Build & Push Docker Containers within a Pipeline: GCR

Build and push Docker containers to a Google Container Registry using Kaniko

To build and push containers with Sail CI you can use Kaniko as a task within your pipeline.

What is Kaniko?

Kaniko is a tool to build and push container images from a Dockerfile. It does not depend on the Docker daemon and executes each command within a Dockerfile entirely in userspace.

Find more information at:
https://github.com/GoogleContainerTools/kaniko

Google Container Registry

tasks:
  build-push:
    image: gcr.io/kaniko-project/executor
    args:
      - --context
      - $(GIT_CLONE_DIR)
      - --destination
      - eu.gcr.io/project-id/demo:$(GIT_SHORT_SHA)
    mounts:
      - /secret/kaniko-secret.json: CI_KEY
    env:
      - GOOGLE_APPLICATION_CREDENTIALS: /secret/kaniko-secret.json

We first mount the Google Cloud credentials json saved as an environment variable (using CI_KEY as the key) using https://app.sail.ci. It is mounted to the filesystem at the location /secret/kaniko-secret.json. We then tell Kaniko to set the GOOGLE_APPLICATION_CREDENTIALS variable and point it to the mounted file that contains the credentials.

See https://sail.ci/docs/environment-variables for more information using environment variables.

See https://sail.ci/docs/mounts for more information on mounts.

The "build-push" task uses the official Kaniko image from Google to then specify a context to build the Docker image (in this example the Dockerfile is at the root of the project). A --destination argument provides Kaniko with the registry to push the image once built.

For authentication, the GOOGLE_APPLICATION_CREDENTIALS  environment variable maps to the location of the secret file that was written to the workspace by the previous "auth" task.