
overlay for storage
* Use a more recent buildah image as the base in the OpenShift example.
* Use a ReplicationController instead of a DeploymentConfig in the
OpenShift example, because DeploymentConfigs are deprecated.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add CertPath and InsecureSkipTLSVerify flags to AddAndCopyOptions, and
connect the CLI flag values passed to `buildah add` and `buildah build`
so that Builder.Add() gets those.
Add MaxRetries and RetryDelay fields to AddAndCopyOptions, and connect
them to the values passed on the command line to `buildah add` and
`buildah build`.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make the traditional handling of volumes (where they're "frozen" and can
only be modified by ADD or COPY, which requires that we cache their
contents and save/restore them before/after RUN instructions) an option
that is not enabled by default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When `buildah copy` is invoked with a `--from` flag, default to
preserving ownerships that were set in the source container or image.
Retain the "set it to 0:0 by default" behavior when `--from` is not
being used.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
buildah from and buildah build will now default to --pull=missing
as opposed to --pull=always, which they did before. This better
matches to the defaults in docker and podman.
No longer document --pull=true|false
Fixes: https://github.com/containers/buildah/issues/5406
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Describe --device in `buildah from` and `buildah run`, where it's new.
Update the description of --device in `buildah build` to note that the
device nodes are only there while RUN instructions are being run, and
not to imply that they end up in the finished image.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add functionality for creating artifact manifests and adding them to
image indexes. `buildah manifest add` gets a `--artifact` option for
telling it to create artifact manifests, and `--artifact-type`,
`--artifact-config`, `--artifact-config-type`, `--artifact-layer-type`,
`--artifact-exclude-titles`, and `--subject` options to fine-tune the
contents of the artifact manifests it creates.
Add a `--index` flag to `buildah manifest annotate` so that it can be
told to set annotations on the index itself instead of on one of the
entries in the image index.
Add a `--subject` flag to `buildah manifest annotate` for setting the
`subject` field of an image index.
Add a `--annotation` flag to `buildah manifest create` to allow for
adding annotations to the new image index.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Just like `buildah push`, `buildah manifest push` should also support
`--retry` and `--retry-delay` options, see documentation in same commit
for more details.
Closes: https://github.com/containers/buildah/issues/5254
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Followthrough on #5221, with thanks to @krumelmonster:
move footnotes on divisive language to exactly where
divisive language is used
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add a --sbom flag to `buildah build` and `buildah commit` which will
scan the rootfs and specified context directories to build SPDX or
CycloneDX SBOMs and lists of package URLs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Romain Geissler
Joshua Arrevillaga
Nalin Dahyabhai
flouthoc
openshift-merge-bot[bot]
Aditya R
Jan Rodák
H Dub
Zack Zlotnik
Daniel J Walsh
Kir Kolyshkin
Miloslav Trmač
Reinhard Tartler
Paul Nettleton
Philippe Vlérick
James Fraser
krumelmonster