action/kaniko
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Compare commits

base: action:v0.3
Branches Tags
action:master action:renovate/gcr.io-kaniko-project-executor-1.x
action:v0.11.0 action:v0.10.0 action:v0.9.0 action:v0.8.0 action:v0.7.1 action:v0.7.0 action:v0.6.2 action:v0.6.1 action:v0.6.0 action:v0.5.1 action:v0.5.0 action:v0.4.0 action:v0.3.2 action:v0.3.1 action:v0.3 action:v0.2.1 action:v0.2 action:v0.1
...
compare: action:v0.4.0
Branches Tags
action:renovate/gcr.io-kaniko-project-executor-1.x action:master
action:v0.11.0 action:v0.10.0 action:v0.9.0 action:v0.8.0 action:v0.7.1 action:v0.7.0 action:v0.6.2 action:v0.6.1 action:v0.6.0 action:v0.5.1 action:v0.5.0 action:v0.4.0 action:v0.3.2 action:v0.3.1 action:v0.3 action:v0.2.1 action:v0.2 action:v0.1

7 Commits
v0.3 ... v0.4.0

Author SHA1 Message Date
Alex Viscreanu
57d6d22cdf chore: Push on first build if skip_unchanged_digest isn't set 2020-06-19 14:10:56 +02:00
Alex Viscreanu
3b9302effb feat: Add option for skip pushing if the digest hasn't changed 2020-06-19 14:10:56 +02:00
Alex Viscreanu
c076596480 chore: Add Makefile for easier development 2020-06-19 13:18:55 +02:00
Alex Viscreanu
edea218783 chore: Rename function to ensure variables being set 2020-06-19 13:14:45 +02:00
Simon Prochazka
73a7639472 chore: Rename organization to aevea 2020-04-26 18:43:20 +02:00
Remon Oldenbeuving
3e63daf6fe fix: Ensure lowercase GitHub image namespace 2020-04-08 09:14:03 +02:00
Renovate Bot
e13fbcb36b chore(deps): add renovate.json 2020-03-15 00:06:57 +01:00
10 changed files with 119 additions and 46 deletions
Expand all files Collapse all files

2
.dockerignore
View File

@@ -1,3 +1,3 @@
* *
!entrypoint.sh !entrypoint.sh
.env*

2
.github/workflows/pr.yml vendored
View File

@@ -8,4 +8,4 @@ jobs:
steps: steps:
- uses: actions/checkout@v1 - uses: actions/checkout@v1
- name: Run commitsar - name: Run commitsar
uses: docker://commitsar/commitsar uses: docker://aevea/commitsar

8
.github/workflows/push.yml vendored
View File

@@ -9,7 +9,7 @@ jobs:
- uses: actions/checkout@master - uses: actions/checkout@master
- name: GitHub Package Registry - name: GitHub Package Registry
uses: outillage/kaniko-action@master uses: aevea/action-kaniko@master
with: with:
registry: docker.pkg.github.com registry: docker.pkg.github.com
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
@@ -18,10 +18,10 @@ jobs:
cache_registry: cache cache_registry: cache
- name: Dockerhub - name: Dockerhub
uses: outillage/kaniko-action@master uses: aevea/action-kaniko@master
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }} password: ${{ secrets.DOCKERHUB_PASSWORD }}
image: outillage/kaniko image: aevea/kaniko
cache: true cache: true
cache_registry: outillage/cache cache_registry: aevea/cache

10
.github/workflows/release.yml vendored
View File

@@ -13,12 +13,12 @@ jobs:
uses: actions/checkout@v1 uses: actions/checkout@v1
- name: Release Notary Action - name: Release Notary Action
uses: docker://commitsar/release-notary uses: docker://aevea/release-notary
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: GitHub Package Registry - name: GitHub Package Registry
uses: outillage/kaniko-action@master uses: aevea/action-kaniko@master
with: with:
registry: docker.pkg.github.com registry: docker.pkg.github.com
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
@@ -27,10 +27,10 @@ jobs:
cache_registry: cache cache_registry: cache
- name: Dockerhub - name: Dockerhub
uses: outillage/kaniko-action@master uses: aevea/action-kaniko@master
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }} password: ${{ secrets.DOCKERHUB_PASSWORD }}
image: outillage/kaniko image: aevea/kaniko
cache: true cache: true
cache_registry: outillage/cache cache_registry: aevea/cache

17
Dockerfile
View File

@@ -1,8 +1,23 @@
FROM alpine as certs
RUN apk --update add ca-certificates
FROM gcr.io/kaniko-project/executor:debug FROM gcr.io/kaniko-project/executor:debug
SHELL ["/busybox/sh", "-c"]
RUN mkdir -p /usr/local/bin && \
wget -O /usr/local/bin/jq \
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
chmod +x /usr/local/bin/jq && \
wget -O /usr/local/bin/reg \
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
chmod +x /usr/local/bin/reg
COPY entrypoint.sh / COPY entrypoint.sh /
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]
LABEL repository="https://github.com/outillage/action-kaniko" \ LABEL repository="https://github.com/aevea/action-kaniko" \
maintainer="Alex Viscreanu <alexviscreanu@gmail.com>" maintainer="Alex Viscreanu <alexviscreanu@gmail.com>"

24
Makefile Normal file
View File

@@ -0,0 +1,24 @@
build:
docker build -t aevea/kaniko .
run: build
docker run \
-v $(shell pwd):/tmp \
-e GITHUB_REPOSITORY \
-e GITHUB_REF \
-e GITHUB_ACTOR \
-e GITHUB_TOKEN \
-e GITHUB_WORKSPACE="/tmp" \
-e INPUT_IMAGE \
-e INPUT_CACHE \
-e INPUT_CACHE_TTL \
-e INPUT_CACHE_REGISTRY \
-e INPUT_STRIP_TAG_PREFIX \
-e INPUT_SKIP_UNCHANGED_DIGEST \
aevea/kaniko
shell: build
docker run \
-ti \
--entrypoint sh \
aevea/kaniko

21
README.md
View File

@@ -19,13 +19,13 @@ jobs:
steps: steps:
- uses: actions/checkout@master - uses: actions/checkout@master
- name: Kaniko build - name: Kaniko build
uses: outillage/kaniko-action@master uses: aevea/action-kaniko@master
with: with:
image: outillage/kaniko image: aevea/kaniko
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }} password: ${{ secrets.DOCKERHUB_PASSWORD }}
cache: true cache: true
cache_registry: outillage/cache cache_registry: aevea/cache
``` ```
## Required Arguments ## Required Arguments
@@ -40,7 +40,7 @@ the most used values. So, technically there is a single required argument
## Optional Arguments ## Optional Arguments
| variable | description | required | default | | variable | description | required | default |
|------------------|----------------------------------------------------------|----------|-----------------------------| |-----------------------|-----------------------------------------------------------------|----------|-----------------|
| registry | Docker registry where the image will be pushed | false | docker.io | | registry | Docker registry where the image will be pushed | false | docker.io |
| username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR | | username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR |
| password | Password used for authentication to the Docker registry | false | | | password | Password used for authentication to the Docker registry | false | |
@@ -52,6 +52,7 @@ the most used values. So, technically there is a single required argument
| build_file | Dockerfile filename | false | Dockerfile | | build_file | Dockerfile filename | false | Dockerfile |
| extra_args | Additional arguments to be passed to the kaniko executor | false | | | extra_args | Additional arguments to be passed to the kaniko executor | false | |
| strip_tag_prefix | Prefix to be stripped from the tag | false | | | strip_tag_prefix | Prefix to be stripped from the tag | false | |
| skip_unchanged_digest | Avoids pushing the image if the build generated the same digest | false | |
**Here is where it gets specific, as the optional arguments become required depending on the registry targeted** **Here is where it gets specific, as the optional arguments become required depending on the registry targeted**
@@ -62,7 +63,7 @@ In this case, the authentication credentials need to be passed via GitHub Action
```yaml ```yaml
with: with:
image: outillage/kaniko image: aevea/kaniko
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }} password: ${{ secrets.DOCKERHUB_PASSWORD }}
``` ```
@@ -72,17 +73,17 @@ doesn't work. If you want to use caching with Dockerhub, create a `cache` reposi
```yaml ```yaml
with: with:
image: outillage/kaniko image: aevea/kaniko
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }} password: ${{ secrets.DOCKERHUB_PASSWORD }}
cache: true cache: true
cache_registry: outillage/cache cache_registry: aevea/cache
``` ```
### [docker.pkg.github.com](https://github.com/features/packages) ### [docker.pkg.github.com](https://github.com/features/packages)
GitHub's docker registry is a bit special. It doesn't allow top-level images, so this action will prefix any image with the GitHub namespace. GitHub's docker registry is a bit special. It doesn't allow top-level images, so this action will prefix any image with the GitHub namespace.
If you want to push your image like `outillage/kaniko-action/kaniko`, you'll only need to pass `kaniko` to this action. If you want to push your image like `aevea/action-kaniko/kaniko`, you'll only need to pass `kaniko` to this action.
The authentication is automatically done using the `GITHUB_ACTOR` and `GITHUB_TOKEN` provided from GitHub itself. But as `GITHUB_TOKEN` is not The authentication is automatically done using the `GITHUB_ACTOR` and `GITHUB_TOKEN` provided from GitHub itself. But as `GITHUB_TOKEN` is not
passed by default, it will have to be explicitly set up. passed by default, it will have to be explicitly set up.
@@ -125,7 +126,7 @@ with:
registry: registry.gitlab.com registry: registry.gitlab.com
username: ${{ secrets.GL_REGISTRY_USERNAME }} username: ${{ secrets.GL_REGISTRY_USERNAME }}
password: ${{ secrets.GL_REGISTRY_PASSWORD }} password: ${{ secrets.GL_REGISTRY_PASSWORD }}
image: outillage/kaniko image: aevea/kaniko
``` ```
> NOTE: As GitLab's registry does support namespacing, Kaniko can natively push cached layers to it, so only `cache: true` is necessary to be > NOTE: As GitLab's registry does support namespacing, Kaniko can natively push cached layers to it, so only `cache: true` is necessary to be
@@ -136,7 +137,7 @@ with:
registry: registry.gitlab.com registry: registry.gitlab.com
username: ${{ secrets.GL_REGISTRY_USERNAME }} username: ${{ secrets.GL_REGISTRY_USERNAME }}
password: ${{ secrets.GL_REGISTRY_PASSWORD }} password: ${{ secrets.GL_REGISTRY_PASSWORD }}
image: outillage/kaniko image: aevea/kaniko
cache: true cache: true
``` ```

3
action.yml
View File

@@ -41,6 +41,9 @@ inputs:
extra_args: extra_args:
description: "Additional arguments to be passed to the kaniko executor" description: "Additional arguments to be passed to the kaniko executor"
required: false required: false
skip_unchanged_digest:
description: "Avoids pushing the image if the build generated the same digest"
required: false
runs: runs:
using: "docker" using: "docker"
image: "Dockerfile" image: "Dockerfile"

47
entrypoint.sh
View File

@@ -11,24 +11,25 @@ export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN} export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
export IMAGE=$IMAGE:$TAG export IMAGE=$IMAGE:$TAG
function sanitize() { function ensure() {
if [ -z "${1}" ]; then if [ -z "${1}" ]; then
echo >&2 "Unable to find the ${2}. Did you set with.${2}?" echo >&2 "Unable to find the ${2} variable. Did you set with.${2}?"
exit 1 exit 1
fi fi
} }
sanitize "${REGISTRY}" "registry" ensure "${REGISTRY}" "registry"
sanitize "${USERNAME}" "username" ensure "${USERNAME}" "username"
sanitize "${PASSWORD}" "password" ensure "${PASSWORD}" "password"
sanitize "${IMAGE}" "image" ensure "${IMAGE}" "image"
sanitize "${TAG}" "tag" ensure "${TAG}" "tag"
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
export IMAGE="$GITHUB_REPOSITORY/$IMAGE" IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
if [ ! -z $INPUT_CACHE_REGISTRY ]; then if [ ! -z $INPUT_CACHE_REGISTRY ]; then
export INPUT_CACHE_REGISTRY="$REGISTRY/$GITHUB_REPOSITORY/$INPUT_CACHE_REGISTRY" export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
fi fi
fi fi
@@ -44,10 +45,14 @@ export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"} export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
export CONTEXT="--context $GITHUB_WORKSPACE" export CONTEXT="--context $GITHUB_WORKSPACE"
export DOCKERFILE="--dockerfile ${INPUT_BUILD_FILE:-Dockerfile}" export DOCKERFILE="--dockerfile ${INPUT_BUILD_FILE:-Dockerfile}"
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
export DESTINATION="--no-push --digest-file digest"
else
export DESTINATION="--destination $IMAGE" export DESTINATION="--destination $IMAGE"
fi
export ARGS="$CACHE $CONTEXT $DOCKERFILE $DESTINATION $INPUT_EXTRA_ARGS" export ARGS="$CACHE $CONTEXT $DOCKERFILE $DESTINATION $INPUT_EXTRA_ARGS"
echo $ARGS
cat <<EOF >/kaniko/.docker/config.json cat <<EOF >/kaniko/.docker/config.json
{ {
@@ -60,4 +65,24 @@ cat <<EOF >/kaniko/.docker/config.json
} }
EOF EOF
/kaniko/executor $ARGS /kaniko/executor --reproducible $ARGS
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
export DIGEST=$(cat digest)
export REMOTE=$(reg digest "$IMAGE" | tail -1)
if [ "$DIGEST" == "$REMOTE" ]; then
echo "Digest hasn't changed, skipping, $DIGEST"
echo "Done 🎉️"
exit 0
fi
export DESTINATION="--destination $IMAGE"
export ARGS="$CACHE $CONTEXT $DOCKERFILE $DESTINATION $INPUT_EXTRA_ARGS"
echo "Pushing image..."
/kaniko/executor --reproducible $ARGS >/dev/null 2>&1
echo "Done 🎉️"
fi

5
renovate.json Normal file
View File

@@ -0,0 +1,5 @@
{
"extends": [
"config:base"
]
}