Skip to content

Build container image using Kaniko in GitHub Actions

License

Notifications You must be signed in to change notification settings

vchavkov/action-kaniko

 
 

Repository files navigation

kaniko-action ts

This is an action to build and push a contaier image using Kaniko in GitHub Actions. It is just a wrapper of Kaniko executor, that is,

docker run --rm gcr.io/kaniko-project/executor:v1.20.1

This action is compatible with the Docker's official actions such as docker/login-action or docker/metadata-action.

Getting Started

To build and push a container image to GitHub Container Registry (GHCR),

jobs:
  build:
    steps:
      - uses: actions/checkout@v3
      - uses: docker/metadata-action@v3
        id: metadata
        with:
          images: ghcr.io/${{ github.repository }}
      - uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: int128/kaniko-action@v1
        with:
          push: true
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache: true
          cache-repository: ghcr.io/${{ github.repository }}/cache

To build and push a container image to Amazon ECR,

jobs:
  build:
    steps:
      - uses: actions/checkout@v3
      - uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: arn:aws:iam::ACCOUNT:role/ROLE
      - uses: aws-actions/amazon-ecr-login@v1
        id: ecr
      - uses: docker/metadata-action@v4
        id: metadata
        with:
          images: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}
      - uses: int128/kaniko-action@v1
        with:
          push: true
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache: true
          cache-repository: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}/cache

Specification

This action runs the image of Kaniko executor using docker run command. It mounts ~/.docker/config.json to the Kaniko executor for authentication of remote registry.

Inputs

This action supports the below inputs. See also the flags of Kaniko executor.

Name Description Corresponding flag
executor Image of Kaniko executor. Default to gcr.io/kaniko-project/executor:v1.20.1 -
context *1 Path to the build context. Default to the workspace -
file *1 Path to the Dockerfile. Default to Dockerfile. It must be in the context. If set, this action passes the relative path to Kaniko, same as the behavior of docker build --dockerfile
build-args *1 List of build args --build-arg
labels *1 List of metadata for an image --label
push *1 Push an image to the registry. Default to false --no-push
tags *1 List of tags --destination
target *1 Target stage to build --target
cache Enable caching layers --cache
cache-repository Repository for storing cached layers --cache-repo
cache-ttl Cache timeout --cache-ttl
push-retry Number of retries for the push of an image --push-retry
registry-mirror Use registry mirror(s) --registry-mirror
verbosity Set the logging level --verbosity
kaniko-args Extra args to Kaniko executor -

*1 These inputs are compatible with docker/build-push-action.

Outputs

Name Description
digest Image digest such as sha256:abcdef...

Examples

Cache layers

Kaniko supports the layer caching with a remote repository such as GHCR or Amazon ECR. See https://github.com/GoogleContainerTools/kaniko#caching for details.

To enable the layer caching, set a cache repository.

      - uses: int128/kaniko-action@v1
        with:
          cache: true
          cache-repository: ghcr.io/${{ github.repository }}/cache

Build a multi-architecture image

We can build a multi-architecture image such as amd64 and arm64 on self-hosted runners in GitHub Actions. See also https://github.com/int128/docker-manifest-create-action.

Here is an example stack to build an arm64 image.

Use an image digest

You can construct an image URI from outputs. For example,

ghcr.io/${{ github.repository }}@${{ steps.build.outputs.digest }}

will be:

ghcr.io/int128/kaniko-action@sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

Here is an example workflow to build and deploy an application.

jobs:
  deploy:
    steps:
      - uses: actions/checkout@v3
      - uses: aws-actions/amazon-ecr-login@v1
        id: ecr
      - uses: docker/metadata-action@v4
        id: metadata
        with:
          images: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}
      - uses: int128/kaniko-action@v1
        id: build
        with:
          push: true
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache: true
          cache-repository: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}/cache
      - run: kustomize edit set image myapp=${{ steps.ecr.outputs.registry }}/${{ github.repository }}@${{ steps.build.outputs.digest }}
      - run: kustomize build | kubectl apply -f -

About

Build container image using Kaniko in GitHub Actions

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • TypeScript 93.0%
  • JavaScript 7.0%