[QUESTION] Is it possible to use the `layers` to make this GHA reuse previously published image versions?

[webknjaz]

Question

Hi, I've seen an interesting trick at https://github.com/pyca/infra/blob/d52c449/.github/workflows/build-docker-images.yml#L58 where they use docker build --cache-from=... to have Docker reuse some of the layer cache from an earlier image version IIUC.

When I saw https://github.com/redhat-actions/buildah-build/pull/43 / https://github.com/redhat-actions/buildah-build/issues/42, I thought — would it be possible to do the same with podman/buildah? What would be required? Would podman pull coupled with layers: true be enough? Is there something I'm misunderstanding in how buildah works? (there probably is)

I know that podman's --cache-from is no-op but I thought maybe it is possible to achieve somehow on the buildah level?

[webknjaz]

@divyansh42 @tetchel @lstocchi any comments?

[divyansh42]

Hey @webknjaz, apologies for the delayed response. I've checked this, buildah doesn't support --cache-from yet. However, there is an open issue for that.

[webknjaz]

Yeah, I've seen some related issues but I still don't understand if that is something that direct invocations of buildah maybe support.

[webknjaz]

In particular, I was curious if that layers option does this.

[AdrianBalcan]

Can I use this GitHub Action and have a newer buildah version, in order to use --cache-to and --cache-from? I've noticed that it has not been updated anymore since Version: 1.23.1.

[np22-jpg]

Can I use this GitHub Action and have a newer buildah version

GitHub Actions Images all use whatever is in the Ubuntu repos. When Lunar Lobster drops in a month, we'll get a newer version of buildah/podman/etc. If you'd like, you can use quay.io/buildah/stable:latest. I use something like this:

    runs-on: ubuntu-latest
    container:
      image: quay.io/buildah/stable:latest
      options: --privileged

Although it's finicky, it gives you the latest version of buildah and dnf (but not podman?).

[lectrician1]

hhh well you can specify cache-to and cache-from now, but you need a system to make the right calls to the GitHub cache API (which i was trying to do) https://github.com/tonistiigi/go-actions-cache/blob/master/api.md and that system does not exist in buildah-build like it does in Docker's https://docs.docker.com/build/ci/github-actions/cache/#github-cache , so you might as well just use Docker's if you want caching

A near attempt:

name: 

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
      push-store-image:
        runs-on: ubuntu-latest
        defaults:
          run:
            working-directory: '.'
        steps:
          - name: 'Checkout GitHub Action'
            uses: actions/checkout@main

          - name: Buildah Build
            uses: redhat-actions/buildah-build@v2
            with:
              containerfiles: |
                ./Containerfile
              image: yay
              layers: true
              build-args: |
                cache-to=NEED SPECIFIC CACHE URL WITH KEY
                cache-from=NEED SPECIFIC CACHE URL WITH KEY

          - name: Push To ghcr
            uses: redhat-actions/push-to-registry@v2
            with:
              image: ${{ steps.build-image.outputs.image }}
              tags: ${{ steps.build-image.outputs.tags }}
              registry: ghcr.io/${{ github.repository_owner }}
              username: ${{github.actor}}
              password: ${{secrets.GITHUB_TOKEN}}
              extra-args: |
                --disable-content-trust