fix: use version 1.7.0 of kaniko

Version 1.8.0 and above breaks reproducible builds. https://github.com/GoogleContainerTools/kaniko/issues/2005
chore(deps): update crane to 0.8.0
2022-05-13 16:59:27 +02:00 · 2022-05-13 16:59:27 +02:00 · 2022-05-13 16:59:27 +02:00 · 2022-03-31 11:32:10 +02:00 · 2022-03-31 11:31:45 +02:00 · 2022-03-31 11:31:37 +02:00
6 changed files with 18 additions and 15 deletions
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -6,8 +6,8 @@ jobs:
    runs-on: ubuntu-latest
    name: Verify commit messages
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Run commitsar
-        uses: docker://aevea/commitsar@sha256:b77adebc0437d4f2bfdf9205a39003e88acbc77a9176fd086b386207a5f3f5cb
+        uses: docker://aevea/commitsar@sha256:27ea5e528b153393e924d98764d6400a181f03768d972ba151b3ddc9f14ff12c
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,12 +10,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Release Notary Action
-        uses: docker://aevea/release-notary@sha256:8b26ced466da96b23a947d5c9e58baac22ee1192fd08200011e5b178f42118a0
+        uses: docker://aevea/release-notary@sha256:03e771a509881121758b05217a8938ca8379d29dfa69a2605ceca06ffca2db4d
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

--- a/4
+++ b/4
@@ -2,7 +2,7 @@ FROM alpine as certs

 RUN apk --update add ca-certificates

-FROM gcr.io/kaniko-project/executor:debug
+FROM gcr.io/kaniko-project/executor:v1.7.0-debug

 SHELL ["/busybox/sh", "-c"]

@@ -13,7 +13,7 @@ RUN wget -O /kaniko/jq \
    https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
    chmod +x /kaniko/reg && \
    wget -O /crane.tar.gz \ 
-    https://github.com/google/go-containerregistry/releases/download/v0.1.1/go-containerregistry_Linux_x86_64.tar.gz && \
+    https://github.com/google/go-containerregistry/releases/download/v0.8.0/go-containerregistry_Linux_x86_64.tar.gz && \
    tar -xvzf /crane.tar.gz crane -C /kaniko && \
    rm /crane.tar.gz

--- a/README.md
+++ b/README.md
@@ -56,6 +56,7 @@ the most used values. So, technically there is a single required argument
 | path                  | Path to the build context. Defaults to `.`                      | false    | .               |
 | tag_with_latest       | Tags the built image with additional latest tag                 | false    |                 |
 | target                | Sets the target stage to build                                  | false    |                 |
+| debug                 | Enables trace for entrypoint.sh                                 | false    |                 |

 **Here is where it gets specific, as the optional arguments become required depending on the registry targeted**

--- a/action.yml
+++ b/action.yml
@@ -54,6 +54,9 @@ inputs:
  target:
    description: Sets the target stage to build
    required: false
+  debug:
+    description: Enables trace for entrypoint.sh
+    required: false
 runs:
  using: "docker"
  image: "Dockerfile"
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,5 +1,8 @@
 #!/busybox/sh
 set -e pipefail
+if [[ "$INPUT_DEBUG" == "true" ]]; then
+    set -o xtrace
+fi

 export REGISTRY=${INPUT_REGISTRY:-"docker.io"}
 export IMAGE=${INPUT_IMAGE}
@@ -14,7 +17,7 @@ export IMAGE=$IMAGE:$TAG
 export CONTEXT_PATH=${INPUT_PATH}

 if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then
-    export IMAGE_LATEST="$IMAGE:latest"
+    export IMAGE_LATEST="$REPOSITORY:latest"
 fi

 function ensure() {
@@ -91,12 +94,9 @@ EOF
 if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
    export DIGEST=$(cat digest)

-    if [ "$REGISTRY" == "ghcr.io" ]; then
-        wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64 | tr -d \\n)" https://ghcr.io/v2/$REPOSITORY/manifests/latest || true
-        export REMOTE="sha256:$(cat manifest | sha256sum | awk '{ print $1 }')"
-    else
-        export REMOTE=$(reg digest -u $USERNAME -p $PASSWORD $REGISTRY/$REPOSITORY | tail -1)
-    fi
+    /kaniko/crane auth login $REGISTRY -u $USERNAME -p $PASSWORD
+
+    export REMOTE=$(crane digest $REGISTRY/${REPOSITORY}:latest)

    if [ "$DIGEST" == "$REMOTE" ]; then
        echo "Digest hasn't changed, skipping, $DIGEST"
@@ -105,8 +105,7 @@ if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
    fi

    echo "Pushing image..."
-
-    /kaniko/crane auth login $REGISTRY -u $USERNAME -p $PASSWORD
+    
    /kaniko/crane push image.tar $IMAGE

    if [ ! -z $IMAGE_LATEST ]; then
Author	SHA1	Message	Date
Doron Somech	57fd639926	fix: use version 1.7.0 of kaniko Version 1.8.0 and above breaks reproducible builds. https://github.com/GoogleContainerTools/kaniko/issues/2005	2022-05-13 16:59:27 +02:00
Doron Somech	c97b90ade3	chore(deps): update crane to 0.8.0	2022-05-13 16:59:27 +02:00
Doron Somech	1200c08dba	fix: downloading manifest doesn't work for github packages	2022-05-13 16:59:27 +02:00
Renovate Bot	a4abaead48	chore(deps): update actions/checkout action to v3	2022-03-31 11:32:10 +02:00
Renovate Bot	59bc747ae2	chore(deps): update aevea/release-notary digest to 03e771a	2022-03-31 11:31:45 +02:00
Renovate Bot	548ad7dd4a	chore(deps): update aevea/commitsar digest to 27ea5e5	2022-03-31 11:31:37 +02:00
Sandro Modarelli	20173de989	feat: adding debug flag	2022-03-31 11:29:47 +02:00
Sandro Modarelli	17f90e5aa4	fix: use complete image name when computing latest target	2022-03-31 11:29:47 +02:00