On my machine this makes image rebuilds go from ~5m to 1.5s.
This also required setting DOCKER_BUILDKIT=1 in integration test image
builds.
I also took the opportunity to bump the Go version used in those tests
to Go 1.17 to match the image build processes, and tidied up the
workflow files a bit too (renaming for consistency, typos, whitespace,
etc.)
* cleanup: Correctly use buildx TARGETARCH
* undo changes to Go version
* Use golang:1.17 and build from reproducible source
This change updates the Go version used to build kaniko and credential
helpers to Go 1.17, which uses Go modules by default. This means that we
can build outside of $GOPATH, from source fetched from the Go module
proxy.
This change also simplfies our builds of credential helpers to simply
`go install` them at a pinned version, for reproducibility and
simplicity.
This also changes `make images` and `make push` to build and push the
slim executor image as well.
1. add s390x support to docker images `executor`, `executor(slim)`,
`executor(debug)` and `warmer`. Fixes#1462 and #1665.
2. Address the building issue of dependency `docker-credential-gcr`
in Dockerfiles. This issue was introduced when recent commits
in `docker-credential-gcr` removed the Makefile.
Signed-off-by: Kun-Lu <kun.lu@ibm.com>
Co-authored-by: Kun-Lu <kun.lu@ibm.com>
* initial commit
* remove bazel jobs
* fix arch
* more fixes after testing and code review comments
* fix build platform
* add individual cloudbuild.yaml as its taking 45 mins for a cloud build trigger
* add buildx plugin
* add more debugging
* update busybox version to fix CVE-2018-1000500
* fix
* lint + more debug
* fix
* fix
* fix
* remove images from cloudbiuld
* move CI job back to docker
* one more fix
* lets see
* bring it back
* move CI job back to docker
* remove aerg from top
* live restart config
* remove live restore as minikube setup failed
* add --force-systemd
* add --force-systemd and docker driver none
* change the --run flag
* docker info and some logs removed
* fix docker command
* upgrade version for buildx to 0.5.1
* remove docker service from travis.yml and add systemd cgroup config
* move the docker config up
* move them back to docker build
* fix
* fix all dockerfiles
* fix warmer
* fix
* rm bazel jobs
* add more logs
* fix debug
Co-authored-by: ankitm123 <ankitmohapatra123@gmail.com>
During image build we extract archives as root which is
capable to preserve owner and group.
With option `--no-same-owner` we drop all the user and
group information, defaults to current user (root).
To avoid future issues: add option above to all tar
execution.
Fixes#1303
Signed-off-by: Alex Szakaly <alex.szakaly@gmail.com>
This directory was implicitly removed with commit
8a020010b7 and breaks several peoples
builds as some examples and documentation expect the directory to exist.
Kaniko by default used to configure the GCR credential helper however
this caused Kaniko to fail when trying to use a base image from a public
GCR image. This patch makes it possible to use public GCR images as base
image when using docker even when you're not authenticated to GCR.
Co-authored-by: Nate Williams <nate.williams@files.com>
* Upgrade go.mod file
* Upgrade travis file
* Run rm -rf vendor && go mod tidy && go mod vendor to upgrade vendor/modules.txt according to golang 1.14
* Upgrade golangci-lint version
I needed this for my arm64 k8s cluster. I have zero Go experience but
enough experience with other things to fix the rebase (I think!). This
patch is working fine on my cluster.
When using Kaniko with certain build systems, such as GitLab CI, it is necessary to use the 'debug' image and override the entrypoint, so that an arbitrary build script can be executed within the container. Unfortunately, the 'warmer' binary is not available in the 'debug' image, making it impossible to perform a base image cache warmup using such build systems.
This patch addresses this by ensuring that the 'out/warmer' target is made in the initial stage, and that all 'out' files are copied to '/kaniko' in the final stage.
In the debug image, declare /busybox as a volume so that it is automatically whitelisted, because we don't want to delete it when building multi-stages images.
FYI this is required when using Jenkins, because we need to use the debug kaniko image to be able to start the container "doing nothing" (with /busybox/cat) before building (by executing /kaniko/executor directly inside the container)
See https://issues.jenkins-ci.org/browse/JENKINS-52576
Jason Hall
Tejal Desai
Anbraten
Sascha Schwarze
ankitm123
Chris Mellard
Alex Szakaly
Tejal Desai
Thomas Strömberg
yw-liu
Chris Sng
Daniel Marks
Sam Stoelinga
Ben Einaudi
Carlos Sanchez
Anthony Davies
slmagus
Thao-Nguyen Do
Warren Seymour
dlorenc
Vincent Behar