- Update Kaniko configuration and document environment variables ()

This PR closes  - Revised the Kaniko build setup to include a container image, updated mandatory and optional environment variables, and provided examples for fine-tuning options. Expanded the README with a detailed table explaining each variable's purpose and requirements.

Reviewed-on: 
Co-authored-by: Guillaume B.B. Van Hemmen <GuillaumeHemmen@noreply.git.van-hemmen.com>
Co-committed-by: Guillaume B.B. Van Hemmen <GuillaumeHemmen@noreply.git.van-hemmen.com>
This commit is contained in:
Guillaume "B.B." Van Hemmen 2025-05-19 10:18:03 +00:00 committed by Guillaume "B.B." Van Hemmen
parent ddad91c367
commit 9395bf30a3

View file

@ -40,15 +40,42 @@ on:
jobs:
build:
runs-on: docker
container:
image: git.van-hemmen.com/actions/kaniko:latest
steps:
- name: Build & push with Kaniko
uses: actions/kaniko@v1
env:
# ✍️ Fill these placeholders
REGISTRY: ghcr.io
IMAGE_NAME: myorg/myapp
IMAGE_TAG: ${{ github.sha }}
# Optional authentication variables...
# REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
# REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
# --- mandatory --------------------------------------------------------
KANIKO_CONTEXT: git://git.van-hemmen.com/actions/kaniko.git
GITHUB_REF_NAME: ${{ github.ref_name }}
GIT_USERNAME: ${{ secrets.GIT_USERNAME }}
GIT_PASSWORD: ${{ secrets.GIT_PASSWORD }}
# --- optional (only needed when you plan to push) ---------------------
REGISTRY_HOST: ghcr.io
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASS: ${{ secrets.REGISTRY_PASS }}
KANIKO_DESTINATION: ghcr.io/myorg/myapp:${{ github.sha }}
# --- fine-tuning ------------------------------------------------------
KANIKO_DOCKERFILE: ./Dockerfile
KANIKO_VERBOSITY: info
```
## Environment variables
| Variable | Required | Purpose | Example value |
|----------|----------|---------|----------------------------------------------------------------|
| `KANIKO_CONTEXT` | **Yes** | Build context (`git://`). | `git://git.van-hemmen.com/actions/kaniko.git` |
| `GITHUB_REF_NAME` | **Yes** | Branch or tag that is being built. | `${{ github.ref_name }}` |
| `GIT_USERNAME` | **Yes** | Username with access to `KANIKO_CONTEXT` when it is private. | `${{ secrets.GIT_USERNAME }}` |
| `GIT_PASSWORD` | **Yes** | Token/password paired with `GIT_USERNAME`. | `${{ secrets.GIT_PASSWORD }}` |
| `REGISTRY_HOST` | No (default `git.van-hemmen.com`) | Target registry hostname. | `ghcr.io` |
| `REGISTRY_USER` | No* | Registry username. Enables push only if **both** `REGISTRY_USER` and `REGISTRY_PASS` are set. | `${{ secrets.REGISTRY_USER }}` |
| `REGISTRY_PASS` | No* | Registry password/token. | `${{ secrets.REGISTRY_PASS }}` |
| `KANIKO_DESTINATION` | No | Comma-separated list of image references to push (variables like `${{ github.sha }}` are expanded). | `ghcr.io/myorg/app:${{ github.sha }},ghcr.io/myorg/app:latest` |
| `KANIKO_DOCKERFILE` | No (default `./Dockerfile`) | Path to the Dockerfile relative to the context. | `./docker/Dockerfile.alpine` |
| `KANIKO_VERBOSITY` | No (default `info`) | Log level (`trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic`). | `debug` |
\* `REGISTRY_USER` / `REGISTRY_PASS` are only needed when the registry requires authentication.