From 516d6aae5a747875bbf0cffc8722094dd036f852 Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Wed, 15 Apr 2026 14:17:43 +0200 Subject: [PATCH 1/6] feat: add insecure registries configuration for buildpacks buildstrategy This is similar to what the buildah and source-to-image BuildStragegy provide. Signed-off-by: Samuel Gaist --- .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 5 +++++ .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 5 +++++ .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 5 +++++ .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 5 +++++ .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 5 +++++ .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 5 +++++ .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 5 +++++ .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 5 +++++ 8 files changed, 40 insertions(+) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index a6f9165852..bd32e10f0e 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -17,6 +17,9 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" buildSteps: - name: build-and-push image: heroku/builder:22 @@ -27,6 +30,8 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 22b1800339..6010b0b8e7 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -17,6 +17,9 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" buildSteps: - name: build-and-push image: heroku/builder:22 @@ -27,6 +30,8 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index ca67cc1bfa..a4a55c620d 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -11,12 +11,17 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 91081f8cca..33306d5434 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -11,12 +11,17 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index c0c39cb502..3e197b380e 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -17,6 +17,9 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" steps: - name: build-and-push image: heroku/builder:22 @@ -27,6 +30,8 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 249c071fa4..ea80fd3757 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -17,6 +17,9 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" steps: - name: build-and-push image: heroku/builder:22 @@ -27,6 +30,8 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index d6d9fd6649..5a28adbd11 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -11,12 +11,17 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" steps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 2374f8a135..b05305ba7a 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -11,12 +11,17 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" steps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE From c963c336c57f56ff9079f114884a78ffa1ef8e3e Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Fri, 17 Apr 2026 21:16:50 +0200 Subject: [PATCH 2/6] chore(buildpacks): document insecure-registries properly Signed-off-by: Samuel Gaist --- .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index bd32e10f0e..c9fb102ffd 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -18,7 +18,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" buildSteps: - name: build-and-push diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 6010b0b8e7..4545ff9400 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -18,7 +18,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" buildSteps: - name: build-and-push diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index a4a55c620d..37e006b34d 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -12,7 +12,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" buildSteps: - name: build-and-push diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 33306d5434..b1d43f22da 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -12,7 +12,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" buildSteps: - name: build-and-push diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index 3e197b380e..a842379ee7 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -18,7 +18,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" steps: - name: build-and-push diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index ea80fd3757..f7dff891e2 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -18,7 +18,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" steps: - name: build-and-push diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 5a28adbd11..27815cf145 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -12,7 +12,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" steps: - name: build-and-push diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index b05305ba7a..48c4ec000a 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -12,7 +12,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" steps: - name: build-and-push From 2e189c37972bcc123bc300813c24639b643a02a4 Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Fri, 17 Apr 2026 21:18:29 +0200 Subject: [PATCH 3/6] chore(buildpacks): raise minimal API to 0.13 This is required to have the insecure registries support. Signed-off-by: Samuel Gaist --- .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index c9fb102ffd..9343b3f954 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -16,7 +16,7 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 4545ff9400..eef2eb49d4 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -16,7 +16,7 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 37e006b34d..12b32fe4f4 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -10,7 +10,7 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index b1d43f22da..cb6cc8e274 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -10,7 +10,7 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index a842379ee7..158446717d 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -16,7 +16,7 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index f7dff891e2..e38809a185 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -16,7 +16,7 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 27815cf145..9d6fc826c7 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -10,7 +10,7 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 48c4ec000a..0dcdf005f4 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -10,7 +10,7 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" From 317880e6ad9d29dba92251edaf0d133cc7f78068 Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Fri, 1 May 2026 13:24:42 +0200 Subject: [PATCH 4/6] refactor: turn insecure-registries into a list Move the handling logic into the script part. This allows users users to use a list in their Build/BuildRun and also matches other implementations. Signed-off-by: Samuel Gaist --- ...buildstrategy_buildpacks-v3-heroku_cr.yaml | 33 ++++++++++++++++--- ...gy_buildpacks-v3-heroku_namespaced_cr.yaml | 33 ++++++++++++++++--- .../buildstrategy_buildpacks-v3_cr.yaml | 33 ++++++++++++++++--- ...dstrategy_buildpacks-v3_namespaced_cr.yaml | 33 ++++++++++++++++--- 4 files changed, 116 insertions(+), 16 deletions(-) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index 9343b3f954..23a4e952d6 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -18,8 +18,9 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: heroku/builder:22 @@ -30,8 +31,6 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE @@ -41,6 +40,29 @@ spec: args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES=$insecureRegistries + fi + set -euo pipefail echo "> Processing environment variables..." @@ -100,6 +122,9 @@ spec: # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index eef2eb49d4..46a23c26f7 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -18,8 +18,9 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: heroku/builder:22 @@ -30,8 +31,6 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE @@ -41,6 +40,29 @@ spec: args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES=$insecureRegistries + fi + set -euo pipefail echo "> Processing environment variables..." @@ -100,6 +122,9 @@ spec: # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 12b32fe4f4..83d4d00db0 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -12,16 +12,15 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE @@ -31,6 +30,29 @@ spec: args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES=$insecureRegistries + fi + set -euo pipefail echo "> Processing environment variables..." @@ -90,6 +112,9 @@ spec: # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index cb6cc8e274..e4a8eb60bb 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -12,16 +12,15 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE @@ -31,6 +30,29 @@ spec: args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES=$insecureRegistries + fi + set -euo pipefail echo "> Processing environment variables..." @@ -90,6 +112,9 @@ spec: # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env From 71d9dd9033e6a125ed025ac76170b25e8c2ca89f Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Fri, 1 May 2026 14:03:38 +0200 Subject: [PATCH 5/6] feat: only parse insecure registries if shp-output-insecure is true Signed-off-by: Samuel Gaist --- ...buildstrategy_buildpacks-v3-heroku_cr.yaml | 30 +++++++++++-------- ...gy_buildpacks-v3-heroku_namespaced_cr.yaml | 30 +++++++++++-------- .../buildstrategy_buildpacks-v3_cr.yaml | 30 +++++++++++-------- ...dstrategy_buildpacks-v3_namespaced_cr.yaml | 30 +++++++++++-------- 4 files changed, 68 insertions(+), 52 deletions(-) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index 23a4e952d6..ff3b7e936a 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -35,6 +35,8 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: @@ -43,19 +45,21 @@ spec: insecureRegistries="" inInsecureRegistries=false - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 46a23c26f7..e5d4eb2358 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -35,6 +35,8 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: @@ -43,19 +45,21 @@ spec: insecureRegistries="" inInsecureRegistries=false - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 83d4d00db0..9901dcf6e0 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -25,6 +25,8 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: @@ -33,19 +35,21 @@ spec: insecureRegistries="" inInsecureRegistries=false - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index e4a8eb60bb..2d35274630 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -25,6 +25,8 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: @@ -33,19 +35,21 @@ spec: insecureRegistries="" inInsecureRegistries=false - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" From 48bc810f9621da1829a1b562185e46597f41c6f1 Mon Sep 17 00:00:00 2001 From: Sascha Schwarze Date: Sun, 17 May 2026 14:08:55 +0200 Subject: [PATCH 6/6] Consistently make insecure-registries an array. Honor output-insecure as desired. Assisted by: GitHub Copilot/Claude Opus 4.7 Signed-off-by: Sascha Schwarze --- ...buildstrategy_buildpacks-v3-heroku_cr.yaml | 43 +++++++++------- ...gy_buildpacks-v3-heroku_namespaced_cr.yaml | 45 ++++++++++------- .../buildstrategy_buildpacks-v3_cr.yaml | 47 +++++++++-------- ...dstrategy_buildpacks-v3_namespaced_cr.yaml | 47 +++++++++-------- ...buildstrategy_buildpacks-v3-heroku_cr.yaml | 46 +++++++++++++++-- ...gy_buildpacks-v3-heroku_namespaced_cr.yaml | 48 +++++++++++++++--- .../buildstrategy_buildpacks-v3_cr.yaml | 50 ++++++++++++++++--- ...dstrategy_buildpacks-v3_namespaced_cr.yaml | 44 ++++++++++++++-- 8 files changed, 271 insertions(+), 99 deletions(-) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index ff3b7e936a..923ac7694b 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -45,26 +45,33 @@ spec: insecureRegistries="" inInsecureRegistries=false + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" - export CNB_INSECURE_REGISTRIES=$insecureRegistries + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" fi set -euo pipefail @@ -119,16 +126,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" - - -- - - --insecure-registries - - $(params.insecure-registries[*]) + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index e5d4eb2358..421f251b41 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -45,26 +45,33 @@ spec: insecureRegistries="" inInsecureRegistries=false + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" - export CNB_INSECURE_REGISTRIES=$insecureRegistries + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" fi set -euo pipefail @@ -103,7 +110,7 @@ spec: mkdir -p "$CACHE_DIR" "$LAYERS_DIR" function announce_phase { - printf "===> %s\n" "$1" + printf "===> %s\n" "$1" } announce_phase "ANALYZING" @@ -119,16 +126,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" - - -- - - --insecure-registries - - $(params.insecure-registries[*]) + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 9901dcf6e0..09a592a35c 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -18,7 +18,7 @@ spec: buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest - env: + env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - name: PARAM_SOURCE_CONTEXT @@ -35,26 +35,33 @@ spec: insecureRegistries="" inInsecureRegistries=false + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" - export CNB_INSECURE_REGISTRIES=$insecureRegistries + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" fi set -euo pipefail @@ -93,7 +100,7 @@ spec: mkdir -p "$CACHE_DIR" "$LAYERS_DIR" function announce_phase { - printf "===> %s\n" "$1" + printf "===> %s\n" "$1" } announce_phase "ANALYZING" @@ -109,16 +116,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" - - -- - - --insecure-registries - - $(params.insecure-registries[*]) + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 2d35274630..e2e2c070c5 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -18,7 +18,7 @@ spec: buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest - env: + env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - name: PARAM_SOURCE_CONTEXT @@ -35,26 +35,33 @@ spec: insecureRegistries="" inInsecureRegistries=false + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" - export CNB_INSECURE_REGISTRIES=$insecureRegistries + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" fi set -euo pipefail @@ -93,7 +100,7 @@ spec: mkdir -p "$CACHE_DIR" "$LAYERS_DIR" function announce_phase { - printf "===> %s\n" "$1" + printf "===> %s\n" "$1" } announce_phase "ANALYZING" @@ -109,16 +116,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" - - -- - - --insecure-registries - - $(params.insecure-registries[*]) + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index 158446717d..d50ec8a946 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -18,8 +18,9 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] steps: - name: build-and-push image: heroku/builder:22 @@ -30,17 +31,49 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -93,13 +126,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index e38809a185..4e5228ea97 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -18,8 +18,9 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] steps: - name: build-and-push image: heroku/builder:22 @@ -30,17 +31,49 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -77,7 +110,7 @@ spec: mkdir -p "$CACHE_DIR" "$LAYERS_DIR" function announce_phase { - printf "===> %s\n" "$1" + printf "===> %s\n" "$1" } announce_phase "ANALYZING" @@ -93,13 +126,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 9d6fc826c7..4b4c8bc88a 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -12,25 +12,58 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] steps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest - env: + env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -67,7 +100,7 @@ spec: mkdir -p "$CACHE_DIR" "$LAYERS_DIR" function announce_phase { - printf "===> %s\n" "$1" + printf "===> %s\n" "$1" } announce_phase "ANALYZING" @@ -83,13 +116,16 @@ spec: /cnb/lifecycle/builder -app="${PARAM_SOURCE_CONTEXT}" -layers="$LAYERS_DIR" exporter_args=( -layers="$LAYERS_DIR" -report=/tmp/report.toml -cache-dir="$CACHE_DIR" -app="${PARAM_SOURCE_CONTEXT}") - grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) + grep -q "buildpack-default-process-type" "$LAYERS_DIR/config/metadata.toml" || exporter_args+=( -process-type web ) announce_phase "EXPORTING" /cnb/lifecycle/exporter "${exporter_args[@]}" "${PARAM_OUTPUT_IMAGE}" # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 0dcdf005f4..6c8d76353a 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -12,25 +12,58 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] steps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + outputImageHost="${PARAM_OUTPUT_IMAGE%%/*}" + if [[ "${outputImageHost}" == "${PARAM_OUTPUT_IMAGE}" || ( "${outputImageHost}" != *.* && "${outputImageHost}" != *:* && "${outputImageHost}" != "localhost" ) ]]; then + echo "> Output image '${PARAM_OUTPUT_IMAGE}' has no explicit registry host; not adding to insecure registries." + else + insecureRegistries="${insecureRegistries}${outputImageHost}," + fi + fi + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES="${insecureRegistries}" + fi + set -euo pipefail echo "> Processing environment variables..." @@ -90,6 +123,9 @@ spec: # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env