From 98e136a2918ffd29a2fad8735339294b736c42a6 Mon Sep 17 00:00:00 2001
From: BAK BYEONG JUN <richard.bak@loafle.com>
Date: Sun, 13 Apr 2025 04:56:59 +0000
Subject: [PATCH] init

---
 tasks/docker-registry/task.yaml | 61 ++++++++++++++-------------------
 1 file changed, 25 insertions(+), 36 deletions(-)

diff --git a/tasks/docker-registry/task.yaml b/tasks/docker-registry/task.yaml
index acb0ace..a701476 100644
--- a/tasks/docker-registry/task.yaml
+++ b/tasks/docker-registry/task.yaml
@@ -26,14 +26,16 @@ spec:
       description: Build context path (relative to subdirectory)
       type: string
       default: .
-    - name: PYPI_USERNAME
-      description: Build context path (relative to subdirectory)
+
+    - name: pypiUsername
+      description: PyPI username
       type: string
-      default: "gitops-bot"
-    - name: PYPI_PASSWORD
-      description: Build context path (relative to subdirectory)
+      default: ""
+
+    - name: pypiPassword
+      description: PyPI password
       type: string
-      default: "qwer5795QWER"
+      default: ""
 
   workspaces:
     - name: source
@@ -42,14 +44,9 @@ spec:
     - name: docker-auth
       description: Docker registry credentials (username + password)
 
-    - name: pypi-auth
-      description: PyPI credentials (username + password)
-
   results:
     - name: imageUrl
       description: Final pushed image URL with tag (e.g. registry/app:v0.2.0)
-    - name: PYPI_USERNAME
-    - name: PYPI_PASSWORD
 
   steps:
     - name: write-docker-config
@@ -85,29 +82,21 @@ spec:
         EOF
 
     - name: kaniko-build
-      image: docker.unbox-x.net/registry/tools/kaniko:v1.23.2-r1
+      image: gcr.io/kaniko-project/executor:v1.23.2
       workingDir: /workspace/source
-      script: |
-        #!/bin/bash
-        set -e
-
-        if [[ -n "$(params.subdirectory)" ]]; then
-          cd "$(params.subdirectory)"
-        fi
-
-        PYPI_USERNAME=$(cat /workspace/pypi-auth/username)
-        PYPI_PASSWORD=$(cat /workspace/pypi-auth/password)
-
-        /kaniko/executor \
-          --dockerfile=$(params.dockerfile) \
-          --context=$(params.context) \
-          --destination=$(params.imageName):$(params.tag) \
-          --skip-tls-verify \
-          --verbosity=info \
-          --reproducible \
-          --build-arg PYPI_USERNAME=$PYPI_USERNAME \
-          --build-arg PYPI_PASSWORD=$PYPI_PASSWORD
-
-        # 🔒 보안: 메모리에서 민감 정보 제거
-        unset PYPI_USERNAME
-        unset PYPI_PASSWORD
\ No newline at end of file
+      env:
+        - name: DOCKER_CONFIG
+          value: /tekton/home/.docker
+      command:
+        - /kaniko/executor
+      args:
+        - --dockerfile=$(params.subdirectory)/$(params.dockerfile)
+        - --context=$(params.subdirectory)/$(params.context)
+        - --destination=$(params.imageName):$(params.tag)
+        - --skip-tls-verify
+        - --verbosity=info
+        - --reproducible
+        - --build-arg
+        - PYPI_USERNAME=$(params.pypiUsername)
+        - --build-arg
+        - PYPI_PASSWORD=$(params.pypiPassword)
\ No newline at end of file