snoopy/action-kaniko
1
0
Fork 0
mirror of https://github.com/aevea/action-kaniko.git synced 2025-04-20 00:58:15 +02:00
Code Releases Activity

chore: fixing digest

Browse source 
Fixing few issues with digest:
1. Multi-stage dockerfiles override /usr/local/lib, downloading jq and reg to /kaniko instead
2. Github registry doesn't support digest yet, downloading manifest and calculating the digest manually
3. Digest was fetched for the current tag, which not yet exist. Fetching digest for the latest tag instead
This commit is contained in:
Doron Somech 2020-06-20 20:07:45 +03:00
parent 57d6d22cdf
commit ff9e1ae761
2 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Dockerfile
View file

@ -6,13 +6,12 @@ FROM gcr.io/kaniko-project/executor:debug
SHELL ["/busybox/sh", "-c"] SHELL ["/busybox/sh", "-c"]
RUN mkdir -p /usr/local/bin && \ RUN wget -O /kaniko/jq \
wget -O /usr/local/bin/jq \
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \ https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
chmod +x /usr/local/bin/jq && \ chmod +x /kaniko/jq && \
wget -O /usr/local/bin/reg \ wget -O /kaniko/reg \
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \ https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
chmod +x /usr/local/bin/reg chmod +x /kaniko/reg
COPY entrypoint.sh / COPY entrypoint.sh /
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

10
entrypoint.sh
View file

@ -9,6 +9,7 @@ export TAG=${TAG:-"latest"}
export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX} export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR} export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN} export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
export REPOSITORY=$IMAGE
export IMAGE=$IMAGE:$TAG export IMAGE=$IMAGE:$TAG
function ensure() { function ensure() {
@ -27,6 +28,7 @@ ensure "${TAG}" "tag"
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
export IMAGE="$IMAGE_NAMESPACE/$IMAGE" export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
if [ ! -z $INPUT_CACHE_REGISTRY ]; then if [ ! -z $INPUT_CACHE_REGISTRY ]; then
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY" export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
@ -69,7 +71,13 @@ EOF
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
export DIGEST=$(cat digest) export DIGEST=$(cat digest)
export REMOTE=$(reg digest "$IMAGE" | tail -1)
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64)" https://docker.pkg.github.com/v2/$REPOSITORY/manifests/latest || true
export REMOTE="sha256:$(cat manifest | sha256sum | awk '{ print $1 }')"
else
export REMOTE=$(reg digest -u $USERNAME -p $PASSWORD $REGISTRY/$REPOSITORY | tail -1)
fi
if [ "$DIGEST" == "$REMOTE" ]; then if [ "$DIGEST" == "$REMOTE" ]; then
echo "Digest hasn't changed, skipping, $DIGEST" echo "Digest hasn't changed, skipping, $DIGEST"