CloudBees action: Build and publish Docker images with Kaniko

3 minute read

Use the Kaniko action to build images based upon a Dockerfile, then publish the image to a Docker registry. Kaniko builds images inside a container or Kubernetes cluster. This action also reports the image and tag names to the workflow run for artifact traceability purposes. View build artifact information in the workflow Runs  Run details  Build artifacts and artifacts in Components  Artifacts.

Prerequisites

To authenticate with the Docker registry, you must have a Docker config file in the ${HOME}/.docker/config.json path.

Use the OCI credentials configuration action to generate a Docker config file, as in the following example.

In your YAML file, add:

- id: dockerconfig name: Configure container registry credentials uses: cloudbees-io/configure-oci-credentials@v1 with: registry: ${{ vars.DOCKER_REGISTRY }} username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }}

The generated Docker configuration file is formatted in JSON.

All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Inputs

Table 1. Input details
Input name Data type Required? Description

destination

String

Yes

The locations of the target images to be published. Formatted as a comma-separated list for passing multiple images.

build-args

String

No

The build arguments to be passed to the Kaniko build. Formatted as a comma-separated list for passing multiple build arguments.

context

String

No

The path to the build context. Default is ${{ cloudbees.workspace }}.

dockerfile

String

No

The path to the Dockerfile. Default is Dockerfile.

labels

String

No

The label metadata added to the final image. Formatted as a comma-separated list for passing multiple labels.

registry-mirrors

String

No

Registry mirrors to use for loading images. Formatted as a comma-separated list for passing multiple registries.

skip-default-registry-fallback

Boolean

No

If set to true, fails build if registry-mirrors cannot pull the image. If registry-mirrors is empty, this flag is ignored. Default is false.

tar-path

String

No

Full path location where the image is to be saved, including the filename. To use this option, the image file must be in the TAR format.

verbosity

String

No

The verbosity of logging when running the Kaniko build. Accepted inputs are: panic, fatal, error, warn, info, debug, trace. Default is info.

Output

Table 2. Output details
Output name Data type Description

artifact-ids

JSON string

The unique identifiers for each of the published image locations (destination) reported to the CloudBees platform, in JSON format.

Usage examples

Basic example

The following is a basic usage example for this action:

- name: Build a container image with Kaniko uses: cloudbees-io/kaniko@v1 with: destination: path/to/registry/host/my-image:1.0.1,path/to/registry/host/my-image:latest

Using optional inputs

The following example specifies optional inputs:

- name: Kaniko build with optional inputs uses: cloudbees-io/kaniko@v1 with: destination: path/to/registry/host/my-image:1.0.1,path/to/registry/host/my-image:latest build-args: BUILDKIT_CONTEXT_KEEP_GIT_DIR=1,BUILDKIT_INLINE_CACHE=1 context: . dockerfile: path/to/Dockerfile labels: maintainer=John Smith,version=1.0.1 tar-path: path/to/image.tar verbosity: warn

Using the action output

Access the artifact-ids values in downstream steps using the outputs context.

The following is the JSON format for the artifact-ids output, where <destination> is the specified destination input parameter value, and <artifact-version-id> is the unique identifier of the artifact version.

{ "<destination>": "<artifact-version-id>" }

The following is an example of an artifact-ids JSON for two artifact IDs:

{ "index.docker.io/example/my-docker:1.0.87": "1234abcd-56ef-gh78-9012-ijklmnop3456", "index.docker.io/example/my-docker:1.0.87-dev": "ab34cd12-78gh-56ef-ij78-3456mnopkl90" }

Use the artifact-ids output as follows, where <action_step_ID> is the action step ID, and <destination_URL> is the destination URL:

  • ${{ steps.<action_step_ID>.outputs.artifact-ids }} for a JSON string of all outputted artifact ID values.

  • ${{ fromJSON(steps.<action_step_ID>.outputs.artifact-ids).<destination_URL> }} for a single artifact ID value.

Full workflow example

The following workflow example:

  • Checks out source code from a repository.

  • Configures Docker credentials.

  • Builds and publishes a container image with Kaniko.

  • Prints the artifact IDs for dynamically created destinations.

apiVersion: automation.cloudbees.io/v1alpha1 kind: workflow name: workflow on: push: branches: - "*" permissions: scm-token-own: read scm-token-org: read id-token: read jobs: build: steps: - name: Check out uses: cloudbees-io/checkout@v1 with: repository: my-name/my-repo-name - name: Configure container registry credentials id: dockerconfig uses: cloudbees-io/configure-oci-credentials@v1 with: registry: ${{ vars.DOCKER_REGISTRY }} username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build with Kaniko id: kaniko-build uses: cloudbees-io/kaniko@v1 kind: build with: destination: ${{ vars.DOCKER_REGISTRY }}/my-image:${{ cloudbees.version }},${{ vars.DOCKER_REGISTRY }}/my-image-test:${{ cloudbees.version }} dockerfile: my-dockerhub/docker/config.json - name: Print output parameter artifact IDs from Kaniko action id: echo-artifact-ids uses: docker://alpine:latest shell: sh env: DESTINATION1: "${{ vars.DOCKER_REGISTRY }}/my-image:${{ cloudbees.version }}" DESTINATION2: "${{ vars.DOCKER_REGISTRY }}/my-image-test:${{ cloudbees.version }}" run: | echo "artifact ID for my-image:${{ cloudbees.version }}: '${{ env.DESTINATION1 }}': ${{ fromJSON(steps.kaniko-build.outputs.artifact-ids)[env.DESTINATION1] }}" echo "artifact ID for my-image-test:${{ cloudbees.version }}: '${{ env.DESTINATION2 }}': ${{ fromJSON(steps.kaniko-build.outputs.artifact-ids)[env.DESTINATION2] }}"