Build a container image from a Dockerfile and publish it to a Docker registry using the Kaniko action. Kaniko builds images inside a container or Kubernetes cluster and reports the image and tag names to the workflow run for artifact traceability. View build artifact information in the workflow and artifacts in .
|
To authenticate with the Docker registry, you must have a Docker config file at
|
Build and publish an image
The following is a basic example that builds and publishes an image to two destinations:
- name: Build a container image with Kaniko uses: cloudbees-io/kaniko@v1 with: destination: path/to/registry/host/my-image:1.0.1,path/to/registry/host/my-image:latest
Use optional inputs
The following example specifies optional inputs to control the build context, Dockerfile path, labels, and verbosity:
- name: Kaniko build with optional inputs uses: cloudbees-io/kaniko@v1 with: destination: path/to/registry/host/my-image:1.0.1,path/to/registry/host/my-image:latest build-args: BUILDKIT_CONTEXT_KEEP_GIT_DIR=1,BUILDKIT_INLINE_CACHE=1 context: . dockerfile: path/to/Dockerfile labels: maintainer=John Smith,version=1.0.1 tar-path: path/to/image.tar verbosity: warn
Access build outputs
The action returns an artifact-ids output containing the unique identifiers for each published image destination, in JSON format.
The format for a single destination is:
{ "<destination>": "<artifact-version-id>" }
The following is an example with two artifact IDs:
{ "index.docker.io/example/my-docker:1.0.87": "1234abcd-56ef-gh78-9012-ijklmnop3456", "index.docker.io/example/my-docker:1.0.87-dev": "ab34cd12-78gh-56ef-ij78-3456mnopkl90" }
Access the output in downstream steps as follows, where <action_step_ID> is the step ID and <destination_URL> is the destination URL:
-
${{ steps.<action_step_ID>.outputs.artifact-ids }}: a JSON string of all artifact ID values. -
${{ fromJSON(steps.<action_step_ID>.outputs.artifact-ids).<destination_URL> }}: a single artifact ID value.
Full workflow example
The following workflow checks out source code, configures Docker credentials, builds and publishes a container image with Kaniko, and prints the artifact IDs:
Inputs
| Input name | Data type | Required? | Description |
|---|---|---|---|
|
String |
No |
The name of the build artifact to register.
If not specified, defaults to the image name portion of the first |
|
String |
No |
The build arguments to pass to the Kaniko build. Formatted as a comma-separated list for multiple build arguments. |
|
String |
No |
The commit ID from the source repository, used when registering the build artifact in CloudBees Unify.
Default is |
|
String |
No |
The ID of the component associated with the artifact.
If not provided, the artifact is registered with the component of the current workflow run.
Default is |
|
String |
No |
The path to the build context.
Default is |
|
String |
Yes |
The locations of the target images to be published. Formatted as a comma-separated list for multiple images. |
|
String |
No |
The path to the Dockerfile.
Default is |
|
String |
No |
The label metadata added to the final image. Formatted as a comma-separated list for multiple labels. |
|
String |
No |
The ref or branch of the source repository, used when registering the build artifact in CloudBees Unify.
Default is |
|
String |
No |
Registry mirrors to use for loading images. Formatted as a comma-separated list for multiple registries. |
|
String |
No |
The clone URL of the source repository, used when registering the build artifact in CloudBees Unify.
Default is |
|
Boolean |
No |
If set to |
|
String |
No |
Specify a target stage to build when using a multi-stage Dockerfile. |
|
String |
No |
Full path location where the image is to be saved, including the filename. The image file must be in TAR format. |
|
String |
No |
The verbosity of logging when running the Kaniko build.
Accepted values are |
Outputs
| Output name | Data type | Description |
|---|---|---|
|
JSON string |
The unique identifiers for each of the published image locations ( |
|
String |
The image digest. |
|
String |
Image reference of the first specified destination and the image digest, in a format not part of the OCI standard but supported by most container tools. Tools loading such an image reference ignore the tag and perform the lookup based on the image repository and digest only. Use this format to guarantee that the same image is used even if the tag has been overwritten, and to prevent stale image caches on different nodes. |
|
String |
The tag of the first pushed image. |
|
String |
The tag of the first specified destination and the image digest, in a format not part of the OCI standard but supported by most container tools. Tools loading such an image reference ignore the tag and perform the lookup based on the image repository and digest only. Use this format to guarantee that the same image is used even if the tag has been overwritten, and to prevent stale image caches on different nodes. |