From 316a41d231ef49b8e50be3bf2979f50f8736af3c Mon Sep 17 00:00:00 2001 From: peet Date: Tue, 26 May 2026 19:25:25 +0200 Subject: [PATCH] podman manifest action --- README.md | 20 +++++++ podman-build-publish/README.md | 53 ------------------ podman-manifest-publish/action.yaml | 87 +++++++++++++++++++++++++++++ 3 files changed, 107 insertions(+), 53 deletions(-) delete mode 100644 podman-build-publish/README.md create mode 100644 podman-manifest-publish/action.yaml diff --git a/README.md b/README.md index 6764e97..60e5a87 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,26 @@ Builds and optionally pushes OCI container images to `registry.noctrl.eu` using See [podman-build-publish README](./podman-build-publish/README.md) for full documentation. +### Podman Manifest Publish + +Creates and pushes OCI multi-arch manifest tags to `registry.noctrl.eu` using +Podman with isolated storage context. + +**Location:** [`./podman-manifest-publish`](./podman-manifest-publish) + +**Use in workflows:** +```yaml +- uses: https://gitea.noctrl.eu/noctrl/actions/podman-manifest-publish@v1 + with: + image-name: noctrl/myapp + manifest-tag: v1.2.3 + source-tags: | + v1.2.3-tmp-123-amd64 + v1.2.3-tmp-123-arm64 +``` + +See [podman-manifest-publish README](./podman-manifest-publish/README.md) for full documentation. + ## Usage Reference actions by absolute URL in your workflow: diff --git a/podman-build-publish/README.md b/podman-build-publish/README.md deleted file mode 100644 index fd58259..0000000 --- a/podman-build-publish/README.md +++ /dev/null @@ -1,53 +0,0 @@ -# Podman Build And Publish Action - -Composite action that builds and pushes OCI images with Podman to `registry.noctrl.eu`. - -## Inputs - -- `image-name` (required): repository path, for example `noctrl/gitea-runner` -- `tags` (required): newline, comma, or space separated tags -- `context` (optional, default `.`): build context -- `containerfile` (optional, default `Containerfile`): containerfile path -- `build-args` (optional): newline-separated `KEY=VALUE` -- `registry-username` (required): registry login username -- `registry-password` (required): registry login password - -## Caller Secrets - -Define these secrets in the calling repository and pass them to the action inputs: -- `REGISTRY_USERNAME`: registry authentication username -- `REGISTRY_PASSWORD`: registry authentication password - -The action uses fixed Podman defaults matching the runner workflows: -- root: `${RUNNER_TEMP}/podman-root` -- runroot: `${RUNNER_TEMP}/podman-runroot` -- storage driver: `vfs` -- build isolation: `chroot` -- registry: `registry.noctrl.eu` (hardcoded) - -## Example - -```yaml -jobs: - build-and-push: - runs-on: [linux, build] - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Build and push image - uses: https://gitea.noctrl.eu/noctrl/actions/podman-build-publish@v1 - with: - image-name: noctrl/gitea-runner - tags: | - latest - sha-${{ github.sha }} - context: . - containerfile: Containerfile - build-args: | - ACT_RUNNER_VERSION=0.2.11 - registry-username: ${{ secrets.REGISTRY_USERNAME }} - registry-password: ${{ secrets.REGISTRY_PASSWORD }} -``` - -> **Note:** Composite actions should receive credentials through inputs. Keep secrets in the caller repo and pass them via `with:` as shown above. diff --git a/podman-manifest-publish/action.yaml b/podman-manifest-publish/action.yaml new file mode 100644 index 0000000..15e4c53 --- /dev/null +++ b/podman-manifest-publish/action.yaml @@ -0,0 +1,87 @@ +name: Podman Manifest Publish +description: Create and push OCI multi-arch manifests with Podman to registry.noctrl.eu. + +inputs: + image-name: + description: Repository/image name path, for example noctrl/gitea-runner + required: true + manifest-tag: + description: Final manifest tag to publish, for example v1.2.3 + required: true + source-tags: + description: | + Source image tags to include in the manifest. + Supports newline, comma, or space separated values. + Example: "v1.2.3-tmp-123-amd64\nv1.2.3-tmp-123-arm64" + required: true + registry-username: + description: Registry username for login. + required: true + registry-password: + description: Registry password for login. + required: true + +runs: + using: composite + steps: + - id: initialize + shell: bash + run: | + set -euo pipefail + + rm -rf "${RUNNER_TEMP}/podman-root" "${RUNNER_TEMP}/podman-runroot" + mkdir -p "${RUNNER_TEMP}/podman-root" "${RUNNER_TEMP}/podman-runroot" + + mapfile -t source_tags < <(printf '%s\n' "${{ inputs.source-tags }}" | tr ', ' '\n\n' | sed '/^$/d') + if [[ ${#source_tags[@]} -eq 0 ]]; then + echo "ERROR: no tags resolved from inputs.source-tags" >&2 + exit 1 + fi + + - id: login + shell: bash + run: | + set -euo pipefail + + podman_args=( + --root "${RUNNER_TEMP}/podman-root" + --runroot "${RUNNER_TEMP}/podman-runroot" + --storage-driver vfs + ) + + echo "Logging in to registry: registry.noctrl.eu" + echo "${{ inputs.registry-password }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ inputs.registry-username }}" --password-stdin + + - id: publish-manifest + shell: bash + run: | + set -euo pipefail + + podman_args=( + --root "${RUNNER_TEMP}/podman-root" + --runroot "${RUNNER_TEMP}/podman-runroot" + --storage-driver vfs + ) + + image_base="registry.noctrl.eu/${{ inputs.image-name }}" + target_ref="docker://${image_base}:${{ inputs.manifest-tag }}" + manifest_name="manifest-${{ github.run_id }}-${{ github.job }}" + + cleanup() { + podman "${podman_args[@]}" manifest rm "${manifest_name}" >/dev/null 2>&1 || true + } + trap cleanup EXIT + + echo "Creating manifest ${target_ref} from tags:" + podman "${podman_args[@]}" manifest create "${manifest_name}" + + while IFS= read -r tag; do + [[ -z "${tag}" ]] && continue + source_ref="docker://${image_base}:${tag}" + echo " ${source_ref}" + podman "${podman_args[@]}" manifest add "${manifest_name}" "${source_ref}" + done < <(printf '%s\n' "${{ inputs.source-tags }}" | tr ', ' '\n\n' | sed '/^$/d') + + podman "${podman_args[@]}" manifest push --all "${manifest_name}" "${target_ref}" + podman "${podman_args[@]}" manifest rm "${manifest_name}" + trap - EXIT