snoopy/action-kaniko
1
0
Fork 0
mirror of https://github.com/aevea/action-kaniko.git synced 2025-05-11 10:00:00 +02:00
Code Releases Activity

Merge 5c7133f245 into 78060c4e9d

Browse source
This commit is contained in:
ricardojdsilva87 2023-05-02 14:50:20 +00:00 committed by GitHub
commit b147254344
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 96 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -12,7 +12,7 @@ RUN wget -O /kaniko/jq \
wget -O /kaniko/reg \ wget -O /kaniko/reg \
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \ https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
chmod +x /kaniko/reg && \ chmod +x /kaniko/reg && \
wget -O /crane.tar.gz \ wget -O /crane.tar.gz \
https://github.com/google/go-containerregistry/releases/download/v0.8.0/go-containerregistry_Linux_x86_64.tar.gz && \ https://github.com/google/go-containerregistry/releases/download/v0.8.0/go-containerregistry_Linux_x86_64.tar.gz && \
tar -xvzf /crane.tar.gz crane -C /kaniko && \ tar -xvzf /crane.tar.gz crane -C /kaniko && \
rm /crane.tar.gz rm /crane.tar.gz

56
README.md
View file

@ -10,6 +10,7 @@ more secure secret passing to the build context, as it happens in the user space
## Usage ## Usage
## Example pipeline ## Example pipeline
```yaml ```yaml
name: Docker build name: Docker build
on: push on: push
@ -26,6 +27,11 @@ jobs:
password: ${{ secrets.DOCKERHUB_PASSWORD }} password: ${{ secrets.DOCKERHUB_PASSWORD }}
cache: true cache: true
cache_registry: aevea/cache cache_registry: aevea/cache
tags: >-
test,
1.0.1,
latest
``` ```
## Required Arguments ## Required Arguments
@ -33,30 +39,30 @@ jobs:
This action aims to be as flexible as possible, so it tries to define the defaults as for what I thought of being This action aims to be as flexible as possible, so it tries to define the defaults as for what I thought of being
the most used values. So, technically there is a single required argument the most used values. So, technically there is a single required argument
| variable | description | required | default | | variable | description | required | default |
|------------------|----------------------------------------------------------|----------|-----------------------------| | -------- | ---------------------------------------- | -------- | ------- |
| image | Name of the image you would like to push | true | | | image | Name of the image you would like to push | true | |
## Optional Arguments ## Optional Arguments
| variable | description | required | default | | variable | description | required | default |
|-----------------------|-----------------------------------------------------------------|----------|-----------------| | --------------------- | ------------------------------------------------------------------------------- | -------- | ------------- |
| registry | Docker registry where the image will be pushed | false | docker.io | | registry | Docker registry where the image will be pushed | false | docker.io |
| username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR | | username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR |
| password | Password used for authentication to the Docker registry | false | | | password | Password used for authentication to the Docker registry | false | |
| tag | Image tag | false | latest | | tags | Image tags, can be passed as a list with `,` as separator (Check example above) | false | latest |
| cache | Enables build cache | false | false | | cache | Enables build cache | false | false |
| cache_ttl | How long the cache should be considered valid | false | | | cache_ttl | How long the cache should be considered valid | false | |
| cache_registry | Docker registry meant to be used as cache | false | | | cache_registry | Docker registry meant to be used as cache | false | |
| cache_directory | Filesystem path meant to be used as cache | false | | | cache_directory | Filesystem path meant to be used as cache | false | |
| build_file | Dockerfile filename | false | Dockerfile | | build_file | Dockerfile filename | false | Dockerfile |
| extra_args | Additional arguments to be passed to the kaniko executor | false | | | extra_args | Additional arguments to be passed to the kaniko executor | false | |
| strip_tag_prefix | Prefix to be stripped from the tag | false | | | strip_tag_prefix | Prefix to be stripped from the tag | false | |
| skip_unchanged_digest | Avoids pushing the image if the build generated the same digest | false | | | skip_unchanged_digest | Avoids pushing the image if the build generated the same digest | false | |
| path | Path to the build context. Defaults to `.` | false | . | | path | Path to the build context. Defaults to `.` | false | . |
| tag_with_latest | Tags the built image with additional latest tag | false | | | tag_with_latest | Tags the built image with additional latest tag | false | |
| target | Sets the target stage to build | false | | | target | Sets the target stage to build | false | |
| debug | Enables trace for entrypoint.sh | false | | | debug | Enables trace for entrypoint.sh | false | |
**Here is where it gets specific, as the optional arguments become required depending on the registry targeted** **Here is where it gets specific, as the optional arguments become required depending on the registry targeted**
@ -149,10 +155,10 @@ with:
If you would like to publish the image to other registries, these actions might be helpful If you would like to publish the image to other registries, these actions might be helpful
| Registry | Action | | Registry | Action |
|------------------------------------------------------|-----------------------------------------------| | --------------------------------------------------- | ----------------------------------------------- |
| Amazon Webservices Elastic Container Registry (ECR) | https://github.com/elgohr/ecr-login-action | | Amazon Webservices Elastic Container Registry (ECR) | <https://github.com/elgohr/ecr-login-action> |
| Google Cloud Container Registry | https://github.com/elgohr/gcloud-login-action | | Google Cloud Container Registry | <https://github.com/elgohr/gcloud-login-action> |
### Other arguments details ### Other arguments details

4
action.yml
View file

@ -21,8 +21,8 @@ inputs:
image: image:
description: "Image name" description: "Image name"
required: true required: true
tag: tags:
description: "Image tag" description: "List of Image tags"
required: false required: false
cache: cache:
description: "Enables build cache" description: "Enables build cache"

114
entrypoint.sh
View file

@ -7,13 +7,12 @@ fi
export REGISTRY=${INPUT_REGISTRY:-"docker.io"} export REGISTRY=${INPUT_REGISTRY:-"docker.io"}
export IMAGE=${INPUT_IMAGE} export IMAGE=${INPUT_IMAGE}
export BRANCH=$(echo ${GITHUB_REF} | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g") export BRANCH=$(echo ${GITHUB_REF} | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g")
export TAG=${INPUT_TAG:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)} export TAGS=${INPUT_TAGS:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)}
export TAG=${TAG:-"latest"} export TAGS=${TAGS:-"latest"}
export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX} export TAGS=${TAGS#$INPUT_STRIP_TAG_PREFIX}
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR} export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN} export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
export REPOSITORY=$IMAGE export REPOSITORY=$IMAGE
export IMAGE=$IMAGE:$TAG
export CONTEXT_PATH=${INPUT_PATH} export CONTEXT_PATH=${INPUT_PATH}
if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then
@ -31,52 +30,10 @@ ensure "${REGISTRY}" "registry"
ensure "${USERNAME}" "username" ensure "${USERNAME}" "username"
ensure "${PASSWORD}" "password" ensure "${PASSWORD}" "password"
ensure "${IMAGE}" "image" ensure "${IMAGE}" "image"
ensure "${TAG}" "tag" ensure "${TAGS}" "tags"
ensure "${CONTEXT_PATH}" "path" ensure "${CONTEXT_PATH}" "path"
if [ "$REGISTRY" == "ghcr.io" ]; then # Set credentials here
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
if [ ! -z $IMAGE_LATEST ]; then
export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST"
fi
if [ ! -z $INPUT_CACHE_REGISTRY ]; then
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
fi
fi
if [ "$REGISTRY" == "docker.io" ]; then
export REGISTRY="index.${REGISTRY}/v1/"
else
export IMAGE="$REGISTRY/$IMAGE"
if [ ! -z $IMAGE_LATEST ]; then
export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST"
fi
fi
export CACHE=${INPUT_CACHE:+"--cache=true"}
export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
export DESTINATION="--digest-file digest --no-push --tarPath image.tar --destination $IMAGE"
else
export DESTINATION="--destination $IMAGE"
if [ ! -z $IMAGE_LATEST ]; then
export DESTINATION="$DESTINATION --destination $IMAGE_LATEST"
fi
fi
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS"
cat <<EOF >/kaniko/.docker/config.json cat <<EOF >/kaniko/.docker/config.json
{ {
"auths": { "auths": {
@ -88,6 +45,59 @@ cat <<EOF >/kaniko/.docker/config.json
} }
EOF EOF
tags=$(echo $TAGS | tr "," "\n")
for tag in $tags; do
export TAGGED_IMAGE=$IMAGE:$tag
if [ "$REGISTRY" == "ghcr.io" ]; then
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
export TAGGED_IMAGE="$IMAGE_NAMESPACE/$IMAGE"
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
if [ ! -z $IMAGE_LATEST ]; then
export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST"
fi
if [ ! -z $INPUT_CACHE_REGISTRY ]; then
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
fi
fi
if [ "$REGISTRY" == "docker.io" ]; then
export REGISTRY="index.${REGISTRY}/v1/"
else
export TAGGED_IMAGE="$REGISTRY/$TAGGED_IMAGE"
if [ ! -z $IMAGE_LATEST ]; then
export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST"
fi
fi
export DESTINATIONS="$DESTINATIONS --destination $TAGGED_IMAGE"
done
export CACHE=${INPUT_CACHE:+"--cache=true"}
export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
export DESTINATION="--digest-file digest --no-push --tarPath image.tar $DESTINATIONS"
else
export DESTINATION=$DESTINATIONS
if [ ! -z $IMAGE_LATEST ]; then
export DESTINATION="$DESTINATIONS --destination $IMAGE_LATEST"
fi
fi
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS"
# https://github.com/GoogleContainerTools/kaniko/issues/1349 # https://github.com/GoogleContainerTools/kaniko/issues/1349
/kaniko/executor --reproducible --force $ARGS /kaniko/executor --reproducible --force $ARGS
@ -105,13 +115,13 @@ if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
fi fi
echo "Pushing image..." echo "Pushing image..."
/kaniko/crane push image.tar $IMAGE /kaniko/crane push image.tar $TAGGED_IMAGE
if [ ! -z $IMAGE_LATEST ]; then if [ ! -z $IMAGE_LATEST ]; then
echo "Tagging latest..." echo "Tagging latest..."
/kaniko/crane tag $IMAGE latest /kaniko/crane tag $IMAGE latest
fi fi
echo "Done 🎉️" echo "Done 🎉️"
fi fi