The logic that was in here was signing the tags we publish, which has a race. Also since what cosign signs is actually the digest, this was signing 3x where we really only need one call.
The cosign version being used was ancient. This catches us up to 1.4.1 (latest).
I was also eyeballing the very redundant jobs in `release.yaml` for a subsequent refactoring to make this a matrix job, so there are a couple of trivial cleanups related to this.
* Debugging the integration testing.
It seems to be consistently failing (also fix a typo in the file/leg name).
I'm disabling `-v` for `go test` because it interleaves the test output in ways that make it painful to read a single failing test's output when `t.Parallel` is involved.
* Try swapping registry:2 for the registry add-on
* Drop logf and make Logger private
* git: accept explicit commit hash for git context
When checking out code from non-github repositories, the typical
assumptions may not be valid, e.g. that the only interesting
non-branch commits have ref names starting with refs/pull. A specific
example is fetching an un-merged commit from a gerrit repository by
commit hash.
This change just looks at the second part of the git context path and
checks if it's a SHA commit hash, and if so, will fetch and check out
this commit after cloning the repository.
Sample context argument:
https://github.repo/project#e1772f228e06d15facdf175e5385e265b57068c0
* ci: fix test script to recognize any non-zero exit as an error
hack/linter.sh didn't properly install golangci-lint in hack/bin as I
already have another version of golangci-lint on my PATH, but then it
failed to execute because it was looking for it specifically in
hack/bin.
When the executable is not found, the exit code is 127 instead of 1,
and so test.sh ignored the error.
Two fixes:
1. `test.sh`:
- Use `if (script) ...` instead of assigning / checking a result
variable to determine if each validation script passed or failed.
2. `hack/linter.sh`:
- Instead of checking for golangci-lint on the path, just
specifically check for an executable file (`test -x`) in the
expected location.
Co-authored-by: Wade Carpenter <wwade@users.noreply.github.com>
* Remove tarball.WithCompressedCaching flag to resolve OOM Killed error
Large images cannot be build as the kaniko container will be killed due to an OOM error. Removing the tarball compression drastically reduces the memory required to push large image layers. Fixes#1680
This change may increase the build time for smaller images. Therefore a command line option to trigger the compression or a more intelligent behaviour may be useful.
* Add new command line flag to toggle compressed caching
* Add unittest for build with --compressed-caching command line flag set to false
1. add s390x support to docker images `executor`, `executor(slim)`,
`executor(debug)` and `warmer`. Fixes#1462 and #1665.
2. Address the building issue of dependency `docker-credential-gcr`
in Dockerfiles. This issue was introduced when recent commits
in `docker-credential-gcr` removed the Makefile.
Signed-off-by: Kun-Lu <kun.lu@ibm.com>
Co-authored-by: Kun-Lu <kun.lu@ibm.com>
* chore: add workflows for pr tests
* fix unit tests
* fix formatting
* chore: fix gobuild
* change minikube script
* chore: fix lint install script
* chore: ignore and fix tests
* fix lint and run gofmt
* lint fixes
* k8s executor image only
* fix Makefile
* fix travis env variables
* more info on k8s tests
* fix travis run
* fix
* fix
* fix
* fix log
* some more changes
* increase timeout
* delete travis.yml and fix multiple copy tests
* fix registry mirror
* fix lint
* add concurency
* last attemot to fix k8 integrations
* diff id for diff workflows
* Fix composite cache key for multi-stage copy command (#1706)
PR #1518 reintroduced COPY layers caching using the `--cache-copy-layers`
flag. Unfortunately, this PR also introduced a bug by not including the
stage digest into the caching key of the COPY command when the
`--cache-copy-layers` flag was not set. As a result, kaniko would use
any previous (possibly stalled) layer from the cache because the digest
of the "COPY --from" command would never change.
PR author probably expected Go to fallthrough in the switch just like C
does. However, this is not the case. Go does not fallthrough in
switch-statements by default and requires the fallthrough keyword to be
used. Note that this keyword is not available in type-switches though,
because it wouldn't work properly with typings.
* refactor: add an abstract copy command interface to avoid code duplication
* fix typo in error message
Co-authored-by: Tejal Desai <tejal29@gmail.com>
The Makefile from the `docker-credential-gcr` repo was removed, so all builds were failing. This PR removes the `make` command and pins `docker-credential-gcr` to a specific commit so that this doesn't happen again.
When providing multiple images to warm, the warmer stops at the first error.
There are use cases however where an image is provided to the warmer which does not yet exist on purpose (e.g. CI/CD latest image only created at first release).
Thus we want to try all given images and only error if none of them work.
* avoid deleting whiteouts if they are in ignore list
* fix snapshotter ignore list
* include filesystem mounts in ignorelist of snapshotter
* clean up ignore list logic
* add unit and integration tests for #1652
* fix tests and ignore list updates
* exit codes of failed RUN commands may now be propagated to the caller by using the --propagate-exit-code flag
* removed exit code propagation flag; the exit function now unwraps the error and looks for an exit code
* added integration test for exit code propagation
* added trailing new line in test Dockerfile_exit_code_propagation; tidying up README.md removing all traces of error propagation flag
* moved exit code propagation test to integration_test.go; moved exit code propagation test files to 'testdata' to avoid interference with other integration tests
Matt Moore
Jason Hall
Tejal Desai
wwade
Janosch Maier
Mikhail Vasin
Gilbert Gilb's
Anbraten
priyawadhwa
Rhianna
Jake Sanders
ejose19
Yahav Itzhak
nihilo
Silvano Cirujano Cuesta
ankitm123
Jose Donizetti
Patrick Barker
Max Walther
Kamal Nasser
Benjamin Krenn
Liwen Guo
Colin
Chris Hoffman