fix

share/gitea-tekton-org/tekton.dev_v1beta1_Task_docker-build.yaml

@@ -0,0 +1,113 @@
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: docker-build
+  labels:
+    app.kubernetes.io/version: "0.1"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.12.1"
+    tekton.dev/categories: Image Build
+    tekton.dev/tags: docker, build-image, push-image, dind
+    tekton.dev/displayName: docker-build
+    tekton.dev/platforms: "linux/amd64"
+spec:
+  description: >-
+    This task will build and push an image using docker.
+    The task will build an out image out of a Dockerfile.
+    This image will be pushed to an image registry.
+    The image will be built and pushed using a dind sidecar over TCP+TLS.
+  params:
+  - name: image
+    description: Reference of the image docker will produce.
+  - name: builder_image
+    description: The location of the docker builder image.
+    default: docker.io/library/docker:stable@sha256:18ff92d3d31725b53fa6633d60bed323effb6d5d4588be7b547078d384e0d4bf #tag: stable
+  - name: dind_image
+    description: The location of the docker-in-docker image.
+    default: docker:dind
+  - name: dockerfile
+    description: Path to the Dockerfile to build.
+    default: ./Dockerfile
+  - name: context
+    description: Path to the directory to use as context.
+    default: .
+  - name: build_extra_args
+    description: Extra parameters passed for the build command when building images.
+    default: ""
+  - name: push_extra_args
+    description: Extra parameters passed for the push command when pushing images.
+    default: ""
+  - name: insecure_registry
+    description: Allows the user to push to an insecure registry that has been specified
+    default: ""
+  workspaces:
+  - name: source
+  results:
+  - name: IMAGE_DIGEST
+    description: Digest of the image just built.
+  steps:
+  - name: docker-build
+    image: $(params.builder_image)
+    env:
+    # Connect to the sidecar over TCP, with TLS.
+    - name: DOCKER_HOST
+      value: tcp://localhost:2376
+    # Verify TLS.
+    - name: DOCKER_TLS_VERIFY
+      value: '1'
+    # Use the certs generated by the sidecar daemon.
+    - name: DOCKER_CERT_PATH
+      value: /certs/client
+    workingDir: $(workspaces.source.path)
+    script: |
+      docker build \
+        $(params.build_extra_args) \
+        --no-cache \
+        -f $(params.dockerfile) -t $(params.image) $(params.context)
+    volumeMounts:
+      - mountPath: /certs/client
+        name: dind-certs
+  - name: docker-push
+    image: $(params.builder_image)
+    env:
+    # Connect to the sidecar over TCP, with TLS.
+    - name: DOCKER_HOST
+      value: tcp://localhost:2376
+    # Verify TLS.
+    - name: DOCKER_TLS_VERIFY
+      value: '1'
+    # Use the certs generated by the sidecar daemon.
+    - name: DOCKER_CERT_PATH
+      value: /certs/client
+    workingDir: $(workspaces.source.path)
+    script: |
+      docker push $(params.push_extra_args) $(params.image)
+    volumeMounts:
+      - mountPath: /certs/client
+        name: dind-certs
+  sidecars:
+  - image: $(params.dind_image)
+    name: server
+    args:
+      - --storage-driver=vfs
+      - --userland-proxy=false
+      - --debug
+      - --insecure-registry=$(params.insecure_registry)
+    securityContext:
+      privileged: true
+    env:
+    # Write generated certs to the path shared with the client.
+    - name: DOCKER_TLS_CERTDIR
+      value: /certs
+    volumeMounts:
+    - mountPath: /certs/client
+      name: dind-certs
+    # Wait for the dind daemon to generate the certs it will share with the
+    # client.
+    readinessProbe:
+      periodSeconds: 1
+      exec:
+        command: ['ls', '/certs/client/ca.pem']
+  volumes:
+  - name: dind-certs
+    emptyDir: {}