mirror of
https://github.com/aevea/action-kaniko.git
synced 2025-05-09 17:10:01 +02:00
Merge 5c7133f245
into 78060c4e9d
This commit is contained in:
commit
b147254344
4 changed files with 96 additions and 80 deletions
|
@ -12,7 +12,7 @@ RUN wget -O /kaniko/jq \
|
|||
wget -O /kaniko/reg \
|
||||
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
|
||||
chmod +x /kaniko/reg && \
|
||||
wget -O /crane.tar.gz \
|
||||
wget -O /crane.tar.gz \
|
||||
https://github.com/google/go-containerregistry/releases/download/v0.8.0/go-containerregistry_Linux_x86_64.tar.gz && \
|
||||
tar -xvzf /crane.tar.gz crane -C /kaniko && \
|
||||
rm /crane.tar.gz
|
||||
|
|
56
README.md
56
README.md
|
@ -10,6 +10,7 @@ more secure secret passing to the build context, as it happens in the user space
|
|||
## Usage
|
||||
|
||||
## Example pipeline
|
||||
|
||||
```yaml
|
||||
name: Docker build
|
||||
on: push
|
||||
|
@ -26,6 +27,11 @@ jobs:
|
|||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
cache: true
|
||||
cache_registry: aevea/cache
|
||||
tags: >-
|
||||
test,
|
||||
1.0.1,
|
||||
latest
|
||||
|
||||
```
|
||||
|
||||
## Required Arguments
|
||||
|
@ -33,30 +39,30 @@ jobs:
|
|||
This action aims to be as flexible as possible, so it tries to define the defaults as for what I thought of being
|
||||
the most used values. So, technically there is a single required argument
|
||||
|
||||
| variable | description | required | default |
|
||||
|------------------|----------------------------------------------------------|----------|-----------------------------|
|
||||
| image | Name of the image you would like to push | true | |
|
||||
| variable | description | required | default |
|
||||
| -------- | ---------------------------------------- | -------- | ------- |
|
||||
| image | Name of the image you would like to push | true | |
|
||||
|
||||
## Optional Arguments
|
||||
|
||||
| variable | description | required | default |
|
||||
|-----------------------|-----------------------------------------------------------------|----------|-----------------|
|
||||
| registry | Docker registry where the image will be pushed | false | docker.io |
|
||||
| username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR |
|
||||
| password | Password used for authentication to the Docker registry | false | |
|
||||
| tag | Image tag | false | latest |
|
||||
| cache | Enables build cache | false | false |
|
||||
| cache_ttl | How long the cache should be considered valid | false | |
|
||||
| cache_registry | Docker registry meant to be used as cache | false | |
|
||||
| cache_directory | Filesystem path meant to be used as cache | false | |
|
||||
| build_file | Dockerfile filename | false | Dockerfile |
|
||||
| extra_args | Additional arguments to be passed to the kaniko executor | false | |
|
||||
| strip_tag_prefix | Prefix to be stripped from the tag | false | |
|
||||
| skip_unchanged_digest | Avoids pushing the image if the build generated the same digest | false | |
|
||||
| path | Path to the build context. Defaults to `.` | false | . |
|
||||
| tag_with_latest | Tags the built image with additional latest tag | false | |
|
||||
| target | Sets the target stage to build | false | |
|
||||
| debug | Enables trace for entrypoint.sh | false | |
|
||||
| variable | description | required | default |
|
||||
| --------------------- | ------------------------------------------------------------------------------- | -------- | ------------- |
|
||||
| registry | Docker registry where the image will be pushed | false | docker.io |
|
||||
| username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR |
|
||||
| password | Password used for authentication to the Docker registry | false | |
|
||||
| tags | Image tags, can be passed as a list with `,` as separator (Check example above) | false | latest |
|
||||
| cache | Enables build cache | false | false |
|
||||
| cache_ttl | How long the cache should be considered valid | false | |
|
||||
| cache_registry | Docker registry meant to be used as cache | false | |
|
||||
| cache_directory | Filesystem path meant to be used as cache | false | |
|
||||
| build_file | Dockerfile filename | false | Dockerfile |
|
||||
| extra_args | Additional arguments to be passed to the kaniko executor | false | |
|
||||
| strip_tag_prefix | Prefix to be stripped from the tag | false | |
|
||||
| skip_unchanged_digest | Avoids pushing the image if the build generated the same digest | false | |
|
||||
| path | Path to the build context. Defaults to `.` | false | . |
|
||||
| tag_with_latest | Tags the built image with additional latest tag | false | |
|
||||
| target | Sets the target stage to build | false | |
|
||||
| debug | Enables trace for entrypoint.sh | false | |
|
||||
|
||||
**Here is where it gets specific, as the optional arguments become required depending on the registry targeted**
|
||||
|
||||
|
@ -149,10 +155,10 @@ with:
|
|||
|
||||
If you would like to publish the image to other registries, these actions might be helpful
|
||||
|
||||
| Registry | Action |
|
||||
|------------------------------------------------------|-----------------------------------------------|
|
||||
| Amazon Webservices Elastic Container Registry (ECR) | https://github.com/elgohr/ecr-login-action |
|
||||
| Google Cloud Container Registry | https://github.com/elgohr/gcloud-login-action |
|
||||
| Registry | Action |
|
||||
| --------------------------------------------------- | ----------------------------------------------- |
|
||||
| Amazon Webservices Elastic Container Registry (ECR) | <https://github.com/elgohr/ecr-login-action> |
|
||||
| Google Cloud Container Registry | <https://github.com/elgohr/gcloud-login-action> |
|
||||
|
||||
### Other arguments details
|
||||
|
||||
|
|
|
@ -21,8 +21,8 @@ inputs:
|
|||
image:
|
||||
description: "Image name"
|
||||
required: true
|
||||
tag:
|
||||
description: "Image tag"
|
||||
tags:
|
||||
description: "List of Image tags"
|
||||
required: false
|
||||
cache:
|
||||
description: "Enables build cache"
|
||||
|
|
114
entrypoint.sh
114
entrypoint.sh
|
@ -7,13 +7,12 @@ fi
|
|||
export REGISTRY=${INPUT_REGISTRY:-"docker.io"}
|
||||
export IMAGE=${INPUT_IMAGE}
|
||||
export BRANCH=$(echo ${GITHUB_REF} | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g")
|
||||
export TAG=${INPUT_TAG:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)}
|
||||
export TAG=${TAG:-"latest"}
|
||||
export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
|
||||
export TAGS=${INPUT_TAGS:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)}
|
||||
export TAGS=${TAGS:-"latest"}
|
||||
export TAGS=${TAGS#$INPUT_STRIP_TAG_PREFIX}
|
||||
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
|
||||
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
|
||||
export REPOSITORY=$IMAGE
|
||||
export IMAGE=$IMAGE:$TAG
|
||||
export CONTEXT_PATH=${INPUT_PATH}
|
||||
|
||||
if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then
|
||||
|
@ -31,52 +30,10 @@ ensure "${REGISTRY}" "registry"
|
|||
ensure "${USERNAME}" "username"
|
||||
ensure "${PASSWORD}" "password"
|
||||
ensure "${IMAGE}" "image"
|
||||
ensure "${TAG}" "tag"
|
||||
ensure "${TAGS}" "tags"
|
||||
ensure "${CONTEXT_PATH}" "path"
|
||||
|
||||
if [ "$REGISTRY" == "ghcr.io" ]; then
|
||||
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
|
||||
export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
|
||||
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST"
|
||||
fi
|
||||
|
||||
if [ ! -z $INPUT_CACHE_REGISTRY ]; then
|
||||
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$REGISTRY" == "docker.io" ]; then
|
||||
export REGISTRY="index.${REGISTRY}/v1/"
|
||||
else
|
||||
export IMAGE="$REGISTRY/$IMAGE"
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST"
|
||||
fi
|
||||
fi
|
||||
|
||||
export CACHE=${INPUT_CACHE:+"--cache=true"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
|
||||
export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
|
||||
export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
|
||||
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
|
||||
|
||||
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
||||
export DESTINATION="--digest-file digest --no-push --tarPath image.tar --destination $IMAGE"
|
||||
else
|
||||
export DESTINATION="--destination $IMAGE"
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export DESTINATION="$DESTINATION --destination $IMAGE_LATEST"
|
||||
fi
|
||||
fi
|
||||
|
||||
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS"
|
||||
|
||||
# Set credentials here
|
||||
cat <<EOF >/kaniko/.docker/config.json
|
||||
{
|
||||
"auths": {
|
||||
|
@ -88,6 +45,59 @@ cat <<EOF >/kaniko/.docker/config.json
|
|||
}
|
||||
EOF
|
||||
|
||||
tags=$(echo $TAGS | tr "," "\n")
|
||||
|
||||
for tag in $tags; do
|
||||
|
||||
export TAGGED_IMAGE=$IMAGE:$tag
|
||||
|
||||
if [ "$REGISTRY" == "ghcr.io" ]; then
|
||||
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
|
||||
export TAGGED_IMAGE="$IMAGE_NAMESPACE/$IMAGE"
|
||||
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST"
|
||||
fi
|
||||
|
||||
if [ ! -z $INPUT_CACHE_REGISTRY ]; then
|
||||
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$REGISTRY" == "docker.io" ]; then
|
||||
export REGISTRY="index.${REGISTRY}/v1/"
|
||||
else
|
||||
export TAGGED_IMAGE="$REGISTRY/$TAGGED_IMAGE"
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST"
|
||||
fi
|
||||
fi
|
||||
|
||||
export DESTINATIONS="$DESTINATIONS --destination $TAGGED_IMAGE"
|
||||
|
||||
done
|
||||
|
||||
export CACHE=${INPUT_CACHE:+"--cache=true"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
|
||||
export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
|
||||
export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
|
||||
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
|
||||
|
||||
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
||||
export DESTINATION="--digest-file digest --no-push --tarPath image.tar $DESTINATIONS"
|
||||
else
|
||||
export DESTINATION=$DESTINATIONS
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export DESTINATION="$DESTINATIONS --destination $IMAGE_LATEST"
|
||||
fi
|
||||
fi
|
||||
|
||||
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS"
|
||||
|
||||
# https://github.com/GoogleContainerTools/kaniko/issues/1349
|
||||
/kaniko/executor --reproducible --force $ARGS
|
||||
|
||||
|
@ -105,13 +115,13 @@ if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
|||
fi
|
||||
|
||||
echo "Pushing image..."
|
||||
|
||||
/kaniko/crane push image.tar $IMAGE
|
||||
|
||||
/kaniko/crane push image.tar $TAGGED_IMAGE
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
echo "Tagging latest..."
|
||||
/kaniko/crane tag $IMAGE latest
|
||||
/kaniko/crane tag $IMAGE latest
|
||||
fi
|
||||
|
||||
|
||||
echo "Done 🎉️"
|
||||
fi
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue