Build & Push Docker Containers within a Pipeline: GCR

Build and push Docker containers to a Google Container Registry using Kaniko

To build and push containers with Sail CI you can use Kaniko as a task within your pipeline.

What is Kaniko?

Kaniko is a tool to build and push container images from a Dockerfile. It does not depend on the Docker daemon and executes each command within a Dockerfile entirely in userspace.

Find more information at:

Google Container Registry

      - --context
      - $(GIT_CLONE_DIR)
      - --destination
      - /secret/kaniko-secret.json: CI_KEY
      - GOOGLE_APPLICATION_CREDENTIALS: /secret/kaniko-secret.json

We first mount the Google Cloud credentials json saved as an environment variable (using CI_KEY as the key) using It is mounted to the filesystem at the location /secret/kaniko-secret.json. We then tell Kaniko to set the GOOGLE_APPLICATION_CREDENTIALS variable and point it to the mounted file that contains the credentials.

See for more information using environment variables.

See for more information on mounts.

The "build-push" task uses the official Kaniko image from Google to then specify a context to build the Docker image (in this example the Dockerfile is at the root of the project). A --destination argument provides Kaniko with the registry to push the image once built.

For authentication, the GOOGLE_APPLICATION_CREDENTIALS  environment variable maps to the location of the secret file that was written to the workspace by the previous "auth" task.