Skip to content

Official rechunker build#10

Merged
phantomcortex merged 1 commit intomainfrom
testing
Oct 20, 2025
Merged

Official rechunker build#10
phantomcortex merged 1 commit intomainfrom
testing

Conversation

@phantomcortex
Copy link
Owner

@phantomcortex phantomcortex commented Oct 20, 2025
edited
Loading

working rechunker ready for merge.

Let's create a full report of this PR to refer back to if needed.

this is here because the runner WILL run out of space.

- name: Maximize build space
        uses: jlumbroso/free-disk-space@v1.3.1
        with:
          android: true
          dotnet: true
          haskell: true
          large-packages: true
          docker-images: false
          swap-storage: true

build with rechunker requires sudo
not sure if building via podman or buildah is better but this what works

- name: Build image (rootful)
        id: build_image
        run: |
          # Builds image in root store as root, to be picked up by Rechunker
          sudo buildah bud \
            --format docker \
            --tag "localhost/${IMAGE_NAME}:${{ env.DEFAULT_TAG }}" \
            --file Containerfile \
            .

I don't necessarily think that rechunker is complicated...I just don't understand yaml...or the build system

- name: Run Rechunker
        id: rechunk
        uses: hhd-dev/rechunk@v1.2.3
        with:
          rechunk: "ghcr.io/hhd-dev/rechunk:v1.2.3"
          ref: "localhost/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
          prev-ref: "${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.DEFAULT_TAG }}"
          skip_compression: false
          max-layers: 110
          labels: ${{ steps.metadata.outputs.labels }}

Once rechunker is done the image has to be tagged so the chunks are ID'd as part of the pushed image

- name: Load in podman and tag
       run: |
         IMAGE=$(podman pull ${STEPS_RECHUNK_OUTPUTS_REF})
         sudo rm -rf ${STEPS_RECHUNK_OUTPUTS_LOCATION}
         for tag in ${STEPS_METADATA_OUTPUTS_TAGS}; do
           podman tag $IMAGE ${IMAGE_NAME}:$tag
         done
       env:
         STEPS_RECHUNK_OUTPUTS_REF: ${{ steps.rechunk.outputs.ref }}
         STEPS_RECHUNK_OUTPUTS_LOCATION: ${{ steps.rechunk.outputs.location }}
         STEPS_METADATA_OUTPUTS_TAGS: ${{ steps.metadata.outputs.tags }}
         IMAGE_NAME: ${{ env.IMAGE_NAME }}

this is not entirely necessary but it's good practice and shouldn't cause problems

- name: Lowercase Registry 
        id: registry_case
        uses: ASzc/change-string-case-action@v6
        with:
          string: ${{ env.IMAGE_REGISTRY }}

any part that has if: github.event_name != 'pull_request' seems to work better with rechunker. Not sure it has to do with the branch or rechunker.

Pay attention to 'digest' it's required by rechunker. 'lowercase' may also be something that's better to have.

- name: Sign container image
        id: sign_container_image
        if: github.event_name != 'pull_request'
        run: |
          echo "${STEPS_PUSH_OUTPUTS_REGISTRY_PATHS}"
          IMAGE_FULL="${STEPS_REGISTRY_CASE_OUTPUTS_LOWERCASE}/${IMAGE_NAME}"
          cosign sign -y --key env://COSIGN_PRIVATE_KEY $IMAGE_FULL@"${STEPS_PUSH_OUTPUTS_DIGEST}"
        env:
          COSIGN_EXPERIMENTAL: false
          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
          STEPS_PUSH_OUTPUTS_REGISTRY_PATHS: ${{ steps.push.outputs.registry-paths }}
          STEPS_REGISTRY_CASE_OUTPUTS_LOWERCASE: ${{ steps.registry_case.outputs.lowercase }}
          STEPS_PUSH_OUTPUTS_DIGEST: ${{ steps.push.outputs.digest }}

rollback the following:
uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
recent PR from dependabot to update cosign to v4.0 #9
with these two, either one could be newer.
main: uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
testing: uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3

@phantomcortex
Official rechunker build
2058480 
working rechunker ready for merge.
@phantomcortex phantomcortex self-assigned this Oct 20, 2025
@phantomcortex phantomcortex added the enhancement New feature or request label Oct 20, 2025
@phantomcortex phantomcortex merged commit 1c21ea6 into main Oct 20, 2025
1 check passed
@phantomcortex phantomcortex deleted the testing branch October 20, 2025 18:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@phantomcortex phantomcortex

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@phantomcortex