Skip to content

Build container image using Kaniko in GitHub Actions

License

Notifications You must be signed in to change notification settings

int128/kaniko-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

kaniko-action ts

This is an action to build and push a contaier image using Kaniko in GitHub Actions. It is just a wrapper of Kaniko executor, that is,

docker run --rm gcr.io/kaniko-project/executor:v1.23.2

This action is compatible with the Docker's official actions such as docker/login-action or docker/metadata-action.

Getting Started

To build and push a container image to GitHub Container Registry (GHCR),

jobs:
  build:
    steps:
      - uses: actions/checkout@v3
      - uses: docker/metadata-action@v3
        id: metadata
        with:
          images: ghcr.io/${{ github.repository }}
      - uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: int128/kaniko-action@v1
        with:
          push: true
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache: true
          cache-repository: ghcr.io/${{ github.repository }}/cache

To build and push a container image to Amazon ECR,

jobs:
  build:
    steps:
      - uses: actions/checkout@v3
      - uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: arn:aws:iam::ACCOUNT:role/ROLE
      - uses: aws-actions/amazon-ecr-login@v1
        id: ecr
      - uses: docker/metadata-action@v4
        id: metadata
        with:
          images: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}
      - uses: int128/kaniko-action@v1
        with:
          push: true
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache: true
          cache-repository: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}/cache

Specification

This action runs the image of Kaniko executor using docker run command. It mounts ~/.docker/config.json to the Kaniko executor for authentication of remote registry.

Inputs

This action supports the below inputs. See also the flags of Kaniko executor.

Name Description Corresponding flag
executor Image of Kaniko executor. Default to gcr.io/kaniko-project/executor:v1.23.2 -
context *1 Path to the build context. Default to the workspace -
file *1 Path to the Dockerfile. Default to Dockerfile. It must be in the context. If set, this action passes the relative path to Kaniko, same as the behavior of docker build --dockerfile
build-args *1 List of build args (multiline) --build-arg
labels *1 List of metadata for an image (multiline) --label
push *1 Push an image to the registry. Default to false --no-push
tags *1 List of tags (multiline) --destination
target *1 Target stage to build --target
cache Enable caching layers --cache
cache-repository Repository for storing cached layers --cache-repo
cache-ttl Cache timeout --cache-ttl
push-retry Number of retries for the push of an image --push-retry
registry-mirror Use registry mirror(s) (multiline) --registry-mirror
verbosity Set the logging level --verbosity
kaniko-args Extra args to Kaniko executor (multiline) -
docker-run-args Extra args to docker run (multiline) -

*1 These inputs are compatible with docker/build-push-action.

Outputs

Name Description
digest Image digest such as sha256:abcdef...

Examples

Cache layers

Kaniko supports the layer caching with a remote repository such as GHCR or Amazon ECR. See https://github.com/GoogleContainerTools/kaniko#caching for details.

To enable the layer caching, set a cache repository.

- uses: int128/kaniko-action@v1
  with:
    cache: true
    cache-repository: ghcr.io/${{ github.repository }}/cache

Build a multi-architecture image

We can build a multi-architecture image such as amd64 and arm64 on self-hosted runners in GitHub Actions. See also https://github.com/int128/docker-manifest-create-action.

Here is an example stack to build an arm64 image.

Use an image digest

You can construct an image URI from outputs. For example,

ghcr.io/${{ github.repository }}@${{ steps.build.outputs.digest }}

will be:

ghcr.io/int128/kaniko-action@sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

Here is an example workflow to build and deploy an application.

jobs:
  deploy:
    steps:
      - uses: actions/checkout@v3
      - uses: aws-actions/amazon-ecr-login@v1
        id: ecr
      - uses: docker/metadata-action@v4
        id: metadata
        with:
          images: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}
      - uses: int128/kaniko-action@v1
        id: build
        with:
          push: true
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache: true
          cache-repository: ${{ steps.ecr.outputs.registry }}/${{ github.repository }}/cache
      - run: kustomize edit set image myapp=${{ steps.ecr.outputs.registry }}/${{ github.repository }}@${{ steps.build.outputs.digest }}
      - run: kustomize build | kubectl apply -f -

Pass extra args to Kaniko executor

You can pass extra arguments to Kaniko executor in a multiline string.

- uses: int128/kaniko-action@v1
  with:
    kaniko-args: |
      --key=value
      --key

Pass extra args to docker run

You can pass extra arguments to docker run command in a multiline string.

- uses: int128/kaniko-action@v1
  with:
    docker-run-args: |
      -v
      /secrets:/secrets:ro