Compare commits
24 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
8e9a423400 | ||
|
f16a14fc0f | ||
|
8bd3e02fd2 | ||
|
|
571e42aef3 | ||
|
|
e846d42497 | ||
|
|
b7f0f661e3 | ||
|
7033a0543d | ||
|
e03153c634 | ||
|
|
49888d43ab | ||
|
|
418284a2f2 | ||
|
|
5be93ca286 | ||
|
|
5e25ae9c63 | ||
|
|
6030da03d4 | ||
|
|
daf41b1e54 | ||
|
|
79ed56ad90 | ||
|
|
94f437184e | ||
|
|
51211d4483 | ||
|
|
57d6d22cdf | ||
|
|
3b9302effb | ||
|
|
c076596480 | ||
|
|
edea218783 | ||
|
73a7639472 | ||
|
3e63daf6fe | ||
|
|
e13fbcb36b |
@@ -1,3 +1,3 @@
|
||||
*
|
||||
!entrypoint.sh
|
||||
|
||||
.env*
|
||||
|
||||
6
.github/workflows/pr.yml
vendored
6
.github/workflows/pr.yml
vendored
@@ -6,6 +6,8 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
name: Verify commit messages
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Run commitsar
|
||||
uses: docker://commitsar/commitsar
|
||||
uses: docker://aevea/commitsar@sha256:b77adebc0437d4f2bfdf9205a39003e88acbc77a9176fd086b386207a5f3f5cb
|
||||
|
||||
8
.github/workflows/push.yml
vendored
8
.github/workflows/push.yml
vendored
@@ -9,7 +9,7 @@ jobs:
|
||||
- uses: actions/checkout@master
|
||||
|
||||
- name: GitHub Package Registry
|
||||
uses: outillage/kaniko-action@master
|
||||
uses: aevea/action-kaniko@master
|
||||
with:
|
||||
registry: docker.pkg.github.com
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -18,10 +18,10 @@ jobs:
|
||||
cache_registry: cache
|
||||
|
||||
- name: Dockerhub
|
||||
uses: outillage/kaniko-action@master
|
||||
uses: aevea/action-kaniko@master
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
image: outillage/kaniko
|
||||
image: aevea/kaniko
|
||||
cache: true
|
||||
cache_registry: outillage/cache
|
||||
cache_registry: aevea/cache
|
||||
|
||||
14
.github/workflows/release.yml
vendored
14
.github/workflows/release.yml
vendored
@@ -10,15 +10,17 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v1
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Release Notary Action
|
||||
uses: docker://commitsar/release-notary
|
||||
uses: docker://aevea/release-notary@sha256:8b26ced466da96b23a947d5c9e58baac22ee1192fd08200011e5b178f42118a0
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: GitHub Package Registry
|
||||
uses: outillage/kaniko-action@master
|
||||
uses: aevea/action-kaniko@master
|
||||
with:
|
||||
registry: docker.pkg.github.com
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -27,10 +29,10 @@ jobs:
|
||||
cache_registry: cache
|
||||
|
||||
- name: Dockerhub
|
||||
uses: outillage/kaniko-action@master
|
||||
uses: aevea/action-kaniko@master
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
image: outillage/kaniko
|
||||
image: aevea/kaniko
|
||||
cache: true
|
||||
cache_registry: outillage/cache
|
||||
cache_registry: aevea/cache
|
||||
|
||||
20
Dockerfile
20
Dockerfile
@@ -1,8 +1,26 @@
|
||||
FROM alpine as certs
|
||||
|
||||
RUN apk --update add ca-certificates
|
||||
|
||||
FROM gcr.io/kaniko-project/executor:debug
|
||||
|
||||
SHELL ["/busybox/sh", "-c"]
|
||||
|
||||
RUN wget -O /kaniko/jq \
|
||||
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
|
||||
chmod +x /kaniko/jq && \
|
||||
wget -O /kaniko/reg \
|
||||
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
|
||||
chmod +x /kaniko/reg && \
|
||||
wget -O /crane.tar.gz \
|
||||
https://github.com/google/go-containerregistry/releases/download/v0.1.1/go-containerregistry_Linux_x86_64.tar.gz && \
|
||||
tar -xvzf /crane.tar.gz crane -C /kaniko && \
|
||||
rm /crane.tar.gz
|
||||
|
||||
COPY entrypoint.sh /
|
||||
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
||||
LABEL repository="https://github.com/outillage/action-kaniko" \
|
||||
LABEL repository="https://github.com/aevea/action-kaniko" \
|
||||
maintainer="Alex Viscreanu <alexviscreanu@gmail.com>"
|
||||
|
||||
24
Makefile
Normal file
24
Makefile
Normal file
@@ -0,0 +1,24 @@
|
||||
build:
|
||||
docker build -t aevea/kaniko .
|
||||
|
||||
run: build
|
||||
docker run \
|
||||
-v $(shell pwd):/tmp \
|
||||
-e GITHUB_REPOSITORY \
|
||||
-e GITHUB_REF \
|
||||
-e GITHUB_ACTOR \
|
||||
-e GITHUB_TOKEN \
|
||||
-e GITHUB_WORKSPACE="/tmp" \
|
||||
-e INPUT_IMAGE \
|
||||
-e INPUT_CACHE \
|
||||
-e INPUT_CACHE_TTL \
|
||||
-e INPUT_CACHE_REGISTRY \
|
||||
-e INPUT_STRIP_TAG_PREFIX \
|
||||
-e INPUT_SKIP_UNCHANGED_DIGEST \
|
||||
aevea/kaniko
|
||||
|
||||
shell: build
|
||||
docker run \
|
||||
-ti \
|
||||
--entrypoint sh \
|
||||
aevea/kaniko
|
||||
48
README.md
48
README.md
@@ -19,13 +19,13 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- name: Kaniko build
|
||||
uses: outillage/kaniko-action@master
|
||||
uses: aevea/action-kaniko@master
|
||||
with:
|
||||
image: outillage/kaniko
|
||||
image: aevea/kaniko
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
cache: true
|
||||
cache_registry: outillage/cache
|
||||
cache_registry: aevea/cache
|
||||
```
|
||||
|
||||
## Required Arguments
|
||||
@@ -39,19 +39,23 @@ the most used values. So, technically there is a single required argument
|
||||
|
||||
## Optional Arguments
|
||||
|
||||
| variable | description | required | default |
|
||||
|------------------|----------------------------------------------------------|----------|-----------------------------|
|
||||
| registry | Docker registry where the image will be pushed | false | docker.io |
|
||||
| username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR |
|
||||
| password | Password used for authentication to the Docker registry | false | |
|
||||
| tag | Image tag | false | latest |
|
||||
| cache | Enables build cache | false | false |
|
||||
| cache_ttl | How long the cache should be considered valid | false | |
|
||||
| cache_registry | Docker registry meant to be used as cache | false | |
|
||||
| cache_directory | Filesystem path meant to be used as cache | false | |
|
||||
| build_file | Dockerfile filename | false | Dockerfile |
|
||||
| extra_args | Additional arguments to be passed to the kaniko executor | false | |
|
||||
| strip_tag_prefix | Prefix to be stripped from the tag | false | |
|
||||
| variable | description | required | default |
|
||||
|-----------------------|-----------------------------------------------------------------|----------|-----------------|
|
||||
| registry | Docker registry where the image will be pushed | false | docker.io |
|
||||
| username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR |
|
||||
| password | Password used for authentication to the Docker registry | false | |
|
||||
| tag | Image tag | false | latest |
|
||||
| cache | Enables build cache | false | false |
|
||||
| cache_ttl | How long the cache should be considered valid | false | |
|
||||
| cache_registry | Docker registry meant to be used as cache | false | |
|
||||
| cache_directory | Filesystem path meant to be used as cache | false | |
|
||||
| build_file | Dockerfile filename | false | Dockerfile |
|
||||
| extra_args | Additional arguments to be passed to the kaniko executor | false | |
|
||||
| strip_tag_prefix | Prefix to be stripped from the tag | false | |
|
||||
| skip_unchanged_digest | Avoids pushing the image if the build generated the same digest | false | |
|
||||
| path | Path to the build context. Defaults to `.` | false | . |
|
||||
| tag_with_latest | Tags the built image with additional latest tag | false | |
|
||||
| target | Sets the target stage to build | false | |
|
||||
|
||||
**Here is where it gets specific, as the optional arguments become required depending on the registry targeted**
|
||||
|
||||
@@ -62,7 +66,7 @@ In this case, the authentication credentials need to be passed via GitHub Action
|
||||
|
||||
```yaml
|
||||
with:
|
||||
image: outillage/kaniko
|
||||
image: aevea/kaniko
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
```
|
||||
@@ -72,17 +76,17 @@ doesn't work. If you want to use caching with Dockerhub, create a `cache` reposi
|
||||
|
||||
```yaml
|
||||
with:
|
||||
image: outillage/kaniko
|
||||
image: aevea/kaniko
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
cache: true
|
||||
cache_registry: outillage/cache
|
||||
cache_registry: aevea/cache
|
||||
```
|
||||
|
||||
### [docker.pkg.github.com](https://github.com/features/packages)
|
||||
|
||||
GitHub's docker registry is a bit special. It doesn't allow top-level images, so this action will prefix any image with the GitHub namespace.
|
||||
If you want to push your image like `outillage/kaniko-action/kaniko`, you'll only need to pass `kaniko` to this action.
|
||||
If you want to push your image like `aevea/action-kaniko/kaniko`, you'll only need to pass `kaniko` to this action.
|
||||
|
||||
The authentication is automatically done using the `GITHUB_ACTOR` and `GITHUB_TOKEN` provided from GitHub itself. But as `GITHUB_TOKEN` is not
|
||||
passed by default, it will have to be explicitly set up.
|
||||
@@ -125,7 +129,7 @@ with:
|
||||
registry: registry.gitlab.com
|
||||
username: ${{ secrets.GL_REGISTRY_USERNAME }}
|
||||
password: ${{ secrets.GL_REGISTRY_PASSWORD }}
|
||||
image: outillage/kaniko
|
||||
image: aevea/kaniko
|
||||
```
|
||||
|
||||
> NOTE: As GitLab's registry does support namespacing, Kaniko can natively push cached layers to it, so only `cache: true` is necessary to be
|
||||
@@ -136,7 +140,7 @@ with:
|
||||
registry: registry.gitlab.com
|
||||
username: ${{ secrets.GL_REGISTRY_USERNAME }}
|
||||
password: ${{ secrets.GL_REGISTRY_PASSWORD }}
|
||||
image: outillage/kaniko
|
||||
image: aevea/kaniko
|
||||
cache: true
|
||||
```
|
||||
|
||||
|
||||
13
action.yml
13
action.yml
@@ -5,6 +5,10 @@ branding:
|
||||
icon: anchor
|
||||
color: orange
|
||||
inputs:
|
||||
path:
|
||||
description: Path to the build context
|
||||
required: false
|
||||
default: "."
|
||||
registry:
|
||||
description: "Docker registry where the image will be pushed"
|
||||
required: false
|
||||
@@ -41,6 +45,15 @@ inputs:
|
||||
extra_args:
|
||||
description: "Additional arguments to be passed to the kaniko executor"
|
||||
required: false
|
||||
skip_unchanged_digest:
|
||||
description: "Avoids pushing the image if the build generated the same digest"
|
||||
required: false
|
||||
tag_with_latest:
|
||||
description: "Tags the built image with additional latest tag"
|
||||
required: false
|
||||
target:
|
||||
description: Sets the target stage to build
|
||||
required: false
|
||||
runs:
|
||||
using: "docker"
|
||||
image: "Dockerfile"
|
||||
|
||||
@@ -9,26 +9,39 @@ export TAG=${TAG:-"latest"}
|
||||
export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
|
||||
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
|
||||
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
|
||||
export REPOSITORY=$IMAGE
|
||||
export IMAGE=$IMAGE:$TAG
|
||||
export CONTEXT_PATH=${INPUT_PATH}
|
||||
|
||||
function sanitize() {
|
||||
if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then
|
||||
export IMAGE_LATEST="$IMAGE:latest"
|
||||
fi
|
||||
|
||||
function ensure() {
|
||||
if [ -z "${1}" ]; then
|
||||
echo >&2 "Unable to find the ${2}. Did you set with.${2}?"
|
||||
echo >&2 "Unable to find the ${2} variable. Did you set with.${2}?"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
sanitize "${REGISTRY}" "registry"
|
||||
sanitize "${USERNAME}" "username"
|
||||
sanitize "${PASSWORD}" "password"
|
||||
sanitize "${IMAGE}" "image"
|
||||
sanitize "${TAG}" "tag"
|
||||
ensure "${REGISTRY}" "registry"
|
||||
ensure "${USERNAME}" "username"
|
||||
ensure "${PASSWORD}" "password"
|
||||
ensure "${IMAGE}" "image"
|
||||
ensure "${TAG}" "tag"
|
||||
ensure "${CONTEXT_PATH}" "path"
|
||||
|
||||
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
|
||||
export IMAGE="$GITHUB_REPOSITORY/$IMAGE"
|
||||
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
|
||||
export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
|
||||
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST"
|
||||
fi
|
||||
|
||||
if [ ! -z $INPUT_CACHE_REGISTRY ]; then
|
||||
export INPUT_CACHE_REGISTRY="$REGISTRY/$GITHUB_REPOSITORY/$INPUT_CACHE_REGISTRY"
|
||||
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -36,18 +49,30 @@ if [ "$REGISTRY" == "docker.io" ]; then
|
||||
export REGISTRY="index.${REGISTRY}/v1/"
|
||||
else
|
||||
export IMAGE="$REGISTRY/$IMAGE"
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST"
|
||||
fi
|
||||
fi
|
||||
|
||||
export CACHE=${INPUT_CACHE:+"--cache=true"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
|
||||
export CONTEXT="--context $GITHUB_WORKSPACE"
|
||||
export DOCKERFILE="--dockerfile ${INPUT_BUILD_FILE:-Dockerfile}"
|
||||
export DESTINATION="--destination $IMAGE"
|
||||
export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
|
||||
export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
|
||||
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
|
||||
|
||||
export ARGS="$CACHE $CONTEXT $DOCKERFILE $DESTINATION $INPUT_EXTRA_ARGS"
|
||||
echo $ARGS
|
||||
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
||||
export DESTINATION="--digest-file digest --no-push --tarPath image.tar --destination $IMAGE"
|
||||
else
|
||||
export DESTINATION="--destination $IMAGE"
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export DESTINATION="$DESTINATION --destination $IMAGE_LATEST"
|
||||
fi
|
||||
fi
|
||||
|
||||
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS"
|
||||
|
||||
cat <<EOF >/kaniko/.docker/config.json
|
||||
{
|
||||
@@ -60,4 +85,34 @@ cat <<EOF >/kaniko/.docker/config.json
|
||||
}
|
||||
EOF
|
||||
|
||||
/kaniko/executor $ARGS
|
||||
# https://github.com/GoogleContainerTools/kaniko/issues/1349
|
||||
/kaniko/executor --reproducible --force $ARGS
|
||||
|
||||
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
||||
export DIGEST=$(cat digest)
|
||||
|
||||
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
|
||||
wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64 | tr -d \\n)" https://docker.pkg.github.com/v2/$REPOSITORY/manifests/latest || true
|
||||
export REMOTE="sha256:$(cat manifest | sha256sum | awk '{ print $1 }')"
|
||||
else
|
||||
export REMOTE=$(reg digest -u $USERNAME -p $PASSWORD $REGISTRY/$REPOSITORY | tail -1)
|
||||
fi
|
||||
|
||||
if [ "$DIGEST" == "$REMOTE" ]; then
|
||||
echo "Digest hasn't changed, skipping, $DIGEST"
|
||||
echo "Done 🎉️"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Pushing image..."
|
||||
|
||||
/kaniko/crane auth login $REGISTRY -u $USERNAME -p $PASSWORD
|
||||
/kaniko/crane push image.tar $IMAGE
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
echo "Tagging latest..."
|
||||
/kaniko/crane tag $IMAGE latest
|
||||
fi
|
||||
|
||||
echo "Done 🎉️"
|
||||
fi
|
||||
|
||||
5
renovate.json
Normal file
5
renovate.json
Normal file
@@ -0,0 +1,5 @@
|
||||
{
|
||||
"extends": [
|
||||
"config:base"
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user