Image Builder require only used env variables

[dekiel]

Description

Image Builder support few options like triggering oci-image-buider, parsing tags or signing images. Each command should require only environment variables that are used.

Example of image-builder --sign-only usage. This command should not require REPO_NAME, REPO_OWNER, PULL_NUMBER, PULL_BASE_SHA variabels. Even variable JOB_TYPE can be removed and pipeline condition used to decide if signing should happen or not.

      - task: Docker@2
        name: sign_images
        inputs:
          command: run
          arguments: >
            --env REPO_NAME=${{ parameters.RepoName }}
            --env REPO_OWNER=${{ parameters.RepoOwner }}
            --env PULL_NUMBER=${{ parameters.PullNumber }}
            --env PULL_BASE_SHA=${{ parameters.PullBaseSHA }}
            --env PULL_PULL_SHA=${{ parameters.PullPullSHA }}
            --env CI=true
            --env CI_SYSTEM="AzureDevOps"
            --env BUILD_BUILDID=$(Build.BuildId)
            --env JOB_TYPE=${{ parameters.JobType }}
            --mount type=bind,src=$(System.DefaultWorkingDirectory)/kaniko-build-config.yaml,dst=/kaniko-build-config.yaml
            --mount type=bind,src=$(System.DefaultWorkingDirectory)/signify-prod-secret.yaml,dst=/secret-prod/secret.yaml
            $(image-builder.image)
            --sign-only
            --name=${{ parameters.Name }}
            --context=${{ parameters.Context }}
            --dockerfile=${{ parameters.Dockerfile }}
            $(imagesToSign)
            --config=/kaniko-build-config.yaml

Reasons

Requiring environment variables which are not used might confuse users and rises complexity.

Acceptance Criteria

• [ ] Image Builder commands require only environment variables that are really used