Add squash option for buildah task

konflux-ci · Jul 2, 2024 · 5a20f70 · 5a20f70
1 parent 8501077
commit 5a20f70
Show file tree

Hide file tree

Showing 6 changed files with 92 additions and 0 deletions.
diff --git a/task/buildah-oci-ta/0.1/README.md b/task/buildah-oci-ta/0.1/README.md
@@ -22,6 +22,8 @@ When prefetch-dependencies task was activated it is using its artifacts to run b
 |IMAGE_EXPIRES_AFTER|Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.|""|false|
 |PREFETCH_INPUT|In case it is not empty, the prefetched content should be made available to the build.|""|false|
 |SOURCE_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the application source code.||true|
+|SQUASH|Squash new layers added as a part of this build, as per --squash|false|false|
+|SQUASH_ALL|Squash all new and previous layers added as a part of this build, as per --squash-all|false|false|
 |TARGET_STAGE|Target stage in Dockerfile to build. If not specified, the Dockerfile is processed entirely to (and including) its last stage.|""|false|
 |TLSVERIFY|Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)|true|false|
 |YUM_REPOS_D_FETCHED|Path in source workspace where dynamically-fetched repos are present|fetched.repos.d|false|

diff --git a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml
@@ -76,6 +76,16 @@ spec:
       description: The Trusted Artifact URI pointing to the artifact with
         the application source code.
       type: string
+    - name: SQUASH
+      description: Squash new layers added as a part of this build, as per
+        --squash
+      type: string
+      default: "false"
+    - name: SQUASH_ALL
+      description: Squash all new and previous layers added as a part of this
+        build, as per --squash-all
+      type: string
+      default: "false"
     - name: TARGET_STAGE
       description: Target stage in Dockerfile to build. If not specified,
         the Dockerfile is processed entirely to (and including) its last stage.
@@ -158,6 +168,10 @@ spec:
         value: $(params.IMAGE)
       - name: IMAGE_EXPIRES_AFTER
         value: $(params.IMAGE_EXPIRES_AFTER)
+      - name: SQUASH
+        value: $(params.SQUASH)
+      - name: SQUASH_ALL
+        value: $(params.SQUASH_ALL)
       - name: STORAGE_DRIVER
         value: vfs
       - name: TARGET_STAGE
@@ -271,6 +285,14 @@ spec:
           BUILDAH_ARGS+=("--cap-add=${ADD_CAPABILITIES}")
         fi
 
+        if [ "${SQUASH}" == "true" ]; then
+          BUILDAH_ARGS+=("--squash")
+        fi
+
+        if [ "${SQUASH_ALL}" == "true" ]; then
+          BUILDAH_ARGS+=("--squash-all")
+        fi
+
         if [ -f "/var/workdir/cachi2/cachi2.env" ]; then
           cp -r "/var/workdir/cachi2" /tmp/
           chmod -R go+rwX /tmp/cachi2

diff --git a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml
@@ -76,6 +76,15 @@ spec:
       source code.
     name: SOURCE_ARTIFACT
     type: string
+  - default: "false"
+    description: Squash new layers added as a part of this build, as per --squash
+    name: SQUASH
+    type: string
+  - default: "false"
+    description: Squash all new and previous layers added as a part of this build,
+      as per --squash-all
+    name: SQUASH_ALL
+    type: string
   - default: ""
     description: Target stage in Dockerfile to build. If not specified, the Dockerfile
       is processed entirely to (and including) its last stage.
@@ -142,6 +151,10 @@ spec:
       value: $(params.IMAGE)
     - name: IMAGE_EXPIRES_AFTER
       value: $(params.IMAGE_EXPIRES_AFTER)
+    - name: SQUASH
+      value: $(params.SQUASH)
+    - name: SQUASH_ALL
+      value: $(params.SQUASH_ALL)
     - name: STORAGE_DRIVER
       value: vfs
     - name: TARGET_STAGE
@@ -293,6 +306,14 @@ spec:
         BUILDAH_ARGS+=("--cap-add=${ADD_CAPABILITIES}")
       fi
 
+      if [ "${SQUASH}" == "true" ]; then
+        BUILDAH_ARGS+=("--squash")
+      fi
+
+      if [ "${SQUASH_ALL}" == "true" ]; then
+        BUILDAH_ARGS+=("--squash-all")
+      fi
+
       if [ -f "/var/workdir/cachi2/cachi2.env" ]; then
         cp -r "/var/workdir/cachi2" /tmp/
         chmod -R go+rwX /tmp/cachi2
@@ -378,6 +399,8 @@ spec:
        -e HERMETIC="$HERMETIC" \
        -e IMAGE="$IMAGE" \
        -e IMAGE_EXPIRES_AFTER="$IMAGE_EXPIRES_AFTER" \
+       -e SQUASH="$SQUASH" \
+       -e SQUASH_ALL="$SQUASH_ALL" \
        -e STORAGE_DRIVER="$STORAGE_DRIVER" \
        -e TARGET_STAGE="$TARGET_STAGE" \
        -e TLSVERIFY="$TLSVERIFY" \

diff --git a/task/buildah-remote/0.1/buildah-remote.yaml b/task/buildah-remote/0.1/buildah-remote.yaml
@@ -100,6 +100,15 @@ spec:
       build'
     name: ADD_CAPABILITIES
     type: string
+  - default: "false"
+    description: Squash new layers added as a part of this build, as per --squash
+    name: SQUASH
+    type: string
+  - default: "false"
+    description: Squash all new and previous layers added as a part of this build,
+      as per --squash-all
+    name: SQUASH_ALL
+    type: string
   - description: The platform to build on
     name: PLATFORM
     type: string
@@ -151,6 +160,10 @@ spec:
       value: $(params.BUILD_ARGS_FILE)
     - name: ADD_CAPABILITIES
       value: $(params.ADD_CAPABILITIES)
+    - name: SQUASH
+      value: $(params.SQUASH)
+    - name: SQUASH_ALL
+      value: $(params.SQUASH_ALL)
     - name: BUILDER_IMAGE
       value: quay.io/redhat-appstudio/buildah:v1.31.0@sha256:34f12c7b72ec2c28f1ded0c494b428df4791c909f1f174dd21b8ed6a57cf5ddb
     volumeMounts:
@@ -285,6 +298,14 @@ spec:
         BUILDAH_ARGS+=("--cap-add=${ADD_CAPABILITIES}")
       fi
 
+      if [ "${SQUASH}" == "true" ]; then
+        BUILDAH_ARGS+=("--squash")
+      fi
+
+      if [ "${SQUASH_ALL}" == "true" ]; then
+        BUILDAH_ARGS+=("--squash-all")
+      fi
+
       if [ -f "$(workspaces.source.path)/cachi2/cachi2.env" ]; then
         cp -r "$(workspaces.source.path)/cachi2" /tmp/
         chmod -R go+rwX /tmp/cachi2
@@ -377,6 +398,8 @@ spec:
        -e ENTITLEMENT_SECRET="$ENTITLEMENT_SECRET" \
        -e BUILD_ARGS_FILE="$BUILD_ARGS_FILE" \
        -e ADD_CAPABILITIES="$ADD_CAPABILITIES" \
+       -e SQUASH="$SQUASH" \
+       -e SQUASH_ALL="$SQUASH_ALL" \
        -e COMMIT_SHA="$COMMIT_SHA" \
        -v "$BUILD_DIR/workspaces/source:$(workspaces.source.path):Z" \
        -v "$BUILD_DIR/volumes/shared:/shared:Z" \

diff --git a/task/buildah/0.1/README.md b/task/buildah/0.1/README.md
@@ -25,6 +25,8 @@ When prefetch-dependencies task was activated it is using its artifacts to run b
 |ENTITLEMENT_SECRET|Name of secret which contains the entitlement certificates|etc-pki-entitlement|false|
 |BUILD_ARGS|Array of --build-arg values ("arg=value" strings)|[]|false|
 |BUILD_ARGS_FILE|Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file|""|false|
+|SQUASH|Squash new layers added as a part of this build, as per --squash|false|false|
+|SQUASH_ALL|Squash all new and previous layers added as a part of this build, as per --squash-all|false|false|
 
 ## Results
 |name|description|

diff --git a/task/buildah/0.1/buildah.yaml b/task/buildah/0.1/buildah.yaml
@@ -91,6 +91,14 @@ spec:
     description: Comma separated list of extra capabilities to add when running 'buildah build'
     type: string
     default: ""
+  - name: SQUASH
+    description: Squash new layers added as a part of this build, as per --squash
+    type: string
+    default: "false"
+  - name: SQUASH_ALL
+    description: Squash all new and previous layers added as a part of this build, as per --squash-all
+    type: string
+    default: "false"
 
   results:
   - description: Digest of the image just built
@@ -141,6 +149,10 @@ spec:
       value: $(params.BUILD_ARGS_FILE)
     - name: ADD_CAPABILITIES
       value: $(params.ADD_CAPABILITIES)
+    - name: SQUASH
+      value: $(params.SQUASH)
+    - name: SQUASH_ALL
+      value: $(params.SQUASH_ALL)
 
   steps:
   - image: quay.io/redhat-appstudio/buildah:v1.31.0@sha256:34f12c7b72ec2c28f1ded0c494b428df4791c909f1f174dd21b8ed6a57cf5ddb
@@ -233,6 +245,14 @@ spec:
         BUILDAH_ARGS+=("--cap-add=${ADD_CAPABILITIES}")
       fi
 
+      if [ "${SQUASH}" == "true" ]; then
+        BUILDAH_ARGS+=("--squash")
+      fi
+
+      if [ "${SQUASH_ALL}" == "true" ]; then
+        BUILDAH_ARGS+=("--squash-all")
+      fi
+
       if [ -f "$(workspaces.source.path)/cachi2/cachi2.env" ]; then
         cp -r "$(workspaces.source.path)/cachi2" /tmp/
         chmod -R go+rwX /tmp/cachi2