9f57952214
fix: use refrence should after err handles ( #2128 )
...
* fix: use refrence should after err handles
* Update pkg/executor/build.go
Co-authored-by: Jason Hall <jason@chainguard.dev>
2022-06-09 11:00:30 -04:00
1395e4682f
Bump ossf/scorecard-action from 1.0.4 to 1.1.1 ( #2116 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...3e15ea8318
2022-06-01 13:59:46 -04:00
3d2c088655
Bump github.com/aws/aws-sdk-go from 1.43.36 to 1.44.24 ( #2111 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.43.36 to 1.44.24.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.36...v1.44.24 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-01 13:14:12 -04:00
c7841d7653
Bump actions/setup-go from 3.0.0 to 3.2.0 ( #2112 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...b22fbbc292
2022-06-01 13:13:59 -04:00
c13f9b6027
fix: Add test for issue #2049 ( #2114 )
...
- This missing files problem should be fixed by PR #2066 .
2022-06-01 06:55:36 -04:00
bc46c24707
Write parent directories to tar before whiteout files ( #2113 )
...
* Write parent directories to tar before whiteout files
Fixes #1149
The OCI image spec does not specify this order but it's a good idea and Docker
does the same.
When manually comparing layers created by Docker and Kaniko there are still
some differences (that container-diff does not show):
* Kaniko adds / to layers
* For `mkdir /test`, docker adds `/test` and an opaque whiteout file
`/test/.wh..wh..opq`. Kaniko only adds `/test/` (and /).
* snapshot_test: cleanup
Fix typos and use listFilesInTar() where possible
2022-05-31 16:42:32 -04:00
1c0e5a0aca
Update Azure credHelpers docs ( #2109 )
2022-05-27 11:29:59 -04:00
77ac6942a6
Fix missing setuid flags on COPY --from=build operation ( #2089 )
...
* Fix missing file permissions on multi-stage build
Fixes #2075
When a file with the setuid bit is copied from one stage
to another, the permissions were not copied over properly after
setting ownership on directory and the file itself.
* Update pkg/util/fs_util.go
Co-authored-by: Jason Hall <jason@chainguard.dev>
* Adding boilerplate to dockerfile
* Add bash check to bail with exit code 1 if setuid not present
Co-authored-by: Jason Hall <jason@chainguard.dev>
2022-05-22 09:20:18 -04:00
e22346d881
fix: `COPY --chown` regression tests ( #2097 )
2022-05-18 10:49:42 -04:00
2789b974b9
fix: Regression test for #2066 ( #2096 )
...
* fix: Regression test for #2066
- Test `Dockerfile_test_issue_2066` fails on main@28432d3c
* np: Comment
2022-05-18 06:35:35 -04:00
323e616a67
fix: Refactor `LayersMap` to correct old strange code behavior ( #2066 )
...
* fix: Correct flatten function in layers
- Added a test.
- Cache current image, track deletes in `whiteouts` as well as normal adds in `layers`.
- Fix ugly delete behavior of `layerHashCache`.
Delete it when crerating a new snapshot.
- Slight cleanup in `snapshot.go`.
- Format ugly `WalkFS` function.
* fix: Add symbolic link changes to Hasher and CacheHasher
* fix: Better log messages
* fix(ci): Integration tests
* fix(ci): Add `--no-cache` to docker builds
* fix(ci): Pass credentials for error integration test
* np: Missing .gitignore in `hack`
* np: Capitalize every log message
- Correct some linting.
* fix: Key function
- Merge only last layer onto `currentImage`.
* fix: Remove old obsolete `cacheHasher`
2022-05-17 20:30:58 -04:00
28432d3c84
fix(ci): Docker build for issue 1837 ( #2095 )
...
* fix: Docker build for issue 1837
* fix: Linting
2022-05-17 14:21:57 -04:00
7b50fc8a57
fix: Main ( #2094 )
2022-05-17 13:27:24 -04:00
872758b8b0
feat: add flag to disable pushing cache ( #2038 )
2022-05-16 12:21:26 -07:00
ce1fb51579
Fix README blurb on --cache-copy-layers, so that the purpose of the flag is more clear. ( #2064 )
...
Co-authored-by: Yonatan Koren <10080107+korenyoni@users.noreply.github.com>
2022-05-16 12:20:14 -07:00
6b6795e4a7
Fix release tagging workflow ( #2034 )
...
In Bash, "-eq" compares integers, and "==" compares strings, so "debug
-eq latest" always evaulated to true.
$ if [[ "debug" -eq "latest" ]]; then echo latest; else echo debug; fi
latest
$ if [[ "debug" == "latest" ]]; then echo latest; else echo debug; fi
debug
2022-05-16 12:19:39 -07:00
25edbb2430
fix: kaniko dir env unused ( #2067 )
...
* update kaniko-dir flag description
* add dir check anonymous func for check to config or env
* add kaniko dir constant in default options
* Update cmd/executor/cmd/root.go
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* add CopyDir util usage for checkKanikoDir func
* add removal of kaniko dir on successful copy of new files
* add comment for CopyDir usage
Co-authored-by: Jason Hall <jasonhall@redhat.com>
2022-05-16 12:17:25 -07:00
9019b7667c
Bump docker/setup-buildx-action from 1.6.0 to 2 ( #2081 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 1.6.0 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](94ab11c41e...dc7b9719a9
2022-05-16 12:14:10 -07:00
816e6d52b4
Bump go-containerregistry dependency ( #2076 )
...
This picks up https://github.com/google/go-containerregistry/pull/1360
2022-05-08 12:40:24 -04:00
96a8ee0c07
hasher: hash security.capability attributes ( #1994 )
...
In Dockerfile, if there is something like:
```
RUN setcap cap_net_raw=+ep /path/to/binary
```
kaniko won't detect that there is a change on file `/path/to/binary` and
thus discards this layer. This patch allows the hasher function to
actually look at `security.capability` extended attributes.
2022-05-04 12:31:10 -04:00
76a54a031d
Fix: Flatten layer function needs to return existing files in the layer correctly ( #2057 )
...
* fix: Remove hardcoded whiteout prefix
* fix: Flatten function should return all existing files without whiteouts
* np: Documentation
2022-04-26 16:46:09 -04:00
9df31b1bcb
fix: Remove hardcoded whiteout prefix ( #2056 )
2022-04-25 14:52:30 -04:00
13ed53e25c
proc: detect kubernetes runtime by mounts ( #2054 )
...
Fix #1936
Kubernetes was not being detected by files not by /proc/?/cgroup
contents. Now it detects the kubernetes runtime if any of those
conditions are met:
* /var/run/secrets/kubernetes.io/serviceaccount exists
* /proc/mounts has the mount for "/" with fs type "overlay"
2022-04-18 10:20:42 -04:00
f9c5745c63
Fixes #2046 : make target stage lookup case insensitive ( #2047 )
2022-04-12 09:54:14 -04:00
f930b75b8b
Add GitLab CI credentials helper ( #2040 )
...
This simplifies usage of Kaniko in GitLab CI environments and
means that it's not longer necessary to manually cobble together
the config with the right values from the environment in
error-prone shell commands.
2022-04-11 13:13:47 -04:00
a5d96682ac
Bump sigstore/cosign-installer from b4f55743d10d066fee1de1cf0fa26069700c0195 to 2.2.0 ( #2044 )
...
* Bump sigstore/cosign-installer
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from b4f55743d10d066fee1de1cf0fa26069700c0195 to 2.2.0. This release includes the previously tagged commit.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](b4f55743d1...d6a3abf1bd
2022-04-11 13:10:39 -04:00
d849b0bfdc
Bump github/codeql-action from 2.1.6 to 2.1.8 ( #2043 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.6 to 2.1.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](28eead2408...1ed1437484
2022-04-11 10:26:45 -04:00
7bd84f97b1
Bump github.com/aws/aws-sdk-go from 1.43.31 to 1.43.36 ( #2042 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.43.31 to 1.43.36.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.31...v1.43.36 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-11 10:26:34 -04:00
697bfc6acb
Bump cloud.google.com/go/storage from 1.21.0 to 1.22.0 ( #2041 )
...
Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go ) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.21.0...spanner/v1.22.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-11 10:26:23 -04:00
6c7d03a5ea
Bump github/codeql-action from 1.1.5 to 2.1.6 ( #2031 )
...
* Bump github/codeql-action from 1.1.5 to 2.1.6
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.5 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8834766498...28eead2408
2022-04-04 11:22:15 -04:00
1cdd743e91
Bump github.com/aws/aws-sdk-go from 1.43.26 to 1.43.31 ( #2030 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.43.26 to 1.43.31.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.26...v1.43.31 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-04 11:19:13 -04:00
1e0ab6fca6
Add release notes for v1.8.1 ( #2029 )
2022-04-03 16:21:38 -07:00
1b59a296a8
Use canonical platform values. Fix 1995. ( #2025 )
...
* Use canonical image architectures. Closes #1995 .
Prior to this change, Kaniko was not using the platform's canonical value.
* Update platform unit test.
2022-03-31 15:15:24 -04:00
d4cf49077a
feat: kaniko dir config option ( #1997 )
...
* remove configurables from constants
* add configurables to config init
* add kaniko dir flag
* cleanup pkg constants
* replace buildcontext constants pkg occurrences with config
* add KanikoDir to KanikoOptions
* replace executor constants pkg occurrences with config
* remove redundant KanikoDir assignment
* replace constants to config for IntermediateStagesDir
* fix imports
* add default kaniko directory into constants
* add check for kanikoDir on use
* update init to use default path constant
* update executor kanikoDir check
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* alter checkKanikoDir parameter
* add TestKanikoDir func
* update error handling style
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* remove shorthand flag usage from test
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* add docstring to integration test
Co-authored-by: Jason Hall <jasonhall@redhat.com>
* remove shorthand flag from kaniko-dir
Co-authored-by: Jason Hall <jasonhall@redhat.com>
2022-03-31 15:10:23 -04:00
2a8c565dd5
Bump github.com/aws/aws-sdk-go from 1.43.17 to 1.43.26 ( #2018 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.43.17 to 1.43.26.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.17...v1.43.26 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-28 10:07:34 -04:00
0d676d52c4
Bump github.com/containerd/containerd from 1.6.1 to 1.6.2 ( #2017 )
...
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd ) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/containerd/containerd/releases )
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md )
- [Commits](https://github.com/containerd/containerd/compare/v1.6.1...v1.6.2 )
---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-28 10:07:14 -04:00
1f2b5fb312
Bump github.com/docker/docker ( #2016 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 20.10.13+incompatible to 20.10.14+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md )
- [Commits](https://github.com/docker/docker/compare/v20.10.13...v20.10.14 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-28 10:06:50 -04:00
b6d18cc150
README.md: Update docs on building for AWS ECR ( #2020 )
...
- Kaniko v.1.8.0 does not require additional cred helper logic for ECR,
as it discovers ECR repositories automatically and acts accordingly.
Thus removed from the documentation.
- Add details on using IAM role based authentication for pushing to ECR.
Fixes https://github.com/GoogleContainerTools/kaniko/issues/780
Fixes https://github.com/GoogleContainerTools/kaniko/issues/1455
Signed-off-by: Jasper Orschulko <Jasper.Orschulko@iris-sensing.com>
2022-03-28 09:49:38 -04:00
7b161105a5
Move and fix GetContainerRuntime check from bpfd proc ( #1996 )
...
* Moved genuinetools/bpfd proc
* Removed unused code from util/proc, added genuinetools/bpfd proc test, fixed naming
* refactor: adjust bpfd container runtime detection
* Moved util/proc.go to util/proc/proc.go, added boilerplate
Co-authored-by: ejose19 <8742215+ejose19@users.noreply.github.com>
2022-03-23 11:09:01 -04:00
cf5ca26aa4
Fix minor glitch in the SVG logos ( #2004 )
2022-03-21 12:31:41 -04:00
31445e5114
Add SVG logos ( #2002 )
2022-03-21 11:30:48 -04:00
8651c0604a
Bump github/codeql-action from 1.1.3 to 1.1.5 ( #2000 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.3 to 1.1.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](75f07e7ab2...8834766498
2022-03-21 09:32:16 -04:00
783979948d
Fix - Incomplete regular expression for hostnames ( #1993 )
...
Fixed the codeql issue
```
Sanitizing untrusted URLs is an important technique for preventing attacks such as request forgeries and malicious redirections. Often, this is done by checking that the host of a URL is in a set of allowed hosts.
If a regular expression implements such a check, it is easy to accidentally make the check too permissive by not escaping regular-expression meta-characters such as ..
Even if the check is not used in a security-critical context, the incomplete check may still cause undesirable behavior when it accidentally succeeds.
```
2022-03-16 00:16:04 -04:00
34b2c347c9
Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 ( #1985 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-13 23:27:23 -04:00
07b052eb90
Bump github.com/aws/aws-sdk-go from 1.43.12 to 1.43.17 ( #1986 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.43.12 to 1.43.17.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.12...v1.43.17 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-13 23:25:31 -04:00
a91d4d6ac6
Bump github.com/spf13/afero from 1.8.1 to 1.8.2 ( #1987 )
...
Bumps [github.com/spf13/afero](https://github.com/spf13/afero ) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/spf13/afero/releases )
- [Commits](https://github.com/spf13/afero/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/spf13/afero
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-13 23:25:03 -04:00
ceb2bdf4c8
Bump github.com/docker/docker ( #1988 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 20.10.12+incompatible to 20.10.13+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md )
- [Commits](https://github.com/docker/docker/compare/v20.10.12...v20.10.13 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-13 23:24:40 -04:00
f38043ff59
Fix image tags in release workflow ( #1977 )
...
Two bugs:
- fix typo in debug release_tag (should be release-tag)
- only tag :latest images as :v1.X.Y; tag non-:latest images as
:v1.X.Y-debug etc.
2022-03-10 15:30:18 -05:00
fce9b7daa4
release v1.8 ( #1972 )
2022-03-08 17:45:57 -08:00
aca3b966a3
Bump actions/setup-go from 2.2.0 to 3 ( #1970 )
...
* Bump actions/setup-go from 2.2.0 to 3
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](bfdd3570ce...f6164bd8c8
2022-03-07 14:14:29 -05:00
Hingbong Lo
dependabot[bot]
Gabriel Nützi
Andreas Fleig
Ishant Mrinal Haloi
Tony De La Nuez
Jason D'Amour
Yonatan Koren
Jason Hall
Jack
zhouhaibing089
Víctor
François JACQUES
ePirat
Chuang Wang
Diego Gonzalez
Jasper Ben Orschulko
Igor Scheller
Sigurd Spieckermann
Naveen