From df0f6345ab44fb8204765c52fc95316f6bc61ee8 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Sun, 11 Feb 2024 17:12:08 +0900 Subject: [PATCH] Prepare universal workflow --- .github/workflows/images_build_rhel.yml | 360 ++++++++++++++++++++---- 1 file changed, 304 insertions(+), 56 deletions(-) diff --git a/.github/workflows/images_build_rhel.yml b/.github/workflows/images_build_rhel.yml index 1414150e3..2071b2146 100644 --- a/.github/workflows/images_build_rhel.yml +++ b/.github/workflows/images_build_rhel.yml @@ -4,30 +4,50 @@ on: release: types: - published + workflow_dispatch: defaults: run: shell: bash env: + AUTO_PUSH_IMAGES: ${{ vars.AUTO_PUSH_IMAGES }} + LATEST_BRANCH: ${{ github.event.repository.default_branch }} + IMAGES_PREFIX: "zabbix-" BASE_BUILD_NAME: "build-base" + + DOCKERFILES_DIRECTORY: "Dockerfiles" + + OIDC_ISSUER: "https://token.actions.githubusercontent.com" + IDENITY_REGEX: "https://github.com/zabbix/zabbix-docker/.github/" + REGISTRY: "quay.io" REGISTRY_NAMESPACE: "redhat-isv-containers" + PREFLIGHT_IMAGE: "quay.io/opdev/preflight:stable" PFLT_LOGLEVEL: "warn" PFLT_ARTIFACTS: "/tmp/artifacts" - TRUNK_BRANCH: "7.0" jobs: init_build: name: Initialize build - runs-on: [self-hosted, linux, X64] + runs-on: ubuntu-latest + permissions: + contents: read outputs: components: ${{ steps.components.outputs.list }} is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }} current_branch: ${{ steps.branch_info.outputs.current_branch }} sha_short: ${{ steps.branch_info.outputs.sha_short }} steps: + - name: Block egress traffic + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + - name: Checkout repository uses: actions/checkout@v4 with: @@ -35,9 +55,13 @@ jobs: - name: Get branch info id: branch_info + shell: bash + env: + LATEST_BRANCH: ${{ env.LATEST_BRANCH }} + github_ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || github.ref }} run: | - github_ref="${{ github.ref }}" result=false + sha_short=$(git rev-parse --short HEAD) if [[ "$github_ref" == "refs/tags/"* ]]; then github_ref=${github_ref%.*} @@ -45,139 +69,268 @@ jobs: github_ref=${github_ref##*/} + if [[ "$github_ref" == "$LATEST_BRANCH" ]]; then + result=true + fi + + echo "::group::Branch data" + echo "is_default_branch - $result" + echo "current_branch - $github_ref" + echo "sha_short - $sha_short" + echo "::endgroup::" + echo "is_default_branch=$result" >> $GITHUB_OUTPUT - echo "current_branch=${{ env.TRUNK_BRANCH }}" >> $GITHUB_OUTPUT - echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + echo "current_branch=$github_ref" >> $GITHUB_OUTPUT + echo "sha_short=$sha_short" >> $GITHUB_OUTPUT - name: Prepare Zabbix component list id: components env: REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} + CURRENT_BRANCH: ${{ steps.branch_info.outputs.current_branch }} run: | - component_list=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ steps.branch_info.outputs.current_branch }}".components | keys | [ .[] | tostring ] | @json') + component_list=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components | keys | @json") + + echo "::group::Zabbix Component List" + echo "$component_list" + echo "::endgroup::" echo "list=$component_list" >> $GITHUB_OUTPUT build_base: timeout-minutes: 30 - name: Build ${{ matrix.build }} base on RHEL + name: Build ${{ matrix.build }} base (${{ matrix.arch }}) needs: ["init_build"] strategy: fail-fast: false matrix: - build: ["build-base"] - - runs-on: [self-hosted, linux, X64] - outputs: - image: ${{ steps.build_image.outputs.image-with-tag }} + build: [build-base] + arch: [X64, ARM64] + runs-on: [self-hosted, linux, "${{ matrix.arch }}"] + permissions: + contents: read steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 1 + - name: Install cosign + uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 + with: + cosign-release: 'v2.2.3' + + - name: Check cosign version + run: cosign version + + - name: Fix string case + id: lc + env: + ARCH: ${{ matrix.arch }} + run: | + echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT + - name: Generate tags id: meta uses: docker/metadata-action@v5 with: - images: zabbix-${{ matrix.build }} + images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }} tags: | - type=sha + type=sha,suffix=-${{ steps.lc.outputs.arch }} - name: Build Zabbix Build Base id: build_image uses: redhat-actions/buildah-build@v2 with: - context: ./Dockerfiles/${{ matrix.build }}/rhel + context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel layers: false tags: ${{ steps.meta.outputs.tags }} containerfiles: | - ./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile + ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile extra-args: | --pull + - name: Image digest + env: + IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + run: | + DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2) + echo "::group::Image digest" + echo "$DIGEST" + echo "::endgroup::" + echo "::group::Cache file name" + echo "$CACHE_FILE_NAME" + echo "::endgroup::" + + echo "$DIGEST" > "$CACHE_FILE_NAME" + + - name: Cache image digest + uses: actions/cache@v4 + with: + path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} + build_base_database: timeout-minutes: 180 needs: [ "build_base", "init_build"] - name: Build ${{ matrix.build }} base on RHEL + name: Build ${{ matrix.build }} base (${{ matrix.arch }}) strategy: fail-fast: false matrix: - build: ["mysql", "sqlite3"] - - runs-on: [self-hosted, linux, X64] + build: [build-mysql, build-sqlite3] + arch: [X64, ARM64] + runs-on: [self-hosted, linux, "${{ matrix.arch }}"] + permissions: + contents: read + id-token: write steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 1 + - name: Fix string case + id: lc + env: + ARCH: ${{ matrix.arch }} + run: | + echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT + - name: Generate tags id: meta uses: docker/metadata-action@v5 with: - images: zabbix-build-${{ matrix.build }} + images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }} tags: | - type=sha + type=sha,suffix=-${{ steps.lc.outputs.arch }} - - name: Build ${{ matrix.build }} image + - name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} + uses: actions/cache@v4 + with: + path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} + + - name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag + id: base_build + env: + MATRIX_ARCH: ${{ matrix.arch }} + BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} + IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + run: | + BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") + BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" + + echo "::group::Base build image information" + echo "base_tag=${BASE_TAG}" + echo "base_build_image=${BUILD_BASE_IMAGE}" + echo "::endgroup::" + + echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT + echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT + + - name: Build Zabbix Build Base id: build_image uses: redhat-actions/buildah-build@v2 with: - context: ./Dockerfiles/build-${{ matrix.build }}/rhel + context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel layers: false tags: ${{ steps.meta.outputs.tags }} containerfiles: | - ./Dockerfiles/build-${{ matrix.build }}/rhel/Dockerfile - build-args: BUILD_BASE_IMAGE=${{ needs.build_base.outputs.image }} + ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile + build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} + + - name: Image digest + env: + IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }} + run: | + DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2) + echo "::group::Image digest" + echo "$DIGEST" + echo "::endgroup::" + echo "::group::Cache file name" + echo "$CACHE_FILE_NAME" + echo "::endgroup::" + + echo "$DIGEST" > "$CACHE_FILE_NAME" + + - name: Cache image digest + uses: actions/cache@v4 + with: + path: ${{ matrix.build }}_${{ matrix.arch }} + key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }} build_images: timeout-minutes: 90 needs: [ "build_base_database", "init_build"] - name: Build ${{ matrix.build }} image + name: Build ${{ matrix.build }} image (${{ matrix.arch }}) strategy: fail-fast: false matrix: build: ${{ fromJson(needs.init_build.outputs.components) }} - - runs-on: [self-hosted, linux, X64] + arch: [X64, ARM64] + runs-on: [self-hosted, linux, "${{ matrix.arch }}"] + permissions: + contents: read + id-token: write steps: - - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Fix string case + id: lc + env: + ARCH: ${{ matrix.arch }} + run: | + echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT - name: Detect Build Base Image id: build_base_image env: REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} + MATRIX_BUILD: ${{ matrix.build }} + CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }} run: | - BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".build_base') + BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".build_base") - echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT + echo "::group::Build base image" + echo "build_base=$BUILD_BASE" + echo "::endgroup::" + + echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT - name: Generate image name id: image_name env: REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} + MATRIX_BUILD: ${{ matrix.build }} + CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }} run: | - IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login') + IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".login") - echo "::add-mask::$IMAGE_NAME" - echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT + echo "::add-mask::$IMAGE_NAME" + echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT - name: Generate credentials id: login_credentials env: REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }} + MATRIX_BUILD: ${{ matrix.build }} + CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }} run: | - IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".login') - REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n '$data."${{ needs.init_build.outputs.current_branch }}".components."${{ matrix.build }}".secret') + IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".login") + REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".secret") - echo "::add-mask::$IMAGE_NAME" - echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot" - echo "::add-mask::$REGISTRY_PASSWORD" + echo "::add-mask::$IMAGE_NAME" + echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot" + echo "::add-mask::$REGISTRY_PASSWORD" - echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT - echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT + echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT + echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT - name: Log in to Quay.io uses: redhat-actions/podman-login@v1.6 @@ -188,12 +341,14 @@ jobs: username: redhat-isv-containers+${{ env.LOGIN }}-robot password: ${{ env.PASSWORD }} registry: ${{ env.REGISTRY }} - auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }} + auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }} - name: Remove smartmontools if: ${{ matrix.build == 'agent2' }} + env: + DOCKERFILES_DIRECTORY: ${{ env.DOCKERFILES_DIRECTORY }} run: | - sed -i '/smartmontools/d' Dockerfiles/agent2/rhel/Dockerfile + sed -i '/smartmontools/d' "$DOCKERFILES_DIRECTORY/agent2/rhel/Dockerfile" - name: Generate tags id: meta @@ -204,38 +359,72 @@ jobs: type=semver,pattern={{version}} type=sha flavor: | - latest=${{ ( github.event_name == 'release' ) }} + latest=${{ github.event_name == 'release' }} + suffix=${{ matrix.arch == 'ARM64' && '-arm64' || '' }},onlatest=true - - name: Build ${{ matrix.build }} and push + - name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} + uses: actions/cache@v4 + with: + path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }} + key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }} + + - name: Retrieve ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} SHA256 tag + id: base_build + env: + MATRIX_ARCH: ${{ matrix.arch }} + BASE_IMAGE: ${{ steps.build_base_image.outputs.build_base }} + IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + run: | + BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") + BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" + + echo "::group::Base build image information" + echo "base_tag=${BASE_TAG}" + echo "base_build_image=${BUILD_BASE_IMAGE}" + echo "::endgroup::" + + echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT + echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT + + - name: Build ${{ matrix.build }} id: build_image uses: redhat-actions/buildah-build@v2 with: - context: ./Dockerfiles/${{ matrix.build }}/rhel + context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel layers: false tags: ${{ steps.meta.outputs.tags }} labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} containerfiles: | - ./Dockerfiles/${{ matrix.build }}/rhel/Dockerfile - build-args: BUILD_BASE_IMAGE=zabbix-${{ steps.build_base_image.outputs.build_base }}:sha-${{ needs.init_build.outputs.sha_short }} + ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile + build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} - name: Push to RedHat certification procedure id: push_to_registry + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: redhat-actions/push-to-registry@v2 with: tags: ${{ steps.meta.outputs.tags }} - name: Preflight + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} env: - PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ needs.init_build.outputs.sha_short }} + PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }} PFLT_CERTIFICATION_PROJECT_ID: ${{ steps.login_credentials.outputs.username }} PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }} PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }} PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }} + IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }} + PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }} run: | - mkdir -p $PFLT_ARTIFACTS - podman run \ + mkdir -p $PFLT_ARTIFACTS + echo "::group::Pull preflight image" + podman pull "$PREFLIGHT_IMAGE" + echo "::endgroup::" + + echo "::group::Perform certification tests" + podman run \ -it \ --rm \ --security-opt=label=disable \ @@ -247,15 +436,74 @@ jobs: --env PFLT_DOCKERCONFIG=/temp-authfile.json \ -v $PFLT_ARTIFACTS:/artifacts \ -v $PFLT_DOCKERCONFIG:/temp-authfile.json:ro \ - quay.io/opdev/preflight:stable check container ${{ steps.build_image.outputs.image-with-tag }} --submit + "$PREFLIGHT_IMAGE" check container $IMAGE_TAG --submit + podman rmi -i -f "$PREFLIGHT_IMAGE" + echo "::endgroup::" - name: Push to RedHat certification procedure id: push_to_registry_all_tags + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} uses: redhat-actions/push-to-registry@v2 with: tags: ${{ steps.meta.outputs.tags }} - - name: Cleanup + - name: Cleanup artifacts + if: ${{ always() }} + env: + PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }} + PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }} + TAGS: ${{ steps.meta.outputs.tags }} run: | - echo "${{ steps.meta.outputs.tags }}" | while IFS= read -r image_name ; do podman rmi -i -f $image_name; done - rm -rf ${{ env.PFLT_ARTIFACTS }} + echo "::group::Post build actions" + echo "$TAGS" | while IFS= read -r image_name ; do podman rmi -i -f "$image_name"; done + rm -rf "$PFLT_ARTIFACTS" + podman rmi -i -f "$PREFLIGHT_IMAGE" + echo "::endgroup::" + + clean_artifacts: + timeout-minutes: 90 + needs: [ "build_images", "init_build"] + name: Build ${{ matrix.build }} image (${{ matrix.arch }}) + strategy: + fail-fast: false + matrix: + build: [build-mysql, build-sqlite3] + arch: [X64, ARM64] + runs-on: [self-hosted, linux, "${{ matrix.arch }}"] + if: ${{ always() && needs.build_base_database.result == 'success' }} + permissions: {} + steps: + - name: Download SHA256 tag of ${{ matrix.build }}:${{ matrix.arch }} + uses: actions/cache@v4 + with: + path: ${{ matrix.build }}_${{ matrix.arch }} + key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }} + + - name: Remove ${{ matrix.build }}:${{ matrix.arch }} SHA256 tag + env: + MATRIX_ARCH: ${{ matrix.arch }} + BASE_IMAGE: ${{ matrix.build }} + IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + run: | + BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") + BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" + + podman rmi -i -f "$BUILD_BASE_IMAGE" + + - name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} + uses: actions/cache@v4 + with: + path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }} + key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} + + + - name: Remove ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag + env: + MATRIX_ARCH: ${{ matrix.arch }} + BASE_IMAGE: ${{ env.BASE_BUILD_NAME }} + IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }} + run: | + BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}") + BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}" + + podman rmi -i -f "$BUILD_BASE_IMAGE"