Use a multistage image to remove all redundancies on Dockerfiles (#2547)

As all Kaniko variants should be upgraded at once, all following the same specifications, it is easier for maintainers to bump Go or other image dependencies in a single place. On top of that, there were an issue building `ppc64le` images because of a semantic error on the if condition that checks the arch used. Signed-off-by: Ferran Vidal <ferran.vidal.p@gmail.com>
2023-06-05 18:20:40 +02:00 · 2023-06-05 18:20:40 +02:00 · 507fe00b42
parent f4dae004ef
commit 507fe00b42
7 changed files with 73 additions and 255 deletions
--- a/.github/workflows/images.yaml
+++ b/.github/workflows/images.yaml
@ -32,28 +32,28 @@ jobs:

        include:
        - image: executor
-          dockerfile: ./deploy/Dockerfile
+          target: kaniko-executor
          platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
          image-name: gcr.io/kaniko-project/executor
          tag: ${{ github.sha }}
          release-tag: latest

        - image: executor-debug
-          dockerfile: ./deploy/Dockerfile_debug
+          target: kaniko-debug
          platforms: linux/amd64,linux/arm64,linux/s390x
          image-name: gcr.io/kaniko-project/executor
          tag: ${{ github.sha }}-debug
          release-tag: debug

        - image: executor-slim
-          dockerfile: ./deploy/Dockerfile_slim
+          target: kaniko-slim
          platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
          image-name: gcr.io/kaniko-project/executor
          tag: ${{ github.sha }}-slim
          release-tag: slim

        - image: warmer
-          dockerfile: ./deploy/Dockerfile_warmer
+          target: kaniko-warmer
          platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
          image-name: gcr.io/kaniko-project/warmer
          tag: ${{ github.sha }}
@ -91,7 +91,7 @@ jobs:
      id: build-and-push
      with:
        context: .
-        file: ${{ matrix.dockerfile }}
+        file: ./deploy/Dockerfile
        platforms: ${{ steps.platforms.outputs.platforms }}
        push: ${{ github.event_name != 'pull_request' }} # Only push if not a PR.
        tags: ${{ matrix.image-name }}:${{ matrix.tag }}
@ -99,6 +99,7 @@ jobs:
        # https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#github-cache
        cache-from: type=gha
        cache-to: type=gha,mode=max
+        target: ${{ matrix.target }}

    # Sign images if not a PR.
    - if: github.event_name != 'pull_request'
--- a/14
+++ b/14
@ -48,10 +48,10 @@ export GOFLAGS = -mod=vendor


 out/executor: $(GO_FILES)
-	GOARCH=$(GOARCH) GOOS=linux CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -o $@ $(EXECUTOR_PACKAGE)
+	GOARCH=$(GOARCH) GOOS=$(GOOS) CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -o $@ $(EXECUTOR_PACKAGE)

 out/warmer: $(GO_FILES)
-	GOARCH=$(GOARCH) GOOS=linux CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -o $@ $(WARMER_PACKAGE)
+	GOARCH=$(GOARCH) GOOS=$(GOOS) CGO_ENABLED=0 go build -ldflags $(GO_LDFLAGS) -o $@ $(WARMER_PACKAGE)

 .PHONY: install-container-diff
 install-container-diff:
@ -93,17 +93,17 @@ integration-test-misc:

 .PHONY: k8s-executor-build-push
 k8s-executor-build-push:
-	DOCKER_BUILDKIT=1 docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:latest -f deploy/Dockerfile .
+	DOCKER_BUILDKIT=1 docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) --build-arg=TARGETOS=linux -t $(REGISTRY)/executor:latest -f deploy/Dockerfile --target kaniko-executor .
 	docker push $(REGISTRY)/executor:latest


 .PHONY: images
 images: DOCKER_BUILDKIT=1
 images:
-	docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:latest -f deploy/Dockerfile .
-	docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:debug -f deploy/Dockerfile_debug .
-	docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/executor:slim -f deploy/Dockerfile_slim .
-	docker build ${BUILD_ARG} --build-arg=GOARCH=$(GOARCH) -t $(REGISTRY)/warmer:latest -f deploy/Dockerfile_warmer .
+	docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=TARGETOS=linux -t $(REGISTRY)/executor:latest -f deploy/Dockerfile --target kaniko-executor .
+	docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=TARGETOS=linux -t $(REGISTRY)/executor:debug -f deploy/Dockerfile --target kaniko-debug .
+	docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=TARGETOS=linux -t $(REGISTRY)/executor:slim -f deploy/Dockerfile --target kaniko-slim .
+	docker build ${BUILD_ARG} --build-arg=TARGETARCH=$(GOARCH) --build-arg=TARGETOS=linux -t $(REGISTRY)/warmer:latest -f deploy/Dockerfile --target kaniko-warmer .

 .PHONY: push
 push:
--- a/deploy/Dockerfile
+++ b/deploy/Dockerfile
@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-FROM golang:1.20
+FROM golang:1.20 AS builder
 WORKDIR /src

 # This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
@ -20,6 +20,8 @@ ARG TARGETARCH
 ARG TARGETOS

 ENV GOARCH=$TARGETARCH
+ENV GOOS=$TARGETOS
+
 ENV CGO_ENABLED=0
 ENV GOBIN=/usr/local/bin

@ -27,17 +29,19 @@ ENV GOBIN=/usr/local/bin
 # Until https://github.com/GoogleCloudPlatform/docker-credential-gcr/issues/128 is addressed, we need to use
 # the existing compiled versions distributed in GitHub releases
 ARG GCR_HELPER_VERSION="2.1.8"
+
+# Checksums can be obtained from https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v2.1.8/checksums.txt
 ARG GCR_HELPER_SHA_linux_amd64="0da9a0878d34dc8b38ae76519b7137f3179f573cf9c84fec1b81e973b565e2f9"
 ARG GCR_HELPER_SHA_linux_386="2421d3242beb239eb640daf9dbfa4582416049a92ed93a207a0a3102fde4ea11"
 ARG GCR_HELPER_SHA_linux_s390x="5d18e62c5952d43993b7ee292f87d812ccd161d4e9d932fbc1567eb5d5013632"
 ARG GCR_HELPER_SHA_linux_arm64="9d0e67c18fb3e1e048120d06edb9e54e1c11f88139ec77dbc9830e8a8b31745c"

-# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install.
-RUN if [ $TARGETARCH = "ppc64le"]; then \
-      go install github.com/GoogleCloudPlatform/docker-credential-gcr@v${GCR_HELPER_VERSION}; \
+# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install pointing to the tag's commit
+RUN if [ "$TARGETARCH" = "ppc64le" ]; then \
+      GCR_HELPER_COMMIT=$(git ls-remote -t https://github.com/GoogleCloudPlatform/docker-credential-gcr v$GCR_HELPER_VERSION | head -1 | awk '{print $1}') \
+      && go install github.com/GoogleCloudPlatform/docker-credential-gcr@${GCR_HELPER_COMMIT}; \
    else \
-      echo https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
-      && curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
+      curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
      && eval "GCR_HELPER_SHA=\${GCR_HELPER_SHA_${TARGETOS}_${TARGETARCH}}" \
      && echo "${GCR_HELPER_SHA}  /tmp/gcr-helper.tar.gz" | sha256sum -c - \
      && tar -xzf /tmp/gcr-helper.tar.gz --directory /usr/local/bin/; \
@ -56,30 +60,68 @@ COPY . .
 RUN \
  --mount=type=cache,target=/root/.cache/go-build \
  --mount=type=cache,target=/go/pkg \
-  make GOARCH=$TARGETARCH
+  make out/executor out/warmer

 # Generate latest ca-certificates
 FROM debian:bullseye-slim AS certs
 RUN apt update && apt install -y ca-certificates

-FROM scratch
-# Create kaniko directory with world write permission to allow non root run
-# use musl busybox since it's staticly compiled
-RUN --mount=from=busybox:musl,dst=/usr/ ["busybox", "sh", "-c", "mkdir -p /kaniko && chmod 777 /kaniko"] 
+# use musl busybox since it's staticly compiled on all platforms
+FROM busybox:musl AS busybox
+
+FROM scratch AS kaniko-base-slim
+
+# Create kaniko directory with world write permission to allow non root run
+RUN --mount=from=busybox,dst=/usr/ ["busybox", "sh", "-c", "mkdir -p /kaniko && chmod 777 /kaniko"]

-COPY --from=0 /src/out/executor /kaniko/executor
-COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
-COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
-COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
-COPY --from=0 /kaniko/.docker /kaniko/.docker
 COPY files/nsswitch.conf /etc/nsswitch.conf
 ENV HOME /root
 ENV USER root
 ENV PATH /usr/local/bin:/kaniko
 ENV SSL_CERT_DIR=/kaniko/ssl/certs
+
+FROM kaniko-base-slim AS kaniko-base
+
+COPY --from=builder --chown=0:0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
+COPY --from=builder --chown=0:0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
+COPY --from=builder --chown=0:0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
+
+COPY --from=builder /kaniko/.docker /kaniko/.docker
+
 ENV DOCKER_CONFIG /kaniko/.docker/
 ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
 WORKDIR /workspace

+### FINAL STAGES ###
+
+FROM kaniko-base AS kaniko-warmer
+
+COPY --from=builder /src/out/warmer /kaniko/warmer
+
+ENTRYPOINT ["/kaniko/warmer"]
+
+FROM kaniko-base AS kaniko-executor
+
+COPY --from=builder /src/out/executor /kaniko/executor
+
+ENTRYPOINT ["/kaniko/executor"]
+
+FROM kaniko-executor AS kaniko-debug
+
+ENV PATH /usr/local/bin:/kaniko:/busybox
+
+COPY --from=builder /src/out/warmer /kaniko/warmer
+
+COPY --from=busybox /bin /busybox
+# Declare /busybox as a volume to get it automatically in the path to ignore
+VOLUME /busybox
+
+RUN ["/busybox/mkdir", "-p", "/bin"]
+RUN ["/busybox/ln", "-s", "/busybox/sh", "/bin/sh"]
+
+FROM kaniko-base-slim AS kaniko-slim
+
+COPY --from=builder /src/out/executor /kaniko/executor
+
 ENTRYPOINT ["/kaniko/executor"]
--- a/deploy/Dockerfile_debug
+++ b/deploy/Dockerfile_debug
@ -1,94 +0,0 @@
-# Copyright 2018 Google, Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM golang:1.20
-WORKDIR /src
-
-# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
-ARG TARGETARCH
-ARG TARGETOS
-
-ENV GOARCH=$TARGETARCH
-ENV CGO_ENABLED=0
-ENV GOBIN=/usr/local/bin
-
-# Get GCR credential helper
-# Until https://github.com/GoogleCloudPlatform/docker-credential-gcr/issues/128 is addressed, we need to use
-# the existing compiled versions distributed in GitHub releases
-ARG GCR_HELPER_VERSION="2.1.8"
-ARG GCR_HELPER_SHA_linux_amd64="0da9a0878d34dc8b38ae76519b7137f3179f573cf9c84fec1b81e973b565e2f9"
-ARG GCR_HELPER_SHA_linux_386="2421d3242beb239eb640daf9dbfa4582416049a92ed93a207a0a3102fde4ea11"
-ARG GCR_HELPER_SHA_linux_s390x="5d18e62c5952d43993b7ee292f87d812ccd161d4e9d932fbc1567eb5d5013632"
-ARG GCR_HELPER_SHA_linux_arm64="9d0e67c18fb3e1e048120d06edb9e54e1c11f88139ec77dbc9830e8a8b31745c"
-
-# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install.
-RUN if [ $TARGETARCH = "ppc64le"]; then \
-      go install github.com/GoogleCloudPlatform/docker-credential-gcr@v${GCR_HELPER_VERSION}; \
-    else \
-      echo https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
-      && curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
-      && eval "GCR_HELPER_SHA=\${GCR_HELPER_SHA_${TARGETOS}_${TARGETARCH}}" \
-      && echo "${GCR_HELPER_SHA}  /tmp/gcr-helper.tar.gz" | sha256sum -c - \
-      && tar -xzf /tmp/gcr-helper.tar.gz --directory /usr/local/bin/; \
-    fi
-
-
-# Get Amazon ECR credential helper
-RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@adf1bafd791ae7d4ff098108b1e91f36a4da5404 # v0.7.1
-
-# Get ACR docker env credential helper
-RUN go install github.com/chrismellard/docker-credential-acr-env@82a0ddb2758901b711d9d1614755b77e401598a1
-
-# Add .docker config dir
-RUN mkdir -p /kaniko/.docker
-
-COPY . .
-RUN \
-  --mount=type=cache,target=/root/.cache/go-build \
-  --mount=type=cache,target=/go/pkg \
-  make GOARCH=$TARGETARCH && \
-  make GOARCH=$TARGETARCH out/warmer
-
-# Generate latest ca-certificates
-FROM debian:bullseye-slim AS certs
-RUN apt update && apt install -y ca-certificates
-
-# use musl busybox since it's staticly compiled on all platforms
-FROM busybox:musl as busybox
-FROM scratch
-# Create kaniko directory with world write permission to allow non root run
-RUN --mount=from=busybox,dst=/usr/ ["busybox", "sh", "-c", "mkdir -p /kaniko && chmod 777 /kaniko"] 
-
-COPY --from=0 /src/out/executor /kaniko/executor
-COPY --from=0 /src/out/warmer /kaniko/warmer
-COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
-COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
-COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
-COPY --from=busybox /bin /busybox
-# Declare /busybox as a volume to get it automatically in the path to ignore
-VOLUME /busybox
-
-COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
-COPY --from=0 /kaniko/.docker /kaniko/.docker
-COPY files/nsswitch.conf /etc/nsswitch.conf
-ENV HOME /root
-ENV USER root
-ENV PATH /usr/local/bin:/kaniko:/busybox
-ENV SSL_CERT_DIR=/kaniko/ssl/certs
-ENV DOCKER_CONFIG /kaniko/.docker/
-ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
-WORKDIR /workspace
-RUN ["/busybox/mkdir", "-p", "/bin"]
-RUN ["/busybox/ln", "-s", "/busybox/sh", "/bin/sh"]
-ENTRYPOINT ["/kaniko/executor"]
--- a/deploy/Dockerfile_slim
+++ b/deploy/Dockerfile_slim
@ -1,47 +0,0 @@
-# Copyright 2020 Google, Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Builds the static Go image to execute in a Kubernetes job
-FROM golang:1.20
-
-# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
-ARG TARGETARCH
-
-WORKDIR /src
-COPY . .
-
-RUN \
-    --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg \
-    make GOARCH=$TARGETARCH
-
-# Generate latest ca-certificates
-FROM debian:bullseye-slim AS certs
-RUN apt update && apt install -y ca-certificates
-
-FROM scratch
-
-# Create kaniko directory with world write permission to allow non root run
-# use musl busybox since it's staticly compiled
-RUN --mount=from=busybox:musl,dst=/usr/ ["busybox", "sh", "-c", "mkdir -p /kaniko && chmod 777 /kaniko"] 
-COPY --from=0 /src/out/executor /kaniko/executor
-COPY files/nsswitch.conf /etc/nsswitch.conf
-COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
-ENV HOME /root
-ENV USER root
-ENV PATH /usr/local/bin:/kaniko
-ENV SSL_CERT_DIR=/kaniko/ssl/certs
-
-ENTRYPOINT ["/kaniko/executor"]
-
--- a/deploy/Dockerfile_warmer
+++ b/deploy/Dockerfile_warmer
@ -1,84 +0,0 @@
-# Copyright 2018 Google, Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM golang:1.20
-WORKDIR /src
-
-# This arg is passed by docker buildx & contains the target CPU architecture (e.g., amd64, arm64, etc.)
-ARG TARGETARCH
-ARG TARGETOS
-
-ENV GOARCH=$TARGETARCH
-ENV CGO_ENABLED=0
-ENV GOBIN=/usr/local/bin
-
-# Get GCR credential helper
-# Until https://github.com/GoogleCloudPlatform/docker-credential-gcr/issues/128 is addressed, we need to use
-# the existing compiled versions distributed in GitHub releases
-ARG GCR_HELPER_VERSION="2.1.8"
-ARG GCR_HELPER_SHA_linux_amd64="0da9a0878d34dc8b38ae76519b7137f3179f573cf9c84fec1b81e973b565e2f9"
-ARG GCR_HELPER_SHA_linux_386="2421d3242beb239eb640daf9dbfa4582416049a92ed93a207a0a3102fde4ea11"
-ARG GCR_HELPER_SHA_linux_s390x="5d18e62c5952d43993b7ee292f87d812ccd161d4e9d932fbc1567eb5d5013632"
-ARG GCR_HELPER_SHA_linux_arm64="9d0e67c18fb3e1e048120d06edb9e54e1c11f88139ec77dbc9830e8a8b31745c"
-
-# There is no linux/ppc64le available for docker-credential-gcr, at least let's install it using go install.
-RUN if [ $TARGETARCH = "ppc64le"]; then \
-      go install github.com/GoogleCloudPlatform/docker-credential-gcr@v${GCR_HELPER_VERSION}; \
-    else \
-      echo https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
-      && curl -fsSL -o /tmp/gcr-helper.tar.gz https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${GCR_HELPER_VERSION}/docker-credential-gcr_${TARGETOS}_${TARGETARCH}-${GCR_HELPER_VERSION}.tar.gz \
-      && eval "GCR_HELPER_SHA=\${GCR_HELPER_SHA_${TARGETOS}_${TARGETARCH}}" \
-      && echo "${GCR_HELPER_SHA}  /tmp/gcr-helper.tar.gz" | sha256sum -c - \
-      && tar -xzf /tmp/gcr-helper.tar.gz --directory /usr/local/bin/; \
-    fi
-
-# Get Amazon ECR credential helper
-RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@adf1bafd791ae7d4ff098108b1e91f36a4da5404 # v0.7.1
-
-# Get ACR docker env credential helper
-RUN go install github.com/chrismellard/docker-credential-acr-env@82a0ddb2758901b711d9d1614755b77e401598a1
-
-# Add .docker config dir
-RUN mkdir -p /kaniko/.docker
-
-COPY . .
-RUN \
-  --mount=type=cache,target=/root/.cache/go-build \
-  --mount=type=cache,target=/go/pkg \
-  make GOARCH=$TARGETARCH out/warmer
-
-# Generate latest ca-certificates
-FROM debian:bullseye-slim AS certs
-RUN apt update && apt install -y ca-certificates
-
-FROM scratch
-# Create kaniko directory with world write permission to allow non root run
-# use musl busybox since it's staticly compiled
-RUN --mount=from=busybox:musl,dst=/usr/ ["busybox", "sh", "-c", "mkdir -p /kaniko && chmod 777 /kaniko"] 
-
-COPY --from=0 /src/out/warmer /kaniko/warmer
-COPY --from=0 /usr/local/bin/docker-credential-gcr /kaniko/docker-credential-gcr
-COPY --from=0 /usr/local/bin/docker-credential-ecr-login /kaniko/docker-credential-ecr-login
-COPY --from=0 /usr/local/bin/docker-credential-acr-env /kaniko/docker-credential-acr-env
-COPY --from=certs /etc/ssl/certs/ca-certificates.crt /kaniko/ssl/certs/
-COPY --from=0 /kaniko/.docker /kaniko/.docker
-COPY files/nsswitch.conf /etc/nsswitch.conf
-ENV HOME /root
-ENV USER /root
-ENV PATH /usr/local/bin:/kaniko
-ENV SSL_CERT_DIR=/kaniko/ssl/certs
-ENV DOCKER_CONFIG /kaniko/.docker/
-ENV DOCKER_CREDENTIAL_GCR_CONFIG /kaniko/.config/gcloud/docker_credential_gcr_config.json
-WORKDIR /workspace
-ENTRYPOINT ["/kaniko/warmer"]
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@ -153,10 +153,10 @@ func buildRequiredImages() error {
 		command []string
 	}{{
 		name:    "Building kaniko image",
-		command: []string{"docker", "build", "-t", ExecutorImage, "-f", "../deploy/Dockerfile", ".."},
+		command: []string{"docker", "build", "-t", ExecutorImage, "-f", "../deploy/Dockerfile", "--target", "kaniko-executor", ".."},
 	}, {
 		name:    "Building cache warmer image",
-		command: []string{"docker", "build", "-t", WarmerImage, "-f", "../deploy/Dockerfile_warmer", ".."},
+		command: []string{"docker", "build", "-t", WarmerImage, "-f", "../deploy/Dockerfile", "--target", "kaniko-warmer", ".."},
 	}, {
 		name:    "Building onbuild base image",
 		command: []string{"docker", "build", "-t", config.onbuildBaseImage, "-f", fmt.Sprintf("%s/Dockerfile_onbuild_base", dockerfilesPath), "."},