diff --git a/pkg/reconciler/buildrun/resources/taskrun_test.go b/pkg/reconciler/buildrun/resources/taskrun_test.go index 954b3793a2..1558bd62ab 100644 --- a/pkg/reconciler/buildrun/resources/taskrun_test.go +++ b/pkg/reconciler/buildrun/resources/taskrun_test.go @@ -70,7 +70,7 @@ var _ = Describe("GenerateTaskrun", func() { buildStrategy.Spec.BuildSteps[0].ImagePullPolicy = "Always" expectedCommandOrArg = []string{ - "bud", "--tag=$(params.shp-output-image)", fmt.Sprintf("--file=$(inputs.params.%s)", "DOCKERFILE"), "$(params.shp-source-context)", + "--storage-driver=$(params.storage-driver)", "bud", "--tag=$(params.shp-output-image)", fmt.Sprintf("--file=$(inputs.params.%s)", "DOCKERFILE"), "$(params.shp-source-context)", } }) diff --git a/samples/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml b/samples/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml index 5d49e1d9d5..1dee6b2b78 100644 --- a/samples/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml +++ b/samples/buildstrategy/buildah/buildstrategy_buildah_shipwright_managed_push_cr.yaml @@ -138,7 +138,8 @@ spec: # Building the image echo "[INFO] Building image ${image}" - buildah bud "${buildArgs[@]}" \ + buildah --storage-driver=$(params.storage-driver) \ + bud "${buildArgs[@]}" \ --registries-conf=/tmp/registries.conf \ --tag="${image}" \ --file="${dockerfile}" \ @@ -146,7 +147,7 @@ spec: # Write the image echo "[INFO] Writing image ${image}" - buildah push \ + buildah --storage-driver=$(params.storage-driver) push \ "${image}" \ "oci:${target}" # That's the separator between the shell script and its args @@ -193,6 +194,11 @@ spec: defaults: - docker.io - quay.io + - name: storage-driver + description: "The storage driver for buildah. Example: `overlay`, `vfs`." + type: string + default: "vfs" + # For details check "--storage-driver value" in https://github.com/containers/buildah/blob/main/docs/buildah.1.md#options securityContext: runAsUser: 0 runAsGroup: 0 diff --git a/samples/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml b/samples/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml index 098d60b1f6..f84fd29d09 100644 --- a/samples/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml +++ b/samples/buildstrategy/buildah/buildstrategy_buildah_strategy_managed_push_cr.yaml @@ -9,7 +9,9 @@ spec: image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) securityContext: - privileged: true + capabilities: + add: + - "SETFCAP" command: - /bin/bash args: @@ -132,11 +134,12 @@ spec: registries = [${registriesBlock::-2}] EOF - fi + fi # Building the image echo "[INFO] Building image ${image}" - buildah bud "${buildArgs[@]}" \ + buildah --storage-driver=$(params.storage-driver) \ + bud "${buildArgs[@]}" \ --registries-conf=/tmp/registries.conf \ --tag="${image}" \ --file="${dockerfile}" \ @@ -144,7 +147,7 @@ spec: # Push the image echo "[INFO] Pushing image ${image}" - buildah push \ + buildah --storage-driver=$(params.storage-driver) push \ --digestfile='$(results.shp-image-digest.path)' \ --tls-verify="${tlsVerify}" \ "${image}" \ @@ -191,6 +194,11 @@ spec: defaults: - docker.io - quay.io + - name: storage-driver + description: "The storage driver for buildah. Example: `overlay`, `vfs`" + type: string + default: "vfs" + # For details check "--storage-driver value" in https://github.com/containers/buildah/blob/main/docs/buildah.1.md#options securityContext: runAsUser: 0 runAsGroup: 0 diff --git a/test/buildstrategy_samples.go b/test/buildstrategy_samples.go index 8446c4b643..b67379cbdb 100644 --- a/test/buildstrategy_samples.go +++ b/test/buildstrategy_samples.go @@ -21,10 +21,12 @@ spec: image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - bud - --tag=$(params.shp-output-image) - --file=$(build.dockerfile) @@ -42,10 +44,12 @@ spec: - name: buildah-push image: quay.io/containers/buildah:v1.31.0 securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - push - --tls-verify=false - docker://$(params.shp-output-image) @@ -79,10 +83,12 @@ spec: image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - bud - --tag=$(params.shp-output-image) - --file=$(build.dockerfile) @@ -107,10 +113,12 @@ spec: - name: buildah-push image: quay.io/containers/buildah:v1.31.0 securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - push - --tls-verify=false - docker://$(params.shp-output-image) @@ -149,6 +157,7 @@ spec: workingDir: $(params.shp-source-root) command: - buildah + - --storage-driver=$(params.storage-driver) - bud - --tls-verify=false - --layers diff --git a/test/clusterbuildstrategy_samples.go b/test/clusterbuildstrategy_samples.go index 923932d96a..699915f149 100644 --- a/test/clusterbuildstrategy_samples.go +++ b/test/clusterbuildstrategy_samples.go @@ -22,10 +22,12 @@ spec: image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - bud - --tag=$(params.shp-output-image) - --file=$(build.dockerfile) @@ -43,10 +45,12 @@ spec: - name: buildah-push image: quay.io/containers/buildah:v1.31.0 securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - push - --tls-verify=false - docker://$(params.shp-output-image) @@ -80,10 +84,12 @@ spec: image: quay.io/containers/buildah:v1.31.0 workingDir: $(params.shp-source-root) securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - bud - --tag=$(params.shp-output-image) - --file=$(build.dockerfile) @@ -101,10 +107,12 @@ spec: - name: buildah-push image: quay.io/containers/buildah:v1.31.0 securityContext: - privileged: true + capabilities: + add: ["SETFCAP"] command: - /usr/bin/buildah args: + - --storage-driver=$(params.storage-driver) - push - --tls-verify=false - docker://$(params.shp-output-image)