To build and push containers with Sail CI you can use Kaniko as a task within your pipeline.
Kaniko is a tool to build and push container images from a Dockerfile. It does not depend on the Docker daemon and executes each command within a Dockerfile entirely in userspace.
Find more information at:
- /secret/kaniko-secret.json: CI_KEY
- GOOGLE_APPLICATION_CREDENTIALS: /secret/kaniko-secret.json
We first mount the Google Cloud credentials json saved as an environment variable (using CI_KEY as the key) using https://app.sail.ci. It is mounted to the filesystem at the location /secret/kaniko-secret.json. We then tell Kaniko to set the GOOGLE_APPLICATION_CREDENTIALS variable and point it to the mounted file that contains the credentials.
See https://sail.ci/docs/environment-variables for more information using environment variables.
See https://sail.ci/docs/mounts for more information on mounts.
The "build-push" task uses the official Kaniko image from Google to then specify a context to build the Docker image (in this example the Dockerfile is at the root of the project). A --destination argument provides Kaniko with the registry to push the image once built.
For authentication, the
GOOGLE_APPLICATION_CREDENTIALS environment variable maps to the location of the secret file that was written to the workspace by the previous "auth" task.