snoopy/action-kaniko
1
0
Fork 0
mirror of https://github.com/aevea/action-kaniko.git synced 2025-04-19 16:58:13 +02:00
Code Releases Activity

Compare commits

base: snoopy:master
Branches Tags
snoopy:master
snoopy:pr-70
snoopy:v0.14.0
snoopy:v0.13.0
snoopy:v0.12.1
snoopy:v0.12.0
snoopy:v0.11.0
snoopy:v0.10.0
snoopy:v0.9.0
snoopy:v0.8.0
snoopy:v0.7.1
snoopy:v0.7.0
snoopy:v0.6.2
snoopy:v0.6.1
snoopy:v0.6.0
snoopy:v0.5.1
snoopy:v0.5.0
snoopy:v0.4.0
snoopy:v0.3.2
snoopy:v0.3.1
snoopy:v0.3
snoopy:v0.2.1
snoopy:v0.2
snoopy:v0.1
..
compare: snoopy:v0.3
Branches Tags
snoopy:master
snoopy:pr-70
snoopy:v0.14.0
snoopy:v0.13.0
snoopy:v0.12.1
snoopy:v0.12.0
snoopy:v0.11.0
snoopy:v0.10.0
snoopy:v0.9.0
snoopy:v0.8.0
snoopy:v0.7.1
snoopy:v0.7.0
snoopy:v0.6.2
snoopy:v0.6.1
snoopy:v0.6.0
snoopy:v0.5.1
snoopy:v0.5.0
snoopy:v0.4.0
snoopy:v0.3.2
snoopy:v0.3.1
snoopy:v0.3
snoopy:v0.2.1
snoopy:v0.2
snoopy:v0.1

No commits in common. "master" and "v0.3" have entirely different histories.
master ... v0.3

10 changed files with 75 additions and 234 deletions
Show stats Expand all files Collapse all files

2
.dockerignore
View file

@ -1,3 +1,3 @@
*
!entrypoint.sh
.env*

6
.github/workflows/pr.yml vendored
View file

@ -6,8 +6,6 @@ jobs:
runs-on: ubuntu-latest
name: Verify commit messages
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/checkout@v1
- name: Run commitsar
uses: docker://aevea/commitsar@sha256:e4aed72de9a00b990a53c678ad51fbe9bd04e127a617d10beab0ef0204b1dfa0
uses: docker://commitsar/commitsar

10
.github/workflows/push.yml vendored
View file

@ -9,19 +9,19 @@ jobs:
- uses: actions/checkout@master
- name: GitHub Package Registry
uses: aevea/action-kaniko@master
uses: outillage/kaniko-action@master
with:
registry: ghcr.io
registry: docker.pkg.github.com
password: ${{ secrets.GITHUB_TOKEN }}
image: kaniko
cache: true
cache_registry: cache
- name: Dockerhub
uses: aevea/action-kaniko@master
uses: outillage/kaniko-action@master
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
image: aevea/kaniko
image: outillage/kaniko
cache: true
cache_registry: aevea/cache
cache_registry: outillage/cache

19
.github/workflows/release.yml vendored
View file

@ -10,32 +10,27 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 0
uses: actions/checkout@v1
- name: Release Notary Action
uses: docker://aevea/release-notary@sha256:690915bf87458fd8eb1e1ff0be34b33377f920eda3f38b96c62ecbf897c831f4
uses: docker://commitsar/release-notary
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
entrypoint: release-notary
args: publish
- name: GitHub Package Registry
uses: aevea/action-kaniko@master
uses: outillage/kaniko-action@master
with:
registry: ghcr.io
registry: docker.pkg.github.com
password: ${{ secrets.GITHUB_TOKEN }}
image: kaniko
cache: true
cache_registry: cache
- name: Dockerhub
uses: aevea/action-kaniko@master
uses: outillage/kaniko-action@master
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
image: aevea/kaniko
image: outillage/kaniko
cache: true
cache_registry: aevea/cache
cache_registry: outillage/cache

22
Dockerfile
View file

@ -1,26 +1,8 @@
FROM alpine as certs
RUN apk --update add ca-certificates
FROM gcr.io/kaniko-project/executor:v1.23.2-debug
SHELL ["/busybox/sh", "-c"]
RUN wget -O /kaniko/jq \
https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux64 && \
chmod +x /kaniko/jq && \
wget -O /kaniko/reg \
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
chmod +x /kaniko/reg && \
wget -O /crane.tar.gz \
https://github.com/google/go-containerregistry/releases/download/v0.17.0/go-containerregistry_Linux_x86_64.tar.gz && \
tar -xvzf /crane.tar.gz crane -C /kaniko && \
rm /crane.tar.gz
FROM gcr.io/kaniko-project/executor:debug
COPY entrypoint.sh /
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
ENTRYPOINT ["/entrypoint.sh"]
LABEL repository="https://github.com/aevea/action-kaniko" \
LABEL repository="https://github.com/outillage/action-kaniko" \
maintainer="Alex Viscreanu <alexviscreanu@gmail.com>"

24
Makefile
View file

@ -1,24 +0,0 @@
build:
docker build -t aevea/kaniko .
run: build
docker run \
-v $(shell pwd):/tmp \
-e GITHUB_REPOSITORY \
-e GITHUB_REF \
-e GITHUB_ACTOR \
-e GITHUB_TOKEN \
-e GITHUB_WORKSPACE="/tmp" \
-e INPUT_IMAGE \
-e INPUT_CACHE \
-e INPUT_CACHE_TTL \
-e INPUT_CACHE_REGISTRY \
-e INPUT_STRIP_TAG_PREFIX \
-e INPUT_SKIP_UNCHANGED_DIGEST \
aevea/kaniko
shell: build
docker run \
-ti \
--entrypoint sh \
aevea/kaniko

66
README.md
View file

@ -1,8 +1,5 @@
# Kaniko image builder
> [!WARNING]
> The kaniko project no longer seems to [have maintainers](https://github.com/GoogleContainerTools/kaniko/issues/3348). Keep this in mind before deciding to use kaniko as your image builder.
This Action uses the [kaniko](https://github.com/GoogleContainerTools/kaniko) executor instead of the docker daemon. Kaniko builds the image
by extracting the filesystem of the base image, making the changes in the user space, snapshotting any change and appending it to the base
image filesystem.
@ -22,13 +19,13 @@ jobs:
steps:
- uses: actions/checkout@master
- name: Kaniko build
uses: aevea/action-kaniko@master
uses: outillage/kaniko-action@master
with:
image: aevea/kaniko
image: outillage/kaniko
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
cache: true
cache_registry: aevea/cache
cache_registry: outillage/cache
```
## Required Arguments
@ -42,24 +39,19 @@ the most used values. So, technically there is a single required argument
## Optional Arguments
| variable | description | required | default |
|-----------------------|-----------------------------------------------------------------|----------|-----------------|
| registry | Docker registry where the image will be pushed | false | docker.io |
| username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR |
| password | Password used for authentication to the Docker registry | false | |
| tag | Image tag | false | latest |
| cache | Enables build cache | false | false |
| cache_ttl | How long the cache should be considered valid | false | |
| cache_registry | Docker registry meant to be used as cache | false | |
| cache_directory | Filesystem path meant to be used as cache | false | |
| build_file | Dockerfile filename | false | Dockerfile |
| extra_args | Additional arguments to be passed to the kaniko executor | false | |
| strip_tag_prefix | Prefix to be stripped from the tag | false | |
| skip_unchanged_digest | Avoids pushing the image if the build generated the same digest | false | |
| path | Path to the build context. Defaults to `.` | false | . |
| tag_with_latest | Tags the built image with additional latest tag | false | |
| target | Sets the target stage to build | false | |
| debug | Enables trace for entrypoint.sh | false | |
| variable | description | required | default |
|------------------|----------------------------------------------------------|----------|-----------------------------|
| registry | Docker registry where the image will be pushed | false | docker.io |
| username | Username used for authentication to the Docker registry | false | $GITHUB_ACTOR |
| password | Password used for authentication to the Docker registry | false | |
| tag | Image tag | false | latest |
| cache | Enables build cache | false | false |
| cache_ttl | How long the cache should be considered valid | false | |
| cache_registry | Docker registry meant to be used as cache | false | |
| cache_directory | Filesystem path meant to be used as cache | false | |
| build_file | Dockerfile filename | false | Dockerfile |
| extra_args | Additional arguments to be passed to the kaniko executor | false | |
| strip_tag_prefix | Prefix to be stripped from the tag | false | |
**Here is where it gets specific, as the optional arguments become required depending on the registry targeted**
@ -70,7 +62,7 @@ In this case, the authentication credentials need to be passed via GitHub Action
```yaml
with:
image: aevea/kaniko
image: outillage/kaniko
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
```
@ -80,24 +72,24 @@ doesn't work. If you want to use caching with Dockerhub, create a `cache` reposi
```yaml
with:
image: aevea/kaniko
image: outillage/kaniko
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
cache: true
cache_registry: aevea/cache
cache_registry: outillage/cache
```
### [ghcr.io](https://github.com/features/packages)
### [docker.pkg.github.com](https://github.com/features/packages)
GitHub's docker registry is a bit special. It doesn't allow top-level images, so this action will prefix any image with the GitHub namespace.
If you want to push your image like `aevea/action-kaniko/kaniko`, you'll only need to pass `kaniko` to this action.
If you want to push your image like `outillage/kaniko-action/kaniko`, you'll only need to pass `kaniko` to this action.
The authentication is automatically done using the `GITHUB_ACTOR` and `GITHUB_TOKEN` provided from GitHub itself. But as `GITHUB_TOKEN` is not
passed by default, it will have to be explicitly set up.
```yaml
with:
registry: ghcr.io
registry: docker.pkg.github.com
password: ${{ secrets.GITHUB_TOKEN }}
image: kaniko
```
@ -108,7 +100,7 @@ cache layers to that image instead
```yaml
with:
registry: ghcr.io
registry: docker.pkg.github.com
password: ${{ secrets.GITHUB_TOKEN }}
image: kaniko
cache: true
@ -133,7 +125,7 @@ with:
registry: registry.gitlab.com
username: ${{ secrets.GL_REGISTRY_USERNAME }}
password: ${{ secrets.GL_REGISTRY_PASSWORD }}
image: aevea/kaniko
image: outillage/kaniko
```
> NOTE: As GitLab's registry does support namespacing, Kaniko can natively push cached layers to it, so only `cache: true` is necessary to be
@ -144,7 +136,7 @@ with:
registry: registry.gitlab.com
username: ${{ secrets.GL_REGISTRY_USERNAME }}
password: ${{ secrets.GL_REGISTRY_PASSWORD }}
image: aevea/kaniko
image: outillage/kaniko
cache: true
```
@ -171,16 +163,10 @@ Example:
```yaml
with:
registry: ghcr.io
registry: docker.pkg.github.com
password: ${{ secrets.GITHUB_TOKEN }}
image: kaniko
strip_tag_prefix: pre-
```
for the tag `pre-0.1` will push `kaniko:0.1`, as the `pre-` part will be stripped from the tag name.
## Outputs
### `image`
Full reference to the built image with registry and tag.

19
action.yml
View file

@ -5,10 +5,6 @@ branding:
icon: anchor
color: orange
inputs:
path:
description: Path to the build context
required: false
default: "."
registry:
description: "Docker registry where the image will be pushed"
required: false
@ -45,21 +41,6 @@ inputs:
extra_args:
description: "Additional arguments to be passed to the kaniko executor"
required: false
skip_unchanged_digest:
description: "Avoids pushing the image if the build generated the same digest"
required: false
tag_with_latest:
description: "Tags the built image with additional latest tag"
required: false
target:
description: Sets the target stage to build
required: false
debug:
description: Enables trace for entrypoint.sh
required: false
outputs:
image:
description: "Full reference to the built image with registry and tag"
runs:
using: "docker"
image: "Dockerfile"

136
entrypoint.sh
View file

@ -1,84 +1,53 @@
#!/busybox/sh
set -e pipefail
if [ "$INPUT_DEBUG" = "true" ]; then
set -o xtrace
fi
export REGISTRY="${INPUT_REGISTRY:-"docker.io"}"
export IMAGE="$INPUT_IMAGE"
export BRANCH=$(echo "$GITHUB_REF" | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g")
export TAG=${INPUT_TAG:-$([ "$BRANCH" = "master" ] && echo latest || echo "$BRANCH")}
export TAG="${TAG:-"latest"}"
export TAG="${TAG#$INPUT_STRIP_TAG_PREFIX}"
export USERNAME="${INPUT_USERNAME:-$GITHUB_ACTOR}"
export PASSWORD="${INPUT_PASSWORD:-$GITHUB_TOKEN}"
export REPOSITORY="$IMAGE"
export IMAGE="${IMAGE}:${TAG}"
export CONTEXT_PATH="$INPUT_PATH"
export REGISTRY=${INPUT_REGISTRY:-"docker.io"}
export IMAGE=${INPUT_IMAGE}
export BRANCH=$(echo ${GITHUB_REF} | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g")
export TAG=${INPUT_TAG:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)}
export TAG=${TAG:-"latest"}
export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
export IMAGE=$IMAGE:$TAG
if [ "$INPUT_TAG_WITH_LATEST" = "true" ]; then
export IMAGE_LATEST="${REPOSITORY}:latest"
fi
ensure() {
function sanitize() {
if [ -z "${1}" ]; then
echo >&2 "Unable to find the ${2} variable. Did you set with.${2}?"
echo >&2 "Unable to find the ${2}. Did you set with.${2}?"
exit 1
fi
}
ensure "${REGISTRY}" "registry"
ensure "${USERNAME}" "username"
ensure "${PASSWORD}" "password"
ensure "${IMAGE}" "image"
ensure "${TAG}" "tag"
ensure "${CONTEXT_PATH}" "path"
sanitize "${REGISTRY}" "registry"
sanitize "${USERNAME}" "username"
sanitize "${PASSWORD}" "password"
sanitize "${IMAGE}" "image"
sanitize "${TAG}" "tag"
if [ "$REGISTRY" = "ghcr.io" ]; then
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
# Set `/` separator, unless image is pre-fixed with dash or slash
[ -n "$REPOSITORY" ] && [[ ! "$REPOSITORY" =~ ^[-/] ]] && SEPARATOR="/"
export IMAGE="$IMAGE_NAMESPACE$SEPARATOR$IMAGE"
export REPOSITORY="$IMAGE_NAMESPACE$SEPARATOR$REPOSITORY"
if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
export IMAGE="$GITHUB_REPOSITORY/$IMAGE"
if [ -n "$IMAGE_LATEST" ]; then
export IMAGE_LATEST="${IMAGE_NAMESPACE}/${IMAGE_LATEST}"
fi
if [ -n "$INPUT_CACHE_REGISTRY" ]; then
export INPUT_CACHE_REGISTRY="${REGISTRY}/${IMAGE_NAMESPACE}/${INPUT_CACHE_REGISTRY}"
if [ ! -z $INPUT_CACHE_REGISTRY ]; then
export INPUT_CACHE_REGISTRY="$REGISTRY/$GITHUB_REPOSITORY/$INPUT_CACHE_REGISTRY"
fi
fi
if [ "$REGISTRY" = "docker.io" ]; then
if [ "$REGISTRY" == "docker.io" ]; then
export REGISTRY="index.${REGISTRY}/v1/"
else
export IMAGE="${REGISTRY}/${IMAGE}"
if [ -n "$IMAGE_LATEST" ]; then
export IMAGE_LATEST="${REGISTRY}/${IMAGE_LATEST}"
fi
export IMAGE="$REGISTRY/$IMAGE"
fi
export CACHE="${INPUT_CACHE:+"--cache=true"}"
export CACHE="$CACHE"${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
export CACHE="$CACHE"${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
export CACHE="$CACHE"${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
export DIGEST="--digest-file /kaniko/digest --image-name-tag-with-digest-file=/kaniko/image-tag-digest"
export CACHE=${INPUT_CACHE:+"--cache=true"}
export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
export CONTEXT="--context $GITHUB_WORKSPACE"
export DOCKERFILE="--dockerfile ${INPUT_BUILD_FILE:-Dockerfile}"
export DESTINATION="--destination $IMAGE"
if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then
export DESTINATION="--no-push --tarPath image.tar --destination $IMAGE"
else
export DESTINATION="--destination $IMAGE"
if [ -n "$IMAGE_LATEST" ]; then
export DESTINATION="$DESTINATION --destination $IMAGE_LATEST"
fi
fi
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DIGEST $DESTINATION $INPUT_EXTRA_ARGS"
export ARGS="$CACHE $CONTEXT $DOCKERFILE $DESTINATION $INPUT_EXTRA_ARGS"
echo $ARGS
cat <<EOF >/kaniko/.docker/config.json
{
@ -91,45 +60,4 @@ cat <<EOF >/kaniko/.docker/config.json
}
EOF
# https://github.com/GoogleContainerTools/kaniko/issues/1803
# https://github.com/GoogleContainerTools/kaniko/issues/1349
export IFS=''
# Removes a trailing new line
ARGS=$(echo "${ARGS}" | sed 's/\n*$//')
kaniko_cmd="/kaniko/executor ${ARGS} --reproducible --force"
echo "Running kaniko command ${kaniko_cmd}"
eval "${kaniko_cmd}"
echo "image=$IMAGE" >> "$GITHUB_OUTPUT"
echo "digest=$(cat /kaniko/digest)" >> "$GITHUB_OUTPUT"
echo "image-tag-digest<<EOF" >>"$GITHUB_OUTPUT"
echo "$(cat /kaniko/image-tag-digest)" >>"$GITHUB_OUTPUT"
echo 'EOF' >>"$GITHUB_OUTPUT"
if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then
export DIGEST="$(cat /kaniko/digest)"
/kaniko/crane auth login "$REGISTRY" -u "$USERNAME" -p "$PASSWORD"
export REMOTE=$(crane digest "${REGISTRY}/${REPOSITORY}:latest")
if [ "$DIGEST" = "$REMOTE" ]; then
echo "refreshed=false" >> "$GITHUB_OUTPUT"
echo "Digest hasn't changed, skipping, $DIGEST"
echo "Done 🎉️"
exit 0
fi
echo "Pushing image..."
/kaniko/crane push image.tar "$IMAGE"
if [ -n "$IMAGE_LATEST" ]; then
echo "Tagging latest..."
/kaniko/crane tag "$IMAGE" latest
fi
echo "refreshed=false" >> "$GITHUB_OUTPUT"
echo "Done 🎉️"
fi
/kaniko/executor $ARGS

5
renovate.json
View file

@ -1,5 +0,0 @@
{
"extends": [
"config:base"
]
}