Convert Figma logo to code with AI

containers logobuildah

A tool that facilitates building OCI images.

7,272
765
7,272
138
View on GitHub

Top Related Projects

moby's avatar

moby

68,457

The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

GoogleContainerTools's avatar

kaniko

14,585

Build Container Images In Kubernetes

genuinetools's avatar

img

3,885

Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.

opencontainers's avatar

runc

11,728

CLI tool for spawning and running containers according to the OCI specification

docker's avatar

buildx

3,438

Docker CLI plugin for extended build capabilities with BuildKit

wagoodman's avatar

dive

45,415

A tool for exploring each layer in a docker image

Quick Overview

Buildah is an open-source tool for building Open Container Initiative (OCI) container images. It provides a flexible and scriptable approach to creating, manipulating, and pushing container images without requiring a full container runtime or daemon.

Pros

  • Daemonless architecture, allowing for more secure and lightweight image building
  • Supports building images from scratch or based on existing images
  • Integrates well with other container tools and orchestration systems
  • Provides a scriptable interface for automation and CI/CD pipelines

Cons

  • Steeper learning curve compared to some alternatives like Docker
  • Less widespread adoption and community support compared to Docker
  • May require additional setup and configuration in some environments
  • Limited GUI options for users who prefer graphical interfaces

Code Examples

  1. Building a simple container image:
#!/usr/bin/env bash
container=$(buildah from fedora:latest)
buildah run $container dnf install -y httpd
buildah config --port 80 $container
buildah commit $container myhttpd
buildah push myhttpd docker://localhost:5000/myhttpd:latest
  1. Creating an image from scratch:
#!/usr/bin/env bash
newcontainer=$(buildah from scratch)
buildah copy $newcontainer /tmp/myapp /app/myapp
buildah config --entrypoint ["/app/myapp"] $newcontainer
buildah commit $newcontainer myapp:latest
  1. Mounting and modifying an existing image:
#!/usr/bin/env bash
container=$(buildah from alpine:latest)
mountpoint=$(buildah mount $container)
echo "Hello, Buildah!" > $mountpoint/etc/motd
buildah umount $container
buildah commit $container alpine-motd:latest

Getting Started

To get started with Buildah, follow these steps:

  1. Install Buildah on your system (varies by OS, e.g., dnf install buildah on Fedora)
  2. Create a simple Bash script to build an image:
#!/usr/bin/env bash
container=$(buildah from alpine:latest)
buildah run $container apk add --no-cache python3
buildah config --cmd "python3" $container
buildah commit $container my-python-image:latest
buildah push my-python-image:latest docker://localhost:5000/my-python-image:latest
  1. Make the script executable: chmod +x build-image.sh
  2. Run the script: ./build-image.sh

This will create a simple Python image based on Alpine Linux and push it to a local registry.

Competitor Comparisons

moby logo

moby

68,457

The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

Pros of Moby

  • More extensive ecosystem and wider community support
  • Comprehensive documentation and extensive learning resources
  • Integrated container orchestration capabilities with Docker Swarm

Cons of Moby

  • Heavier resource footprint compared to Buildah
  • Requires a daemon process to run, which can be a security concern
  • Less flexibility in building container images without a Dockerfile

Code Comparison

Buildah:

buildah from fedora
buildah run fedora-working-container dnf install -y httpd
buildah commit fedora-working-container fedora-httpd

Moby (Docker):

FROM fedora
RUN dnf install -y httpd

Key Differences

  • Buildah focuses on building OCI-compliant container images without requiring a daemon
  • Moby provides a full container platform with additional features like networking and volume management
  • Buildah offers more granular control over the image building process
  • Moby has better integration with other Docker tools and services

Use Cases

Buildah is ideal for:

  • CI/CD pipelines requiring lightweight image building
  • Environments with strict security requirements

Moby is better suited for:

  • Full-stack container management and orchestration
  • Developers seeking an all-in-one container solution
GoogleContainerTools logo

kaniko

14,585

Build Container Images In Kubernetes

Pros of kaniko

  • Designed to run in containerized environments, making it ideal for CI/CD pipelines in Kubernetes
  • Does not require Docker daemon or root privileges, enhancing security
  • Supports caching of layers for faster subsequent builds

Cons of kaniko

  • Limited support for advanced Dockerfile features compared to Buildah
  • May have slower build times for complex images
  • Less flexibility in terms of customization and extensibility

Code Comparison

Buildah:

buildah from alpine
buildah run alpine-working-container apk add --no-cache python3
buildah commit alpine-working-container my-python-image

kaniko:

FROM alpine
RUN apk add --no-cache python3

/kaniko/executor --dockerfile=Dockerfile --destination=my-python-image

Key Differences

  • Buildah offers a more flexible, script-based approach to building images
  • kaniko is designed for containerized environments and requires less setup
  • Buildah provides more advanced features and customization options
  • kaniko focuses on simplicity and security in CI/CD pipelines

Both tools aim to build container images without requiring a Docker daemon, but they cater to different use cases and environments. Buildah is more versatile and powerful, while kaniko excels in containerized CI/CD workflows.

genuinetools logo

img

3,885

Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.

Pros of img

  • Written in Go, making it more portable and easier to distribute
  • Supports unprivileged builds without requiring root access
  • Offers a simpler, more streamlined CLI interface

Cons of img

  • Less mature and less widely adopted compared to Buildah
  • Limited integration with other container ecosystems
  • Fewer advanced features and customization options

Code Comparison

img:

img build -t myimage:latest .
img push myimage:latest

Buildah:

buildah bud -t myimage:latest .
buildah push myimage:latest

Summary

Both img and Buildah are tools for building container images, but they have different approaches and target audiences. img focuses on simplicity and portability, making it attractive for developers who want a straightforward, Go-based solution. Buildah, on the other hand, offers more advanced features and better integration with the broader container ecosystem, making it suitable for more complex use cases and enterprise environments.

The choice between img and Buildah depends on specific requirements, such as the need for unprivileged builds, integration with existing tools, and the desired level of customization. While img provides a user-friendly experience, Buildah offers more flexibility and is backed by a larger community and Red Hat's support.

opencontainers logo

runc

11,728

CLI tool for spawning and running containers according to the OCI specification

Pros of runc

  • Industry standard for OCI-compliant container runtime
  • Lightweight and focused on container execution
  • Widely adopted and supported by major container platforms

Cons of runc

  • Limited to runtime operations, not a full container management solution
  • Requires additional tools for image building and higher-level operations
  • Less user-friendly for direct interaction compared to Buildah

Code comparison

runc:

spec, err := loadSpec(context)
if err != nil {
    return err
}
status, err := startContainer(context, spec)

Buildah:

container, err := buildah.NewBuilder(ctx, store, options)
if err != nil {
    return err
}
err = container.Run(runOptions)

Key differences

  • Buildah focuses on building container images and provides a more comprehensive toolset for container management
  • runc is primarily concerned with running containers according to the OCI specification
  • Buildah offers a more user-friendly CLI for direct interaction with containers
  • runc is often used as a low-level component in larger container ecosystems
  • Buildah integrates well with other tools in the containers ecosystem, while runc is more specialized

Both projects serve different purposes in the container ecosystem, with runc being a foundational runtime and Buildah offering a more complete solution for building and managing containers.

docker logo

buildx

3,438

Docker CLI plugin for extended build capabilities with BuildKit

Pros of Buildx

  • Tightly integrated with Docker ecosystem
  • Supports multi-platform builds out of the box
  • Offers concurrent building capabilities

Cons of Buildx

  • Requires Docker daemon to be running
  • Limited flexibility in terms of base image selection
  • Steeper learning curve for users new to Docker

Code Comparison

Buildx:

docker buildx build --platform linux/amd64,linux/arm64 -t myimage:latest .

Buildah:

buildah bud -t myimage:latest .
buildah push myimage:latest

Key Differences

  • Buildah operates in a daemonless environment, while Buildx relies on the Docker daemon
  • Buildx focuses on multi-platform builds, whereas Buildah emphasizes flexibility and customization
  • Buildah allows for more granular control over the build process, including the ability to build without a Dockerfile

Use Cases

Buildx is ideal for:

  • Docker-centric workflows
  • Multi-architecture builds
  • CI/CD pipelines integrated with Docker

Buildah is better suited for:

  • Security-sensitive environments
  • Custom build processes
  • Scenarios where Docker daemon usage is not preferred

Both tools have their strengths, and the choice between them often depends on specific project requirements and existing infrastructure.

wagoodman logo

dive

45,415

A tool for exploring each layer in a docker image

Pros of Dive

  • Specialized tool for analyzing and exploring Docker image layers
  • Provides an interactive CLI interface for easy navigation of image contents
  • Offers detailed size information for each layer and file

Cons of Dive

  • Limited to Docker image analysis, lacks broader container build capabilities
  • Does not support creating or modifying container images

Code Comparison

Dive usage:

dive <image-name>

Buildah usage:

buildah from <base-image>
buildah copy <container> <source> <destination>
buildah commit <container> <image-name>

Summary

Dive is a focused tool for analyzing Docker image layers, offering an interactive interface for exploring image contents and size information. It excels at providing detailed insights into existing images but lacks the ability to create or modify containers.

Buildah, on the other hand, is a comprehensive tool for building OCI-compliant container images. It offers more flexibility in image creation and manipulation, supporting various storage backends and allowing rootless builds. However, it doesn't provide the same level of detailed layer analysis as Dive.

Choose Dive for in-depth image analysis and optimization, while Buildah is better suited for building and customizing container images from scratch or existing bases.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

buildah logo (light) buildah logo (dark)

Buildah - a tool that facilitates building Open Container Initiative (OCI) container images

Go Report Card

The Buildah package provides a command line tool that can be used to

  • create a working container, either from scratch or using an image as a starting point
  • create an image, either from a working container or via the instructions in a Dockerfile
  • images can be built in either the OCI image format or the traditional upstream docker image format
  • mount a working container's root filesystem for manipulation
  • unmount a working container's root filesystem
  • use the updated contents of a container's root filesystem as a filesystem layer to create a new image
  • delete a working container or an image
  • rename a local container

Buildah Information for Developers

For blogs, release announcements and more, please checkout the buildah.io website!

Buildah Container Images

Buildah Demos

Changelog

Contributing

Development Plan

Installation notes

Troubleshooting Guide

Tutorials

Buildah and Podman relationship

Buildah and Podman are two complementary open-source projects that are available on most Linux platforms and both projects reside at GitHub.com with Buildah here and Podman here. Both, Buildah and Podman are command line tools that work on Open Container Initiative (OCI) images and containers. The two projects differentiate in their specialization.

Buildah specializes in building OCI images. Buildah's commands replicate all of the commands that are found in a Dockerfile. This allows building images with and without Dockerfiles while not requiring any root privileges. Buildah’s ultimate goal is to provide a lower-level coreutils interface to build images. The flexibility of building images without Dockerfiles allows for the integration of other scripting languages into the build process. Buildah follows a simple fork-exec model and does not run as a daemon but it is based on a comprehensive API in golang, which can be vendored into other tools.

Podman specializes in all of the commands and functions that help you to maintain and modify OCI images, such as pulling and tagging. It also allows you to create, run, and maintain those containers created from those images. For building container images via Dockerfiles, Podman uses Buildah's golang API and can be installed independently from Buildah.

A major difference between Podman and Buildah is their concept of a container. Podman allows users to create "traditional containers" where the intent of these containers is to be long lived. While Buildah containers are really just created to allow content to be added back to the container image. An easy way to think of it is the buildah run command emulates the RUN command in a Dockerfile while the podman run command emulates the docker run command in functionality. Because of this and their underlying storage differences, you can not see Podman containers from within Buildah or vice versa.

In short, Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain those images and containers in a production environment using familiar container cli commands. For more details, see the Container Tools Guide.

Example

From ./examples/lighttpd.sh:

$ cat > lighttpd.sh <<"EOF"
#!/usr/bin/env bash

set -x

ctr1=$(buildah from "${1:-fedora}")

## Get all updates and install our minimal httpd server
buildah run "$ctr1" -- dnf update -y
buildah run "$ctr1" -- dnf install -y lighttpd

## Include some buildtime annotations
buildah config --annotation "com.example.build.host=$(uname -n)" "$ctr1"

## Run our server and expose the port
buildah config --cmd "/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf" "$ctr1"
buildah config --port 80 "$ctr1"

## Commit this container to an image name
buildah commit "$ctr1" "${2:-$USER/lighttpd}"
EOF

$ chmod +x lighttpd.sh
$ ./lighttpd.sh

Commands

CommandDescription
buildah-add(1)Add the contents of a file, URL, or a directory to the container.
buildah-build(1)Build an image using instructions from Containerfiles or Dockerfiles.
buildah-commit(1)Create an image from a working container.
buildah-config(1)Update image configuration settings.
buildah-containers(1)List the working containers and their base images.
buildah-copy(1)Copies the contents of a file, URL, or directory into a container's working directory.
buildah-from(1)Creates a new working container, either from scratch or using a specified image as a starting point.
buildah-images(1)List images in local storage.
buildah-info(1)Display Buildah system information.
buildah-inspect(1)Inspects the configuration of a container or image.
buildah-mount(1)Mount the working container's root filesystem.
buildah-pull(1)Pull an image from the specified location.
buildah-push(1)Push an image from local storage to elsewhere.
buildah-rename(1)Rename a local container.
buildah-rm(1)Removes one or more working containers.
buildah-rmi(1)Removes one or more images.
buildah-run(1)Run a command inside of the container.
buildah-tag(1)Add an additional name to a local image.
buildah-umount(1)Unmount a working container's root file system.
buildah-unshare(1)Launch a command in a user namespace with modified ID mappings.
buildah-version(1)Display the Buildah Version Information

Future goals include:

  • more CI tests
  • additional CLI commands (?)