action/kaniko
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Compare commits

base: action:v0.7.0
Branches Tags
action:master action:renovate/gcr.io-kaniko-project-executor-1.x
action:v0.11.0 action:v0.10.0 action:v0.9.0 action:v0.8.0 action:v0.7.1 action:v0.7.0 action:v0.6.2 action:v0.6.1 action:v0.6.0 action:v0.5.1 action:v0.5.0 action:v0.4.0 action:v0.3.2 action:v0.3.1 action:v0.3 action:v0.2.1 action:v0.2 action:v0.1
..
compare: action:v0.10.0
Branches Tags
action:renovate/gcr.io-kaniko-project-executor-1.x action:master
action:v0.11.0 action:v0.10.0 action:v0.9.0 action:v0.8.0 action:v0.7.1 action:v0.7.0 action:v0.6.2 action:v0.6.1 action:v0.6.0 action:v0.5.1 action:v0.5.0 action:v0.4.0 action:v0.3.2 action:v0.3.1 action:v0.3 action:v0.2.1 action:v0.2 action:v0.1

11 Commits
v0.7.0 ... v0.10.0

Author SHA1 Message Date
renovate[bot]
83ddee1c8b chore(deps): update gcr.io/kaniko-project/executor docker tag to v1.9.1 2022-12-27 21:20:48 +01:00
Doron Somech
57fd639926 fix: use version 1.7.0 of kaniko 
Version 1.8.0 and above breaks reproducible builds.

https://github.com/GoogleContainerTools/kaniko/issues/2005
 2022-05-13 16:59:27 +02:00
Doron Somech
c97b90ade3 chore(deps): update crane to 0.8.0 2022-05-13 16:59:27 +02:00
Doron Somech
1200c08dba fix: downloading manifest doesn't work for github packages 2022-05-13 16:59:27 +02:00
Renovate Bot
a4abaead48 chore(deps): update actions/checkout action to v3 2022-03-31 11:32:10 +02:00
Renovate Bot
59bc747ae2 chore(deps): update aevea/release-notary digest to 03e771a 2022-03-31 11:31:45 +02:00
Renovate Bot
548ad7dd4a chore(deps): update aevea/commitsar digest to 27ea5e5 2022-03-31 11:31:37 +02:00
Sandro Modarelli
20173de989 feat: adding debug flag 2022-03-31 11:29:47 +02:00
Sandro Modarelli
17f90e5aa4 fix: use complete image name when computing latest target 2022-03-31 11:29:47 +02:00
Alex
a5055cd007 docs: update references to github's package registry host 2022-02-21 15:27:55 +01:00
Alex
3e397648f8 fix(ci): use updated github container registry host 2022-02-21 15:25:01 +01:00
7 changed files with 24 additions and 21 deletions
Expand all files Collapse all files

4
.github/workflows/pr.yml vendored
View File

@@ -6,8 +6,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Verify commit messages name: Verify commit messages
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Run commitsar - name: Run commitsar
uses: docker://aevea/commitsar@sha256:b77adebc0437d4f2bfdf9205a39003e88acbc77a9176fd086b386207a5f3f5cb uses: docker://aevea/commitsar@sha256:27ea5e528b153393e924d98764d6400a181f03768d972ba151b3ddc9f14ff12c

2
.github/workflows/push.yml vendored
View File

@@ -11,7 +11,7 @@ jobs:
- name: GitHub Package Registry - name: GitHub Package Registry
uses: aevea/action-kaniko@master uses: aevea/action-kaniko@master
with: with:
registry: docker.pkg.github.com registry: ghcr.io
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
image: kaniko image: kaniko
cache: true cache: true

6
.github/workflows/release.yml vendored
View File

@@ -10,19 +10,19 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v2 uses: actions/checkout@v3
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Release Notary Action - name: Release Notary Action
uses: docker://aevea/release-notary@sha256:8b26ced466da96b23a947d5c9e58baac22ee1192fd08200011e5b178f42118a0 uses: docker://aevea/release-notary@sha256:03e771a509881121758b05217a8938ca8379d29dfa69a2605ceca06ffca2db4d
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: GitHub Package Registry - name: GitHub Package Registry
uses: aevea/action-kaniko@master uses: aevea/action-kaniko@master
with: with:
registry: docker.pkg.github.com registry: ghcr.io
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
image: kaniko image: kaniko
cache: true cache: true

4
Dockerfile
View File

@@ -2,7 +2,7 @@ FROM alpine as certs
RUN apk --update add ca-certificates RUN apk --update add ca-certificates
FROM gcr.io/kaniko-project/executor:debug FROM gcr.io/kaniko-project/executor:v1.9.1-debug
SHELL ["/busybox/sh", "-c"] SHELL ["/busybox/sh", "-c"]
@@ -13,7 +13,7 @@ RUN wget -O /kaniko/jq \
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \ https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
chmod +x /kaniko/reg && \ chmod +x /kaniko/reg && \
wget -O /crane.tar.gz \ wget -O /crane.tar.gz \
https://github.com/google/go-containerregistry/releases/download/v0.1.1/go-containerregistry_Linux_x86_64.tar.gz && \ https://github.com/google/go-containerregistry/releases/download/v0.8.0/go-containerregistry_Linux_x86_64.tar.gz && \
tar -xvzf /crane.tar.gz crane -C /kaniko && \ tar -xvzf /crane.tar.gz crane -C /kaniko && \
rm /crane.tar.gz rm /crane.tar.gz

9
README.md
View File

@@ -56,6 +56,7 @@ the most used values. So, technically there is a single required argument
| path | Path to the build context. Defaults to `.` | false | . | | path | Path to the build context. Defaults to `.` | false | . |
| tag_with_latest | Tags the built image with additional latest tag | false | | | tag_with_latest | Tags the built image with additional latest tag | false | |
| target | Sets the target stage to build | false | | | target | Sets the target stage to build | false | |
| debug | Enables trace for entrypoint.sh | false | |
**Here is where it gets specific, as the optional arguments become required depending on the registry targeted** **Here is where it gets specific, as the optional arguments become required depending on the registry targeted**
@@ -83,7 +84,7 @@ with:
cache_registry: aevea/cache cache_registry: aevea/cache
``` ```
### [docker.pkg.github.com](https://github.com/features/packages) ### [ghcr.io](https://github.com/features/packages)
GitHub's docker registry is a bit special. It doesn't allow top-level images, so this action will prefix any image with the GitHub namespace. GitHub's docker registry is a bit special. It doesn't allow top-level images, so this action will prefix any image with the GitHub namespace.
If you want to push your image like `aevea/action-kaniko/kaniko`, you'll only need to pass `kaniko` to this action. If you want to push your image like `aevea/action-kaniko/kaniko`, you'll only need to pass `kaniko` to this action.
@@ -93,7 +94,7 @@ passed by default, it will have to be explicitly set up.
```yaml ```yaml
with: with:
registry: docker.pkg.github.com registry: ghcr.io
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
image: kaniko image: kaniko
``` ```
@@ -104,7 +105,7 @@ cache layers to that image instead
```yaml ```yaml
with: with:
registry: docker.pkg.github.com registry: ghcr.io
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
image: kaniko image: kaniko
cache: true cache: true
@@ -167,7 +168,7 @@ Example:
```yaml ```yaml
with: with:
registry: docker.pkg.github.com registry: ghcr.io
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
image: kaniko image: kaniko
strip_tag_prefix: pre- strip_tag_prefix: pre-

3
action.yml
View File

@@ -54,6 +54,9 @@ inputs:
target: target:
description: Sets the target stage to build description: Sets the target stage to build
required: false required: false
debug:
description: Enables trace for entrypoint.sh
required: false
runs: runs:
using: "docker" using: "docker"
image: "Dockerfile" image: "Dockerfile"

15
entrypoint.sh
View File

@@ -1,5 +1,8 @@
#!/busybox/sh #!/busybox/sh
set -e pipefail set -e pipefail
if [[ "$INPUT_DEBUG" == "true" ]]; then
set -o xtrace
fi
export REGISTRY=${INPUT_REGISTRY:-"docker.io"} export REGISTRY=${INPUT_REGISTRY:-"docker.io"}
export IMAGE=${INPUT_IMAGE} export IMAGE=${INPUT_IMAGE}
@@ -14,7 +17,7 @@ export IMAGE=$IMAGE:$TAG
export CONTEXT_PATH=${INPUT_PATH} export CONTEXT_PATH=${INPUT_PATH}
if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then
export IMAGE_LATEST="$IMAGE:latest" export IMAGE_LATEST="$REPOSITORY:latest"
fi fi
function ensure() { function ensure() {
@@ -91,12 +94,9 @@ EOF
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
export DIGEST=$(cat digest) export DIGEST=$(cat digest)
if [ "$REGISTRY" == "ghcr.io" ]; then /kaniko/crane auth login $REGISTRY -u $USERNAME -p $PASSWORD
wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64 | tr -d \\n)" https://ghcr.io/v2/$REPOSITORY/manifests/latest || true
export REMOTE="sha256:$(cat manifest | sha256sum | awk '{ print $1 }')" export REMOTE=$(crane digest $REGISTRY/${REPOSITORY}:latest)
else
export REMOTE=$(reg digest -u $USERNAME -p $PASSWORD $REGISTRY/$REPOSITORY | tail -1)
fi
if [ "$DIGEST" == "$REMOTE" ]; then if [ "$DIGEST" == "$REMOTE" ]; then
echo "Digest hasn't changed, skipping, $DIGEST" echo "Digest hasn't changed, skipping, $DIGEST"
@@ -106,7 +106,6 @@ if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
echo "Pushing image..." echo "Pushing image..."
/kaniko/crane auth login $REGISTRY -u $USERNAME -p $PASSWORD
/kaniko/crane push image.tar $IMAGE /kaniko/crane push image.tar $IMAGE
if [ ! -z $IMAGE_LATEST ]; then if [ ! -z $IMAGE_LATEST ]; then