github.com/jaylevin/jenkins-library@v1.230.4/resources/metadata/kanikoExecute.yaml

metadata:
  name: kanikoExecute
  description: Executes a [Kaniko](https://github.com/GoogleContainerTools/kaniko) build for creating a Docker container.
  longDescription: |
    Executes a [Kaniko](https://github.com/GoogleContainerTools/kaniko) build for creating a Docker container.

    ### Building multiple container images

    The step allows you to build multiple container images with one run.
    This is suitable in case you need to create multiple images for one microservice, e.g. for testing.

    All images will get the same "root" name and the same versioning.<br />
    **Thus, this is not suitable to be used for a monorepo approach!** For monorepos you need to use a build tool natively capable to take care for monorepos
    or implement a custom logic and for example execute this `kanikoExecute` step multiple times in your custom pipeline.

    You can activate multiple builds using the parameter [containerMultiImageBuild](#containermultiimagebuild)

    Behavior can be adapted using:

    * [containerMultiImageBuildExcludes](#containermultiimagebuildexcludes) for defining excludes
    * [containerMultiImageBuildTrimDir](#containermultiimagebuildtrimdir) for removing parent directory part from image name

    Examples:

    #### Multiple containers in sub directories

    Configuration as follows:

    ```
    general:
      containerImageName: myImage
    steps:
      kanikoExecute:
        containerMultiImageBuild: true
    ```

    Following Dockerfiles are available in the repository:

    * sub1/Dockerfile
    * sub2/Dockerfile

    Following final image names will be built:

    * `myImage-sub1`
    * `myImage-sub2`

    #### Multiple containers in sub directories while trimming a directory part

    Configuration as follows:

    ```
    general:
      containerImageName: myImage
    steps:
      kanikoExecute:
        containerMultiImageBuild: true
        containerMultiImageBuildTrimDir: .ci
    ```

    Following Dockerfiles are available in the repository:

    * .ci/sub1/Dockerfile
    * .ci/sub2/Dockerfile

    Following final image names will be built:

    * `myImage-sub1`
    * `myImage-sub2`

spec:
  inputs:
    secrets:
      - name: dockerConfigJsonCredentialsId
        description: Jenkins 'Secret file' credentials ID containing Docker config.json (with registry credential(s)). You can create it like explained in the [protocodeExecuteScan Prerequisites section](https://www.project-piper.io/steps/protecodeExecuteScan/#prerequisites).
        type: jenkins
    params:
      - name: buildOptions
        type: "[]string"
        description: Defines a list of build options for the [kaniko](https://github.com/GoogleContainerTools/kaniko) build.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default:
          - --skip-tls-verify-pull
          # fixing Kaniko issue https://github.com/GoogleContainerTools/kaniko/issues/1586
          # as per comment https://github.com/GoogleContainerTools/kaniko/issues/1586#issuecomment-945718536
          - --ignore-path=/workspace
          - --ignore-path=/busybox
      - name: buildSettingsInfo
        type: string
        description: Build settings info is typically filled by the step automatically to create information about the build settings that were used during the mta build. This information is typically used for compliance related processes.
        scope:
          - STEPS
          - STAGES
          - PARAMETERS
        resourceRef:
          - name: commonPipelineEnvironment
            param: custom/buildSettingsInfo
      - name: containerBuildOptions
        type: string
        description: Deprected, please use buildOptions. Defines the build options for the [kaniko](https://github.com/GoogleContainerTools/kaniko) build.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: containerImage
        aliases:
          - name: containerImageNameAndTag
            deprecated: true
        type: string
        description: Defines the full name of the Docker image to be created including registry, image name and tag like `my.docker.registry/path/myImageName:myTag`. If left empty, image will not be pushed.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: containerImageName
        aliases:
          - name: dockerImageName
        type: string
        description: Name of the container which will be built - will be used instead of parameter `containerImage`
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
      - name: containerImageTag
        aliases:
          - name: artifactVersion
        type: string
        description: Tag of the container which will be built - will be used instead of parameter `containerImage`
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        resourceRef:
          - name: commonPipelineEnvironment
            param: artifactVersion
      - name: containerMultiImageBuild
        type: bool
        description: Defines if multiple containers should be build. Dockerfiles are used using the pattern **/Dockerfile*. Excludes can be defined via [`containerMultiImageBuildExcludes`](#containermultiimagebuildexscludes).
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
      - name: containerMultiImageBuildExcludes
        type: '[]string'
        description: Defines a list of Dockerfile paths to exclude from the build when using [`containerMultiImageBuild`](#containermultiimagebuild).
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
      - name: containerMultiImageBuildTrimDir
        type: 'string'
        description: Defines a trailing directory part which should not be considered in the final image name.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: containerPreparationCommand
        type: string
        description: Defines the command to prepare the Kaniko container. By default the contained credentials are removed in order to allow anonymous access to container registries.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default: rm -f /kaniko/.docker/config.json
      - name: containerRegistryUrl
        aliases:
          - name: dockerRegistryUrl
        type: string
        description: http(s) url of the Container registry where the image should be pushed to - will be used instead of parameter `containerImage`
        scope:
          - GENERAL
          - PARAMETERS
          - STAGES
          - STEPS
        resourceRef:
          - name: commonPipelineEnvironment
            param: container/registryUrl
      - name: customTlsCertificateLinks
        type: "[]string"
        description: List containing download links of custom TLS certificates. This is required to ensure trusted connections to registries with custom certificates.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
      - name: dockerConfigJSON
        type: string
        description: Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        secret: true
        resourceRef:
          - name: commonPipelineEnvironment
            param: custom/dockerConfigJSON
          - name: dockerConfigJsonCredentialsId
            type: secret
          - type: vaultSecretFile
            name: dockerConfigFileVaultSecretName
            default: docker-config
      - name: dockerfilePath
        aliases:
          - name: dockerfile
        type: string
        description: Defines the location of the Dockerfile relative to the Jenkins workspace.
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default: Dockerfile
      - name: targetArchitectures
        type: "[]string"
        description: Defines the target architectures for which the build should run using OS and architecture separated by a comma. (EXPERIMENTAL)
        default: []
        scope:
          - GENERAL
          - STEPS
          - STAGES
          - PARAMETERS
      - name: readImageDigest
        type: bool
        default: false
        scope:
          - STEPS
          - STAGES
          - PARAMETERS
  outputs:
    resources:
      - name: commonPipelineEnvironment
        type: piperEnvironment
        params:
          - name: container/registryUrl
          - name: container/imageNameTag
          - name: container/imageDigest
          - name: container/imageNames
            type: "[]string"
          - name: container/imageNameTags
            type: "[]string"
          - name: container/imageDigests
            type: "[]string"
          - name: custom/buildSettingsInfo
  containers:
    - image: gcr.io/kaniko-project/executor:debug
      command:
        - /busybox/tail -f /dev/null
      shell: /busybox/sh
      options:
        - name: -u
          value: "0"
        - name: --entrypoint
          value: ""
      env:
        - name: container
          value: docker