Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
dc591110cc | ||
|
8e9a423400 | ||
|
|
f16a14fc0f | ||
|
8bd3e02fd2 | ||
|
|
571e42aef3 | ||
|
|
e846d42497 | ||
|
|
b7f0f661e3 | ||
|
7033a0543d | ||
|
e03153c634 | ||
|
|
49888d43ab | ||
|
|
418284a2f2 | ||
|
|
5be93ca286 | ||
|
|
5e25ae9c63 | ||
|
|
6030da03d4 |
6
.github/workflows/pr.yml
vendored
6
.github/workflows/pr.yml
vendored
@@ -6,6 +6,8 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
name: Verify commit messages
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Run commitsar
|
||||
uses: docker://aevea/commitsar
|
||||
uses: docker://aevea/commitsar@sha256:b77adebc0437d4f2bfdf9205a39003e88acbc77a9176fd086b386207a5f3f5cb
|
||||
|
||||
6
.github/workflows/release.yml
vendored
6
.github/workflows/release.yml
vendored
@@ -10,10 +10,12 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v1
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Release Notary Action
|
||||
uses: docker://aevea/release-notary
|
||||
uses: docker://aevea/release-notary@sha256:8b26ced466da96b23a947d5c9e58baac22ee1192fd08200011e5b178f42118a0
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
|
||||
@@ -11,7 +11,11 @@ RUN wget -O /kaniko/jq \
|
||||
chmod +x /kaniko/jq && \
|
||||
wget -O /kaniko/reg \
|
||||
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
|
||||
chmod +x /kaniko/reg
|
||||
chmod +x /kaniko/reg && \
|
||||
wget -O /crane.tar.gz \
|
||||
https://github.com/google/go-containerregistry/releases/download/v0.1.1/go-containerregistry_Linux_x86_64.tar.gz && \
|
||||
tar -xvzf /crane.tar.gz crane -C /kaniko && \
|
||||
rm /crane.tar.gz
|
||||
|
||||
COPY entrypoint.sh /
|
||||
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
@@ -10,10 +10,13 @@ export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
|
||||
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
|
||||
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
|
||||
export REPOSITORY=$IMAGE
|
||||
export IMAGE_LATEST=${INPUT_TAG_WITH_LATEST:+"$IMAGE:latest"}
|
||||
export IMAGE=$IMAGE:$TAG
|
||||
export CONTEXT_PATH=${INPUT_PATH}
|
||||
|
||||
if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then
|
||||
export IMAGE_LATEST="$IMAGE:latest"
|
||||
fi
|
||||
|
||||
function ensure() {
|
||||
if [ -z "${1}" ]; then
|
||||
echo >&2 "Unable to find the ${2} variable. Did you set with.${2}?"
|
||||
@@ -28,7 +31,7 @@ ensure "${IMAGE}" "image"
|
||||
ensure "${TAG}" "tag"
|
||||
ensure "${CONTEXT_PATH}" "path"
|
||||
|
||||
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
|
||||
if [ "$REGISTRY" == "ghcr.io" ]; then
|
||||
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
|
||||
export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
|
||||
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
|
||||
@@ -61,7 +64,7 @@ export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
|
||||
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
|
||||
|
||||
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
||||
export DESTINATION="--no-push --digest-file digest"
|
||||
export DESTINATION="--digest-file digest --no-push --tarPath image.tar --destination $IMAGE"
|
||||
else
|
||||
export DESTINATION="--destination $IMAGE"
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
@@ -82,13 +85,14 @@ cat <<EOF >/kaniko/.docker/config.json
|
||||
}
|
||||
EOF
|
||||
|
||||
/kaniko/executor --reproducible $ARGS
|
||||
# https://github.com/GoogleContainerTools/kaniko/issues/1349
|
||||
/kaniko/executor --reproducible --force $ARGS
|
||||
|
||||
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
||||
export DIGEST=$(cat digest)
|
||||
|
||||
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
|
||||
wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64)" https://docker.pkg.github.com/v2/$REPOSITORY/manifests/latest || true
|
||||
if [ "$REGISTRY" == "ghcr.io" ]; then
|
||||
wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64 | tr -d \\n)" https://ghcr.io/v2/$REPOSITORY/manifests/latest || true
|
||||
export REMOTE="sha256:$(cat manifest | sha256sum | awk '{ print $1 }')"
|
||||
else
|
||||
export REMOTE=$(reg digest -u $USERNAME -p $PASSWORD $REGISTRY/$REPOSITORY | tail -1)
|
||||
@@ -100,16 +104,15 @@ if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
export DESTINATION="--destination $IMAGE"
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export DESTINATION="$DESTINATION --destination $IMAGE_LATEST"
|
||||
fi
|
||||
|
||||
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS"
|
||||
|
||||
echo "Pushing image..."
|
||||
|
||||
/kaniko/executor --reproducible $ARGS >/dev/null 2>&1
|
||||
/kaniko/crane auth login $REGISTRY -u $USERNAME -p $PASSWORD
|
||||
/kaniko/crane push image.tar $IMAGE
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
echo "Tagging latest..."
|
||||
/kaniko/crane tag $IMAGE latest
|
||||
fi
|
||||
|
||||
echo "Done 🎉️"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user