From 7d4a19461953ff81edae0252701abcbbfbc4affe Mon Sep 17 00:00:00 2001 From: Kai Ehrhardt <ehrhardt.kai@gmail.com> Date: Wed, 12 Jul 2023 08:55:25 +0000 Subject: [PATCH] fix(kaniko): force '--cache-repo' option (strip tag) Workaround for https://github.com/GoogleContainerTools/kaniko/issues/1459 --- templates/gitlab-ci-docker.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index cd7e567..51c7d01 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -34,7 +34,7 @@ workflow: - if: '$CI_COMMIT_MESSAGE =~ "/\[(ci skip|skip ci) on ([^],]*,)*dev(,[^],]*)*\]/" && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF' when: never - when: always - + # test job prototype: implement adaptive pipeline rules .test-policy: @@ -91,7 +91,7 @@ variables: # default: one-click publish DOCKER_PROD_PUBLISH_STRATEGY: manual - + # default production ref name (pattern) PROD_REF: '/^(master|main)$/' # default integration ref name (pattern) @@ -383,8 +383,8 @@ stages: } function create_kaniko_cache_dir() { - # create cache directory if needed - mkdir -p "$KANIKO_CACHE_DIR" + # create cache directory if needed + mkdir -p "${CI_PROJECT_DIR}/.cache" } function init_workspace() { @@ -416,6 +416,7 @@ stages: function run_build_kaniko() { docker_image=$1 + kaniko_registry_repository=$(echo "$DOCKER_SNAPSHOT_IMAGE" | cut -d: -f1) shift if [[ -n "$DOCKER_REGISTRY_MIRROR" ]] then @@ -423,9 +424,9 @@ stages: kaniko_registry_mirror_option="--registry-mirror $(echo ${DOCKER_REGISTRY_MIRROR} | sed "s|^https*://||")" fi log_info "Build & deploy image $docker_image" - log_info "Kaniko command: /kaniko/executor --context $(docker_context_path) --dockerfile $DOCKER_FILE --destination $docker_image --cache --cache-dir=$KANIKO_CACHE_DIR --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS $*" + log_info "Kaniko command: /kaniko/executor --context $(docker_context_path) --dockerfile $DOCKER_FILE --destination $docker_image --cache --cache-dir=${CI_PROJECT_DIR}/.cache --cache-repo="$kaniko_registry_repository" --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS $*" # shellcheck disable=SC2086 - /kaniko/executor --context "$(docker_context_path)" --dockerfile "$DOCKER_FILE" --destination "$docker_image" --cache --cache-dir="$KANIKO_CACHE_DIR" --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS "$@" + /kaniko/executor --context "$(docker_context_path)" --dockerfile "$DOCKER_FILE" --destination "$docker_image" --cache --cache-dir="${CI_PROJECT_DIR}/.cache" --cache-repo="$kaniko_registry_repository" --verbosity $DOCKER_KANIKO_VERBOSITY $kaniko_registry_mirror_option $DOCKER_METADATA $DOCKER_BUILD_ARGS "$@" } # Used by containers tools like buildah, skopeo. @@ -456,7 +457,6 @@ stages: name: "$DOCKER_KANIKO_IMAGE" entrypoint: [""] variables: - KANIKO_CACHE_DIR: "${CI_PROJECT_DIR}/.cache" BUILDTOOL_HOME: "/kaniko" cache: key: "$CI_COMMIT_REF_SLUG-docker" @@ -609,7 +609,7 @@ docker-buildah-build: - buildah build --file "$DOCKER_FILE" --tag $DOCKER_SNAPSHOT_IMAGE --layers --cache-from $buildah_build_cache --cache-to $buildah_build_cache --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)" - buildah push --digestfile .img-digest.txt "$DOCKER_SNAPSHOT_IMAGE" # display digest of the resulting image - - cat .img-digest.txt + - cat .img-digest.txt # create dotenv file - docker_digest=$(cat .img-digest.txt) - docker_repository=${DOCKER_SNAPSHOT_IMAGE%:*} @@ -765,7 +765,7 @@ docker-sbom: paths: - "reports/docker-sbom-*.cyclonedx.json" reports: - cyclonedx: + cyclonedx: - "reports/docker-sbom-*.cyclonedx.json" rules: # exclude if disabled @@ -776,7 +776,7 @@ docker-sbom: # ================================================== # Stage: publish # ================================================== -# When semantic release is integrated, this stage run on main pipeline +# When semantic release is integrated, this stage run on main pipeline # When semantic release is not integrated, this stage only run when you put a new tag to the git repository (a good tag format would be x.x.x ex: 1.0.2, see https://semver.org/) # In both cases, it will push the release tagged image to the chosen Registry docker-publish: -- GitLab