sap-jenkins-library/resources/metadata/kaniko.yaml

metadata:
  name: kanikoExecute
  description: Executes a [Kaniko](https://github.com/GoogleContainerTools/kaniko) build for creating a Docker container.
  longDescription: Executes a [Kaniko](https://github.com/GoogleContainerTools/kaniko) build for creating a Docker container.
spec:
  inputs:
    secrets:
      - name: dockerConfigJsonCredentialsId
        description: Jenkins 'Secret file' credentials ID containing Docker config.json (with registry credential(s)). You can create it like explained in the [protocodeExecuteScan Prerequisites section](https://www.project-piper.io/steps/protecodeExecuteScan/#prerequisites).
        type: jenkins
    params:
      - name: buildOptions
        type: "[]string"
        description: Defines a list of build options for the [kaniko](https://github.com/GoogleContainerTools/kaniko) build.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default:
          - --skip-tls-verify-pull
      - name: containerBuildOptions
        type: string
        description: Deprected, please use buildOptions. Defines the build options for the [kaniko](https://github.com/GoogleContainerTools/kaniko) build.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: containerImage
        aliases:
          - name: containerImageNameAndTag
            deprecated: true
        type: string
        description: Defines the full name of the Docker image to be created including registry, image name and tag like `my.docker.registry/path/myImageName:myTag`. If left empty, image will not be pushed.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: containerImageName
        aliases:
          - name: dockerImageName
        type: string
        description: Name of the container which will be built - will be used instead of parameter `containerImage`
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
      - name: containerImageTag
        aliases:
          - name: artifactVersion
        type: string
        description: Tag of the container which will be built - will be used instead of parameter `containerImage`
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        resourceRef:
          - name: commonPipelineEnvironment
            param: artifactVersion
      - name: containerPreparationCommand
        type: string
        description: Defines the command to prepare the Kaniko container. By default the contained credentials are removed in order to allow anonymous access to container registries.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default: rm -f /kaniko/.docker/config.json
      - name: containerRegistryUrl
        aliases:
          - name: dockerRegistryUrl
        type: string
        description: http(s) url of the Container registry where the image should be pushed to - will be used instead of parameter `containerImage`
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        resourceRef:
          - name: commonPipelineEnvironment
            param: container/registryUrl
      - name: customTlsCertificateLinks
        type: "[]string"
        description: List containing download links of custom TLS certificates. This is required to ensure trusted connections to registries with custom certificates.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: dockerConfigJSON
        type: string
        description: Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        secret: true
        resourceRef:
          - name: commonPipelineEnvironment
            param: custom/dockerConfigJSON
          - name: dockerConfigJsonCredentialsId
            type: secret
          - type: vaultSecretFile
            paths:
              - $(vaultPath)/docker-config
              - $(vaultBasePath)/$(vaultPipelineName)/docker-config
              - $(vaultBasePath)/GROUP-SECRETS/docker-config
      - name: dockerfilePath
        aliases:
          - name: dockerfile
        type: string
        description: Defines the location of the Dockerfile relative to the Jenkins workspace.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default: Dockerfile
  outputs:
    resources:
      - name: commonPipelineEnvironment
        type: piperEnvironment
        params:
          - name: container/registryUrl
          - name: container/imageNameTag
  containers:
    # https://github.com/GoogleContainerTools/kaniko/issues/1586
    - image: gcr.io/kaniko-project/executor:v1.3.0-debug
      command:
        - /busybox/tail -f /dev/null
      shell: /busybox/sh
      options:
        - name: -u
          value: "0"
        - name: --entrypoint
          value: ''
kanikoExecute - golang version (#1765) * kanikoExecute golang version * update entrypoint * update entrypoint * update entrypoint * update entrypoint * update entrypoint * add command * include PR feedback * remove trailing spaces * remove defaults for certificates * Update generated file 2020-07-10 08:07:59 +02:00			`metadata:`
			`name: kanikoExecute`
			`description: Executes a [Kaniko](https://github.com/GoogleContainerTools/kaniko) build for creating a Docker container.`
			`longDescription: Executes a [Kaniko](https://github.com/GoogleContainerTools/kaniko) build for creating a Docker container.`
			`spec:`
			`inputs:`
			`secrets:`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- name: dockerConfigJsonCredentialsId`
Fix broken link (#2550) * Fix broken link * Add config info into documentation * Add line * Add lines * Link documentation to protocodeExecuteScan * Remove space * Change wording Co-authored-by: Linda Siebert <linda.siebert@sap.com> Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com> 2021-09-01 13:07:13 +02:00			`description: Jenkins 'Secret file' credentials ID containing Docker config.json (with registry credential(s)). You can create it like explained in the [protocodeExecuteScan Prerequisites section](https://www.project-piper.io/steps/protecodeExecuteScan/#prerequisites).`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`type: jenkins`
kanikoExecute - golang version (#1765) * kanikoExecute golang version * update entrypoint * update entrypoint * update entrypoint * update entrypoint * update entrypoint * add command * include PR feedback * remove trailing spaces * remove defaults for certificates * Update generated file 2020-07-10 08:07:59 +02:00			`params:`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- name: buildOptions`
			`type: "[]string"`
			`description: Defines a list of build options for the [kaniko](https://github.com/GoogleContainerTools/kaniko) build.`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`default:`
			`- --skip-tls-verify-pull`
			`- name: containerBuildOptions`
			`type: string`
			`description: Deprected, please use buildOptions. Defines the build options for the [kaniko](https://github.com/GoogleContainerTools/kaniko) build.`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: containerImage`
			`aliases:`
			`- name: containerImageNameAndTag`
			`deprecated: true`
			`type: string`
			description: Defines the full name of the Docker image to be created including registry, image name and tag like `my.docker.registry/path/myImageName:myTag`. If left empty, image will not be pushed.
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
kanikoExecute: improve user experience (#2141) * kanikoExecute: improve user experience * ensure proper tags * update permissions in case a container runs with a different user we need to make sure that the orchestrator user can work on the file * update permissions * ensure availablility of directories on Jenkins * (fix) clean up tmp dir in test * add resilience for incorrect step yaml * incorporate PR feedback 2020-10-14 11:13:08 +02:00			`- name: containerImageName`
			`aliases:`
			`- name: dockerImageName`
			`type: string`
			description: Name of the container which will be built - will be used instead of parameter `containerImage`
			`scope:`
			`- GENERAL`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: containerImageTag`
			`aliases:`
			`- name: artifactVersion`
			`type: string`
			description: Tag of the container which will be built - will be used instead of parameter `containerImage`
			`scope:`
			`- GENERAL`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`resourceRef:`
			`- name: commonPipelineEnvironment`
kanikoExecute: improve user experience (#2141) * kanikoExecute: improve user experience * ensure proper tags * update permissions in case a container runs with a different user we need to make sure that the orchestrator user can work on the file * update permissions * ensure availablility of directories on Jenkins * (fix) clean up tmp dir in test * add resilience for incorrect step yaml * incorporate PR feedback 2020-10-14 11:13:08 +02:00			`param: artifactVersion`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- name: containerPreparationCommand`
			`type: string`
			`description: Defines the command to prepare the Kaniko container. By default the contained credentials are removed in order to allow anonymous access to container registries.`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`default: rm -f /kaniko/.docker/config.json`
kanikoExecute: improve user experience (#2141) * kanikoExecute: improve user experience * ensure proper tags * update permissions in case a container runs with a different user we need to make sure that the orchestrator user can work on the file * update permissions * ensure availablility of directories on Jenkins * (fix) clean up tmp dir in test * add resilience for incorrect step yaml * incorporate PR feedback 2020-10-14 11:13:08 +02:00			`- name: containerRegistryUrl`
			`aliases:`
			`- name: dockerRegistryUrl`
			`type: string`
			description: http(s) url of the Container registry where the image should be pushed to - will be used instead of parameter `containerImage`
			`scope:`
			`- GENERAL`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`resourceRef:`
			`- name: commonPipelineEnvironment`
			`param: container/registryUrl`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- name: customTlsCertificateLinks`
			`type: "[]string"`
			`description: List containing download links of custom TLS certificates. This is required to ensure trusted connections to registries with custom certificates.`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`- name: dockerConfigJSON`
			`type: string`
			description: Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).
			`scope:`
			`- PARAMETERS`
Revert "Don't configure secret with config file" (#3093) This reverts commit 151ec040f93a6fb78ebb1515d3c265844fc89d14. 2021-09-10 16:10:32 +02:00			`- STAGES`
			`- STEPS`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`secret: true`
			`resourceRef:`
feat(kaniko) allow Docker config to be passed via cpe (#2734) * feat(kaniko) allow Docker config to be passed via cpe * update generated files 2021-04-01 09:47:24 +02:00			`- name: commonPipelineEnvironment`
			`param: custom/dockerConfigJSON`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- name: dockerConfigJsonCredentialsId`
			`type: secret`
(Vault) add vaultSecretFile References (#2314) * add vaultSecretFile References * add vaultRef to protecode Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-11-06 19:06:19 +02:00			`- type: vaultSecretFile`
			`paths:`
			`- $(vaultPath)/docker-config`
			`- $(vaultBasePath)/$(vaultPipelineName)/docker-config`
			`- $(vaultBasePath)/GROUP-SECRETS/docker-config`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`- name: dockerfilePath`
			`aliases:`
			`- name: dockerfile`
			`type: string`
			`description: Defines the location of the Dockerfile relative to the Jenkins workspace.`
			`scope:`
			`- PARAMETERS`
			`- STAGES`
			`- STEPS`
			`default: Dockerfile`
kanikoExecute: improve user experience (#2141) * kanikoExecute: improve user experience * ensure proper tags * update permissions in case a container runs with a different user we need to make sure that the orchestrator user can work on the file * update permissions * ensure availablility of directories on Jenkins * (fix) clean up tmp dir in test * add resilience for incorrect step yaml * incorporate PR feedback 2020-10-14 11:13:08 +02:00			`outputs:`
			`resources:`
			`- name: commonPipelineEnvironment`
			`type: piperEnvironment`
			`params:`
			`- name: container/registryUrl`
			`- name: container/imageNameTag`
kanikoExecute - golang version (#1765) * kanikoExecute golang version * update entrypoint * update entrypoint * update entrypoint * update entrypoint * update entrypoint * add command * include PR feedback * remove trailing spaces * remove defaults for certificates * Update generated file 2020-07-10 08:07:59 +02:00			`containers:`
pin kaniko version to v1.3.0-debug (latest working version) (#2911) 2021-06-16 16:37:39 +02:00			`# https://github.com/GoogleContainerTools/kaniko/issues/1586`
			`- image: gcr.io/kaniko-project/executor:v1.3.0-debug`
refactor: correct yaml format (#1965) 2020-08-31 16:10:28 +02:00			`command:`
			`- /busybox/tail -f /dev/null`
			`shell: /busybox/sh`
			`options:`
			`- name: -u`
			`value: "0"`
			`- name: --entrypoint`
fix(dockerOptions) properly pass empty values (#3024) it is possible to overwrite the entrypoint for docker execution: https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime This is ideally done by passing `entrypoint=''` and not pass two options to the call. This also helps with escaping issues of the empty value on other systems. Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> 2021-08-02 10:21:14 +02:00			`value: ''`