@@ -71,6 +71,8 @@ buildah_build(){
7171 local buildah_exec
7272 local buildah_exit_code
7373 local buildah_args
74+ local buildah_labels
75+ local buildah_labels_array
7476 local manifest_args
7577 log_info " Build Containerfile for ${IMAGE_NAME} :${IMAGE_TAG} "
7678 log_trace " $( buildah --version) "
@@ -82,15 +84,38 @@ buildah_build(){
8284 buildah_args+=" --build-arg ${arg} "
8385 done
8486
87+ # Extract labels from manifest
88+ buildah_labels=()
89+ buildah_labels_array=()
90+ while IFS= read -r label; do
91+ if [[ -n " ${label} " ; then
92+ # Parse key=value and remove quotes from value if present
93+ # Handle both key=value and key="value" formats
94+ if [[ " ${label} " =~ ^([^= ]+)= (.* )$ ]]; then
95+ local label_key=" ${BASH_REMATCH[1]} "
96+ local label_value=" ${BASH_REMATCH[2]} "
97+ # Remove surrounding quotes from value if present
98+ label_value=$( echo " ${label_value} " | sed -e ' s/^"//' ' s/"$//' )
99+ # Reconstruct label without quotes in value
100+ label=" ${label_key} =${label_value} "
101+ fi
102+ # Add to both string (for logging) and array (for command)
103+ buildah_labels+=" --label ${label} "
104+ buildah_labels_array+=(" --label" " ${label} "
105+ fi
106+ done < <( yq e ' .build.labels[]' $MANIFEST_FILE )
107+
85108 log_trace " Buildah args: ${buildah_args} "
109+ log_trace " Buildah labels: ${buildah_labels} "
86110 set +e
87111 buildah_exec=$(
88112 buildah build \
89113 --squash \
90114 --pull-always \
91115 --format ${IMAGE_FORMAT} \
92116 ${buildah_args} \
93- --tag docker-daemon:${IMAGE_NAME} :${IMAGE_TAG} \
117+ " ${buildah_labels_array[@]} "
118+ --tag ${IMAGE_NAME} :${IMAGE_TAG} \
94119 . \
95120 2>&1
96121 )
@@ -103,6 +128,81 @@ buildah_build(){
103128 else
104129 log_success " Build completed successfully"
105130 fi
131+
132+ # Copy to docker-daemon after successful build
133+ # Save image to tar first, then load into docker daemon
134+ # Store tar path in a variable for later use with skopeo
135+ export BUILD_TAR=" ${BUILD_DIR} /${IMAGE_NAME} -${IMAGE_TAG} -temp.tar"
136+ log_info " Saving image to temporary tar: ${BUILD_TAR} "
137+ set +e
138+ buildah_exec=$(
139+ buildah push ${IMAGE_NAME} :${IMAGE_TAG} oci-archive:${BUILD_TAR} \
140+ 2>&1
141+ )
142+ buildah_exit_code=$?
143+ set -e
144+ if [[ $buildah_exit_code -ne 0 ]]; then
145+ log_error " Failed to save image to tar"
146+ log_error " ${buildah_exec} "
147+ exit 1
148+ else
149+ log_success " Image saved to tar successfully"
150+ # Verify labels are in the tar file
151+ if command -v skopeo & > /dev/null; then
152+ local tar_labels
153+ tar_labels=$( skopeo inspect oci-archive:${BUILD_TAR} --format ' {{.Labels}}' 2> /dev/null || echo " " )
154+ if [[ -n " ${tar_labels} " ; then
155+ log_trace " Labels in tar file: ${tar_labels} "
156+ else
157+ log_warn " No labels found in tar file"
158+ fi
159+ fi
160+ fi
161+
162+ log_info " Loading image into Docker daemon: ${IMAGE_NAME} :${IMAGE_TAG} "
163+ set +e
164+ buildah_exec=$(
165+ docker load -i ${BUILD_TAR} \
166+ 2>&1
167+ )
168+ buildah_exit_code=$?
169+ set -e
170+
171+ if [[ $buildah_exit_code -ne 0 ]]; then
172+ log_error " Failed to load image into Docker daemon"
173+ log_error " ${buildah_exec} "
174+ exit 1
175+ fi
176+
177+ # docker load might not preserve the tag, so we need to tag it
178+ # Extract the loaded image name/ID from the output
179+ # Format can be: "Loaded image: name:tag" or "Loaded image ID: sha256:..."
180+ local loaded_image=" "
181+ if echo " ${buildah_exec} " | grep -qi " Loaded image:" ; then
182+ # Extract image name:tag format
183+ loaded_image=$( echo " ${buildah_exec} " | grep -i " Loaded image:" | sed -E ' s/.*Loaded image: //' | head -n1 | tr -d ' \r\n' )
184+ elif echo " ${buildah_exec} " | grep -qi " Loaded image ID:" ; then
185+ # Extract just the sha256:... part
186+ loaded_image=$( echo " ${buildah_exec} " | grep -i " Loaded image ID:" | sed -E ' s/.*Loaded image ID: //' | head -n1 | tr -d ' \r\n' )
187+ fi
188+
189+ if [[ -n " ${loaded_image} " && " ${loaded_image} " != " ${IMAGE_NAME} :${IMAGE_TAG} " ; then
190+ log_info " Tagging loaded image ${loaded_image} as ${IMAGE_NAME} :${IMAGE_TAG} "
191+ set +e
192+ buildah_exec=$(
193+ docker tag " ${loaded_image} " " ${IMAGE_NAME} :${IMAGE_TAG} "
194+ 2>&1
195+ )
196+ buildah_exit_code=$?
197+ set -e
198+ if [[ $buildah_exit_code -ne 0 ]]; then
199+ log_error " Failed to tag image"
200+ log_error " ${buildah_exec} "
201+ exit 1
202+ fi
203+ fi
204+
205+ log_success " Image loaded into Docker daemon successfully"
106206}
107207
108208podman_save_image_to_tar (){
@@ -238,5 +338,24 @@ dive_scan # Filesystem scan and analysis
238338trivy_scan # Vulnerability scan
239339
240340# Deploy to registry with skopeo using tags in manifest
341+ # Use oci-archive (tar file) as source to avoid Docker API version issues
241342registry=$( retrieve_registry_from_manifest)
242- skopeo copy docker-daemon:${IMAGE_NAME} :${IMAGE_TAG} docker://${registry} :${IMAGE_TAG}
343+ if [[ -n " ${BUILD_TAR} " && -f " ${BUILD_TAR} " ; then
344+ log_info " Pushing image to registry: ${registry} :${IMAGE_TAG} "
345+ # Use --all to copy all formats and preserve metadata including labels
346+ skopeo copy --all oci-archive:${BUILD_TAR} docker://${registry} :${IMAGE_TAG}
347+ log_success " Image pushed to registry successfully"
348+ # Verify labels in registry
349+ log_info " Verifying labels in registry..."
350+ registry_labels=$( skopeo inspect docker://${registry} :${IMAGE_TAG} --format ' {{.Labels}}' 2> /dev/null || echo " " )
351+ if [[ -n " ${registry_labels} " ; then
352+ log_trace " Labels in registry: ${registry_labels} "
353+ else
354+ log_warn " No labels found in registry image"
355+ fi
356+ # Clean up temp tar file after registry push
357+ rm -f ${BUILD_TAR}
358+ else
359+ log_error " Build tar file not found, cannot push to registry"
360+ exit 1
361+ fi
0 commit comments