moves release Dockerfiles into os repo

ci/Dockerfile.cosa-build

@@ -0,0 +1,35 @@
+# This stage actually builds the RHCOS OCI image. However, due to
+# limitations within OpenShift CI, we need to do the following:
+# 1. Disable KVM by using the COSA_NO_KVM env var. This is due to OpenShift
+# CI using the default OpenShift Docker Build strategy, which precludes us
+# from mounting /dev/kvm into the build context.
+# 2. Due to a limitation in the version of Buildah that OpenShift Builds
+# uses (at the time of this writing, it uses a v1.23.z version of Buildah),
+# we cannot mount the build context into the container build (e.g., `RUN
+# --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared
+# <cmd>`), which would allow it to mutate the build context. This is due to
+# https://github.com/containers/buildah/pull/3548 not being present.
+# For now, this necessitates passing this image into the cosa-build image
+# build below to extract the OCI archive and inject it into the
+# ImageStream. However, once the OpenShift CI system is upgraded to use
+# OpenShift 4.11, we can create the RHCOS image in a single shot via this
+# stage.
+FROM build-test-qemu-img:latest
+ENV COSA_DIR=/tmp/cosa
+ENV COSA_SKIP_OVERLAY=1
+RUN mkdir -p "${COSA_DIR}" && \
+  COSA_NO_KVM=1 /src/ci/prow-build.sh && \
+  rm -rf "${COSA_DIR}/cache"
+# We need to make sure that root can read / write to the COSA_DIR so that
+# when this container is actually run, we have permissions to read and
+# write to the COSA_DIR to allow the Kola tests to run.
+# Note: In Docker BuildKit, this would double the image size because this
+# would create an additional layer. However, since OpenShift Image Builds
+# use Buildah, this is eliminated because it squashes these layers
+# together.
+USER root
+RUN chgrp -Rf root "${COSA_DIR}" && \
+  chmod -Rf g+w "${COSA_DIR}"
+USER builder
+WORKDIR /tmp/cosa
+

ci/Dockerfile.cosa-oci-archive

@@ -0,0 +1,11 @@
+# We need the OCI archive to be somewhere with a predictable place with a constant
+# path. However, the Kola tests expect the OCI archive to have the build
+# number included in the filename. With that in mind, this image build will
+# extract the RHCOS OCI archive from the cosa-build archive and place it in
+# a constant path for extraction by the machine-os-oci-content image build.
+FROM cosa-build:latest AS base
+RUN /src/ci/simplify-ociarchive-path.sh
+
+FROM scratch
+COPY --from=base /tmp/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive /tmp/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive
+

ci/Dockerfile.layering-test

@@ -0,0 +1,7 @@
+# Create a slimmer Fedora-based image for the layering test binary. This is
+# intended to make the startup of the OS layering test faster since we
+# won't have to pull the larger build-test-qemu-img.
+FROM build-test-qemu-img:latest AS base
+FROM registry.ci.openshift.org/coreos/fedora:35 AS final
+COPY --from=base /usr/local/bin/layering_test /usr/local/bin/layering_test
+

ci/Dockerfile.machine-os-oci-content

@@ -0,0 +1,13 @@
+# This extracts the OCI archive from the cosa-build image build, injects it
+# into the build context, and then uses that OCI archive as this image.
+# This makes use of the following:
+# - OpenShift Image Builds allows one to pass in a path from another container
+# image. It places this under /tmp/build/inputs/<path>. See:
+# https://github.com/openshift/builder/blob/37525a77fa07e26c420962dee47193d672ef0b35/pkg/build/builder/common.go#L72
+# - Buildah allows one to use oci-archive as a transport. See:
+# https://www.redhat.com/sysadmin/7-transports-features
+# - Utilizing the above features in concert with one another and using an
+# absolute path to refer to the OCI archive in the build context allows us
+# to "import" the OCI archive into the CI ImageStream.
+FROM oci-archive:/tmp/build/inputs/magic/cosa/builds/latest/x86_64/rhcos.x86_64.ociarchive
+