forked from tektoncd/catalog
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtask.yaml
51 lines (51 loc) · 1.82 KB
/
task.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: buildkit
spec:
params:
- name: DOCKERFILE
description: The name of the Dockerfile
default: "Dockerfile"
- name: BUILDKIT_CLIENT_IMAGE
description: The name of the BuildKit client (buildctl) image
# The image needs to be rootful because Tekton creates /builder/home/.docker/config.json owned by root:root with 0600
# https://github.com/tektoncd/pipeline/issues/852
default: "moby/buildkit:v0.6.2"
- name: BUILDKIT_DAEMON_ADDRESS
description: The address of the BuildKit daemon (buildkitd) service
default: "tcp://buildkitd:1234"
- name: BUILDKIT_CLIENT_CERTS
description: The name of Secret that contains ca.pem, cert.pem, key.pem for mTLS connection to BuildKit daemon
default: "buildkit-client-certs"
workspaces:
- name: source
resources:
outputs:
- name: image
type: image
volumes:
- name: certs
secret:
secretName: $(params.BUILDKIT_CLIENT_CERTS)
steps:
- name: build-and-push
image: $(params.BUILDKIT_CLIENT_IMAGE)
workingDir: $(workspaces.source.path)
volumeMounts:
- name: certs
readOnly: true
mountPath: /certs
command: ["buildctl", "--debug",
"--addr=$(params.BUILDKIT_DAEMON_ADDRESS)",
"--tlscacert", "/certs/ca.pem",
"--tlscert", "/certs/cert.pem",
"--tlskey", "/certs/key.pem",
"build",
"--progress=plain",
"--frontend=dockerfile.v0",
"--opt", "filename=$(params.DOCKERFILE)",
"--local", "context=.", "--local", "dockerfile=.",
"--output", "type=image,name=$(resources.outputs.image.url),push=true",
"--export-cache", "type=inline",
"--import-cache", "type=registry,ref=$(resources.outputs.image.url)"]