snoopy/action-kaniko
1
0
Fork 0
mirror of https://github.com/aevea/action-kaniko.git synced 2025-04-20 00:58:15 +02:00
Code Releases Activity

chore: fixing digest

Browse source 
Fixing few issues with digest:
1. Multi-stage dockerfiles override /usr/local/lib, downloading jq and reg to /kaniko instead
2. Github registry doesn't support digest yet, downloading manifest and calculating the digest manually
3. Digest was fetched for the current tag, which not yet exist. Fetching digest for the latest tag instead
This commit is contained in:
Doron Somech 2020-06-20 20:07:45 +03:00
parent 57d6d22cdf
commit ff9e1ae761
2 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Dockerfile
View file

@ -6,13 +6,12 @@ FROM gcr.io/kaniko-project/executor:debug
SHELL ["/busybox/sh", "-c"]
RUN mkdir -p /usr/local/bin && \
wget -O /usr/local/bin/jq \
RUN wget -O /kaniko/jq \
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
chmod +x /usr/local/bin/jq && \
wget -O /usr/local/bin/reg \
chmod +x /kaniko/jq && \
wget -O /kaniko/reg \
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
chmod +x /usr/local/bin/reg
chmod +x /kaniko/reg
COPY entrypoint.sh /
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

10
entrypoint.sh
View file

@ -9,6 +9,7 @@ export TAG=${TAG:-"latest"}
export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
export REPOSITORY=$IMAGE
export IMAGE=$IMAGE:$TAG
function ensure() {
@ -27,6 +28,7 @@ ensure "${TAG}" "tag"
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
if [ ! -z $INPUT_CACHE_REGISTRY ]; then
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
@ -69,7 +71,13 @@ EOF
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
export DIGEST=$(cat digest)
export REMOTE=$(reg digest "$IMAGE" | tail -1)
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64)" https://docker.pkg.github.com/v2/$REPOSITORY/manifests/latest || true
export REMOTE="sha256:$(cat manifest | sha256sum | awk '{ print $1 }')"
else
export REMOTE=$(reg digest -u $USERNAME -p $PASSWORD $REGISTRY/$REPOSITORY | tail -1)
fi
if [ "$DIGEST" == "$REMOTE" ]; then
echo "Digest hasn't changed, skipping, $DIGEST"