From e482b8618f902ac6a2ddd73c6ee5dbdad4d93018 Mon Sep 17 00:00:00 2001 From: zhangtbj Date: Sat, 13 Mar 2021 18:42:24 +0800 Subject: [PATCH] Change to use new base images for git and pullrequest images --- .ko.yaml | 7 +++---- images/Dockerfile | 7 ------- tekton/build-push-ma-base-image.yaml | 8 -------- tekton/publish.yaml | 4 ++-- 4 files changed, 5 insertions(+), 21 deletions(-) delete mode 100644 images/Dockerfile diff --git a/.ko.yaml b/.ko.yaml index 231d37aff40..01bb0f127ed 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -1,8 +1,7 @@ defaultBaseImage: gcr.io/distroless/static:nonroot baseImageOverrides: # git-init uses a base image that supports running either as root or as user nonroot with UID 65532. - github.com/tektoncd/pipeline/cmd/git-init: gcr.io/tekton-nightly/github.com/tektoncd/pipeline/build-base:latest + github.com/tektoncd/pipeline/cmd/git-init: gcr.io/tekton-nightly/github.com/tektoncd/pipeline/git-init-build-base:latest - # PullRequest resource needs root because in output mode it needs to access pr.json - # which might have been copied or written with any level of permissions. - github.com/tektoncd/pipeline/cmd/pullrequest-init: gcr.io/distroless/static:latest + # PullRequest resource uses a distroless base image that supports running either as root or as user nonroot with UID 65532. + github.com/tektoncd/pipeline/cmd/pullrequest-init: gcr.io/tekton-nightly/github.com/tektoncd/pipeline/pullrequest-init-build-base:latest diff --git a/images/Dockerfile b/images/Dockerfile deleted file mode 100644 index bff6a398cab..00000000000 --- a/images/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM alpine:3.11 - -RUN addgroup -S -g 65532 nonroot && adduser -S -u 65532 nonroot -G nonroot - -RUN apk add --update git git-lfs openssh-client \ - && apk update \ - && apk upgrade diff --git a/tekton/build-push-ma-base-image.yaml b/tekton/build-push-ma-base-image.yaml index a95e1a08163..2878c43e801 100644 --- a/tekton/build-push-ma-base-image.yaml +++ b/tekton/build-push-ma-base-image.yaml @@ -58,14 +58,6 @@ spec: #check the state docker buildx inspect --bootstrap --builder builder-buildx1 - #build multi-arch original build-base image - docker buildx build \ - --platform $(params.platforms) \ - --tag $(params.imageRegistry)/$(params.imageRegistryPath)/$(params.package)/build-base \ - --push \ - --no-cache \ - $(workspaces.source.path)/images - #build multi-arch git-init build-base image docker buildx build \ --platform $(params.platforms) \ diff --git a/tekton/publish.yaml b/tekton/publish.yaml index 7944e6e4d04..eae26c46fd8 100644 --- a/tekton/publish.yaml +++ b/tekton/publish.yaml @@ -64,11 +64,11 @@ spec: # This matches the value configured in .ko.yaml defaultBaseImage: gcr.io/distroless/static:nonroot baseImageOverrides: - $(params.package)/cmd/git-init: ${CONTAINER_REGISTRY}/$(params.package)/build-base:latest + $(params.package)/cmd/git-init: ${CONTAINER_REGISTRY}/$(params.package)/git-init-build-base:latest # These match values configured in .ko.yaml $(params.package)/cmd/entrypoint: gcr.io/distroless/base:debug-nonroot - $(params.package)/cmd/pullrequest-init: gcr.io/distroless/static:latest + $(params.package)/cmd/pullrequest-init: ${CONTAINER_REGISTRY}/$(params.package)/pullrequest-init-build-base:latest EOF cat ${PROJECT_ROOT}/.ko.yaml