Add docs for the new --cw option recognized by both `commit` and
`build`, and the new `mkcw` command.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
With discussion from here:
https://github.com/containers/podman/pull/19640, it was decided that
`--force-compression` must be automatically `true` in case when
`--compression-format` is set.
Signed-off-by: Aditya R <arajan@redhat.com>
Adds support for `--force-compression` which allows end-users to force
push blobs with the selected compresison in `--compression` option, in
order to make sure that `blobs` of other compression on registry are not
reused.
Is equivalent to: `force-compression` here: https://docs.docker.com/build/exporters/#compression
Closes: https://github.com/containers/buildah/issues/4613
Also Implements:
`--compression-format` and `--compression-level` for `manifest push` just like
`podman`'s `manifest push`
Signed-off-by: Aditya R <arajan@redhat.com>
`--layer-label` allows users to set labels on intermediate labels agnostic
of the labels set on actual image. Since there are use-cases where users
want to perform operation on intermediate images only on the basis of
certain labels.
Closes: https://github.com/containers/buildah/issues/4933
Signed-off-by: Aditya R <arajan@redhat.com>
Adds support for `--add-compression` which accepts multiple compression
formats and when used it will add all instances in a manifest list with
requested compression formats.
Signed-off-by: Aditya R <arajan@redhat.com>
Like podman allow buildah and therefore podman build to use the network
mode pasta. The pasta integration is very simple and we do not even
need a teardown handler for that as pasta will exit on its own when the
netns path is removed.
However right now this is broken, pasta will fail to open
/proc/$pid/ns/net. I send a patch[1] to fix this upstream in pasta.
I assume this will land quickly so I like to get this in now just so we
have this included in podman v4.6. Thus the test is skipped for now.
[1] https://archives.passt.top/passt-dev/20230623082531.25947-2-pholzing@redhat.com/
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This uses the same code as podman for slirp4netns, this means
- ipv6 is enabled by default
- slirp4netns options are read from contianers.conf
- slirp4netns options can now be set on the cli. This required some
small rework on where we parse the network string.
Lastly I updated the --network docs, to document the new slirp4netns
mode. That included fixing up buildah-from and buildah-run pages which
were incomplete in that regard. Now we show the same for all options.
Fixes#3968
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When running `make`, about 99% of the output looks like this:
sed -e 's/\((buildah[^)]*\.md\(#.*\)\?)\)//g' \
-e 's/\[\(buildah[^]]*\)\]/\1/g' \
-e 's/\[\([^]]*\)](http[^)]\+)/\1/g' \
-e 's;<\(/\)\?\(a\|a\s\+[^>]*\|sup\)>;;g' \
-e 's/\\$/ /g' buildah-unshare.1.md | \
../tests/tools/build/go-md2man -in /dev/stdin -out buildah-unshare.1
sed -e 's/\((buildah[^)]*\.md\(#.*\)\?)\)//g' \
-e 's/\[\(buildah[^]]*\)\]/\1/g' \
-e 's/\[\([^]]*\)](http[^)]\+)/\1/g' \
-e 's;<\(/\)\?\(a\|a\s\+[^>]*\|sup\)>;;g' \
-e 's/\\$/ /g' buildah-version.1.md | \
../tests/tools/build/go-md2man -in /dev/stdin -out buildah-version.1
As much as I love sed, this is not what I would want to stare at in
CI logs etc.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Allows codifying build arguments into a structured file, perhaps one
named arguments.Containerargs
The build arg file also accepts comments starting #, so automated
tooling or CI/CD workflows can monitor arguments like versions to
ensure they are up-to-date.
Signed-off-by: Jack Wearden <jack@jackwearden.co.uk>
Buildah's `--cache-to` and `--cache-from` is different from
docker/buildkit so lets document that and mention how is it different.
Closes: https://github.com/containers/buildah/issues/4612
Signed-off-by: Aditya R <arajan@redhat.com>
Before executing `buildah unshare` for mounting a container from scratch
as a non-root user, we need to export the variable `newcontainer` so
that it is known inside the modified user namespace.
Signed-off-by: Steffen Straub <22006250+Steffen1989@users.noreply.github.com>
In the tutorial, switch to calling `DefaultStoreOptionsAutoDetectUID()`
instead of `DefaultStoreOptions()`, which should figure things out
better.
In the tutorial, add an example of using Run(), where for API backward
compatibility reasons, we can't tell the difference between "grant no
capabilties by default" and "grant the default set of capabilities by
default".
The default isolation can be set automatically, so start doing that at
run-time, but have the tutorial look it up anyway because the tutorial
on the web will be newer than our current release for at least a while.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Buildah uses the default list of capabilities as specified in
containers.conf. The man pages should reflect this.
Fixes: https://github.com/containers/buildah/issues/4576
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When multiple files are specified buildah considers `FROM` instruction
from the last file specified and so does `buildkit` and `docker` so lets
specify that in docs.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Closes: https://github.com/containers/buildah/issues/4544
Signed-off-by: Aditya R <arajan@redhat.com>
Touch up a couple of diversity issues in one of the tutorials.
Changes the word "master" to "primary".
[NO NEW TESTS NEEDED]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
We handle --label command line arguments by appending LABEL instructions
to the Dockerfile contents before we parse it. Previously, we were
appending a separate line for each label-value pair. Consolidate them
for the sake of tools that arbitrarily limit the length of histories
that they're willing to accept in images (boo!).
Add a similar implementation for --env command line arguments.
Previously, we'd set them in the initial configuration for each stage
and also set them at commit-time, and that potentially overrode any
values that were explicitly in the stage itself, and which would have
affected RUN instructions. Remove the set-at-commit-time logic so that
the history reflects what ends up in the image.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Just like buildkit buildah must allow cleaning the buildcache and cache
generated on host by `--mount=type=cache` just like buildkit's `prune`
command.
* Also expose `CleanCacheMount` API so other tools like `podman` can use
it.
See: https://github.com/moby/buildkit#cache
Closes: https://github.com/containers/buildah/issues/4486
Signed-off-by: Aditya R <arajan@redhat.com>
Allow containers running under buildah to use
--group-add keep-groups, so that they can inherit
access to the users groups.
Also allow users to add supplimental groups to the container.
Fixes: https://github.com/containers/buildah/issues/4476
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Buildah must support multiple sources for remote cache when using
`--cache-to` and `--cache-from` so users can distribute and collect
cache from various sources.
We also need for compat with buildkit api which in past broke `podman`
compat build API see: https://github.com/containers/podman/pull/16380
More discussion here: https://github.com/containers/podman/pull/16380
Signed-off-by: Aditya R <arajan@redhat.com>
In multi-stage builds buildah will skip stages which are unused (i.e
stages which don't contribute anything to target stage directly or
indirectly) however in certain cases users need to process these unused
stages hence add support for `--skip-unused-stages` which allows users
to control this behaviour.
Ref: https://github.com/GoogleContainerTools/kaniko#flag---skip-unused-stages
Closes: https://github.com/containers/buildah/issues/4243
Signed-off-by: Aditya R <arajan@redhat.com>
If user explicitly specified `--cache-ttl=0s
it would effectively mean that user is asking
to use no cache at all. In such use cases
buildah can skip looking for cache entierly
by setting `--no-cache=true` internally.
Closes: https://github.com/containers/buildah/issues/4244
Signed-off-by: Aditya R <arajan@redhat.com>
Allows users to configure `--retry` attempts and `--retry-delay`
duration using two additional flags for commands
* buildah build
* buildah pull
* buildah push
* buildah from
* buildah add
* buildah copy
Closes: https://github.com/containers/buildah/issues/4018
Not sure how we can test retry attempts in CI, but added a test in
tests/bud.bats which verfies we parse and added flag in other options
for sanity parsing checking.
Signed-off-by: Aditya R <arajan@redhat.com>
`--mount=type=cache` is buildah's internal construct and actual location
is not managed by user so enable `z` by default is `SELinux` is enabled
on the host machine, instead of asking users to do it.
Signed-off-by: Aditya R <arajan@redhat.com>
When `buildah manifest create` is given the `--amend` flag and a list
with the name that was specified for the to-be-created list already
exists, just reuse the list.
Make the `--insecure` flag, if we see it, conflict with `--tls-verify`,
but have the reverse of the effect that `--tls-verify` does, and teach
the `buildah manifest` `add`, `create`, and `push` subcommands about
it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
`build` or `bud` now supports a new flag `--cache-ttl` which accepts
duration and allows end users to ignore cache images which are not under
the specified duration.
Following flag is useful for setups/platforms which heavily relies on
`--layer` and buildah caching but want recompute certain `RUN` steps
after specified duration to make sure specific `RUN` steps are always
updated. Example `RUN dnf update` or `RUN dnf install`
Closes: https://github.com/containers/buildah/issues/4160
Somewhat similar to kaniko's: https://github.com/GoogleContainerTools/kaniko#--cache-ttl-duration
Signed-off-by: Aditya R <arajan@redhat.com>
When using URL to a git repo as build context allow specifying `commit`
to make sure specific `commit` is used as the build context.
Examples
```console
buildah build -t test myrepo.git#abcef123
buildah build -t test myrepo.git#abcef123
buildah build -t test myrepo.git#abcef123:somesubdir
```
Closes: https://github.com/containers/buildah/issues/4148
Signed-off-by: Aditya R <arajan@redhat.com>
Following commit
* Initiates `cacheKey` or `layerKey` for intermediate images generated
for layers.
* Allows end users to upload cached layers with `cacheKey` to remote
sources using `--cache-to`. `--cache-to` is a optional flag to be used
with `buildah build` which publishes cached layers to remote sources.
* Allows end users to use cached layers from `remote` sources with
`--cache-from`. `--cache-from` is a optional flag to be used with
`buildah build` and it pulls cached layers from remote sources in a step
by step manner only if is a valid cache hit.
Example
* Populate cache source or use cached layers if already present
```bash
buildah build -t test --layers --cache-to registry/myrepo/cache --cache-from registry/myrepo/cache .
```
Future:
* `cacheKey` or `layerKey` model is only being used when working with
remote sources however local cache lookup can be also optimized if its
is altered to use `cacheKey` model instead of iterating through all the
images in local storage. As discussed here
References:
* Feature is quite similar to `kaniko`'s `--cache-repo`: https://github.com/GoogleContainerTools/kaniko#--cache-repo
Closes: issues#620
Signed-off-by: Aditya R <arajan@redhat.com>
Going through containers/podman/issues/14846 let me improve the
code documentation in containers/common/pull/1085 which is now
copied over to Buildah and will eventually into Podman.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Nalin Dahyabhai
Aditya R
Peter Whittaker
Paul Holzinger
Kir Kolyshkin
rijenkii
Andreas Mack
Daniel J Walsh
Jack Wearden
Steffen Straub
tomsweeneyredhat
Daniel Celentano
Mattias Warnqvist
Valentin Rothberg