GitHub Action
kaniko-action
This is an action to build and push a contaier image using Kaniko in GitHub Actions. It is just a wrapper of Kaniko executor, that is,
docker run --rm gcr.io/kaniko-project/executor:v1.23.2
This action is compatible with the Docker's official actions such as docker/login-action or docker/metadata-action.
To build and push a container image to GitHub Container Registry (GHCR),
jobs:
build:
steps:
- uses: actions/checkout@v3
- uses: docker/metadata-action@v3
id: metadata
with:
images: ghcr.io/${{ github.repository }}
- uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: int128/kaniko-action@v1
with:
push: true
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
cache: true
cache-repository: ghcr.io/${{ github.repository }}/cache
To build and push a container image to Amazon ECR,
jobs:
build:
steps:
- uses: actions/checkout@v3
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::ACCOUNT:role/ROLE
- uses: aws-actions/amazon-ecr-login@v1
id: ecr
- uses: docker/metadata-action@v4
id: metadata
with:
images: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}
- uses: int128/kaniko-action@v1
with:
push: true
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
cache: true
cache-repository: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}/cache
This action runs the image of Kaniko executor using docker run
command.
It mounts ~/.docker/config.json
to the Kaniko executor for authentication of remote registry.
This action supports the below inputs. See also the flags of Kaniko executor.
Name | Description | Corresponding flag |
---|---|---|
executor |
Image of Kaniko executor. Default to gcr.io/kaniko-project/executor:v1.23.2 |
- |
context *1 |
Path to the build context. Default to the workspace | - |
file *1 |
Path to the Dockerfile. Default to Dockerfile . It must be in the context. If set, this action passes the relative path to Kaniko, same as the behavior of docker build |
--dockerfile |
build-args *1 |
List of build args (multiline) | --build-arg |
labels *1 |
List of metadata for an image (multiline) | --label |
push *1 |
Push an image to the registry. Default to false | --no-push |
tags *1 |
List of tags (multiline) | --destination |
target *1 |
Target stage to build | --target |
cache |
Enable caching layers | --cache |
cache-repository |
Repository for storing cached layers | --cache-repo |
cache-ttl |
Cache timeout | --cache-ttl |
push-retry |
Number of retries for the push of an image | --push-retry |
registry-mirror |
Use registry mirror(s) (multiline) | --registry-mirror |
verbosity |
Set the logging level | --verbosity |
kaniko-args |
Extra args to Kaniko executor (multiline) | - |
docker-run-args |
Extra args to docker run (multiline) | - |
*1 These inputs are compatible with docker/build-push-action.
Name | Description |
---|---|
digest |
Image digest such as sha256:abcdef... |
Kaniko supports the layer caching with a remote repository such as GHCR or Amazon ECR. See https://github.com/GoogleContainerTools/kaniko#caching for details.
To enable the layer caching, set a cache repository.
- uses: int128/kaniko-action@v1
with:
cache: true
cache-repository: ghcr.io/${{ github.repository }}/cache
We can build a multi-architecture image such as amd64
and arm64
on self-hosted runners in GitHub Actions.
See also https://github.com/int128/docker-manifest-create-action.
Here is an example stack to build an arm64
image.
- Provision an Amazon EKS cluster
- Deploy aws/karpenter
- Deploy actions/actions-runner-controller
- Run int128/kaniko-action on AWS Graviton 2 (ARM) nodes
You can construct an image URI from outputs. For example,
ghcr.io/${{ github.repository }}@${{ steps.build.outputs.digest }}
will be:
ghcr.io/int128/kaniko-action@sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
Here is an example workflow to build and deploy an application.
jobs:
deploy:
steps:
- uses: actions/checkout@v3
- uses: aws-actions/amazon-ecr-login@v1
id: ecr
- uses: docker/metadata-action@v4
id: metadata
with:
images: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}
- uses: int128/kaniko-action@v1
id: build
with:
push: true
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
cache: true
cache-repository: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}/cache
- run: kustomize edit set image myapp=${{ steps.ecr.outputs.registry }}/${{ github.repository }}@${{ steps.build.outputs.digest }}
- run: kustomize build | kubectl apply -f -
You can pass extra arguments to Kaniko executor in a multiline string.
- uses: int128/kaniko-action@v1
with:
kaniko-args: |
--key=value
--key
You can pass extra arguments to docker run
command in a multiline string.
- uses: int128/kaniko-action@v1
with:
docker-run-args: |
-v
/secrets:/secrets:ro