You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
| `title` | The free-text display name of the step. | Optional |
87
+
| `description` | A basic, free-text description of the step. | Optional |
88
+
| `stage` | Parent group of this step. For more information, see [Stages in pipelines]({{site.baseurl}}/docs/pipelines/stages/). | Optional |
89
89
| `working_directory` | The directory in which the build command is executed. It can be an explicit path in the container's file system, or a variable that references another step. <br>The default is {% raw %} `${{main_clone}}` {% endraw %}. Note that the `working_directory` when defined changes only the Docker build context. It is unrelated to the `WORKDIR` in the Dockerile. | Default |
90
-
| `dockerfile` | The path to the `Dockerfile` from which the image is built. The default is `Dockerfile`.| Default |
91
-
| `image_name` | The name of the image that is built.| Required |
92
-
| `region` | Relevant only for [Amazon ECR]({{site.baseurl}}/docs/integrations/docker-registries/amazon-ec2-container-registry/) integrations using either service accounts or explicit credentials. <br>The names of the regions for which to perform cross-region replication. The names of the source region and the destination region name must be defined in separate steps.| Optional |
93
-
| `role_arn` | Relevant only for [Amazon ECR]({{site.baseurl}}/docs/integrations/docker-registries/amazon-ec2-container-registry/) integrations using either service accounts or explicit credentials. <br>The Amazon Resource Name (ARN) of the IAM role to be assumed to push the built image to the ECR repository, in the format `arn:aws:iam::<cross-account-id>:role/<role-name>`, where:<br>`<account-id>` is the ID of the AWS account where the ECR repository is hosted. <br>`<role-name>` is the specified role with the required permissions within this account to access and manage the ECR repository. | Required|
90
+
| `dockerfile` | The path to the `Dockerfile` from which the image is built. The default is `Dockerfile`. | Default |
91
+
| `image_name` | The name of the image that is built. | Required |
92
+
| `region` | Relevant only for [Amazon ECR]({{site.baseurl}}/docs/integrations/docker-registries/amazon-ec2-container-registry/) integrations using either service accounts or explicit credentials. <br>The names of the regions for which to perform cross-region replication. The names of the source region and the destination region name must be defined in separate steps. | Optional |
93
+
| `role_arn` | Relevant only for [Amazon ECR]({{site.baseurl}}/docs/integrations/docker-registries/amazon-ec2-container-registry/) integrations using either service accounts or explicit credentials. <br>The Amazon Resource Name (ARN) of the IAM role to be assumed to push the built image to the ECR repository, in the format `arn:aws:iam::<cross-account-id>:role/<role-name>`, where:<br>`<account-id>` is the ID of the AWS account where the ECR repository is hosted. <br>`<role-name>` is the specified role with the required permissions within this account to access and manage the ECR repository. | Required |
94
94
| `tag` | The single tag to assign to the built image. To assign multiple tags, use `tags` (see below). <br>The default tag is the name of the branch or revision that is built. | Default |
95
95
| `tags` | Multiple tags to assign to the built image. {::nomarkdown} <br>To assign a single tag, use <code class="highlighter-rouge">tag</code> (see above). <br> This is an array, and should conform to the following syntax:<br><code class="highlighter-rouge">tags:<br>- tag1<br>- tag2<br>- {% raw %}${{CF_BRANCH_TAG_NORMALIZED}}{% endraw %}<br>- tag4</code><br><br>OR<br><code class="highlighter-rouge">tags: [ 'tag1', 'tag2', '{% raw %}${{CF_BRANCH_TAG_NORMALIZED}}'{% endraw %}, 'tag4' ]</code>{:/} |Optional|
96
96
| `cache_from` | The list of cache sources to use as Docker cache when building the image. Every source in the list is passed to the build command using the `--cache-from` flag. See [Docker documentation](https://docs.docker.com/engine/reference/commandline/buildx_build/#cache-from){:target="\_blank"} for more info. | Optional |
@@ -113,7 +113,11 @@ The default behavior of the `build` step is defined a
113
113
| `ssh` | Available when using [Buildkit](#buildkit-support) for ssh keys. See [more info](https://docs.docker.com/engine/reference/commandline/buildx_build/#ssh){:target="\_blank"}| Optional |
114
114
| `secrets` | Available when using [Buildkit](#buildkit-support) for secret mounting. See [more info](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret){:target="\_blank"}| Optional |
115
115
| `platform` | The [target platform or platforms](https://docs.docker.com/build/building/multi-platform/){:target="\_blank"} to which to push the image. For example, `linux/amd64`. To target multiple platforms, separate them with commas, as in `linux/amd64,linux/arm64`. <br>NOTE:To use this property, you must enable `buildx`. | Optional |
116
-
| `buildx` |Build and push Docker images, including multi-platform images, with <a href="https://github.com/docker/buildx" target="_blank">Buildx</a>. Disabled by default. {::nomarkdown}<ul><li>To enable with default configuration, set to <code class="highlighter-rouge">true</code>. You do not have to add any other parameters.</li>When set to <code class="highlighter-rouge">true</code>, caching is disabled.</li><li>To enable with custom configuration, set to an object with custom configuration. With custom configuration, you can configure settings for <code class="highlighter-rouge">qemu</code> and <code class="highlighter-rouge">builder</code>.<ul><li><code class="highlighter-rouge">qemu</code><ul><li><code class="highlighter-rouge">image</code>: The Docker image to use to install the <a href="https://github.com/qemu/qemu" target="_blank">QEMU</a> static binaries. Currently, Codefresh supports the <code class="highlighter-rouge">tonistiigi/binfmt</code> Docker image. <br>By default, installs the binaries from the <code class="highlighter-rouge">tonistiigi/binfmt:latest</code> Docker image. </li><li><code class="highlighter-rouge">platforms</code>: The binaries of platform emulators to install with the Docker image defined for <code class="highlighter-rouge">image</code>. The default value is <code class="highlighter-rouge">all</code>.</li></ul><li><code class="highlighter-rouge">builder</code>: <ul><li><code class="highlighter-rouge">driver</code>: The builder driver to use. By default, uses <code class="highlighter-rouge">docker-container</code> <a href="https://docs.docker.com/build/building/drivers/docker-container" target="_blank">driver</a> to build multi-platform images and export cache using a <a href="https://github.com/moby/buildkitBuildKit" target="_blank">BuildKit</a> container.<li><code class="highlighter-rouge">driver_opts</code>: Additional driver-specific configuration options to customize the driver. For example, <code class="highlighter-rouge">image=moby/buildkit:master</code>.</li></ul></li></ul>{:/} | Optional |
116
+
| `buildx` |Build and push Docker images, including multi-platform images, with <a href="https://github.com/docker/buildx" target="_blank">Buildx</a>. Disabled by default. {::nomarkdown}<ul><li>To enable with default configuration, set to <code class="highlighter-rouge">true</code>. You do not have to add any other parameters.</li>When set to <code class="highlighter-rouge">true</code>, caching is disabled.</li><li>To enable with custom configuration, set to an object with custom configuration. With custom configuration, you can configure settings for <code class="highlighter-rouge">qemu</code> and <code class="highlighter-rouge">builder</code>.<ul><li><code class="highlighter-rouge">qemu</code><ul><li><code class="highlighter-rouge">image</code>: The image to use to install the <a href="https://github.com/qemu/qemu" target="_blank">QEMU</a> static binaries. If not specified, uses the <code class="highlighter-rouge">tonistiigi/binfmt</code> Docker image, and installs the binaries from the <code class="highlighter-rouge">tonistiigi/binfmt:latest</code> Docker image. {:/} <br>To use additional trusted QEMU images, see [Defining trusted QEMU images](#defining-trusted-qemu-images).{::nomarkdown}</li><li><code class="highlighter-rouge">platforms</code>: The binaries of platform emulators to install with the Docker image defined for <code class="highlighter-rouge">image</code>. The default value is <code class="highlighter-rouge">all</code>.</li></ul><li><code class="highlighter-rouge">builder</code>: <ul><li><code class="highlighter-rouge">driver</code>: The builder driver to use. By default, uses <code class="highlighter-rouge">docker-container</code> <a href="https://docs.docker.com/build/building/drivers/docker-container" target="_blank">driver</a> to build multi-platform images and export cache using a <a href="https://github.com/moby/buildkitBuildKit" target="_blank">BuildKit</a> container.<li><code class="highlighter-rouge">driver_opts</code>: Additional driver-specific configuration options to customize the driver. For example, <code class="highlighter-rouge">image=moby/buildkit:master</code>.</li></ul></li></ul>{:/} | Optional |
117
+
118
+
119
+
120
+
117
121
118
122
<!-- markdownlint-enable MD033 -->
119
123
@@ -729,6 +733,30 @@ steps:
729
733
730
734
You can combine all options (`ssh`, <!--- `progress`,--> `secrets`) in a single build step if desired.
731
735
736
+
## Defining trusted QEMU images
737
+
The `build` step supports other QEMU images in addition to the default image.
738
+
To add these images, you must first define them as trusted images in your `values.yaml` file, in `runtime.engine.env.TRUSTED_QEMU_IMAGES`.
739
+
740
+
* Each image must include the full image name.
741
+
* Images from non-Docker Hub repositories must also include the repository name in addition to the image name.
742
+
* Image tags are optional.
743
+
744
+
>**NOTE**
745
+
This functionality is supported from Helm chart version **7.1.6**.
746
+
If the Runtime is already installed, don't forget to run `helm upgrade` to apply the changes to the deployed release.
747
+
748
+
##### Example
749
+
The example below defines two trusted QEMU images, the first from GitHub Container Registry, specifying the repository and image name, and the second from Docker Hub without the `docker.io` prefix.