Switch to using buildah

Observations show the runtime is about the same (since performance is mostly
storage-io bound.  However, buildah images are more compact and there
are simpler possibilities for build-caching available for future use.

Signed-off-by: Chris Evich <chris_gitlab@icuc.me>

.gitlab-ci.yml

@@ -1,22 +1,54 @@
 ---
 
-stages:
+default:
-    - build
+  image: quay.io/buildah/stable:v1.28.0
-
-build:
-  stage: build
   tags:
     - docker
     - linux
-  image:
+
-    name: gcr.io/kaniko-project/executor:v1.6.0-debug
+# Since jobs are using 'rules' it's possible for duplicate pipelines to run
-    entrypoint: ["/busybox/sh", "-c"]
+# (one for push to mr-branch, another for mr.  Avoid this:
-  script:
+workflow:
-    - 'mkdir -p /kaniko/.docker'
+  rules:
-    - 'echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json'
+    - if: $CI_PIPELINE_SOURCE == "schedule"
-    - |
+    - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
+      when: never
+    - if: $CI_COMMIT_TAG == $CI
+
+envars:
+  stage: test
+  script: |
     echo "Select CI env. vars.:";
     printenv | egrep '^CI_' | sort
+
+commit_check:
+  stage: test
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_LABELS !~ /skip-ci/
+    - when: never
+  variables:
+    BADRX: '^(squash!)|(fixup!)'
+  script: |
+    dnf install -y git
+    shortlogtmp=$(mktemp -p '' commit_check_tmp_XXXX)
+    git log --oneline --no-show-signature "${CI_MERGE_REQUEST_DIFF_BASE_SHA}..HEAD" > "$shortlogtmp"
+    if egrep -q "$BADRX" "$shortlogtmp"; then
+        egrep "$BADRX" "$shortlogtmp"
+        die "Found the above commits matching '$BADRX'"
+    fi
+
+build:
+  stage: deploy
+  variables:
+    BUILDAH_FORMAT: docker
+    BUILDAH_ISOLATION: chroot
+    STORAGE_DRIVER: vfs
+  before_script:
+    - echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
+  script:
     # N/B: There could be more than one merge-request open with this branch's HEAD
     - |
         IMAGE_TAG="${CI_COMMIT_BRANCH}";
@@ -28,12 +60,12 @@ build:
             IMAGE_TAG="latest";
         fi
         echo "Building/Pushing to: ${CI_REGISTRY_IMAGE}:${IMAGE_TAG}";
-    - |
+    - >-
-        /kaniko/executor \
+      buildah build \
-            --context $CI_PROJECT_DIR \
-            --dockerfile $CI_PROJECT_DIR/Containerfile \
-            --destination "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}" \
         --label "org.opencontainers.image.source=${CI_PROJECT_URL}" \
         --label "org.opencontainers.image.revision=$CI_COMMIT_SHA" \
         --label "org.opencontainers.image.created=$CI_JOB_STARTED_AT" \
-            --label "org.opencontainers.image.version=${IMAGE_TAG}"
+        --label "org.opencontainers.image.version=${IMAGE_TAG}" \
+        -t "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}" "$CI_PROJECT_DIR"
+    - buildah images
+    - buildah push "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}"