apiVersion: tekton.dev/v1beta1 kind: Task metadata: name: build-docker-image namespace: tekton-demo spec: workspaces: - name: docker-config description: Docker registry 인증 정보를 담은 secret params: - name: git-url type: string description: Git repository URL - name: git-revision type: string default: "main" description: Git branch or commit - name: image-url type: string # description: 최종 Docker 이미지 URL (예: harbor.icurfer.com/open/tekton-demo:latest) steps: # 1. Git Clone - name: git-clone image: alpine/git script: | #!/bin/sh set -e echo "==== [INFO] Git 저장소 클론 ====" git clone $(params.git-url) /workspace/source cd /workspace/source git checkout $(params.git-revision) echo "==== [INFO] Git checkout 완료 ====" # 2. Secret 파일 config.json 으로 변환 # - name: prepare-docker-config # image: alpine # script: | # #!/bin/sh # set -e # echo "==== [INFO] Docker config 파일 준비 ====" # ls -al /workspace/docker-config # if [ -f /workspace/docker-config/.dockerconfigjson ]; then # cat /workspace/docker-config/.dockerconfigjson # else # echo "[ERROR] Docker config 파일(.dockerconfigjson) 없음" # fi - name: prepare-docker-config image: stedolan/jq script: | #!/bin/sh set -e echo "==== [INFO] Docker config 파일 준비 ====" ls -al /workspace/docker-config # 임시 쓰기 가능 경로 생성 mkdir -p /workspace/tmp-config if [ -f /workspace/docker-config/.dockerconfigjson ]; then echo "[INFO] dockerconfigjson 내용 읽기" cat /workspace/docker-config/.dockerconfigjson | jq . > /workspace/tmp-config/config.json echo "[INFO] config.json 변환 완료" else echo "[ERROR] Docker config 파일(.dockerconfigjson) 없음" fi # 4. Kaniko Build & Push - name: build-and-push image: gcr.io/kaniko-project/executor:latest volumeMounts: - name: harbor-dockerconfig mountPath: /kaniko/.docker/ readOnly: true # env: # - name: DOCKER_CONFIG # value: /workspace/docker-config args: - --dockerfile=/workspace/source/Dockerfile - --context=/workspace/source - --destination=$(params.image-url) - --insecure volumes: - name: harbor-dockerconfig secret: secretName: harbor-dockerconfig