actions/action-kaniko
1
0
Fork 0
mirror of https://github.com/aevea/action-kaniko.git synced 2025-12-16 13:59:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: actions:v0.10.0
Branches Tags
actions:master actions:renovate/aevea-commitsar actions:renovate/gcr.io-kaniko-project-executor-1.x actions:pr-70
actions:v0.14.0 actions:v0.13.0 actions:v0.12.1 actions:v0.12.0 actions:v0.11.0 actions:v0.10.0 actions:v0.9.0 actions:v0.8.0 actions:v0.7.1 actions:v0.7.0 actions:v0.6.2 actions:v0.6.1 actions:v0.6.0 actions:v0.5.1 actions:v0.5.0 actions:v0.4.0 actions:v0.3.2 actions:v0.3.1 actions:v0.3 actions:v0.2.1 actions:v0.2 actions:v0.1
..
compare: actions:renovate/aevea-commitsar
Branches Tags
actions:renovate/aevea-commitsar actions:master actions:renovate/gcr.io-kaniko-project-executor-1.x actions:pr-70
actions:v0.14.0 actions:v0.13.0 actions:v0.12.1 actions:v0.12.0 actions:v0.11.0 actions:v0.10.0 actions:v0.9.0 actions:v0.8.0 actions:v0.7.1 actions:v0.7.0 actions:v0.6.2 actions:v0.6.1 actions:v0.6.0 actions:v0.5.1 actions:v0.5.0 actions:v0.4.0 actions:v0.3.2 actions:v0.3.1 actions:v0.3 actions:v0.2.1 actions:v0.2 actions:v0.1

23 Commits
v0.10.0 ... renovate/a

Author SHA1 Message Date
renovate[bot]
abf147ae1c chore(deps): update aevea/commitsar docker digest to e1990a7 2025-12-15 14:41:35 +00:00
Alex Viscreanu
a198175914 chore: add daily executor build action 2025-12-15 11:10:15 +01:00
Alex Viscreanu
9a317cb443 chore(ci): update actions/checkout to v6 2025-12-15 10:50:31 +01:00
Alex Viscreanu
be5ce625a5 docs: add warning about kaniko lacking maintainers 2024-11-07 19:00:36 +01:00
renovate[bot]
58af85fb13 chore(deps): update gcr.io/kaniko-project/executor docker tag to v1.23.2 2024-11-07 18:55:15 +01:00
renovate[bot]
9223ef89b8 chore(deps): update gcr.io/kaniko-project/executor docker tag to v1.22.0 2024-04-22 22:50:48 +02:00
renovate[bot]
12a3a8cc81 chore(deps): update aevea/commitsar docker digest to e4aed72 2024-04-22 22:47:31 +02:00
renovate[bot]
977090a03e chore(deps): update aevea/release-notary docker digest to 690915b 2024-04-22 22:47:22 +02:00
Jason Kratz
fd47216104 fix: correctly handle multi-line tag digests output 
kaniko outputs each tag on a new line, so users that push multiple tags
at once would get an error as the output wasn't prepared to handle multi-line
text
 2024-04-22 22:38:37 +02:00
renovate[bot]
8de7c88b27 chore(deps): update gcr.io/kaniko-project/executor docker tag to v1.21.1 2024-03-08 13:50:40 +01:00
ykyr
ef9c4ca42e fix: entrypoint ARGS remove new line 2024-03-08 13:50:15 +01:00
Alex Viscreanu
16c18d6aee ci: fix release notary action 
explicitly define entrypoint and args
 2024-01-20 11:24:51 +01:00
Theo Cabrerizo Diem
ec00be49b7 refactor: make entrypoint script more posix compliant 
remove most of the 'bashisms' in the script, improve quoting, escaping
and make more consistent regarding references to variable names
 2024-01-20 11:02:40 +01:00
renovate[bot]
4f9a6a7f2c chore(deps): update gcr.io/kaniko-project/executor docker tag to v1.20.0 2024-01-20 10:27:37 +01:00
Theo Cabrerizo Diem
81a26cb33a feat: expand output variables 
add output variables for digests and if image was refreshed or not
 2024-01-11 22:51:21 +01:00
Mikael Elkiaer
17bff7af73 fix(ghcr): omit separator in case image is prefixed with dash or slash 
this allows local pushing to the repo running the action
 2024-01-11 22:25:33 +01:00
Idriss Neumann
a95ae7d706 fix(kaniko): workaround for passing arguments containing spaces 
set up input field separator as null and use eval to run kaniko executor
 2024-01-11 22:21:21 +01:00
renovate[bot]
10b098cb52 chore(deps): update aevea/commitsar docker digest to 8d2db4e 2024-01-11 22:05:46 +01:00
renovate[bot]
4387eb381c chore(deps): update actions/checkout action to v4 2024-01-11 22:05:22 +01:00
Mikhail Nacharov
ca098255c5 feat: output built image reference 2024-01-11 22:04:49 +01:00
Alex Viscreanu
e54575cc70 chore(deps): bump kaniko to v1.19.2 and update dependencies 2024-01-11 22:02:42 +01:00
renovate[bot]
78060c4e9d chore(deps): update aevea/release-notary docker digest to b77e86c 2022-12-27 21:25:52 +01:00
renovate[bot]
98d5caab7f chore(deps): update aevea/commitsar docker digest to 18c604f 2022-12-27 21:22:59 +01:00
8 changed files with 182 additions and 55 deletions
Expand all files Collapse all files

94
.github/workflows/executor.yml vendored Normal file
View File

@ -0,0 +1,94 @@
name: Executor
on:
schedule:
- cron: "0 6 * * *" # Daily at 6 AM UTC
workflow_dispatch: # Allow manual triggering
env:
REGISTRY: ghcr.io
IMAGE_NAME: aevea/action-kaniko/executor
SOURCE_REPO: chainguard-forks/kaniko
jobs:
check-and-build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Get latest tag from source repo
id: source-tag
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
LATEST_TAG=$(gh release view --repo ${{ env.SOURCE_REPO }} --json tagName -q '.tagName' 2>/dev/null || true)
if [ -z "$LATEST_TAG" ]; then
# Fallback to tags if no releases
LATEST_TAG=$(gh api repos/${{ env.SOURCE_REPO }}/tags --jq '.[0].name')
fi
echo "tag=$LATEST_TAG" >> $GITHUB_OUTPUT
echo "Latest source tag: $LATEST_TAG"
- name: Check if tag already exists in registry
id: check-tag
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Check if the image with this tag already exists using GitHub Packages API
EXISTING_TAGS=$(gh api /users/aevea/packages/container/action-kaniko%2Fexecutor/versions --jq '.[].metadata.container.tags[]' 2>/dev/null || true)
if echo "$EXISTING_TAGS" | grep -qx "${{ steps.source-tag.outputs.tag }}"; then
echo "exists=true" >> $GITHUB_OUTPUT
echo "Tag ${{ steps.source-tag.outputs.tag }} already exists, skipping build"
else
echo "exists=false" >> $GITHUB_OUTPUT
echo "Tag ${{ steps.source-tag.outputs.tag }} does not exist, will build"
fi
- name: Checkout source repository
if: steps.check-tag.outputs.exists == 'false'
uses: actions/checkout@v6
with:
repository: ${{ env.SOURCE_REPO }}
ref: ${{ steps.source-tag.outputs.tag }}
- name: Set up Docker Buildx
if: steps.check-tag.outputs.exists == 'false'
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
if: steps.check-tag.outputs.exists == 'false'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push executor image
if: steps.check-tag.outputs.exists == 'false'
uses: docker/build-push-action@v6
with:
context: .
file: deploy/Dockerfile
target: kaniko-executor
push: true
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.source-tag.outputs.tag }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
build-args: |
TARGETARCH=amd64
TARGETOS=linux
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Summary
run: |
if [ "${{ steps.check-tag.outputs.exists }}" = "true" ]; then
echo "## Build Skipped" >> $GITHUB_STEP_SUMMARY
echo "Tag \`${{ steps.source-tag.outputs.tag }}\` already exists in the registry." >> $GITHUB_STEP_SUMMARY
else
echo "## Build Complete" >> $GITHUB_STEP_SUMMARY
echo "Successfully built and pushed \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.source-tag.outputs.tag }}\`" >> $GITHUB_STEP_SUMMARY
fi

4
.github/workflows/pr.yml vendored
View File

@ -6,8 +6,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Verify commit messages name: Verify commit messages
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Run commitsar - name: Run commitsar
uses: docker://aevea/commitsar@sha256:27ea5e528b153393e924d98764d6400a181f03768d972ba151b3ddc9f14ff12c uses: docker://aevea/commitsar@sha256:e1990a75ceccd4667bb7a0e50a6d2f796459d2316a35d87a5cce64abc3d73cfc

2
.github/workflows/push.yml vendored
View File

@ -6,7 +6,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Build docker image name: Build docker image
steps: steps:
- uses: actions/checkout@master - uses: actions/checkout@v6
- name: GitHub Package Registry - name: GitHub Package Registry
uses: aevea/action-kaniko@master uses: aevea/action-kaniko@master

7
.github/workflows/release.yml vendored
View File

@ -10,14 +10,17 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v3 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Release Notary Action - name: Release Notary Action
uses: docker://aevea/release-notary@sha256:03e771a509881121758b05217a8938ca8379d29dfa69a2605ceca06ffca2db4d uses: docker://aevea/release-notary@sha256:690915bf87458fd8eb1e1ff0be34b33377f920eda3f38b96c62ecbf897c831f4
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
entrypoint: release-notary
args: publish
- name: GitHub Package Registry - name: GitHub Package Registry
uses: aevea/action-kaniko@master uses: aevea/action-kaniko@master

8
Dockerfile
View File

@ -2,18 +2,18 @@ FROM alpine as certs
RUN apk --update add ca-certificates RUN apk --update add ca-certificates
FROM gcr.io/kaniko-project/executor:v1.9.1-debug FROM gcr.io/kaniko-project/executor:v1.23.2-debug
SHELL ["/busybox/sh", "-c"] SHELL ["/busybox/sh", "-c"]
RUN wget -O /kaniko/jq \ RUN wget -O /kaniko/jq \
https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \ https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux64 && \
chmod +x /kaniko/jq && \ chmod +x /kaniko/jq && \
wget -O /kaniko/reg \ wget -O /kaniko/reg \
https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \ https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
chmod +x /kaniko/reg && \ chmod +x /kaniko/reg && \
wget -O /crane.tar.gz \ wget -O /crane.tar.gz \
https://github.com/google/go-containerregistry/releases/download/v0.8.0/go-containerregistry_Linux_x86_64.tar.gz && \ https://github.com/google/go-containerregistry/releases/download/v0.17.0/go-containerregistry_Linux_x86_64.tar.gz && \
tar -xvzf /crane.tar.gz crane -C /kaniko && \ tar -xvzf /crane.tar.gz crane -C /kaniko && \
rm /crane.tar.gz rm /crane.tar.gz

9
README.md
View File

@ -1,5 +1,8 @@
# Kaniko image builder # Kaniko image builder
> [!WARNING]
> The kaniko project no longer seems to [have maintainers](https://github.com/GoogleContainerTools/kaniko/issues/3348). Keep this in mind before deciding to use kaniko as your image builder.
This Action uses the [kaniko](https://github.com/GoogleContainerTools/kaniko) executor instead of the docker daemon. Kaniko builds the image This Action uses the [kaniko](https://github.com/GoogleContainerTools/kaniko) executor instead of the docker daemon. Kaniko builds the image
by extracting the filesystem of the base image, making the changes in the user space, snapshotting any change and appending it to the base by extracting the filesystem of the base image, making the changes in the user space, snapshotting any change and appending it to the base
image filesystem. image filesystem.
@ -175,3 +178,9 @@ with:
``` ```
for the tag `pre-0.1` will push `kaniko:0.1`, as the `pre-` part will be stripped from the tag name. for the tag `pre-0.1` will push `kaniko:0.1`, as the `pre-` part will be stripped from the tag name.
## Outputs
### `image`
Full reference to the built image with registry and tag.

3
action.yml
View File

@ -57,6 +57,9 @@ inputs:
debug: debug:
description: Enables trace for entrypoint.sh description: Enables trace for entrypoint.sh
required: false required: false
outputs:
image:
description: "Full reference to the built image with registry and tag"
runs: runs:
using: "docker" using: "docker"
image: "Dockerfile" image: "Dockerfile"

110
entrypoint.sh
View File

@ -1,26 +1,26 @@
#!/busybox/sh #!/busybox/sh
set -e pipefail set -e pipefail
if [[ "$INPUT_DEBUG" == "true" ]]; then if [ "$INPUT_DEBUG" = "true" ]; then
set -o xtrace set -o xtrace
fi fi
export REGISTRY=${INPUT_REGISTRY:-"docker.io"} export REGISTRY="${INPUT_REGISTRY:-"docker.io"}"
export IMAGE=${INPUT_IMAGE} export IMAGE="$INPUT_IMAGE"
export BRANCH=$(echo ${GITHUB_REF} | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g") export BRANCH=$(echo "$GITHUB_REF" | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g")
export TAG=${INPUT_TAG:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)} export TAG=${INPUT_TAG:-$([ "$BRANCH" = "master" ] && echo latest || echo "$BRANCH")}
export TAG=${TAG:-"latest"} export TAG="${TAG:-"latest"}"
export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX} export TAG="${TAG#$INPUT_STRIP_TAG_PREFIX}"
export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR} export USERNAME="${INPUT_USERNAME:-$GITHUB_ACTOR}"
export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN} export PASSWORD="${INPUT_PASSWORD:-$GITHUB_TOKEN}"
export REPOSITORY=$IMAGE export REPOSITORY="$IMAGE"
export IMAGE=$IMAGE:$TAG export IMAGE="${IMAGE}:${TAG}"
export CONTEXT_PATH=${INPUT_PATH} export CONTEXT_PATH="$INPUT_PATH"
if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then if [ "$INPUT_TAG_WITH_LATEST" = "true" ]; then
export IMAGE_LATEST="$REPOSITORY:latest" export IMAGE_LATEST="${REPOSITORY}:latest"
fi fi
function ensure() { ensure() {
if [ -z "${1}" ]; then if [ -z "${1}" ]; then
echo >&2 "Unable to find the ${2} variable. Did you set with.${2}?" echo >&2 "Unable to find the ${2} variable. Did you set with.${2}?"
exit 1 exit 1
@ -34,48 +34,51 @@ ensure "${IMAGE}" "image"
ensure "${TAG}" "tag" ensure "${TAG}" "tag"
ensure "${CONTEXT_PATH}" "path" ensure "${CONTEXT_PATH}" "path"
if [ "$REGISTRY" == "ghcr.io" ]; then if [ "$REGISTRY" = "ghcr.io" ]; then
IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
export IMAGE="$IMAGE_NAMESPACE/$IMAGE" # Set `/` separator, unless image is pre-fixed with dash or slash
export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY" [ -n "$REPOSITORY" ] && [[ ! "$REPOSITORY" =~ ^[-/] ]] && SEPARATOR="/"
export IMAGE="$IMAGE_NAMESPACE$SEPARATOR$IMAGE"
export REPOSITORY="$IMAGE_NAMESPACE$SEPARATOR$REPOSITORY"
if [ ! -z $IMAGE_LATEST ]; then if [ -n "$IMAGE_LATEST" ]; then
export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST" export IMAGE_LATEST="${IMAGE_NAMESPACE}/${IMAGE_LATEST}"
fi fi
if [ ! -z $INPUT_CACHE_REGISTRY ]; then if [ -n "$INPUT_CACHE_REGISTRY" ]; then
export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY" export INPUT_CACHE_REGISTRY="${REGISTRY}/${IMAGE_NAMESPACE}/${INPUT_CACHE_REGISTRY}"
fi fi
fi fi
if [ "$REGISTRY" == "docker.io" ]; then if [ "$REGISTRY" = "docker.io" ]; then
export REGISTRY="index.${REGISTRY}/v1/" export REGISTRY="index.${REGISTRY}/v1/"
else else
export IMAGE="$REGISTRY/$IMAGE" export IMAGE="${REGISTRY}/${IMAGE}"
if [ ! -z $IMAGE_LATEST ]; then if [ -n "$IMAGE_LATEST" ]; then
export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST" export IMAGE_LATEST="${REGISTRY}/${IMAGE_LATEST}"
fi fi
fi fi
export CACHE=${INPUT_CACHE:+"--cache=true"} export CACHE="${INPUT_CACHE:+"--cache=true"}"
export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"} export CACHE="$CACHE"${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"}
export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"} export CACHE="$CACHE"${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"}
export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"} export CACHE="$CACHE"${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"}
export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH" export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH"
export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}" export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}"
export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"} export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"}
export DIGEST="--digest-file /kaniko/digest --image-name-tag-with-digest-file=/kaniko/image-tag-digest"
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then
export DESTINATION="--digest-file digest --no-push --tarPath image.tar --destination $IMAGE" export DESTINATION="--no-push --tarPath image.tar --destination $IMAGE"
else else
export DESTINATION="--destination $IMAGE" export DESTINATION="--destination $IMAGE"
if [ ! -z $IMAGE_LATEST ]; then if [ -n "$IMAGE_LATEST" ]; then
export DESTINATION="$DESTINATION --destination $IMAGE_LATEST" export DESTINATION="$DESTINATION --destination $IMAGE_LATEST"
fi fi
fi fi
export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS" export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DIGEST $DESTINATION $INPUT_EXTRA_ARGS"
cat <<EOF >/kaniko/.docker/config.json cat <<EOF >/kaniko/.docker/config.json
{ {
@ -88,30 +91,45 @@ cat <<EOF >/kaniko/.docker/config.json
} }
EOF EOF
# https://github.com/GoogleContainerTools/kaniko/issues/1803
# https://github.com/GoogleContainerTools/kaniko/issues/1349 # https://github.com/GoogleContainerTools/kaniko/issues/1349
/kaniko/executor --reproducible --force $ARGS export IFS=''
# Removes a trailing new line
ARGS=$(echo "${ARGS}" | sed 's/\n*$//')
kaniko_cmd="/kaniko/executor ${ARGS} --reproducible --force"
echo "Running kaniko command ${kaniko_cmd}"
eval "${kaniko_cmd}"
if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then echo "image=$IMAGE" >> "$GITHUB_OUTPUT"
export DIGEST=$(cat digest) echo "digest=$(cat /kaniko/digest)" >> "$GITHUB_OUTPUT"
echo "image-tag-digest<<EOF" >>"$GITHUB_OUTPUT"
echo "$(cat /kaniko/image-tag-digest)" >>"$GITHUB_OUTPUT"
echo 'EOF' >>"$GITHUB_OUTPUT"
/kaniko/crane auth login $REGISTRY -u $USERNAME -p $PASSWORD
export REMOTE=$(crane digest $REGISTRY/${REPOSITORY}:latest) if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then
export DIGEST="$(cat /kaniko/digest)"
if [ "$DIGEST" == "$REMOTE" ]; then /kaniko/crane auth login "$REGISTRY" -u "$USERNAME" -p "$PASSWORD"
export REMOTE=$(crane digest "${REGISTRY}/${REPOSITORY}:latest")
if [ "$DIGEST" = "$REMOTE" ]; then
echo "refreshed=false" >> "$GITHUB_OUTPUT"
echo "Digest hasn't changed, skipping, $DIGEST" echo "Digest hasn't changed, skipping, $DIGEST"
echo "Done 🎉️" echo "Done 🎉️"
exit 0 exit 0
fi fi
echo "Pushing image..." echo "Pushing image..."
/kaniko/crane push image.tar $IMAGE
if [ ! -z $IMAGE_LATEST ]; then /kaniko/crane push image.tar "$IMAGE"
if [ -n "$IMAGE_LATEST" ]; then
echo "Tagging latest..." echo "Tagging latest..."
/kaniko/crane tag $IMAGE latest /kaniko/crane tag "$IMAGE" latest
fi fi
echo "refreshed=false" >> "$GITHUB_OUTPUT"
echo "Done 🎉️" echo "Done 🎉️"
fi fi