Buildah/podman support#543

Open

Baenimyr wants to merge 16 commits intocarvel-dev:developfrom

Baenimyr:buildah

Baenimyr commented Apr 29, 2025 •

edited

Loading

Add support for buildah to create and publish images.

The buildah build command with the --manifest option is used to build an image.
The buildah manifest push command sends the images to a remote registry and retrieve the digest (use a random tag like docker).

Options example in sources:

buildah:
  pull: true
  target: "app"
  platforms:
    - linux/amd64
    - linux/arm64
  buildArgs:
    VERSION: latest
  rawOptions:
    - --layers
    - --jobs=0
    - --quiet

The user can use rawOptions to add arguments like --layers, --jobs=0 or --cache-from. None of them is activated by default.

build
push to destinations
get digest and let kbld create more tags
create tests

Benjamin Le Rohellec added 5 commits

April 26, 2025 19:09


          🎉 Build images with buildah

c8a5a35


          buildah : raw options

aa8209b


          buildah : platforms

a717689

Build for multiple platforms.
Use a manifest in all situations because buildah can not create a manifest when a tag already exists.


          buildah : options build-arg

8af4515


          buildah : publish with all tags

41df804

Manifests for buildah and podman have no digest.
Buildah pushs the manifest to all tags and TaggedImage must ignore the incomplete URL.

carvel-bot added this to Carvel

Baenimyr marked this pull request as draft

April 29, 2025 19:17

Baenimyr temporarily deployed to DockerHub E2E

May 1, 2025 14:28

— with

GitHub Actions Inactive

Benjamin Le Rohellec added 5 commits

May 2, 2025 11:48


          buildah : get the manifest digest with --digestfile

c3af4cb

The manifest digest is written to a temporary file with the option --digestfile.
Push only to a random tag and let kbld create the other tags.


          log : buildah commands

7190e60


          ♻️ Generate args in SourceBuildahOpts

951c89a


          lint : variable names

86c0b02


          lint : comments

56cca1d

Baenimyr force-pushed the buildah branch from c616153 to 56cca1d Compare

May 2, 2025 16:55

Benjamin Le Rohellec added 6 commits

May 11, 2025 21:29


          log : buildah show errors with the Logger

cf597e3


          buildah : local and remote image name from configuration id and desti…

cef4585

…nation

Use the destination name for local storage if available.
The destination name use a special random tag.


          buildah : use tag 'latest' by default

8d88d0a


          test : buildah build and push

eabfe9d


          buildah : direct pipe for stderr

0de66f0

Generation logs are printed in direct using stderr. Flushes mid-sentence are not well rendered through logger.


          buildah : use a new manifest for each build

55f79b1

Using the same manifest name accumulates images. The local manifest needs a random name.

Baenimyr changed the title ~~WIP: Buildah/podman support~~ Buildah/podman support

Baenimyr marked this pull request as ready for review

January 21, 2026 19:25

joaopapereira requested a review from Copilot

March 18, 2026 21:41

Copilot AI reviewed

View reviewed changes

Contributor

Copilot AI left a comment

Pull request overview

Adds Buildah-based image build/publish support to kbld, integrating it as an additional builder option alongside existing Docker/buildx/ko/pack/etc flows.

Changes:

Introduces a new buildah: source configuration (SourceBuildahOpts) and a Buildah builder implementation that builds via buildah build --manifest and pushes via buildah manifest push.
Wires Buildah into the image build factory and build dispatch logic (Factory / BuiltImage).
Updates tagging behavior to only apply ImageDestinations.tags when the produced image URL is digest-qualified, and adds an e2e test covering build+push.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
`pkg/kbld/builder/buildah/buildah.go`	New Buildah builder implementation for build + manifest push + digest retrieval.
`pkg/kbld/config/config_buildah.go`	New config types + arg rendering for Buildah builds.
`pkg/kbld/config/config.go`	Adds `Buildah` to `config.Source` to enable `buildah:` in Sources.
`pkg/kbld/image/built.go`	Routes builds through Buildah when configured.
`pkg/kbld/image/factory.go`	Instantiates Buildah builder and passes it into `BuiltImage`.
`pkg/kbld/image/tagged.go`	Applies destination tags only when URL includes a digest (`@...`).
`test/e2e/build_buildah_test.go`	New e2e test for Buildah build+push and digest-based output.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

pkg/kbld/builder/buildah/buildah.go

Comment on lines +1 to +2

		package buildah

Member

joaopapereira Mar 18, 2026

It should be:

// Copyright 2026 The Carvel Authors.
// SPDX-License-Identifier: Apache-2.0

pkg/kbld/builder/buildah/buildah.go

Comment on lines +89 to +93

+              		cmd := exec.Command("buildah", cmdArgs...)
+              		cmd.Dir = directory
+              		cmd.Stdout = prefixedLogger
+              		cmd.Stderr = os.Stderr

pkg/kbld/builder/buildah/buildah.go Show resolved Hide resolved

pkg/kbld/builder/buildah/buildah.go

Comment on lines +28 to +29

		// Provide explicit directory check error message because otherwise docker CLI
		// outputs confusing msg 'error: fork/exec /usr/local/bin/docker: not a directory'

test/e2e/build_buildah_test.go

Comment on lines +1 to +3

		package e2e

		import (

pkg/kbld/builder/buildah/buildah.go

Comment on lines +101 to +109

+              	pushLogger := b.logger.NewPrefixedWriter(image + " push | ")
+              	remoteName := remoteImageName(image, imgDst)
+              	digest, pushErr := BuildahPush(localName, remoteName, pushLogger)
+              	if pushErr != nil {
+              		return "", pushErr
+              	}
+              	remoteName = remoteName + "@" + digest
+              	prefixedLogger.WriteStr("Image build : " + remoteName)
+              	return remoteName, nil

pkg/kbld/builder/buildah/buildah.go

Comment on lines +127 to +142

+              	// !!! with --digestfile, buildah will not return an error if an authentication is required.
+              	log.WriteStr("=> buildah manifest push --all --digestfile=" + digestFile.Name() + " " + src + " docker://" + dest)
+              	pushCommand := exec.Command("buildah", "manifest", "push", "--all", "--digestfile="+digestFile.Name(), src, "docker://"+dest)
+              	pushCommand.Stdout = log
+              	pushCommand.Stderr = log
+              	pushErr := pushCommand.Run()
+              	if pushErr != nil {
+              		return "", fmt.Errorf("error pushing to %q (check if you are authenticated) : %w", dest, pushErr)
+              	}
+              	digest := make([]byte, 64+7)
+              	digestLen, readErr := digestFile.Read(digest)
+              	if readErr != nil {
+              		return "", fmt.Errorf("cannot read digest in file %q (check if you are authenticated) : %w", digestFile.Name(), readErr)
+              	}
+              	return string(digest[0:digestLen]), nil

pkg/kbld/image/tagged.go

Comment on lines +31 to 33

+              	if len(i.imgDst.Tags) > 0 && strings.Contains(url, "@") {
+              		// Configure new tags only if a digest is known
               		dstRef, err := regname.NewDigest(url, regname.WeakValidation)

test/e2e/build_buildah_test.go

+              	expectedOut := env.WithRegistries(`---
+              kind: Object
+              spec:
+              - image: index.docker.io/*username*/kbld-e2e-tests-build:latest@SHA256-REPLACED1

pkg/kbld/config/config_buildah.go

Comment on lines +35 to +37

+              	for arg, value := range opts.BuildArgs {
+              		args = append(args, "--build-arg="+arg+"="+value)
+              	}

joaopapereira mentioned this pull request

Add Buildah support #585

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet