snoopy/action-kaniko
1
0
Fork 0
mirror of https://github.com/aevea/action-kaniko.git synced 2025-01-30 22:09:37 +01:00
Code Releases Activity

fix(digest): Add support for GitHub's docker registry

Browse source 
Github registry doesn't support digest yet, we need to download the manifest
and calculate the digest manually

Also fixing a few other issues:
 * Multi-stage dockerfiles override /usr/local/lib, moved jq and reg to /kaniko instead
 * The digest was fetched for the current tag, which doesn't exist yet. Fetching digest for the latest tag instead
This commit is contained in:
Doron Somech 2020-06-20 20:07:45 +03:00 committed by Alex Viscreanu
parent 57d6d22cdf
commit 51211d4483
2 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Dockerfile
View file

@ -6,13 +6,12 @@ FROM gcr.io/kaniko-project/executor:debug
SHELL ["/busybox/sh", "-c"] SHELL ["/busybox/sh", "-c"]
RUN mkdir -p /usr/local/bin && \ RUN wget -O /kaniko/jq \
wget -O /usr/local/bin/jq \
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \ https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
chmod +x /usr/local/bin/jq && \ chmod +x /kaniko/jq && \
wget -O /usr/local/bin/reg \ wget -O /kaniko/reg \
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \ https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
chmod +x /usr/local/bin/reg chmod +x /kaniko/reg
COPY entrypoint.sh / COPY entrypoint.sh /
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

10
entrypoint.sh
View file

@ -9,6 +9,7 @@ export TAG=${TAG:-"latest"}
export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX} export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR} export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN} export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
export REPOSITORY=$IMAGE
export IMAGE=$IMAGE:$TAG export IMAGE=$IMAGE:$TAG
function ensure() { function ensure() {
@ -27,6 +28,7 @@ ensure "${TAG}" "tag"
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
export IMAGE="$IMAGE_NAMESPACE/$IMAGE" export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
if [ ! -z $INPUT_CACHE_REGISTRY ]; then if [ ! -z $INPUT_CACHE_REGISTRY ]; then
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY" export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
@ -69,7 +71,13 @@ EOF
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
export DIGEST=$(cat digest) export DIGEST=$(cat digest)
export REMOTE=$(reg digest "$IMAGE" | tail -1)
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64)" https://docker.pkg.github.com/v2/$REPOSITORY/manifests/latest || true
export REMOTE="sha256:$(cat manifest | sha256sum | awk '{ print $1 }')"
else
export REMOTE=$(reg digest -u $USERNAME -p $PASSWORD $REGISTRY/$REPOSITORY | tail -1)
fi
if [ "$DIGEST" == "$REMOTE" ]; then if [ "$DIGEST" == "$REMOTE" ]; then
echo "Digest hasn't changed, skipping, $DIGEST" echo "Digest hasn't changed, skipping, $DIGEST"