From 0ad9f06a5b2ca0fbdc6c2d583933e77a2a357869 Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Wed, 15 Apr 2026 14:17:43 +0200 Subject: [PATCH 1/5] feat: add insecure registries configuration for buildpacks buildstrategy This is similar to what the buildah and source-to-image BuildStragegy provide. Signed-off-by: Samuel Gaist --- .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 5 +++++ .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 5 +++++ .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 5 +++++ .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 5 +++++ .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 5 +++++ .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 5 +++++ .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 5 +++++ .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 5 +++++ 8 files changed, 40 insertions(+) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index a6f9165852..bd32e10f0e 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -17,6 +17,9 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" buildSteps: - name: build-and-push image: heroku/builder:22 @@ -27,6 +30,8 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 22b1800339..6010b0b8e7 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -17,6 +17,9 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" buildSteps: - name: build-and-push image: heroku/builder:22 @@ -27,6 +30,8 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index ca67cc1bfa..a4a55c620d 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -11,12 +11,17 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 91081f8cca..33306d5434 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -11,12 +11,17 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index c0c39cb502..3e197b380e 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -17,6 +17,9 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" steps: - name: build-and-push image: heroku/builder:22 @@ -27,6 +30,8 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 249c071fa4..ea80fd3757 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -17,6 +17,9 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" steps: - name: build-and-push image: heroku/builder:22 @@ -27,6 +30,8 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index d6d9fd6649..5a28adbd11 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -11,12 +11,17 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" steps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 2374f8a135..b05305ba7a 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -11,12 +11,17 @@ spec: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" + - name: insecure-registries + description: Registries to consider insecure (http or self-signed certificate). + default: "" steps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) + - name: CNB_INSECURE_REGISTRIES + value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE From 4e776b6cd54e756db3cfaab28ad49551a5652db2 Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Fri, 17 Apr 2026 21:16:50 +0200 Subject: [PATCH 2/5] chore(buildpacks): document insecure-registries properly Signed-off-by: Samuel Gaist --- .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index bd32e10f0e..c9fb102ffd 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -18,7 +18,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" buildSteps: - name: build-and-push diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 6010b0b8e7..4545ff9400 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -18,7 +18,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" buildSteps: - name: build-and-push diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index a4a55c620d..37e006b34d 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -12,7 +12,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" buildSteps: - name: build-and-push diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 33306d5434..b1d43f22da 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -12,7 +12,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" buildSteps: - name: build-and-push diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index 3e197b380e..a842379ee7 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -18,7 +18,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" steps: - name: build-and-push diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index ea80fd3757..f7dff891e2 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -18,7 +18,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" steps: - name: build-and-push diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 5a28adbd11..27815cf145 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -12,7 +12,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" steps: - name: build-and-push diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index b05305ba7a..48c4ec000a 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -12,7 +12,7 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.12" - name: insecure-registries - description: Registries to consider insecure (http or self-signed certificate). + description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" steps: - name: build-and-push From f90dda6a7725da496c92dab9614d1695bf84197d Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Fri, 17 Apr 2026 21:18:29 +0200 Subject: [PATCH 3/5] chore(buildpacks): raise minimal API to 0.13 This is required to have the insecure registries support. Signed-off-by: Samuel Gaist --- .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml | 2 +- .../buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml | 2 +- .../buildstrategy_buildpacks-v3_namespaced_cr.yaml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index c9fb102ffd..9343b3f954 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -16,7 +16,7 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 4545ff9400..eef2eb49d4 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -16,7 +16,7 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 37e006b34d..12b32fe4f4 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -10,7 +10,7 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index b1d43f22da..cb6cc8e274 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -10,7 +10,7 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index a842379ee7..158446717d 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -16,7 +16,7 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index f7dff891e2..e38809a185 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -16,7 +16,7 @@ spec: default: "x86_64" - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 27815cf145..9d6fc826c7 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -10,7 +10,7 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" diff --git a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index 48c4ec000a..0dcdf005f4 100644 --- a/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1beta1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -10,7 +10,7 @@ spec: parameters: - name: platform-api-version description: The referenced version is the minimum version that all relevant buildpack implementations support. - default: "0.12" + default: "0.13" - name: insecure-registries description: Comma separated list of registries to consider insecure (http or self-signed certificate). default: "" From 2976db7ab6cfa0bbed345c40c13686f2dbe14737 Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Fri, 1 May 2026 13:24:42 +0200 Subject: [PATCH 4/5] refactor: turn insecure-registries into a list Move the handling logic into the script part. This allows users users to use a list in their Build/BuildRun and also matches other implementations. Signed-off-by: Samuel Gaist --- ...buildstrategy_buildpacks-v3-heroku_cr.yaml | 33 ++++++++++++++++--- ...gy_buildpacks-v3-heroku_namespaced_cr.yaml | 33 ++++++++++++++++--- .../buildstrategy_buildpacks-v3_cr.yaml | 33 ++++++++++++++++--- ...dstrategy_buildpacks-v3_namespaced_cr.yaml | 33 ++++++++++++++++--- 4 files changed, 116 insertions(+), 16 deletions(-) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index 9343b3f954..23a4e952d6 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -18,8 +18,9 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: heroku/builder:22 @@ -30,8 +31,6 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE @@ -41,6 +40,29 @@ spec: args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES=$insecureRegistries + fi + set -euo pipefail echo "> Processing environment variables..." @@ -100,6 +122,9 @@ spec: # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index eef2eb49d4..46a23c26f7 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -18,8 +18,9 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: heroku/builder:22 @@ -30,8 +31,6 @@ spec: value: $(params.system-architecture) - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE @@ -41,6 +40,29 @@ spec: args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES=$insecureRegistries + fi + set -euo pipefail echo "> Processing environment variables..." @@ -100,6 +122,9 @@ spec: # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 12b32fe4f4..83d4d00db0 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -12,16 +12,15 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE @@ -31,6 +30,29 @@ spec: args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES=$insecureRegistries + fi + set -euo pipefail echo "> Processing environment variables..." @@ -90,6 +112,9 @@ spec: # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index cb6cc8e274..e4a8eb60bb 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -12,16 +12,15 @@ spec: description: The referenced version is the minimum version that all relevant buildpack implementations support. default: "0.13" - name: insecure-registries - description: Comma separated list of registries to consider insecure (http or self-signed certificate). - default: "" + description: List of registries to consider insecure (http or self-signed certificate). + type: array + defaults: [] buildSteps: - name: build-and-push image: docker.io/paketobuildpacks/builder-jammy-full:latest env: - name: CNB_PLATFORM_API value: $(params.platform-api-version) - - name: CNB_INSECURE_REGISTRIES - value: $(params.insecure-registries) - name: PARAM_SOURCE_CONTEXT value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE @@ -31,6 +30,29 @@ spec: args: - -c - | + insecureRegistries="" + inInsecureRegistries=false + + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + + if [[ ! -z "$insecureRegistries" ]]; then + echo "> Using insecure registries: $insecureRegistries" + + export CNB_INSECURE_REGISTRIES=$insecureRegistries + fi + set -euo pipefail echo "> Processing environment variables..." @@ -90,6 +112,9 @@ spec: # Store the image digest grep digest /tmp/report.toml | tail -n 1 | tr -d ' \"\n' | sed s/digest=// > "$(results.shp-image-digest.path)" + - -- + - --insecure-registries + - $(params.insecure-registries[*]) volumeMounts: - mountPath: /platform/env name: platform-env From b49deb7a5ef21615f7fe29b2765f7d012edb6452 Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Fri, 1 May 2026 14:03:38 +0200 Subject: [PATCH 5/5] feat: only parse insecure registries if shp-output-insecure is true Signed-off-by: Samuel Gaist --- ...buildstrategy_buildpacks-v3-heroku_cr.yaml | 30 +++++++++++-------- ...gy_buildpacks-v3-heroku_namespaced_cr.yaml | 30 +++++++++++-------- .../buildstrategy_buildpacks-v3_cr.yaml | 30 +++++++++++-------- ...dstrategy_buildpacks-v3_namespaced_cr.yaml | 30 +++++++++++-------- 4 files changed, 68 insertions(+), 52 deletions(-) diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml index 23a4e952d6..ff3b7e936a 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_cr.yaml @@ -35,6 +35,8 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: @@ -43,19 +45,21 @@ spec: insecureRegistries="" inInsecureRegistries=false - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml index 46a23c26f7..e5d4eb2358 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3-heroku_namespaced_cr.yaml @@ -35,6 +35,8 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: @@ -43,19 +45,21 @@ spec: insecureRegistries="" inInsecureRegistries=false - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml index 83d4d00db0..9901dcf6e0 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_cr.yaml @@ -25,6 +25,8 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: @@ -33,19 +35,21 @@ spec: insecureRegistries="" inInsecureRegistries=false - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries" diff --git a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml index e4a8eb60bb..2d35274630 100644 --- a/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml +++ b/samples/v1alpha1/buildstrategy/buildpacks-v3/buildstrategy_buildpacks-v3_namespaced_cr.yaml @@ -25,6 +25,8 @@ spec: value: $(params.shp-source-context) - name: PARAM_OUTPUT_IMAGE value: $(params.shp-output-image) + - name: PARAM_OUTPUT_INSECURE + value: $(params.shp-output-insecure) command: - /bin/bash args: @@ -33,19 +35,21 @@ spec: insecureRegistries="" inInsecureRegistries=false - while [[ $# -gt 0 ]]; do - arg="$1" - shift - - if [ "${arg}" == "--insecure-registries" ]; then - inInsecureRegistries=true - elif [ "${inInsecureRegistries}" == "true" ]; then - insecureRegistries="${insecureRegistries}${arg}," - else - echo "Invalid usage" - exit 1 - fi - done + if [[ "${PARAM_OUTPUT_INSECURE}" == "true" ]]; then + while [[ $# -gt 0 ]]; do + arg="$1" + shift + + if [ "${arg}" == "--insecure-registries" ]; then + inInsecureRegistries=true + elif [ "${inInsecureRegistries}" == "true" ]; then + insecureRegistries="${insecureRegistries}${arg}," + else + echo "Invalid usage" + exit 1 + fi + done + fi if [[ ! -z "$insecureRegistries" ]]; then echo "> Using insecure registries: $insecureRegistries"