diff --git a/tasks/docker-registry/task.yaml b/tasks/docker-registry/task.yaml index 5f1e7f2..51b88dc 100644 --- a/tasks/docker-registry/task.yaml +++ b/tasks/docker-registry/task.yaml @@ -84,36 +84,30 @@ spec: } EOF - - name: prepare-build-args - image: alpine + - name: kaniko-build + image: docker.unbox-x.net/registry/tools/kaniko:v1.23.2 workingDir: /workspace/source script: | - #!/bin/sh + #!/bin/bash set -e - if [ -n "$(params.subdirectory)" ]; then + if [[ -n "$(params.subdirectory)" ]]; then cd "$(params.subdirectory)" fi - cat $(workspaces.pypi-auth.path)/username > $(results.PYPI_USERNAME.path) - cat $(workspaces.pypi-auth.path)/password > $(results.PYPI_PASSWORD.path) + PYPI_USERNAME=$(cat /workspace/pypi-auth/username) + PYPI_PASSWORD=$(cat /workspace/pypi-auth/password) - - name: kaniko-build - image: bitnami/kaniko:1.23.2 - workingDir: /workspace/source - env: - - name: DOCKER_CONFIG - value: /tekton/home/.docker - command: - - /kaniko/executor - args: - - --dockerfile=$(params.subdirectory)/$(params.dockerfile) - - --context=$(params.subdirectory)/$(params.context) - - --destination=$(params.imageName):$(params.tag) - - --skip-tls-verify - - --reproducible - - --verbosity=info - - --build-arg - - PYPI_USERNAME=$(params.PYPI_USERNAME) - - --build-arg - - PYPI_PASSWORD=$(params.PYPI_PASSWORD) + /kaniko/executor \ + --dockerfile=$(params.dockerfile) \ + --context=$(params.context) \ + --destination=$(params.imageName):$(params.tag) \ + --skip-tls-verify \ + --verbosity=info \ + --reproducible \ + --build-arg PYPI_USERNAME=$PYPI_USERNAME \ + --build-arg PYPI_PASSWORD=$PYPI_PASSWORD + + # 🔒 보안: 메모리에서 민감 정보 제거 + unset PYPI_USERNAME + unset PYPI_PASSWORD \ No newline at end of file