Initial commit

.dockerignore

@@ -0,0 +1,3 @@
+*
+!entrypoint.sh
+

.gitignore

@@ -0,0 +1,75 @@
+#### joe made this: http://goel.io/joe
+
+#####=== macOS ===#####
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+#####=== Windows ===#####
+# Windows thumbnail cache files
+Thumbs.db
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+#####=== Linux ===#####
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+#####=== Custom ===#####
+.direnv
+.envrc
+.env

Dockerfile

@@ -0,0 +1,8 @@
+FROM gcr.io/kaniko-project/executor:debug
+
+COPY entrypoint.sh /
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+LABEL repository="https://github.com/outillage/action-kaniko" \
+    maintainer="Alex Viscreanu <alexviscreanu@gmail.com>"

README.md

@@ -0,0 +1,156 @@
+# Kaniko image builder
+
+This Action uses the [kaniko](https://github.com/GoogleContainerTools/kaniko) executor instead of the docker daemon. Kaniko builds the image
+by extracting the filesystem of the base image, making the changes in the user space, snapshotting any change and appending it to the base
+image filesystem.
+
+This allows for a quite efficient caching, that can be pushed to another docker registry and downloaded on-demand, and a noticeably easier and
+more secure secret passing to the build context, as it happens in the user space itself.
+
+## Usage
+
+## Example pipeline
+```yaml
+name: Docker build
+on: push
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Kaniko build
+        uses: outillage/kaniko-action@master
+        with:
+          image: outillage/kaniko
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          cache: true
+          cache_registry: outillage/cache
+```
+
+## Required Arguments
+
+This action aims to be as flexible as possible, so it tries to define the defaults as for what I thought of being
+the most used values. So, technically there is a single required argument
+
+| variable        | description                                              | required | default                     |
+|-----------------|----------------------------------------------------------|----------|-----------------------------|
+| image           | Name of the image you would like to push                 | true     |                             |
+
+## Optional Arguments
+
+| variable        | description                                              | required | default                     |
+|-----------------|----------------------------------------------------------|----------|-----------------------------|
+| registry        | Docker registry where the image will be pushed           | false    | docker.io                   |
+| username        | Username used for authentication to the Docker registry  | false    | $GITHUB_ACTOR               |
+| password        | Password used for authentication to the Docker registry  | false    |                             |
+| tag             | Image tag                                                | false    | latest                      |
+| cache           | Enables build cache                                      | false    | false                       |
+| cache_ttl       | How long the cache should be considered valid            | false    |                             |
+| cache_registry  | Docker registry meant to be used as cache                | false    |                             |
+| cache_directory | Filesystem path meant to be used as cache                | false    |                             |
+| build_file      | Dockerfile filename                                      | false    | Dockerfile                  |
+| extra_args      | Additional arguments to be passed to the kaniko executor | false    |                             |
+
+**Here is where it gets specific, as the optional arguments become required depending on the registry targeted**
+
+### [docker.io](https://hub.docker.com/)
+
+This is the default, and implicit docker registry, in the same way as with using the docker CLI
+In this case, the authentication credentials need to be passed via GitHub Action secrets
+
+```yaml
+with:
+  image: outillage/kaniko
+  username: ${{ secrets.DOCKERHUB_USERNAME }}
+  password: ${{ secrets.DOCKERHUB_PASSWORD }}
+```
+
+> NOTE: Dockerhub doesn't support more than one level deep of docker images, so Kaniko's default approach of pushing the cache to `$image/cache`
+doesn't work. If you want to use caching with Dockerhub, create a `cache` repository, and specify it in the action options.
+
+```yaml
+with:
+  image: outillage/kaniko
+  username: ${{ secrets.DOCKERHUB_USERNAME }}
+  password: ${{ secrets.DOCKERHUB_PASSWORD }}
+  cache: true
+  cache_registry: outillage/cache
+```
+
+### [docker.pkg.github.com](https://github.com/features/packages)
+
+GitHub's docker registry is a bit special. It doesn't allow top-level images, so this action will prefix any image with the GitHub namespace.
+If you want to push your image like `outillage/kaniko-action/kaniko`, you'll only need to pass `kaniko` to this action.
+
+The authentication is automatically done using the `GITHUB_ACTOR` and `GITHUB_TOKEN` provided from GitHub itself. But as `GITHUB_TOKEN` is not
+passed by default, it will have to be explicitly set up.
+
+```yaml
+with:
+  registry: docker.pkg.github.com
+  password: ${{ secrets.GITHUB_TOKEN }}
+  image: kaniko
+```
+
+> NOTE: GitHub's docker registry is structured a bit differently, but it has the same drawback as Dockerhub, and that's that it's not possible
+to "namespace" images for cache. In order to use registry cache, just specify the image meant to be used as cache, and Kaniko will push the
+cache layers to that image instead
+
+```yaml
+with:
+  registry: docker.pkg.github.com
+  password: ${{ secrets.GITHUB_TOKEN }}
+  image: kaniko
+  cache: true
+  cache_registry: cache
+```
+
+### [registry.gitlab.com](https://docs.gitlab.com/ee/user/packages/container_registry)
+
+GitLab's registry is quite flexible, it allows easy image namespacing, so a project's docker registry can hold up to three levels of image
+repository names.
+
+```
+registry.gitlab.com/group/project:some-tag
+registry.gitlab.com/group/project/image:latest
+registry.gitlab.com/group/project/my/image:rc1
+```
+
+To authenticate to it, a username and personal access token must be supplied via GitHub Action Secrets.
+
+```yaml
+with:
+  registry: registry.gitlab.com
+  username: ${{ secrets.GL_REGISTRY_USERNAME }}
+  password: ${{ secrets.GL_REGISTRY_PASSWORD }}
+  image: outillage/kaniko
+```
+
+> NOTE: As GitLab's registry does support namespacing, Kaniko can natively push cached layers to it, so only `cache: true` is necessary to be
+specified in order to use it.
+
+```yaml
+with:
+  registry: registry.gitlab.com
+  username: ${{ secrets.GL_REGISTRY_USERNAME }}
+  password: ${{ secrets.GL_REGISTRY_PASSWORD }}
+  image: outillage/kaniko
+  cache: true
+```
+
+### Other registries
+
+If you would like to publish the image to other registries, these actions might be helpful
+
+| Registry                                             | Action                                        |
+|------------------------------------------------------|-----------------------------------------------|
+| Amazon Webservices Elastic Container Registry (ECR)  | https://github.com/elgohr/ecr-login-action    |
+| Google Cloud Container Registry                      | https://github.com/elgohr/gcloud-login-action |
+
+### Other arguments details
+
+#### tag
+
+The `tag` argument, **unless overridden**, is automatically guessed based on the branch name. If the branch is `master` then the tag will
+be `latest`, otherwise it will keep the branch name, but replacing any forward slash (/) with a hyphen (-).

action.yml

@@ -0,0 +1,43 @@
+# kaniko.yml
+name: "Kaniko builder"
+description: "Build and push docker images using Kaniko"
+branding:
+  icon: anchor
+  color: orange
+inputs:
+  registry:
+    description: "Docker registry where the image will be pushed"
+    required: false
+  username:
+    description: "Username used for authentication to the Docker registry"
+    required: false
+  password:
+    description: "Password used for authentication to the Docker registry"
+    required: false
+  image:
+    description: "Image name"
+    required: true
+  tag:
+    description: "Image tag"
+    required: false
+  cache:
+    description: "Enables build cache"
+    required: false
+  cache_ttl:
+    description: "How long the cache should be considered valid"
+    required: false
+  cache_registry:
+    description: "Docker registry meant to be used as cache"
+    required: false
+  cache_directory:
+    description: "Filesystem path meant to be used as cache"
+    required: false
+  build_file:
+    description: "Dockerfile filename"
+    required: false
+  extra_args:
+    description: "Additional arguments to be passed to the kaniko executor"
+    required: false
+runs:
+  using: "docker"
+  image: "Dockerfile"

entrypoint.sh

@@ -0,0 +1,62 @@
+#!/busybox/sh
+set -e pipefail
+
+export REGISTRY=${INPUT_REGISTRY:-"docker.io"}
+export IMAGE=${INPUT_IMAGE}
+export BRANCH=$(echo ${GITHUB_REF} | sed -e "s/refs\/heads\///g" | sed -e "s/\//-/g")
+export TAG=${INPUT_TAG:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)}
+export TAG=${TAG:-"latest"}
+export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
+export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
+export IMAGE=$IMAGE:$TAG
+
+function sanitize() {
+    if [ -z "${1}" ]; then
+        echo >&2 "Unable to find the ${2}. Did you set with.${2}?"
+        exit 1
+    fi
+}
+
+sanitize "${REGISTRY}" "registry"
+sanitize "${USERNAME}" "username"
+sanitize "${PASSWORD}" "password"
+sanitize "${IMAGE}" "image"
+sanitize "${TAG}" "tag"
+
+if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
+    export IMAGE="$GITHUB_REPOSITORY/$IMAGE"
+
+    if [ -z $INPUT_CACHE_REGISTRY ]; then
+        export INPUT_CACHE_REGISTRY="$GITHUB_REPOSITORY/$INPUT_CACHE_REGISTRY"
+    fi
+fi
+
+if [ "$REGISTRY" == "docker.io" ]; then
+    export REGISTRY="index.${REGISTRY}/v1/"
+else
+    export IMAGE="$REGISTRY/$IMAGE"
+fi
+
+export CACHE=${INPUT_CACHE:+"--cache=true"}
+export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
+export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
+export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
+export CONTEXT="--context $GITHUB_WORKSPACE"
+export DOCKERFILE="--dockerfile ${INPUT_BUILD_FILE:-Dockerfile}"
+export DESTINATION="--destination $IMAGE"
+
+export ARGS="$CACHE $CONTEXT $DOCKERFILE $DESTINATION $INPUT_EXTRA_ARGS"
+echo $ARGS
+
+cat <<EOF >/kaniko/.docker/config.json
+{
+    "auths": {
+        "https://${REGISTRY}": {
+            "username": "${USERNAME}",
+            "password": "${PASSWORD}"
+        }
+    }
+}
+EOF
+
+/kaniko/executor $ARGS