ci: use buildah with chroot isolation for container builds
Some checks failed
CI/CD / typecheck (push) Successful in 43s
CI/CD / test (push) Successful in 53s
CI/CD / lint (push) Successful in 10m55s
CI/CD / build (push) Successful in 11m47s
CI/CD / docker (push) Failing after 25s
CI/CD / publish-rpm (push) Successful in 34s
CI/CD / deploy (push) Has been skipped
Some checks failed
CI/CD / typecheck (push) Successful in 43s
CI/CD / test (push) Successful in 53s
CI/CD / lint (push) Successful in 10m55s
CI/CD / build (push) Successful in 11m47s
CI/CD / docker (push) Failing after 25s
CI/CD / publish-rpm (push) Successful in 34s
CI/CD / deploy (push) Has been skipped
Podman fails with "cannot re-exec process" inside runner containers (no user namespace support). Buildah with --isolation chroot and --storage-driver vfs can build OCI images without a daemon, without namespaces, and without privileged mode. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Michal
@@ -150,39 +150,43 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install podman and skopeo
|
||||
run: sudo apt-get update && sudo apt-get install -y podman skopeo
|
||||
- name: Install buildah and skopeo
|
||||
run: sudo apt-get update && sudo apt-get install -y buildah skopeo
|
||||
|
||||
- name: Build & push mcpd
|
||||
run: |
|
||||
sudo -E podman build -t mcpd:latest -f deploy/Dockerfile.mcpd .
|
||||
sudo -E skopeo copy --dest-tls-verify=false \
|
||||
buildah build --isolation chroot --storage-driver vfs \
|
||||
-t mcpd:latest -f deploy/Dockerfile.mcpd .
|
||||
skopeo copy --src-tls-verify=false --dest-tls-verify=false \
|
||||
--dest-creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
|
||||
containers-storage:mcpd:latest \
|
||||
containers-storage:[vfs@/var/lib/containers/storage]mcpd:latest \
|
||||
docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpd:latest
|
||||
|
||||
- name: Build & push node-runner
|
||||
run: |
|
||||
sudo -E podman build -t node-runner:latest -f deploy/Dockerfile.node-runner .
|
||||
sudo -E skopeo copy --dest-tls-verify=false \
|
||||
buildah build --isolation chroot --storage-driver vfs \
|
||||
-t node-runner:latest -f deploy/Dockerfile.node-runner .
|
||||
skopeo copy --src-tls-verify=false --dest-tls-verify=false \
|
||||
--dest-creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
|
||||
containers-storage:node-runner:latest \
|
||||
containers-storage:[vfs@/var/lib/containers/storage]node-runner:latest \
|
||||
docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-node-runner:latest
|
||||
|
||||
- name: Build & push python-runner
|
||||
run: |
|
||||
sudo -E podman build -t python-runner:latest -f deploy/Dockerfile.python-runner .
|
||||
sudo -E skopeo copy --dest-tls-verify=false \
|
||||
buildah build --isolation chroot --storage-driver vfs \
|
||||
-t python-runner:latest -f deploy/Dockerfile.python-runner .
|
||||
skopeo copy --src-tls-verify=false --dest-tls-verify=false \
|
||||
--dest-creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
|
||||
containers-storage:python-runner:latest \
|
||||
containers-storage:[vfs@/var/lib/containers/storage]python-runner:latest \
|
||||
docker://${{ env.REGISTRY }}/${{ env.OWNER }}/mcpctl-python-runner:latest
|
||||
|
||||
- name: Build & push docmost-mcp
|
||||
run: |
|
||||
sudo -E podman build -t docmost-mcp:latest -f deploy/Dockerfile.docmost-mcp .
|
||||
sudo -E skopeo copy --dest-tls-verify=false \
|
||||
buildah build --isolation chroot --storage-driver vfs \
|
||||
-t docmost-mcp:latest -f deploy/Dockerfile.docmost-mcp .
|
||||
skopeo copy --src-tls-verify=false --dest-tls-verify=false \
|
||||
--dest-creds "${{ env.OWNER }}:${{ secrets.PACKAGES_TOKEN }}" \
|
||||
containers-storage:docmost-mcp:latest \
|
||||
containers-storage:[vfs@/var/lib/containers/storage]docmost-mcp:latest \
|
||||
docker://${{ env.REGISTRY }}/${{ env.OWNER }}/docmost-mcp:latest
|
||||
|
||||
- name: Link packages to repository
|
||||
|
||||
Reference in New Issue
Block a user