Push in quay.io/buildah/stable

[tlapik123]

Hey! I'm trying to build and push (to gitlab registry) my project in quay.io/buildah/stable build container.
The build works fine when i do:
devcontainer build --docker-path buildah --workspace-folder . --image-name $FQ_IMAGE_NAME

But it fails when I add --push true as:
devcontainer build --docker-path buildah --workspace-folder . --push true --image-name $FQ_IMAGE_NAME

with this error:

[2024-06-28T09:56:10.009Z] @devcontainers/cli 0.65.0. Node.js v20.12.2. linux 6.6.33-0-virt x64.
Error: --platform or --push require BuildKit enabled.
    at mtA (/usr/local/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:466:363)
    at async Pm (/usr/local/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:465:1856)
    at async FrA (/usr/local/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:662:24692)
    at async yrA (/usr/local/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:662:22435)
{"outcome":"error","message":"--platform or --push require BuildKit enabled.","description":"--platform or --push require BuildKit enabled."}

My CI looks like:

container build and push:
  stage: container-build
  image: quay.io/buildah/stable
  variables:
    # Use vfs with buildah. Docker offers overlayfs as a default, but Buildah
    # cannot stack overlayfs on top of another overlayfs filesystem.
    STORAGE_DRIVER: vfs
    # Write all image metadata in the docker format, not the standard OCI format.
    # Newer versions of docker can handle the OCI format, but older versions, like
    # the one shipped with Fedora 30, cannot handle the format.
    BUILDAH_FORMAT: docker
    BUILDAH_ISOLATION: chroot
  before_script:
    # GitLab container registry credentials taken from the
    # [predefined CI/CD variables](../variables/index.md#predefined-cicd-variables)
    # to authenticate to the registry.
    - echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
    # install devcontainer
    - dnf install -y nodejs npm python3 make g++
    - npm install -g @devcontainers/cli
  script:
    - devcontainer build --docker-path buildah --workspace-folder . --push true --image-name $FQ_IMAGE_NAME

Does devcontainer only support docker when --push? Or is there some other way to get around this issue?
For now I'll try to use podman and report back.

Thank you for your work btw.

[tlapik123]

Ok, podman doesnt seem to work either. Since its missing the --push flag

$ devcontainer build --docker-path podman --workspace-folder . --push true --image-name $FQ_IMAGE_NAME
[2024-07-08T10:46:31.653Z] @devcontainers/cli 0.65.0. Node.js v20.12.2. linux 6.6.36-0-virt x64.
[2024-07-08T10:46:32.979Z] Start: Run: podman buildx build --push --build-arg BUILDKIT_INLINE_CACHE=1 -f /tmp/devcontainercli-root/container-features/0.65.0-1720435592969/Dockerfile-with-features -t gitlab.workswell.cz:5050/software/sdk-and-libraries/wic2/wic-devcontainer:podman --target dev_containers_target_stage --build-arg _DEV_CONTAINERS_BASE_IMAGE=dev_container_auto_added_stage_label /builds/software/sdk-and-libraries/wic2
[2024-07-08T10:46:33.057Z] Error: unknown flag: --push
See 'podman buildx build --help'

[2024-07-08T10:46:33.061Z] Exit code 125
Error: Command failed: podman buildx build --push --build-arg BUILDKIT_INLINE_CACHE=1 -f /tmp/devcontainercli-root/container-features/0.65.0-1720435592969/Dockerfile-with-features -t gitlab.workswell.cz:5050/software/sdk-and-libraries/wic2/wic-devcontainer:podman --target dev_containers_target_stage --build-arg _DEV_CONTAINERS_BASE_IMAGE=dev_container_auto_added_stage_label /builds/software/sdk-and-libraries/wic2
    at mtA (/usr/local/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:466:1933)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Pm (/usr/local/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:465:1856)
    at async FrA (/usr/local/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:662:24692)
    at async yrA (/usr/local/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:662:22435)
{"outcome":"error","message":"Command failed: podman buildx build --push --build-arg BUILDKIT_INLINE_CACHE=1 -f /tmp/devcontainercli-root/container-features/0.65.0-1720435592969/Dockerfile-with-features -t gitlab.workswell.cz:5050/software/sdk-and-libraries/wic2/wic-devcontainer:podman --target dev_containers_target_stage --build-arg _DEV_CONTAINERS_BASE_IMAGE=dev_container_auto_added_stage_label /builds/software/sdk-and-libraries/wic2","description":"An error occurred building the image."}
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 1

[samruddhikhandale]

The error message indicates that --platform or --push options require BuildKit to be enabled. BuildKit is a modern build system for Docker that provides improved performance, caching, and features like multi-stage builds. However, BuildKit is specific to Docker and not directly supported by Buildah.

To resolve this issue, you can use Docker with BuildKit enabled instead of Buildah. Here’s how you can modify your CI configuration to use Docker with BuildKit:

• Enable BuildKit: Set the DOCKER_BUILDKIT environment variable to 1.
• Use Docker: Replace Buildah with Docker in your CI configuration.

[tlapik123]

Hey!
First of all, thank you for the answer.
I don't want to use Docker since it requires the runner to be in privileged mode.

Why is BuildKit required for --push? Since if I use buildah for just build, everything works fine.