.github/workflows/pr.yml

@@ -6,8 +6,8 @@ jobs:
     runs-on: ubuntu-latest
     name: Verify commit messages
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Run commitsar
-        uses: docker://aevea/commitsar@sha256:e4aed72de9a00b990a53c678ad51fbe9bd04e127a617d10beab0ef0204b1dfa0
+        uses: docker://aevea/commitsar@sha256:27ea5e528b153393e924d98764d6400a181f03768d972ba151b3ddc9f14ff12c

.github/workflows/release.yml

@@ -10,17 +10,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
       - name: Release Notary Action
-        uses: docker://aevea/release-notary@sha256:690915bf87458fd8eb1e1ff0be34b33377f920eda3f38b96c62ecbf897c831f4
+        uses: docker://aevea/release-notary@sha256:03e771a509881121758b05217a8938ca8379d29dfa69a2605ceca06ffca2db4d
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          entrypoint: release-notary
-          args: publish
 
       - name: GitHub Package Registry
         uses: aevea/action-kaniko@master

Dockerfile

@@ -2,18 +2,18 @@ FROM alpine as certs
 
 RUN apk --update add ca-certificates
 
-FROM gcr.io/kaniko-project/executor:v1.23.2-debug
+FROM gcr.io/kaniko-project/executor:v1.7.0-debug
 
 SHELL ["/busybox/sh", "-c"]
 
 RUN wget -O /kaniko/jq \
-    https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux64 && \
+    https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
     chmod +x /kaniko/jq && \
     wget -O /kaniko/reg \
     https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
     chmod +x /kaniko/reg && \
     wget -O /crane.tar.gz \ 
-    https://github.com/google/go-containerregistry/releases/download/v0.17.0/go-containerregistry_Linux_x86_64.tar.gz && \
+    https://github.com/google/go-containerregistry/releases/download/v0.8.0/go-containerregistry_Linux_x86_64.tar.gz && \
     tar -xvzf /crane.tar.gz crane -C /kaniko && \
     rm /crane.tar.gz
 

README.md

@@ -1,8 +1,5 @@
 # Kaniko image builder
 
-> [!WARNING]  
-> The kaniko project no longer seems to [have maintainers](https://github.com/GoogleContainerTools/kaniko/issues/3348). Keep this in mind before deciding to use kaniko as your image builder.
-
 This Action uses the [kaniko](https://github.com/GoogleContainerTools/kaniko) executor instead of the docker daemon. Kaniko builds the image
 by extracting the filesystem of the base image, making the changes in the user space, snapshotting any change and appending it to the base
 image filesystem.
@@ -178,9 +175,3 @@ with:
 ```
 
 for the tag `pre-0.1` will push `kaniko:0.1`, as the `pre-` part will be stripped from the tag name.
-
-## Outputs
-
-### `image`
-
-Full reference to the built image with registry and tag.

action.yml

@@ -57,9 +57,6 @@ inputs:
   debug:
     description: Enables trace for entrypoint.sh
     required: false
-outputs:
-  image:
-    description: "Full reference to the built image with registry and tag"
 runs:
   using: "docker"
   image: "Dockerfile"

entrypoint.sh

@@ -1,26 +1,26 @@
 #!/busybox/sh
 set -e pipefail
-if [ "$INPUT_DEBUG" = "true" ]; then
+if [[ "$INPUT_DEBUG" == "true" ]]; then
     set -o xtrace
 fi
 
-export REGISTRY="${INPUT_REGISTRY:-"docker.io"}"
+export REGISTRY=${INPUT_REGISTRY:-"docker.io"}
-export IMAGE="$INPUT_IMAGE"
+export IMAGE=${INPUT_IMAGE}
-export BRANCH=$(echo "$GITHUB_REF" | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g")
+export BRANCH=$(echo ${GITHUB_REF} | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g")
-export TAG=${INPUT_TAG:-$([ "$BRANCH" = "master" ] && echo latest || echo "$BRANCH")}
+export TAG=${INPUT_TAG:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)}
-export TAG="${TAG:-"latest"}"
+export TAG=${TAG:-"latest"}
-export TAG="${TAG#$INPUT_STRIP_TAG_PREFIX}"
+export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
-export USERNAME="${INPUT_USERNAME:-$GITHUB_ACTOR}"
+export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
-export PASSWORD="${INPUT_PASSWORD:-$GITHUB_TOKEN}"
+export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
-export REPOSITORY="$IMAGE"
+export REPOSITORY=$IMAGE
-export IMAGE="${IMAGE}:${TAG}"
+export IMAGE=$IMAGE:$TAG
-export CONTEXT_PATH="$INPUT_PATH"
+export CONTEXT_PATH=${INPUT_PATH}
 
-if [ "$INPUT_TAG_WITH_LATEST" = "true" ]; then
+if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then
-    export IMAGE_LATEST="${REPOSITORY}:latest"
+    export IMAGE_LATEST="$REPOSITORY:latest"
 fi
 
-ensure() {
+function ensure() {
     if [ -z "${1}" ]; then
         echo >&2 "Unable to find the ${2} variable. Did you set with.${2}?"
         exit 1
@@ -34,51 +34,48 @@ ensure "${IMAGE}" "image"
 ensure "${TAG}" "tag"
 ensure "${CONTEXT_PATH}" "path"
 
-if [ "$REGISTRY" = "ghcr.io" ]; then
+if [ "$REGISTRY" == "ghcr.io" ]; then
     IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
-    # Set `/` separator, unless image is pre-fixed with dash or slash
+    export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
-    [ -n "$REPOSITORY" ] && [[ ! "$REPOSITORY" =~ ^[-/] ]] && SEPARATOR="/"
+    export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
-    export IMAGE="$IMAGE_NAMESPACE$SEPARATOR$IMAGE"
-    export REPOSITORY="$IMAGE_NAMESPACE$SEPARATOR$REPOSITORY"
 
-    if [ -n "$IMAGE_LATEST" ]; then
+    if [ ! -z $IMAGE_LATEST ]; then
-        export IMAGE_LATEST="${IMAGE_NAMESPACE}/${IMAGE_LATEST}"
+        export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST"
     fi
 
-    if [ -n "$INPUT_CACHE_REGISTRY" ]; then
+    if [ ! -z $INPUT_CACHE_REGISTRY ]; then
-        export INPUT_CACHE_REGISTRY="${REGISTRY}/${IMAGE_NAMESPACE}/${INPUT_CACHE_REGISTRY}"
+        export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
     fi
 fi
 
-if [ "$REGISTRY" = "docker.io" ]; then
+if [ "$REGISTRY" == "docker.io" ]; then
     export REGISTRY="index.${REGISTRY}/v1/"
 else
-    export IMAGE="${REGISTRY}/${IMAGE}"
+    export IMAGE="$REGISTRY/$IMAGE"
 
-    if [ -n "$IMAGE_LATEST" ]; then
+    if [ ! -z $IMAGE_LATEST ]; then
-        export IMAGE_LATEST="${REGISTRY}/${IMAGE_LATEST}"
+        export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST"
     fi
 fi
 
-export CACHE="${INPUT_CACHE:+"--cache=true"}"
+export CACHE=${INPUT_CACHE:+"--cache=true"}
-export CACHE="$CACHE"${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
+export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
-export CACHE="$CACHE"${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
+export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
-export CACHE="$CACHE"${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
+export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
 export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
 export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
 export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
-export DIGEST="--digest-file /kaniko/digest --image-name-tag-with-digest-file=/kaniko/image-tag-digest"
 
-if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then
+if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
-    export DESTINATION="--no-push --tarPath image.tar --destination $IMAGE"
+    export DESTINATION="--digest-file digest --no-push --tarPath image.tar --destination $IMAGE"
 else
     export DESTINATION="--destination $IMAGE"
-    if [ -n "$IMAGE_LATEST" ]; then
+    if [ ! -z $IMAGE_LATEST ]; then
         export DESTINATION="$DESTINATION --destination $IMAGE_LATEST"  
     fi
 fi
 
-export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DIGEST $DESTINATION $INPUT_EXTRA_ARGS"
+export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS"
 
 cat <<EOF >/kaniko/.docker/config.json
 {
@@ -91,31 +88,17 @@ cat <<EOF >/kaniko/.docker/config.json
 }
 EOF
 
-# https://github.com/GoogleContainerTools/kaniko/issues/1803
 # https://github.com/GoogleContainerTools/kaniko/issues/1349
-export IFS=''
+/kaniko/executor --reproducible --force $ARGS
-# Removes a trailing new line
-ARGS=$(echo "${ARGS}" | sed 's/\n*$//')
-kaniko_cmd="/kaniko/executor ${ARGS} --reproducible --force"
-echo "Running kaniko command ${kaniko_cmd}"
-eval "${kaniko_cmd}"
 
-echo "image=$IMAGE" >> "$GITHUB_OUTPUT"
+if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
-echo "digest=$(cat /kaniko/digest)" >> "$GITHUB_OUTPUT"
+    export DIGEST=$(cat digest)
-echo "image-tag-digest<<EOF" >>"$GITHUB_OUTPUT"
-echo "$(cat /kaniko/image-tag-digest)" >>"$GITHUB_OUTPUT"
-echo 'EOF' >>"$GITHUB_OUTPUT"
 
+    /kaniko/crane auth login $REGISTRY -u $USERNAME -p $PASSWORD
 
-if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then
+    export REMOTE=$(crane digest $REGISTRY/${REPOSITORY}:latest)
-    export DIGEST="$(cat /kaniko/digest)"
 
-    /kaniko/crane auth login "$REGISTRY" -u "$USERNAME" -p "$PASSWORD"
+    if [ "$DIGEST" == "$REMOTE" ]; then
-
-    export REMOTE=$(crane digest "${REGISTRY}/${REPOSITORY}:latest")
-
-    if [ "$DIGEST" = "$REMOTE" ]; then
-        echo "refreshed=false" >> "$GITHUB_OUTPUT"
         echo "Digest hasn't changed, skipping, $DIGEST"
         echo "Done 🎉️"
         exit 0
@@ -123,13 +106,12 @@ if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then
 
     echo "Pushing image..."
     
-    /kaniko/crane push image.tar "$IMAGE"
+    /kaniko/crane push image.tar $IMAGE
 
-    if [ -n "$IMAGE_LATEST" ]; then
+    if [ ! -z $IMAGE_LATEST ]; then
         echo "Tagging latest..."
-        /kaniko/crane tag "$IMAGE" latest
+        /kaniko/crane tag $IMAGE latest  
     fi
  
-    echo "refreshed=false" >> "$GITHUB_OUTPUT"
     echo "Done 🎉️"
 fi