apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: buildkit-daemonless
  labels:
    app.kubernetes.io/version: "0.1"
  annotations:
    tekton.dev/pipelines.minVersion: "0.12.1"
    tekton.dev/categories: Image Build
    tekton.dev/tags: image-build
    tekton.dev/displayName: "buildkit daemonless"
    tekton.dev/platforms: "linux/amd64"
    tekton.dev/deprecated: "true"
spec:
  description: >-
    This Task builds source into a container image using Moby BuildKit.

    This buildkit-daemonless Task is similar to buildkit but does not need
    creating Secret, Deployment, and Service resources for setting up the
    buildkitd daemon cluster.

  params:
  - name: DOCKERFILE
    description: The name of the Dockerfile
    default: "Dockerfile"
  - name: BUILDKIT_IMAGE
    description: The name of the BuildKit image
    # The image needs to be rootful because Tekton creates /builder/home/.docker/config.json owned by root:root with 0600
    # https://github.com/tektoncd/pipeline/issues/852
    default: "docker.io/moby/buildkit:v0.6.2@sha256:db234cf7362aef489e4273a6937794cb19c09ba15c7ee0ec6f85044086ea4f6a"
  workspaces:
  - name: source
  resources:
    outputs:
    - name: image
      type: image
  steps:
  - name: build-and-push
    image: $(params.BUILDKIT_IMAGE)
    workingDir: $(workspaces.source.path)
    securityContext:
      privileged: true
    command: ["buildctl-daemonless.sh", "--debug",
              "build",
              "--progress=plain",
              "--frontend=dockerfile.v0",
              "--opt", "filename=$(params.DOCKERFILE)",
              "--local", "context=.", "--local", "dockerfile=.",
              "--output", "type=image,name=$(resources.outputs.image.url),push=true",
              "--export-cache", "type=inline",
              "--import-cache", "type=registry,ref=$(resources.outputs.image.url)"]