diff --git a/build-kaniko.jenkins b/build-kaniko.jenkins
index 4418477..3467812 100644
--- a/build-kaniko.jenkins
+++ b/build-kaniko.jenkins
@@ -4,9 +4,9 @@ def repository = "registry.c.test-chamber-13.lan"
def repositoryCreds = "harbor-repository-creds"
podTemplate(
- label: label,
- name: "pipeline-worker",
- yaml: """---
+ label: label,
+ name: "pipeline-worker",
+ yaml: """---
apiVersion: v1
kind: Pod
metadata:
@@ -19,56 +19,72 @@ spec:
tty: true
command:
- /busybox/cat
+ - name: alpine
+ imagePullPolicy: Always
+ image: ${repository}/library/alpine:latest
+ tty: true
+ command:
+ - /bin/sh
""",
) {
- node (label) {
- def workspace = pwd()
+ node (label) {
+ def workspace = pwd()
- stage ("Prepare Kaniko") {
- container ("kaniko") {
- withCredentials([usernameColonPassword(
- credentialsId: repositoryCreds,
- variable: "dCreds",
- )]) {
- def dockerJSON = """{
- "auths": {
- "${repository}": {
- "auth": "${dcreds.bytes.encodeBase64().toString()}"
- }
- }
- }"""
- sh """
- set +x
- echo '${dockerJSON}' > /kaniko/.docker/config.json
- printf '%s\\n' "-----BEGIN CERTIFICATE-----" \\
- "MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\
- "JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\
- "DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\
- "TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\
- "ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\
- "ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\
- "XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\
- "Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\
- "BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\
- "HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\
- "xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\
- "UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\
- "-----END CERTIFICATE-----" >> /kaniko/ssl/certs/ca-certificates.crt
- """
- }
- }
- }
+ stage ("Get CoSign") {
+ container ("alpine") {
+ sh """
+ apk add --no-cache curl jq
+ curl --silent --location "\$(curl --silent "https://api.github.com/repos/sigstore/cosign/releases/latest" | jq -r '.assets[0].browser_download_url')" -output "${workspace}/cosign"
+ chmod +x "${workspace}/cosign"
+ """
+ }
+ }
- stage("Build Alpine with CA") {
- container("kaniko") {
- def DF = """FROM gcr.io/kaniko-project/executor:debug
+ stage ("Prepare Kaniko") {
+ container ("kaniko") {
+ withCredentials([usernameColonPassword(
+ credentialsId: repositoryCreds,
+ variable: "dCreds",
+ )]) {
+ def dockerJSON = """{
+ "auths": {
+ "${repository}": {
+ "auth": "${dcreds.bytes.encodeBase64().toString()}"
+ }
+ }
+ }"""
+ sh """
+ set +x
+ echo '${dockerJSON}' > /kaniko/.docker/config.json
+ printf '%s\\n' "-----BEGIN CERTIFICATE-----" \\
+ "MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\
+ "JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\
+ "DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\
+ "TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\
+ "ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\
+ "ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\
+ "XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\
+ "Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\
+ "BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\
+ "HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\
+ "xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\
+ "UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\
+ "-----END CERTIFICATE-----" >> /kaniko/ssl/certs/ca-certificates.crt
+ """
+ }
+ }
+ }
+ stage("Build Alpine with CA") {
+ container("kaniko") {
+ def DF = """FROM gcr.io/kaniko-project/executor:debug
+COPY ./cosign /busybox/cosign
COPY kaniko-chain.crt /kaniko/ssl/certs/ca-certificates.crt
"""
- sh "cp /kaniko/ssl/certs/ca-certificates.crt \"${workspace}/kaniko-chain.crt\""
- writeFile(file: workspace + "/Dockerfile", text: DF)
- sh "/kaniko/executor --cleanup --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/library/kaniko:latest\""
- }
- }
- }
+ sh "cp /kaniko/ssl/certs/ca-certificates.crt \"${workspace}/kaniko-chain.crt\""
+ writeFile(file: workspace + "/Dockerfile", text: DF)
+ sh "/kaniko/executor --cleanup --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/library/kaniko:latest\" --single-snapshot"
+ }
+ }
+ }
}
\ No newline at end of file