From a74e3698dce7b37da62f2628c8e7c507af917bf2 Mon Sep 17 00:00:00 2001
From: Teake Nutma <t.a.nutma@rug.nl>
Date: Tue, 28 Jun 2022 14:18:06 +0200
Subject: [PATCH] Use vanilla kaniko with --cleanup flag

The --cleanup flag is necessary to build multiple images in one
container. But that flag removes everything that's not in
the vanilla kaniko image.
---
 .gitlab-ci.yml                           | 14 +++++++--
 dockerfiles/docker-builder/Dockerfile    | 10 ------
 dockerfiles/docker-builder/README.rst    | 17 ----------
 dockerfiles/docker-builder/buildimage.sh | 40 ------------------------
 dockerfiles/docker-builder/entrypoint.sh | 18 -----------
 5 files changed, 11 insertions(+), 88 deletions(-)
 delete mode 100644 dockerfiles/docker-builder/Dockerfile
 delete mode 100644 dockerfiles/docker-builder/README.rst
 delete mode 100755 dockerfiles/docker-builder/buildimage.sh
 delete mode 100644 dockerfiles/docker-builder/entrypoint.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 35fd1ef..499b238 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,11 +16,15 @@ include:
 
 build_containers:
   stage: build
-  # Note: the docker-builder image has to be build and pushed manually once to bootstrap this job.
-  image: ${CI_REGISTRY_IMAGE}/docker-builder:master
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
   rules:
     - !reference [.primary_ref_jobs, rules]
     - !reference [.merge_request_jobs, rules]
+  before_script:
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
   script:
     # Find the directories that contain a file named 'Dockerfile', and (re)build the ones
     # that contain changed files.
@@ -33,6 +37,10 @@ build_containers:
           then
               echo "Detected a changed file inside ./${DOCKER_DIR}/. (Re)build the container."
               IMAGE_NAME=$(echo "${DOCKER_DIR}" | sed -r 's|^dockerfiles/||')
-              buildimage "${DOCKER_DIR}" "${IMAGE_NAME}:${CI_COMMIT_REF_SLUG}"
+              /kaniko/executor \
+                --context "${CI_PROJECT_DIR}/${DOCKER_DIR}" \
+                --dockerfile "${CI_PROJECT_DIR}/${DOCKER_DIR}/Dockerfile" \
+                --destination "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${CI_COMMIT_REF_SLUG}" \
+                --cleanup
           fi
       done
diff --git a/dockerfiles/docker-builder/Dockerfile b/dockerfiles/docker-builder/Dockerfile
deleted file mode 100644
index 5fed2fb..0000000
--- a/dockerfiles/docker-builder/Dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-FROM gcr.io/kaniko-project/executor:debug
-
-LABEL description="Convenience wrapper around kaniko for building images in GitLab CI"
-
-RUN mkdir -p /kaniko/.docker
-COPY entrypoint.sh /usr/local/bin/entrypoint
-COPY buildimage.sh /usr/local/bin/buildimage
-
-ENTRYPOINT [ "/bin/sh", "/usr/local/bin/entrypoint" ]
-CMD [ "/bin/sh" ]
diff --git a/dockerfiles/docker-builder/README.rst b/dockerfiles/docker-builder/README.rst
deleted file mode 100644
index 83ac72b..0000000
--- a/dockerfiles/docker-builder/README.rst
+++ /dev/null
@@ -1,17 +0,0 @@
-==============
-docker-builder
-==============
-
-Convenience wrapper around kaniko for building images in GitLab CI.
-
-Usage in GitLab CI:
-
-.. code-block:: yaml
-
-   build_docker_image:
-     image: ${CI_REGISTRY}/omegacen/ci-templates/docker-builder
-     script:
-       - buildimage <dockerfile> [<image_subname>:]<tag>
-
-This will automatically upload the build image to the container registry of
-the project this snippet is used in.
diff --git a/dockerfiles/docker-builder/buildimage.sh b/dockerfiles/docker-builder/buildimage.sh
deleted file mode 100755
index db9c8aa..0000000
--- a/dockerfiles/docker-builder/buildimage.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-
-# Wrapper for building OCI images with Kaniko in GitLab CI. Pushes to
-# $CI_REGISTRY_IMAGE/IMAGE_SUBNAME:TAG or to
-# $CI_REGISTRY_IMAGE:TAG, depending on the second argument.
-# Usage:
-#
-#   buildimage.sh DOCKERFILE_OR_CONTEXT [IMAGE_SUBNAME:]TAG [EXTRA_KANIKO_ARGS]
-#
-
-ABSOLUTE_PATH=$(readlink -f "$1")
-IMAGE_NAME_AND_OR_TAG="$2"
-shift
-shift
-
-if [ -f "${ABSOLUTE_PATH}" ];
-then
-    # First argument is a file.
-    CONTEXT=$(dirname "${ABSOLUTE_PATH}")
-    DOCKERFILE="${ABSOLUTE_PATH}"
-else
-    # Assume first argument is a directory and contains a file 'Dockerfile'.
-    CONTEXT="${ABSOLUTE_PATH}"
-    DOCKERFILE="${ABSOLUTE_PATH}/Dockerfile"
-fi
-
-if echo "${IMAGE_NAME_AND_OR_TAG}" | grep -q ":";
-then
-    # With ":" separator: assume subname and tag
-    DESTINATION="${CI_REGISTRY_IMAGE}/${IMAGE_NAME_AND_OR_TAG}"
-else
-    # Without ":" separator: assume tag only
-    DESTINATION="${CI_REGISTRY_IMAGE}:${IMAGE_NAME_AND_OR_TAG}"
-fi
-
-/kaniko/executor \
-    --context "${CONTEXT}" \
-    --dockerfile "${DOCKERFILE}" \
-    --destination "${DESTINATION}" \
-    "$@"
diff --git a/dockerfiles/docker-builder/entrypoint.sh b/dockerfiles/docker-builder/entrypoint.sh
deleted file mode 100644
index 7b2dba5..0000000
--- a/dockerfiles/docker-builder/entrypoint.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-# Store authentication for the GitLab registry.
-# See https://github.com/GoogleContainerTools/kaniko#pushing-to-different-registries
-# and https://docs.gitlab.com/ee/ci/docker/using_kaniko.html
-AUTH=$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')
-cat << EOF > /kaniko/.docker/config.json
-{
-  "auths": {
-    "${CI_REGISTRY}": {
-      "auth": "${AUTH}"
-    }
-  }
-}
-EOF
-
-# Run whatever the user wants to.
-exec "$@"
-- 
GitLab