{"id":18497837,"url":"https://github.com/containers/image_build","last_synced_at":"2025-04-09T00:30:46.330Z","repository":{"id":223520745,"uuid":"760521914","full_name":"containers/image_build","owner":"containers","description":"Monorepo menagerie of container images and associated build automation","archived":false,"fork":false,"pushed_at":"2024-05-13T20:06:05.000Z","size":123,"stargazers_count":2,"open_issues_count":1,"forks_count":3,"subscribers_count":13,"default_branch":"main","last_synced_at":"2024-05-13T21:26:41.392Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/containers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-20T15:18:28.000Z","updated_at":"2024-05-13T21:26:41.635Z","dependencies_parsed_at":"2024-02-20T17:58:37.183Z","dependency_job_id":"bb4870a8-56e5-4962-9283-c8c4a5428c79","html_url":"https://github.com/containers/image_build","commit_stats":null,"previous_names":["containers/image_build"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fimage_build","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fimage_build/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fimage_build/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fimage_build/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/containers","download_url":"https://codeload.github.com/containers/image_build/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247949694,"owners_count":21023368,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T13:36:12.300Z","updated_at":"2025-04-09T00:30:45.205Z","avatar_url":"https://github.com/containers.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Image Build\n\nMonorepo menagerie of container images and associated build automation\n\n## Podman / Buildah / Skopeo\n\n## Overview\n\nThe latest version of these docs may be obtained from [the upstream\nrepo.](https://github.com/containers/image_build/blob/main/README.md)\n\nThese directories contain the Containerfiles necessary to create the images housed on\nquay.io under their namespace in addition to the 'containers' namespace.  These\nimages are public and can be pulled without credentials.  These container images are secured and the\nresulting containers can run safely with or without privileges.\n\nThe container images are built using the latest Fedora and then the respective tools are installed.\nThe `$PATH` in the container images is set to the default provided by Fedora.  Neither the\n`$ENTRYPOINT` nor the `$WORKDIR` variables are set within these container images, and as\nsuch they default to `/`.\n\nThe container images are tagged as follows, where `*` represents either `podman`, `buildah`\nor `skopeo`:\n\n  * `quay.io/containers/*:\u003cversion\u003e` and `quay.io/*/stable:\u003cversion\u003e` -\n    These images are built daily.  They are intended to contain the latest stable\n    versions of their respective container tool. For the most recent `\u003cversion\u003e` tags (`vX`,\n    `vX.Y`, and `vX.Y.Z`) the image contents will be updated daily to incorporate\n    (especially) security updates.\n  * `quay.io/containers/*:\u003cversion\u003e-immutable` -  Uses the same source as the 'stable'\n    images, built daily, but version-tags are never overwritten once pushed.  Tags\n    will only be removed in case of an extreme security problem.  Otherwise, these\n    images are intended for users that value an unchanging image tag and digest over\n    daily security updates.  All three `\u003cversion\u003e` values are available, `vX-immutable`,\n    `vX.Y-immutable` and `vX.Y.Z-immutable`.\n  * `quay.io/containers/*:latest` and `quay.io/*/stable:latest` -\n    Built daily using the same `Containerfile` as above.  The tool versions\n    will remain the \"latest\" available in Fedora.\n  * `quay.io/containers/aio:latest` and `quay.io/containers/aio:\u003cdate stamp\u003e` -\n    \"All In One\" image containing Podman, Buildah, and Skopeo.  Built weekly\n    using a similar `Containerfile` as the Podman and Buildah images.  It's a\n    smaller, minimal image, intended to be used as a base-image for development\n    containers or CI/automation.\n  * `quay.io/*/testing:latest` - This image is built daily, using the\n    latest tooling version available in the Fedora `updates-testing` repository.\n  * `quay.io/*/upstream:latest` - This image is built daily using the latest\n    code found on the main branch of the respective upstream repository. Due to the\n    image changing frequently, it's not guaranteed to be stable or even executable.\n    Note: The actual tool compilation [occurs continuously in\n    COPR](https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/).\n\n## Podman Sample Usage\n\n[Please see the subdirectory README.md](https://github.com/containers/image_build/blob/main/podman/README.md)\n\n## Buildah Sample Usage\n\n[Please see the subdirectory README.md](https://github.com/containers/image_build/blob/main/buildah/README.md)\n\n## Skopeo Sample Usage\n\n[Please see the subdirectory README.md](https://github.com/containers/image_build/blob/main/skopeo/README.md)\n\n## All In One Sample Usage\n\n[Please see the subdirectory README.md](https://github.com/containers/image_build/blob/main/aio/README.md)\n\n## Automation\n\n**Warning**: It's easily possible this section is out of date or hasn't been updated.\n\nThe exact details of all build automation in every context is best obtained directly from\n[`.cirrus.yml`](https://github.com/containers/image_build/blob/main/.cirrus.yml) and\nany workflows defined under\n[`.github/workflows`](https://github.com/containers/image_build/tree/main/.github/workflows).\nWhat follows is simply a general overview.\n\n### Tooling\n\nThe heart of all builds is the `containers/automation` repo [build-push.sh script](https://github.com/containers/automation/tree/main/build-push).\nPut simply it does exactly what its name suggests; however, it also has some additional useful features:\n\n* The script always produces manifest-list (i.e. multiple \"images\" all packed under a single name).  Unless overridden,\n  the build will run in parallel for the `amd64`, `arm64`, `ppc64le`, and `s390x` architectures.  For this to work, the\n  qemu-user-static package (or [container](https://github.com/multiarch/qemu-user-static)) is required to be installed\n  and loaded into the kernel. For the automated builds, this is already available and setup in the VM image.\n* Before and after building, `build-push.sh` is able to execute additional commands/scripts.  These are very\n  useful for\n  [preparing the context](https://github.com/containers/automation/tree/main/build-push#use-in-automation-with-additional-preparation)\n  and/or\n  [modifying image output and/or tags](https://github.com/containers/automation/tree/main/build-push#use-in-automation-with-modified-images).\n  Otherwise the script only/ever builds a `latest` tag.  At the end, the script will search for and push _any_\n  (could be zero) command-line named images regardless of tag.\n* After building, the script will inspect the output of _existing_ named images to ensure it contains manifests for all\n  specified architectures. This is needed to ensure the output represents the input parameters, in case the post-build\n  modification script\n  mangled something.\n* If [a pair of magic envars are set](https://github.com/containers/automation/tree/main/build-push#use-in-build-automation)\n  the script will pushes all images matching the name given on the command-line (i.e. the base image-name w/o a tag).\n  **Great care is required w/in the CI/automation setup to ensure these envar values cannot leak.**\n\n### Automation runtime\n\nThe [containers/automation_images](https://github.com/containers/automation_images) repo produces a VM image\ndedicated for use by automation in this repo.  Specifically, the VM is setup\n[using a simple script](https://github.com/containers/automation_images/blob/main/cache_images/build-push_packaging.sh)\nto make sure all the required packages are installed, along with the common automation library and\n[the build-push.sh script](https://github.com/containers/automation/tree/main/build-push).  Note that it always installs\nthe latest library and script, so any related problems can be quickly fixed with a CI VM image rebuild.\n\n### Automation scripts\n\nAll the top-level build scripts used by automation in this repo, for all contexts, resides under the `ci` subdirectory.  These are tailored for each type of build since some (i.e. Podman, Buildah, and Skopeo) are pushed to multiple registry namespaces. However in all cases, these scripts ultimately end up simply calling\n[the build-push.sh script](https://github.com/containers/automation/tree/main/build-push).\n\n### Image Labels and Annotations\n\nAll build scripts (under the `ci` subdirectory) add labels (and annotation) prefixed with `built.by`.  These can be\nextremely helpful for auditing purposes after-the-fact.  For example if a pushed image has something wrong with it,\nthe build log URL (`built.by.logs`) are available for some time. Or, if there's any question of what version of\nbuild script was used, these details are available in `built.by.commit` (git commit) `built.by.exec` (script)\nand `built.by.digest` (script hash).\n\n**Note:** Both labels and annotations are set simply due to script logic convenience and to meet\nfuture and\n[past OCI recommendations](https://specs.opencontainers.org/image-spec/annotations/#back-compatibility-with-label-schema).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontainers%2Fimage_build","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontainers%2Fimage_build","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontainers%2Fimage_build/lists"}