metadata: name: kanikoExecute description: Executes a [Kaniko](https://github.com/GoogleContainerTools/kaniko) build for creating a Docker container. longDescription: Executes a [Kaniko](https://github.com/GoogleContainerTools/kaniko) build for creating a Docker container. spec: inputs: secrets: - name: dockerConfigJsonCredentialsId description: Jenkins 'Secret file' credentials ID containing Docker config.json (with registry credential(s)). You can create it like explained in the [protocodeExecuteScan Prerequisites section](https://www.project-piper.io/steps/protecodeExecuteScan/#prerequisites). type: jenkins params: - name: buildOptions type: "[]string" description: Defines a list of build options for the [kaniko](https://github.com/GoogleContainerTools/kaniko) build. scope: - PARAMETERS - STAGES - STEPS default: - --skip-tls-verify-pull - name: containerBuildOptions type: string description: Deprected, please use buildOptions. Defines the build options for the [kaniko](https://github.com/GoogleContainerTools/kaniko) build. scope: - PARAMETERS - STAGES - STEPS - name: containerImage aliases: - name: containerImageNameAndTag deprecated: true type: string description: Defines the full name of the Docker image to be created including registry, image name and tag like `my.docker.registry/path/myImageName:myTag`. If left empty, image will not be pushed. scope: - PARAMETERS - STAGES - STEPS - name: containerImageName aliases: - name: dockerImageName type: string description: Name of the container which will be built - will be used instead of parameter `containerImage` scope: - GENERAL - PARAMETERS - STAGES - STEPS - name: containerImageTag aliases: - name: artifactVersion type: string description: Tag of the container which will be built - will be used instead of parameter `containerImage` scope: - GENERAL - PARAMETERS - STAGES - STEPS resourceRef: - name: commonPipelineEnvironment param: artifactVersion - name: containerPreparationCommand type: string description: Defines the command to prepare the Kaniko container. By default the contained credentials are removed in order to allow anonymous access to container registries. scope: - PARAMETERS - STAGES - STEPS default: rm -f /kaniko/.docker/config.json - name: containerRegistryUrl aliases: - name: dockerRegistryUrl type: string description: http(s) url of the Container registry where the image should be pushed to - will be used instead of parameter `containerImage` scope: - GENERAL - PARAMETERS - STAGES - STEPS resourceRef: - name: commonPipelineEnvironment param: container/registryUrl - name: customTlsCertificateLinks type: "[]string" description: List containing download links of custom TLS certificates. This is required to ensure trusted connections to registries with custom certificates. scope: - PARAMETERS - STAGES - STEPS - name: dockerConfigJSON type: string description: Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/). scope: - PARAMETERS - STAGES - STEPS secret: true resourceRef: - name: commonPipelineEnvironment param: custom/dockerConfigJSON - name: dockerConfigJsonCredentialsId type: secret - type: vaultSecretFile name: dockerConfigFileVaultSecretName default: docker-config - name: dockerfilePath aliases: - name: dockerfile type: string description: Defines the location of the Dockerfile relative to the Jenkins workspace. scope: - PARAMETERS - STAGES - STEPS default: Dockerfile outputs: resources: - name: commonPipelineEnvironment type: piperEnvironment params: - name: container/registryUrl - name: container/imageNameTag - name: custom/buildSettingsInfo containers: - image: gcr.io/kaniko-project/executor:debug command: - /busybox/tail -f /dev/null shell: /busybox/sh options: - name: -u value: "0" - name: --entrypoint value: "" env: - name: container value: docker - name: TMPDIR value: /