init

tasks/docker-registry/task.yaml

@@ -84,36 +84,30 @@ spec:
         }
         EOF
 
-    - name: prepare-build-args
+    - name: kaniko-build
-      image: alpine
+      image: docker.unbox-x.net/registry/tools/kaniko:v1.23.2
       workingDir: /workspace/source
       script: |
-        #!/bin/sh
+        #!/bin/bash
         set -e
 
-        if [ -n "$(params.subdirectory)" ]; then
+        if [[ -n "$(params.subdirectory)" ]]; then
           cd "$(params.subdirectory)"
         fi
 
-        cat $(workspaces.pypi-auth.path)/username > $(results.PYPI_USERNAME.path)
+        PYPI_USERNAME=$(cat /workspace/pypi-auth/username)
-        cat $(workspaces.pypi-auth.path)/password > $(results.PYPI_PASSWORD.path)
+        PYPI_PASSWORD=$(cat /workspace/pypi-auth/password)
 
-    - name: kaniko-build
+        /kaniko/executor \
-      image: bitnami/kaniko:1.23.2
+          --dockerfile=$(params.dockerfile) \
-      workingDir: /workspace/source
+          --context=$(params.context) \
-      env:
+          --destination=$(params.imageName):$(params.tag) \
-        - name: DOCKER_CONFIG
+          --skip-tls-verify \
-          value: /tekton/home/.docker
+          --verbosity=info \
-      command:
+          --reproducible \
-        - /kaniko/executor
+          --build-arg PYPI_USERNAME=$PYPI_USERNAME \
-      args:
+          --build-arg PYPI_PASSWORD=$PYPI_PASSWORD
-        - --dockerfile=$(params.subdirectory)/$(params.dockerfile)
+
-        - --context=$(params.subdirectory)/$(params.context)
+        # 🔒 보안: 메모리에서 민감 정보 제거
-        - --destination=$(params.imageName):$(params.tag)
+        unset PYPI_USERNAME
-        - --skip-tls-verify
+        unset PYPI_PASSWORD
-        - --reproducible
-        - --verbosity=info
-        - --build-arg
-        - PYPI_USERNAME=$(params.PYPI_USERNAME)
-        - --build-arg
-        - PYPI_PASSWORD=$(params.PYPI_PASSWORD)