Release v0.7.0 · concourse/oci-build-task

this release adds support for using pre-fetched images in FROM ...! this pattern allows you to version and fetch your base image with Concourse and pass it along to the oci-build task to use directly rather than querying the registry and fetching it at build time (possibly resolving to a different version than the build triggered with).

in your oci-build task config, configure a IMAGE_ARG_* param and corresponding input:

inputs:
- name: golang

params:
  IMAGE_ARG_base_image: golang/image.tar

in your Dockerfile, change the FROM so that it can be passed as a build arg:

ARG base_image=golang
FROM ${base_image}

in your pipeline, add a resource and a get step for fetching the image:

resources:
- name: golang
  type: registry-image
  source: {repository: golang}

jobs:
- name: build
  plan:
  - get: golang
    params: {format: oci}
  - task: build
    # ...

this feature resolves quite a few issues:

#1 - the primary feature request, calling for something analogous to load_base[s] from the docker-image resource.
#2 - configurable CA certs for image fetching in FROM
- please fetch the image using a resource which handles CA certs instead
- we still need to add CA cert support to the registry-image resource: concourse/registry-image-resource#240
#3 & #14 - insecure & authenticated registries in FROM
- you guessed it, just fetch it using a resource instead

how does this work?

it's kinda neat! the oci-build-task just runs a teeny tiny Docker registry on localhost that serves the OCI/docker image tarballs configured as image args, and then it passes addresses like localhost:45431/base_image as build args to the Dockerfile.

side note: if we ever do decide to switch to Kaniko (#46), the pattern will be the same; see concourse/docker-image-resource#190 (comment)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.7.0

how does this work?