1
0
Fork 0
mirror of https://github.com/aevea/action-kaniko.git synced 2025-05-09 17:10:01 +02:00
This commit is contained in:
ricardojdsilva87 2023-05-02 14:50:20 +00:00 committed by GitHub
commit b147254344
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 96 additions and 80 deletions

View file

@ -12,7 +12,7 @@ RUN wget -O /kaniko/jq \
wget -O /kaniko/reg \
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
chmod +x /kaniko/reg && \
wget -O /crane.tar.gz \
wget -O /crane.tar.gz \
https://github.com/google/go-containerregistry/releases/download/v0.8.0/go-containerregistry_Linux_x86_64.tar.gz && \
tar -xvzf /crane.tar.gz crane -C /kaniko && \
rm /crane.tar.gz

View file

@ -10,6 +10,7 @@ more secure secret passing to the build context, as it happens in the user space
## Usage
## Example pipeline
```yaml
name: Docker build
on: push
@ -26,6 +27,11 @@ jobs:
password: ${{ secrets.DOCKERHUB_PASSWORD }}
cache: true
cache_registry: aevea/cache
tags: >-
test,
1.0.1,
latest
```
## Required Arguments
@ -33,30 +39,30 @@ jobs:
This action aims to be as flexible as possible, so it tries to define the defaults as for what I thought of being
the most used values. So, technically there is a single required argument
| variable | description | required | default |
|------------------|----------------------------------------------------------|----------|-----------------------------|
| image | Name of the image you would like to push | true | |
| variable | description | required | default |
| -------- | ---------------------------------------- | -------- | ------- |
| image | Name of the image you would like to push | true | |
## Optional Arguments
| variable | description | required | default |
|-----------------------|-----------------------------------------------------------------|----------|-----------------|
| registry | Docker registry where the image will be pushed | false | docker.io |
| username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR |
| password | Password used for authentication to the Docker registry | false | |
| tag | Image tag | false | latest |
| cache | Enables build cache | false | false |
| cache_ttl | How long the cache should be considered valid | false | |
| cache_registry | Docker registry meant to be used as cache | false | |
| cache_directory | Filesystem path meant to be used as cache | false | |
| build_file | Dockerfile filename | false | Dockerfile |
| extra_args | Additional arguments to be passed to the kaniko executor | false | |
| strip_tag_prefix | Prefix to be stripped from the tag | false | |
| skip_unchanged_digest | Avoids pushing the image if the build generated the same digest | false | |
| path | Path to the build context. Defaults to `.` | false | . |
| tag_with_latest | Tags the built image with additional latest tag | false | |
| target | Sets the target stage to build | false | |
| debug | Enables trace for entrypoint.sh | false | |
| variable | description | required | default |
| --------------------- | ------------------------------------------------------------------------------- | -------- | ------------- |
| registry | Docker registry where the image will be pushed | false | docker.io |
| username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR |
| password | Password used for authentication to the Docker registry | false | |
| tags | Image tags, can be passed as a list with `,` as separator (Check example above) | false | latest |
| cache | Enables build cache | false | false |
| cache_ttl | How long the cache should be considered valid | false | |
| cache_registry | Docker registry meant to be used as cache | false | |
| cache_directory | Filesystem path meant to be used as cache | false | |
| build_file | Dockerfile filename | false | Dockerfile |
| extra_args | Additional arguments to be passed to the kaniko executor | false | |
| strip_tag_prefix | Prefix to be stripped from the tag | false | |
| skip_unchanged_digest | Avoids pushing the image if the build generated the same digest | false | |
| path | Path to the build context. Defaults to `.` | false | . |
| tag_with_latest | Tags the built image with additional latest tag | false | |
| target | Sets the target stage to build | false | |
| debug | Enables trace for entrypoint.sh | false | |
**Here is where it gets specific, as the optional arguments become required depending on the registry targeted**
@ -149,10 +155,10 @@ with:
If you would like to publish the image to other registries, these actions might be helpful
| Registry | Action |
|------------------------------------------------------|-----------------------------------------------|
| Amazon Webservices Elastic Container Registry (ECR) | https://github.com/elgohr/ecr-login-action |
| Google Cloud Container Registry | https://github.com/elgohr/gcloud-login-action |
| Registry | Action |
| --------------------------------------------------- | ----------------------------------------------- |
| Amazon Webservices Elastic Container Registry (ECR) | <https://github.com/elgohr/ecr-login-action> |
| Google Cloud Container Registry | <https://github.com/elgohr/gcloud-login-action> |
### Other arguments details

View file

@ -21,8 +21,8 @@ inputs:
image:
description: "Image name"
required: true
tag:
description: "Image tag"
tags:
description: "List of Image tags"
required: false
cache:
description: "Enables build cache"

View file

@ -7,13 +7,12 @@ fi
export REGISTRY=${INPUT_REGISTRY:-"docker.io"}
export IMAGE=${INPUT_IMAGE}
export BRANCH=$(echo ${GITHUB_REF} | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g")
export TAG=${INPUT_TAG:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)}
export TAG=${TAG:-"latest"}
export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
export TAGS=${INPUT_TAGS:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)}
export TAGS=${TAGS:-"latest"}
export TAGS=${TAGS#$INPUT_STRIP_TAG_PREFIX}
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
export REPOSITORY=$IMAGE
export IMAGE=$IMAGE:$TAG
export CONTEXT_PATH=${INPUT_PATH}
if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then
@ -31,52 +30,10 @@ ensure "${REGISTRY}" "registry"
ensure "${USERNAME}" "username"
ensure "${PASSWORD}" "password"
ensure "${IMAGE}" "image"
ensure "${TAG}" "tag"
ensure "${TAGS}" "tags"
ensure "${CONTEXT_PATH}" "path"
if [ "$REGISTRY" == "ghcr.io" ]; then
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
if [ ! -z $IMAGE_LATEST ]; then
export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST"
fi
if [ ! -z $INPUT_CACHE_REGISTRY ]; then
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
fi
fi
if [ "$REGISTRY" == "docker.io" ]; then
export REGISTRY="index.${REGISTRY}/v1/"
else
export IMAGE="$REGISTRY/$IMAGE"
if [ ! -z $IMAGE_LATEST ]; then
export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST"
fi
fi
export CACHE=${INPUT_CACHE:+"--cache=true"}
export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
export DESTINATION="--digest-file digest --no-push --tarPath image.tar --destination $IMAGE"
else
export DESTINATION="--destination $IMAGE"
if [ ! -z $IMAGE_LATEST ]; then
export DESTINATION="$DESTINATION --destination $IMAGE_LATEST"
fi
fi
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS"
# Set credentials here
cat <<EOF >/kaniko/.docker/config.json
{
"auths": {
@ -88,6 +45,59 @@ cat <<EOF >/kaniko/.docker/config.json
}
EOF
tags=$(echo $TAGS | tr "," "\n")
for tag in $tags; do
export TAGGED_IMAGE=$IMAGE:$tag
if [ "$REGISTRY" == "ghcr.io" ]; then
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
export TAGGED_IMAGE="$IMAGE_NAMESPACE/$IMAGE"
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
if [ ! -z $IMAGE_LATEST ]; then
export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST"
fi
if [ ! -z $INPUT_CACHE_REGISTRY ]; then
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
fi
fi
if [ "$REGISTRY" == "docker.io" ]; then
export REGISTRY="index.${REGISTRY}/v1/"
else
export TAGGED_IMAGE="$REGISTRY/$TAGGED_IMAGE"
if [ ! -z $IMAGE_LATEST ]; then
export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST"
fi
fi
export DESTINATIONS="$DESTINATIONS --destination $TAGGED_IMAGE"
done
export CACHE=${INPUT_CACHE:+"--cache=true"}
export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
export DESTINATION="--digest-file digest --no-push --tarPath image.tar $DESTINATIONS"
else
export DESTINATION=$DESTINATIONS
if [ ! -z $IMAGE_LATEST ]; then
export DESTINATION="$DESTINATIONS --destination $IMAGE_LATEST"
fi
fi
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS"
# https://github.com/GoogleContainerTools/kaniko/issues/1349
/kaniko/executor --reproducible --force $ARGS
@ -105,13 +115,13 @@ if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
fi
echo "Pushing image..."
/kaniko/crane push image.tar $IMAGE
/kaniko/crane push image.tar $TAGGED_IMAGE
if [ ! -z $IMAGE_LATEST ]; then
echo "Tagging latest..."
/kaniko/crane tag $IMAGE latest
/kaniko/crane tag $IMAGE latest
fi
echo "Done 🎉️"
fi