diff --git a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml index 40fc159930..b5873760af 100644 --- a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml @@ -288,14 +288,12 @@ spec: BUILDAH_ARGS=() - BASE_IMAGES=$(grep -i '^\s*FROM' "$dockerfile_path" | sed 's/--platform=\S*//' | awk '{print $2}' | (grep -v ^oci-archive: || true)) + BASE_IMAGES=$(dockerfile-json "$dockerfile_path" | jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName') if [ "${HERMETIC}" == "true" ]; then BUILDAH_ARGS+=("--pull=never") UNSHARE_ARGS="--net" for image in $BASE_IMAGES; do - if [ "${image}" != "scratch" ]; then - unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image - fi + unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image done echo "Build will be executed with network isolation" fi @@ -415,9 +413,7 @@ spec: touch /shared/base_images_digests for image in $BASE_IMAGES; do - if [ "${image}" != "scratch" ]; then - buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' --filter reference="$image" >>/shared/base_images_digests - fi + buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' --filter reference="$image" >>/shared/base_images_digests done # Needed to generate base images SBOM diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index cb4c495575..0ebae8abdb 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -323,14 +323,12 @@ spec: BUILDAH_ARGS=() - BASE_IMAGES=$(grep -i '^\s*FROM' "$dockerfile_path" | sed 's/--platform=\S*//' | awk '{print $2}' | (grep -v ^oci-archive: || true)) + BASE_IMAGES=$(dockerfile-json "$dockerfile_path" | jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName') if [ "${HERMETIC}" == "true" ]; then BUILDAH_ARGS+=("--pull=never") UNSHARE_ARGS="--net" for image in $BASE_IMAGES; do - if [ "${image}" != "scratch" ]; then - unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image - fi + unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image done echo "Build will be executed with network isolation" fi @@ -450,9 +448,7 @@ spec: touch /shared/base_images_digests for image in $BASE_IMAGES; do - if [ "${image}" != "scratch" ]; then - buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' --filter reference="$image" >>/shared/base_images_digests - fi + buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' --filter reference="$image" >>/shared/base_images_digests done # Needed to generate base images SBOM diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index d80d02d643..c2ce635698 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -305,14 +305,12 @@ spec: BUILDAH_ARGS=() - BASE_IMAGES=$(grep -i '^\s*FROM' "$dockerfile_path" | sed 's/--platform=\S*//' | awk '{print $2}' | (grep -v ^oci-archive: || true)) + BASE_IMAGES=$(dockerfile-json "$dockerfile_path" | jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName') if [ "${HERMETIC}" == "true" ]; then BUILDAH_ARGS+=("--pull=never") UNSHARE_ARGS="--net" for image in $BASE_IMAGES; do - if [ "${image}" != "scratch" ]; then - unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image - fi + unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image done echo "Build will be executed with network isolation" fi @@ -432,9 +430,7 @@ spec: touch /shared/base_images_digests for image in $BASE_IMAGES; do - if [ "${image}" != "scratch" ]; then - buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' --filter reference="$image" >> /shared/base_images_digests - fi + buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' --filter reference="$image" >> /shared/base_images_digests done # Needed to generate base images SBOM diff --git a/task/buildah/0.2/buildah.yaml b/task/buildah/0.2/buildah.yaml index eb3dc9771f..a9b30ad0d0 100644 --- a/task/buildah/0.2/buildah.yaml +++ b/task/buildah/0.2/buildah.yaml @@ -225,14 +225,12 @@ spec: BUILDAH_ARGS=() - BASE_IMAGES=$(grep -i '^\s*FROM' "$dockerfile_path" | sed 's/--platform=\S*//' | awk '{print $2}' | (grep -v ^oci-archive: || true)) + BASE_IMAGES=$(dockerfile-json "$dockerfile_path" | jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName') if [ "${HERMETIC}" == "true" ]; then BUILDAH_ARGS+=("--pull=never") UNSHARE_ARGS="--net" for image in $BASE_IMAGES; do - if [ "${image}" != "scratch" ]; then - unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image - fi + unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image done echo "Build will be executed with network isolation" fi @@ -352,9 +350,7 @@ spec: touch /shared/base_images_digests for image in $BASE_IMAGES; do - if [ "${image}" != "scratch" ]; then - buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' --filter reference="$image" >> /shared/base_images_digests - fi + buildah images --format '{{ .Name }}:{{ .Tag }}@{{ .Digest }}' --filter reference="$image" >> /shared/base_images_digests done # Needed to generate base images SBOM