mirror of
https://github.com/aevea/action-kaniko.git
synced 2025-12-15 21:39:03 +00:00
Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| a198175914 | |||
| 9a317cb443 | |||
| be5ce625a5 | |||
| 58af85fb13 | |||
| 9223ef89b8 | |||
| 12a3a8cc81 | |||
| 977090a03e | |||
| fd47216104 | |||
| 8de7c88b27 | |||
| ef9c4ca42e |
94
.github/workflows/executor.yml
vendored
Normal file
94
.github/workflows/executor.yml
vendored
Normal file
@ -0,0 +1,94 @@
|
||||
name: Executor
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 6 * * *" # Daily at 6 AM UTC
|
||||
workflow_dispatch: # Allow manual triggering
|
||||
|
||||
env:
|
||||
REGISTRY: ghcr.io
|
||||
IMAGE_NAME: aevea/action-kaniko/executor
|
||||
SOURCE_REPO: chainguard-forks/kaniko
|
||||
|
||||
jobs:
|
||||
check-and-build:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
|
||||
steps:
|
||||
- name: Get latest tag from source repo
|
||||
id: source-tag
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
LATEST_TAG=$(gh release view --repo ${{ env.SOURCE_REPO }} --json tagName -q '.tagName' 2>/dev/null || true)
|
||||
if [ -z "$LATEST_TAG" ]; then
|
||||
# Fallback to tags if no releases
|
||||
LATEST_TAG=$(gh api repos/${{ env.SOURCE_REPO }}/tags --jq '.[0].name')
|
||||
fi
|
||||
echo "tag=$LATEST_TAG" >> $GITHUB_OUTPUT
|
||||
echo "Latest source tag: $LATEST_TAG"
|
||||
|
||||
- name: Check if tag already exists in registry
|
||||
id: check-tag
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
# Check if the image with this tag already exists using GitHub Packages API
|
||||
EXISTING_TAGS=$(gh api /users/aevea/packages/container/action-kaniko%2Fexecutor/versions --jq '.[].metadata.container.tags[]' 2>/dev/null || true)
|
||||
|
||||
if echo "$EXISTING_TAGS" | grep -qx "${{ steps.source-tag.outputs.tag }}"; then
|
||||
echo "exists=true" >> $GITHUB_OUTPUT
|
||||
echo "Tag ${{ steps.source-tag.outputs.tag }} already exists, skipping build"
|
||||
else
|
||||
echo "exists=false" >> $GITHUB_OUTPUT
|
||||
echo "Tag ${{ steps.source-tag.outputs.tag }} does not exist, will build"
|
||||
fi
|
||||
|
||||
- name: Checkout source repository
|
||||
if: steps.check-tag.outputs.exists == 'false'
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
repository: ${{ env.SOURCE_REPO }}
|
||||
ref: ${{ steps.source-tag.outputs.tag }}
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
if: steps.check-tag.outputs.exists == 'false'
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Log in to GitHub Container Registry
|
||||
if: steps.check-tag.outputs.exists == 'false'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Build and push executor image
|
||||
if: steps.check-tag.outputs.exists == 'false'
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
file: deploy/Dockerfile
|
||||
target: kaniko-executor
|
||||
push: true
|
||||
tags: |
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.source-tag.outputs.tag }}
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
||||
build-args: |
|
||||
TARGETARCH=amd64
|
||||
TARGETOS=linux
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
- name: Summary
|
||||
run: |
|
||||
if [ "${{ steps.check-tag.outputs.exists }}" = "true" ]; then
|
||||
echo "## Build Skipped" >> $GITHUB_STEP_SUMMARY
|
||||
echo "Tag \`${{ steps.source-tag.outputs.tag }}\` already exists in the registry." >> $GITHUB_STEP_SUMMARY
|
||||
else
|
||||
echo "## Build Complete" >> $GITHUB_STEP_SUMMARY
|
||||
echo "Successfully built and pushed \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.source-tag.outputs.tag }}\`" >> $GITHUB_STEP_SUMMARY
|
||||
fi
|
||||
4
.github/workflows/pr.yml
vendored
4
.github/workflows/pr.yml
vendored
@ -6,8 +6,8 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
name: Verify commit messages
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Run commitsar
|
||||
uses: docker://aevea/commitsar@sha256:8d2db4e430dd06e3fcde173add43dada80b37150ba1191a69cda1c0bcdba9cb1
|
||||
uses: docker://aevea/commitsar@sha256:e4aed72de9a00b990a53c678ad51fbe9bd04e127a617d10beab0ef0204b1dfa0
|
||||
|
||||
2
.github/workflows/push.yml
vendored
2
.github/workflows/push.yml
vendored
@ -6,7 +6,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
name: Build docker image
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- uses: actions/checkout@v6
|
||||
|
||||
- name: GitHub Package Registry
|
||||
uses: aevea/action-kaniko@master
|
||||
|
||||
4
.github/workflows/release.yml
vendored
4
.github/workflows/release.yml
vendored
@ -10,12 +10,12 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Release Notary Action
|
||||
uses: docker://aevea/release-notary@sha256:b77e86ce9ce4b0c8774cdb3b807b756d1d6139d73aca74388560250de259be4e
|
||||
uses: docker://aevea/release-notary@sha256:690915bf87458fd8eb1e1ff0be34b33377f920eda3f38b96c62ecbf897c831f4
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
|
||||
@ -2,7 +2,7 @@ FROM alpine as certs
|
||||
|
||||
RUN apk --update add ca-certificates
|
||||
|
||||
FROM gcr.io/kaniko-project/executor:v1.20.0-debug
|
||||
FROM gcr.io/kaniko-project/executor:v1.23.2-debug
|
||||
|
||||
SHELL ["/busybox/sh", "-c"]
|
||||
|
||||
|
||||
@ -1,5 +1,8 @@
|
||||
# Kaniko image builder
|
||||
|
||||
> [!WARNING]
|
||||
> The kaniko project no longer seems to [have maintainers](https://github.com/GoogleContainerTools/kaniko/issues/3348). Keep this in mind before deciding to use kaniko as your image builder.
|
||||
|
||||
This Action uses the [kaniko](https://github.com/GoogleContainerTools/kaniko) executor instead of the docker daemon. Kaniko builds the image
|
||||
by extracting the filesystem of the base image, making the changes in the user space, snapshotting any change and appending it to the base
|
||||
image filesystem.
|
||||
|
||||
@ -94,13 +94,17 @@ EOF
|
||||
# https://github.com/GoogleContainerTools/kaniko/issues/1803
|
||||
# https://github.com/GoogleContainerTools/kaniko/issues/1349
|
||||
export IFS=''
|
||||
# Removes a trailing new line
|
||||
ARGS=$(echo "${ARGS}" | sed 's/\n*$//')
|
||||
kaniko_cmd="/kaniko/executor ${ARGS} --reproducible --force"
|
||||
echo "Running kaniko command ${kaniko_cmd}"
|
||||
eval "${kaniko_cmd}"
|
||||
|
||||
echo "image=$IMAGE" >> "$GITHUB_OUTPUT"
|
||||
echo "digest=$(cat /kaniko/digest)" >> "$GITHUB_OUTPUT"
|
||||
echo "image-tag-digest=$(cat /kaniko/image-tag-digest)" >> "$GITHUB_OUTPUT"
|
||||
echo "image-tag-digest<<EOF" >>"$GITHUB_OUTPUT"
|
||||
echo "$(cat /kaniko/image-tag-digest)" >>"$GITHUB_OUTPUT"
|
||||
echo 'EOF' >>"$GITHUB_OUTPUT"
|
||||
|
||||
|
||||
if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then
|
||||
|
||||
Reference in New Issue
Block a user