https://pantsbuild.org/ logo
#general
Title
# general
l

limited-insurance-37393

06/15/2022, 3:25 PM
Has any work gone into allowing Pants to build container images using Podman or Buildah to allow for rootless builds in CI environments?
👀 1
@curved-television-6568 curious if you have explored this at all given your work on the Docker implementation
c

curved-television-6568

06/15/2022, 3:34 PM
I’ve been exploring it, yes, but haven’t gotten that far, yet. There’s a couple of tickets for this: https://github.com/pantsbuild/pants/issues/14657 https://github.com/pantsbuild/pants/issues/14395
b

big-crayon-94763

06/15/2022, 3:52 PM
I have a WIP plugin that uses buildah to create an image and then build an RPM package inside the container. Most of my work was on the RPM side and I just quickly built something to use buildah based on the docker plugin so it isn't good enough for general use. Would love to see buildah / podman added!
b

busy-vase-39202

06/16/2022, 12:53 AM
@big-crayon-94763 is the wip plugin something you'd be comfortable sharing? Maybe someone in the community would find it a helpful starting point to build upon...?
(no pressure if you'd rather not post it)
b

big-crayon-94763

06/16/2022, 1:30 PM
Right now it is very specific to our company needs but I do want to try and extract something or at least write about it once it is done. I'm working on something else for the moment but intend to get back to it when I can!
👍 1
This is my BuildahBinary rule:
Copy code
from dataclasses import dataclass
from typing import Mapping
from pants.core.util_rules.system_binaries import (
    BinaryPath,
    BinaryPathRequest,
    BinaryPaths,
    BinaryPathTest,
    BinaryShims,
    BinaryShimsRequest,
)
from pants.engine.environment import Environment, EnvironmentRequest
from pants.engine.fs import Digest
from pants.engine.rules import Get, rule, collect_rules
from pants.util.logging import LogLevel
import os


@dataclass
class BuildahBinary(BinaryPath):
    """The `buildah` binary."""

    extra_env: Mapping[str, str]
    extra_input_digests: Mapping[str, Digest]

    def __init__(
        self,
        path: str,
        fingerprint: str,
        extra_env: Mapping[str, str],
        extra_input_digests: Mapping[str, Digest],
    ) -> None:
        self.extra_env = {} if extra_env is None else extra_env
        self.extra_input_digests = extra_input_digests
        super().__init__(path, fingerprint)


@rule(level=LogLevel.DEBUG)
async def get_buildah_binary() -> BuildahBinary:
    request = BinaryPathRequest(
        binary_name="buildah",
        search_path=["/usr/local/bin"],
        test=BinaryPathTest(args=["-v"]),
    )
    paths = await Get(BinaryPaths, BinaryPathRequest, request)
    first_path = paths.first_path_or_raise(request, rationale="use buildah")

    # fixes these warnings:
    # "The cgroupv2 manager is set to systemd but there is no systemd user session available"
    # "For using systemd, you may need to login using an user session"
    # "Alternatively, you can enable lingering with: `loginctl enable-linger 1000` (possibly as root)"
    # "Falling back to --cgroup-manager=cgroupfs"
    env = await Get(Environment, EnvironmentRequest(["DBUS_SESSION_BUS_ADDRESS"]))

    tools = await Get(
        BinaryShims,
        BinaryShimsRequest,
        BinaryShimsRequest.for_binaries(
            *["newgidmap", "newuidmap", "ls"],
            rationale="use buildah",
            output_directory="bin",
            search_path=["/usr/bin"],
        ),
    )
    tools_path = ".shims"
    extra_env = {**env, "PATH": os.path.join(tools_path, tools.bin_directory)}
    extra_input_digests = {tools_path: tools.digest}

    return BuildahBinary(
        first_path.path,
        first_path.fingerprint,
        extra_env=extra_env,
        extra_input_digests=extra_input_digests,
    )


def rules():
    return collect_rules()