From ce05c54c273ae8a30304fb23bf72994d527a04a7 Mon Sep 17 00:00:00 2001
From: Mogyuchi <mogyuchi@mogyuchi.jp>
Date: Fri, 23 Aug 2024 20:18:01 +0900
Subject: [PATCH] build: switch to buildah

---
 .github/files/build/Dockerfile       | 14 --------
 .github/workflows/build.yml          | 52 +++++++++++++++-------------
 .github/workflows/release-please.yml |  8 ++---
 3 files changed, 32 insertions(+), 42 deletions(-)
 delete mode 100644 .github/files/build/Dockerfile

diff --git a/.github/files/build/Dockerfile b/.github/files/build/Dockerfile
deleted file mode 100644
index f11e2c6..0000000
--- a/.github/files/build/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
-# syntax=docker/dockerfile:1.9.0@sha256:fe40cf4e92cd0c467be2cfc30657a680ae2398318afd50b0c80585784c604f28
-
-FROM --platform=$BUILDPLATFORM busybox:1.36.1-uclibc@sha256:97d85ff9630b634ddff3e3ff69fd02bc3b69de8dba0c5002eb0ad6915d1bf4c0 AS env
-ARG TARGETPLATFORM
-RUN --mount=type=bind,source=artifact,target=artifact \
-    if [ "$TARGETPLATFORM" = 'linux/amd64' ]; then\
-      cp artifact/x86_64-unknown-linux-musl/binary .\
-    ;elif [ "$TARGETPLATFORM" = 'linux/arm64' ]; then\
-      cp artifact/aarch64-unknown-linux-musl/binary .\
-    ;fi
-
-FROM scratch as runner
-COPY --from=env --chmod=755 binary .
-ENTRYPOINT ["./binary"]
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ac99bbc..281ea67 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -11,13 +11,13 @@ on:
         type: string
     outputs:
       image_tags:
-        value: ${{ jobs.docker.outputs.image_tags }}
+        value: ${{ jobs.image.outputs.image_tags }}
       image_url:
         value: https://ghcr.io/${{ github.repository }}
 
 env:
   # const
-  REGISTRY: ghcr.io
+  IMAGE_REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
   BINARY_NAME: ${{ github.event.repository.name }}
   # env
@@ -88,22 +88,15 @@ jobs:
             mv binary "$filename"
             gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.target }} --clobber
           fi
-  docker:
+  image:
     needs: build
+    if: ${{ github.event_name != 'pull_request' }}
     permissions:
       packages: write
     runs-on: "ubuntu-latest"
     outputs:
       image_tags: ${{ steps.meta.outputs.tags }}
-    env:
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GH_REPO: ${{ github.repository }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          sparse-checkout: |
-            .github/files/build/Dockerfile
-          sparse-checkout-cone-mode: false
       - name: Download build artifact
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
@@ -114,7 +107,7 @@ jobs:
       - name: Log in to the Container registry
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
-          registry: ${{ env.REGISTRY }}
+          registry: ${{ env.IMAGE_REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
@@ -122,21 +115,32 @@ jobs:
         id: meta
         uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
             type=semver,pattern={{version}},value=${{ inputs.tag-name }}
             type=semver,pattern={{major}}.{{minor}},value=${{ inputs.tag-name }}
             type=semver,pattern={{major}},value=${{ inputs.tag-name }},enable=${{ !(startsWith(github.ref, 'refs/tags/v0.') || startsWith(inputs.tag-name, 'v0.')) }}
             type=edge
             type=ref,event=branch
-      - name: Build and push Docker image
-        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
-        with:
-          context: .
-          file: .github/files/build/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+
+      - name: Build Images
+        run: |
+          build() {
+            newcontainer=$(buildah from --platform="$1" scratch)
+            buildah copy --chmod=0755 $newcontainer ./artifact/"$2"/binary /binary
+            buildah config --entrypoint='["./binary"]' $newcontainer
+
+            buildah config --author="Mogyuchi" $(awk '{print "--label=" $0}' <<< "${{ steps.meta.outputs.labels }}") $newcontainer
+            buildah inspect $newcontainer
+
+            buildah commit --manifest=localhost/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} $newcontainer
+            buildah rm $newcontainer
+          }
+          build linux/amd64 x86_64-unknown-linux-musl
+          build linux/arm64 aarch64-unknown-linux-musl
+
+      - id: push
+        name: Push To GHCR
+        run: |
+          buildah manifest inspect localhost/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
+          tac <<< '${{ steps.meta.outputs.tags }}' | xargs -I{} --max-args=1 buildah manifest push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --all localhost/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} docker://{}
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index b921081..fd82f98 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -30,7 +30,7 @@ jobs:
           manifest-file: .github/files/release-please/.release-please-manifest.json
           skip-github-pull-request: ${{ startsWith(github.event.head_commit.message, 'release:') && github.event.head_commit.author.name == format('{0}[bot]', steps.generate_token.outputs.app-slug) }}
 
-  docker-publish:
+  image-publish:
     needs: release-please
     if: ${{ needs.release-please.outputs.release_created }}
     permissions:
@@ -41,7 +41,7 @@ jobs:
       tag-name: ${{ needs.release-please.outputs.tag_name }}
 
   publish-release:
-    needs: [release-please, docker-publish]
+    needs: [release-please, image-publish]
     if: ${{ needs.release-please.outputs.release_created }}
     permissions:
       contents: write
@@ -91,7 +91,7 @@ jobs:
           edit-mode: replace
 
   add-docker-comment:
-    needs: [release-please, docker-publish, get-pr-number]
+    needs: [release-please, image-publish, get-pr-number]
     if: ${{ needs.release-please.outputs.release_created }}
     permissions:
       pull-requests: write
@@ -102,7 +102,7 @@ jobs:
     steps:
       - name: Add comment to PR
         run: |
-          printf ':robot: Successfully published to ${{ needs.docker-publish.outputs.image_url }} :truck:\n```\n${{ join(needs.docker-publish.outputs.image_tags, '\n') }}\n```' \
+          printf ':robot: Successfully published to ${{ needs.image-publish.outputs.image_url }} :truck:\n```\n${{ join(needs.image-publish.outputs.image_tags, '\n') }}\n```' \
           | gh pr comment ${{ needs.get-pr-number.outputs.pr_number }} --body-file=-
 
   label-published: