Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/travier/podman-action

Container to run buildah/podman/skopeo commands in GitHub Actions
https://github.com/travier/podman-action

Last synced: about 2 months ago
JSON representation

Container to run buildah/podman/skopeo commands in GitHub Actions

Host: GitHub
URL: https://github.com/travier/podman-action
Owner: travier
License: mit
Created: 2023-11-27T14:34:52.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-10-07T19:05:58.000Z (3 months ago)
Last Synced: 2024-11-29T17:50:57.305Z (about 2 months ago)
Language: Dockerfile
Homepage:
Size: 24.4 KB
Stars: 2
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Container to run buildah/podman/skopeo commands in GitHub Actions

Based on the official [podman
container](https://quay.io/repository/podman/stable) with buildah and skopeo
included on top.

## How to use

Use the podman, buildah and skopeo actions from
[github.com/redhat-actions](https://github.com/redhat-actions) and specify this
container image for your jobs:

```
jobs:
build-push-image:
runs-on: ubuntu-latest
container:
image: quay.io/travier/podman-action
options: --privileged
steps:
- name: Checkout repo
uses: actions/checkout@v4

- name: Build container image
uses: redhat-actions/buildah-build@v2
with:
image: foo
tags: latest
containerfiles: Containerfile
layers: false
oci: true

- name: Push to Container Registry
uses: redhat-actions/push-to-registry@v2
id: push
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
with:
username: ${{ secrets.BOT_USERNAME }}
password: ${{ secrets.BOT_SECRET }}
image: foo
registry: quay.io/bar
tags: latest
```

## Verifying sigstore container signatures with podman

How to configure sigstore signature verification in podman:

```
$ sudo mkdir /etc/pki/containers
$ curl -O "https://raw.githubusercontent.com/travier/podman-action/main/quay.io-travier-containers.pub"
$ sudo cp quay-travier-containers.pub /etc/pki/containers/
$ sudo restorecon -RFv /etc/pki/containers

$ cat /etc/containers/registries.d/quay.io-travier.yaml
docker:
quay.io/travier:
use-sigstore-attachments: true
$ sudo restorecon -RFv /etc/containers/registries.d/quay.io-travier.yaml

$ cat /etc/containers/policy.json
{
"default": [
{
"type": "reject"
}
],
"transports": {
"docker": {
...
"quay.io/travier": [
{
"type": "sigstoreSigned",
"keyPath": "/etc/pki/containers/quay.io-travier-containers.pub",
"signedIdentity": {
"type": "matchRepository"
}
}
],
...
"": [
{
"type": "insecureAcceptAnything"
}
]
},
...
}
}
...
```

## License

See [LICENSE](LICENSE) or [CC0](https://creativecommons.org/public-domain/cc0/).