builder: New container image

This will be the container image buildroot.

.github/workflows/builder.yml

@@ -0,0 +1,33 @@
+name: builder
+
+on:
+  push:
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/builder
+
+jobs:
+  build-image:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Login
+        run: buildah login --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} ${{ env.REGISTRY }}
+      - name: Build
+        id: build_image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: latest
+          containerfiles: ./builder/Containerfile
+          archs: amd64, ppc64le, s390x, arm64
+          oci: true
+          context: builder
+      - name: Push
+        run: buildah push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

builder/Dockerfile

@@ -0,0 +1,7 @@
+# This image contains the baseline tools to build bootable base images.
+FROM quay.io/centos/centos:stream9
+WORKDIR /src
+COPY . .
+RUN ./build.sh && cd / && rm /src -rf
+WORKDIR /
+

builder/build.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+set -xeuo pipefail
+
+pkginstall() {
+    dnf -y install "$@"
+}
+
+pkginstall dnf-utils
+dnf config-manager --set-enabled crb
+pkginstall epel-release epel-next-release
+# The repo files reference GPG keys
+pkginstall distribution-gpg-keys
+# rpm-ostree for builds, and need skopeo to do the container backend
+pkginstall rpm-ostree skopeo
+# For derived container builds
+pkginstall buildah
+# And a rust toolchain
+pkginstall cargo openssl-devel
+
+# Build tools
+pkginstall selinux-policy-targeted osbuild crypto-policies-scripts sudo