diff --git a/Dockerfile b/Dockerfile index 7e962a4..a32de14 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,20 @@ -FROM harbor.budapest.hu/docker-hub/alpine as builder +FROM alpine as builder RUN apk --update add ca-certificates RUN mkdir /kaniko && \ wget -O /kaniko/jq \ - https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \ + https://github.com/jqlang/jq/releases/download/jq-1.6/jq-linux64 && \ chmod +x /kaniko/jq && \ wget -O /kaniko/reg \ https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \ chmod +x /kaniko/reg && \ - wget -O /crane.tar.gz \ - https://github.com/google/go-containerregistry/releases/download/v0.8.0/go-containerregistry_Linux_x86_64.tar.gz && \ + wget -O /crane.tar.gz \ + https://github.com/google/go-containerregistry/releases/download/v0.17.0/go-containerregistry_Linux_x86_64.tar.gz && \ tar -xvzf /crane.tar.gz crane -C /kaniko && \ rm /crane.tar.gz -FROM gcr.io/kaniko-project/executor:v1.9.1-debug +FROM gcr.io/kaniko-project/executor:v1.24.0-debug COPY entrypoint.sh / COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt diff --git a/README.md b/README.md index 6dff48a..30f8528 100644 --- a/README.md +++ b/README.md @@ -175,3 +175,9 @@ with: ``` for the tag `pre-0.1` will push `kaniko:0.1`, as the `pre-` part will be stripped from the tag name. + +## Outputs + +### `image` + +Full reference to the built image with registry and tag. diff --git a/action.yml b/action.yml index cb313e3..d30acc8 100644 --- a/action.yml +++ b/action.yml @@ -57,6 +57,9 @@ inputs: debug: description: Enables trace for entrypoint.sh required: false + outputs: + image: + description: "Full reference to the built image with registry and tag" runs: using: "docker" image: "Dockerfile" diff --git a/entrypoint.sh b/entrypoint.sh index d12889d..8a29b69 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,26 +1,26 @@ #!/busybox/sh set -e pipefail -if [[ "$INPUT_DEBUG" == "true" ]]; then +if [ "$INPUT_DEBUG" = "true" ]; then set -o xtrace fi -export REGISTRY=${INPUT_REGISTRY:-"docker.io"} -export IMAGE=${INPUT_IMAGE} -export BRANCH=$(echo ${GITHUB_REF} | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g") -export TAG=${INPUT_TAG:-$([ "$BRANCH" == "master" ] && echo latest || echo $BRANCH)} -export TAG=${TAG:-"latest"} -export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX} -export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR} -export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN} -export REPOSITORY=$IMAGE -export IMAGE=$IMAGE:$TAG -export CONTEXT_PATH=${INPUT_PATH} - -if [[ "$INPUT_TAG_WITH_LATEST" == "true" ]]; then - export IMAGE_LATEST="$REPOSITORY:latest" +export REGISTRY="${INPUT_REGISTRY:-"docker.io"}" +export IMAGE="$INPUT_IMAGE" +export BRANCH=$(echo "$GITHUB_REF" | sed -E "s/refs\/(heads|tags)\///g" | sed -e "s/\//-/g") +export TAG=${INPUT_TAG:-$([ "$BRANCH" = "master" ] && echo latest || echo "$BRANCH")} +export TAG="${TAG:-"latest"}" +export TAG="${TAG#$INPUT_STRIP_TAG_PREFIX}" +export USERNAME="${INPUT_USERNAME:-$GITHUB_ACTOR}" +export PASSWORD="${INPUT_PASSWORD:-$GITHUB_TOKEN}" +export REPOSITORY="$IMAGE" +export IMAGE="${IMAGE}:${TAG}" +export CONTEXT_PATH="$INPUT_PATH" + +if [ "$INPUT_TAG_WITH_LATEST" = "true" ]; then + export IMAGE_LATEST="${REPOSITORY}:latest" fi -function ensure() { +ensure() { if [ -z "${1}" ]; then echo >&2 "Unable to find the ${2} variable. Did you set with.${2}?" exit 1 @@ -34,48 +34,51 @@ ensure "${IMAGE}" "image" ensure "${TAG}" "tag" ensure "${CONTEXT_PATH}" "path" -if [ "$REGISTRY" == "ghcr.io" ]; then +if [ "$REGISTRY" = "ghcr.io" ]; then IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" - export IMAGE="$IMAGE_NAMESPACE/$IMAGE" - export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY" + # Set `/` separator, unless image is pre-fixed with dash or slash + [ -n "$REPOSITORY" ] && [[ ! "$REPOSITORY" =~ ^[-/] ]] && SEPARATOR="/" + export IMAGE="$IMAGE_NAMESPACE$SEPARATOR$IMAGE" + export REPOSITORY="$IMAGE_NAMESPACE$SEPARATOR$REPOSITORY" - if [ ! -z $IMAGE_LATEST ]; then - export IMAGE_LATEST="$IMAGE_NAMESPACE/$IMAGE_LATEST" + if [ -n "$IMAGE_LATEST" ]; then + export IMAGE_LATEST="${IMAGE_NAMESPACE}/${IMAGE_LATEST}" fi - if [ ! -z $INPUT_CACHE_REGISTRY ]; then - export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY" + if [ -n "$INPUT_CACHE_REGISTRY" ]; then + export INPUT_CACHE_REGISTRY="${REGISTRY}/${IMAGE_NAMESPACE}/${INPUT_CACHE_REGISTRY}" fi fi -if [ "$REGISTRY" == "docker.io" ]; then +if [ "$REGISTRY" = "docker.io" ]; then export REGISTRY="index.${REGISTRY}/v1/" else - export IMAGE="$REGISTRY/$IMAGE" + export IMAGE="${REGISTRY}/${IMAGE}" - if [ ! -z $IMAGE_LATEST ]; then - export IMAGE_LATEST="$REGISTRY/$IMAGE_LATEST" + if [ -n "$IMAGE_LATEST" ]; then + export IMAGE_LATEST="${REGISTRY}/${IMAGE_LATEST}" fi fi -export CACHE=${INPUT_CACHE:+"--cache=true"} -export CACHE=$CACHE${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"} -export CACHE=$CACHE${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"} -export CACHE=$CACHE${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"} +export CACHE="${INPUT_CACHE:+"--cache=true"}" +export CACHE="$CACHE"${INPUT_CACHE_TTL:+" --cache-ttl=$INPUT_CACHE_TTL"} +export CACHE="$CACHE"${INPUT_CACHE_REGISTRY:+" --cache-repo=$INPUT_CACHE_REGISTRY"} +export CACHE="$CACHE"${INPUT_CACHE_DIRECTORY:+" --cache-dir=$INPUT_CACHE_DIRECTORY"} export CONTEXT="--context $GITHUB_WORKSPACE/$CONTEXT_PATH" export DOCKERFILE="--dockerfile $CONTEXT_PATH/${INPUT_BUILD_FILE:-Dockerfile}" export TARGET=${INPUT_TARGET:+"--target=$INPUT_TARGET"} +export DIGEST="--digest-file /kaniko/digest --image-name-tag-with-digest-file=/kaniko/image-tag-digest" -if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then - export DESTINATION="--digest-file digest --no-push --tarPath image.tar --destination $IMAGE" +if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then + export DESTINATION="--no-push --tarPath image.tar --destination $IMAGE" else export DESTINATION="--destination $IMAGE" - if [ ! -z $IMAGE_LATEST ]; then - export DESTINATION="$DESTINATION --destination $IMAGE_LATEST" + if [ -n "$IMAGE_LATEST" ]; then + export DESTINATION="$DESTINATION --destination $IMAGE_LATEST" fi fi -export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DESTINATION $INPUT_EXTRA_ARGS" +export ARGS="$CACHE $CONTEXT $DOCKERFILE $TARGET $DIGEST $DESTINATION $INPUT_EXTRA_ARGS" cat </kaniko/.docker/config.json { @@ -88,30 +91,45 @@ cat </kaniko/.docker/config.json } EOF +# https://github.com/GoogleContainerTools/kaniko/issues/1803 # https://github.com/GoogleContainerTools/kaniko/issues/1349 -/kaniko/executor --reproducible --force $ARGS +export IFS='' +# Removes a trailing new line +ARGS=$(echo "${ARGS}" | sed 's/\n*$//') +kaniko_cmd="/kaniko/executor ${ARGS} --reproducible --force" +echo "Running kaniko command ${kaniko_cmd}" +eval "${kaniko_cmd}" -if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then - export DIGEST=$(cat digest) +echo "image=$IMAGE" >> "$GITHUB_OUTPUT" +echo "digest=$(cat /kaniko/digest)" >> "$GITHUB_OUTPUT" +echo "image-tag-digest<>"$GITHUB_OUTPUT" +echo "$(cat /kaniko/image-tag-digest)" >>"$GITHUB_OUTPUT" +echo 'EOF' >>"$GITHUB_OUTPUT" - /kaniko/crane auth login $REGISTRY -u $USERNAME -p $PASSWORD - export REMOTE=$(crane digest $REGISTRY/${REPOSITORY}:latest) +if [ -n "$INPUT_SKIP_UNCHANGED_DIGEST" ]; then + export DIGEST="$(cat /kaniko/digest)" - if [ "$DIGEST" == "$REMOTE" ]; then + /kaniko/crane auth login "$REGISTRY" -u "$USERNAME" -p "$PASSWORD" + + export REMOTE=$(crane digest "${REGISTRY}/${REPOSITORY}:latest") + + if [ "$DIGEST" = "$REMOTE" ]; then + echo "refreshed=false" >> "$GITHUB_OUTPUT" echo "Digest hasn't changed, skipping, $DIGEST" echo "Done 🎉️" exit 0 fi echo "Pushing image..." - - /kaniko/crane push image.tar $IMAGE - if [ ! -z $IMAGE_LATEST ]; then + /kaniko/crane push image.tar "$IMAGE" + + if [ -n "$IMAGE_LATEST" ]; then echo "Tagging latest..." - /kaniko/crane tag $IMAGE latest + /kaniko/crane tag "$IMAGE" latest fi - + + echo "refreshed=false" >> "$GITHUB_OUTPUT" echo "Done 🎉️" fi