With multi-stage Dockerfiles, you only copy the final, built application artifacts from the earlier stage(s). Then, building a package as one signed file to copy is justified and easier anyway.
There's always:
RUN dnf remove -y ansible && dnf clean all
I thought there was a native way to build container images with ansible that don't have ansible installed in the image though?
> The Build Process Explained: When you run ansible-builder build, it goes through these steps:
> Reads your `execution-environment.yml` definition,
Resolves collection dependencies (including transitive dependencies),
Generates a `Containerfile` in a `context/` directory,
Copies dependency files into the build context,
Runs the container build using Podman or Docker
It probably shouldn't (?) parallelize because that wouldn't be a deterministic build; installing A then B is not the same as installing B then A. (Is not the same thing as installing A in one container image layer, B in another container image layer, and then trying to merge the package databases.) A given package B could conditionally install or configure according to whether or not A is already installed, and so for example package install tasks are not commutative.
.
Bootc (osbuild) builds VM and native machine images from Containerfiles:
There's always:
I thought there was a native way to build container images with ansible that don't have ansible installed in the image though?ansible/ansible-builder: https://github.com/ansible/ansible-builder
"How to Use ansible-builder to Create Execution Environments" https://oneuptime.com/blog/post/2026-02-21-how-to-use-ansibl... :
> The Build Process Explained: When you run ansible-builder build, it goes through these steps:
> Reads your `execution-environment.yml` definition, Resolves collection dependencies (including transitive dependencies), Generates a `Containerfile` in a `context/` directory, Copies dependency files into the build context, Runs the container build using Podman or Docker
How to Use Ansible to Build Podman Images > Building with Build Arguments, Multi-Stage Builds, Building with Buildah: https://oneuptime.com/#building-with-buildah :
It's possible to build images using build a commands in an ansible playbook:
.The CLI way to traverse an ansible playbook graph, for e.g. dagger:
But where can it parallelize?It probably shouldn't (?) parallelize because that wouldn't be a deterministic build; installing A then B is not the same as installing B then A. (Is not the same thing as installing A in one container image layer, B in another container image layer, and then trying to merge the package databases.) A given package B could conditionally install or configure according to whether or not A is already installed, and so for example package install tasks are not commutative.
.
Bootc (osbuild) builds VM and native machine images from Containerfiles:
/? bootc ansible [Debian] https://www.google.com/search?q=bootc+ansible https://www.google.com/search?q=bootc+ansible+debian"Demonstrate a debian or arch base image" bootc-dev/bootc#865 https://github.com/bootc-dev/bootc/issues/865
Is packer necessary with bootc?
To require signatures for containers and also for native containers with bootc:
Here's this on ansible, dagger, bootc: "Public link: Dagger for Programmable CI/CD" https://gemini.google.com/share/3965633a3ff8