buildah icon indicating copy to clipboard operation
buildah copied to clipboard
verified publisher icon containers

Support `buildah commit --amend`

Open arewm opened this issue 9 months ago • 4 comments

I would like to run buildah in a build platform where I can inject specific files (content-sets.json) into the container filesystem after users' Containerfile-driven builds are complete. If users want to --squash their build then we can achieve this functionality by squashing the image when we commit. If users want the build layer to be distinct from the parent image (i.e. not squashing), however, buildah will add the content in a separate layer. This results in users having an unexpected last layer consisting of only the added files and not their application code.

arewm avatar Apr 03 '25 01:04 arewm

I would like to run buildah in a build platform where I can inject specific files (content-sets.json) into the container filesystem after users' Containerfile-driven builds are complete.

Unrelated to the RFE but: it's not clear to me that's really the desired end state. I think it'd be better to have that data written by a dnf plugin inside the layer that modifies RPMs - then it'd live in the naturally correct layer. Say I intentionally want two layers, one with RPM deps and one with the app. It's hard for an external tool to know this.

(Or also relevantly, if one wants to do content-addressed split layers then we want it in the same layer as the rpm database generally)

cgwalters avatar Apr 03 '25 21:04 cgwalters

Or to say it a different way, every way in which a Konflux pipeline manipulates my built container image in a way that's hard to replicate with podman build is probably wrong. And the cachi2 stuff is by far the biggest violation of this principle.

cgwalters avatar Apr 03 '25 21:04 cgwalters

I agree that the specific use case that I mentioned would be better if it was handled by dnf directly. I think that we are likely going to end up taking a slightly different approach for the use case I mentioned by generating the file before building the image and then appending a COPY command to the Containerfile. Since we are already off topic, this isn't any better for reproducibility, but it is consistent with what has beed done previously with OSBS.

arewm avatar Apr 03 '25 23:04 arewm

A friendly reminder that this issue had no activity for 30 days.

github-actions[bot] avatar May 04 '25 00:05 github-actions[bot]