- Istio, for WASM support
- Knative, for image digest resolution
- Tekton, for image entrypoint lookup and digest resolution
- Kuberentes release management, to validate built images
- Buildpacks, to push and manage image layers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cosmetic change: ko build | |
- aligns with go build, pack build, docker build | |
- ko publish will keep working forever | |
KOCACHE | |
- ko will cache recently built binaries in $KOCACHE, if set, along with some metadata that can avoid rebuilds and layer pushes when code hasn't changed. | |
- no-op build takes 3s | |
Improved SBOMs | |
- ko build automatically uploads SBOMs in SPDX format |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
defaultBaseImage: gcr.io/imjasonh/combined |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
for l in $(git grep -in fuclio); do | |
fn=$(echo $l | cut -d: -f1) | |
ln=$(echo $l | cut -d: -f2) | |
echo "::error file=$fn,line=$ln::Typo: Fulcio" | |
done | |
if [[ ! -z $l ]]; then | |
echo "found a fuclio" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This Task runs a `docker build` on a specified node architecture. | |
# TODO: | |
# - mount source incl Dockerfile | |
# - mount a Docker daemon | |
apiVersion: tekton.dev/v1beta1 | |
kind: Task | |
metadata: | |
name: build | |
spec: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generate a keypair | |
$ cosign generate-key-pair | |
Enter password for private key: | |
Enter again: | |
Private key written to cosign.key | |
Public key written to cosign.pub | |
# Use it to sign an image | |
$ cosign sign -key=cosign.key gcr.io/imjasonh/ubuntu | |
Enter password for private key: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ go run ./ deps $IMAGE --spdx | |
SPDXVersion: SPDX-2.2 | |
DataLicense: CC0-1.0 | |
SPDXID: SPDXRef-DOCUMENT | |
DocumentName: github.com/google/ko | |
DocumentNamespace: http://spdx.org/spdxpackages/github.com/google/ko-999a6226-9c5c-4f6d-a09f-2bb7dde5dab3 | |
Creator: Tool: ko (devel) | |
Created: 2021-09-28T16:00:41Z |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// +build e2e,windows_e2e | |
/* | |
Copyright 2021 The Tekton Authors | |
Licensed under the Apache License, Version 2.0 (the "License"); | |
you may not use this file except in compliance with the License. | |
You may obtain a copy of the License at | |
http://www.apache.org/licenses/LICENSE-2.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"encoding/json" | |
"fmt" | |
"log" | |
"os" | |
"github.com/google/go-containerregistry/pkg/authn" | |
"github.com/google/go-containerregistry/pkg/name" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
docker run --rm $( | |
go run ./cmd/crane mutate $( | |
go run ./cmd/crane/ append -b busybox -f <(tar -f - -c hello.sh) -t gcr.io/kontaindotme/appended \ | |
) --entrypoint=/hello.sh --new_ref=gcr.io/kontaindotme/mutated \ | |
) | |
2021/04/16 10:44:33 No matching credentials were found for "index.docker.io/library/busybox", falling back on anonymous | |
2021/04/16 10:44:35 existing blob: sha256:f531cdc67389c92deac44e019e7a1b6fba90d1aaa58ae3e8192f0e0eed747152 | |
2021/04/16 10:44:37 pushed blob: sha256:078105f9432ce9585d7f6b76a2bd0aed14b1bae9dec29ed679a6b5576cb89664 | |
2021/04/16 10:44:37 existing blob: sha256:d6a3237b5852e9da63a291612928da68d814897550b15e9e0ca77934a8672792 | |
2021/04/16 10:44:38 gcr.io/kontaindotme/appended: digest: sha256:a58979bf3493cbc9acea0541190c5621853bc57b4683970d847ba23ab3b660e4 size: 586 |