mirror of
https://github.com/aevea/action-kaniko.git
synced 2025-04-04 10:28:48 +02:00
Compare commits
24 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
be5ce625a5 | ||
|
|
58af85fb13 | ||
|
|
9223ef89b8 | ||
|
|
12a3a8cc81 | ||
|
|
977090a03e | ||
|
|
fd47216104 | ||
|
|
8de7c88b27 | ||
|
|
ef9c4ca42e | ||
|
|
16c18d6aee | ||
|
|
ec00be49b7 | ||
|
|
4f9a6a7f2c | ||
|
|
81a26cb33a | ||
|
|
17bff7af73 | ||
|
|
a95ae7d706 | ||
|
|
10b098cb52 | ||
|
|
4387eb381c | ||
|
|
ca098255c5 | ||
|
|
e54575cc70 | ||
|
|
78060c4e9d | ||
|
|
98d5caab7f | ||
|
|
83ddee1c8b | ||
|
|
57fd639926 | ||
|
|
c97b90ade3 | ||
|
|
1200c08dba |
6 changed files with 87 additions and 58 deletions
4
.github/workflows/pr.yml
vendored
4
.github/workflows/pr.yml
vendored
|
|
@ -6,8 +6,8 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
name: Verify commit messages
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Run commitsar
|
||||
uses: docker://aevea/commitsar@sha256:27ea5e528b153393e924d98764d6400a181f03768d972ba151b3ddc9f14ff12c
|
||||
uses: docker://aevea/commitsar@sha256:e4aed72de9a00b990a53c678ad51fbe9bd04e127a617d10beab0ef0204b1dfa0
|
||||
|
|
|
|||
7
.github/workflows/release.yml
vendored
7
.github/workflows/release.yml
vendored
|
|
@ -10,14 +10,17 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Release Notary Action
|
||||
uses: docker://aevea/release-notary@sha256:03e771a509881121758b05217a8938ca8379d29dfa69a2605ceca06ffca2db4d
|
||||
uses: docker://aevea/release-notary@sha256:690915bf87458fd8eb1e1ff0be34b33377f920eda3f38b96c62ecbf897c831f4
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
entrypoint: release-notary
|
||||
args: publish
|
||||
|
||||
- name: GitHub Package Registry
|
||||
uses: aevea/action-kaniko@master
|
||||
|
|
|
|||
|
|
@ -2,18 +2,18 @@ FROM alpine as certs
|
|||
|
||||
RUN apk --update add ca-certificates
|
||||
|
||||
FROM gcr.io/kaniko-project/executor:debug
|
||||
FROM gcr.io/kaniko-project/executor:v1.23.2-debug
|
||||
|
||||
SHELL ["/busybox/sh", "-c"]
|
||||
|
||||
RUN wget -O /kaniko/jq \
|
||||
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
|
||||
https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux64 && \
|
||||
chmod +x /kaniko/jq && \
|
||||
wget -O /kaniko/reg \
|
||||
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
|
||||
chmod +x /kaniko/reg && \
|
||||
wget -O /crane.tar.gz \
|
||||
https://github.com/google/go-containerregistry/releases/download/v0.1.1/go-containerregistry_Linux_x86_64.tar.gz && \
|
||||
wget -O /crane.tar.gz \
|
||||
https://github.com/google/go-containerregistry/releases/download/v0.17.0/go-containerregistry_Linux_x86_64.tar.gz && \
|
||||
tar -xvzf /crane.tar.gz crane -C /kaniko && \
|
||||
rm /crane.tar.gz
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
# Kaniko image builder
|
||||
|
||||
> [!WARNING]
|
||||
> The kaniko project no longer seems to [have maintainers](https://github.com/GoogleContainerTools/kaniko/issues/3348). Keep this in mind before deciding to use kaniko as your image builder.
|
||||
|
||||
This Action uses the [kaniko](https://github.com/GoogleContainerTools/kaniko) executor instead of the docker daemon. Kaniko builds the image
|
||||
by extracting the filesystem of the base image, making the changes in the user space, snapshotting any change and appending it to the base
|
||||
image filesystem.
|
||||
|
|
@ -175,3 +178,9 @@ with:
|
|||
```
|
||||
|
||||
for the tag `pre-0.1` will push `kaniko:0.1`, as the `pre-` part will be stripped from the tag name.
|
||||
|
||||
## Outputs
|
||||
|
||||
### `image`
|
||||
|
||||
Full reference to the built image with registry and tag.
|
||||
|
|
|
|||
|
|
@ -57,6 +57,9 @@ inputs:
|
|||
debug:
|
||||
description: Enables trace for entrypoint.sh
|
||||
required: false
|
||||
outputs:
|
||||
image:
|
||||
description: "Full reference to the built image with registry and tag"
|
||||
runs:
|
||||
using: "docker"
|
||||
image: "Dockerfile"
|
||||
|
|
|
|||
114
entrypoint.sh
114
entrypoint.sh
|
|
@ -1,26 +1,26 @@
|
|||
#!/busybox/sh
|
||||
set -e pipefail
|
||||
if [[ "$INPUT_DEBUG" == "true" ]]; then
|
||||
if [ "$INPUT_DEBUG" = "true" ]; then
|
||||
set -o xtrace
|
||||
fi
|
||||
|
||||
export REGISTRY=${INPUT_REGISTRY:-"docker.io"}
|
||||
export IMAGE=${INPUT_IMAGE}
|
||||
export BRANCH=$(echo ${GITHUB_REF} | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g")
|
||||
export TAG=${INPUT_TAG:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)}
|
||||
export TAG=${TAG:-"latest"}
|
||||
export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
|
||||
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
|
||||
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
|
||||
export REPOSITORY=$IMAGE
|
||||
export IMAGE=$IMAGE:$TAG
|
||||
export CONTEXT_PATH=${INPUT_PATH}
|
||||
export REGISTRY="${INPUT_REGISTRY:-"docker.io"}"
|
||||
export IMAGE="$INPUT_IMAGE"
|
||||
export BRANCH=$(echo "$GITHUB_REF" | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g")
|
||||
export TAG=${INPUT_TAG:-$([ "$BRANCH" = "master" ] && echo latest || echo "$BRANCH")}
|
||||
export TAG="${TAG:-"latest"}"
|
||||
export TAG="${TAG#$INPUT_STRIP_TAG_PREFIX}"
|
||||
export USERNAME="${INPUT_USERNAME:-$GITHUB_ACTOR}"
|
||||
export PASSWORD="${INPUT_PASSWORD:-$GITHUB_TOKEN}"
|
||||
export REPOSITORY="$IMAGE"
|
||||
export IMAGE="${IMAGE}:${TAG}"
|
||||
export CONTEXT_PATH="$INPUT_PATH"
|
||||
|
||||
if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then
|
||||
export IMAGE_LATEST="$REPOSITORY:latest"
|
||||
if [ "$INPUT_TAG_WITH_LATEST" = "true" ]; then
|
||||
export IMAGE_LATEST="${REPOSITORY}:latest"
|
||||
fi
|
||||
|
||||
function ensure() {
|
||||
ensure() {
|
||||
if [ -z "${1}" ]; then
|
||||
echo >&2 "Unable to find the ${2} variable. Did you set with.${2}?"
|
||||
exit 1
|
||||
|
|
@ -34,48 +34,51 @@ ensure "${IMAGE}" "image"
|
|||
ensure "${TAG}" "tag"
|
||||
ensure "${CONTEXT_PATH}" "path"
|
||||
|
||||
if [ "$REGISTRY" == "ghcr.io" ]; then
|
||||
if [ "$REGISTRY" = "ghcr.io" ]; then
|
||||
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
|
||||
export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
|
||||
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
|
||||
# Set `/` separator, unless image is pre-fixed with dash or slash
|
||||
[ -n "$REPOSITORY" ] && [[ ! "$REPOSITORY" =~ ^[-/] ]] && SEPARATOR="/"
|
||||
export IMAGE="$IMAGE_NAMESPACE$SEPARATOR$IMAGE"
|
||||
export REPOSITORY="$IMAGE_NAMESPACE$SEPARATOR$REPOSITORY"
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST"
|
||||
if [ -n "$IMAGE_LATEST" ]; then
|
||||
export IMAGE_LATEST="${IMAGE_NAMESPACE}/${IMAGE_LATEST}"
|
||||
fi
|
||||
|
||||
if [ ! -z $INPUT_CACHE_REGISTRY ]; then
|
||||
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
|
||||
if [ -n "$INPUT_CACHE_REGISTRY" ]; then
|
||||
export INPUT_CACHE_REGISTRY="${REGISTRY}/${IMAGE_NAMESPACE}/${INPUT_CACHE_REGISTRY}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$REGISTRY" == "docker.io" ]; then
|
||||
if [ "$REGISTRY" = "docker.io" ]; then
|
||||
export REGISTRY="index.${REGISTRY}/v1/"
|
||||
else
|
||||
export IMAGE="$REGISTRY/$IMAGE"
|
||||
export IMAGE="${REGISTRY}/${IMAGE}"
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST"
|
||||
if [ -n "$IMAGE_LATEST" ]; then
|
||||
export IMAGE_LATEST="${REGISTRY}/${IMAGE_LATEST}"
|
||||
fi
|
||||
fi
|
||||
|
||||
export CACHE=${INPUT_CACHE:+"--cache=true"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
|
||||
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
|
||||
export CACHE="${INPUT_CACHE:+"--cache=true"}"
|
||||
export CACHE="$CACHE"${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
|
||||
export CACHE="$CACHE"${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
|
||||
export CACHE="$CACHE"${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
|
||||
export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
|
||||
export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
|
||||
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
|
||||
export DIGEST="--digest-file /kaniko/digest --image-name-tag-with-digest-file=/kaniko/image-tag-digest"
|
||||
|
||||
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
||||
export DESTINATION="--digest-file digest --no-push --tarPath image.tar --destination $IMAGE"
|
||||
if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then
|
||||
export DESTINATION="--no-push --tarPath image.tar --destination $IMAGE"
|
||||
else
|
||||
export DESTINATION="--destination $IMAGE"
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
export DESTINATION="$DESTINATION --destination $IMAGE_LATEST"
|
||||
if [ -n "$IMAGE_LATEST" ]; then
|
||||
export DESTINATION="$DESTINATION --destination $IMAGE_LATEST"
|
||||
fi
|
||||
fi
|
||||
|
||||
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS"
|
||||
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DIGEST $DESTINATION $INPUT_EXTRA_ARGS"
|
||||
|
||||
cat <<EOF >/kaniko/.docker/config.json
|
||||
{
|
||||
|
|
@ -88,20 +91,31 @@ cat <<EOF >/kaniko/.docker/config.json
|
|||
}
|
||||
EOF
|
||||
|
||||
# https://github.com/GoogleContainerTools/kaniko/issues/1803
|
||||
# https://github.com/GoogleContainerTools/kaniko/issues/1349
|
||||
/kaniko/executor --reproducible --force $ARGS
|
||||
export IFS=''
|
||||
# Removes a trailing new line
|
||||
ARGS=$(echo "${ARGS}" | sed 's/\n*$//')
|
||||
kaniko_cmd="/kaniko/executor ${ARGS} --reproducible --force"
|
||||
echo "Running kaniko command ${kaniko_cmd}"
|
||||
eval "${kaniko_cmd}"
|
||||
|
||||
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
||||
export DIGEST=$(cat digest)
|
||||
echo "image=$IMAGE" >> "$GITHUB_OUTPUT"
|
||||
echo "digest=$(cat /kaniko/digest)" >> "$GITHUB_OUTPUT"
|
||||
echo "image-tag-digest<<EOF" >>"$GITHUB_OUTPUT"
|
||||
echo "$(cat /kaniko/image-tag-digest)" >>"$GITHUB_OUTPUT"
|
||||
echo 'EOF' >>"$GITHUB_OUTPUT"
|
||||
|
||||
if [ "$REGISTRY" == "ghcr.io" ]; then
|
||||
wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64 | tr -d \\n)" https://ghcr.io/v2/$REPOSITORY/manifests/latest || true
|
||||
export REMOTE="sha256:$(cat manifest | sha256sum | awk '{ print $1 }')"
|
||||
else
|
||||
export REMOTE=$(reg digest -u $USERNAME -p $PASSWORD $REGISTRY/$REPOSITORY | tail -1)
|
||||
fi
|
||||
|
||||
if [ "$DIGEST" == "$REMOTE" ]; then
|
||||
if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then
|
||||
export DIGEST="$(cat /kaniko/digest)"
|
||||
|
||||
/kaniko/crane auth login "$REGISTRY" -u "$USERNAME" -p "$PASSWORD"
|
||||
|
||||
export REMOTE=$(crane digest "${REGISTRY}/${REPOSITORY}:latest")
|
||||
|
||||
if [ "$DIGEST" = "$REMOTE" ]; then
|
||||
echo "refreshed=false" >> "$GITHUB_OUTPUT"
|
||||
echo "Digest hasn't changed, skipping, $DIGEST"
|
||||
echo "Done 🎉️"
|
||||
exit 0
|
||||
|
|
@ -109,13 +123,13 @@ if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
|
|||
|
||||
echo "Pushing image..."
|
||||
|
||||
/kaniko/crane auth login $REGISTRY -u $USERNAME -p $PASSWORD
|
||||
/kaniko/crane push image.tar $IMAGE
|
||||
/kaniko/crane push image.tar "$IMAGE"
|
||||
|
||||
if [ ! -z $IMAGE_LATEST ]; then
|
||||
if [ -n "$IMAGE_LATEST" ]; then
|
||||
echo "Tagging latest..."
|
||||
/kaniko/crane tag $IMAGE latest
|
||||
/kaniko/crane tag "$IMAGE" latest
|
||||
fi
|
||||
|
||||
|
||||
echo "refreshed=false" >> "$GITHUB_OUTPUT"
|
||||
echo "Done 🎉️"
|
||||
fi
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue