Switch to using buildah

Observations show the runtime is about the same (since performance is mostly
storage-io bound.  However, buildah images are more compact and there
are simpler possibilities for build-caching available for future use.

Signed-off-by: Chris Evich <chris_gitlab@icuc.me>

.gitlab-ci.yml

@@ -1,25 +1,54 @@
 ---
 
-stages:
-    - build
-
-build:
-  stage: build
+default:
+  image: quay.io/buildah/stable:v1.28.0
   tags:
     - docker
     - linux
-  image:
-    name: gcr.io/kaniko-project/executor:v1.6.0-debug
-    entrypoint: ["/busybox/sh", "-c"]
+
+# Since jobs are using 'rules' it's possible for duplicate pipelines to run
+# (one for push to mr-branch, another for mr.  Avoid this:
+workflow:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+    - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
+      when: never
+    - if: $CI_COMMIT_TAG == $CI
+
+envars:
+  stage: test
+  script: |
+    echo "Select CI env. vars.:";
+    printenv | egrep '^CI_' | sort
+
+commit_check:
+  stage: test
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_LABELS !~ /skip-ci/
+    - when: never
   variables:
-    BASE_TAG: latest
-    FLAVOR: stable
+    BADRX: '^(squash!)|(fixup!)'
+  script: |
+    dnf install -y git
+    shortlogtmp=$(mktemp -p '' commit_check_tmp_XXXX)
+    git log --oneline --no-show-signature "${CI_MERGE_REQUEST_DIFF_BASE_SHA}..HEAD" > "$shortlogtmp"
+    if egrep -q "$BADRX" "$shortlogtmp"; then
+        egrep "$BADRX" "$shortlogtmp"
+        die "Found the above commits matching '$BADRX'"
+    fi
+
+build:
+  stage: deploy
+  variables:
+    BUILDAH_FORMAT: docker
+    BUILDAH_ISOLATION: chroot
+    STORAGE_DRIVER: vfs
+  before_script:
+    - echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
   script:
-    - 'mkdir -p /kaniko/.docker'
-    - 'echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json'
-    - |
-        echo "Select CI env. vars.:";
-        printenv | egrep '^CI_' | sort
     # N/B: There could be more than one merge-request open with this branch's HEAD
     - |
         IMAGE_TAG="${CI_COMMIT_BRANCH}";
@@ -31,10 +60,12 @@ build:
             IMAGE_TAG="latest";
         fi
         echo "Building/Pushing to: ${CI_REGISTRY_IMAGE}:${IMAGE_TAG}";
-    - |
-        /kaniko/executor \
-            --context $CI_PROJECT_DIR \
-            --dockerfile $CI_PROJECT_DIR/Containerfile \
-            --destination "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}" \
-            --build-arg "BASE_TAG=$BASE_TAG" \
-            --build-arg "FLAVOR=$FLAVOR"
+    - >-
+      buildah build \
+        --label "org.opencontainers.image.source=${CI_PROJECT_URL}" \
+        --label "org.opencontainers.image.revision=$CI_COMMIT_SHA" \
+        --label "org.opencontainers.image.created=$CI_JOB_STARTED_AT" \
+        --label "org.opencontainers.image.version=${IMAGE_TAG}" \
+        -t "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}" "$CI_PROJECT_DIR"
+    - buildah images
+    - buildah push "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}"

Containerfile

@@ -6,9 +6,7 @@
 # https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-run-docker-commands
 #
 
-ARG FLAVOR="stable"
-ARG BASE_TAG="latest"
-FROM quay.io/podman/$FLAVOR:$BASE_TAG
+FROM quay.io/podman/stable:v4.3.1
 
 # This is a list of packages to remove and/or exclude from the image.
 # Primarily this is done for security reasons, should a runner process