diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index a6f9165852..923ac7694b 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -16,7 +16,11 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" + - name: insecure-registries + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: heroku/builder:22 @@ -31,11 +35,45 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -88,13 +126,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 22b1800339..421f251b41 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -16,7 +16,11 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" + - name: insecure-registries + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: heroku/builder:22 @@ -31,11 +35,45 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -72,7 +110,7 @@ spec: mkdir -p "$CACHE_DIR" "$LAYERS_DIR" function announce_phase { - printf "===> %s\n" "$1" + printf "===> %s\n" "$1" } announce_phase "ANALYZING" @@ -88,13 +126,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index ca67cc1bfa..09a592a35c 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -10,22 +10,60 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" + - name: insecure-registries + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest - env: + env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -62,7 +100,7 @@ spec: mkdir -p "$CACHE_DIR" "$LAYERS_DIR" function announce_phase { - printf "===> %s\n" "$1" + printf "===> %s\n" "$1" } announce_phase "ANALYZING" @@ -78,13 +116,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 91081f8cca..e2e2c070c5 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -10,22 +10,60 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" + - name: insecure-registries + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest - env: + env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -62,7 +100,7 @@ spec: mkdir -p "$CACHE_DIR" "$LAYERS_DIR" function announce_phase { - printf "===> %s\n" "$1" + printf "===> %s\n" "$1" } announce_phase "ANALYZING" @@ -78,13 +116,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index c0c39cb502..d50ec8a946 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -16,7 +16,11 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" + - name: insecure-registries + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] steps: - name: build-and-push image: heroku/builder:22 @@ -31,11 +35,45 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -88,13 +126,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 249c071fa4..4e5228ea97 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -16,7 +16,11 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" + - name: insecure-registries + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] steps: - name: build-and-push image: heroku/builder:22 @@ -31,11 +35,45 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -72,7 +110,7 @@ spec: mkdir -p "$CACHE_DIR" "$LAYERS_DIR" function announce_phase { - printf "===> %s\n" "$1" + printf "===> %s\n" "$1" } announce_phase "ANALYZING" @@ -88,13 +126,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index d6d9fd6649..4b4c8bc88a 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -10,22 +10,60 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" + - name: insecure-registries + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] steps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest - env: + env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -62,7 +100,7 @@ spec: mkdir -p "$CACHE_DIR" "$LAYERS_DIR" function announce_phase { - printf "===> %s\n" "$1" + printf "===> %s\n" "$1" } announce_phase "ANALYZING" @@ -78,13 +116,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 2374f8a135..6c8d76353a 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -10,7 +10,11 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" + - name: insecure-registries + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] steps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest @@ -21,11 +25,45 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -85,6 +123,9 @@ spec: # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env