Expire commit container images after 1 week

[mgoerens]

Prior to podman 4.6.0, there is a bug that would cause the expiration tag to be added to the "main" container image as well in the build.yaml workflow. See the buildah bug report:
containers/buildah#4632

As a workaround, the --no-cache flag is used to build container images with the "build-image" make target.

This workaround, can be removed when we use a runner image that has podman>=4.6.0. Currently, the ubuntu-latest runner image we use has 3.4.4.

close #397

[komish]

Well that's a bit weird! Do you think we should use the buildah image in our CI[1], or stick with this approach which allows us to keep the core build logic in our Makefile?

[1]https://github.com/redhat-openshift-ecosystem/openshift-preflight/blob/main/.github/workflows/build-main.yml#L31-L43

[mgoerens]

I think this is a fine workaround. I'm aware of the buildah step that is used in preflight, but I personally like better to build all our images using the make target ("keep the core build logic in our Makefile" as you well put it).

--no-cache: do not use existing cached images for the container build. Build from the start with a new set of cached layers.

So there is a performance hit for using this flag, which IMO is acceptable. If we think this it too annoying (e.g. we run make build-image in our daily workflows locally, and have to wait a considerable amount of time), we can also make this flag optional, something like:

Makefile:

[...]
BUILD_FLAGS=""

[...]
build_image:
    podman build $BUILD_FLAGS -t ....

and in build.yaml:

make build_image BUILD_FLAGS="--no-cache" ...

But I'm not sure this is even necessary... Building images is mostly done is the pipeline, and it's okay if it takes one more minute IMO.

[mgoerens]

FYI I just amended the commit to improve the readability of the make target with line breaks.

[komish]

Overall LGTM, but just one more thing to try before we commit to using --no-cache to work around this bug.

[komish]

/lgtm