init

tasks/docker-registry/task.yaml

@@ -6,47 +6,58 @@ spec:
   params:
     - name: subdirectory
       type: string
-      description: Subdirectory within the repo where the source code is located
       default: ""
+      description: Subdirectory within the repo where the Dockerfile/context reside
 
     - name: imageName
       type: string
-      description: Base image name with registry (e.g. docker.unbox-x.net/registry/unbox-x-aisi-cron-app)
+      description: Full image name (e.g. docker.unbox-x.net/registry/my-app)
 
     - name: tag
       type: string
-      description: Version tag to apply to the image (e.g. v0.2.0)
+      description: Version tag (e.g. v1.0.0)
 
     - name: dockerfile
       type: string
       default: ./Dockerfile
-      description: Path to Dockerfile
+      description: Path to Dockerfile (relative to subdirectory)
 
     - name: context
       type: string
       default: .
-      description: Build context path (relative to subdirectory)
-
-    - name: pypi-username
-      type: string
-      description: PyPI registry username
-
-    - name: pypi-password
-      type: string
-      description: PyPI registry password
+      description: Build context (relative to subdirectory)
 
   workspaces:
     - name: source
       description: Source code workspace
 
     - name: docker-auth
-      description: Docker registry credentials (username + password)
+      description: Docker registry secret (username/password)
+
+    - name: pypi-auth
+      description: PyPI registry secret (username/password)
 
   results:
     - name: imageUrl
-      description: Final pushed image URL with tag (e.g. registry/app:v0.2.0)
+      description: Final pushed image URL with tag
+
+  volumes:
+    - name: env
+      emptyDir: {}
 
   steps:
+    - name: write-pypi-env
+      image: alpine:3.21.3
+      script: |
+        #!/bin/sh
+        set -e
+        mkdir -p /tekton/env
+        echo "PYPI_USERNAME=$(cat /workspace/pypi-auth/username)" > /tekton/env/.env
+        echo "PYPI_PASSWORD=$(cat /workspace/pypi-auth/password)" >> /tekton/env/.env
+      volumeMounts:
+        - name: env
+          mountPath: /tekton/env
+
     - name: write-docker-config
       image: alpine:3.21.3
       workingDir: /workspace/source
@@ -63,10 +74,8 @@ spec:
         PASSWORD=$(cat /workspace/docker-auth/password)
         REGISTRY=$(echo "$IMAGE" | cut -d/ -f1)
 
-        echo "📦 Using image: $IMAGE"
         echo -n "$IMAGE" > /tekton/results/imageUrl
 
-        echo "🔐 Writing Docker config for $REGISTRY..."
         mkdir -p /tekton/home/.docker
         cat > /tekton/home/.docker/config.json <<EOF
         {
@@ -77,19 +86,32 @@ spec:
           }
         }
         EOF
+      volumeMounts:
+        - name: env
+          mountPath: /tekton/env
 
     - name: kaniko-build
       image: gcr.io/kaniko-project/executor:v1.23.2
       workingDir: /workspace/source
+      command: ["/bin/sh"]
+      args:
+        - -c
+        - |
+          set -e
+          . /tekton/env/.env
+
+          /kaniko/executor \
+            --dockerfile=$(params.subdirectory)/$(params.dockerfile) \
+            --context=$(params.subdirectory)/$(params.context) \
+            --destination=$(params.imageName):$(params.tag) \
+            --build-arg=PYPI_USERNAME=$PYPI_USERNAME \
+            --build-arg=PYPI_PASSWORD=$PYPI_PASSWORD \
+            --skip-tls-verify \
+            --reproducible \
+            --verbosity=info
       env:
         - name: DOCKER_CONFIG
           value: /tekton/home/.docker
-      args:
-        - --dockerfile=$(params.subdirectory)/$(params.dockerfile)
-        - --context=$(params.subdirectory)/$(params.context)
-        - --destination=$(params.imageName):$(params.tag)
-        - --skip-tls-verify
-        - --reproducible
-        - --verbosity=info
-        - --build-arg=PYPI_USERNAME=$(params.pypi-username)
-        - --build-arg=PYPI_PASSWORD=$(params.pypi-password)
+      volumeMounts:
+        - name: env
+          mountPath: /tekton/env