Switch to using BuiltKit instead of Kaniko to build docker images.
This commit is contained in:
Tom Alexander
parent
e7b6dc9059
commit
2c9396615e
@ -69,42 +69,72 @@ spec:
|
||||
value: $(params.PULL_BASE_SHA)
|
||||
- name: deleteExisting
|
||||
value: "true"
|
||||
- name: get-git-commit-time
|
||||
taskSpec:
|
||||
metadata: {}
|
||||
stepTemplate:
|
||||
image: alpine:3.20
|
||||
computeResources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 600Mi
|
||||
workingDir: "$(workspaces.repo.path)"
|
||||
results:
|
||||
- name: unix-time
|
||||
description: The time of the git commit in unix timestamp format.
|
||||
steps:
|
||||
- image: alpine/git:v2.34.2
|
||||
name: detect-tag-step
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
set -euo pipefail
|
||||
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
|
||||
workspaces:
|
||||
- name: repo
|
||||
workspace: git-source
|
||||
runAfter:
|
||||
- fetch-repository
|
||||
- name: build-image
|
||||
taskRef:
|
||||
resolver: git
|
||||
params:
|
||||
- name: url
|
||||
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
|
||||
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
|
||||
- name: revision
|
||||
value: df36b3853a5657fd883015cdbf07ad6466918acf
|
||||
value: 7ee31a185243ee6da13dcd26a592c585b64c80e5
|
||||
- name: pathInRepo
|
||||
value: task/kaniko/0.6/kaniko.yaml
|
||||
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
|
||||
params:
|
||||
- name: IMAGE
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
- name: OUTPUT
|
||||
value: >-
|
||||
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.fetch-repository.results.commit)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
|
||||
- name: CONTEXT
|
||||
value: $(params.path-to-image-context)
|
||||
- name: DOCKERFILE
|
||||
value: $(params.path-to-dockerfile)
|
||||
- name: BUILDER_IMAGE
|
||||
value: "gcr.io/kaniko-project/executor:v1.23.2"
|
||||
- name: EXTRA_ARGS
|
||||
value:
|
||||
- "--destination=$(params.image-name)" # Also write the :latest image
|
||||
- "--target=$(params.target-name)"
|
||||
- --cache=true
|
||||
- --cache-copy-layers
|
||||
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
|
||||
- --use-new-run # Should result in a speed-up
|
||||
- --reproducible # To remove timestamps so layer caching works.
|
||||
- --snapshot-mode=redo
|
||||
- --skip-unused-stages=true
|
||||
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
|
||||
- --import-cache
|
||||
- "type=registry,ref=$(params.image-name):buildcache"
|
||||
- --export-cache
|
||||
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true"
|
||||
- --opt
|
||||
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time)
|
||||
- name: BUILDKITD_TOML
|
||||
value: |
|
||||
debug = true
|
||||
[registry."docker.io"]
|
||||
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
|
||||
[registry."dockerhub.dockerhub.svc.cluster.local"]
|
||||
http = true
|
||||
insecure = true
|
||||
workspaces:
|
||||
- name: source
|
||||
workspace: git-source
|
||||
- name: dockerconfig
|
||||
workspace: docker-credentials
|
||||
runAfter:
|
||||
- fetch-repository
|
||||
finally:
|
||||
- name: report-success
|
||||
when:
|
||||
@ -189,4 +219,4 @@ spec:
|
||||
- name: path-to-image-context
|
||||
value: .
|
||||
- name: path-to-dockerfile
|
||||
value: docker/natter/Dockerfile
|
||||
value: docker/natter/
|
||||
|
||||
@ -69,41 +69,72 @@ spec:
|
||||
value: $(params.PULL_BASE_SHA)
|
||||
- name: deleteExisting
|
||||
value: "true"
|
||||
- name: get-git-commit-time
|
||||
taskSpec:
|
||||
metadata: {}
|
||||
stepTemplate:
|
||||
image: alpine:3.20
|
||||
computeResources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 600Mi
|
||||
workingDir: "$(workspaces.repo.path)"
|
||||
results:
|
||||
- name: unix-time
|
||||
description: The time of the git commit in unix timestamp format.
|
||||
steps:
|
||||
- image: alpine/git:v2.34.2
|
||||
name: detect-tag-step
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
set -euo pipefail
|
||||
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
|
||||
workspaces:
|
||||
- name: repo
|
||||
workspace: git-source
|
||||
runAfter:
|
||||
- fetch-repository
|
||||
- name: build-image
|
||||
taskRef:
|
||||
resolver: git
|
||||
params:
|
||||
- name: url
|
||||
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
|
||||
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
|
||||
- name: revision
|
||||
value: df36b3853a5657fd883015cdbf07ad6466918acf
|
||||
value: 7ee31a185243ee6da13dcd26a592c585b64c80e5
|
||||
- name: pathInRepo
|
||||
value: task/kaniko/0.6/kaniko.yaml
|
||||
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
|
||||
params:
|
||||
- name: IMAGE
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
- name: OUTPUT
|
||||
value: >-
|
||||
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.fetch-repository.results.commit)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
|
||||
- name: CONTEXT
|
||||
value: $(params.path-to-image-context)
|
||||
- name: DOCKERFILE
|
||||
value: $(params.path-to-dockerfile)
|
||||
- name: BUILDER_IMAGE
|
||||
value: "gcr.io/kaniko-project/executor:v1.23.2"
|
||||
- name: EXTRA_ARGS
|
||||
value:
|
||||
- "--target=$(params.target-name)"
|
||||
- --cache=true
|
||||
- --cache-copy-layers
|
||||
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
|
||||
- --use-new-run # Should result in a speed-up
|
||||
- --reproducible # To remove timestamps so layer caching works.
|
||||
- --snapshot-mode=redo
|
||||
- --skip-unused-stages=true
|
||||
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
|
||||
- --import-cache
|
||||
- "type=registry,ref=$(params.image-name):buildcache"
|
||||
- --export-cache
|
||||
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true"
|
||||
- --opt
|
||||
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time)
|
||||
- name: BUILDKITD_TOML
|
||||
value: |
|
||||
debug = true
|
||||
[registry."docker.io"]
|
||||
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
|
||||
[registry."dockerhub.dockerhub.svc.cluster.local"]
|
||||
http = true
|
||||
insecure = true
|
||||
workspaces:
|
||||
- name: source
|
||||
workspace: git-source
|
||||
- name: dockerconfig
|
||||
workspace: docker-credentials
|
||||
runAfter:
|
||||
- fetch-repository
|
||||
- name: run-cargo-fmt
|
||||
taskSpec:
|
||||
metadata: {}
|
||||
@ -143,7 +174,7 @@ spec:
|
||||
- build-image
|
||||
params:
|
||||
- name: docker-image
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
value: "$(tasks.build-image.results.IMAGE_URL[1])"
|
||||
- name: run-prettier
|
||||
taskSpec:
|
||||
metadata: {}
|
||||
@ -177,7 +208,7 @@ spec:
|
||||
- build-image
|
||||
params:
|
||||
- name: docker-image
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
value: "$(tasks.build-image.results.IMAGE_URL[1])"
|
||||
- name: commit-changes
|
||||
taskRef:
|
||||
resolver: git
|
||||
@ -303,7 +334,7 @@ spec:
|
||||
workspace: cargo-cache
|
||||
params:
|
||||
- name: docker-image
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
value: "$(tasks.build-image.results.IMAGE_URL[1])"
|
||||
workspaces:
|
||||
- name: git-source
|
||||
- name: docker-credentials
|
||||
@ -333,4 +364,4 @@ spec:
|
||||
- name: path-to-image-context
|
||||
value: docker/natter_development/
|
||||
- name: path-to-dockerfile
|
||||
value: docker/natter_development/Dockerfile
|
||||
value: docker/natter_development/
|
||||
|
||||
@ -69,41 +69,72 @@ spec:
|
||||
value: $(params.PULL_BASE_SHA)
|
||||
- name: deleteExisting
|
||||
value: "true"
|
||||
- name: get-git-commit-time
|
||||
taskSpec:
|
||||
metadata: {}
|
||||
stepTemplate:
|
||||
image: alpine:3.20
|
||||
computeResources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 600Mi
|
||||
workingDir: "$(workspaces.repo.path)"
|
||||
results:
|
||||
- name: unix-time
|
||||
description: The time of the git commit in unix timestamp format.
|
||||
steps:
|
||||
- image: alpine/git:v2.34.2
|
||||
name: detect-tag-step
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
set -euo pipefail
|
||||
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
|
||||
workspaces:
|
||||
- name: repo
|
||||
workspace: git-source
|
||||
runAfter:
|
||||
- fetch-repository
|
||||
- name: build-image
|
||||
taskRef:
|
||||
resolver: git
|
||||
params:
|
||||
- name: url
|
||||
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
|
||||
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
|
||||
- name: revision
|
||||
value: df36b3853a5657fd883015cdbf07ad6466918acf
|
||||
value: 7ee31a185243ee6da13dcd26a592c585b64c80e5
|
||||
- name: pathInRepo
|
||||
value: task/kaniko/0.6/kaniko.yaml
|
||||
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
|
||||
params:
|
||||
- name: IMAGE
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
- name: OUTPUT
|
||||
value: >-
|
||||
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.fetch-repository.results.commit)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
|
||||
- name: CONTEXT
|
||||
value: $(params.path-to-image-context)
|
||||
- name: DOCKERFILE
|
||||
value: $(params.path-to-dockerfile)
|
||||
- name: BUILDER_IMAGE
|
||||
value: "gcr.io/kaniko-project/executor:v1.23.2"
|
||||
- name: EXTRA_ARGS
|
||||
value:
|
||||
- "--target=$(params.target-name)"
|
||||
- --cache=true
|
||||
- --cache-copy-layers
|
||||
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
|
||||
- --use-new-run # Should result in a speed-up
|
||||
- --reproducible # To remove timestamps so layer caching works.
|
||||
- --snapshot-mode=redo
|
||||
- --skip-unused-stages=true
|
||||
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
|
||||
- --import-cache
|
||||
- "type=registry,ref=$(params.image-name):buildcache"
|
||||
- --export-cache
|
||||
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true"
|
||||
- --opt
|
||||
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time)
|
||||
- name: BUILDKITD_TOML
|
||||
value: |
|
||||
debug = true
|
||||
[registry."docker.io"]
|
||||
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
|
||||
[registry."dockerhub.dockerhub.svc.cluster.local"]
|
||||
http = true
|
||||
insecure = true
|
||||
workspaces:
|
||||
- name: source
|
||||
workspace: git-source
|
||||
- name: dockerconfig
|
||||
workspace: docker-credentials
|
||||
runAfter:
|
||||
- fetch-repository
|
||||
- name: run-cargo-clippy
|
||||
taskSpec:
|
||||
metadata: {}
|
||||
@ -153,7 +184,7 @@ spec:
|
||||
- build-image
|
||||
params:
|
||||
- name: docker-image
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
value: "$(tasks.build-image.results.IMAGE_URL[1])"
|
||||
finally:
|
||||
- name: report-success
|
||||
when:
|
||||
@ -247,7 +278,7 @@ spec:
|
||||
workspace: cargo-cache
|
||||
params:
|
||||
- name: docker-image
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
value: "$(tasks.build-image.results.IMAGE_URL[1])"
|
||||
workspaces:
|
||||
- name: git-source
|
||||
- name: docker-credentials
|
||||
@ -277,4 +308,4 @@ spec:
|
||||
- name: path-to-image-context
|
||||
value: docker/natter_development/
|
||||
- name: path-to-dockerfile
|
||||
value: docker/natter_development/Dockerfile
|
||||
value: docker/natter_development/
|
||||
|
||||
@ -69,41 +69,72 @@ spec:
|
||||
value: $(params.PULL_BASE_SHA)
|
||||
- name: deleteExisting
|
||||
value: "true"
|
||||
- name: get-git-commit-time
|
||||
taskSpec:
|
||||
metadata: {}
|
||||
stepTemplate:
|
||||
image: alpine:3.20
|
||||
computeResources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 600Mi
|
||||
workingDir: "$(workspaces.repo.path)"
|
||||
results:
|
||||
- name: unix-time
|
||||
description: The time of the git commit in unix timestamp format.
|
||||
steps:
|
||||
- image: alpine/git:v2.34.2
|
||||
name: detect-tag-step
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
set -euo pipefail
|
||||
echo -n "$(git log -1 --pretty=%ct)" | tee $(results.unix-time.path)
|
||||
workspaces:
|
||||
- name: repo
|
||||
workspace: git-source
|
||||
runAfter:
|
||||
- fetch-repository
|
||||
- name: build-image
|
||||
taskRef:
|
||||
resolver: git
|
||||
params:
|
||||
- name: url
|
||||
value: https://code.fizz.buzz/mirror/catalog.git # mirror of https://github.com/tektoncd/catalog.git
|
||||
value: https://code.fizz.buzz/talexander/personal_tekton_catalog.git
|
||||
- name: revision
|
||||
value: df36b3853a5657fd883015cdbf07ad6466918acf
|
||||
value: 7ee31a185243ee6da13dcd26a592c585b64c80e5
|
||||
- name: pathInRepo
|
||||
value: task/kaniko/0.6/kaniko.yaml
|
||||
value: task/buildkit-rootless-daemonless/0.1/buildkit-rootless-daemonless.yaml
|
||||
params:
|
||||
- name: IMAGE
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
- name: OUTPUT
|
||||
value: >-
|
||||
type=image,"name=$(params.image-name):latest,$(params.image-name):$(tasks.fetch-repository.results.commit)",push=true,compression=zstd,compression-level=22,oci-mediatypes=true
|
||||
- name: CONTEXT
|
||||
value: $(params.path-to-image-context)
|
||||
- name: DOCKERFILE
|
||||
value: $(params.path-to-dockerfile)
|
||||
- name: BUILDER_IMAGE
|
||||
value: "gcr.io/kaniko-project/executor:v1.23.2"
|
||||
- name: EXTRA_ARGS
|
||||
value:
|
||||
- "--target=$(params.target-name)"
|
||||
- --cache=true
|
||||
- --cache-copy-layers
|
||||
- --cache-repo=harbor.fizz.buzz/kanikocache/cache
|
||||
- --use-new-run # Should result in a speed-up
|
||||
- --reproducible # To remove timestamps so layer caching works.
|
||||
- --snapshot-mode=redo
|
||||
- --skip-unused-stages=true
|
||||
- --registry-mirror=dockerhub.dockerhub.svc.cluster.local
|
||||
- --import-cache
|
||||
- "type=registry,ref=$(params.image-name):buildcache"
|
||||
- --export-cache
|
||||
- "type=registry,ref=$(params.image-name):buildcache,mode=max,compression=zstd,compression-level=22,rewrite-timestamp=true,image-manifest=true,oci-mediatypes=true"
|
||||
- --opt
|
||||
- build-arg:SOURCE_DATE_EPOCH=$(tasks.get-git-commit-time.results.unix-time)
|
||||
- name: BUILDKITD_TOML
|
||||
value: |
|
||||
debug = true
|
||||
[registry."docker.io"]
|
||||
mirrors = ["dockerhub.dockerhub.svc.cluster.local"]
|
||||
[registry."dockerhub.dockerhub.svc.cluster.local"]
|
||||
http = true
|
||||
insecure = true
|
||||
workspaces:
|
||||
- name: source
|
||||
workspace: git-source
|
||||
- name: dockerconfig
|
||||
workspace: docker-credentials
|
||||
runAfter:
|
||||
- fetch-repository
|
||||
- name: run-cargo-test
|
||||
taskSpec:
|
||||
metadata: {}
|
||||
@ -143,7 +174,7 @@ spec:
|
||||
- build-image
|
||||
params:
|
||||
- name: docker-image
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
value: "$(tasks.build-image.results.IMAGE_URL[1])"
|
||||
finally:
|
||||
- name: report-success
|
||||
when:
|
||||
@ -237,7 +268,7 @@ spec:
|
||||
workspace: cargo-cache
|
||||
params:
|
||||
- name: docker-image
|
||||
value: "$(params.image-name):$(tasks.fetch-repository.results.commit)"
|
||||
value: "$(tasks.build-image.results.IMAGE_URL[1])"
|
||||
workspaces:
|
||||
- name: git-source
|
||||
- name: docker-credentials
|
||||
@ -267,4 +298,4 @@ spec:
|
||||
- name: path-to-image-context
|
||||
value: docker/natter_development/
|
||||
- name: path-to-dockerfile
|
||||
value: docker/natter_development/Dockerfile
|
||||
value: docker/natter_development/
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user